From robertof at dmtserv.com  Sat May  1 00:06:23 2010
From: robertof at dmtserv.com (Roberto Fulgado)
Date: Wed May  5 11:39:09 2010
Subject: 'not spam (whitelisted)' in the headers
Message-ID: <4BDB626F.7030009@dmtserv.com>

Le 2010-04-22 11:28, Thomas Lohman a ?crit :
 >> >> Denis
 >> >>
 >> >> That probably was the case so I edited the last line of
 >> >> spam.blacklist.rules file:
 >> >>
 >> >> FromOrTo: default no
 >> >> to
 >> >> FromOrTo: default yes
 >> >>
 >> >> Thank you very much,
 >> >> Roberto
 > >
 > > Roberto, unless I'm missing something on how you're using this file,
 > > if you change the last line to "default yes" then Mailscanner is going
 > > to mark all mail as blacklisted since that is telling it that that is
 > > the default.
 > >
 > > cheers,
 > >
 > >
 > > --tom

 >Tom is probably right! We have:
 >.Fromorto default no
 >in that file.
 >
 >Denis



I already removed that file and made changes to The MailScanner.conf
file not to use blacklist list rule anymore. The only reason why I did
that in the first place was because I was seeing spam getting tagged as
as 'not spam (whitelisted)'.
Still getting some get pass by MailScanner as whitelisted. I really
don't know how. I double check the the sender address and and sender's
domain name in the spam.whitelist.rules, by doing "grep -i domain.com".




-- 
<KnaraKat> DalNet is like the special olympics of IRC.  There's a lot of
            drooling goin' on and everyone is a 'winner'.

-- 
Message clean

From joost at waversveld.nl  Tue May  4 16:55:55 2010
From: joost at waversveld.nl (Joost Waversveld)
Date: Wed May  5 11:43:57 2010
Subject: OT: Julian
In-Reply-To: <EMEW3|8902a58badbf3ed41a9970130ae6c4cbm3LEa50bMailScanner|ecs.soton.ac.uk|4BD050C3.1040600@ecs.soton.ac.uk>
References: <4BBC991D.2000300@tradoc.fr> <4BD050C3.1040600@ecs.soton.ac.uk>
	<EMEW3|8902a58badbf3ed41a9970130ae6c4cbm3LEa50bMailScanner|ecs.soton.ac.uk|4BD050C3.1040600@ecs.soton.ac.uk>
Message-ID: <4BE0438B.5050405@waversveld.nl>

Julian,

First of all, your health is much more important than this. I hope you 
are doing well.

I send you this email because I think the mailing lists of mailscanner 
are offline.

The last message I received are from april 29th. If I try to send an 
message to the list, I see an time out in my mailserver log on 
safir.blacknight.ie. The archives are also offline, see for example 
http://lists.mailscanner.info/mailman/listinfo/mailscanner-announce

Julian, I have to repeat myself, your health is much more important then 
this. All the best for you!

Best regards,

Joost Waversveld



On 22-4-2010 15:36, Julian Field wrote:
> I'm still here folks. Just haven't been around for a long time. Work 
> has been very busy and I'm starting to get a sinking feeling about my 
> health position; something is wrong, just don't know what yet. I need 
> to summon up the courage to go back to the docs and let them start 
> prodding and poking again :-(
>
> Anything important or urgent, send to MailScanner@ecs.soton.ac.uk and 
> I'll try to monitor that as much as I can.
>
> What's all this stuff about ClamAV 0.96? I just upgraded my RHEL4 
> development server to it, did a "service clamd restart" and it's 
> working fine with the latest code. If someone can mail me a short 
> summary of the problem and proposed workarounds, I'll take a look 
> a.s.a.p.
>
> Best regards,
> Jules.
>
> On 07/04/2010 15:39, John Wilcock wrote:
>> I see that Julian hasn't posted to this list since his 10th 
>> anniversary message almost a month ago, nor has he replied to a 
>> couple of recent offlist messages of mine.
>>
>> Has anyone here heard from him recently? I do hope his health 
>> problems haven't reared their ugly head again...
>>
>> John.
>>
>
> Jules
>
From joost at waversveld.nl  Tue May  4 16:39:47 2010
From: joost at waversveld.nl (Joost Waversveld)
Date: Wed May  5 11:43:58 2010
Subject: Test message
Message-ID: <4BE03FC3.3010401@waversveld.nl>

Will this message reach the mailing list?

Sorry for the inconvenienve everybody...

Best regards,

Joost waversveld
From MailScanner at ecs.soton.ac.uk  Wed May  5 12:00:18 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed May  5 12:00:28 2010
Subject: List server was down
References: <4BE14FC2.9010300@ecs.soton.ac.uk>
Message-ID: <EMEW3|6eb8bbf95d64c43803a3fe96b7e50e00m44C0J0bMailScanner|ecs.soton.ac.uk|4BE14FC2.9010300@ecs.soton.ac.uk>

If you've been wondering why things had gone so quiet, the list server 
was unfortunately down for a bit.
Hopefully we won't have lost many posts, they should be still sitting in 
most people's outgoing queues.

Thanks for Blacknight for the speedy response once I raised the issue!

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From zaeem.arshad at gmail.com  Tue May  4 17:44:14 2010
From: zaeem.arshad at gmail.com (Zaeem Arshad)
Date: Wed May  5 12:34:58 2010
Subject: Extracting those last drops of performance
Message-ID: <h2s3e1809421005040944r3a381182rab0b0ea6983e1096@mail.gmail.com>

Hi List,

My MailScanner+Postfix rejects roughly 8 million spam messages a day
on MTA level while around 1.2 million are passed on to MailScanner for
scanning. The system is a dual quad core 2.5 GHz system with 24 GB RAM
today. At times, MailScanner is unable to keep up with the number of
spam messages that escape the MTA checks and are submitted to
MailScanner causing huge delays. I am just wondering if tweaking the
following settings can get me improved performance.

Max Children = 40
Max Unscanned Bytes Per Scan = 100m
Max Unsafe Bytes Per Scan = 50m
Max Unscanned Messages Per Scan = 50
Max Unsafe Messages Per Scan = 50
Max Normal Queue Size = 70000


I am using caching dns, ram disk for processing, clamd, compiled
spamassassin rules and optimized scheduler and filesystems in this
server. Any ideas on how I can tweak the above settings to gain more
MailScanner performance?


Regards

--
Zaeem
From doctor at doctor.nl2k.ab.ca  Tue May  4 07:26:03 2010
From: doctor at doctor.nl2k.ab.ca (The Doctor)
Date: Wed May  5 12:42:58 2010
Subject: MAilScanner and Exim 4.71
Message-ID: <20100504062603.GA19570@doctor.nl2k.ab.ca>

Jules any isues with MailScanner 4.79 or 4.80 and Exim?

I have tried both options and the data for the exim.in spool never
gets passed to the exim spool.

-- 
Member - Liberal International	This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! 
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
UK Time for a Common Sense change vote Liberal Democrat / Alliance 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From prandal at herefordshire.gov.uk  Wed May  5 12:44:37 2010
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Wed May  5 12:44:56 2010
Subject: Extracting those last drops of performance
In-Reply-To: <h2s3e1809421005040944r3a381182rab0b0ea6983e1096@mail.gmail.com>
References: <h2s3e1809421005040944r3a381182rab0b0ea6983e1096@mail.gmail.com>
Message-ID: <76415AED4CCF214F80FD9B0DA9A9EE455DCF13@HC-MBX01.herefordshire.gov.uk>

Does vmstat show any swapping going on?  If so, reduce the number of
children.

You might wish to play with the 

  Max SpamAssassin Size

setting, too.

Cheers,

Phil
--
Phil Randal | Networks Engineer
NHS Herefordshire & Herefordshire Council  | Deputy Chief Executive's
Office | I.C.T. Services Division
Thorn Office Centre, Rotherwas, Hereford, HR2 6JT
Tel: 01432 260160
email: prandal@herefordshire.gov.uk

Any opinion expressed in this e-mail or any attached files are those of
the individual and not necessarily those of Herefordshire Council.

This e-mail and any attached files are confidential and intended solely
for the use of the addressee. This communication may contain material
protected by law from being passed on. If you are not the intended
recipient and have received this e-mail in error, you are advised that
any use, dissemination, forwarding, printing or copying of this e-mail
is strictly prohibited. If you have received this e-mail in error please
contact the sender immediately and destroy all copies of it.
-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Zaeem
Arshad
Sent: 04 May 2010 17:44
To: MailScanner discussion
Subject: Extracting those last drops of performance

Hi List,

My MailScanner+Postfix rejects roughly 8 million spam messages a day on
MTA level while around 1.2 million are passed on to MailScanner for
scanning. The system is a dual quad core 2.5 GHz system with 24 GB RAM
today. At times, MailScanner is unable to keep up with the number of
spam messages that escape the MTA checks and are submitted to
MailScanner causing huge delays. I am just wondering if tweaking the
following settings can get me improved performance.

Max Children = 40
Max Unscanned Bytes Per Scan = 100m
Max Unsafe Bytes Per Scan = 50m
Max Unscanned Messages Per Scan = 50
Max Unsafe Messages Per Scan = 50
Max Normal Queue Size = 70000


I am using caching dns, ram disk for processing, clamd, compiled
spamassassin rules and optimized scheduler and filesystems in this
server. Any ideas on how I can tweak the above settings to gain more
MailScanner performance?


Regards

--
Zaeem
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council.
You should be aware that Herefordshire Council monitors its email service.
This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it.
From steve.freegard at fsl.com  Wed May  5 13:10:48 2010
From: steve.freegard at fsl.com (Steve Freegard)
Date: Wed May  5 13:11:01 2010
Subject: Extracting those last drops of performance
In-Reply-To: <h2s3e1809421005040944r3a381182rab0b0ea6983e1096@mail.gmail.com>
References: <h2s3e1809421005040944r3a381182rab0b0ea6983e1096@mail.gmail.com>
Message-ID: <4BE16048.50301@fsl.com>

On 04/05/10 17:44, Zaeem Arshad wrote:
> I am using caching dns, ram disk for processing, clamd, compiled
> spamassassin rules and optimized scheduler and filesystems in this
> server. Any ideas on how I can tweak the above settings to gain more
> MailScanner performance?

Set 'Log Speed = yes' in MailScanner.conf; then plot the average time 
spent per message.  This is the key metric when tuning; it should be < 
10 seconds and preferably 2-3 secs.

That's the most important thing to do *first*.  That way you can measure 
the difference once any tuning has been done.

By far the most heavyweight process is going to be SpamAssassin - so 
that's most likely the area you are going to need to focus on.  Are you 
using Bayes?  If so - using which storage method?

Regards,
Steve.
From maxsec at gmail.com  Wed May  5 14:44:00 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Wed May  5 14:44:09 2010
Subject: Extracting those last drops of performance
In-Reply-To: <4BE16048.50301@fsl.com>
References: <h2s3e1809421005040944r3a381182rab0b0ea6983e1096@mail.gmail.com>
	<4BE16048.50301@fsl.com>
Message-ID: <y2y72cf361e1005050644l108e219ah7108d22d0175c59b@mail.gmail.com>

On 5 May 2010 13:10, Steve Freegard <steve.freegard@fsl.com> wrote:

> On 04/05/10 17:44, Zaeem Arshad wrote:
>
>> I am using caching dns, ram disk for processing, clamd, compiled
>> spamassassin rules and optimized scheduler and filesystems in this
>> server. Any ideas on how I can tweak the above settings to gain more
>> MailScanner performance?
>>
>
> Set 'Log Speed = yes' in MailScanner.conf; then plot the average time spent
> per message.  This is the key metric when tuning; it should be < 10 seconds
> and preferably 2-3 secs.
>
> That's the most important thing to do *first*.  That way you can measure
> the difference once any tuning has been done.
>
> By far the most heavyweight process is going to be SpamAssassin - so that's
> most likely the area you are going to need to focus on.  Are you using
> Bayes?  If so - using which storage method?
>
> Regards,
> Steve.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

Also have a look at the "getting the most out of spamassassin" and the
performance tuning (just above the getting the most on the same page). It's
a little dated but does give some pointers to get you started.

makeing sure you're only hitting RBLS you have local zone transfers for etc
will help alot if you've not already done that.

-- 
Martin Hepworth
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100505/510741fd/attachment.html
From zaeem.arshad at gmail.com  Wed May  5 18:47:31 2010
From: zaeem.arshad at gmail.com (Zaeem Arshad)
Date: Wed May  5 18:47:41 2010
Subject: Extracting those last drops of performance
In-Reply-To: <76415AED4CCF214F80FD9B0DA9A9EE455DCF13@HC-MBX01.herefordshire.gov.uk>
References: <h2s3e1809421005040944r3a381182rab0b0ea6983e1096@mail.gmail.com>
	<76415AED4CCF214F80FD9B0DA9A9EE455DCF13@HC-MBX01.herefordshire.gov.uk>
Message-ID: <y2r3e1809421005051047jd939f327q9d776a29b1d9a571@mail.gmail.com>

On Wed, May 5, 2010 at 4:44 PM, Randal, Phil
<prandal@herefordshire.gov.uk> wrote:
> Does vmstat show any swapping going on? ?If so, reduce the number of
> children.
>

Nopes none.

> You might wish to play with the
>
> ?Max SpamAssassin Size

Max SpamAssassin Size = 200k


Should I look into changing that?

--
Zaeem
From zaeem.arshad at gmail.com  Wed May  5 18:52:51 2010
From: zaeem.arshad at gmail.com (Zaeem Arshad)
Date: Wed May  5 18:53:00 2010
Subject: Extracting those last drops of performance
In-Reply-To: <4BE16048.50301@fsl.com>
References: <h2s3e1809421005040944r3a381182rab0b0ea6983e1096@mail.gmail.com>
	<4BE16048.50301@fsl.com>
Message-ID: <o2g3e1809421005051052i3ef31a56id00dfa4d23708e50@mail.gmail.com>

On Wed, May 5, 2010 at 5:10 PM, Steve Freegard <steve.freegard@fsl.com> wrote:
> On 04/05/10 17:44, Zaeem Arshad wrote:
>>
>> I am using caching dns, ram disk for processing, clamd, compiled
>> spamassassin rules and optimized scheduler and filesystems in this
>> server. Any ideas on how I can tweak the above settings to gain more
>> MailScanner performance?
>
> Set 'Log Speed = yes' in MailScanner.conf; then plot the average time spent
> per message. ?This is the key metric when tuning; it should be < 10 seconds
> and preferably 2-3 secs.
>

I have already set that but I am not plotting them today. Is there any
perl script out there or should I set on writing one? Here is a
snippet of yesterday's MS performance under heavy load.

May  4 18:58:05  MailScanner[14995]: Batch completed at 35840 bytes
per second (11183886 / 312)
May  4 18:58:05  MailScanner[14995]: Batch (50 messages) processed in
312.04 seconds
May  4 18:58:20  MailScanner[14287]: Batch completed at 7375 bytes per
second (2866715 / 388)
May  4 18:58:20  MailScanner[14287]: Batch (50 messages) processed in
388.70 seconds
May  4 18:58:22  MailScanner[16953]: Batch completed at 14607 bytes
per second (4765445 / 326)
May  4 18:58:22  MailScanner[16953]: Batch (50 messages) processed in
326.23 seconds
May  4 18:58:39  MailScanner[14596]: Batch completed at 40698 bytes
per second (13424209 / 329)
May  4 18:58:39  MailScanner[14596]: Batch (50 messages) processed in
329.84 seconds
May  4 18:58:39  MailScanner[14892]: Batch completed at 15236 bytes
per second (5905691 / 387)
May  4 18:58:39  MailScanner[14892]: Batch (50 messages) processed in
387.61 seconds
May  4 18:58:45  MailScanner[22446]: Batch completed at 11210 bytes
per second (3952639 / 352)
May  4 18:58:45  MailScanner[22446]: Batch (50 messages) processed in
352.59 seconds
May  4 18:58:53  MailScanner[22253]: Batch completed at 34643 bytes
per second (12635074 / 364)
May  4 18:58:53  MailScanner[22253]: Batch (50 messages) processed in
364.72 seconds
May  4 18:59:06  MailScanner[16612]: Batch completed at 34091 bytes
per second (12036761 / 353)
May  4 18:59:06  MailScanner[16612]: Batch (50 messages) processed in
353.07 seconds
May  4 18:59:17  MailScanner[12768]: Batch completed at 30726 bytes
per second (11356957 / 369)
May  4 18:59:17  MailScanner[12768]: Batch (50 messages) processed in
369.61 seconds
May  4 18:59:28  MailScanner[13267]: Batch completed at 31812 bytes
per second (11076141 / 348)
May  4 18:59:28  MailScanner[13267]: Batch (50 messages) processed in
348.17 seconds
May  4 18:59:30  MailScanner[15241]: Batch completed at 71356 bytes
per second (23231603 / 325)
May  4 18:59:30  MailScanner[15241]: Batch (50 messages) processed in
325.57 seconds
May  4 18:59:56  MailScanner[15478]: Batch completed at 12213 bytes
per second (4247264 / 347)
May  4 18:59:56  MailScanner[15478]: Batch (50 messages) processed in
347.75 seconds


> ?Are you using
> Bayes? ?If so - using which storage method?

Yes I am using file based bayes stored on tmpfs. I do take regular backups.


--
Zaeem
From zaeem.arshad at gmail.com  Wed May  5 18:54:11 2010
From: zaeem.arshad at gmail.com (Zaeem Arshad)
Date: Wed May  5 18:54:22 2010
Subject: Extracting those last drops of performance
In-Reply-To: <y2y72cf361e1005050644l108e219ah7108d22d0175c59b@mail.gmail.com>
References: <h2s3e1809421005040944r3a381182rab0b0ea6983e1096@mail.gmail.com>
	<4BE16048.50301@fsl.com>
	<y2y72cf361e1005050644l108e219ah7108d22d0175c59b@mail.gmail.com>
Message-ID: <p2l3e1809421005051054pd4b746b7qa7df3aa85fb40541@mail.gmail.com>

On Wed, May 5, 2010 at 6:44 PM, Martin Hepworth <maxsec@gmail.com> wrote:
>


>
> makeing sure you're only hitting RBLS you have local zone transfers for etc
> will help alot if you've not already done that.

While I do use caching DNS, I do not have local zone transfers. Will
look into that as I only use spamhaus and barracuda RBL.


--
Zaeem
From steve.freegard at fsl.com  Wed May  5 19:18:27 2010
From: steve.freegard at fsl.com (Steve Freegard)
Date: Wed May  5 19:18:40 2010
Subject: Extracting those last drops of performance
In-Reply-To: <o2g3e1809421005051052i3ef31a56id00dfa4d23708e50@mail.gmail.com>
References: <h2s3e1809421005040944r3a381182rab0b0ea6983e1096@mail.gmail.com>	<4BE16048.50301@fsl.com>
	<o2g3e1809421005051052i3ef31a56id00dfa4d23708e50@mail.gmail.com>
Message-ID: <4BE1B673.9080308@fsl.com>

On 05/05/10 18:52, Zaeem Arshad wrote:
> On Wed, May 5, 2010 at 5:10 PM, Steve Freegard<steve.freegard@fsl.com>  wrote:
>> On 04/05/10 17:44, Zaeem Arshad wrote:
>>>
>>> I am using caching dns, ram disk for processing, clamd, compiled
>>> spamassassin rules and optimized scheduler and filesystems in this
>>> server. Any ideas on how I can tweak the above settings to gain more
>>> MailScanner performance?
>>
>> Set 'Log Speed = yes' in MailScanner.conf; then plot the average time spent
>> per message.  This is the key metric when tuning; it should be<  10 seconds
>> and preferably 2-3 secs.
>>
>
> I have already set that but I am not plotting them today. Is there any
> perl script out there or should I set on writing one? Here is a
> snippet of yesterday's MS performance under heavy load.
>
> May  4 18:58:05  MailScanner[14995]: Batch completed at 35840 bytes
> per second (11183886 / 312)
> May  4 18:58:05  MailScanner[14995]: Batch (50 messages) processed in
> 312.04 seconds
> May  4 18:58:20  MailScanner[14287]: Batch completed at 7375 bytes per
> second (2866715 / 388)
> May  4 18:58:20  MailScanner[14287]: Batch (50 messages) processed in
> 388.70 seconds
> May  4 18:58:22  MailScanner[16953]: Batch completed at 14607 bytes
> per second (4765445 / 326)
> May  4 18:58:22  MailScanner[16953]: Batch (50 messages) processed in
> 326.23 seconds
> May  4 18:58:39  MailScanner[14596]: Batch completed at 40698 bytes
> per second (13424209 / 329)
> May  4 18:58:39  MailScanner[14596]: Batch (50 messages) processed in
> 329.84 seconds
> May  4 18:58:39  MailScanner[14892]: Batch completed at 15236 bytes
> per second (5905691 / 387)
> May  4 18:58:39  MailScanner[14892]: Batch (50 messages) processed in
> 387.61 seconds
> May  4 18:58:45  MailScanner[22446]: Batch completed at 11210 bytes
> per second (3952639 / 352)
> May  4 18:58:45  MailScanner[22446]: Batch (50 messages) processed in
> 352.59 seconds
> May  4 18:58:53  MailScanner[22253]: Batch completed at 34643 bytes
> per second (12635074 / 364)
> May  4 18:58:53  MailScanner[22253]: Batch (50 messages) processed in
> 364.72 seconds
> May  4 18:59:06  MailScanner[16612]: Batch completed at 34091 bytes
> per second (12036761 / 353)
> May  4 18:59:06  MailScanner[16612]: Batch (50 messages) processed in
> 353.07 seconds
> May  4 18:59:17  MailScanner[12768]: Batch completed at 30726 bytes
> per second (11356957 / 369)
> May  4 18:59:17  MailScanner[12768]: Batch (50 messages) processed in
> 369.61 seconds
> May  4 18:59:28  MailScanner[13267]: Batch completed at 31812 bytes
> per second (11076141 / 348)
> May  4 18:59:28  MailScanner[13267]: Batch (50 messages) processed in
> 348.17 seconds
> May  4 18:59:30  MailScanner[15241]: Batch completed at 71356 bytes
> per second (23231603 / 325)
> May  4 18:59:30  MailScanner[15241]: Batch (50 messages) processed in
> 325.57 seconds
> May  4 18:59:56  MailScanner[15478]: Batch completed at 12213 bytes
> per second (4247264 / 347)
> May  4 18:59:56  MailScanner[15478]: Batch (50 messages) processed in
> 347.75 seconds
>

Average scan time is 6-7 seconds based on those numbers.  That's a 
little high but not bad.

>>   Are you using
>> Bayes?  If so - using which storage method?
>
> Yes I am using file based bayes stored on tmpfs. I do take regular backups.
>

Try MySQL + InnoDB with the Mail::SpamAssassin::Bayes::MySQL driver - 
according to the benchmarks it's by far the fastest storage method and 
it won't suffer from the locking issues that you'll see with file-based 
bayes.

Regards,
Steve.
From Garrod.Alwood at lorodoes.com  Wed May  5 20:04:42 2010
From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood)
Date: Wed May  5 20:15:52 2010
Subject: OT: Secondary Anti-virus along side ClamAV
Message-ID: <B08BAE926BEC9A479032897B9665A55701288E94E6F4@homedom.Alwood.local>

Hey Everyone,
     I am about to build 4 new servers and I am thinking of adding another anti-virus along side of clamAV. I have really been looking at bit defender, but I'm not sure which bit defender to get either the unices or mail server, so if anyone has any suggestions please let me know.


Garrod M. Alwood
Consultant
garrod.alwood@lorodoes.com
904.738.4988
-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From jancarel.putter at gmail.com  Wed May  5 20:29:31 2010
From: jancarel.putter at gmail.com (JC Putter)
Date: Wed May  5 20:27:36 2010
Subject: OT: Secondary Anti-virus along side ClamAV
In-Reply-To: <B08BAE926BEC9A479032897B9665A55701288E94E6F4@homedom.Alwood.local>
References: <B08BAE926BEC9A479032897B9665A55701288E94E6F4@homedom.Alwood.local>
Message-ID: <2062606063-1273087634-cardhu_decombobulator_blackberry.rim.net-1439286720-@bda108.bisx.produk.on.blackberry>

Give antivir a try
Sent via BlackBerry

-----Original Message-----
From: "Garrod M. Alwood" <Garrod.Alwood@lorodoes.com>
Date: Wed, 5 May 2010 15:04:42 
To: MailScanner discussion<mailscanner@lists.mailscanner.info>
Subject: OT: Secondary Anti-virus along side ClamAV

Hey Everyone,
     I am about to build 4 new servers and I am thinking of adding another anti-virus along side of clamAV. I have really been looking at bit defender, but I'm not sure which bit defender to get either the unices or mail server, so if anyone has any suggestions please let me know.


Garrod M. Alwood
Consultant
garrod.alwood@lorodoes.com
904.738.4988
-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
From steve.freegard at fsl.com  Wed May  5 21:51:50 2010
From: steve.freegard at fsl.com (Steve Freegard)
Date: Wed May  5 21:52:04 2010
Subject: OT: Secondary Anti-virus along side ClamAV
In-Reply-To: <B08BAE926BEC9A479032897B9665A55701288E94E6F4@homedom.Alwood.local>
References: <B08BAE926BEC9A479032897B9665A55701288E94E6F4@homedom.Alwood.local>
Message-ID: <4BE1DA66.60704@fsl.com>

On 05/05/10 20:04, Garrod M. Alwood wrote:
> Hey Everyone,
>       I am about to build 4 new servers and I am thinking of adding another anti-virus along side of clamAV. I have really been looking at bit defender, but I'm not sure which bit defender to get either the unices or mail server, so if anyone has any suggestions please let me know.
>

F-Prot as it's a daemon scanner like Clamd (via fpscand) and therefore 
much faster than the command-line equivalent.

Regards,
Steve.

From maxsec at gmail.com  Thu May  6 08:46:32 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Thu May  6 08:46:41 2010
Subject: Extracting those last drops of performance
In-Reply-To: <p2l3e1809421005051054pd4b746b7qa7df3aa85fb40541@mail.gmail.com>
References: <h2s3e1809421005040944r3a381182rab0b0ea6983e1096@mail.gmail.com>
	<4BE16048.50301@fsl.com>
	<y2y72cf361e1005050644l108e219ah7108d22d0175c59b@mail.gmail.com>
	<p2l3e1809421005051054pd4b746b7qa7df3aa85fb40541@mail.gmail.com>
Message-ID: <n2t72cf361e1005060046r65e925a9pbbdf34988cf69053@mail.gmail.com>

If you're using spamhaus with that kind of load you WILL need the datafeed
or you'll get blocked..

http://www.spamhaus.org/datafeed/index.lasso


On 5 May 2010 18:54, Zaeem Arshad <zaeem.arshad@gmail.com> wrote:

> On Wed, May 5, 2010 at 6:44 PM, Martin Hepworth <maxsec@gmail.com> wrote:
> >
>
>
> >
> > makeing sure you're only hitting RBLS you have local zone transfers for
> etc
> > will help alot if you've not already done that.
>
> While I do use caching DNS, I do not have local zone transfers. Will
> look into that as I only use spamhaus and barracuda RBL.
>
>
> --
> Zaeem
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



-- 
Martin Hepworth
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100506/53ff4fd1/attachment.html
From richard at fastnet.co.uk  Thu May  6 14:09:28 2010
From: richard at fastnet.co.uk (Richard Mealing)
Date: Thu May  6 14:08:29 2010
Subject: White lists.
Message-ID: <E6BE51A3C3EE3147947B0CBCE62442D602177A9F@fnserver02.fastnet.local>

Hi everyone,

 

I've had a couple of instances where a user has sent out a mail shot,
but copied themselves in and received their email back, but as spam.

The problem is, this particular domain is not being scanned for spam,
nor has the domain got a white list (we use white lists per domain in a
flat file).

 

I see in the logs, something like this - 

 

o45ID9D6093076 from 212.**.191.99 (info@thedomain.com) ignored
whitelist, had 138 recipients (>20) 

May  5 19:14:45 mailfilter9 MailScanner[47546]: Message o45ID9D6093076
from 212.**.191.99 (info@thedomain.com) to ..... Then all the
recipients.

 

It does not say anything about the email being caught as spam, nor does
it say it delivered it as an attachment, I guess because they have
nothing set in my forwarding rules and the domain is not in the scanning
rules.

 

I can tell them to send out through a non mailscanner relay server, also
I have only seen this twice in the last few months. Maybe because it's
only been reported to me twice.

 

I just wondered has anyone seen anything like this before, or would you
know why the sender would get their email back with the spam tag? As far
as I can see the emails they sent out are fine.

 

 

I'm running FreeBSD 7.2 (all upgraded), I'm using the latest Mailscanner
Beta 4.80.4. Latest Clamd and SpamAssassin. 

Many thanks

 

Rich

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100506/a31d04f9/attachment.html
From MailScanner at ecs.soton.ac.uk  Thu May  6 14:25:37 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May  6 14:25:54 2010
Subject: White lists.
In-Reply-To: <E6BE51A3C3EE3147947B0CBCE62442D602177A9F@fnserver02.fastnet.local>
References: <E6BE51A3C3EE3147947B0CBCE62442D602177A9F@fnserver02.fastnet.local>
	<4BE2C351.4000101@ecs.soton.ac.uk>
Message-ID: <EMEW3|831808111d6778d928ca44d64229256bm45EPe0bMailScanner|ecs.soton.ac.uk|4BE2C351.4000101@ecs.soton.ac.uk>



On 06/05/2010 14:09, Richard Mealing wrote:
>
> Hi everyone,
>
> I?ve had a couple of instances where a user has sent out a mail shot, 
> but copied themselves in and received their email back, but as spam.
>
> The problem is, this particular domain is not being scanned for spam, 
> nor has the domain got a white list (we use white lists per domain in 
> a flat file).
>
> I see in the logs, something like this ?
>
> o45ID9D6093076 from 212.**.191.99 (info@thedomain.com 
> <mailto:info@thedomain.com>) ignored whitelist, had 138 recipients (>20)
>
> May 5 19:14:45 mailfilter9 MailScanner[47546]: Message o45ID9D6093076 
> from 212.**.191.99 (info@thedomain.com <mailto:info@thedomain.com>) to 
> ?.. Then all the recipients.
>
> It does not say anything about the email being caught as spam, nor 
> does it say it delivered it as an attachment, I guess because they 
> have nothing set in my forwarding rules and the domain is not in the 
> scanning rules.
>
> I can tell them to send out through a non mailscanner relay server, 
> also I have only seen this twice in the last few months. Maybe because 
> it?s only been reported to me twice.
>
> I just wondered has anyone seen anything like this before, or would 
> you know why the sender would get their email back with the spam tag? 
> As far as I can see the emails they sent out are fine.
>
Have you seen this in MailScanner.conf:

# Spammers have learnt that they can get their message through by sending
# a message with lots of recipients, one of which chooses to whitelist
# everything coming to them, including the spammer.
# So if a message arrives with more than this number of recipients, ignore
# the "Is Definitely Not Spam" whitelist.
Ignore Spam Whitelist If Recipients Exceed = 20

?

> I?m running FreeBSD 7.2 (all upgraded), I?m using the latest 
> Mailscanner Beta 4.80.4. Latest Clamd and SpamAssassin.
>
> Many thanks
>
> Rich
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From richard at fastnet.co.uk  Thu May  6 15:21:48 2010
From: richard at fastnet.co.uk (Richard Mealing)
Date: Thu May  6 15:20:49 2010
Subject: White lists.
In-Reply-To: <EMEW3|831808111d6778d928ca44d64229256bm45EPe0bMailScanner|ecs.soton.ac.uk|4BE2C351.4000101@ecs.soton.ac.uk>
References: <E6BE51A3C3EE3147947B0CBCE62442D602177A9F@fnserver02.fastnet.local><4BE2C351.4000101@ecs.soton.ac.uk>
	<EMEW3|831808111d6778d928ca44d64229256bm45EPe0bMailScanner|ecs.soton.ac.uk|4BE2C351.4000101@ecs.soton.ac.uk>
Message-ID: <E6BE51A3C3EE3147947B0CBCE62442D602177ABD@fnserver02.fastnet.local>

Hi Jules,


-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian
Field
Sent: 06 May 2010 14:26
To: MailScanner discussion
Subject: Re: White lists.



On 06/05/2010 14:09, Richard Mealing wrote:
>
> Hi everyone,
>
> I've had a couple of instances where a user has sent out a mail shot, 
> but copied themselves in and received their email back, but as spam.
>
> The problem is, this particular domain is not being scanned for spam, 
> nor has the domain got a white list (we use white lists per domain in 
> a flat file).
>
> I see in the logs, something like this -
>
> o45ID9D6093076 from 212.**.191.99 (info@thedomain.com 
> <mailto:info@thedomain.com>) ignored whitelist, had 138 recipients
(>20)
>
> May 5 19:14:45 mailfilter9 MailScanner[47546]: Message o45ID9D6093076 
> from 212.**.191.99 (info@thedomain.com <mailto:info@thedomain.com>) to

> ..... Then all the recipients.
>
> It does not say anything about the email being caught as spam, nor 
> does it say it delivered it as an attachment, I guess because they 
> have nothing set in my forwarding rules and the domain is not in the 
> scanning rules.
>
> I can tell them to send out through a non mailscanner relay server, 
> also I have only seen this twice in the last few months. Maybe because

> it's only been reported to me twice.
>
> I just wondered has anyone seen anything like this before, or would 
> you know why the sender would get their email back with the spam tag? 
> As far as I can see the emails they sent out are fine.
>
Have you seen this in MailScanner.conf:

# Spammers have learnt that they can get their message through by
sending
# a message with lots of recipients, one of which chooses to whitelist
# everything coming to them, including the spammer.
# So if a message arrives with more than this number of recipients,
ignore
# the "Is Definitely Not Spam" whitelist.
Ignore Spam Whitelist If Recipients Exceed = 20

?

> I'm running FreeBSD 7.2 (all upgraded), I'm using the latest 
> Mailscanner Beta 4.80.4. Latest Clamd and SpamAssassin.
>
> Many thanks
>
> Rich
>

Jules


......

I did read that, but should they be getting a spam tagged email if they
are not being scanned in the first place?

I also have this set in MailScanner.conf - 

# Do you want to check messages to see if they are spam?
# Note: If you switch this off then *no* spam checks will be done at
all.
#       This includes both MailScanner's own checks and SpamAssassin.
#       If you want to just disable the "Spam List" feature then set
#       "Spam List =" (i.e. an empty list) in the setting below.
# This can also be the filename of a ruleset.
Spam Checks = %rules-dir%/spam.scanning.rules

In this file I have - To:     default         no


Then I have a list of domains that I want to scan, but the domain below
is not in this file, so should not be scanned at all.


-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


From zaeem.arshad at gmail.com  Thu May  6 18:20:03 2010
From: zaeem.arshad at gmail.com (Zaeem Arshad)
Date: Thu May  6 18:20:14 2010
Subject: Extracting those last drops of performance
In-Reply-To: <4BE1B673.9080308@fsl.com>
References: <h2s3e1809421005040944r3a381182rab0b0ea6983e1096@mail.gmail.com>
	<4BE16048.50301@fsl.com>
	<o2g3e1809421005051052i3ef31a56id00dfa4d23708e50@mail.gmail.com>
	<4BE1B673.9080308@fsl.com>
Message-ID: <m2m3e1809421005061020l74a303f6k5d1e9820fe41b09f@mail.gmail.com>

On Wed, May 5, 2010 at 11:18 PM, Steve Freegard <steve.freegard@fsl.com> wrote:
> On 05/05/10 18:52, Zaeem Arshad wrote:
>>
>> On Wed, May 5, 2010 at 5:10 PM, Steve Freegard<steve.freegard@fsl.com>
>> ?wrote:
>>>
>>> On 04/05/10 17:44, Zaeem Arshad wrote:
>>>>
>>>> I am using caching dns, ram disk for processing, clamd, compiled
>>>> spamassassin rules and optimized scheduler and filesystems in this
>>>> server. Any ideas on how I can tweak the above settings to gain more
>>>> MailScanner performance?
>>>
>>> Set 'Log Speed = yes' in MailScanner.conf; then plot the average time
>>> spent
>>> per message. ?This is the key metric when tuning; it should be< ?10
>>> seconds
>>> and preferably 2-3 secs.
>>>
>>
>> I have already set that but I am not plotting them today. Is there any
>> perl script out there or should I set on writing one? Here is a
>> snippet of yesterday's MS performance under heavy load.
>>
>> May ?4 18:58:05 ?MailScanner[14995]: Batch completed at 35840 bytes
>> per second (11183886 / 312)
>> May ?4 18:58:05 ?MailScanner[14995]: Batch (50 messages) processed in
>> 312.04 seconds
>> May ?4 18:58:20 ?MailScanner[14287]: Batch completed at 7375 bytes per
>> second (2866715 / 388)
>> May ?4 18:58:20 ?MailScanner[14287]: Batch (50 messages) processed in
>> 388.70 seconds
>> May ?4 18:58:22 ?MailScanner[16953]: Batch completed at 14607 bytes
>> per second (4765445 / 326)
>> May ?4 18:58:22 ?MailScanner[16953]: Batch (50 messages) processed in
>> 326.23 seconds
>> May ?4 18:58:39 ?MailScanner[14596]: Batch completed at 40698 bytes
>> per second (13424209 / 329)
>> May ?4 18:58:39 ?MailScanner[14596]: Batch (50 messages) processed in
>> 329.84 seconds
>> May ?4 18:58:39 ?MailScanner[14892]: Batch completed at 15236 bytes
>> per second (5905691 / 387)
>> May ?4 18:58:39 ?MailScanner[14892]: Batch (50 messages) processed in
>> 387.61 seconds
>> May ?4 18:58:45 ?MailScanner[22446]: Batch completed at 11210 bytes
>> per second (3952639 / 352)
>> May ?4 18:58:45 ?MailScanner[22446]: Batch (50 messages) processed in
>> 352.59 seconds
>> May ?4 18:58:53 ?MailScanner[22253]: Batch completed at 34643 bytes
>> per second (12635074 / 364)
>> May ?4 18:58:53 ?MailScanner[22253]: Batch (50 messages) processed in
>> 364.72 seconds
>> May ?4 18:59:06 ?MailScanner[16612]: Batch completed at 34091 bytes
>> per second (12036761 / 353)
>> May ?4 18:59:06 ?MailScanner[16612]: Batch (50 messages) processed in
>> 353.07 seconds
>> May ?4 18:59:17 ?MailScanner[12768]: Batch completed at 30726 bytes
>> per second (11356957 / 369)
>> May ?4 18:59:17 ?MailScanner[12768]: Batch (50 messages) processed in
>> 369.61 seconds
>> May ?4 18:59:28 ?MailScanner[13267]: Batch completed at 31812 bytes
>> per second (11076141 / 348)
>> May ?4 18:59:28 ?MailScanner[13267]: Batch (50 messages) processed in
>> 348.17 seconds
>> May ?4 18:59:30 ?MailScanner[15241]: Batch completed at 71356 bytes
>> per second (23231603 / 325)
>> May ?4 18:59:30 ?MailScanner[15241]: Batch (50 messages) processed in
>> 325.57 seconds
>> May ?4 18:59:56 ?MailScanner[15478]: Batch completed at 12213 bytes
>> per second (4247264 / 347)
>> May ?4 18:59:56 ?MailScanner[15478]: Batch (50 messages) processed in
>> 347.75 seconds
>>
>
> Average scan time is 6-7 seconds based on those numbers. ?That's a little
> high but not bad.
>
>>> ?Are you using
>>> Bayes? ?If so - using which storage method?
>>
>> Yes I am using file based bayes stored on tmpfs. I do take regular
>> backups.
>>
>
> Try MySQL + InnoDB with the Mail::SpamAssassin::Bayes::MySQL driver -
> according to the benchmarks it's by far the fastest storage method and it
> won't suffer from the locking issues that you'll see with file-based bayes.
>

Thanks Steve. I will definitely test this out.
From zaeem.arshad at gmail.com  Thu May  6 18:21:17 2010
From: zaeem.arshad at gmail.com (Zaeem Arshad)
Date: Thu May  6 18:21:27 2010
Subject: Extracting those last drops of performance
In-Reply-To: <n2t72cf361e1005060046r65e925a9pbbdf34988cf69053@mail.gmail.com>
References: <h2s3e1809421005040944r3a381182rab0b0ea6983e1096@mail.gmail.com>
	<4BE16048.50301@fsl.com>
	<y2y72cf361e1005050644l108e219ah7108d22d0175c59b@mail.gmail.com>
	<p2l3e1809421005051054pd4b746b7qa7df3aa85fb40541@mail.gmail.com>
	<n2t72cf361e1005060046r65e925a9pbbdf34988cf69053@mail.gmail.com>
Message-ID: <i2j3e1809421005061021ocf7965ceh70a156f5a122f48f@mail.gmail.com>

On Thu, May 6, 2010 at 12:46 PM, Martin Hepworth <maxsec@gmail.com> wrote:
> If you're using spamhaus with that kind of load you WILL need the datafeed
> or you'll get blocked..
>
> http://www.spamhaus.org/datafeed/index.lasso
>

My primary RBL is Barracuda which takes care of around 90% of the
blacklisted IPs. So a very minor number passes the BRBL and is blocked
by Spamhaus.
From maxsec at gmail.com  Thu May  6 20:02:16 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Thu May  6 20:02:25 2010
Subject: Extracting those last drops of performance
In-Reply-To: <i2j3e1809421005061021ocf7965ceh70a156f5a122f48f@mail.gmail.com>
References: <h2s3e1809421005040944r3a381182rab0b0ea6983e1096@mail.gmail.com>
	<4BE16048.50301@fsl.com>
	<y2y72cf361e1005050644l108e219ah7108d22d0175c59b@mail.gmail.com>
	<p2l3e1809421005051054pd4b746b7qa7df3aa85fb40541@mail.gmail.com>
	<n2t72cf361e1005060046r65e925a9pbbdf34988cf69053@mail.gmail.com>
	<i2j3e1809421005061021ocf7965ceh70a156f5a122f48f@mail.gmail.com>
Message-ID: <z2o72cf361e1005061202hd7fbff91gd65b1d6d7b0a65b@mail.gmail.com>

On 6 May 2010 18:21, Zaeem Arshad <zaeem.arshad@gmail.com> wrote:

> On Thu, May 6, 2010 at 12:46 PM, Martin Hepworth <maxsec@gmail.com> wrote:
> > If you're using spamhaus with that kind of load you WILL need the
> datafeed
> > or you'll get blocked..
> >
> > http://www.spamhaus.org/datafeed/index.lasso
> >
>
> My primary RBL is Barracuda which takes care of around 90% of the
> blacklisted IPs. So a very minor number passes the BRBL and is blocked
> by Spamhaus.
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

depends if you are pipelining the RBLS in the MTA or letting
MailScanner/spamassassin do it in which you'll be passing every email over
the RBL.

If you're doing RBL at MTA stage then make sure you turn the RBL's off in
Spamassassin as you're only wasting cycles. Given them a zero score in
mailscanner.cf

-- 
Martin Hepworth
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100506/ebdf3800/attachment.html
From ssilva at sgvwater.com  Thu May  6 21:53:38 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu May  6 21:53:58 2010
Subject: White lists.
In-Reply-To: <E6BE51A3C3EE3147947B0CBCE62442D602177ABD@fnserver02.fastnet.local>
References: <E6BE51A3C3EE3147947B0CBCE62442D602177A9F@fnserver02.fastnet.local><4BE2C351.4000101@ecs.soton.ac.uk>	<EMEW3|831808111d6778d928ca44d64229256bm45EPe0bMailScanner|ecs.soton.ac.uk|4BE2C351.4000101@ecs.soton.ac.uk>
	<E6BE51A3C3EE3147947B0CBCE62442D602177ABD@fnserver02.fastnet.local>
Message-ID: <4BE32C52.3060801@sgvwater.com>

on 5-6-2010 7:21 AM Richard Mealing spake the following:
> Hi Jules,
> 
> 
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian
> Field
> Sent: 06 May 2010 14:26
> To: MailScanner discussion
> Subject: Re: White lists.
> 
> 
> 
> On 06/05/2010 14:09, Richard Mealing wrote:
>>
>> Hi everyone,
>>
>> I've had a couple of instances where a user has sent out a mail shot, 
>> but copied themselves in and received their email back, but as spam.
>>
>> The problem is, this particular domain is not being scanned for spam, 
>> nor has the domain got a white list (we use white lists per domain in 
>> a flat file).
>>
>> I see in the logs, something like this -
>>
>> o45ID9D6093076 from 212.**.191.99 (info@thedomain.com 
>> <mailto:info@thedomain.com>) ignored whitelist, had 138 recipients
> (>20)
>>
>> May 5 19:14:45 mailfilter9 MailScanner[47546]: Message o45ID9D6093076 
>> from 212.**.191.99 (info@thedomain.com <mailto:info@thedomain.com>) to
> 
>> ..... Then all the recipients.
>>
>> It does not say anything about the email being caught as spam, nor 
>> does it say it delivered it as an attachment, I guess because they 
>> have nothing set in my forwarding rules and the domain is not in the 
>> scanning rules.
>>
>> I can tell them to send out through a non mailscanner relay server, 
>> also I have only seen this twice in the last few months. Maybe because
> 
>> it's only been reported to me twice.
>>
>> I just wondered has anyone seen anything like this before, or would 
>> you know why the sender would get their email back with the spam tag? 
>> As far as I can see the emails they sent out are fine.
>>
> Have you seen this in MailScanner.conf:
> 
> # Spammers have learnt that they can get their message through by
> sending
> # a message with lots of recipients, one of which chooses to whitelist
> # everything coming to them, including the spammer.
> # So if a message arrives with more than this number of recipients,
> ignore
> # the "Is Definitely Not Spam" whitelist.
> Ignore Spam Whitelist If Recipients Exceed = 20
> 
> ?
> 
>> I'm running FreeBSD 7.2 (all upgraded), I'm using the latest 
>> Mailscanner Beta 4.80.4. Latest Clamd and SpamAssassin.
>>
>> Many thanks
>>
>> Rich
>>
> 
> Jules
> 
> 
> ......
> 
> I did read that, but should they be getting a spam tagged email if they
> are not being scanned in the first place?
> 
> I also have this set in MailScanner.conf - 
> 
> # Do you want to check messages to see if they are spam?
> # Note: If you switch this off then *no* spam checks will be done at
> all.
> #       This includes both MailScanner's own checks and SpamAssassin.
> #       If you want to just disable the "Spam List" feature then set
> #       "Spam List =" (i.e. an empty list) in the setting below.
> # This can also be the filename of a ruleset.
> Spam Checks = %rules-dir%/spam.scanning.rules
> 
> In this file I have - To:     default         no
> 
> 
> Then I have a list of domains that I want to scan, but the domain below
> is not in this file, so should not be scanned at all.
> 
> 
Are any of the ppl in the list in domains that are scanned?

From ssilva at sgvwater.com  Thu May  6 21:53:38 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu May  6 21:54:31 2010
Subject: White lists. {Scanned}
In-Reply-To: <E6BE51A3C3EE3147947B0CBCE62442D602177ABD@fnserver02.fastnet.local>
References: <E6BE51A3C3EE3147947B0CBCE62442D602177A9F@fnserver02.fastnet.local><4BE2C351.4000101@ecs.soton.ac.uk>	<EMEW3|831808111d6778d928ca44d64229256bm45EPe0bMailScanner|ecs.soton.ac.uk|4BE2C351.4000101@ecs.soton.ac.uk>
	<E6BE51A3C3EE3147947B0CBCE62442D602177ABD@fnserver02.fastnet.local>
Message-ID: <4BE32C52.3060801@sgvwater.com>

on 5-6-2010 7:21 AM Richard Mealing spake the following:
> Hi Jules,
> 
> 
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian
> Field
> Sent: 06 May 2010 14:26
> To: MailScanner discussion
> Subject: Re: White lists.
> 
> 
> 
> On 06/05/2010 14:09, Richard Mealing wrote:
>>
>> Hi everyone,
>>
>> I've had a couple of instances where a user has sent out a mail shot, 
>> but copied themselves in and received their email back, but as spam.
>>
>> The problem is, this particular domain is not being scanned for spam, 
>> nor has the domain got a white list (we use white lists per domain in 
>> a flat file).
>>
>> I see in the logs, something like this -
>>
>> o45ID9D6093076 from 212.**.191.99 (info@thedomain.com 
>> <mailto:info@thedomain.com>) ignored whitelist, had 138 recipients
> (>20)
>>
>> May 5 19:14:45 mailfilter9 MailScanner[47546]: Message o45ID9D6093076 
>> from 212.**.191.99 (info@thedomain.com <mailto:info@thedomain.com>) to
> 
>> ..... Then all the recipients.
>>
>> It does not say anything about the email being caught as spam, nor 
>> does it say it delivered it as an attachment, I guess because they 
>> have nothing set in my forwarding rules and the domain is not in the 
>> scanning rules.
>>
>> I can tell them to send out through a non mailscanner relay server, 
>> also I have only seen this twice in the last few months. Maybe because
> 
>> it's only been reported to me twice.
>>
>> I just wondered has anyone seen anything like this before, or would 
>> you know why the sender would get their email back with the spam tag? 
>> As far as I can see the emails they sent out are fine.
>>
> Have you seen this in MailScanner.conf:
> 
> # Spammers have learnt that they can get their message through by
> sending
> # a message with lots of recipients, one of which chooses to whitelist
> # everything coming to them, including the spammer.
> # So if a message arrives with more than this number of recipients,
> ignore
> # the "Is Definitely Not Spam" whitelist.
> Ignore Spam Whitelist If Recipients Exceed = 20
> 
> ?
> 
>> I'm running FreeBSD 7.2 (all upgraded), I'm using the latest 
>> Mailscanner Beta 4.80.4. Latest Clamd and SpamAssassin.
>>
>> Many thanks
>>
>> Rich
>>
> 
> Jules
> 
> 
> ......
> 
> I did read that, but should they be getting a spam tagged email if they
> are not being scanned in the first place?
> 
> I also have this set in MailScanner.conf - 
> 
> # Do you want to check messages to see if they are spam?
> # Note: If you switch this off then *no* spam checks will be done at
> all.
> #       This includes both MailScanner's own checks and SpamAssassin.
> #       If you want to just disable the "Spam List" feature then set
> #       "Spam List =" (i.e. an empty list) in the setting below.
> # This can also be the filename of a ruleset.
> Spam Checks = %rules-dir%/spam.scanning.rules
> 
> In this file I have - To:     default         no
> 
> 
> Then I have a list of domains that I want to scan, but the domain below
> is not in this file, so should not be scanned at all.
> 
> 
Are any of the ppl in the list in domains that are scanned?

-- 
 
This message has been scanned for viruses and
dangerous content by the San Gabriel Valley Water Co.
MailScanner, and is believed to be clean.

From richard at fastnet.co.uk  Fri May  7 09:25:10 2010
From: richard at fastnet.co.uk (Richard Mealing)
Date: Fri May  7 09:24:11 2010
Subject: White lists. {Scanned}
In-Reply-To: <4BE32C52.3060801@sgvwater.com>
References: <E6BE51A3C3EE3147947B0CBCE62442D602177A9F@fnserver02.fastnet.local><4BE2C351.4000101@ecs.soton.ac.uk>	<EMEW3|831808111d6778d928ca44d64229256bm45EPe0bMailScanner|ecs.soton.ac.uk|4BE2C351.4000101@ecs.soton.ac.uk>
	<E6BE51A3C3EE3147947B0CBCE62442D602177ABD@fnserver02.fastnet.local>
	<4BE32C52.3060801@sgvwater.com>
Message-ID: <E6BE51A3C3EE3147947B0CBCE62442D602177B33@fnserver02.fastnet.local>

Hi Scott,

-----Original Message-----
From: Scott Silva [mailto:ssilva@sgvwater.com] 
Sent: 06 May 2010 21:54
To: MailScanner discussion
Cc: Richard Mealing
Subject: Re: White lists. {Scanned}

on 5-6-2010 7:21 AM Richard Mealing spake the following:
> Hi Jules,
> 
> 
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian
> Field
> Sent: 06 May 2010 14:26
> To: MailScanner discussion
> Subject: Re: White lists.
> 
> 
> 
> On 06/05/2010 14:09, Richard Mealing wrote:
>>
>> Hi everyone,
>>
>> I've had a couple of instances where a user has sent out a mail shot, 
>> but copied themselves in and received their email back, but as spam.
>>
>> The problem is, this particular domain is not being scanned for spam, 
>> nor has the domain got a white list (we use white lists per domain in 
>> a flat file).
>>
>> I see in the logs, something like this -
>>
>> o45ID9D6093076 from 212.**.191.99 (info@thedomain.com 
>> <mailto:info@thedomain.com>) ignored whitelist, had 138 recipients
> (>20)
>>
>> May 5 19:14:45 mailfilter9 MailScanner[47546]: Message o45ID9D6093076 
>> from 212.**.191.99 (info@thedomain.com <mailto:info@thedomain.com>) to
> 
>> ..... Then all the recipients.
>>
>> It does not say anything about the email being caught as spam, nor 
>> does it say it delivered it as an attachment, I guess because they 
>> have nothing set in my forwarding rules and the domain is not in the 
>> scanning rules.
>>
>> I can tell them to send out through a non mailscanner relay server, 
>> also I have only seen this twice in the last few months. Maybe because
> 
>> it's only been reported to me twice.
>>
>> I just wondered has anyone seen anything like this before, or would 
>> you know why the sender would get their email back with the spam tag? 
>> As far as I can see the emails they sent out are fine.
>>
> Have you seen this in MailScanner.conf:
> 
> # Spammers have learnt that they can get their message through by
> sending
> # a message with lots of recipients, one of which chooses to whitelist
> # everything coming to them, including the spammer.
> # So if a message arrives with more than this number of recipients,
> ignore
> # the "Is Definitely Not Spam" whitelist.
> Ignore Spam Whitelist If Recipients Exceed = 20
> 
> ?
> 
>> I'm running FreeBSD 7.2 (all upgraded), I'm using the latest 
>> Mailscanner Beta 4.80.4. Latest Clamd and SpamAssassin.
>>
>> Many thanks
>>
>> Rich
>>
> 
> Jules
> 
> 
> ......
> 
> I did read that, but should they be getting a spam tagged email if they
> are not being scanned in the first place?
> 
> I also have this set in MailScanner.conf - 
> 
> # Do you want to check messages to see if they are spam?
> # Note: If you switch this off then *no* spam checks will be done at
> all.
> #       This includes both MailScanner's own checks and SpamAssassin.
> #       If you want to just disable the "Spam List" feature then set
> #       "Spam List =" (i.e. an empty list) in the setting below.
> # This can also be the filename of a ruleset.
> Spam Checks = %rules-dir%/spam.scanning.rules
> 
> In this file I have - To:     default         no
> 
> 
> Then I have a list of domains that I want to scan, but the domain below
> is not in this file, so should not be scanned at all.
> 
> 
Are any of the ppl in the list in domains that are scanned?

...

Maybe, I guess that would do it, there are 138 domains though so it might take me a while to get back to you..! 


-- 
 
This message has been scanned for viruses and
dangerous content by the San Gabriel Valley Water Co.
MailScanner, and is believed to be clean.



From steve.freegard at fsl.com  Fri May  7 09:28:58 2010
From: steve.freegard at fsl.com (Steve Freegard)
Date: Fri May  7 09:29:09 2010
Subject: Extracting those last drops of performance
In-Reply-To: <z2o72cf361e1005061202hd7fbff91gd65b1d6d7b0a65b@mail.gmail.com>
References: <h2s3e1809421005040944r3a381182rab0b0ea6983e1096@mail.gmail.com>	<4BE16048.50301@fsl.com>	<y2y72cf361e1005050644l108e219ah7108d22d0175c59b@mail.gmail.com>	<p2l3e1809421005051054pd4b746b7qa7df3aa85fb40541@mail.gmail.com>	<n2t72cf361e1005060046r65e925a9pbbdf34988cf69053@mail.gmail.com>	<i2j3e1809421005061021ocf7965ceh70a156f5a122f48f@mail.gmail.com>
	<z2o72cf361e1005061202hd7fbff91gd65b1d6d7b0a65b@mail.gmail.com>
Message-ID: <4BE3CF4A.4050002@fsl.com>

On 06/05/10 20:02, Martin Hepworth wrote:
> If you're doing RBL at MTA stage then make sure you turn the RBL's off
> in Spamassassin as you're only wasting cycles. Given them a zero score
> in mailscanner.cf <http://mailscanner.cf>

I disagree with this.  RBL checks in SA are not the same as doing them 
in the MTA.

The MTA is only going to check the connecting IP address; whereas SA 
will check all the IP addresses in the Received headers based on your 
configured Trust path.  That can make a big difference in a number of 
difficult to catch messages and being as the MTA will have done the 
external IP lookup - this will be in the DNS cache and will not generate 
another lookup to the RBL should SA query the same IP.

The only time it's work disabling lookups in SA is for URI checks if you 
do those in your MTA and reject based on them.  But even then I usually 
don't do this for the same reasons; DNS caching will prevent look-ups 
directly to the RBL servers and if the queue was long enough for there 
to be a delay enough for the cache entry to expire - you might get hits 
on the same lookups that failed earlier as fresher data is available.

Regards,
Steve.
From richard at fastnet.co.uk  Fri May  7 09:38:04 2010
From: richard at fastnet.co.uk (Richard Mealing)
Date: Fri May  7 09:37:02 2010
Subject: White lists. {Scanned}
References: <E6BE51A3C3EE3147947B0CBCE62442D602177A9F@fnserver02.fastnet.local><4BE2C351.4000101@ecs.soton.ac.uk>	<EMEW3|831808111d6778d928ca44d64229256bm45EPe0bMailScanner|ecs.soton.ac.uk|4BE2C351.4000101@ecs.soton.ac.uk>
	<E6BE51A3C3EE3147947B0CBCE62442D602177ABD@fnserver02.fastnet.local>
	<4BE32C52.3060801@sgvwater.com> 
Message-ID: <E6BE51A3C3EE3147947B0CBCE62442D602177B38@fnserver02.fastnet.local>

Hi Scott,


-----Original Message-----
From: Richard Mealing 
Sent: 07 May 2010 09:25
To: 'Scott Silva'; MailScanner discussion
Subject: RE: White lists. {Scanned}

Hi Scott,

-----Original Message-----
From: Scott Silva [mailto:ssilva@sgvwater.com] 
Sent: 06 May 2010 21:54
To: MailScanner discussion
Cc: Richard Mealing
Subject: Re: White lists. {Scanned}

on 5-6-2010 7:21 AM Richard Mealing spake the following:
> Hi Jules,
> 
> 
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian
> Field
> Sent: 06 May 2010 14:26
> To: MailScanner discussion
> Subject: Re: White lists.
> 
> 
> 
> On 06/05/2010 14:09, Richard Mealing wrote:
>>
>> Hi everyone,
>>
>> I've had a couple of instances where a user has sent out a mail shot, 
>> but copied themselves in and received their email back, but as spam.
>>
>> The problem is, this particular domain is not being scanned for spam, 
>> nor has the domain got a white list (we use white lists per domain in 
>> a flat file).
>>
>> I see in the logs, something like this -
>>
>> o45ID9D6093076 from 212.**.191.99 (info@thedomain.com 
>> <mailto:info@thedomain.com>) ignored whitelist, had 138 recipients
> (>20)
>>
>> May 5 19:14:45 mailfilter9 MailScanner[47546]: Message o45ID9D6093076 
>> from 212.**.191.99 (info@thedomain.com <mailto:info@thedomain.com>) to
> 
>> ..... Then all the recipients.
>>
>> It does not say anything about the email being caught as spam, nor 
>> does it say it delivered it as an attachment, I guess because they 
>> have nothing set in my forwarding rules and the domain is not in the 
>> scanning rules.
>>
>> I can tell them to send out through a non mailscanner relay server, 
>> also I have only seen this twice in the last few months. Maybe because
> 
>> it's only been reported to me twice.
>>
>> I just wondered has anyone seen anything like this before, or would 
>> you know why the sender would get their email back with the spam tag? 
>> As far as I can see the emails they sent out are fine.
>>
> Have you seen this in MailScanner.conf:
> 
> # Spammers have learnt that they can get their message through by
> sending
> # a message with lots of recipients, one of which chooses to whitelist
> # everything coming to them, including the spammer.
> # So if a message arrives with more than this number of recipients,
> ignore
> # the "Is Definitely Not Spam" whitelist.
> Ignore Spam Whitelist If Recipients Exceed = 20
> 
> ?
> 
>> I'm running FreeBSD 7.2 (all upgraded), I'm using the latest 
>> Mailscanner Beta 4.80.4. Latest Clamd and SpamAssassin.
>>
>> Many thanks
>>
>> Rich
>>
> 
> Jules
> 
> 
> ......
> 
> I did read that, but should they be getting a spam tagged email if they
> are not being scanned in the first place?
> 
> I also have this set in MailScanner.conf - 
> 
> # Do you want to check messages to see if they are spam?
> # Note: If you switch this off then *no* spam checks will be done at
> all.
> #       This includes both MailScanner's own checks and SpamAssassin.
> #       If you want to just disable the "Spam List" feature then set
> #       "Spam List =" (i.e. an empty list) in the setting below.
> # This can also be the filename of a ruleset.
> Spam Checks = %rules-dir%/spam.scanning.rules
> 
> In this file I have - To:     default         no
> 
> 
> Then I have a list of domains that I want to scan, but the domain below
> is not in this file, so should not be scanned at all.
> 
> 
Are any of the ppl in the list in domains that are scanned?

...

Maybe, I guess that would do it, there are 138 domains though so it might take me a while to get back to you..! 


-------

I am quite sure there are no domains or email addresses in my spam.scanning.rules file that were on the email in question. In the message it does not say that it is spam, it just says the line about it being white listed. 


-- 
 
This message has been scanned for viruses and
dangerous content by the San Gabriel Valley Water Co.
MailScanner, and is believed to be clean.



From jancarel.putter at gmail.com  Fri May  7 13:53:46 2010
From: jancarel.putter at gmail.com (JC Putter)
Date: Fri May  7 13:53:57 2010
Subject: Fwd: [sanesecurity_announce] Seq Fault with daily.cvd 10938
In-Reply-To: <4df707cd69966247d9fa99955063b02f.squirrel@saturn.dataflame.net>
References: <4df707cd69966247d9fa99955063b02f.squirrel@saturn.dataflame.net>
Message-ID: <h2id909d70d1005070553lcdb9ccbbg566d23063826e84f@mail.gmail.com>

FYI


Hi All,

Just a quick forwarded message from the ClamAV team regarding a seq fault
on 32bit machines older than 0.96....

----- Forwarded message ----

Dear ClamAV users,

about 15 mins ago we released daily.cvd 10938. This update apparently
caused a segmentation fault in all ClamAV versions older than 0.96
on 32 bit systems.

We just released daily.cvd 10939 which removes the faulty signature and
we have taken measures to ensure that this problem won't happen again.

We recommend using a monitor tool like clamdwatch or clamdmon to
automatically restart clamd whenever it dies.

If you are already using a similar solution, your clamd will be
restarted automatically as soon as freshclam downloads the daily.cvd
10939 update.

We apologise for the inconvenience.

Regards,
Luca Gibelli (luca _at_ clamav.net)       ClamAV, a GPL anti-virus toolkit
[Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100507/f6dc0fcb/attachment.html
From jancarel.putter at gmail.com  Fri May  7 19:04:37 2010
From: jancarel.putter at gmail.com (JC Putter)
Date: Fri May  7 19:04:47 2010
Subject: MailScanner Filename Rulesets
Message-ID: <h2yd909d70d1005071104kf431d577t5898101d86aadffc@mail.gmail.com>

Hi everyone,

is it possible to define filename rules per user or group ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100507/8017108b/attachment.html
From alex at rtpty.com  Fri May  7 19:56:41 2010
From: alex at rtpty.com (Alex Neuman)
Date: Fri May  7 19:57:05 2010
Subject: MailScanner Filename Rulesets
In-Reply-To: <h2yd909d70d1005071104kf431d577t5898101d86aadffc@mail.gmail.com>
References: <h2yd909d70d1005071104kf431d577t5898101d86aadffc@mail.gmail.com>
Message-ID: <429716713-1273258609-cardhu_decombobulator_blackberry.rim.net-1782256641-@bda942.bisx.prod.on.blackberry>

What does the line say in MailScanner.conf?

--

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex@rtpty.com

-----Original Message-----
From: JC Putter <jancarel.putter@gmail.com>
Date: Fri, 7 May 2010 20:04:37 
To: MailScanner discussion<mailscanner@lists.mailscanner.info>
Subject: MailScanner Filename Rulesets

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


From MailScanner at ecs.soton.ac.uk  Fri May  7 20:53:03 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Fri May  7 20:53:19 2010
Subject: MailScanner Filename Rulesets
In-Reply-To: <h2yd909d70d1005071104kf431d577t5898101d86aadffc@mail.gmail.com>
References: <h2yd909d70d1005071104kf431d577t5898101d86aadffc@mail.gmail.com>
	<4BE46F9F.7010204@ecs.soton.ac.uk>
Message-ID: <EMEW3|fa6775dc5465914310353e6cbdaf5931m46Kr40bMailScanner|ecs.soton.ac.uk|4BE46F9F.7010204@ecs.soton.ac.uk>

Yes, most definitely. There are examples of this in the mailing list 
archives (though that web server is down right now, I've already posted 
a support request to get it restarted) and also in the book.

I really do intend to update the book this summer!

Jules.

On 07/05/2010 19:04, JC Putter wrote:
> Hi everyone,
> is it possible to define filename rules per user or group ?

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From ecasarero at gmail.com  Fri May  7 20:57:08 2010
From: ecasarero at gmail.com (Eduardo Casarero)
Date: Fri May  7 20:57:38 2010
Subject: MailScanner Filename Rulesets
In-Reply-To: <EMEW3|fa6775dc5465914310353e6cbdaf5931m46Kr40bMailScanner|ecs.soton.ac.uk|4BE46F9F.7010204@ecs.soton.ac.uk>
References: <4BE46F9F.7010204@ecs.soton.ac.uk>
	<h2yd909d70d1005071104kf431d577t5898101d86aadffc@mail.gmail.com>
	<EMEW3|fa6775dc5465914310353e6cbdaf5931m46Kr40bMailScanner|ecs.soton.ac.uk|4BE46F9F.7010204@ecs.soton.ac.uk>
Message-ID: <t2g7d9b3cf21005071257o366595d3k4b9075fba754abcf@mail.gmail.com>

2010/5/7 Jules Field <MailScanner@ecs.soton.ac.uk>:
> Yes, most definitely. There are examples of this in the mailing list
> archives (though that web server is down right now, I've already posted a
> support request to get it restarted) and also in the book.
>
> I really do intend to update the book this summer!
>
> Jules.
>

Yes you could also write a custom function to read the values from a
mysql/sqlite.

OT: Julian today a started using conf.d/*.conf feature, and is great
for upgrades and to manage consistent configurations between servers.

Thanks for this excelent piece of software!




> On 07/05/2010 19:04, JC Putter wrote:
>>
>> Hi everyone,
>> is it possible to define filename rules per user or group ?
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
From jancarel.putter at gmail.com  Fri May  7 21:44:23 2010
From: jancarel.putter at gmail.com (JC Putter)
Date: Fri May  7 21:42:34 2010
Subject: MailScanner Filename Rulesets
In-Reply-To: <EMEW3|fa6775dc5465914310353e6cbdaf5931m46Kr40bMailScanner|ecs.soton.ac.uk|4BE46F9F.7010204@ecs.soton.ac.uk>
References: <h2yd909d70d1005071104kf431d577t5898101d86aadffc@mail.gmail.com><4BE46F9F.7010204@ecs.soton.ac.uk><EMEW3|fa6775dc5465914310353e6cbdaf5931m46Kr40bMailScanner|ecs.soton.ac.uk|4BE46F9F.7010204@ecs.soton.ac.uk>
Message-ID: <426846755-1273264939-cardhu_decombobulator_blackberry.rim.net-1073475253-@bda108.bisx.produk.on.blackberry>

Hi jules

Thanks looking forward to a updated book release!

Sent via BlackBerry

-----Original Message-----
From: Jules Field <MailScanner@ecs.soton.ac.uk>
Date: Fri, 07 May 2010 20:53:03 
To: MailScanner discussion<mailscanner@lists.mailscanner.info>
Subject: Re: MailScanner Filename Rulesets

Yes, most definitely. There are examples of this in the mailing list 
archives (though that web server is down right now, I've already posted 
a support request to get it restarted) and also in the book.

I really do intend to update the book this summer!

Jules.

On 07/05/2010 19:04, JC Putter wrote:
> Hi everyone,
> is it possible to define filename rules per user or group ?

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From zepplin at exemail.com.au  Sat May  8 01:48:35 2010
From: zepplin at exemail.com.au (George)
Date: Sat May  8 01:48:52 2010
Subject: MailScanner Filename Rulesets
In-Reply-To: <EMEW3|fa6775dc5465914310353e6cbdaf5931m46Kr40bMailScanner|ecs.soton.ac.uk|4BE46F9F.7010204@ecs.soton.ac.uk>
References: <h2yd909d70d1005071104kf431d577t5898101d86aadffc@mail.gmail.com>	<4BE46F9F.7010204@ecs.soton.ac.uk>
	<EMEW3|fa6775dc5465914310353e6cbdaf5931m46Kr40bMailScanner|ecs.soton.ac.uk|4BE46F9F.7010204@ecs.soton.ac.uk>
Message-ID: <4BE4B4E3.8080508@exemail.com.au>

An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100508/7b7a34b8/attachment.html
From ngoc5593 at yahoo.com  Sat May  8 09:43:48 2010
From: ngoc5593 at yahoo.com (le minh ngoc)
Date: Sat May  8 09:43:57 2010
Subject: i want to pause receive mail
In-Reply-To: <7739136.55.1270543563432.JavaMail.root@office.splatnix.net>
Message-ID: <236458.11152.qm@web53104.mail.re2.yahoo.com>

yes, i sure.?please help me.
Bgrs!

--- On Tue, 4/6/10, --[ UxBoD ]-- <uxbod@splatnix.net> wrote:

From: --[ UxBoD ]-- <uxbod@splatnix.net>
Subject: Re: i want to pause receive mail
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Date: Tuesday, April 6, 2010, 4:46 AM

#yiv207092613 p {margin:0;}

Dear all,
I would like to pause receive email form members of forumplease help me, because i receive so many email that i don't have free time to read them
Brgs!Le Minh Ngoc.?


--- On Sun, 3/28/10, Dave Jones <davejones70@gmail.com> wrote:

From: Dave Jones <davejones70@gmail.com>
Subject: Re: MCP notifications when blocking
To: mailscanner@lists.mailscanner.info
Date: Sunday, March 28, 2010, 3:02 PM

On 25 March 2010 03:27, Michael Mansour <micoots@yahoo.com>
 wrote:> Hi,>> I have MCP enabled for a couple of domains.>
> One of them has asked that:>> 1. emails "From" their domain that trigger an MCP block, generates a "notice">> 2. that the notice goes to an email address they've provided
>> Obviously so they can see if the message blocked from them by MCP is valid or not.>> I've spent quite some time trying to figure out how to do this but am not sure.
>> Anyone have any suggestions?>> Michael.>
I have the same issue as Michael. ?I would like to replace the MCPfunctionality with "SpamAssassin Rule Actions" with SA meta rules
but I haven't found a way to send the recipient the report template%report-dir%/recipient.mcp.report.txt. ?The users would get confusedwith the "notify" spam message and not know it was blocked
because of profanity or racial wording.
I asked this same question last year but didn't get any answers.
Has anyone found a way to do action "notify" to mimic the MCP
"Recipient MCP Report"? ?If not, maybe this could be an enhancementrequest for a new action like "notify-mcp"?
Dave?

-----Inline Attachment Follows-----


Are you sure you are asking on the correct mailling-list ?

-- 
Thanks, Phil

-----Inline Attachment Follows-----

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100508/cf9d5aee/attachment.html
From noel.butler at ausics.net  Sat May  8 22:33:31 2010
From: noel.butler at ausics.net (Noel Butler)
Date: Sat May  8 22:33:49 2010
Subject: watermark and spam
Message-ID: <1273354411.7636.14.camel@tardis>

Skipped content of type multipart/alternative-------------- next part --------------
A non-text attachment was scrubbed...
Name: stock_smiley-1.png
Type: image/png
Size: 873 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100509/c066cc40/stock_smiley-1.png
From J.Ede at birchenallhowden.co.uk  Sun May  9 17:05:18 2010
From: J.Ede at birchenallhowden.co.uk (Jason Ede)
Date: Sun May  9 17:06:01 2010
Subject: watermark and spam
In-Reply-To: <1273354411.7636.14.camel@tardis>
References: <1273354411.7636.14.camel@tardis>
Message-ID: <1213490F1F316842A544A850422BFA9635C5C723AB@BHLSBS.bhl.local>

Skipped content of type multipart/alternative-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 873 bytes
Desc: image001.png
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100509/ec9e0178/image001.png
From noel.butler at ausics.net  Sun May  9 23:57:00 2010
From: noel.butler at ausics.net (Noel Butler)
Date: Sun May  9 23:57:38 2010
Subject: watermark and spam
In-Reply-To: <1213490F1F316842A544A850422BFA9635C5C723AB@BHLSBS.bhl.local>
References: <1273354411.7636.14.camel@tardis>
	<1213490F1F316842A544A850422BFA9635C5C723AB@BHLSBS.bhl.local>
Message-ID: <1273445820.7885.9.camel@tardis>

Skipped content of type multipart/alternative-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 873 bytes
Desc: image001.png
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100510/6beeca6a/image001.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: stock_smiley-1.png
Type: image/png
Size: 873 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100510/6beeca6a/stock_smiley-1.png
From rob at poeweb.com  Mon May 10 00:17:08 2010
From: rob at poeweb.com (Rob Poe)
Date: Mon May 10 00:17:18 2010
Subject: Weird Archiving Need
In-Reply-To: <4BD001EC.70906@poeweb.com>
References: <4BCFB2EB.6050300@poeweb.com> <4BCFF869.50308@farrows.org>
	<4BD001EC.70906@poeweb.com>
Message-ID: <4BE74274.7020808@poeweb.com>

By the way, I asked originally if the first example would work.  It did, 
though then the client re-considered and we're doing it a different way now.

>>> I have a client who gets email from a certain domain name (in this 
>>> case we'll call the sending domain valuedclient.com).  They want ** 
>>> ANY ** email that comes in from that domain to be forwarded to a 
>>> certain distribution group (in this case, they're using sendmail 
>>> aliases file to define the group).
>>>
>>> Could I set up the email archiving, then do a rule such as
>>>
>>> From: @valuedclient.com    sendmailalias
>>> FromOrTo: default
>>>
>>> Would that work out?
>> If you are using sendmail:
>>
>> Either:
>> Install the sendmail milter sm-archive, this will allow you the 
>> branch the email to any subequent email address you like.
>>
>> Alternatively, add the domain the the mailscanner's local-host-names 
>> in /etc/mail/
>>
>> and add an entry in the virtusertable that says:
>>
>> @valuedclient.com            otheraddress@somewhereelse.com
>>
>
From rob at poeweb.com  Mon May 10 00:23:34 2010
From: rob at poeweb.com (Rob Poe)
Date: Mon May 10 00:23:45 2010
Subject: Spam
Message-ID: <4BE743F6.2040600@poeweb.com>

I have a user who doesn't trust spam scanning, as he receives many 
emails per day that LOOK very spammy to SpamAssassin, but are really 
market data news analysis, so right now we're skipping EVERYTHING for him.

I'd like to see if there's a way to go ahead and SCAN it, put the score 
into the header, and then pass it along unimpeded - just for him, 
everyone else we're storing it for.

Any thoughts?
From mikael at syska.dk  Mon May 10 00:25:14 2010
From: mikael at syska.dk (Mikael Syska)
Date: Mon May 10 00:25:27 2010
Subject: watermark and spam
In-Reply-To: <1273445820.7885.9.camel@tardis>
References: <1273354411.7636.14.camel@tardis>
	<1213490F1F316842A544A850422BFA9635C5C723AB@BHLSBS.bhl.local>
	<1273445820.7885.9.camel@tardis>
Message-ID: <z2x6beca9db1005091625sba3e5e9fj9fa432166d0e2632@mail.gmail.com>

Skipped content of type multipart/alternative-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 873 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100510/e78d1f08/attachment.png
From noel.butler at ausics.net  Mon May 10 05:13:30 2010
From: noel.butler at ausics.net (Noel Butler)
Date: Mon May 10 05:13:49 2010
Subject: watermark and spam
In-Reply-To: <z2x6beca9db1005091625sba3e5e9fj9fa432166d0e2632@mail.gmail.com>
References: <1273354411.7636.14.camel@tardis>
	<1213490F1F316842A544A850422BFA9635C5C723AB@BHLSBS.bhl.local>
	<1273445820.7885.9.camel@tardis>
	<z2x6beca9db1005091625sba3e5e9fj9fa432166d0e2632@mail.gmail.com>
Message-ID: <1273464810.8048.12.camel@tardis>

On Mon, 2010-05-10 at 01:25 +0200, Mikael Syska wrote:

>         


> 
> 
> Does the average user even check that mail could be miss tagged, our
> average users don't.
> 


We have many that do, mostly corporate clients that inquire about it,
but if it happens to corporate clients enough to concern them, the
affect must be global and those home users must be  bothered as well.
I modified our internal blurb to advise people on it long time ago, but
thats not fixing the root cause, its only working around it, something
im not fond of in any situation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100510/e0392a4b/attachment.html
From ms-list at alexb.ch  Mon May 10 06:22:08 2010
From: ms-list at alexb.ch (Alex Broens)
Date: Mon May 10 06:22:20 2010
Subject: Spam
In-Reply-To: <4BE743F6.2040600@poeweb.com>
References: <4BE743F6.2040600@poeweb.com>
Message-ID: <4BE79800.8010309@alexb.ch>

On 2010-05-10 1:23, Rob Poe wrote:
> I have a user who doesn't trust spam scanning, as he receives many 
> emails per day that LOOK very spammy to SpamAssassin, but are really 
> market data news analysis, so right now we're skipping EVERYTHING for him.
> 
> I'd like to see if there's a way to go ahead and SCAN it, put the score 
> into the header, and then pass it along unimpeded - just for him, 
> everyone else we're storing it for.
> 
> Any thoughts?


iirc, using a all_spam_to rule in SA should do the trick

h2h

Alex
From MailScanner at ecs.soton.ac.uk  Mon May 10 08:51:47 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Mon May 10 08:52:01 2010
Subject: watermark and spam
In-Reply-To: <1273464810.8048.12.camel@tardis>
References: <1273354411.7636.14.camel@tardis>	<1213490F1F316842A544A850422BFA9635C5C723AB@BHLSBS.bhl.local>	<1273445820.7885.9.camel@tardis>	<z2x6beca9db1005091625sba3e5e9fj9fa432166d0e2632@mail.gmail.com>
	<1273464810.8048.12.camel@tardis>
	<4BE7BB13.4060400@ecs.soton.ac.uk>
Message-ID: <EMEW3|d6e2604a222f4b59e101bb388ded7f2dm498pn0bMailScanner|ecs.soton.ac.uk|4BE7BB13.4060400@ecs.soton.ac.uk>



On 10/05/2010 05:13, Noel Butler wrote:
> On Mon, 2010-05-10 at 01:25 +0200, Mikael Syska wrote:
>>
>> Does the average user even check that mail could be miss tagged, our 
>> average users don't.
>>
>
> We have many that do, mostly corporate clients that inquire about it, 
> but if it happens to corporate clients enough to concern them, the 
> affect must be global and those home users must be  bothered as well.
> I modified our internal blurb to advise people on it long time ago, 
> but thats not fixing the root cause, its only working around it, 
> something im not fond of in any situation. 
So how would you like it to work and how does that differ from what it 
does now? And in *exactly* what circumstances do you want the change?

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Mon May 10 08:53:10 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Mon May 10 08:53:28 2010
Subject: Spam
In-Reply-To: <4BE743F6.2040600@poeweb.com>
References: <4BE743F6.2040600@poeweb.com>
 <4BE7BB66.8090104@ecs.soton.ac.uk>
Message-ID: <EMEW3|cf561ebdce007989396bc5482f3d44ffm498rD0bMailScanner|ecs.soton.ac.uk|4BE7BB66.8090104@ecs.soton.ac.uk>



On 10/05/2010 00:23, Rob Poe wrote:
> I have a user who doesn't trust spam scanning, as he receives many 
> emails per day that LOOK very spammy to SpamAssassin, but are really 
> market data news analysis, so right now we're skipping EVERYTHING for 
> him.
>
> I'd like to see if there's a way to go ahead and SCAN it, put the 
> score into the header, and then pass it along unimpeded - just for 
> him, everyone else we're storing it for.
A ruleset on "Spam Actions" and "High-Scoring Spam Actions" would do the 
trick very easily.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From J.Ede at birchenallhowden.co.uk  Mon May 10 10:06:27 2010
From: J.Ede at birchenallhowden.co.uk (Jason Ede)
Date: Mon May 10 10:06:45 2010
Subject: watermark and spam
In-Reply-To: <EMEW3|d6e2604a222f4b59e101bb388ded7f2dm498pn0bMailScanner|ecs.soton.ac.uk|4BE7BB13.4060400@ecs.soton.ac.uk>
References: <1273354411.7636.14.camel@tardis>
	<1213490F1F316842A544A850422BFA9635C5C723AB@BHLSBS.bhl.local>
	<1273445820.7885.9.camel@tardis>
	<z2x6beca9db1005091625sba3e5e9fj9fa432166d0e2632@mail.gmail.com>
	<1273464810.8048.12.camel@tardis>	<4BE7BB13.4060400@ecs.soton.ac.uk>
	<EMEW3|d6e2604a222f4b59e101bb388ded7f2dm498pn0bMailScanner|ecs.soton.ac.uk|4BE7BB13.4060400@ecs.soton.ac.uk>
Message-ID: <1213490F1F316842A544A850422BFA9635C5C723BE@BHLSBS.bhl.local>


> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Julian Field
> Sent: 10 May 2010 08:52
> To: MailScanner discussion
> Subject: Re: watermark and spam
> 
> 
> 
> On 10/05/2010 05:13, Noel Butler wrote:
> > On Mon, 2010-05-10 at 01:25 +0200, Mikael Syska wrote:
> >>
> >> Does the average user even check that mail could be miss tagged, our
> >> average users don't.
> >>
> >
> > We have many that do, mostly corporate clients that inquire about it,
> > but if it happens to corporate clients enough to concern them, the
> > affect must be global and those home users must be  bothered as well.
> > I modified our internal blurb to advise people on it long time ago,
> > but thats not fixing the root cause, its only working around it,
> > something im not fond of in any situation.
> So how would you like it to work and how does that differ from what it
> does now? And in *exactly* what circumstances do you want the change?
> 
> Jules

Would it be possible for the action on failing the watermark check be to add a header to the email (maybe even customisable header) instead of other actions and then we can just put a SA rule in with a detailed description that will go into the main spam report?

Jason
From noel.butler at ausics.net  Mon May 10 12:30:59 2010
From: noel.butler at ausics.net (Noel Butler)
Date: Mon May 10 12:31:20 2010
Subject: watermark and spam
In-Reply-To: <EMEW3|d6e2604a222f4b59e101bb388ded7f2dm498pn0bMailScanner|ecs.soton.ac.uk|4BE7BB13.4060400@ecs.soton.ac.uk>
References: <1273354411.7636.14.camel@tardis>
	<1213490F1F316842A544A850422BFA9635C5C723AB@BHLSBS.bhl.local>
	<1273445820.7885.9.camel@tardis>
	<z2x6beca9db1005091625sba3e5e9fj9fa432166d0e2632@mail.gmail.com>
	<1273464810.8048.12.camel@tardis> <4BE7BB13.4060400@ecs.soton.ac.uk>
	<EMEW3|d6e2604a222f4b59e101bb388ded7f2dm498pn0bMailScanner|ecs.soton.ac.uk|4BE7BB13.4060400@ecs.soton.ac.uk>
Message-ID: <1273491059.8747.2.camel@tardis>

On Mon, 2010-05-10 at 08:51 +0100, Julian Field wrote:

> 
> On 10/05/2010 05:13, Noel Butler wrote:
> > On Mon, 2010-05-10 at 01:25 +0200, Mikael Syska wrote:
> >>
> >> Does the average user even check that mail could be miss tagged, our 
> >> average users don't.
> >>
> >
> > We have many that do, mostly corporate clients that inquire about it, 
> > but if it happens to corporate clients enough to concern them, the 
> > affect must be global and those home users must be  bothered as well.
> > I modified our internal blurb to advise people on it long time ago, 
> > but thats not fixing the root cause, its only working around it, 
> > something im not fond of in any situation. 
> So how would you like it to work and how does that differ from what it 
> does now? And in *exactly* what circumstances do you want the change?
> 

perhaps an entry in the spam report that says the same as the hidden
header?
I don't think it needs a score, just an entry saying why it was deemed
as spam, what do you think ?


Cheers


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100510/a4d1e4a9/attachment.html
From maxsec at gmail.com  Mon May 10 12:58:28 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Mon May 10 12:58:38 2010
Subject: Spam
In-Reply-To: <EMEW3|cf561ebdce007989396bc5482f3d44ffm498rD0bMailScanner|ecs.soton.ac.uk|4BE7BB66.8090104@ecs.soton.ac.uk>
References: <4BE7BB66.8090104@ecs.soton.ac.uk> <4BE743F6.2040600@poeweb.com>
	<EMEW3|cf561ebdce007989396bc5482f3d44ffm498rD0bMailScanner|ecs.soton.ac.uk|4BE7BB66.8090104@ecs.soton.ac.uk>
Message-ID: <AANLkTimwIpVsJGyIvygmHj1YPIbttxh19VrDEoolWIRQ@mail.gmail.com>

Also combine that with the last line(s) from

http://wiki.mailscanner.info/doku.php?id=maq:index&s=always%20include#getting_the_best_out_of_spamassassin

to always add the detailed spam score to the emails.

Martin

On 10 May 2010 08:53, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:

>
>
> On 10/05/2010 00:23, Rob Poe wrote:
>
>> I have a user who doesn't trust spam scanning, as he receives many emails
>> per day that LOOK very spammy to SpamAssassin, but are really market data
>> news analysis, so right now we're skipping EVERYTHING for him.
>>
>> I'd like to see if there's a way to go ahead and SCAN it, put the score
>> into the header, and then pass it along unimpeded - just for him, everyone
>> else we're storing it for.
>>
> A ruleset on "Spam Actions" and "High-Scoring Spam Actions" would do the
> trick very easily.
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



-- 
Martin Hepworth
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100510/810c7d46/attachment.html
From J.Ede at birchenallhowden.co.uk  Mon May 10 13:12:43 2010
From: J.Ede at birchenallhowden.co.uk (Jason Ede)
Date: Mon May 10 13:13:02 2010
Subject: watermark and spam
In-Reply-To: <1273491059.8747.2.camel@tardis>
References: <1273354411.7636.14.camel@tardis>
	<1213490F1F316842A544A850422BFA9635C5C723AB@BHLSBS.bhl.local>
	<1273445820.7885.9.camel@tardis>
	<z2x6beca9db1005091625sba3e5e9fj9fa432166d0e2632@mail.gmail.com>
	<1273464810.8048.12.camel@tardis> <4BE7BB13.4060400@ecs.soton.ac.uk>
	<EMEW3|d6e2604a222f4b59e101bb388ded7f2dm498pn0bMailScanner|ecs.soton.ac.uk|4BE7BB13.4060400@ecs.soton.ac.uk>
	<1273491059.8747.2.camel@tardis>
Message-ID: <1213490F1F316842A544A850422BFA9635C5C723ED@BHLSBS.bhl.local>

From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Noel Butler
Sent: 10 May 2010 12:31
To: mailscanner@lists.mailscanner.info
Subject: Re: watermark and spam

On Mon, 2010-05-10 at 08:51 +0100, Julian Field wrote:





On 10/05/2010 05:13, Noel Butler wrote:

> On Mon, 2010-05-10 at 01:25 +0200, Mikael Syska wrote:

>>

>> Does the average user even check that mail could be miss tagged, our

>> average users don't.

>>

>

> We have many that do, mostly corporate clients that inquire about it,

> but if it happens to corporate clients enough to concern them, the

> affect must be global and those home users must be  bothered as well.

> I modified our internal blurb to advise people on it long time ago,

> but thats not fixing the root cause, its only working around it,

> something im not fond of in any situation.

So how would you like it to work and how does that differ from what it

does now? And in *exactly* what circumstances do you want the change?


perhaps an entry in the spam report that says the same as the hidden header?
I don't think it needs a score, just an entry saying why it was deemed as spam, what do you think ?


Cheers


That is what happens already. The watermark state is added to the SA header, but if you put a score in for the action of failing the watermark check (i.e. +3) then the SA report in the email all the scores added up are 3 less than the total reported, which is causing confusion.

Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100510/7955cea0/attachment.html
From btj at havleik.no  Mon May 10 20:59:32 2010
From: btj at havleik.no (=?ISO-8859-1?Q?Bj=F8rn?= T Johansen)
Date: Mon May 10 21:00:21 2010
Subject: Attempt to hide real filename extension?
Message-ID: <20100510215932.58863a16@pennywise.havleik.no>

How dangerous is this now? I get a lot of mails blocked because of this rule, do I need it?
If not, what is the best way to relax this rule?



Regards,

BTJ

-- 
-----------------------------------------------------------------------------------------------
Bj?rn T Johansen

btj@havleik.no
-----------------------------------------------------------------------------------------------
Someone wrote:
"I understand that if you play a Windows CD backwards you hear strange Satanic messages"
To which someone replied:
"It's even worse than that; play it forwards and it installs Windows"
-----------------------------------------------------------------------------------------------
From MailScanner at ecs.soton.ac.uk  Mon May 10 21:25:56 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Mon May 10 21:26:13 2010
Subject: Attempt to hide real filename extension?
In-Reply-To: <20100510215932.58863a16@pennywise.havleik.no>
References: <20100510215932.58863a16@pennywise.havleik.no>
	<4BE86BD4.8040906@ecs.soton.ac.uk>
Message-ID: <EMEW3|07e0756e0748f21863f259b662cdd636m49LPw0bMailScanner|ecs.soton.ac.uk|4BE86BD4.8040906@ecs.soton.ac.uk>

On 10/05/2010 20:59, Bj?rn T Johansen wrote:
> How dangerous is this now? I get a lot of mails blocked because of this rule, do I need it?
>    
I certainly wouldn't remove it from my system. But then I'm likely to be 
biased :-)
> If not, what is the best way to relax this rule?
>    
You can just comment it out or delete it from filename.rules.conf and 
the "archives.filename.rules.conf" equivalent if you have one. Then 
"service MailScanner reload" to force it to re-read its configuration files.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From ecasarero at gmail.com  Mon May 10 21:31:22 2010
From: ecasarero at gmail.com (Eduardo Casarero)
Date: Mon May 10 21:31:53 2010
Subject: is this an small bug in the conf reading secuence?
Message-ID: <AANLkTim8Srw3V86kgIRmnoxLggzs4XIVbodjWmeP00fX@mail.gmail.com>

I was just testing conf.d directory to avoid MailScanner.conf edition and i
had a rare scenario.

Its possible that MailScanner reads:

1.- MailScanner.conf
2.- ./conf.d/custom-config.conf
*3.- ./conf.d/custom-config.conf~*
*
*
As far as i tested MailScanner also read vim's temp file just like any .conf
file.

I know that it has a simple workaround just delete the temp file. But i want
to report this in case its a simple regex edition.

Just to explain why a temp file is different than the original one is
because i copied the file from a backup and i got differences between them,
and as it is shown in the secuence the temp file configs where the last read
by MS.

Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100510/61329414/attachment.html
From noel.butler at ausics.net  Mon May 10 23:31:14 2010
From: noel.butler at ausics.net (Noel Butler)
Date: Mon May 10 23:31:33 2010
Subject: watermark and spam
In-Reply-To: <1213490F1F316842A544A850422BFA9635C5C723ED@BHLSBS.bhl.local>
References: <1273354411.7636.14.camel@tardis>
	<1213490F1F316842A544A850422BFA9635C5C723AB@BHLSBS.bhl.local>
	<1273445820.7885.9.camel@tardis>
	<z2x6beca9db1005091625sba3e5e9fj9fa432166d0e2632@mail.gmail.com>
	<1273464810.8048.12.camel@tardis> <4BE7BB13.4060400@ecs.soton.ac.uk>
	<EMEW3|d6e2604a222f4b59e101bb388ded7f2dm498pn0bMailScanner|ecs.soton.ac.uk|4BE7BB13.4060400@ecs.soton.ac.uk>
	<1273491059.8747.2.camel@tardis>
	<1213490F1F316842A544A850422BFA9635C5C723ED@BHLSBS.bhl.local>
Message-ID: <1273530674.7581.10.camel@tardis>

On Mon, 2010-05-10 at 13:12 +0100, Jason Ede wrote:
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Noel
> Butler
> Sent: 10 May 2010 12:31
> To: mailscanner@lists.mailscanner.info
> Subject: Re: watermark and spam
> 
> 
> 
>  
> 
> On Mon, 2010-05-10 at 08:51 +0100, Julian Field wrote: 
> 
> 
>  
>  
> On 10/05/2010 05:13, Noel Butler wrote:
> > On Mon, 2010-05-10 at 01:25 +0200, Mikael Syska wrote:
> >> 
> >> Does the average user even check that mail could be miss tagged, our 
> >> average users don't.
> >> 
> > 
> > We have many that do, mostly corporate clients that inquire about it, 
> > but if it happens to corporate clients enough to concern them, the 
> > affect must be global and those home users must be  bothered as well.
> > I modified our internal blurb to advise people on it long time ago, 
> > but thats not fixing the root cause, its only working around it, 
> > something im not fond of in any situation. 
> So how would you like it to work and how does that differ from what it 
> does now? And in *exactly* what circumstances do you want the change?
>  
> 
> 
> perhaps an entry in the spam report that says the same as the hidden
> header?
> I don't think it needs a score, just an entry saying why it was deemed
> as spam, what do you think ?
> 
> 
> Cheers
> 
> 
> 
>  
> 
> That is what happens already. The watermark state is added to the SA
> header, but if you put a score in for the action of failing the
> watermark check (i.e. +3) then the SA report in the email all the
> scores added up are 3 less than the total reported, which is causing
> confusion.
> 
>  


Jason, I don't know what email client you're using but it has zero
quoting sections in evolution making it difficult to know who said
what..

It appears you're right, we have it marking as "spam" we will change
that to a score value, It has been many years since I read the comments
in the conf files, I guess a lot has changed,  but it remains a point
that something I guess needs to be addressed  for all the others who
just use the "spam" option in that setting, anyway that's all I have to
say on the mater now.


Cheers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100511/868f4670/attachment.html
From elec.arun at gmail.com  Tue May 11 11:09:35 2010
From: elec.arun at gmail.com (arun gupta)
Date: Tue May 11 11:09:44 2010
Subject: regarding training of ham and spam to spamassassin
Message-ID: <AANLkTikl1vxOUn5dBSrAcA5pJUfntsPhho4dIQcjpBsK@mail.gmail.com>

Dear
Sir,



I am using MailScanner-4.69 and SpamAssassin version 3.2.4, when
I

received any spam mail and MailScanner not able to caught as spam, then
I

teach manually through 'sa-learn' command, but it does not teach as
spam

immediately, it takes 2 to 3 days, please help me regarding the
same.





Regards,



Arun Kumar
Gupta

INDIA

=========================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100511/fdfaedc2/attachment.html
From ram at netcore.co.in  Tue May 11 12:24:17 2010
From: ram at netcore.co.in (ram)
Date: Tue May 11 12:24:34 2010
Subject: regarding training of ham and spam to spamassassin
In-Reply-To: <AANLkTikl1vxOUn5dBSrAcA5pJUfntsPhho4dIQcjpBsK@mail.gmail.com>
References: <AANLkTikl1vxOUn5dBSrAcA5pJUfntsPhho4dIQcjpBsK@mail.gmail.com>
Message-ID: <1273577057.13098.55.camel@darkstar.netcore.co.in>


On Tue, 2010-05-11 at 15:39 +0530, arun gupta wrote:
> Dear
> Sir,                                                                                                                                                                                                      
>                                                                                                                                                                                                                
> I am using MailScanner-4.69 and SpamAssassin version 3.2.4, when
> I                                                                                                                                             
> received any spam mail and MailScanner not able to caught as spam,
> then
> I                                                                                                                                      
> teach manually through 'sa-learn' command, but it does not teach as
> spam                                                                                                                                       
> immediately, it takes 2 to 3 days, please help me regarding the
> same.                                                                                                                                          
>  


Arun,

Firstly, You should upgrade your SA version. The newer SA is definitely
a lot better.

Also sa-learn is no magic bullet. This can only feed your spams to
bayes.  If the spam is still skipping through you might have to check
the actual rules. 

Post a full spam on a pastebin and refer it here . 
You might get some useful inputs on what to check. 





Thanks
Ram








From nsnidanko at harperpowerproducts.com  Tue May 11 13:47:14 2010
From: nsnidanko at harperpowerproducts.com (Naz Snidanko)
Date: Tue May 11 13:47:27 2010
Subject: regarding training of ham and spam to spamassassin
Message-ID: <9453A32CAC9FFB4D8F59285E34B6A5062669@hotc_exch.harperotc.com>

Hi Arun,

 

Spamassassin starts using bayes database after you "feed" it over 200
Spam and 200 Ham emails.

 

To check if bayes are working please run the following command:

 

spamassassin -lint -D

 

And look for the following that will say something along these lines:

 

 [11363] dbg: bayes: not available for scanning, only 105 ham(s) in
bayes DB < 200

 

Regards,

Naz Snidanko

Desktop & Network Support

Harper Power Products Inc.

(p) 416 201- 7506

nsnidanko@harperpowerproducts.com

 

 

Please note: 

For any IT Support requests we kindly ask that you contact us by
emailing us at itsupport@harperpowerproducts.com.  This allows for any
of our available IT Support members to serve you and allows for better
tracking of IT Support requests.  Should you not have the ability to
email please call IT Support at 416-201-7585 or locally at extension
585.  We do receive a high volume of requests so we ask for your
patience.  We thank you for your co-operation.

Regards,

IT Dept.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100511/f5ded1e7/attachment.html
From timb at vwg.com  Tue May 11 20:03:20 2010
From: timb at vwg.com (Timothy Barhorst)
Date: Tue May 11 20:03:40 2010
Subject: Attempt to hide real filename extension?
References: <20100510215932.58863a16@pennywise.havleik.no><4BE86BD4.8040906@ecs.soton.ac.uk>
	<EMEW3|07e0756e0748f21863f259b662cdd636m49LPw0bMailScanner|ecs.soton.ac.uk|4BE86BD4.8040906@ecs.soton.ac.uk>
Message-ID: <CF8DBC2C66EC8746AC611079160EC6520CDD9039@cms.hq.vwg.com>

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jules Field
Sent: Monday, May 10, 2010 4:26 PM
To: MailScanner discussion
Subject: Re: Attempt to hide real filename extension?

On 10/05/2010 20:59, Bj?rn T Johansen wrote:
>> How dangerous is this now? I get a lot of mails blocked because of this rule, do I need it?
>>    
I certainly wouldn't remove it from my system. But then I'm likely to be 
biased :-)
>> If not, what is the best way to relax this rule?
>>   

 
>You can just comment it out or delete it from filename.rules.conf and 
>the "archives.filename.rules.conf" equivalent if you have one. Then 
>"service MailScanner reload" to force it to re-read its configuration files.

>Jules

What would the preferred method be to allow double or triple extensions through for just a particular domain?


 



-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


From MailScanner at ecs.soton.ac.uk  Tue May 11 20:18:23 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Tue May 11 20:18:40 2010
Subject: Attempt to hide real filename extension?
In-Reply-To: <CF8DBC2C66EC8746AC611079160EC6520CDD9039@cms.hq.vwg.com>
References: <20100510215932.58863a16@pennywise.havleik.no><4BE86BD4.8040906@ecs.soton.ac.uk>	<EMEW3|07e0756e0748f21863f259b662cdd636m49LPw0bMailScanner|ecs.soton.ac.uk|4BE86BD4.8040906@ecs.soton.ac.uk>
	<CF8DBC2C66EC8746AC611079160EC6520CDD9039@cms.hq.vwg.com>
	<4BE9AD7F.1090805@ecs.soton.ac.uk>
Message-ID: <EMEW3|76e7a4812100ac1fff9a4b74de9e88a5m4AKIR0bMailScanner|ecs.soton.ac.uk|4BE9AD7F.1090805@ecs.soton.ac.uk>



On 11/05/2010 20:03, Timothy Barhorst wrote:
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jules Field
> Sent: Monday, May 10, 2010 4:26 PM
> To: MailScanner discussion
> Subject: Re: Attempt to hide real filename extension?
>
> On 10/05/2010 20:59, Bj?rn T Johansen wrote:
>    
>>> How dangerous is this now? I get a lot of mails blocked because of this rule, do I need it?
>>>
>>>        
> I certainly wouldn't remove it from my system. But then I'm likely to be
> biased :-)
>    
>>> If not, what is the best way to relax this rule?
>>>
>>>        
>
>    
>> You can just comment it out or delete it from filename.rules.conf and
>> the "archives.filename.rules.conf" equivalent if you have one. Then
>> "service MailScanner reload" to force it to re-read its configuration files.
>>      
>    
>> Jules
>>      
> What would the preferred method be to allow double or triple extensions through for just a particular domain?
>    
You make a ruleset on the Filename Rules setting, and have that domain 
use a different filename.rules.conf file.
There are plenty of examples of this in the book and the mailing list 
archives, it's a very common question.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From ecasarero at gmail.com  Tue May 11 20:41:59 2010
From: ecasarero at gmail.com (Eduardo Casarero)
Date: Tue May 11 20:42:31 2010
Subject: How is used phishing.bad.emails.conf by default?
Message-ID: <AANLkTinpa1d0RGQhdVOP-SenFXpEX0P4kYRGJZM7zQbC@mail.gmail.com>

The list phishing.bad.emails.conf is used by mailscanner in the phishing
engine? Because i only saw defined the sites lists.

Should i use this list in the blacklist? or how do you recomend to use it?

thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100511/4e84bcdb/attachment.html
From MailScanner at ecs.soton.ac.uk  Tue May 11 20:54:05 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Tue May 11 20:54:21 2010
Subject: How is used phishing.bad.emails.conf by default?
In-Reply-To: <AANLkTinpa1d0RGQhdVOP-SenFXpEX0P4kYRGJZM7zQbC@mail.gmail.com>
References: <AANLkTinpa1d0RGQhdVOP-SenFXpEX0P4kYRGJZM7zQbC@mail.gmail.com>
	<4BE9B5DD.1020601@ecs.soton.ac.uk>
Message-ID: <EMEW3|30fa602c97bc7923c3f570095ee0a1d9m4AKs70bMailScanner|ecs.soton.ac.uk|4BE9B5DD.1020601@ecs.soton.ac.uk>

It's used by ScamNailer for starters. I wanted to put it in the same 
place as the MailScanner files go so that I don't start putting all 
sorts of things in random places, when the projects are closely related.

On 11/05/2010 20:41, Eduardo Casarero wrote:
> The list phishing.bad.emails.conf is used by mailscanner in the 
> phishing engine? Because i only saw defined the sites lists.
>
> Should i use this list in the blacklist? or how do you recomend to use it?
>
> thanks!

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From ecasarero at gmail.com  Tue May 11 20:58:24 2010
From: ecasarero at gmail.com (Eduardo Casarero)
Date: Tue May 11 20:58:56 2010
Subject: How is used phishing.bad.emails.conf by default?
In-Reply-To: <EMEW3|30fa602c97bc7923c3f570095ee0a1d9m4AKs70bMailScanner|ecs.soton.ac.uk|4BE9B5DD.1020601@ecs.soton.ac.uk>
References: <4BE9B5DD.1020601@ecs.soton.ac.uk>
	<AANLkTinpa1d0RGQhdVOP-SenFXpEX0P4kYRGJZM7zQbC@mail.gmail.com> 
	<EMEW3|30fa602c97bc7923c3f570095ee0a1d9m4AKs70bMailScanner|ecs.soton.ac.uk|4BE9B5DD.1020601@ecs.soton.ac.uk>
Message-ID: <AANLkTilFNTnouYfpoL5I_Ifj07DR7JgKK4YC8vp6SSrm@mail.gmail.com>

2010/5/11 Jules Field <MailScanner@ecs.soton.ac.uk>

> It's used by ScamNailer for starters. I wanted to put it in the same place
> as the MailScanner files go so that I don't start putting all sorts of
> things in random places, when the projects are closely related.
>
>
Thanks for the info!


>
> On 11/05/2010 20:41, Eduardo Casarero wrote:
>
>> The list phishing.bad.emails.conf is used by mailscanner in the phishing
>> engine? Because i only saw defined the sites lists.
>>
>> Should i use this list in the blacklist? or how do you recomend to use it?
>>
>> thanks!
>>
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100511/57859a62/attachment.html
From Ron.Ghetti at town.barnstable.ma.us  Tue May 11 22:31:53 2010
From: Ron.Ghetti at town.barnstable.ma.us (Ghetti, Ron)
Date: Tue May 11 22:36:41 2010
Subject: Mail Servers
References: <20100510215932.58863a16@pennywise.havleik.no><4BE86BD4.8040906@ecs.soton.ac.uk><EMEW3|07e0756e0748f21863f259b662cdd636m49LPw0bMailScanner|ecs.soton.ac.uk|4BE86BD4.8040906@ecs.soton.ac.uk>
	<CF8DBC2C66EC8746AC611079160EC6520CDD9039@cms.hq.vwg.com>
Message-ID: <3411CC12BB577F4FAEAC8A694780866B024F310E@ITMAIL.town.barnstable.ma.us>

 
ok, slightly off topic but our mail server is suffering 
transferis interuptis only with comcast servers over the past few weeks.
 
running postfix  + mailscanner on ubuntu linux
 
reasonably current on everything, this is something that just started, 
appears to possibly be my firewall doing the interupting but I'm not convinced.
my logs say lost connection after Data.
 
I know this is pretty general but wondering if anyone has run into something similar ?
 
 
much thanks
 
-Ron
 
 
 
From alex at rtpty.com  Tue May 11 22:43:39 2010
From: alex at rtpty.com (Alex Neuman)
Date: Tue May 11 22:43:53 2010
Subject: Mail Servers
In-Reply-To: <3411CC12BB577F4FAEAC8A694780866B024F310E@ITMAIL.town.barnstable.ma.us>
References: <20100510215932.58863a16@pennywise.havleik.no><4BE86BD4.8040906@ecs.soton.ac.uk><EMEW3|07e0756e0748f21863f259b662cdd636m49LPw0bMailScanner|ecs.soton.ac.uk|4BE86BD4.8040906@ecs.soton.ac.uk>
	<CF8DBC2C66EC8746AC611079160EC6520CDD9039@cms.hq.vwg.com>
	<3411CC12BB577F4FAEAC8A694780866B024F310E@ITMAIL.town.barnstable.ma.us>
Message-ID: <D82BBDBF-62DD-44B3-8AD4-72930259B3A3@rtpty.com>

Yes

On May 11, 2010, at 4:31 PM, Ghetti, Ron wrote:

> 
> ok, slightly off topic but our mail server is suffering 
> transferis interuptis only with comcast servers over the past few weeks.
> 
> running postfix  + mailscanner on ubuntu linux
> 
> reasonably current on everything, this is something that just started, 
> appears to possibly be my firewall doing the interupting but I'm not convinced.
> my logs say lost connection after Data.
> 
> I know this is pretty general but wondering if anyone has run into something similar ?
> 
> 
> much thanks
> 
> -Ron
> 
> 
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

From Neal at Morgan-Systems.com  Tue May 11 23:05:06 2010
From: Neal at Morgan-Systems.com (Neal Morgan)
Date: Tue May 11 23:04:50 2010
Subject: Mail Servers
In-Reply-To: <3411CC12BB577F4FAEAC8A694780866B024F310E@ITMAIL.town.barnstable.ma.us>
References: <20100510215932.58863a16@pennywise.havleik.no><4BE86BD4.8040906@ecs.soton.ac.uk><EMEW3|07e0756e0748f21863f259b662cdd636m49LPw0bMailScanner|ecs.soton.ac.uk|4BE86BD4.8040906@ecs.soton.ac.uk><CF8DBC2C66EC8746AC611079160EC6520CDD9039@cms.hq.vwg.com>
	<3411CC12BB577F4FAEAC8A694780866B024F310E@ITMAIL.town.barnstable.ma.us>
Message-ID: <6557A87A5B462247861990180A542B142665A9@server-16.MorganSys.net>

> Tuesday, May 11, 2010 2:32 PM
>
> 
> ok, slightly off topic but our mail server is suffering transferis 
> interuptis only with comcast servers over the past few weeks.
>
> running postfix  + mailscanner on ubuntu linux
>  
> reasonably current on everything, this is something that just started,

> appears to possibly be my firewall doing the interupting but I'm not 
> convinced.  my logs say lost connection after Data.
>  
> I know this is pretty general but wondering if anyone has run into
something similar ?
>  
>  
> much thanks
>  
> -Ron
 
 
Ron:

We've seen a couple of things in the last 2 years like this.  One was
related to a kernel issue where tcp window scaling was getting
corrupted.  I believe we initially got around it by setting some boot
time kernel parameters - but ultimately the kernel source got fixed.  

A second similar issue happened with SMTP traffic that was tunneled - a
router near a Cox SMTP server was unwilling to negotiate a smaller MTU
(required for traffic traversing the tunnel).  This one was odd because
it would only happen during daytime hours.  We eventually got a hold of
a Cox CCIE and found that when their routers were super busy they would
ignore the ICMP messages related to MTU negotiation.  Since the CCIE
couldn't/wouldn't fix it on his end, we ended setting up an EOIP bridge
inside the tunnel to trick our router into believing it could handle a
normal MTU.  Ugly, but effective...

In both cases, we had to do some packet captures and scour through with
Wireshark.

I hope this helps...


Neal Morgan
 
From sandrews at andrewscompanies.com  Wed May 12 12:20:18 2010
From: sandrews at andrewscompanies.com (Steven Andrews)
Date: Wed May 12 12:20:29 2010
Subject: Junk messages with attachments
Message-ID: <1964AAFBC212F742958F9275BF63DBB0E3175F@winchester.andrewscompanies.com>

I have a SA rule that kills off some of our repetitive junk mails via a
match on the subject line; however, I've noticed some of them have zip
files attached with exe files in them.  It appears the file attach
restrictions apply first here and that the message never passes thru the
SA rule so the end user gets the email anyway.

 

Is there any way to make it the SA rule apply even when there's a banned
attachment?

 

Steven R. Andrews, President 
Andrews Companies Incorporated 
Small Business Information Technology Consultants 
sandrews@andrewscompanies.com 
Phone: 317.536.1807

"If your only tool is a hammer, every problem looks like a nail." 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100512/094c3e70/attachment.html
From ka at pacific.net  Wed May 12 14:12:01 2010
From: ka at pacific.net (Ken A)
Date: Wed May 12 14:12:15 2010
Subject: Mail Servers (OT)
In-Reply-To: <3411CC12BB577F4FAEAC8A694780866B024F310E@ITMAIL.town.barnstable.ma.us>
References: <20100510215932.58863a16@pennywise.havleik.no><4BE86BD4.8040906@ecs.soton.ac.uk><EMEW3|07e0756e0748f21863f259b662cdd636m49LPw0bMailScanner|ecs.soton.ac.uk|4BE86BD4.8040906@ecs.soton.ac.uk>	<CF8DBC2C66EC8746AC611079160EC6520CDD9039@cms.hq.vwg.com>
	<3411CC12BB577F4FAEAC8A694780866B024F310E@ITMAIL.town.barnstable.ma.us>
Message-ID: <4BEAA921.8070405@pacific.net>

define(`NOT_RELATED_TO_MAILSCANNER')

Some troubleshooting is in order.
http://www.postfix.org/faq.html#timeouts

Ken

On 5/11/2010 4:31 PM, Ghetti, Ron wrote:
>
> ok, slightly off topic but our mail server is suffering
> transferis interuptis only with comcast servers over the past few weeks.
>
> running postfix  + mailscanner on ubuntu linux
>
> reasonably current on everything, this is something that just started,
> appears to possibly be my firewall doing the interupting but I'm not convinced.
> my logs say lost connection after Data.
>
> I know this is pretty general but wondering if anyone has run into something similar ?
>
>
> much thanks
>
> -Ron
>
>
>
>

-- 
Ken Anderson
Pacific Internet - http://www.pacific.net
From Ron.Ghetti at town.barnstable.ma.us  Wed May 12 19:00:40 2010
From: Ron.Ghetti at town.barnstable.ma.us (Ghetti, Ron)
Date: Wed May 12 19:05:00 2010
Subject: Mail Servers
References: <20100510215932.58863a16@pennywise.havleik.no><4BE86BD4.8040906@ecs.soton.ac.uk><EMEW3|07e0756e0748f21863f259b662cdd636m49LPw0bMailScanner|ecs.soton.ac.uk|4BE86BD4.8040906@ecs.soton.ac.uk><CF8DBC2C66EC8746AC611079160EC6520CDD9039@cms.hq.vwg.com><3411CC12BB577F4FAEAC8A694780866B024F310E@ITMAIL.town.barnstable.ma.us>
	<6557A87A5B462247861990180A542B142665A9@server-16.MorganSys.net>
Message-ID: <3411CC12BB577F4FAEAC8A694780866B024F3111@ITMAIL.town.barnstable.ma.us>

 
 
Thanks Neal, that is helpful.
 
While I haven't resolved it yet, my packet caps indicate that the firewall
is dropping connections, so at least I've got something to target.
 
 
thanks
 
 
-Ron
 
 
 

________________________________

From: mailscanner-bounces@lists.mailscanner.info on behalf of Neal Morgan
Sent: Tue 5/11/2010 6:05 PM
To: MailScanner discussion
Subject: RE: Mail Servers



> Tuesday, May 11, 2010 2:32 PM
>
>
> ok, slightly off topic but our mail server is suffering transferis
> interuptis only with comcast servers over the past few weeks.
>
> running postfix  + mailscanner on ubuntu linux
> 
> reasonably current on everything, this is something that just started,

> appears to possibly be my firewall doing the interupting but I'm not
> convinced.  my logs say lost connection after Data.
> 
> I know this is pretty general but wondering if anyone has run into
something similar ?
> 
> 
> much thanks
> 
> -Ron


Ron:

We've seen a couple of things in the last 2 years like this.  One was
related to a kernel issue where tcp window scaling was getting
corrupted.  I believe we initially got around it by setting some boot
time kernel parameters - but ultimately the kernel source got fixed. 

A second similar issue happened with SMTP traffic that was tunneled - a
router near a Cox SMTP server was unwilling to negotiate a smaller MTU
(required for traffic traversing the tunnel).  This one was odd because
it would only happen during daytime hours.  We eventually got a hold of
a Cox CCIE and found that when their routers were super busy they would
ignore the ICMP messages related to MTU negotiation.  Since the CCIE
couldn't/wouldn't fix it on his end, we ended setting up an EOIP bridge
inside the tunnel to trick our router into believing it could handle a
normal MTU.  Ugly, but effective...

In both cases, we had to do some packet captures and scour through with
Wireshark.

I hope this helps...


Neal Morgan

--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!


From Ron.Ghetti at town.barnstable.ma.us  Wed May 12 19:14:06 2010
From: Ron.Ghetti at town.barnstable.ma.us (Ghetti, Ron)
Date: Wed May 12 19:18:01 2010
Subject: Mail Servers (OT)
References: <20100510215932.58863a16@pennywise.havleik.no><4BE86BD4.8040906@ecs.soton.ac.uk><EMEW3|07e0756e0748f21863f259b662cdd636m49LPw0bMailScanner|ecs.soton.ac.uk|4BE86BD4.8040906@ecs.soton.ac.uk>	<CF8DBC2C66EC8746AC611079160EC6520CDD9039@cms.hq.vwg.com>
	<3411CC12BB577F4FAEAC8A694780866B024F310E@ITMAIL.town.barnstable.ma.us>
	<4BEAA921.8070405@pacific.net>
Message-ID: <3411CC12BB577F4FAEAC8A694780866B024F3112@ITMAIL.town.barnstable.ma.us>

 
thanks for the reply Ken, 
yep, I've been through that section a couple of times, believe me.
it looks like the firewall is doing the connection dropping, only on emails with attachments
from comcast servers and randomly at that, many of them get through fine.
we are running a sonicwall 4100 with built-in virus/malware scanning.
our system is processing about 5k messages per day and it's all running 
pretty smoothly with this one exception that has shown up in the past couple weeks.
 
 
 
-Ron
 
 
 

________________________________

From: mailscanner-bounces@lists.mailscanner.info on behalf of Ken A
Sent: Wed 5/12/2010 9:12 AM
To: mailscanner@lists.mailscanner.info
Subject: Re: Mail Servers (OT)



define(`NOT_RELATED_TO_MAILSCANNER')

Some troubleshooting is in order.
http://www.postfix.org/faq.html#timeouts

Ken

On 5/11/2010 4:31 PM, Ghetti, Ron wrote:
>
> ok, slightly off topic but our mail server is suffering
> transferis interuptis only with comcast servers over the past few weeks.
>
> running postfix  + mailscanner on ubuntu linux
>
> reasonably current on everything, this is something that just started,
> appears to possibly be my firewall doing the interupting but I'm not convinced.
> my logs say lost connection after Data.
>
> I know this is pretty general but wondering if anyone has run into something similar ?
>
>
> much thanks
>
> -Ron
>
>
>
>

--
Ken Anderson
Pacific Internet - http://www.pacific.net <http://www.pacific.net/> 
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!


From ka at pacific.net  Wed May 12 19:42:40 2010
From: ka at pacific.net (Ken A)
Date: Wed May 12 19:42:55 2010
Subject: Mail Servers (OT)
In-Reply-To: <3411CC12BB577F4FAEAC8A694780866B024F3112@ITMAIL.town.barnstable.ma.us>
References: <20100510215932.58863a16@pennywise.havleik.no><4BE86BD4.8040906@ecs.soton.ac.uk><EMEW3|07e0756e0748f21863f259b662cdd636m49LPw0bMailScanner|ecs.soton.ac.uk|4BE86BD4.8040906@ecs.soton.ac.uk>	<CF8DBC2C66EC8746AC611079160EC6520CDD9039@cms.hq.vwg.com>	<3411CC12BB577F4FAEAC8A694780866B024F310E@ITMAIL.town.barnstable.ma.us>	<4BEAA921.8070405@pacific.net>
	<3411CC12BB577F4FAEAC8A694780866B024F3112@ITMAIL.town.barnstable.ma.us>
Message-ID: <4BEAF6A0.8060105@pacific.net>



On 5/12/2010 1:14 PM, Ghetti, Ron wrote:
>
> thanks for the reply Ken,
> yep, I've been through that section a couple of times, believe me.
> it looks like the firewall is doing the connection dropping, only on emails with attachments
> from comcast servers and randomly at that, many of them get through fine.
> we are running a sonicwall 4100 with built-in virus/malware scanning.
> our system is processing about 5k messages per day and it's all running
> pretty smoothly with this one exception that has shown up in the past couple weeks.
>

We use sonicwalls here and there too, though not on outgoing mail.
I would build a path around the sonicwall to be sure that was the 
culprit. IIRC, there are checkboxes for various types of attacks that 
the sonicwall will zap. Once you prove that it's the sonicwall doing it, 
you should be able to get some help from Sonicwall.

Ken

>
> -Ron
>
>
>
>
> ________________________________
>
> From: mailscanner-bounces@lists.mailscanner.info on behalf of Ken A
> Sent: Wed 5/12/2010 9:12 AM
> To: mailscanner@lists.mailscanner.info
> Subject: Re: Mail Servers (OT)
>
>
>
> define(`NOT_RELATED_TO_MAILSCANNER')
>
> Some troubleshooting is in order.
> http://www.postfix.org/faq.html#timeouts
>
> Ken
>
> On 5/11/2010 4:31 PM, Ghetti, Ron wrote:
>>
>> ok, slightly off topic but our mail server is suffering
>> transferis interuptis only with comcast servers over the past few weeks.
>>
>> running postfix  + mailscanner on ubuntu linux
>>
>> reasonably current on everything, this is something that just started,
>> appears to possibly be my firewall doing the interupting but I'm not convinced.
>> my logs say lost connection after Data.
>>
>> I know this is pretty general but wondering if anyone has run into something similar ?
>>
>>
>> much thanks
>>
>> -Ron
>>
>>
>>
>>
>
> --
> Ken Anderson
> Pacific Internet - http://www.pacific.net<http://www.pacific.net/>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
>

-- 
Ken Anderson
Pacific Internet - http://www.pacific.net
From ssilva at sgvwater.com  Thu May 13 00:12:21 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu May 13 00:12:40 2010
Subject: Mail Servers (OT)
In-Reply-To: <3411CC12BB577F4FAEAC8A694780866B024F3112@ITMAIL.town.barnstable.ma.us>
References: <20100510215932.58863a16@pennywise.havleik.no><4BE86BD4.8040906@ecs.soton.ac.uk><EMEW3|07e0756e0748f21863f259b662cdd636m49LPw0bMailScanner|ecs.soton.ac.uk|4BE86BD4.8040906@ecs.soton.ac.uk>	<CF8DBC2C66EC8746AC611079160EC6520CDD9039@cms.hq.vwg.com>	<3411CC12BB577F4FAEAC8A694780866B024F310E@ITMAIL.town.barnstable.ma.us>	<4BEAA921.8070405@pacific.net>
	<3411CC12BB577F4FAEAC8A694780866B024F3112@ITMAIL.town.barnstable.ma.us>
Message-ID: <hsfckl$t3j$1@dough.gmane.org>

on 5-12-2010 11:14 AM Ghetti, Ron spake the following:
>  
> thanks for the reply Ken, 
> yep, I've been through that section a couple of times, believe me.
> it looks like the firewall is doing the connection dropping, only on emails with attachments
> from comcast servers and randomly at that, many of them get through fine.
> we are running a sonicwall 4100 with built-in virus/malware scanning.
> our system is processing about 5k messages per day and it's all running 
> pretty smoothly with this one exception that has shown up in the past couple weeks.
>  
>  
>  
> -Ron
>  
>  
>  
> 
> ________________________________
> 
> From: mailscanner-bounces@lists.mailscanner.info on behalf of Ken A
> Sent: Wed 5/12/2010 9:12 AM
> To: mailscanner@lists.mailscanner.info
> Subject: Re: Mail Servers (OT)
> 
> 
> 
> define(`NOT_RELATED_TO_MAILSCANNER')
> 
> Some troubleshooting is in order.
> http://www.postfix.org/faq.html#timeouts
> 
> Ken
> 
> On 5/11/2010 4:31 PM, Ghetti, Ron wrote:
>>
>> ok, slightly off topic but our mail server is suffering
>> transferis interuptis only with comcast servers over the past few weeks.
>>
>> running postfix  + mailscanner on ubuntu linux
>>
>> reasonably current on everything, this is something that just started,
>> appears to possibly be my firewall doing the interupting but I'm not convinced.
>> my logs say lost connection after Data.
>>
>> I know this is pretty general but wondering if anyone has run into something similar ?
>>
>>
>> much thanks
>>
>> -Ron
>>
Could your sonicwall be delaying the messages long enough for postfix to time
out and drop the connections?

From m.anderlini at database.it  Thu May 13 11:24:34 2010
From: m.anderlini at database.it (Marcello Anderlini)
Date: Thu May 13 11:25:16 2010
Subject: [OT] how to redirect spamassassing --lint -D to a file
Message-ID: <6F32560A83F645988AB729013B8DA1DA@dbdomain.database.it>

I know this is a newbie question but could someone suggest me how to
redirect the output from spamassassin --lint -D to a file so I can later
wath it ?

Thanks everyone for any help

Best regards and sorry for my worst English.

Dr. Marcello Anderlini
m.anderlini@database.it
---------------------------------------------
Database Informatica S.r.l.
Microsoft Certified Partner
Tel.  +39059775070
Fax. +39059779545
http://www.database.it
--------------------------------------------- 


-- 
Messaggio verificato dal servizio antivirus di Database Informatica

From uxbod at splatnix.net  Thu May 13 11:35:57 2010
From: uxbod at splatnix.net (--[ UxBoD ]--)
Date: Thu May 13 11:36:11 2010
Subject: [OT] how to redirect spamassassing --lint -D to a file
In-Reply-To: <6F32560A83F645988AB729013B8DA1DA@dbdomain.database.it>
Message-ID: <5143605.80.1273746957229.JavaMail.root@office.splatnix.net>



----- Original Message -----
> I know this is a newbie question but could someone suggest me how to
> redirect the output from spamassassin --lint -D to a file so I can
> later wath it ?
> 
> Thanks everyone for any help
> 
> Best regards and sorry for my worst English.
> 
> Dr. Marcello Anderlini
> m.anderlini@database.it


spamassassin -D --lint > sadebug.txt 2>&1
-- 
Thanks, Phil
From m.anderlini at database.it  Thu May 13 11:50:19 2010
From: m.anderlini at database.it (Marcello Anderlini)
Date: Thu May 13 11:50:37 2010
Subject: R: [OT] how to redirect spamassassing --lint -D to a file
In-Reply-To: <5143605.80.1273746957229.JavaMail.root@office.splatnix.net>
References: <6F32560A83F645988AB729013B8DA1DA@dbdomain.database.it>
	<5143605.80.1273746957229.JavaMail.root@office.splatnix.net>
Message-ID: <9CE8BC4BEC3E44A684D97DF84BA741B0@dbdomain.database.it>

Wonderfull :-) thanks a lot

bye 


Dr. Marcello Anderlini
m.anderlini@database.it
---------------------------------------------
Database Informatica S.r.l.
Microsoft Certified Partner
Tel.  +39059775070
Fax. +39059779545
http://www.database.it
--------------------------------------------- 

-----Messaggio originale-----
Da: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] Per conto di --[ UxBoD
]--
Inviato: 13/05/2010 12:36
A: MailScanner discussion
Oggetto: Re: [OT] how to redirect spamassassing --lint -D to a file



----- Original Message -----
> I know this is a newbie question but could someone suggest me how to 
> redirect the output from spamassassin --lint -D to a file so I can 
> later wath it ?
> 
> Thanks everyone for any help
> 
> Best regards and sorry for my worst English.
> 
> Dr. Marcello Anderlini
> m.anderlini@database.it


spamassassin -D --lint > sadebug.txt 2>&1
--
Thanks, Phil
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

--
Messaggio verificato dal servizio antivirus di Database Informatica


-- 
Messaggio verificato dal servizio antivirus di Database Informatica

From elec.arun at gmail.com  Thu May 13 14:19:19 2010
From: elec.arun at gmail.com (arun gupta)
Date: Thu May 13 14:19:29 2010
Subject: MailScanner Digest, Vol 53, Issue 8
In-Reply-To: <201005121101.o4CB0YZQ005509@safir.blacknight.ie>
References: <201005121101.o4CB0YZQ005509@safir.blacknight.ie>
Message-ID: <AANLkTikO3o-BoKeK4D4alIstkn-s_JrMuG8Z_Oyj6hD3@mail.gmail.com>

> Dear Sir,


As per said by you i am pasting one spam mail

_____________________________________________________________________________--
From: cdac.in support <pd@cdac.in>

To: pd@cdac.in

Subject: setting for your mailbox pd@cdac.in are
changed



SMTP and POP3 servers for pd@cdac.in mailbox are changed. Please carefully
read the attached instructions before updating
settings.



http://mamapapabrat.googlegroups.com/web/setup.zip


 ________________________________________________________________________________________

I tried at least 100 times this type of spam mail to spamassassin through
sa-learn but spamassassin caught as spam after 3 days, please give the some
inputs.

-- 
   With Regards,
   Arun Kumar Gupta
   System Administrator
   C-DAC  Pune
   INDIA

>
> On Tue, 2010-05-11 at 15:39 +0530, arun gupta wrote:
> > Dear
> > Sir,
> >
> > I am using MailScanner-4.69 and SpamAssassin version 3.2.4, when
> > I
> > received any spam mail and MailScanner not able to caught as spam,
> > then
> > I
> > teach manually through 'sa-learn' command, but it does not teach as
> > spam
> > immediately, it takes 2 to 3 days, please help me regarding the
> > same.
> >
>
>
> Arun,
>
> Firstly, You should upgrade your SA version. The newer SA is definitely
> a lot better.
>
> Also sa-learn is no magic bullet. This can only feed your spams to
> bayes.  If the spam is still skipping through you might have to check
> the actual rules.
>
> Post a full spam on a pastebin and refer it here .
> You might get some useful inputs on what to check.
>
>
> Thanks
> Ram
> ------------------------------
>
> Message: 2
> Date: Tue, 11 May 2010 08:47:14 -0400
> From: "Naz Snidanko" <nsnidanko@harperpowerproducts.com>
> Subject: RE: regarding training of ham and spam to spamassassin
> To: <mailscanner@lists.mailscanner.info>
> Message-ID:
>        <9453A32CAC9FFB4D8F59285E34B6A5062669@hotc_exch.harperotc.com>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi Arun,
>
>
>
> Spamassassin starts using bayes database after you "feed" it over 200
> Spam and 200 Ham emails.
>
>
>
> To check if bayes are working please run the following command:
>
>
>
> spamassassin -lint -D
>
>
>
> And look for the following that will say something along these lines:
>
>
>
>  [11363] dbg: bayes: not available for scanning, only 105 ham(s) in
> bayes DB < 200
>
>
>
> Regards,
>
> Naz Snidanko
>
> Desktop & Network Support
>
> Harper Power Products Inc.
>
> (p) 416 201- 7506
>
> nsnidanko@harperpowerproducts.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100513/8b2d1bee/attachment.html
From Ron.Ghetti at town.barnstable.ma.us  Thu May 13 14:26:37 2010
From: Ron.Ghetti at town.barnstable.ma.us (Ghetti, Ron)
Date: Thu May 13 14:30:11 2010
Subject: Mail Servers (OT)
Message-ID: <3411CC12BB577F4FAEAC8A694780866B041A13EB@ITMAIL.town.barnstable.ma.us>




You know Scott, that is a brilliant idea, the server load is low
But the load on the sonicwall is fairly high with web traffic etc.
Let me look into that.


Thanks for the reply



-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott
Silva
Sent: Wednesday, May 12, 2010 7:12 PM
To: mailscanner@lists.mailscanner.info
Subject: Re: Mail Servers (OT)


on 5-12-2010 11:14 AM Ghetti, Ron spake the following:
>  
> thanks for the reply Ken,
> yep, I've been through that section a couple of times, believe me.
> it looks like the firewall is doing the connection dropping, only on
emails with attachments
> from comcast servers and randomly at that, many of them get through
fine.
> we are running a sonicwall 4100 with built-in virus/malware scanning.
> our system is processing about 5k messages per day and it's all
running 
> pretty smoothly with this one exception that has shown up in the past
couple weeks.
>  
>  
>  
> -Ron
>  
>  
>  
> 
> ________________________________
> 
> From: mailscanner-bounces@lists.mailscanner.info on behalf of Ken A
> Sent: Wed 5/12/2010 9:12 AM
> To: mailscanner@lists.mailscanner.info
> Subject: Re: Mail Servers (OT)
> 
> 
> 
> define(`NOT_RELATED_TO_MAILSCANNER')
> 
> Some troubleshooting is in order. 
> http://www.postfix.org/faq.html#timeouts
> 
> Ken
> 
> On 5/11/2010 4:31 PM, Ghetti, Ron wrote:
>>
>> ok, slightly off topic but our mail server is suffering transferis 
>> interuptis only with comcast servers over the past few weeks.
>>
>> running postfix  + mailscanner on ubuntu linux
>>
>> reasonably current on everything, this is something that just 
>> started, appears to possibly be my firewall doing the interupting but

>> I'm not convinced. my logs say lost connection after Data.
>>
>> I know this is pretty general but wondering if anyone has run into 
>> something similar ?
>>
>>
>> much thanks
>>
>> -Ron
>>
Could your sonicwall be delaying the messages long enough for postfix to
time out and drop the connections?

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From shaun at rpm-solutions.co.uk  Thu May 13 16:36:50 2010
From: shaun at rpm-solutions.co.uk (Shaun Forsyth (RPM Solutions))
Date: Thu May 13 16:36:37 2010
Subject: Send From an address, but discard any incomming mail to that address,
	sendmail?
Message-ID: <647CE9F4CB3A49319CE05A68E58E5DB0@wksta001>

Hi Guys,
    I know not strictly a mail scanner question, but its on one of our 
mailscanner servers, and could maybe something mail scanner can help with. 
Currently using sendmail with virtual users, user noreply@domain is used to 
send email from scripts on the server, the domain is listed in 
local-host-names however I cleaned up the virtual user file the other day 
and added a bunch of @domain error:nouser No such user here no the server 
wont send from that address?

I should point out that I can't simply trust the user that the script is 
running as, as the mail is being smart hosted from another server to this 
server, the access file currently has 2 lines Connect:[IP] RELAY and [IP] 
RELAY already in it.

Any one think of a way that this can be done, to be able to send from the 
address but drop, reject, discard the mail coming back in. 

From ms-list at alexb.ch  Thu May 13 17:37:29 2010
From: ms-list at alexb.ch (Alex Broens)
Date: Thu May 13 17:37:39 2010
Subject: Send From an address, but discard any incomming mail to that
	address, 	sendmail?
In-Reply-To: <647CE9F4CB3A49319CE05A68E58E5DB0@wksta001>
References: <647CE9F4CB3A49319CE05A68E58E5DB0@wksta001>
Message-ID: <4BEC2AC9.7030000@alexb.ch>

On 2010-05-13 17:36, Shaun Forsyth (RPM Solutions) wrote:
> Hi Guys,
>    I know not strictly a mail scanner question, but its on one of our 
> mailscanner servers, and could maybe something mail scanner can help 
> with. Currently using sendmail with virtual users, user noreply@domain 
> is used to send email from scripts on the server, the domain is listed 
> in local-host-names however I cleaned up the virtual user file the other 
> day and added a bunch of @domain error:nouser No such user here no the 
> server wont send from that address?
> 
> I should point out that I can't simply trust the user that the script is 
> running as, as the mail is being smart hosted from another server to 
> this server, the access file currently has 2 lines Connect:[IP] RELAY 
> and [IP] RELAY already in it.
> 
> Any one think of a way that this can be done, to be able to send from 
> the address but drop, reject, discard the mail coming back in.


teach the sending app to use an empty envelope-from so no 
replies/bounces will ever get sent back
From rabellino at di.unito.it  Thu May 13 18:50:07 2010
From: rabellino at di.unito.it (Sergio Rabellino)
Date: Thu May 13 18:50:25 2010
Subject: Send From an address, but discard any incomming mail to that
 address,	sendmail?
In-Reply-To: <647CE9F4CB3A49319CE05A68E58E5DB0@wksta001>
References: <647CE9F4CB3A49319CE05A68E58E5DB0@wksta001>
Message-ID: <4BEC3BCF.1080501@di.unito.it>

Simply add to your aliases file the following:

noreply:"| cat > /dev/null"

Every mail to noreply@domain will be accepted and trashed to /dev/null.
hope this helps.

Shaun Forsyth (RPM Solutions) ha scritto:
> Hi Guys,
>    I know not strictly a mail scanner question, but its on one of our 
> mailscanner servers, and could maybe something mail scanner can help 
> with. Currently using sendmail with virtual users, user noreply@domain 
> is used to send email from scripts on the server, the domain is listed 
> in local-host-names however I cleaned up the virtual user file the 
> other day and added a bunch of @domain error:nouser No such user here 
> no the server wont send from that address?
>
> I should point out that I can't simply trust the user that the script 
> is running as, as the mail is being smart hosted from another server 
> to this server, the access file currently has 2 lines Connect:[IP] 
> RELAY and [IP] RELAY already in it.
>
> Any one think of a way that this can be done, to be able to send from 
> the address but drop, reject, discard the mail coming back in.

-- 
Ing. Sergio Rabellino

Universit? degli Studi di Torino
Dipartimento di Informatica
ICT Services Director
Tel +39-0116706701  Fax +39-011751603
C.so Svizzera , 185 - 10149 - Torino

<http://www.di.unito.it>

-------------- next part --------------
Skipped content of type multipart/related
From Garrod.Alwood at lorodoes.com  Fri May 14 00:52:03 2010
From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood)
Date: Fri May 14 01:01:21 2010
Subject: OT: Releasing bad content from MailWatch
Message-ID: <B08BAE926BEC9A479032897B9665A557014169CC63C3@homedom.Alwood.local>

Hey Everyone,

I am trying to figure out why I wasn't able to release bad content from MailWatch and if am even able to release bad content emails?



Garrod M. Alwood
Consultant
garrod.alwood@lorodoes.com
904.738.4988
-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From mikael at syska.dk  Fri May 14 01:24:00 2010
From: mikael at syska.dk (Mikael Syska)
Date: Fri May 14 01:24:14 2010
Subject: OT: Releasing bad content from MailWatch
In-Reply-To: <B08BAE926BEC9A479032897B9665A557014169CC63C3@homedom.Alwood.local>
References: <B08BAE926BEC9A479032897B9665A557014169CC63C3@homedom.Alwood.local>
Message-ID: <AANLkTikPuzaogJoF32JcYkq5M8B7ni4FIlioD5vmHAKj@mail.gmail.com>

Hi,

This is the MailScanner mailing list ... there is also a MailWatch list.

On Fri, May 14, 2010 at 1:52 AM, Garrod M. Alwood
<Garrod.Alwood@lorodoes.com> wrote:
> Hey Everyone,
>
> I am trying to figure out why I wasn't able to release bad content from MailWatch and if am even able to release bad content emails?

Yes, you are able to release bad content ...

What happens when you release mails? Do they get caught again or ?
More information is needed for us to help you. Every guess would
almost be a shot in the dark :-)

>
>
>
> Garrod M. Alwood
> Consultant
> garrod.alwood@lorodoes.com
> 904.738.4988
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

mvh
Mikael Syska
http://ifyoudo.net
From Garrod.Alwood at lorodoes.com  Fri May 14 01:54:01 2010
From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood)
Date: Fri May 14 02:03:08 2010
Subject: Issue
Message-ID: <B08BAE926BEC9A479032897B9665A557014169CC63C8@homedom.Alwood.local>

Hey Everyone,

Ok, lets try this. Is there a way to make it so that zipped messages will not get the filename or filetype rules applied to them. So that if someone emails an exe then it will scan it with clamav, but not pull the exe out of it.




Garrod M. Alwood
Consultant
garrod.alwood@lorodoes.com
904.738.4988
-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Fri May 14 09:47:19 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May 14 09:47:34 2010
Subject: Issue
In-Reply-To: <B08BAE926BEC9A479032897B9665A557014169CC63C8@homedom.Alwood.local>
References: <B08BAE926BEC9A479032897B9665A557014169CC63C8@homedom.Alwood.local>
	<4BED0E17.2050800@ecs.soton.ac.uk>
Message-ID: <EMEW3|7e86003caf2c245b06d958bd217af8d4m4D9lK0bMailScanner|ecs.soton.ac.uk|4BED0E17.2050800@ecs.soton.ac.uk>

Yes, very simple.

Look for

Archives: Allow Filenames =
Archives: Deny Filenames =
Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf
Archives: Allow Filetypes =
Archives: Allow File MIME Types =
Archives: Deny Filetypes =
Archives: Deny File MIME Types =
Archives: Filetype Rules = %etc-dir%/archives.filetype.rules.conf

in your MailScanner.conf.

You can also define exactly what you consider to be an "archive" with

Archives Are = zip rar ole

You need a reasonably recent version to have these features.

Jules.

On 14/05/2010 01:54, Garrod M. Alwood wrote:
> Hey Everyone,
>
> Ok, lets try this. Is there a way to make it so that zipped messages will not get the filename or filetype rules applied to them. So that if someone emails an exe then it will scan it with clamav, but not pull the exe out of it.
>
>
>
>
> Garrod M. Alwood
> Consultant
> garrod.alwood@lorodoes.com
> 904.738.4988
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From jplorier at montecarlotv.com.uy  Fri May 14 14:09:41 2010
From: jplorier at montecarlotv.com.uy (Juan Pablo Lorier)
Date: Fri May 14 14:10:14 2010
Subject: Can I ban my own domain?
In-Reply-To: <201005141102.o4EB0QFw031700@safir.blacknight.ie>
References: <201005141102.o4EB0QFw031700@safir.blacknight.ie>
Message-ID: <1273842581.24536.217.camel@localhost>

Hi people,

I know that to avoid receiving spam that forge my domain I need to use
watermarking, but I won't do that until I update maiscanner. As I use a
mail gateway to check incoming mail and to relay the users from outside
the company, is it too crazy to ban my own domain in the mailscanner
gateway? Will this affect the roaming users?.
Regards,

JPL




-- Toda la información contenida en este correo electrónico es confidencial y para conocimiento exclusivo de su destinatario. Agradeceremos que Ud. nos comunique inmediatamente si ha recibido este correo por error. En tal caso, evite hacer uso del mismo en forma alguna y elimínelo inmediatamente de su sistema.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100514/877a7208/attachment.html
From thomasl at mtl.mit.edu  Fri May 14 17:12:14 2010
From: thomasl at mtl.mit.edu (Thomas Lohman)
Date: Fri May 14 17:12:46 2010
Subject: Issue
In-Reply-To: <EMEW3|7e86003caf2c245b06d958bd217af8d4m4D9lK0bMailScanner|ecs.soton.ac.uk|4BED0E17.2050800@ecs.soton.ac.uk>
References: <B08BAE926BEC9A479032897B9665A557014169CC63C8@homedom.Alwood.local>	<4BED0E17.2050800@ecs.soton.ac.uk>
	<EMEW3|7e86003caf2c245b06d958bd217af8d4m4D9lK0bMailScanner|ecs.soton.ac.uk|4BED0E17.2050800@ecs.soton.ac.uk>
Message-ID: <4BED765E.3040807@mtl.mit.edu>

Garrod, you can also set Maximum Archive Depth to 0.

# The maximum depth to which zip archives, rar archives and Microsoft Office
# documents will be unpacked, to allow for checking filenames and filetypes
# within zip and rar archives and embedded within Office documents.
#
# Note: This setting does *not* affect virus scanning in archives at all.
#
# To disable this feature set this to 0.
# A common useful setting is this option = 0, and Allow Password-Protected
# Archives = no. That block password-protected archives but does not do
# any filename/filetype checks on the files within the archive.
# This can also be the filename of a ruleset.
Maximum Archive Depth = 0

Hope this helps,


--tom

>> Ok, lets try this. Is there a way to make it so that zipped
>> messages will not get the filename or filetype rules applied to
>> them. So that if someone emails an exe then it will scan it with
>> clamav, but not pull the exe out of it.

From mark at msapiro.net  Fri May 14 18:34:36 2010
From: mark at msapiro.net (Mark Sapiro)
Date: Fri May 14 18:34:50 2010
Subject: regarding training of ham and spam to spamassassin
In-Reply-To: <AANLkTikO3o-BoKeK4D4alIstkn-s_JrMuG8Z_Oyj6hD3@mail.gmail.com>
References: <201005121101.o4CB0YZQ005509@safir.blacknight.ie>
	<AANLkTikO3o-BoKeK4D4alIstkn-s_JrMuG8Z_Oyj6hD3@mail.gmail.com>
Message-ID: <20100514173436.GA414@sbh16.songbird.com>

On Thu, May 13, 2010 at 06:49:19PM +0530, arun gupta wrote:
> > Dear Sir,
> 
> 
> As per said by you i am pasting one spam mail
> 
> _____________________________________________________________________________--
> From: cdac.in support <pd@cdac.in>
> 
> To: pd@cdac.in
> 
> Subject: setting for your mailbox pd@cdac.in are
> changed
> 
> 
> 
> SMTP and POP3 servers for pd@cdac.in mailbox are changed. Please carefully
> read the attached instructions before updating
> settings.
> 
> 
> 
> http://mung_url_to_stop_hit.invalid/web/setup.zip
> 
> 
>  ________________________________________________________________________________________
> 
> I tried at least 100 times this type of spam mail to spamassassin through
> sa-learn but spamassassin caught as spam after 3 days, please give the some
> inputs.


If you install the "sought" ruleset
<http://wiki.apache.org/spamassassin/SoughtRules>, that message will
hit JM_SOUGHT_1 and get +4 points.

As others have noted, sa-learn trains SA's bayes filter which is a
statistical filter. It is not going to give a high spam probability
based on only a few samples.

-- 
Mark Sapiro <mark@msapiro.net>        Any clod can have the facts;
San Francisco Bay Area, California    having opinions is an art. -
                                      C. McCabe, The Fearless Spectator

From paulo-m-roncon at ptinovacao.pt  Sun May 16 23:44:11 2010
From: paulo-m-roncon at ptinovacao.pt (Paulo Roncon)
Date: Sun May 16 23:44:22 2010
Subject: OT: Sendmail Outbound config
Message-ID: <FE488BAD8B4EBB4BBEC64B3EEA4497E6CEC670C7C1@INOAVREX11.ptin.corpPT.com>

Hello friends

This is a bit OT but anyway: 
-I need to config a sendmail as an outbound MTA (with MailScanner). How can I block all mail except outbound mails that come from an IP ou Domain?
I dont want to be a open relay

thanks!
From noel.butler at ausics.net  Mon May 17 00:44:48 2010
From: noel.butler at ausics.net (Noel Butler)
Date: Mon May 17 00:45:04 2010
Subject: [OT] att blacknight
Message-ID: <1274053488.7595.22.camel@tardis>

Sorry for OT, but I know Michele is on this list...

Can you guys update your router's bogon lists please.
APNIC ranges  issued 5 months ago are unable to reach your network (this
includes www.mailscanner.info)

You can get the latest listing from
http://www.team-cymru.org/Services/Bogons/changelog.html

Thanks

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100517/3253f3c4/attachment.html
From Ron.Ghetti at town.barnstable.ma.us  Mon May 17 04:40:27 2010
From: Ron.Ghetti at town.barnstable.ma.us (Ghetti, Ron)
Date: Mon May 17 04:40:39 2010
Subject: Fresh Install
Message-ID: <3411CC12BB577F4FAEAC8A694780866B041A13FE@ITMAIL.town.barnstable.ma.us>



Hi,

 fresh install here, I'm wondering if anyone has a list
 on which files need to be edited for the mailscanner path ?
 I've moved the folder and now am finding that it won't run 
 because it's hardcoded all over the place.  Arg. 
 
 Also is there any way to turn off the Antiword thing ? 

Thanks

-Ron

From hvdkooij at vanderkooij.org  Mon May 17 09:14:26 2010
From: hvdkooij at vanderkooij.org (hvdkooij)
Date: Mon May 17 09:16:18 2010
Subject: OT: Sendmail Outbound config
In-Reply-To: <FE488BAD8B4EBB4BBEC64B3EEA4497E6CEC670C7C1@INOAVREX11.ptin.corpPT.com>
References: <FE488BAD8B4EBB4BBEC64B3EEA4497E6CEC670C7C1@INOAVREX11.ptin.corpPT.com>
Message-ID: <970599f8559e285a1c3171dcf4e65221@127.0.0.1>


On Sun, 16 May 2010 23:44:11 +0100, Paulo Roncon
<paulo-m-roncon@ptinovacao.pt> wrote:

> This is a bit OT but anyway: 
> -I need to config a sendmail as an outbound MTA (with MailScanner). How
> can I block all mail except outbound mails that come from an IP ou
Domain?
> I dont want to be a open relay

May I suggest you take your favorite search engine and start looking for
online documents? Generic questions like this one show a lack of effort
from your end.

Hugo.

-- 
hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
From peter at farrows.org  Mon May 17 13:45:02 2010
From: peter at farrows.org (Peter Farrow)
Date: Mon May 17 13:45:16 2010
Subject: OT: Sendmail Outbound config
In-Reply-To: <FE488BAD8B4EBB4BBEC64B3EEA4497E6CEC670C7C1@INOAVREX11.ptin.corpPT.com>
References: <FE488BAD8B4EBB4BBEC64B3EEA4497E6CEC670C7C1@INOAVREX11.ptin.corpPT.com>
Message-ID: <4BF13A4E.3090704@farrows.org>

On 16/05/2010 23:44, Paulo Roncon wrote:
> Hello friends
>
> This is a bit OT but anyway:
> -I need to config a sendmail as an outbound MTA (with MailScanner). How can I block all mail except outbound mails that come from an IP ou Domain?
> I dont want to be a open relay
>
> thanks!--
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>    
Its quicker to answer this questions rather than telling you to RTFM, 
but really you should do your homework before submitting generic 
questions as Hugo has so rightly pointed out, but I will save you the 
trouble and get you started:

Sendmail has the following file which controls its relaying behavious

on Centos/Redhat/fedora and probably others its in

/etc/mail

find the file called "access" in this directory and add a line like this:


ip.address.in.here                RELAY

and/or a line like this:

mydomain.co.uk                  RELAY

For example if the network ip address of your lan was 192.168.1.0

use, (note the host specific part of the IP is omitted):

192.168.1                        RELAY

Then either restart sendmail on RedHat distis or from the /etc/mail/ 
directory type "make" and hit return to rebuild the access.db file.

Also Sendmail won't be an open relay by default, and usually only 
listens on the loopback interface until you modify sendmail.mc to change 
this behaviour.

Sendmail is the industry standard, most widely used MTA, and you can 
pretty much do anything with it, its pretty easy to get to grips with 
once you dive in and have a go!

Regards

Pete



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100517/967ea11e/attachment.html
From bamcomp at yahoo.com  Mon May 17 17:30:57 2010
From: bamcomp at yahoo.com (Brett Moss)
Date: Mon May 17 17:31:07 2010
Subject: docx problems
Message-ID: <201713.99011.qm@web30008.mail.mud.yahoo.com>

Hello,
This appears to be a new problem for me.
I am seeing emails with .docx files attached tagged as a bad filename with this message.  

Quarantine: /var/spool/MailScanner/quarantine/20100517/o4HG7hpC008615
    Report: MailScanner: No programs allowed (font10.odttf)
    Report: MailScanner: No programs allowed (font10.odttf)

I tried to add a line to the archives.filename.rules.conf to allow the .odttf, but that did not seem to work.

I did not find anything with google for "mailscanner and odttf", but I can't imagine this is new.

The .odttf files live a few dirs down
file.docx-->word-->fonts-->fontx.odttf

Thank you,
Brett


      
From agile.aspect at gmail.com  Tue May 18 03:25:15 2010
From: agile.aspect at gmail.com (Agile Aspect)
Date: Tue May 18 03:25:24 2010
Subject: stripping all attachments
Message-ID: <AANLkTilDrIm3sGIporfAC9HEK9Gf8IwnHBWYXoRUV56w@mail.gmail.com>

Hi - I've just started using MailScanner-4.79.11-1 on CentOS 4.7
system running sendmail 8.13.1.

We have a requirement that all outbound email be stripped of all attachments.

We're currently relaying all the internal email at the data center to
a single host, which is then relaying the email to a remote Exchange
server.

This single host is running MailScanner.

The relaying works fine.

The problem is I can't strip attachments - at least *.tar and *.tar.gz
files (I haven't tried others but those are most important.)

In the MailScanner.conf file, I've set

  Maximum Attachment Size = 0

since the comments in the MailScanner.conf file indicate

  "If this is set to zero, effectively no attachments are allowed."

But it doesn't appear to have any impact.

Any help would be greatly appreciated.

-- 
      Enjoy global warming while it lasts.
From agile.aspect at gmail.com  Tue May 18 06:04:27 2010
From: agile.aspect at gmail.com (Agile Aspect)
Date: Tue May 18 06:04:37 2010
Subject: stripping all attachments
In-Reply-To: <AANLkTilDrIm3sGIporfAC9HEK9Gf8IwnHBWYXoRUV56w@mail.gmail.com>
References: <AANLkTilDrIm3sGIporfAC9HEK9Gf8IwnHBWYXoRUV56w@mail.gmail.com>
Message-ID: <AANLkTik_3QYk79GrZg4DhEzbxEMURFnltIeK6VX5sb-P@mail.gmail.com>

It's working now - I restarted everything.


On Mon, May 17, 2010 at 7:25 PM, Agile Aspect <agile.aspect@gmail.com> wrote:
> Hi - I've just started using MailScanner-4.79.11-1 on CentOS 4.7
> system running sendmail 8.13.1.
>
> We have a requirement that all outbound email be stripped of all attachments.
>
> We're currently relaying all the internal email at the data center to
> a single host, which is then relaying the email to a remote Exchange
> server.
>
> This single host is running MailScanner.
>
> The relaying works fine.
>
> The problem is I can't strip attachments - at least *.tar and *.tar.gz
> files (I haven't tried others but those are most important.)
>
> In the MailScanner.conf file, I've set
>
> ?Maximum Attachment Size = 0
>
> since the comments in the MailScanner.conf file indicate
>
> ?"If this is set to zero, effectively no attachments are allowed."
>
> But it doesn't appear to have any impact.
>
> Any help would be greatly appreciated.
>
> --
> ? ? ?Enjoy global warming while it lasts.
>



-- 
      Enjoy global warming while it lasts.
From MailScanner at ecs.soton.ac.uk  Tue May 18 12:18:06 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue May 18 12:18:22 2010
Subject: docx problems
In-Reply-To: <201713.99011.qm@web30008.mail.mud.yahoo.com>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>
	<4BF2776E.30702@ecs.soton.ac.uk>
Message-ID: <EMEW3|ae57ac8103126b0f834738de41ee1c88m4HCI90bMailScanner|ecs.soton.ac.uk|4BF2776E.30702@ecs.soton.ac.uk>

The "No programs allowed" error occurs in filetype.rules.conf and 
archives.filetype.rules.conf, so that is where you need to allow them.
Basically you're probably going to have to comment out the "No programs 
allowed" rule in archives.filetype.rules.conf.
The other option is to use the MIME type reporting (the optional extra 
field in each line, read the docs at the top of the file), and find out 
what a "file -i" reports for one of those odttf files, and allow that 
instead. That way you can keep the "No programs allowed" line as well, 
just put your new "allow" line above it.

Hope that helps!

Jules.

On 17/05/2010 17:30, Brett Moss wrote:
> Hello,
> This appears to be a new problem for me.
> I am seeing emails with .docx files attached tagged as a bad filename with this message.
>
> Quarantine: /var/spool/MailScanner/quarantine/20100517/o4HG7hpC008615
>      Report: MailScanner: No programs allowed (font10.odttf)
>      Report: MailScanner: No programs allowed (font10.odttf)
>
> I tried to add a line to the archives.filename.rules.conf to allow the .odttf, but that did not seem to work.
>
> I did not find anything with google for "mailscanner and odttf", but I can't imagine this is new.
>
> The .odttf files live a few dirs down
> file.docx-->word-->fonts-->fontx.odttf
>
> Thank you,
> Brett
>
>
>
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From bamcomp at yahoo.com  Tue May 18 21:02:19 2010
From: bamcomp at yahoo.com (Brett Moss)
Date: Tue May 18 21:02:30 2010
Subject: docx problems
In-Reply-To: <EMEW3|ae57ac8103126b0f834738de41ee1c88m4HCI90bMailScanner|ecs.soton.ac.uk|4BF2776E.30702@ecs.soton.ac.uk>
Message-ID: <141778.8394.qm@web30003.mail.mud.yahoo.com>




> The "No programs allowed" error
> occurs in filetype.rules.conf and
> archives.filetype.rules.conf, so that is where you need to
> allow them.
> Basically you're probably going to have to comment out the
> "No programs allowed" rule in archives.filetype.rules.conf.
> The other option is to use the MIME type reporting (the
> optional extra field in each line, read the docs at the top
> of the file), and find out what a "file -i" reports for one
> of those odttf files, and allow that instead. That way you
> can keep the "No programs allowed" line as well, just put
> your new "allow" line above it.
> 
> Hope that helps!
> 
> Jules.
> 

Hello Jules,
I must be doing something wrong.
The results of a file -i are

file -i font10.odttf
font10.odttf: application/octet-stream

So, I placed the following line in both the archives.filetype.rules.conf and filetype.rules.conf above the line
deny    executable      No executables          No programs allowed

allow   -       application/octet-stream        -       -

All spaces are tabs.  I restarted MailScanner and the message is still blocked.

>From what I saw in the archives, the format looks correct, but obviously it is not.  Any suggestions please?

Thank you,
Brett

> On 17/05/2010 17:30, Brett Moss wrote:
> > Hello,
> > This appears to be a new problem for me.
> > I am seeing emails with .docx files attached tagged as
> a bad filename with this message.
> > 
> > Quarantine:
> /var/spool/MailScanner/quarantine/20100517/o4HG7hpC008615
> >? ? ? Report: MailScanner: No programs
> allowed (font10.odttf)
> >? ? ? Report: MailScanner: No programs
> allowed (font10.odttf)
> > 
> > I tried to add a line to the
> archives.filename.rules.conf to allow the .odttf, but that
> did not seem to work.
> > 
> > I did not find anything with google for "mailscanner
> and odttf", but I can't imagine this is new.
> > 
> > The .odttf files live a few dirs down
> > file.docx-->word-->fonts-->fontx.odttf
> > 
> > Thank you,
> > Brett
> > 
> > 
> > 
> >? ? 
> 
> Jules
> 
> -- Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> 
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from
> your boss?
> Contact me!
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415
> B654
> Follow me at twitter.com/JulesFM and
> twitter.com/MailScanner
> 
> 
> -- This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> -- MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the
> website! 


      
From GSilver at rampuptech.com  Tue May 18 22:29:34 2010
From: GSilver at rampuptech.com (Gavin Silver)
Date: Tue May 18 22:29:32 2010
Subject: docx problems
In-Reply-To: <141778.8394.qm@web30003.mail.mud.yahoo.com>
References: <EMEW3|ae57ac8103126b0f834738de41ee1c88m4HCI90bMailScanner|ecs.soton.ac.uk|4BF2776E.30702@ecs.soton.ac.uk>
	<141778.8394.qm@web30003.mail.mud.yahoo.com>
Message-ID: <AF3B610E0140EA4C9D8C9D50ECF75D9201BFD40D9120@galvatron>

> well, just put your new "allow" line above it.
>

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Brett Moss
Sent: Tuesday, May 18, 2010 4:02 PM
To: MailScanner discussion
Subject: Re: docx problems




> The "No programs allowed" error
> occurs in filetype.rules.conf and
> archives.filetype.rules.conf, so that is where you need to
> allow them.
> Basically you're probably going to have to comment out the
> "No programs allowed" rule in archives.filetype.rules.conf.
> The other option is to use the MIME type reporting (the
> optional extra field in each line, read the docs at the top
> of the file), and find out what a "file -i" reports for one
> of those odttf files, and allow that instead. That way you
> can keep the "No programs allowed" line as well, just put
> your new "allow" line above it.
> 
> Hope that helps!
> 
> Jules.
> 

Hello Jules,
I must be doing something wrong.
The results of a file -i are

file -i font10.odttf
font10.odttf: application/octet-stream

So, I placed the following line in both the archives.filetype.rules.conf and filetype.rules.conf above the line
deny    executable      No executables          No programs allowed

allow   -       application/octet-stream        -       -

All spaces are tabs.  I restarted MailScanner and the message is still blocked.

>From what I saw in the archives, the format looks correct, but obviously it is not.  Any suggestions please?

Thank you,
Brett

> On 17/05/2010 17:30, Brett Moss wrote:
> > Hello,
> > This appears to be a new problem for me.
> > I am seeing emails with .docx files attached tagged as
> a bad filename with this message.
> > 
> > Quarantine:
> /var/spool/MailScanner/quarantine/20100517/o4HG7hpC008615
> >? ? ? Report: MailScanner: No programs
> allowed (font10.odttf)
> >? ? ? Report: MailScanner: No programs
> allowed (font10.odttf)
> > 
> > I tried to add a line to the
> archives.filename.rules.conf to allow the .odttf, but that
> did not seem to work.
> > 
> > I did not find anything with google for "mailscanner
> and odttf", but I can't imagine this is new.
> > 
> > The .odttf files live a few dirs down
> > file.docx-->word-->fonts-->fontx.odttf
> > 
> > Thank you,
> > Brett
> > 
> > 
> > 
> >? ? 
> 
> Jules
> 
> -- Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> 
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from
> your boss?
> Contact me!
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415
> B654
> Follow me at twitter.com/JulesFM and
> twitter.com/MailScanner
> 
> 
> -- This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> -- MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the
> website! 



--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!



--

From GSilver at rampuptech.com  Tue May 18 22:30:19 2010
From: GSilver at rampuptech.com (Gavin Silver)
Date: Tue May 18 22:30:15 2010
Subject: docx problems
In-Reply-To: <141778.8394.qm@web30003.mail.mud.yahoo.com>
References: <EMEW3|ae57ac8103126b0f834738de41ee1c88m4HCI90bMailScanner|ecs.soton.ac.uk|4BF2776E.30702@ecs.soton.ac.uk>
	<141778.8394.qm@web30003.mail.mud.yahoo.com>
Message-ID: <AF3B610E0140EA4C9D8C9D50ECF75D9201BFD40D9121@galvatron>

ignore my last email



-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Brett Moss
Sent: Tuesday, May 18, 2010 4:02 PM
To: MailScanner discussion
Subject: Re: docx problems




> The "No programs allowed" error
> occurs in filetype.rules.conf and
> archives.filetype.rules.conf, so that is where you need to
> allow them.
> Basically you're probably going to have to comment out the
> "No programs allowed" rule in archives.filetype.rules.conf.
> The other option is to use the MIME type reporting (the
> optional extra field in each line, read the docs at the top
> of the file), and find out what a "file -i" reports for one
> of those odttf files, and allow that instead. That way you
> can keep the "No programs allowed" line as well, just put
> your new "allow" line above it.
> 
> Hope that helps!
> 
> Jules.
> 

Hello Jules,
I must be doing something wrong.
The results of a file -i are

file -i font10.odttf
font10.odttf: application/octet-stream

So, I placed the following line in both the archives.filetype.rules.conf and filetype.rules.conf above the line
deny    executable      No executables          No programs allowed

allow   -       application/octet-stream        -       -

All spaces are tabs.  I restarted MailScanner and the message is still blocked.

>From what I saw in the archives, the format looks correct, but obviously it is not.  Any suggestions please?

Thank you,
Brett

> On 17/05/2010 17:30, Brett Moss wrote:
> > Hello,
> > This appears to be a new problem for me.
> > I am seeing emails with .docx files attached tagged as
> a bad filename with this message.
> > 
> > Quarantine:
> /var/spool/MailScanner/quarantine/20100517/o4HG7hpC008615
> >? ? ? Report: MailScanner: No programs
> allowed (font10.odttf)
> >? ? ? Report: MailScanner: No programs
> allowed (font10.odttf)
> > 
> > I tried to add a line to the
> archives.filename.rules.conf to allow the .odttf, but that
> did not seem to work.
> > 
> > I did not find anything with google for "mailscanner
> and odttf", but I can't imagine this is new.
> > 
> > The .odttf files live a few dirs down
> > file.docx-->word-->fonts-->fontx.odttf
> > 
> > Thank you,
> > Brett
> > 
> > 
> > 
> >? ? 
> 
> Jules
> 
> -- Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> 
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from
> your boss?
> Contact me!
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415
> B654
> Follow me at twitter.com/JulesFM and
> twitter.com/MailScanner
> 
> 
> -- This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> -- MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the
> website! 



--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!



--

From john at tradoc.fr  Wed May 19 06:56:39 2010
From: john at tradoc.fr (John Wilcock)
Date: Wed May 19 06:56:54 2010
Subject: docx problems
In-Reply-To: <EMEW3|ae57ac8103126b0f834738de41ee1c88m4HCI90bMailScanner|ecs.soton.ac.uk|4BF2776E.30702@ecs.soton.ac.uk>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<4BF2776E.30702@ecs.soton.ac.uk>
	<EMEW3|ae57ac8103126b0f834738de41ee1c88m4HCI90bMailScanner|ecs.soton.ac.uk|4BF2776E.30702@ecs.soton.ac.uk>
Message-ID: <4BF37D97.70207@tradoc.fr>

Le 18/05/2010 13:18, Julian Field a ?crit :
> The "No programs allowed" error occurs in filetype.rules.conf and
> archives.filetype.rules.conf, so that is where you need to allow them.
> Basically you're probably going to have to comment out the "No programs
> allowed" rule in archives.filetype.rules.conf.
> The other option is to use the MIME type reporting (the optional extra
> field in each line, read the docs at the top of the file), and find out
> what a "file -i" reports for one of those odttf files, and allow that
> instead. That way you can keep the "No programs allowed" line as well,
> just put your new "allow" line above it.

I've been seeing similar problems to the OP with various file types 
inside archives, but I've also noticed Clamd::ERROR:: Access denied. 
messages in the logs despite using 4.80.4. I haven't had time to 
investigate in detail, but I suspect that the "No programs allowed" is 
just a symptom of a problem similar to the one you fixed for Access 
denied on --lint with clamd 0.96.

John.

-- 
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr
From ywang at lfm-agile.com.hk  Wed May 19 07:18:21 2010
From: ywang at lfm-agile.com.hk (Yang Wang)
Date: Wed May 19 07:16:25 2010
Subject: How to use rbl of spamhaus.org and spamcop.net
Message-ID: <73427F8396E54C91986A1969B3BFC66D@cngd01comp909>

Dear All,

    I have used rbl of cblless with return code,now i want to use rbl of spamhaus.org and spamcop.net,could you tell me below setting whether right? especial ip format,thanks.



-------------------------------------------------------------------------------------
smtpd_client_restrictions =  permit_mynetworks,
                             permit_sasl_authenticated,
                             check_sender_access hash:/etc/postfix/none_rbl_check,
                             reject_rbl_client cblless.anti-spam.org.cn=127.0.8.5
                            # reject_rbl_client sbl-xbl.spamhaus.org=127.0.0.2-5
                            # reject_rbl_client zen.spamhaus.org=127.0.0.2-11
                            # reject_rbl_client bl.spamcop.net=127.0.0.2
---------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100519/d7a38cf5/attachment.html
From khawaja.jawad at gmail.com  Wed May 19 13:44:32 2010
From: khawaja.jawad at gmail.com (Khawaja M. Jawad)
Date: Wed May 19 13:44:49 2010
Subject: Block emails having different source and reply-to address....
Message-ID: <4bf3dd35.1d588c0a.0479.ffffc7b7@mx.google.com>

 

 

 

Hello All,

 

A lots of my customer are sending email from some abc@invalid-domain.com and
they configure Reply-To address to their actual address i.e.
abc@valid-domain.com 

 

How can I stop such email in which source email address and reply-to email
address are not same. 

 

Thanks

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100519/ccbb03e7/attachment.html
From danield at igb.uiuc.edu  Wed May 19 14:36:12 2010
From: danield at igb.uiuc.edu (Daniel Davidson)
Date: Wed May 19 14:36:29 2010
Subject: Spamassassin running twice
Message-ID: <1274276172.30222.637.camel@localhost>

Hello, I just upgraded my Mailscanner and spamassassin, and there is
something that seems to be broken this time.  Sometimes when a mail goes
through, it seems to be scanned for spam twice, as shown by the header
below:

X-NEWIGB-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin
(not cached, score=5.447, required 5, BAYES_20 -0.00, DOS_OUTLOOK_TO_MX
2.84, FSL_HELO_NON_FQDN_1 0.00, HELO_NO_DOMAIN 0.00, HTML_MESSAGE 0.00,
MIME_HTML_MOSTLY 0.43, TVD_RCVD_SINGLE 2.17), spam, SpamAssassin
(cached, score=5.447, required 5, BAYES_20 -0.00, DOS_OUTLOOK_TO_MX
2.84, FSL_HELO_NON_FQDN_1 0.00, HELO_NO_DOMAIN 0.00, HTML_MESSAGE 0.00,
MIME_HTML_MOSTLY 0.43, TVD_RCVD_SINGLE 2.17)

With the main issue being that the second time the message is not
whitelisted appropriately.  I am running a mostly default config, with
some edits to spam.assassin.prefs.conf to adjust the score of a few
things.

Dan

From alex at rtpty.com  Wed May 19 14:45:50 2010
From: alex at rtpty.com (Alex Neuman)
Date: Wed May 19 14:46:02 2010
Subject: Block emails having different source and reply-to address....
In-Reply-To: <4bf3dd35.1d588c0a.0479.ffffc7b7@mx.google.com>
References: <4bf3dd35.1d588c0a.0479.ffffc7b7@mx.google.com>
Message-ID: <963876652-1274276748-cardhu_decombobulator_blackberry.rim.net-74612473-@bda942.bisx.prod.on.blackberry>

You could create a spamassassin rule that tests for the condition, then create an action item for that condition or give it a high score and deal with it like any other spam message. 
--

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex@rtpty.com

-----Original Message-----
From: "Khawaja M. Jawad" <khawaja.jawad@gmail.com>
Date: Wed, 19 May 2010 17:44:32 
To: <mailscanner@lists.mailscanner.info>
Subject: Block emails having different source and reply-to address....

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


From john at tradoc.fr  Wed May 19 15:01:45 2010
From: john at tradoc.fr (John Wilcock)
Date: Wed May 19 15:02:02 2010
Subject: Block emails having different source and reply-to address....
In-Reply-To: <4bf3dd35.1d588c0a.0479.ffffc7b7@mx.google.com>
References: <4bf3dd35.1d588c0a.0479.ffffc7b7@mx.google.com>
Message-ID: <4BF3EF49.6030902@tradoc.fr>

Le 19/05/2010 14:44, Khawaja M. Jawad a ?crit :
> How can I stop such email in which source email address and reply-to
> email address are not same.

Your MTA may be able to detect this condition, a custom spamassassin 
rule definitely could, but it's unlikely to be a good idea to block such 
messages. Lots of legitimate e-mail has different From and Reply-to 
addresses (not least, messages from mailing lists).

John.

-- 
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr
From jancarel.putter at gmail.com  Wed May 19 20:49:42 2010
From: jancarel.putter at gmail.com (JC Putter)
Date: Wed May 19 20:47:37 2010
Subject: Block emails having different source and reply-to address....
In-Reply-To: <963876652-1274276748-cardhu_decombobulator_blackberry.rim.net-74612473-@bda942.bisx.prod.on.blackberry>
References: <4bf3dd35.1d588c0a.0479.ffffc7b7@mx.google.com><963876652-1274276748-cardhu_decombobulator_blackberry.rim.net-74612473-@bda942.bisx.prod.on.blackberry>
Message-ID: <1471825577-1274298442-cardhu_decombobulator_blackberry.rim.net-1805267260-@bda108.bisx.produk.on.blackberry>

Alex

There already exists such a plugin for spamassassin, I have used it but it causes a lot of false positives.
Sent via BlackBerry

-----Original Message-----
From: "Alex Neuman" <alex@rtpty.com>
Date: Wed, 19 May 2010 13:45:50 
To: MailScanner discussion<mailscanner@lists.mailscanner.info>
Subject: Re: Block emails having different source and reply-to address....

You could create a spamassassin rule that tests for the condition, then create an action item for that condition or give it a high score and deal with it like any other spam message. 
--

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex@rtpty.com

-----Original Message-----
From: "Khawaja M. Jawad" <khawaja.jawad@gmail.com>
Date: Wed, 19 May 2010 17:44:32 
To: <mailscanner@lists.mailscanner.info>
Subject: Block emails having different source and reply-to address....

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From gafaith at asdm.net  Wed May 19 21:12:09 2010
From: gafaith at asdm.net (Gary Faith)
Date: Wed May 19 21:12:33 2010
Subject: MailScanner: Could not analyze message
Message-ID: <4BF40DD90200002D00008EC2@sparky.asdm.net>

I have some e-mail being sent by one individual to MailScanner running ver 4.79.11 and the messages are getting tagged as {Dangerous Content?}.  I am running MailScanner with clamav & sanesecurity signatures, scamnailer, razor, pyzor & dcc.  Mailwatch reports that it isn't a virus it is "Other Infection":

Anti-Virus/Dangerous Content Protection
Virus: N 
Blocked File: N 
Other Infection: Y 
Report:MailScanner: Could not analyze message

The message has contains this:

Warning: This message has had one or more attachments removed
Warning: (the entire message).
Warning: Please read the "XXX-Attachment-Warning.txt" attachment(s) for more information.

This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail message contained potentially dangerous content,
which has been removed for your safety.

At Wed May 19 15:36:22 2010 the content filters said:
   MailScanner: Could not analyze message

The sender uses Maximizer to generate the e-mail with a PDF attachment.  I had the sender use Maximizer and send only the message without the attachment and it comes in fine.  I had them send only the attachment via Outlook and it comes in fine.  It seems the problem is with Mazimizer but I am not sure why.  

I can send the quarantined message or whatever is needed to determine the problem off list.

I need help in tracking down where the problem is and getting it fixed.

Thanks,

Gary Faith


From mrm at medicine.wisc.edu  Wed May 19 21:56:43 2010
From: mrm at medicine.wisc.edu (Michael Masse)
Date: Wed May 19 21:57:06 2010
Subject: Block emails having different source and reply-to address....
In-Reply-To: <4bf3dd35.1d588c0a.0479.ffffc7b7@mx.google.com>
References: <4bf3dd35.1d588c0a.0479.ffffc7b7@mx.google.com>
Message-ID: <4BF40A3B0200003E000079AD@gwmail.medicine.wisc.edu>

Another useful tool for this is called mailfromd.   It works very well for this sort of thing, but as others have said, mailling lists will break with this and unfortunately more and more legitimate email senders seem to be using what I call 3rd party pseudo-spam services.   
-Mike

>>> On 5/19/2010 at 7:44 AM, in message <4bf3dd35.1d588c0a.0479.ffffc7b7@mx.google.com>, "Khawaja M. Jawad" <khawaja.jawad@gmail.com> wrote:


 
 
 
Hello All,
 
A lots of my customer are sending email from some abc@invalid-domain.com and they configure Reply-To address to their actual address i.e. abc@valid-domain.com 
 
How can I stop such email in which source email address and reply-to email address are not same. 
 
Thanks
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100519/21cf79a4/attachment.html
From danield at igb.uiuc.edu  Wed May 19 22:26:03 2010
From: danield at igb.uiuc.edu (Daniel Davidson)
Date: Wed May 19 22:26:23 2010
Subject: Spamassassin running twice
In-Reply-To: <1274276172.30222.637.camel@localhost>
References: <1274276172.30222.637.camel@localhost>
Message-ID: <1274304363.30222.686.camel@localhost>

Its looking like the time it is not marked as spam, the message is sent
from localhost (127.0.0.1) of the mail server as opposed to the subnet
that I have whitelisted.  If I put in 127.0.0.1 in the whitelist will
that whitelist all messages sent from localhost on all machines or will
it only whitelist messages sent from localhost on the mail server?

thanks,

Dan


On Wed, 2010-05-19 at 08:36 -0500, Daniel Davidson wrote:
> Hello, I just upgraded my Mailscanner and spamassassin, and there is
> something that seems to be broken this time.  Sometimes when a mail goes
> through, it seems to be scanned for spam twice, as shown by the header
> below:
> 
> X-NEWIGB-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin
> (not cached, score=5.447, required 5, BAYES_20 -0.00, DOS_OUTLOOK_TO_MX
> 2.84, FSL_HELO_NON_FQDN_1 0.00, HELO_NO_DOMAIN 0.00, HTML_MESSAGE 0.00,
> MIME_HTML_MOSTLY 0.43, TVD_RCVD_SINGLE 2.17), spam, SpamAssassin
> (cached, score=5.447, required 5, BAYES_20 -0.00, DOS_OUTLOOK_TO_MX
> 2.84, FSL_HELO_NON_FQDN_1 0.00, HELO_NO_DOMAIN 0.00, HTML_MESSAGE 0.00,
> MIME_HTML_MOSTLY 0.43, TVD_RCVD_SINGLE 2.17)
> 
> With the main issue being that the second time the message is not
> whitelisted appropriately.  I am running a mostly default config, with
> some edits to spam.assassin.prefs.conf to adjust the score of a few
> things.
> 
> Dan
> 


From alex at rtpty.com  Wed May 19 22:29:39 2010
From: alex at rtpty.com (Alex Neuman)
Date: Wed May 19 22:29:52 2010
Subject: Block emails having different source and reply-to address....
In-Reply-To: <1471825577-1274298442-cardhu_decombobulator_blackberry.rim.net-1805267260-@bda108.bisx.produk.on.blackberry>
References: <4bf3dd35.1d588c0a.0479.ffffc7b7@mx.google.com><963876652-1274276748-cardhu_decombobulator_blackberry.rim.net-74612473-@bda942.bisx.prod.on.blackberry>
	<1471825577-1274298442-cardhu_decombobulator_blackberry.rim.net-1805267260-@bda108.bisx.produk.on.blackberry>
Message-ID: <8DF3B94A-8C49-4BF2-9D6B-D50B212BF32D@rtpty.com>

That's why I said you could create a spamassassin rule that tests for the condition, then create an action item for that condition or give it a high score and deal with it like any other spam message, and not use a plugin that would cause the false positives.

On May 19, 2010, at 2:49 PM, JC Putter wrote:

> Alex
> 
> There already exists such a plugin for spamassassin, I have used it but it causes a lot of false positives.
> Sent via BlackBerry
> 
> -----Original Message-----
> From: "Alex Neuman" <alex@rtpty.com>
> Date: Wed, 19 May 2010 13:45:50 
> To: MailScanner discussion<mailscanner@lists.mailscanner.info>
> Subject: Re: Block emails having different source and reply-to address....
> 
> You could create a spamassassin rule that tests for the condition, then create an action item for that condition or give it a high score and deal with it like any other spam message. 
> --
> 
> Alex Neuman
> BBM 20EA17C5
> +507 6781-9505
> Skype:alex@rtpty.com
> 
> -----Original Message-----
> From: "Khawaja M. Jawad" <khawaja.jawad@gmail.com>
> Date: Wed, 19 May 2010 17:44:32 
> To: <mailscanner@lists.mailscanner.info>
> Subject: Block emails having different source and reply-to address....
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

From miguelk at konsultex.com.br  Thu May 20 01:57:39 2010
From: miguelk at konsultex.com.br (Miguel Koren O'Brien de Lacy)
Date: Thu May 20 01:57:29 2010
Subject: [OT] - Configure sendmail to drop incoming unknown user emails
Message-ID: <4BF48903.1080904@konsultex.com.br>

Ladies and Gentlemen;

I need to configure sendmail to silently drop emails received for
unknown users on the server. In other words I don't want the sender to
thinks that the email was received and then I want to put it in
/dev/null. This is not for special needs for an internal application and
not for any real interset email server. I searched around about how to
do this and found some links that seem to imply that it's possible but
no real solution. Can anyone point me to the right place for this?

Thanks.

Miguel

-- 
Esta mensagem foi verificada pelo sistema de antivírus e
 acredita-se estar livre de perigo.

From nate.olson at ndsu.edu  Thu May 20 03:04:02 2010
From: nate.olson at ndsu.edu (Nathan Olson)
Date: Thu May 20 03:00:29 2010
Subject: [OT] - Configure sendmail to drop incoming unknown user emails
In-Reply-To: <4BF48903.1080904@konsultex.com.br>
References: <4BF48903.1080904@konsultex.com.br>
Message-ID: <20100520020402.GA23097@nate.cc.ndsu.nodak.edu>

In /etc/aliases
user: /dev/null

Then run 'newaliases'

Tada.

On Wed, May 19, 2010 at 09:57:39PM -0300, Miguel Koren O'Brien de Lacy wrote:
> Ladies and Gentlemen;
> 
> I need to configure sendmail to silently drop emails received for
> unknown users on the server. In other words I don't want the sender to
> thinks that the email was received and then I want to put it in
> /dev/null. This is not for special needs for an internal application and
> not for any real interset email server. I searched around about how to
> do this and found some links that seem to imply that it's possible but
> no real solution. Can anyone point me to the right place for this?
> 
> Thanks.
> 
> Miguel
> 
> -- 
> Esta mensagem foi verificada pelo sistema de antiv?rus e
>  acredita-se estar livre de perigo.
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
From maxsec at gmail.com  Thu May 20 08:29:10 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Thu May 20 08:29:20 2010
Subject: Spamassassin running twice
In-Reply-To: <1274304363.30222.686.camel@localhost>
References: <1274276172.30222.637.camel@localhost>
	<1274304363.30222.686.camel@localhost>
Message-ID: <AANLkTimZmjy8k1IBbPUZ_-Mo_6OASQe-5ziUnrziBCmq@mail.gmail.com>

Dan

will only whitelist the mailserver (or the machine running mailscanner to be
more precise).

Martin

On 19 May 2010 22:26, Daniel Davidson <danield@igb.uiuc.edu> wrote:

> Its looking like the time it is not marked as spam, the message is sent
> from localhost (127.0.0.1) of the mail server as opposed to the subnet
> that I have whitelisted.  If I put in 127.0.0.1 in the whitelist will
> that whitelist all messages sent from localhost on all machines or will
> it only whitelist messages sent from localhost on the mail server?
>
> thanks,
>
> Dan
>
>
> On Wed, 2010-05-19 at 08:36 -0500, Daniel Davidson wrote:
> > Hello, I just upgraded my Mailscanner and spamassassin, and there is
> > something that seems to be broken this time.  Sometimes when a mail goes
> > through, it seems to be scanned for spam twice, as shown by the header
> > below:
> >
> > X-NEWIGB-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin
> > (not cached, score=5.447, required 5, BAYES_20 -0.00, DOS_OUTLOOK_TO_MX
> > 2.84, FSL_HELO_NON_FQDN_1 0.00, HELO_NO_DOMAIN 0.00, HTML_MESSAGE 0.00,
> > MIME_HTML_MOSTLY 0.43, TVD_RCVD_SINGLE 2.17), spam, SpamAssassin
> > (cached, score=5.447, required 5, BAYES_20 -0.00, DOS_OUTLOOK_TO_MX
> > 2.84, FSL_HELO_NON_FQDN_1 0.00, HELO_NO_DOMAIN 0.00, HTML_MESSAGE 0.00,
> > MIME_HTML_MOSTLY 0.43, TVD_RCVD_SINGLE 2.17)
> >
> > With the main issue being that the second time the message is not
> > whitelisted appropriately.  I am running a mostly default config, with
> > some edits to spam.assassin.prefs.conf to adjust the score of a few
> > things.
> >
> > Dan
> >
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



-- 
Martin Hepworth
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100520/17ffd113/attachment.html
From nate.olson at ndsu.edu  Thu May 20 13:17:18 2010
From: nate.olson at ndsu.edu (Nathan Olson)
Date: Thu May 20 13:13:39 2010
Subject: [OT] - Configure sendmail to drop incoming unknown user emails
In-Reply-To: <4BF48903.1080904@konsultex.com.br>
References: <4BF48903.1080904@konsultex.com.br>
Message-ID: <20100520121718.GA24555@nate.cc.ndsu.nodak.edu>

Whoops, nevermind my 'solution'.  I misread the question.

On Wed, May 19, 2010 at 09:57:39PM -0300, Miguel Koren O'Brien de Lacy wrote:
> Ladies and Gentlemen;
> 
> I need to configure sendmail to silently drop emails received for
> unknown users on the server. In other words I don't want the sender to
> thinks that the email was received and then I want to put it in
> /dev/null. This is not for special needs for an internal application and
> not for any real interset email server. I searched around about how to
> do this and found some links that seem to imply that it's possible but
> no real solution. Can anyone point me to the right place for this?
> 
> Thanks.
> 
> Miguel
> 
> -- 
> Esta mensagem foi verificada pelo sistema de antiv?rus e
>  acredita-se estar livre de perigo.
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
From rlopezcnm at gmail.com  Thu May 20 18:32:04 2010
From: rlopezcnm at gmail.com (Robert Lopez)
Date: Thu May 20 18:32:14 2010
Subject: bypassing SpamAssassin and virus checks for ...
Message-ID: <AANLkTinyEPqs9FYGZiGtK-75yiwjDseEQclYl96STxH-@mail.gmail.com>

This college has contracted with an organization to handle
all emergency communications which will be sent by text
message to those who sign up and by email to everyone.
That organization has requested certain "whitelisting" to
occur on our email gateways.

I have done the whitelisting I can do on Postfix.
If I had a better understanding of Postfix, it might have
been better to have Postfix bypass MailScanner.

Now I need to tell MailScanner to allow the email to
bypass SpamAssassin and the virus checking software.

Thus far I have not utilized any RuleSets files.
The book says bypassing SpamAssassin does not
bypass the virus checking.

As I plan I am looking at these two modifications:

--------------------------------------------------------------------------------

1) Add to
/etc/MailScanner/rules/spam.whitelist.rules
and enable use in /etc/MailScanner/MailScanner.conf

From:		207.66.21.3		yes
From:		69.25.199.33		yes
From:		205.237.106.3		yes
From:		@getrave.com		yes
From:		@ravewireless.com	yes
From:		@ravemobilesafety.com	yes
From:		*cnm.edu@getrave.com	yes
From:		No-reply@getrave.com	yes

--------------------------------------------------------------------------------

2) Add to
/etc/MailScanner/rules/virus.scanning.rules
and enable use in /etc/MailScanner/MailScanner.conf

From:		207.66.21.3		yes
From:		69.25.199.33		yes
From:		205.237.106.3		yes
From:		@getrave.com		yes
From:		@ravewireless.com	yes
From:		@ravemobilesafety.com	yes
From:		*cnm.edu@getrave.com	yes
From:		No-reply@getrave.com	yes

--------------------------------------------------------------------------------

The two sets of lines are exactly the same in both of the files.
It seems redundant. Because in a real emergency the
service will "open multiple SMTP connections and attempt to
send a large number of emails in a short period of time" I
should be concerned with system load.

Are my plans sufficient?
Is there something more efficient I should consider?

-- 
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
From ssilva at sgvwater.com  Thu May 20 19:44:59 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu May 20 19:45:23 2010
Subject: MailScanner: Could not analyze message
In-Reply-To: <4BF40DD90200002D00008EC2@sparky.asdm.net>
References: <4BF40DD90200002D00008EC2@sparky.asdm.net>
Message-ID: <ht3vvc$vbf$1@dough.gmane.org>

on 5-19-2010 1:12 PM Gary Faith spake the following:
> I have some e-mail being sent by one individual to MailScanner running ver 4.79.11 and the messages are getting tagged as {Dangerous Content?}.  I am running MailScanner with clamav & sanesecurity signatures, scamnailer, razor, pyzor & dcc.  Mailwatch reports that it isn't a virus it is "Other Infection":
> 
> Anti-Virus/Dangerous Content Protection
> Virus: N 
> Blocked File: N 
> Other Infection: Y 
> Report:MailScanner: Could not analyze message
> 
> The message has contains this:
> 
> Warning: This message has had one or more attachments removed
> Warning: (the entire message).
> Warning: Please read the "XXX-Attachment-Warning.txt" attachment(s) for more information.
> 
> This is a message from the MailScanner E-Mail Virus Protection Service
> ----------------------------------------------------------------------
> The original e-mail message contained potentially dangerous content,
> which has been removed for your safety.
> 
> At Wed May 19 15:36:22 2010 the content filters said:
>    MailScanner: Could not analyze message
> 
> The sender uses Maximizer to generate the e-mail with a PDF attachment.  I had the sender use Maximizer and send only the message without the attachment and it comes in fine.  I had them send only the attachment via Outlook and it comes in fine.  It seems the problem is with Mazimizer but I am not sure why.  
> 
> I can send the quarantined message or whatever is needed to determine the problem off list.
> 
> I need help in tracking down where the problem is and getting it fixed.
> 
> Thanks,
> 
> Gary Faith
> 
> 
Is the sender using Outlook?

From ssilva at sgvwater.com  Thu May 20 19:46:34 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu May 20 19:50:14 2010
Subject: [OT] - Configure sendmail to drop incoming unknown user emails
In-Reply-To: <4BF48903.1080904@konsultex.com.br>
References: <4BF48903.1080904@konsultex.com.br>
Message-ID: <ht402a$vbf$2@dough.gmane.org>

on 5-19-2010 5:57 PM Miguel Koren O'Brien de Lacy spake the following:
> Ladies and Gentlemen;
> 
> I need to configure sendmail to silently drop emails received for
> unknown users on the server. In other words I don't want the sender to
> thinks that the email was received and then I want to put it in
> /dev/null. This is not for special needs for an internal application and
> not for any real interset email server. I searched around about how to
> do this and found some links that seem to imply that it's possible but
> no real solution. Can anyone point me to the right place for this?
> 
> Thanks.
> 
> Miguel
> 
Sendmail should be doing this already... You have changed something to make it
NOT reject unknown users.

From ecasarero at gmail.com  Thu May 20 20:09:40 2010
From: ecasarero at gmail.com (Eduardo Casarero)
Date: Thu May 20 20:10:11 2010
Subject: [OT] - Configure sendmail to drop incoming unknown user emails
In-Reply-To: <ht402a$vbf$2@dough.gmane.org>
References: <4BF48903.1080904@konsultex.com.br> <ht402a$vbf$2@dough.gmane.org>
Message-ID: <AANLkTimw6YhhKDIjzZo9t6Ryv2242tyKv4XJk1SYWiVa@mail.gmail.com>

2010/5/20 Scott Silva <ssilva@sgvwater.com>

> on 5-19-2010 5:57 PM Miguel Koren O'Brien de Lacy spake the following:
> > Ladies and Gentlemen;
> >
> > I need to configure sendmail to silently drop emails received for
> > unknown users on the server. In other words I don't want the sender to
> > thinks that the email was received and then I want to put it in
> > /dev/null. This is not for special needs for an internal application and
> > not for any real interset email server. I searched around about how to
> > do this and found some links that seem to imply that it's possible but
> > no real solution. Can anyone point me to the right place for this?
> >
> > Thanks.
> >
> > Miguel
> >
> Sendmail should be doing this already... You have changed something to make
> it
> NOT reject unknown users.
>
>
Sendmail can "discard" the email, in fact in access.db you can setup for
example "From: 1.2.3.4 DISCARD" so every email from that ip is silently
discarded. How do you now if an user is either valid or not? Ldap?


> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100520/b6fae1b8/attachment.html
From miguelk at konsultex.com.br  Thu May 20 20:11:03 2010
From: miguelk at konsultex.com.br (Miguel Koren O'Brien de Lacy)
Date: Thu May 20 20:10:30 2010
Subject: [OT] - Configure sendmail to drop incoming unknown user emails
In-Reply-To: <ht402a$vbf$2@dough.gmane.org>
References: <4BF48903.1080904@konsultex.com.br> <ht402a$vbf$2@dough.gmane.org>
Message-ID: <4BF58947.6040309@konsultex.com.br>

An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100520/52ea4060/attachment.html
From miguelk at konsultex.com.br  Thu May 20 20:28:15 2010
From: miguelk at konsultex.com.br (Miguel Koren O'Brien de Lacy)
Date: Thu May 20 20:27:52 2010
Subject: [OT] - Configure sendmail to drop incoming unknown user emails
In-Reply-To: <AANLkTimw6YhhKDIjzZo9t6Ryv2242tyKv4XJk1SYWiVa@mail.gmail.com>
References: <4BF48903.1080904@konsultex.com.br> <ht402a$vbf$2@dough.gmane.org>
	<AANLkTimw6YhhKDIjzZo9t6Ryv2242tyKv4XJk1SYWiVa@mail.gmail.com>
Message-ID: <4BF58D4F.9060703@konsultex.com.br>

An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100520/44d3f534/attachment.html
From ka at pacific.net  Thu May 20 22:45:22 2010
From: ka at pacific.net (Ken A)
Date: Thu May 20 22:45:52 2010
Subject: [OT] - Configure sendmail to drop incoming unknown user emails
In-Reply-To: <4BF58D4F.9060703@konsultex.com.br>
References: <4BF48903.1080904@konsultex.com.br>
	<ht402a$vbf$2@dough.gmane.org>	<AANLkTimw6YhhKDIjzZo9t6Ryv2242tyKv4XJk1SYWiVa@mail.gmail.com>
	<4BF58D4F.9060703@konsultex.com.br>
Message-ID: <4BF5AD72.6030003@pacific.net>

In /etc/mail/access

To:validuser@somedomain.com             RELAY
To:validuser2@somedomain.com            RELAY
To:somedomain.com                       DISCARD

System users may not need to be listed, but if you are pulling them from 
ldap.. then maybe. I've used this on relays, not mail hub.

Why would you want to create such a spam magnet anyway?

Ken


On 5/20/2010 2:28 PM, Miguel Koren O'Brien de Lacy wrote:
> Hi Eduardo,
>
> Thanks for the answer. For now I would be happy just to silently discard mails
> to users that are not linux users on the same server. But my real problem
> further down the road is in ldap (active directory). So users not in AD are
> considered invalid emails. I decided to approach this in steps ;-)
>
> Miguel
>
> Eduardo Casarero wrote:
>>
>>
>>  2010/5/20 Scott Silva<ssilva@sgvwater.com<mailto:ssilva@sgvwater.com>>
>>
>>      on 5-19-2010 5:57 PM Miguel Koren O'Brien de Lacy spake the following:
>>      >  Ladies and Gentlemen;
>>      >
>>      >  I need to configure sendmail to silently drop emails received for
>>      >  unknown users on the server. In other words I don't want the sender to
>>      >  thinks that the email was received and then I want to put it in
>>      >  /dev/null. This is not for special needs for an internal application and
>>      >  not for any real interset email server. I searched around about how to
>>      >  do this and found some links that seem to imply that it's possible but
>>      >  no real solution. Can anyone point me to the right place for this?
>>      >
>>      >  Thanks.
>>      >
>>      >  Miguel
>>      >
>>      Sendmail should be doing this already... You have changed something to make it
>>      NOT reject unknown users.
>>
>>
>>  Sendmail can "discard" the email, in fact in access.db you can setup for
>>  example "From: 1.2.3.4 DISCARD" so every email from that ip is silently
>>  discarded. How do you now if an user is either valid or not? Ldap?
>>
>>      --
>>      MailScanner mailing list
>>      mailscanner@lists.mailscanner.info<mailto:mailscanner@lists.mailscanner.info>
>>      http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>      Before posting, read http://wiki.mailscanner.info/posting
>>
>>      Support MailScanner development - buy the book off the website!
>>
>>
>>
>>  --
>>  Esta mensagem foi verificada pelo sistema de antiv?rus e
>>  acredita-se estar livre de perigo.
>
> --
> Esta mensagem foi verificada pelo sistema de antiv?rus e
> acredita-se estar livre de perigo.
>

-- 
Ken Anderson
Pacific Internet - http://www.pacific.net
From ssilva at sgvwater.com  Fri May 21 00:23:46 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri May 21 00:24:07 2010
Subject: [OT] - Configure sendmail to drop incoming unknown user emails
In-Reply-To: <AANLkTimw6YhhKDIjzZo9t6Ryv2242tyKv4XJk1SYWiVa@mail.gmail.com>
References: <4BF48903.1080904@konsultex.com.br> <ht402a$vbf$2@dough.gmane.org>
	<AANLkTimw6YhhKDIjzZo9t6Ryv2242tyKv4XJk1SYWiVa@mail.gmail.com>
Message-ID: <ht4ga4$r62$1@dough.gmane.org>

on 5-20-2010 12:09 PM Eduardo Casarero spake the following:
> 
> 
> 2010/5/20 Scott Silva <ssilva@sgvwater.com <mailto:ssilva@sgvwater.com>>
> 
>     on 5-19-2010 5:57 PM Miguel Koren O'Brien de Lacy spake the following:
>     > Ladies and Gentlemen;
>     >
>     > I need to configure sendmail to silently drop emails received for
>     > unknown users on the server. In other words I don't want the sender to
>     > thinks that the email was received and then I want to put it in
>     > /dev/null. This is not for special needs for an internal
>     application and
>     > not for any real interset email server. I searched around about how to
>     > do this and found some links that seem to imply that it's possible but
>     > no real solution. Can anyone point me to the right place for this?
>     >
>     > Thanks.
>     >
>     > Miguel
>     >
>     Sendmail should be doing this already... You have changed something
>     to make it
>     NOT reject unknown users.
> 
> 
> Sendmail can "discard" the email, in fact in access.db you can setup for
> example "From: 1.2.3.4 DISCARD" so every email from that ip is silently
> discarded. How do you now if an user is either valid or not? Ldap?
Sorry... I misread the OP. Are you trying to drop ALL unknown users, or just
forged spam?

From ssilva at sgvwater.com  Fri May 21 00:44:15 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri May 21 00:44:39 2010
Subject: [OT] - Configure sendmail to drop incoming unknown user emails
In-Reply-To: <4BF58947.6040309@konsultex.com.br>
References: <4BF48903.1080904@konsultex.com.br> <ht402a$vbf$2@dough.gmane.org>
	<4BF58947.6040309@konsultex.com.br>
Message-ID: <ht4hgf$thr$1@dough.gmane.org>

on 5-20-2010 12:11 PM Miguel Koren O'Brien de Lacy spake the following:
> Scott;
> 
> Thanks for your reply. I see that I made a mistake in my orignal post.
> :-( I meant to say that "I want the sender to think that the email was
> received and then I want to put in into /dev/null (only for emails to
> unknown users)". Right now this sendmail out of the box sends back a
> user unknown error message. I want to disable that and throw that email
> away.
> 
> Miguel
That will be hard to do , at least with sendmail alone.. You might be able to
do it with a milter like mimedefang.

From miguelk at konsultex.com.br  Fri May 21 03:28:56 2010
From: miguelk at konsultex.com.br (Miguel Koren O'Brien de Lacy)
Date: Fri May 21 03:28:36 2010
Subject: [OT] - Configure sendmail to drop incoming unknown user emails
In-Reply-To: <ht4ga4$r62$1@dough.gmane.org>
References: <4BF48903.1080904@konsultex.com.br>
	<ht402a$vbf$2@dough.gmane.org>	<AANLkTimw6YhhKDIjzZo9t6Ryv2242tyKv4XJk1SYWiVa@mail.gmail.com>
	<ht4ga4$r62$1@dough.gmane.org>
Message-ID: <4BF5EFE8.5080405@konsultex.com.br>

An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100520/0f4b8e85/attachment.html
From miguelk at konsultex.com.br  Fri May 21 03:45:07 2010
From: miguelk at konsultex.com.br (Miguel Koren O'Brien de Lacy)
Date: Fri May 21 03:44:35 2010
Subject: [OT] - Configure sendmail to drop incoming unknown user emails
In-Reply-To: <4BF5AD72.6030003@pacific.net>
References: <4BF48903.1080904@konsultex.com.br>	<ht402a$vbf$2@dough.gmane.org>	<AANLkTimw6YhhKDIjzZo9t6Ryv2242tyKv4XJk1SYWiVa@mail.gmail.com>	<4BF58D4F.9060703@konsultex.com.br>
	<4BF5AD72.6030003@pacific.net>
Message-ID: <4BF5F3B3.5080908@konsultex.com.br>

Ken;=0A=
=0A=
Thanks for the idea. I'm not trying to do anything spam or virus=0A=
related. This is an internal smtp server just for internal email alerts=0A=
to internal users. I need to avoid the error message when it gets email=0A=
for an unknown user. I suppose I have to do some testing.=0A=
=0A=
Ken A wrote:=0A=
> In /etc/mail/access=0A=
>=0A=
> To:validuser@somedomain.com             RELAY=0A=
> To:validuser2@somedomain.com            RELAY=0A=
> To:somedomain.com                       DISCARD=0A=
>=0A=
> System users may not need to be listed, but if you are pulling them=0A=
> from ldap.. then maybe. I've used this on relays, not mail hub.=0A=
>=0A=
> Why would you want to create such a spam magnet anyway?=0A=
>=0A=
> Ken=0A=
>=0A=
>=0A=
> On 5/20/2010 2:28 PM, Miguel Koren O'Brien de Lacy wrote:=0A=
>> Hi Eduardo,=0A=
>>=0A=
>> Thanks for the answer. For now I would be happy just to silently=0A=
>> discard mails=0A=
>> to users that are not linux users on the same server. But my real=0A=
>> problem=0A=
>> further down the road is in ldap (active directory). So users not in=0A=
>> AD are=0A=
>> considered invalid emails. I decided to approach this in steps ;-)=0A=
>>=0A=
>> Miguel=0A=
>>=0A=
>> Eduardo Casarero wrote:=0A=
>>>=0A=
>>>=0A=
>>>  2010/5/20 Scott Silva<ssilva@sgvwater.com<mailto:ssilva@sgvwater.com>>=
=0A=
>>>=0A=
>>>      on 5-19-2010 5:57 PM Miguel Koren O'Brien de Lacy spake the=0A=
>>> following:=0A=
>>>      >  Ladies and Gentlemen;=0A=
>>>      >=0A=
>>>      >  I need to configure sendmail to silently drop emails=0A=
>>> received for=0A=
>>>      >  unknown users on the server. In other words I don't want the=0A=
>>> sender to=0A=
>>>      >  thinks that the email was received and then I want to put it in=
=0A=
>>>      >  /dev/null. This is not for special needs for an internal=0A=
>>> application and=0A=
>>>      >  not for any real interset email server. I searched around=0A=
>>> about how to=0A=
>>>      >  do this and found some links that seem to imply that it's=0A=
>>> possible but=0A=
>>>      >  no real solution. Can anyone point me to the right place for=0A=
>>> this?=0A=
>>>      >=0A=
>>>      >  Thanks.=0A=
>>>      >=0A=
>>>      >  Miguel=0A=
>>>      >=0A=
>>>      Sendmail should be doing this already... You have changed=0A=
>>> something to make it=0A=
>>>      NOT reject unknown users.=0A=
>>>=0A=
>>>=0A=
>>>  Sendmail can "discard" the email, in fact in access.db you can=0A=
>>> setup for=0A=
>>>  example "From: 1.2.3.4 DISCARD" so every email from that ip is=0A=
>>> silently=0A=
>>>  discarded. How do you now if an user is either valid or not? Ldap?=0A=
>>>=0A=
>>>      --=0A=
>>>      MailScanner mailing list=0A=
>>>=20=20=20=20=20=0A=
>>> mailscanner@lists.mailscanner.info<mailto:mailscanner@lists.mailscanner=
.info>=0A=
>>>=0A=
>>>      http://lists.mailscanner.info/mailman/listinfo/mailscanner=0A=
>>>=0A=
>>>      Before posting, read http://wiki.mailscanner.info/posting=0A=
>>>=0A=
>>>      Support MailScanner development - buy the book off the website!=0A=
>>>=0A=
>>>=0A=
>>>=0A=
>>>  --=0A=
>>>  Esta mensagem foi verificada pelo sistema de antiv=C3=ADrus e=0A=
>>>  acredita-se estar livre de perigo.=0A=
>>=0A=
>> --=20=0A=
>> Esta mensagem foi verificada pelo sistema de antiv=EF=BF=BDrus e=0A=
>> acredita-se estar livre de perigo.=0A=
>>=0A=
>=0A=
=0A=
=0A=
--=20=0A=
Esta mensagem foi verificada pelo sistema de antiv=EDrus e=0A=
 acredita-se estar livre de perigo.=0A=
=0A=
From hvdkooij at vanderkooij.org  Fri May 21 08:56:23 2010
From: hvdkooij at vanderkooij.org (hvdkooij)
Date: Fri May 21 08:58:19 2010
Subject: bypassing SpamAssassin and virus checks for ...
In-Reply-To: <AANLkTinyEPqs9FYGZiGtK-75yiwjDseEQclYl96STxH-@mail.gmail.com>
References: <AANLkTinyEPqs9FYGZiGtK-75yiwjDseEQclYl96STxH-@mail.gmail.com>
Message-ID: <e93b82b94947ab99b7127461f3d6948f@127.0.0.1>


On Thu, 20 May 2010 11:32:04 -0600, Robert Lopez <rlopezcnm@gmail.com>
wrote:

> I have done the whitelisting I can do on Postfix.
> If I had a better understanding of Postfix, it might have
> been better to have Postfix bypass MailScanner.

This might do the trick:
http://hugo.vanderkooij.org/email/mailscanner.htm#HOLD

That was how I tackled the issue.

Hugo.

-- 
hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
From hvdkooij at vanderkooij.org  Fri May 21 09:03:00 2010
From: hvdkooij at vanderkooij.org (hvdkooij)
Date: Fri May 21 09:04:56 2010
Subject: [OT] - Configure sendmail to drop incoming unknown user emails
In-Reply-To: <4BF5EFE8.5080405@konsultex.com.br>
References: <4BF48903.1080904@konsultex.com.br>
	<ht402a$vbf$2@dough.gmane.org>	<AANLkTimw6YhhKDIjzZo9t6Ryv2242tyKv4XJk1SYWiVa@mail.gmail.com>
	<ht4ga4$r62$1@dough.gmane.org> <4BF5EFE8.5080405@konsultex.com.br>
Message-ID: <a3d5ae3d300f59d74624c15eb667a114@127.0.0.1>



On Thu, 20 May 2010 23:28:56 -0300, "Miguel Koren O'Brien de Lacy" 
wrote:  Hi Scott;

 I'm trying to accept email for unknown users and throw
it away. I don't care about spam because this is an internal server
supporting an application that sends email notifications to internal users.
The problem is that if the user is unknown (someone left the company and
the app wasn't updated) and the app gets an error, the alert mechanism goes
into a loop, sending the same alert over again to the valid users. Changing
this behavior in the app is not feasible at this time, so I'm trying to
avoid the error message. 

Splendid. Someone wrote a buggy application. I
suggest you add your management into the looping alerts so they will be
encouraged to fix the application. 

Perhaps you should just creat aliases
for such users and send them off to CEO@..... to get the proper attention
to the real problem. 

Hugo.  

-- 

hvdkooij@vanderkooij.org [1]
http://hugo.vanderkooij.org/ [2]
PGP/GPG? Use:
http://hugo.vanderkooij.org/0x58F19981.asc [3]
 

Links:
------
[1]
mailto:hvdkooij@vanderkooij.org
[2] http://hugo.vanderkooij.org/
[3]
http://hugo.vanderkooij.org/0x58F19981.asc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100521/1051524d/attachment.html
From lstewart at superb.net  Fri May 21 10:09:12 2010
From: lstewart at superb.net (Landon Stewart)
Date: Fri May 21 10:09:23 2010
Subject: [OT] - Configure sendmail to drop incoming unknown user emails
In-Reply-To: <4BF5F3B3.5080908@konsultex.com.br>
References: <4BF48903.1080904@konsultex.com.br> <ht402a$vbf$2@dough.gmane.org>
	<AANLkTimw6YhhKDIjzZo9t6Ryv2242tyKv4XJk1SYWiVa@mail.gmail.com>
	<4BF58D4F.9060703@konsultex.com.br> <4BF5AD72.6030003@pacific.net>
	<4BF5F3B3.5080908@konsultex.com.br>
Message-ID: <AANLkTimBy7lKhrWm7eYk8G_KKLnrQyajj5y24PLW-PK1@mail.gmail.com>

I would google for creating a catch-all address and set the
destination of the catch-all to an alias defined in /etc/aliases
pointing to /dev/null.

You'll probably need to use virtuser table to do this.

On Thursday, May 20, 2010, Miguel Koren O'Brien de Lacy
<miguelk@konsultex.com.br> wrote:
> Ken;
>
> Thanks for the idea. I'm not trying to do anything spam or virus
> related. This is an internal smtp server just for internal email alerts
> to internal users. I need to avoid the error message when it gets email
> for an unknown user. I suppose I have to do some testing.
>
> Ken A wrote:
>> In /etc/mail/access
>>
>> To:validuser@somedomain.com ? ? ? ? ? ? RELAY
>> To:validuser2@somedomain.com ? ? ? ? ? ?RELAY
>> To:somedomain.com ? ? ? ? ? ? ? ? ? ? ? DISCARD
>>
>> System users may not need to be listed, but if you are pulling them
>> from ldap.. then maybe. I've used this on relays, not mail hub.
>>
>> Why would you want to create such a spam magnet anyway?
>>
>> Ken
>>
>>
>> On 5/20/2010 2:28 PM, Miguel Koren O'Brien de Lacy wrote:
>>> Hi Eduardo,
>>>
>>> Thanks for the answer. For now I would be happy just to silently
>>> discard mails
>>> to users that are not linux users on the same server. But my real
>>> problem
>>> further down the road is in ldap (active directory). So users not in
>>> AD are
>>> considered invalid emails. I decided to approach this in steps ;-)
>>>
>>> Miguel
>>>
>>> Eduardo Casarero wrote:
>>>>
>>>>
>>>> ?2010/5/20 Scott Silva<ssilva@sgvwater.com<mailto:ssilva@sgvwater.com>>
>>>>
>>>> ? ? ?on 5-19-2010 5:57 PM Miguel Koren O'Brien de Lacy spake the
>>>> following:
>>>> ? ? ?> ?Ladies and Gentlemen;
>>>> ? ? ?>
>>>> ? ? ?> ?I need to configure sendmail to silently drop emails
>>>> received for
>>>> ? ? ?> ?unknown users on the server. In other words I don't want the
>>>> sender to
>>>> ? ? ?> ?thinks that the email was received and then I want to put it in
>>>> ? ? ?> ?/dev/null. This is not for special needs for an internal
>>>> application and
>>>> ? ? ?> ?not for any real interset email server. I searched around
>>>> about how to
>>>> ? ? ?> ?do this and found some links that seem to imply that it's
>>>> possible but
>>>> ? ? ?> ?no real solution. Can anyone point me to the right place for
>>>> this?
>>>> ? ? ?>
>>>> ? ? ?> ?Thanks.
>>>> ? ? ?>
>>>> ? ? ?> ?Miguel
>>>> ? ? ?>
>>>> ? ? ?Sendmail should be doing this already... You have changed
>>>> something to make it
>>>> ? ? ?NOT reject unknown users.
>>>>
>>>>
>>>> ?Sendmail can "discard" the email, in fact in access.db you can
>>>> setup for
>>>> ?example "From: 1.2.3.4 DISCARD" so every email from that ip is
>>>> silently
>>>> ?discarded. How do you now if an user is either valid or not? Ldap?
>>>>
>>>> ? ? ?--
>>>> ? ? ?MailScanner mailing list
>>>>
>>>> mailscanner@lists.mailscanner.info<mailto:mailscanner@lists.mailscanner.info>
>>>>
>>>> ? ? ?http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> ? ? ?Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> ? ? ?Support MailScanner development - buy the book off the website!
>>>>
>>>>
>>>>
>>>> ?--
>>>> ?Esta mensagem foi verificada pelo sistema de antiv?rus e
>>>> ?acredita-se estar livre de perigo.
>>>
>>> --
>>> Esta mensagem foi verificada pelo sistema de antiv?rus e
>>> aMailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

-- 
Landon Stewart <LStewart@SUPERB.NET>
SuperbHosting.Net by Superb Internet Corp.
Toll Free (US/Canada): 888-354-6128 x 4199
Direct: 206-438-5879
Web hosting and more "Ahead of the Rest": http://www.superbhosting.net
From MailScanner at ecs.soton.ac.uk  Fri May 21 10:30:55 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May 21 10:31:11 2010
Subject: docx problems
In-Reply-To: <4BF37D97.70207@tradoc.fr>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<4BF2776E.30702@ecs.soton.ac.uk>	<EMEW3|ae57ac8103126b0f834738de41ee1c88m4HCI90bMailScanner|ecs.soton.ac.uk|4BF2776E.30702@ecs.soton.ac.uk>
	<4BF37D97.70207@tradoc.fr> <4BF652CF.5000807@ecs.soton.ac.uk>
Message-ID: <EMEW3|032f90acf04417405de83314a67f7013m4KAUx0bMailScanner|ecs.soton.ac.uk|4BF652CF.5000807@ecs.soton.ac.uk>



On 19/05/2010 06:56, John Wilcock wrote:
> Le 18/05/2010 13:18, Julian Field a ?crit :
>> The "No programs allowed" error occurs in filetype.rules.conf and
>> archives.filetype.rules.conf, so that is where you need to allow them.
>> Basically you're probably going to have to comment out the "No programs
>> allowed" rule in archives.filetype.rules.conf.
>> The other option is to use the MIME type reporting (the optional extra
>> field in each line, read the docs at the top of the file), and find out
>> what a "file -i" reports for one of those odttf files, and allow that
>> instead. That way you can keep the "No programs allowed" line as well,
>> just put your new "allow" line above it.
>
> I've been seeing similar problems to the OP with various file types 
> inside archives, but I've also noticed Clamd::ERROR:: Access denied. 
> messages in the logs despite using 4.80.4. I haven't had time to 
> investigate in detail, but I suspect that the "No programs allowed" is 
> just a symptom of a problem similar to the one you fixed for Access 
> denied on --lint with clamd 0.96.
I can't find this one :-(
All the permissions on files within archives are correct for clamd.
The perms fix in 4.80.4 only affected --lint as that was the only place 
it was wrong.

The "No programs allowed" is totally separate from anything to do with 
Clamd.

What MTA are you using?

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Fri May 21 10:32:12 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May 21 10:32:28 2010
Subject: Block emails having different source and reply-to address....
In-Reply-To: <4BF3EF49.6030902@tradoc.fr>
References: <4bf3dd35.1d588c0a.0479.ffffc7b7@mx.google.com>
	<4BF3EF49.6030902@tradoc.fr> <4BF6531C.4060908@ecs.soton.ac.uk>
Message-ID: <EMEW3|1125ba5fb9a485d2868ac89e973e3f24m4KAWG0bMailScanner|ecs.soton.ac.uk|4BF6531C.4060908@ecs.soton.ac.uk>



On 19/05/2010 15:01, John Wilcock wrote:
> Le 19/05/2010 14:44, Khawaja M. Jawad a ?crit :
>> How can I stop such email in which source email address and reply-to
>> email address are not same.
>
> Your MTA may be able to detect this condition, a custom spamassassin 
> rule definitely could, but it's unlikely to be a good idea to block 
> such messages. Lots of legitimate e-mail has different From and 
> Reply-to addresses (not least, messages from mailing lists).
Agreed, definitely, you shouldn't block stuff like this.
But if you really want to, then use a SpamAssassin rule that catches it, 
and use SpamAssassin Rule Actions to divert the message elsewhere.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Fri May 21 10:33:57 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May 21 10:34:12 2010
Subject: MailScanner: Could not analyze message
In-Reply-To: <4BF40DD90200002D00008EC2@sparky.asdm.net>
References: <4BF40DD90200002D00008EC2@sparky.asdm.net>
	<4BF65385.1010905@ecs.soton.ac.uk>
Message-ID: <EMEW3|f02bb6d48a51e581422d5b9c7f63628fm4KAY10bMailScanner|ecs.soton.ac.uk|4BF65385.1010905@ecs.soton.ac.uk>

Can you send me a URL of a sample message (raw queue files preferred) so 
that I can try this out for you please?

Jules.

On 19/05/2010 21:12, Gary Faith wrote:
> I have some e-mail being sent by one individual to MailScanner running ver 4.79.11 and the messages are getting tagged as {Dangerous Content?}.  I am running MailScanner with clamav&  sanesecurity signatures, scamnailer, razor, pyzor&  dcc.  Mailwatch reports that it isn't a virus it is "Other Infection":
>
> Anti-Virus/Dangerous Content Protection
> Virus: N
> Blocked File: N
> Other Infection: Y
> Report:MailScanner: Could not analyze message
>
> The message has contains this:
>
> Warning: This message has had one or more attachments removed
> Warning: (the entire message).
> Warning: Please read the "XXX-Attachment-Warning.txt" attachment(s) for more information.
>
> This is a message from the MailScanner E-Mail Virus Protection Service
> ----------------------------------------------------------------------
> The original e-mail message contained potentially dangerous content,
> which has been removed for your safety.
>
> At Wed May 19 15:36:22 2010 the content filters said:
>     MailScanner: Could not analyze message
>
> The sender uses Maximizer to generate the e-mail with a PDF attachment.  I had the sender use Maximizer and send only the message without the attachment and it comes in fine.  I had them send only the attachment via Outlook and it comes in fine.  It seems the problem is with Mazimizer but I am not sure why.
>
> I can send the quarantined message or whatever is needed to determine the problem off list.
>
> I need help in tracking down where the problem is and getting it fixed.
>
> Thanks,
>
> Gary Faith
>
>
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Fri May 21 10:37:51 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May 21 10:38:52 2010
Subject: bypassing SpamAssassin and virus checks for ...
In-Reply-To: <AANLkTinyEPqs9FYGZiGtK-75yiwjDseEQclYl96STxH-@mail.gmail.com>
References: <AANLkTinyEPqs9FYGZiGtK-75yiwjDseEQclYl96STxH-@mail.gmail.com>
	<4BF6546F.9050303@ecs.soton.ac.uk>
Message-ID: <EMEW3|a726b6320551615817c5a2b655c9cd52m4KAby0bMailScanner|ecs.soton.ac.uk|4BF6546F.9050303@ecs.soton.ac.uk>



On 20/05/2010 18:32, Robert Lopez wrote:
> This college has contracted with an organization to handle
> all emergency communications which will be sent by text
> message to those who sign up and by email to everyone.
> That organization has requested certain "whitelisting" to
> occur on our email gateways.
>
> I have done the whitelisting I can do on Postfix.
> If I had a better understanding of Postfix, it might have
> been better to have Postfix bypass MailScanner.
>
> Now I need to tell MailScanner to allow the email to
> bypass SpamAssassin and the virus checking software.
>
> Thus far I have not utilized any RuleSets files.
> The book says bypassing SpamAssassin does not
> bypass the virus checking.
>
> As I plan I am looking at these two modifications:
>
> --------------------------------------------------------------------------------
>
> 1) Add to
> /etc/MailScanner/rules/spam.whitelist.rules
> and enable use in /etc/MailScanner/MailScanner.conf
>
> From:		207.66.21.3		yes
> From:		69.25.199.33		yes
> From:		205.237.106.3		yes
> From:		@getrave.com		yes
> From:		@ravewireless.com	yes
> From:		@ravemobilesafety.com	yes
> From:		*cnm.edu@getrave.com	yes
> From:		No-reply@getrave.com	yes
>
> --------------------------------------------------------------------------------
>
> 2) Add to
> /etc/MailScanner/rules/virus.scanning.rules
> and enable use in /etc/MailScanner/MailScanner.conf
>
> From:		207.66.21.3		yes
> From:		69.25.199.33		yes
> From:		205.237.106.3		yes
> From:		@getrave.com		yes
> From:		@ravewireless.com	yes
> From:		@ravemobilesafety.com	yes
> From:		*cnm.edu@getrave.com	yes
> From:		No-reply@getrave.com	yes
>    
As the configuration setting is called "Virus Scanning =", then giving a 
response of "yes" will cause it to virus-scan those emails, which is the 
opposite of what you want. It's dead simple, all a ruleset does is vary 
the response to the configuration setting depending on properties of the 
message. So if you want to say "Virus Scanning = no" for messages from 
no-reply@getrave.com, then you clearly have to put "no" in the ruleset 
file line for that address.

There is a much simpler way, just use a ruleset on "Scan Messages" as 
that is the global switch you are looking for.

Jules.
> --------------------------------------------------------------------------------
>
> The two sets of lines are exactly the same in both of the files.
> It seems redundant. Because in a real emergency the
> service will "open multiple SMTP connections and attempt to
> send a large number of emails in a short period of time" I
> should be concerned with system load.
>
> Are my plans sufficient?
> Is there something more efficient I should consider?
>
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From john at tradoc.fr  Fri May 21 10:45:39 2010
From: john at tradoc.fr (John Wilcock)
Date: Fri May 21 10:45:57 2010
Subject: docx problems
In-Reply-To: <EMEW3|032f90acf04417405de83314a67f7013m4KAUx0bMailScanner|ecs.soton.ac.uk|4BF652CF.5000807@ecs.soton.ac.uk>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<4BF2776E.30702@ecs.soton.ac.uk>	<EMEW3|ae57ac8103126b0f834738de41ee1c88m4HCI90bMailScanner|ecs.soton.ac.uk|4BF2776E.30702@ecs.soton.ac.uk>	<4BF37D97.70207@tradoc.fr>
	<4BF652CF.5000807@ecs.soton.ac.uk>
	<EMEW3|032f90acf04417405de83314a67f7013m4KAUx0bMailScanner|ecs.soton.ac.uk|4BF652CF.5000807@ecs.soton.ac.uk>
Message-ID: <4BF65643.4040308@tradoc.fr>

Le 21/05/2010 11:30, Julian Field a ?crit :
> All the permissions on files within archives are correct for clamd.
> The perms fix in 4.80.4 only affected --lint as that was the only place
> it was wrong.
>
> The "No programs allowed" is totally separate from anything to do with
> Clamd.

That's what I would have thought, but I'm getting clamd access denied 
messages for exactly the same files that are being reported as "No 
programs allowed", so thought it was worth mentioning.

> What MTA are you using?

Postfix 2.6.5, with clamav 0.96, perl 5.8 on gentoo. Perl module 
versions listed below.

If you want access to one of my boxes, let me know offlist.

This is Perl version 5.008008 (5.8.8)

This is MailScanner version 4.80.4
Module versions are:
1.00    AnyDBM_File
1.30    Archive::Zip
0.17    bignum
1.04    Carp
2.021   Compress::Zlib
1.119   Convert::BinHex
0.17    Convert::TNEF
2.121_08        Data::Dumper
2.27    Date::Parse
1.00    DirHandle
1.05    Fcntl
2.74    File::Basename
2.09    File::Copy
2.01    FileHandle
1.08    File::Path
0.22    File::Temp
0.92    Filesys::Df
3.64    HTML::Entities
3.64    HTML::Parser
3.57    HTML::TokeParser
1.25    IO
1.14    IO::File
1.13    IO::Pipe
2.06    Mail::Header
1.77    Math::BigInt
0.15    Math::BigRat
3.08    MIME::Base64
5.427   MIME::Decoder
5.427   MIME::Decoder::UU
5.427   MIME::Head
5.427   MIME::Parser
3.08    MIME::QuotedPrint
5.427   MIME::Tools
0.11    Net::CIDR
1.25    Net::IP
0.19    OLE::Storage_Lite
1.04    Pod::Escapes
3.07    Pod::Simple
1.09    POSIX
1.21    Scalar::Util
1.78    Socket
2.20    Storable
1.4     Sys::Hostname::Long
0.27    Sys::Syslog
1.42    Test::Pod
0.94    Test::Simple
1.9719  Time::HiRes
1.02    Time::localtime

Optional module versions are:
1.54    Archive::Tar
0.17    bignum
missing Business::ISBN
missing Business::ISBN::Data
missing Data::Dump
1.82    DB_File
1.14    DBD::SQLite
1.609   DBI
1.16    Digest
1.01    Digest::HMAC
2.39    Digest::MD5
2.12    Digest::SHA1
1.01    Encode::Detect
0.17016 Error
0.2603  ExtUtils::CBuilder
2.2203  ExtUtils::ParseXS
2.38    Getopt::Long
missing Inline
1.08    IO::String
1.09    IO::Zlib
2.23    IP::Country
missing Mail::ClamAV
3.003001        Mail::SpamAssassin
v2.007  Mail::SPF
missing Mail::SPF::Query
0.340201        Module::Build
0.20    Net::CIDR::Lite
0.65    Net::DNS
v0.003  Net::DNS::Resolver::Programmable
missing Net::LDAP
  4.028  NetAddr::IP
1.94    Parse::RecDescent
missing SAVI
3.17    Test::Harness
missing Test::Manifest
2.0.0   Text::Balanced
1.38    URI
0.7702  version
0.71    YAML


John.

-- 
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr
From MailScanner at ecs.soton.ac.uk  Fri May 21 11:43:40 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May 21 11:43:58 2010
Subject: docx problems
In-Reply-To: <4BF65643.4040308@tradoc.fr>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<4BF2776E.30702@ecs.soton.ac.uk>	<EMEW3|ae57ac8103126b0f834738de41ee1c88m4HCI90bMailScanner|ecs.soton.ac.uk|4BF2776E.30702@ecs.soton.ac.uk>	<4BF37D97.70207@tradoc.fr>	<4BF652CF.5000807@ecs.soton.ac.uk>	<EMEW3|032f90acf04417405de83314a67f7013m4KAUx0bMailScanner|ecs.soton.ac.uk|4BF652CF.5000807@ecs.soton.ac.uk>
	<4BF65643.4040308@tradoc.fr> <4BF663DC.7080604@ecs.soton.ac.uk>
Message-ID: <EMEW3|2b0f4f2616e10663c6e4d082a4e0c86bm4KBhl0bMailScanner|ecs.soton.ac.uk|4BF663DC.7080604@ecs.soton.ac.uk>

What are your
Incoming Work User =
Incoming Work Group =
Incoming Work Permissions =

and what virus scanners are you using?

Thanks,
Jules.

On 21/05/2010 10:45, John Wilcock wrote:
> Le 21/05/2010 11:30, Julian Field a ?crit :
>> All the permissions on files within archives are correct for clamd.
>> The perms fix in 4.80.4 only affected --lint as that was the only place
>> it was wrong.
>>
>> The "No programs allowed" is totally separate from anything to do with
>> Clamd.
>
> That's what I would have thought, but I'm getting clamd access denied 
> messages for exactly the same files that are being reported as "No 
> programs allowed", so thought it was worth mentioning.
>
>> What MTA are you using?
>
> Postfix 2.6.5, with clamav 0.96, perl 5.8 on gentoo. Perl module 
> versions listed below.
>
> If you want access to one of my boxes, let me know offlist.
>
> This is Perl version 5.008008 (5.8.8)
>
> This is MailScanner version 4.80.4
> Module versions are:
> 1.00    AnyDBM_File
> 1.30    Archive::Zip
> 0.17    bignum
> 1.04    Carp
> 2.021   Compress::Zlib
> 1.119   Convert::BinHex
> 0.17    Convert::TNEF
> 2.121_08        Data::Dumper
> 2.27    Date::Parse
> 1.00    DirHandle
> 1.05    Fcntl
> 2.74    File::Basename
> 2.09    File::Copy
> 2.01    FileHandle
> 1.08    File::Path
> 0.22    File::Temp
> 0.92    Filesys::Df
> 3.64    HTML::Entities
> 3.64    HTML::Parser
> 3.57    HTML::TokeParser
> 1.25    IO
> 1.14    IO::File
> 1.13    IO::Pipe
> 2.06    Mail::Header
> 1.77    Math::BigInt
> 0.15    Math::BigRat
> 3.08    MIME::Base64
> 5.427   MIME::Decoder
> 5.427   MIME::Decoder::UU
> 5.427   MIME::Head
> 5.427   MIME::Parser
> 3.08    MIME::QuotedPrint
> 5.427   MIME::Tools
> 0.11    Net::CIDR
> 1.25    Net::IP
> 0.19    OLE::Storage_Lite
> 1.04    Pod::Escapes
> 3.07    Pod::Simple
> 1.09    POSIX
> 1.21    Scalar::Util
> 1.78    Socket
> 2.20    Storable
> 1.4     Sys::Hostname::Long
> 0.27    Sys::Syslog
> 1.42    Test::Pod
> 0.94    Test::Simple
> 1.9719  Time::HiRes
> 1.02    Time::localtime
>
> Optional module versions are:
> 1.54    Archive::Tar
> 0.17    bignum
> missing Business::ISBN
> missing Business::ISBN::Data
> missing Data::Dump
> 1.82    DB_File
> 1.14    DBD::SQLite
> 1.609   DBI
> 1.16    Digest
> 1.01    Digest::HMAC
> 2.39    Digest::MD5
> 2.12    Digest::SHA1
> 1.01    Encode::Detect
> 0.17016 Error
> 0.2603  ExtUtils::CBuilder
> 2.2203  ExtUtils::ParseXS
> 2.38    Getopt::Long
> missing Inline
> 1.08    IO::String
> 1.09    IO::Zlib
> 2.23    IP::Country
> missing Mail::ClamAV
> 3.003001        Mail::SpamAssassin
> v2.007  Mail::SPF
> missing Mail::SPF::Query
> 0.340201        Module::Build
> 0.20    Net::CIDR::Lite
> 0.65    Net::DNS
> v0.003  Net::DNS::Resolver::Programmable
> missing Net::LDAP
>  4.028  NetAddr::IP
> 1.94    Parse::RecDescent
> missing SAVI
> 3.17    Test::Harness
> missing Test::Manifest
> 2.0.0   Text::Balanced
> 1.38    URI
> 0.7702  version
> 0.71    YAML
>
>
> John.
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From john at tradoc.fr  Fri May 21 12:04:14 2010
From: john at tradoc.fr (John Wilcock)
Date: Fri May 21 12:04:34 2010
Subject: docx problems
In-Reply-To: <EMEW3|2b0f4f2616e10663c6e4d082a4e0c86bm4KBhl0bMailScanner|ecs.soton.ac.uk|4BF663DC.7080604@ecs.soton.ac.uk>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<4BF2776E.30702@ecs.soton.ac.uk>	<EMEW3|ae57ac8103126b0f834738de41ee1c88m4HCI90bMailScanner|ecs.soton.ac.uk|4BF2776E.30702@ecs.soton.ac.uk>	<4BF37D97.70207@tradoc.fr>	<4BF652CF.5000807@ecs.soton.ac.uk>	<EMEW3|032f90acf04417405de83314a67f7013m4KAUx0bMailScanner|ecs.soton.ac.uk|4BF652CF.5000807@ecs.soton.ac.uk>	<4BF65643.4040308@tradoc.fr>
	<4BF663DC.7080604@ecs.soton.ac.uk>
	<EMEW3|2b0f4f2616e10663c6e4d082a4e0c86bm4KBhl0bMailScanner|ecs.soton.ac.uk|4BF663DC.7080604@ecs.soton.ac.uk>
Message-ID: <4BF668AE.5030606@tradoc.fr>

Le 21/05/2010 12:43, Julian Field a ?crit :
> What are your
> Incoming Work User =
> Incoming Work Group =
> Incoming Work Permissions =
>
> and what virus scanners are you using?

Incoming Work User =
Incoming Work Group = clamav
Incoming Work Permissions = 0640
Virus Scanners = clamd

(and, although you didn't ask, but as it is interrelated with Incoming 
Work User/Group)

Run As User = postfix
Run As Group = apache

John.

-- 
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr
From MailScanner at ecs.soton.ac.uk  Fri May 21 12:34:28 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May 21 12:34:53 2010
Subject: docx problems
In-Reply-To: <4BF668AE.5030606@tradoc.fr>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<4BF2776E.30702@ecs.soton.ac.uk>	<EMEW3|ae57ac8103126b0f834738de41ee1c88m4HCI90bMailScanner|ecs.soton.ac.uk|4BF2776E.30702@ecs.soton.ac.uk>	<4BF37D97.70207@tradoc.fr>	<4BF652CF.5000807@ecs.soton.ac.uk>	<EMEW3|032f90acf04417405de83314a67f7013m4KAUx0bMailScanner|ecs.soton.ac.uk|4BF652CF.5000807@ecs.soton.ac.uk>	<4BF65643.4040308@tradoc.fr>	<4BF663DC.7080604@ecs.soton.ac.uk>	<EMEW3|2b0f4f2616e10663c6e4d082a4e0c86bm4KBhl0bMailScanner|ecs.soton.ac.uk|4BF663DC.7080604@ecs.soton.ac.uk>
	<4BF668AE.5030606@tradoc.fr> <4BF66FC4.3000309@ecs.soton.ac.uk>
Message-ID: <EMEW3|6829dc6c5b6fd69e27e98b01a02271a3m4KCYV0bMailScanner|ecs.soton.ac.uk|4BF66FC4.3000309@ecs.soton.ac.uk>



On 21/05/2010 12:04, John Wilcock wrote:
> Le 21/05/2010 12:43, Julian Field a ?crit :
>> What are your
>> Incoming Work User =
>> Incoming Work Group =
>> Incoming Work Permissions =
>>
>> and what virus scanners are you using?
>
> Incoming Work User =
> Incoming Work Group = clamav
> Incoming Work Permissions = 0640
> Virus Scanners = clamd
>
> (and, although you didn't ask, but as it is interrelated with Incoming 
> Work User/Group)
>
> Run As User = postfix
> Run As Group = apache
>
Thanks for that lot. Is "apache" a member of the "clamav" group in 
/etc/group or anything like that?

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From john at tradoc.fr  Fri May 21 12:43:01 2010
From: john at tradoc.fr (John Wilcock)
Date: Fri May 21 12:43:16 2010
Subject: docx problems
In-Reply-To: <EMEW3|6829dc6c5b6fd69e27e98b01a02271a3m4KCYV0bMailScanner|ecs.soton.ac.uk|4BF66FC4.3000309@ecs.soton.ac.uk>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<4BF2776E.30702@ecs.soton.ac.uk>	<EMEW3|ae57ac8103126b0f834738de41ee1c88m4HCI90bMailScanner|ecs.soton.ac.uk|4BF2776E.30702@ecs.soton.ac.uk>	<4BF37D97.70207@tradoc.fr>	<4BF652CF.5000807@ecs.soton.ac.uk>	<EMEW3|032f90acf04417405de83314a67f7013m4KAUx0bMailScanner|ecs.soton.ac.uk|4BF652CF.5000807@ecs.soton.ac.uk>	<4BF65643.4040308@tradoc.fr>	<4BF663DC.7080604@ecs.soton.ac.uk>	<EMEW3|2b0f4f2616e10663c6e4d082a4e0c86bm4KBhl0bMailScanner|ecs.soton.ac.uk|4BF663DC.7080604@ecs.soton.ac.uk>	<4BF668AE.5030606@tradoc.fr>
	<4BF66FC4.3000309@ecs.soton.ac.uk>
	<EMEW3|6829dc6c5b6fd69e27e98b01a02271a3m4KCYV0bMailScanner|ecs.soton.ac.uk|4BF66FC4.3000309@ecs.soton.ac.uk>
Message-ID: <4BF671C5.2090408@tradoc.fr>

Le 21/05/2010 13:34, Julian Field a ?crit :
>> Incoming Work User =
>> Incoming Work Group = clamav
>> Incoming Work Permissions = 0640
>> Virus Scanners = clamd
>>
>> (and, although you didn't ask, but as it is interrelated with Incoming
>> Work User/Group)
>>
>> Run As User = postfix
>> Run As Group = apache
>>
> Thanks for that lot. Is "apache" a member of the "clamav" group in
> /etc/group or anything like that?

Nope.

John.

-- 
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr
From spamlists at coders.co.uk  Fri May 21 13:57:00 2010
From: spamlists at coders.co.uk (Matt)
Date: Fri May 21 13:57:12 2010
Subject: MailScanner Phishing Bad Sites updates
Message-ID: <4BF6831C.5020803@coders.co.uk>

All

Apologies but we moved DNS servers yesterday and somehow managed to miss
the delegation of the subdomain that handles the DNS for the updates.

I have fixed this now.

Sorry!

matt


From gafaith at asdm.net  Fri May 21 14:41:50 2010
From: gafaith at asdm.net (Gary Faith)
Date: Fri May 21 14:42:32 2010
Subject: MailScanner: Could not analyze message
In-Reply-To: <ht3vvc$vbf$1@dough.gmane.org>
References: <4BF40DD90200002D00008EC2@sparky.asdm.net>
	<ht3vvc$vbf$1@dough.gmane.org>
Message-ID: <4BF6555E0200002D00008EEE@sparky.asdm.net>

No,  in the original message I had said they are using a program they call it a "campaign manager" but the name of the program is Maximizer.
 
Gary

>>> Scott Silva <ssilva@sgvwater.com> 5/20/2010 2:44 PM >>>
on 5-19-2010 1:12 PM Gary Faith spake the following:
> I have some e-mail being sent by one individual to MailScanner running ver 4.79.11 and the messages are getting tagged as {Dangerous Content?}.  I am running MailScanner with clamav & sanesecurity signatures, scamnailer, razor, pyzor & dcc.  Mailwatch reports that it isn't a virus it is "Other Infection":
> 
> Anti-Virus/Dangerous Content Protection
> Virus: N 
> Blocked File: N 
> Other Infection: Y 
> Report:MailScanner: Could not analyze message
> 
> The message has contains this:
> 
> Warning: This message has had one or more attachments removed
> Warning: (the entire message).
> Warning: Please read the "XXX-Attachment-Warning.txt" attachment(s) for more information.
> 
> This is a message from the MailScanner E-Mail Virus Protection Service
> ----------------------------------------------------------------------
> The original e-mail message contained potentially dangerous content,
> which has been removed for your safety.
> 
> At Wed May 19 15:36:22 2010 the content filters said:
>    MailScanner: Could not analyze message
> 
> The sender uses Maximizer to generate the e-mail with a PDF attachment.  I had the sender use Maximizer and send only the message without the attachment and it comes in fine.  I had them send only the attachment via Outlook and it comes in fine.  It seems the problem is with Mazimizer but I am not sure why.  
> 
> I can send the quarantined message or whatever is needed to determine the problem off list.
> 
> I need help in tracking down where the problem is and getting it fixed.
> 
> Thanks,
> 
> Gary Faith
> 
> 
Is the sender using Outlook?

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info 
http://lists.mailscanner.info/mailman/listinfo/mailscanner 

Before posting, read http://wiki.mailscanner.info/posting 

Support MailScanner development - buy the book off the website! 

From gafaith at asdm.net  Fri May 21 14:44:38 2010
From: gafaith at asdm.net (Gary Faith)
Date: Fri May 21 14:45:03 2010
Subject: MailScanner: Could not analyze message
In-Reply-To: <EMEW3|f02bb6d48a51e581422d5b9c7f63628fm4KAY10bMailScanner|ecs.soton.ac.uk|4BF65385.1010905@ecs.soton.ac.uk>
References: <4BF40DD90200002D00008EC2@sparky.asdm.net>
	<4BF65385.1010905@ecs.soton.ac.uk>
	<EMEW3|f02bb6d48a51e581422d5b9c7f63628fm4KAY10bMailScanner|ecs.soton.ac.uk|4BF65385.1010905@ecs.soton.ac.uk>
Message-ID: <4BF656060200002D00008EF3@sparky.asdm.net>

I can get the message in the spam quarantine folder but how do I get the raw message?  Do I need to shutdown MailScanner and only have sendmail running until after they say it was sent or is there some other way to get it?
 
Gary

>>> Julian Field <MailScanner@ecs.soton.ac.uk> 5/21/2010 5:33 AM >>>
Can you send me a URL of a sample message (raw queue files preferred) so 
that I can try this out for you please?

Jules.

On 19/05/2010 21:12, Gary Faith wrote:
> I have some e-mail being sent by one individual to MailScanner running ver 4.79.11 and the messages are getting tagged as {Dangerous Content?}.  I am running MailScanner with clamav&  sanesecurity signatures, scamnailer, razor, pyzor&  dcc.  Mailwatch reports that it isn't a virus it is "Other Infection":
>
> Anti-Virus/Dangerous Content Protection
> Virus: N
> Blocked File: N
> Other Infection: Y
> Report:MailScanner: Could not analyze message
>
> The message has contains this:
>
> Warning: This message has had one or more attachments removed
> Warning: (the entire message).
> Warning: Please read the "XXX-Attachment-Warning.txt" attachment(s) for more information.
>
> This is a message from the MailScanner E-Mail Virus Protection Service
> ----------------------------------------------------------------------
> The original e-mail message contained potentially dangerous content,
> which has been removed for your safety.
>
> At Wed May 19 15:36:22 2010 the content filters said:
>     MailScanner: Could not analyze message
>
> The sender uses Maximizer to generate the e-mail with a PDF attachment.  I had the sender use Maximizer and send only the message without the attachment and it comes in fine.  I had them send only the attachment via Outlook and it comes in fine.  It seems the problem is with Mazimizer but I am not sure why.
>
> I can send the quarantined message or whatever is needed to determine the problem off list.
>
> I need help in tracking down where the problem is and getting it fixed.
>
> Thanks,
>
> Gary Faith
>
>
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100521/1bd5f56b/attachment.html
From miguelk at konsultex.com.br  Fri May 21 14:49:59 2010
From: miguelk at konsultex.com.br (Miguel Koren O'Brien de Lacy)
Date: Fri May 21 14:49:18 2010
Subject: [OT] - Configure sendmail to drop incoming unknown user emails
In-Reply-To: <AANLkTimBy7lKhrWm7eYk8G_KKLnrQyajj5y24PLW-PK1@mail.gmail.com>
References: <4BF48903.1080904@konsultex.com.br>
	<ht402a$vbf$2@dough.gmane.org>	<AANLkTimw6YhhKDIjzZo9t6Ryv2242tyKv4XJk1SYWiVa@mail.gmail.com>	<4BF58D4F.9060703@konsultex.com.br>
	<4BF5AD72.6030003@pacific.net>	<4BF5F3B3.5080908@konsultex.com.br>
	<AANLkTimBy7lKhrWm7eYk8G_KKLnrQyajj5y24PLW-PK1@mail.gmail.com>
Message-ID: <4BF68F87.9030801@konsultex.com.br>

An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100521/7cfc2f98/attachment.html
From MailScanner at ecs.soton.ac.uk  Fri May 21 14:55:24 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May 21 14:55:34 2010
Subject: MailScanner: Could not analyze message
In-Reply-To: <4BF656060200002D00008EF3@sparky.asdm.net>
References: <4BF40DD90200002D00008EC2@sparky.asdm.net>	<4BF65385.1010905@ecs.soton.ac.uk>	<EMEW3|f02bb6d48a51e581422d5b9c7f63628fm4KAY10bMailScanner|ecs.soton.ac.uk|4BF65385.1010905@ecs.soton.ac.uk>
	<4BF656060200002D00008EF3@sparky.asdm.net>
	<4BF690CC.1030209@ecs.soton.ac.uk>
Message-ID: <EMEW3|10057e461e6cc9ef164be1a7b087e60fm4KEyP0bMailScanner|ecs.soton.ac.uk|4BF690CC.1030209@ecs.soton.ac.uk>

You can get it if you have Raw Queue Files switched on, straight from 
the quarantine.

On 21/05/2010 14:44, Gary Faith wrote:
> I can get the message in the spam quarantine folder but how do I get 
> the raw message?  Do I need to shutdown MailScanner and only have 
> sendmail running until after they say it was sent or is there some 
> other way to get it?
> Gary
>
> >>> Julian Field <MailScanner@ecs.soton.ac.uk> 5/21/2010 5:33 AM >>>
> Can you send me a URL of a sample message (raw queue files preferred) so
> that I can try this out for you please?
>
> Jules.
>
> On 19/05/2010 21:12, Gary Faith wrote:
> > I have some e-mail being sent by one individual to MailScanner 
> running ver 4.79.11 and the messages are getting tagged as {Dangerous 
> Content?}.  I am running MailScanner with clamav&  sanesecurity 
> signatures, scamnailer, razor, pyzor&  dcc.  Mailwatch reports that it 
> isn't a virus it is "Other Infection":
> >
> > Anti-Virus/Dangerous Content Protection
> > Virus: N
> > Blocked File: N
> > Other Infection: Y
> > Report:MailScanner: Could not analyze message
> >
> > The message has contains this:
> >
> > Warning: This message has had one or more attachments removed
> > Warning: (the entire message).
> > Warning: Please read the "XXX-Attachment-Warning.txt" attachment(s) 
> for more information.
> >
> > This is a message from the MailScanner E-Mail Virus Protection Service
> > ----------------------------------------------------------------------
> > The original e-mail message contained potentially dangerous content,
> > which has been removed for your safety.
> >
> > At Wed May 19 15:36:22 2010 the content filters said:
> >     MailScanner: Could not analyze message
> >
> > The sender uses Maximizer to generate the e-mail with a PDF 
> attachment.  I had the sender use Maximizer and send only the message 
> without the attachment and it comes in fine.  I had them send only the 
> attachment via Outlook and it comes in fine.  It seems the problem is 
> with Mazimizer but I am not sure why.
> >
> > I can send the quarantined message or whatever is needed to 
> determine the problem off list.
> >
> > I need help in tracking down where the problem is and getting it fixed.
> >
> > Thanks,
> >
> > Gary Faith
> >
> >
> >
>
> Jules
>
> -- 
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From NWL002 at shsu.edu  Fri May 21 17:18:17 2010
From: NWL002 at shsu.edu (Laskie, Norman)
Date: Fri May 21 17:18:28 2010
Subject: ScamNailer: How would we have entries removed / Minor suggestion :)
Message-ID: <8FAC1E47484E43469AA28DBF35C955E4BDDEA11C21@EXMBX.SHSU.EDU>

Previously we had one of our user's account get compromised.  Since then their accounts have been disabled, they had the slapping of the wrist, their password has been reset and all of that fun stuff.  I was wondering if anyone knows how to have the addresses removed from the ScamNailer lists?  Unfortunately our user account naming standard matches some of the regexes nicely so there can be some fallout, but it is minimal.

Also, would it be possible to exclude abuse@DOMAIN from the generated rulesets either by default or by option? 


Thanks,
Norman
From brent at beanfield.com  Fri May 21 20:50:34 2010
From: brent at beanfield.com (Brent Bloxam)
Date: Fri May 21 20:50:46 2010
Subject: Issues with 4.79.11 and SweepOther.pm
Message-ID: <4BF6E40A.7070108@beanfield.com>

Working on installing MailScanner 4.79.11 on FreeBSD, built from ports.

I've got things setup to essentially match my previous installation
(4.64.3) but am having the following issue when trying to get 
MailScanner to start scanning my queue:

 > In Debugging mode, not forking...
 > Trying to setlogsock(unix)
 > Building a message batch to scan...
 > Have a batch of 1 message.
 > Unmatched [ in regex; marked by <-- HERE in m/[ <-- HERE ]/ at 
/usr/local/lib/MailScanner/MailScanner/SweepOther.pm line 250.

Checking line 250 I find...

 >         my($logtext, $usertext);
 >
 >         if ($TypeIndicator =~ /$ArchivesAre/) {
 >           $allowexists = $Aallowexists;
 >           $megaallow = $Amegaallow;
 >         } else {

The problem seems to be $ArchivesAre which is

 > $ArchivesAre = $message->{archivesare};

Dumping to log with MailScanner::Log::InfoLog, $ArchivesAre contents are
"[]"

Any ideas for tracking down what is going on? I've searched the mailing
list history but have not found anything related

- Brent
-- 
|  .-> brent bloxam ~-.      brent @  beanfield.com
| (                    )     beanfield metroconnect
|  `~- wexolq +uajq <-'      416.532.1555 ext. 2004
--
From brent at beanfield.com  Fri May 21 21:09:53 2010
From: brent at beanfield.com (Brent Bloxam)
Date: Fri May 21 21:10:13 2010
Subject: Issues with 4.79.11 and SweepOther.pm
In-Reply-To: <4BF6E40A.7070108@beanfield.com>
References: <4BF6E40A.7070108@beanfield.com>
Message-ID: <4BF6E891.7050203@beanfield.com>

Tracked this down. Issue was due to me setting "Archives Are" in 
MailScanner.conf to no value. Julian, what's your opinion on this? Bug? 
Should we be able to blank that config line?

Brent Bloxam wrote:
> Working on installing MailScanner 4.79.11 on FreeBSD, built from ports.
> 
> I've got things setup to essentially match my previous installation
> (4.64.3) but am having the following issue when trying to get 
> MailScanner to start scanning my queue:
> 
>  > In Debugging mode, not forking...
>  > Trying to setlogsock(unix)
>  > Building a message batch to scan...
>  > Have a batch of 1 message.
>  > Unmatched [ in regex; marked by <-- HERE in m/[ <-- HERE ]/ at 
> /usr/local/lib/MailScanner/MailScanner/SweepOther.pm line 250.
> 
> Checking line 250 I find...
> 
>  >         my($logtext, $usertext);
>  >
>  >         if ($TypeIndicator =~ /$ArchivesAre/) {
>  >           $allowexists = $Aallowexists;
>  >           $megaallow = $Amegaallow;
>  >         } else {
> 
> The problem seems to be $ArchivesAre which is
> 
>  > $ArchivesAre = $message->{archivesare};
> 
> Dumping to log with MailScanner::Log::InfoLog, $ArchivesAre contents are
> "[]"
> 
> Any ideas for tracking down what is going on? I've searched the mailing
> list history but have not found anything related
> 
> - Brent
From MailScanner at ecs.soton.ac.uk  Sat May 22 21:27:43 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Sat May 22 21:27:54 2010
Subject: ScamNailer: How would we have entries removed / Minor suggestion
 :)
In-Reply-To: <8FAC1E47484E43469AA28DBF35C955E4BDDEA11C21@EXMBX.SHSU.EDU>
References: <8FAC1E47484E43469AA28DBF35C955E4BDDEA11C21@EXMBX.SHSU.EDU>
	<4BF83E3F.2070303@ecs.soton.ac.uk>
Message-ID: <EMEW3|d9f9f470225e961fe232f604eb7bd81em4LLRj0bMailScanner|ecs.soton.ac.uk|4BF83E3F.2070303@ecs.soton.ac.uk>

Basically you email me and ask nicely. I then look to see where the 
blacklisting originated and point you in the right direction of the 
correct people to talk to, in case I can't do it myself.

Whitelisting abuse@domain sounds like a good idea, I'll look into doing 
that if it's possible without having to change the code too much.

On 21/05/2010 17:18, Laskie, Norman wrote:
> Previously we had one of our user's account get compromised.  Since then their accounts have been disabled, they had the slapping of the wrist, their password has been reset and all of that fun stuff.  I was wondering if anyone knows how to have the addresses removed from the ScamNailer lists?  Unfortunately our user account naming standard matches some of the regexes nicely so there can be some fallout, but it is minimal.
>
> Also, would it be possible to exclude abuse@DOMAIN from the generated rulesets either by default or by option?
>
>
> Thanks,
> Norman
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Sat May 22 21:29:13 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Sat May 22 21:29:31 2010
Subject: Issues with 4.79.11 and SweepOther.pm
In-Reply-To: <4BF6E891.7050203@beanfield.com>
References: <4BF6E40A.7070108@beanfield.com> <4BF6E891.7050203@beanfield.com>
	<4BF83E99.4040307@ecs.soton.ac.uk>
Message-ID: <EMEW3|23f376b9b1e8345263b289d26783acf5m4LLYK0bMailScanner|ecs.soton.ac.uk|4BF83E99.4040307@ecs.soton.ac.uk>



On 21/05/2010 21:09, Brent Bloxam wrote:
> Tracked this down. Issue was due to me setting "Archives Are" in 
> MailScanner.conf to no value. Julian, what's your opinion on this? 
> Bug? Should we be able to blank that config line?
Ideally, I guess you could use a blank in that config line, but it would 
be pretty meaningless. Surely you must consider *something* to be an 
archive?

Jules.
>
> Brent Bloxam wrote:
>> Working on installing MailScanner 4.79.11 on FreeBSD, built from ports.
>>
>> I've got things setup to essentially match my previous installation
>> (4.64.3) but am having the following issue when trying to get 
>> MailScanner to start scanning my queue:
>>
>> > In Debugging mode, not forking...
>> > Trying to setlogsock(unix)
>> > Building a message batch to scan...
>> > Have a batch of 1 message.
>> > Unmatched [ in regex; marked by <-- HERE in m/[ <-- HERE ]/ at 
>> /usr/local/lib/MailScanner/MailScanner/SweepOther.pm line 250.
>>
>> Checking line 250 I find...
>>
>> >         my($logtext, $usertext);
>> >
>> >         if ($TypeIndicator =~ /$ArchivesAre/) {
>> >           $allowexists = $Aallowexists;
>> >           $megaallow = $Amegaallow;
>> >         } else {
>>
>> The problem seems to be $ArchivesAre which is
>>
>> > $ArchivesAre = $message->{archivesare};
>>
>> Dumping to log with MailScanner::Log::InfoLog, $ArchivesAre contents are
>> "[]"
>>
>> Any ideas for tracking down what is going on? I've searched the mailing
>> list history but have not found anything related
>>
>> - Brent

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Sat May 22 21:31:38 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Sat May 22 21:32:00 2010
Subject: Issues with 4.79.11 and SweepOther.pm
In-Reply-To: <4BF6E891.7050203@beanfield.com>
References: <4BF6E40A.7070108@beanfield.com> <4BF6E891.7050203@beanfield.com>
	<4BF83F2A.4020108@ecs.soton.ac.uk>
Message-ID: <EMEW3|d06bd9610bdfe6a8aa4f38f7f9e3e85bm4LLVo0bMailScanner|ecs.soton.ac.uk|4BF83F2A.4020108@ecs.soton.ac.uk>

As a temporary fix for you to try for me, please edit 
/usr/lib/MailScanner/MailScanner/Message.pm.
Around line 417, there is a line that says this:
   $ArchivesAre    = '[' . $ArchivesAre . ']';
Please find this line and change it to
   $ArchivesAre    = '[' . $ArchivesAre . ']' if $ArchivesAre;
and then stop and restart MailScanner.

Please let me know if this solves the problem for you.

Jules.

On 21/05/2010 21:09, Brent Bloxam wrote:
> Tracked this down. Issue was due to me setting "Archives Are" in 
> MailScanner.conf to no value. Julian, what's your opinion on this? 
> Bug? Should we be able to blank that config line?
>
> Brent Bloxam wrote:
>> Working on installing MailScanner 4.79.11 on FreeBSD, built from ports.
>>
>> I've got things setup to essentially match my previous installation
>> (4.64.3) but am having the following issue when trying to get 
>> MailScanner to start scanning my queue:
>>
>> > In Debugging mode, not forking...
>> > Trying to setlogsock(unix)
>> > Building a message batch to scan...
>> > Have a batch of 1 message.
>> > Unmatched [ in regex; marked by <-- HERE in m/[ <-- HERE ]/ at 
>> /usr/local/lib/MailScanner/MailScanner/SweepOther.pm line 250.
>>
>> Checking line 250 I find...
>>
>> >         my($logtext, $usertext);
>> >
>> >         if ($TypeIndicator =~ /$ArchivesAre/) {
>> >           $allowexists = $Aallowexists;
>> >           $megaallow = $Amegaallow;
>> >         } else {
>>
>> The problem seems to be $ArchivesAre which is
>>
>> > $ArchivesAre = $message->{archivesare};
>>
>> Dumping to log with MailScanner::Log::InfoLog, $ArchivesAre contents are
>> "[]"
>>
>> Any ideas for tracking down what is going on? I've searched the mailing
>> list history but have not found anything related
>>
>> - Brent

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Sat May 22 22:06:10 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Sat May 22 22:06:27 2010
Subject: docx problems
In-Reply-To: <4BF668AE.5030606@tradoc.fr>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<4BF2776E.30702@ecs.soton.ac.uk>	<EMEW3|ae57ac8103126b0f834738de41ee1c88m4HCI90bMailScanner|ecs.soton.ac.uk|4BF2776E.30702@ecs.soton.ac.uk>	<4BF37D97.70207@tradoc.fr>	<4BF652CF.5000807@ecs.soton.ac.uk>	<EMEW3|032f90acf04417405de83314a67f7013m4KAUx0bMailScanner|ecs.soton.ac.uk|4BF652CF.5000807@ecs.soton.ac.uk>	<4BF65643.4040308@tradoc.fr>	<4BF663DC.7080604@ecs.soton.ac.uk>	<EMEW3|2b0f4f2616e10663c6e4d082a4e0c86bm4KBhl0bMailScanner|ecs.soton.ac.uk|4BF663DC.7080604@ecs.soton.ac.uk>
	<4BF668AE.5030606@tradoc.fr> <4BF84742.9090204@ecs.soton.ac.uk>
Message-ID: <EMEW3|d44411b3af9464de4686c4a65a1defcem4LM6F0bMailScanner|ecs.soton.ac.uk|4BF84742.9090204@ecs.soton.ac.uk>

I still can't find the problem. All the files extracted from any zips 
are created with the correct permissions. I really can't see what can be 
going wrong :-(

On 21/05/2010 12:04, John Wilcock wrote:
> Le 21/05/2010 12:43, Julian Field a ?crit :
>> What are your
>> Incoming Work User =
>> Incoming Work Group =
>> Incoming Work Permissions =
>>
>> and what virus scanners are you using?
>
> Incoming Work User =
> Incoming Work Group = clamav
> Incoming Work Permissions = 0640
> Virus Scanners = clamd
>
> (and, although you didn't ask, but as it is interrelated with Incoming 
> Work User/Group)
>
> Run As User = postfix
> Run As Group = apache
>
> John.
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Sat May 22 22:07:04 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Sat May 22 22:07:23 2010
Subject: docx problems
In-Reply-To: <4BF65643.4040308@tradoc.fr>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<4BF2776E.30702@ecs.soton.ac.uk>	<EMEW3|ae57ac8103126b0f834738de41ee1c88m4HCI90bMailScanner|ecs.soton.ac.uk|4BF2776E.30702@ecs.soton.ac.uk>	<4BF37D97.70207@tradoc.fr>	<4BF652CF.5000807@ecs.soton.ac.uk>	<EMEW3|032f90acf04417405de83314a67f7013m4KAUx0bMailScanner|ecs.soton.ac.uk|4BF652CF.5000807@ecs.soton.ac.uk>
	<4BF65643.4040308@tradoc.fr> <4BF84778.2000709@ecs.soton.ac.uk>
Message-ID: <EMEW3|b9f13423f60552d209b9cdc11364b349m4LM7D0bMailScanner|ecs.soton.ac.uk|4BF84778.2000709@ecs.soton.ac.uk>



On 21/05/2010 10:45, John Wilcock wrote:
> Le 21/05/2010 11:30, Julian Field a ?crit :
>> All the permissions on files within archives are correct for clamd.
>> The perms fix in 4.80.4 only affected --lint as that was the only place
>> it was wrong.
>>
>> The "No programs allowed" is totally separate from anything to do with
>> Clamd.
>
> That's what I would have thought, but I'm getting clamd access denied 
> messages for exactly the same files that are being reported as "No 
> programs allowed", so thought it was worth mentioning.
If you can give me a message that re-creates the problem, that would be 
great, as I just can't find it.
>
>> What MTA are you using?
>
> Postfix 2.6.5, with clamav 0.96, perl 5.8 on gentoo. Perl module 
> versions listed below.
>
> If you want access to one of my boxes, let me know offlist.
>
> This is Perl version 5.008008 (5.8.8)
>
> This is MailScanner version 4.80.4
> Module versions are:
> 1.00    AnyDBM_File
> 1.30    Archive::Zip
> 0.17    bignum
> 1.04    Carp
> 2.021   Compress::Zlib
> 1.119   Convert::BinHex
> 0.17    Convert::TNEF
> 2.121_08        Data::Dumper
> 2.27    Date::Parse
> 1.00    DirHandle
> 1.05    Fcntl
> 2.74    File::Basename
> 2.09    File::Copy
> 2.01    FileHandle
> 1.08    File::Path
> 0.22    File::Temp
> 0.92    Filesys::Df
> 3.64    HTML::Entities
> 3.64    HTML::Parser
> 3.57    HTML::TokeParser
> 1.25    IO
> 1.14    IO::File
> 1.13    IO::Pipe
> 2.06    Mail::Header
> 1.77    Math::BigInt
> 0.15    Math::BigRat
> 3.08    MIME::Base64
> 5.427   MIME::Decoder
> 5.427   MIME::Decoder::UU
> 5.427   MIME::Head
> 5.427   MIME::Parser
> 3.08    MIME::QuotedPrint
> 5.427   MIME::Tools
> 0.11    Net::CIDR
> 1.25    Net::IP
> 0.19    OLE::Storage_Lite
> 1.04    Pod::Escapes
> 3.07    Pod::Simple
> 1.09    POSIX
> 1.21    Scalar::Util
> 1.78    Socket
> 2.20    Storable
> 1.4     Sys::Hostname::Long
> 0.27    Sys::Syslog
> 1.42    Test::Pod
> 0.94    Test::Simple
> 1.9719  Time::HiRes
> 1.02    Time::localtime
>
> Optional module versions are:
> 1.54    Archive::Tar
> 0.17    bignum
> missing Business::ISBN
> missing Business::ISBN::Data
> missing Data::Dump
> 1.82    DB_File
> 1.14    DBD::SQLite
> 1.609   DBI
> 1.16    Digest
> 1.01    Digest::HMAC
> 2.39    Digest::MD5
> 2.12    Digest::SHA1
> 1.01    Encode::Detect
> 0.17016 Error
> 0.2603  ExtUtils::CBuilder
> 2.2203  ExtUtils::ParseXS
> 2.38    Getopt::Long
> missing Inline
> 1.08    IO::String
> 1.09    IO::Zlib
> 2.23    IP::Country
> missing Mail::ClamAV
> 3.003001        Mail::SpamAssassin
> v2.007  Mail::SPF
> missing Mail::SPF::Query
> 0.340201        Module::Build
> 0.20    Net::CIDR::Lite
> 0.65    Net::DNS
> v0.003  Net::DNS::Resolver::Programmable
> missing Net::LDAP
>  4.028  NetAddr::IP
> 1.94    Parse::RecDescent
> missing SAVI
> 3.17    Test::Harness
> missing Test::Manifest
> 2.0.0   Text::Balanced
> 1.38    URI
> 0.7702  version
> 0.71    YAML
>
>
> John.
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From homyang4u at gmail.com  Sun May 23 13:59:53 2010
From: homyang4u at gmail.com (homyang cha)
Date: Sun May 23 14:00:04 2010
Subject: ClamAV definitions update problem
Message-ID: <AANLkTikDWXxVuRTkG1FQVi5BoIKf_q3lbJYWBAT-iqeh@mail.gmail.com>

Hello Ladies and Gentlemen
Recently I have updated mailscanner to 4.79.11-1 and ClamAV 0.96 and
SpamAssassin 3.3.0 easy installation package. in my CentOS 5.5 server, arch
x86_64 using postfix as MTA. Everything went well except clamav definitions
update. I tried looking for the solutions in documents and support pages of
mailscanner plus the list archieves but to no avail. I even tried googling
but could not get any solutions. The problem is when i do MailScanner --lint
it shows;

LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days!  ***
LibClamAV Warning: ***   Please update it as soon as possible.    ***
LibClamAV Warning: **************************************************

When I looked at the log file; more /var/log/maillog it shows;

mysystem ClamAV-autoupdate[4827]: ClamAV update warning: ERROR: getpatch:
Can't download daily-10848.cdiff from database.clamav.net
mysystem ClamAV-autoupdate[4827]: ClamAV updater failed
mysystem update.virus.scanners: Found generic installed
mysystem update.virus.scanners: Running autoupdate for generic

And when I try to update virus definitions manually with command freshclam
it shows

ClamAV update process started at Sun May 23 18:55:11 2010
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.96 Recommended version: 0.96.1
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cld is up to date (version: 52, sigs: 704727, f-level: 44, builder:
sven)
Trying host database.clamav.net (61.177.194.226)...
WARNING: getfile: daily-10848.cdiff not found on remote server (IP:
61.177.194.226)
WARNING: getpatch: Can't download daily-10848.cdiff from database.clamav.net
Trying host database.clamav.net (61.177.194.226)...
WARNING: getfile: daily-10848.cdiff not found on remote server (IP:
61.177.194.226)
WARNING: getpatch: Can't download daily-10848.cdiff from database.clamav.net
Trying host database.clamav.net (61.177.194.226)...
WARNING: getfile: daily-10848.cdiff not found on remote server (IP:
61.177.194.226)
WARNING: getpatch: Can't download daily-10848.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Trying host database.clamav.net (61.177.194.226)...
Downloading daily.cvd [100%]
WARNING: Mirror 61.177.194.226 is not synchronized.
Trying again in 5 secs...
ClamAV update process started at Sun May 23 18:55:44 2010
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.96 Recommended version: 0.96.1
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cld is up to date (version: 52, sigs: 704727, f-level: 44, builder:
sven)
Trying host database.clamav.net (61.177.194.226)...
WARNING: getfile: daily-10848.cdiff not found on remote server (IP:
61.177.194.226)
WARNING: getpatch: Can't download daily-10848.cdiff from database.clamav.net
Trying host database.clamav.net (61.177.194.226)...
WARNING: getfile: daily-10848.cdiff not found on remote server (IP:
61.177.194.226)
WARNING: getpatch: Can't download daily-10848.cdiff from database.clamav.net
Trying host database.clamav.net (61.177.194.226)...
WARNING: getfile: daily-10848.cdiff not found on remote server (IP:
61.177.194.226)
WARNING: getpatch: Can't download daily-10848.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Trying host database.clamav.net (61.177.194.226)...
Downloading daily.cvd [100%]
WARNING: Mirror 61.177.194.226 is not synchronized.
Trying again in 5 secs...
ClamAV update process started at Sun May 23 18:56:16 2010
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.96 Recommended version: 0.96.1
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cld is up to date (version: 52, sigs: 704727, f-level: 44, builder:
sven)
Trying host database.clamav.net (61.177.194.226)...
WARNING: getfile: daily-10848.cdiff not found on remote server (IP:
61.177.194.226)
WARNING: getpatch: Can't download daily-10848.cdiff from database.clamav.net
Trying host database.clamav.net (61.177.194.226)...
WARNING: getfile: daily-10848.cdiff not found on remote server (IP:
61.177.194.226)
WARNING: getpatch: Can't download daily-10848.cdiff from database.clamav.net
Trying host database.clamav.net (61.177.194.226)...
WARNING: getfile: daily-10848.cdiff not found on remote server (IP:
61.177.194.226)
ERROR: getpatch: Can't download daily-10848.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Trying host database.clamav.net (61.177.194.226)...
Downloading daily.cvd [100%]
WARNING: Mirror 61.177.194.226 is not synchronized.
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in
/usr/local/etc/freshclam.conf is working. Check
http://www.clamav.net/support/mirror-problem for possible reasons.

What could be the possible reasons for the same? Please help if you have any
idea on this or show me the link to the solutions.

Thanks in advance.

Homyang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100523/ccb5d749/attachment.html
From seven at seven.dorksville.net  Mon May 24 01:52:38 2010
From: seven at seven.dorksville.net (Anthony Giggins)
Date: Mon May 24 01:53:04 2010
Subject: Errors with MailScanner --lint after upgrade to clamav
Message-ID: <13997.125.168.254.15.1274662358.squirrel@seven.dorksville.net>

I know there was some talk about Errors in lint some weeks back but from
memory this is a different issue, I upgraded one of my test boxes to
4.79.11 to test but its also getting the same errors.

actual scanning appears to be working correctly this is only affecting lint.

I was running clamav 0.96.0-3 from rpmforge now 0.96.1-1

# MailScanner --lint
Trying to setlogsock(unix)
Read 882 hostnames from the phishing whitelist
Read 5183 hostnames from the phishing blacklists
Config: calling custom init function SQLBlacklist
Starting up SQL Blacklist
Read 1 blacklist entries
Config: calling custom init function MailWatchLogging
Started SQL Logging child
Config: calling custom init function SQLWhitelist
Starting up SQL Whitelist
Read 164 whitelist entries
Checking version numbers...
Version number in MailScanner.conf (4.76.24) is correct.

Your envelope_sender_header in spam.assassin.prefs.conf is correct.

Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Connected to processing-messages database
Created processing-messages database successfully
There are 0 messages in the processing-messages database
Using locktype = posix
MailScanner.conf says "Virus Scanners = clamd"
Found these virus scanners installed: clamavmodule, clamd
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/
Clamd::ERROR:: UNKNOWN CLAMD RETURN ./MSlintM22h4y/lstat() failed:
Permission denied. ERROR :: /var/spool/MailScanner/incoming/29907
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
Virus Scanning: Clamd found 3 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 3 viruses
===========================================================================

If any of your virus scanners (clamavmodule,clamd)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
Config: calling custom end function SQLBlacklist
Closing down by-domain spam blacklist
Config: calling custom end function MailWatchLogging
Config: calling custom end function SQLWhitelist
Closing down by-domain spam whitelist



From a.peacock at ucl.ac.uk  Mon May 24 09:14:56 2010
From: a.peacock at ucl.ac.uk (Anthony Peacock)
Date: Mon May 24 09:15:26 2010
Subject: Errors with MailScanner --lint after upgrade to clamav
In-Reply-To: <13997.125.168.254.15.1274662358.squirrel@seven.dorksville.net>
References: <13997.125.168.254.15.1274662358.squirrel@seven.dorksville.net>
Message-ID: <55630085E8957640B9AA8C04493D34C10BE596@DB2PRD0103MB043.eurprd01.prod.exchangelabs.com>

Hi,

No this is exactly the problem with lint that was reported and fixed a few weeks ago.


-- 
Anthony Peacock,
Head of Applications & Programme Development,
Advanced IT Support Centre (AISC),
UCL Faculty of Biomedical Sciences,
CHIME, Whittington Campus,
http://www.chime.ucl.ac.uk/~rmhiajp/


-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Anthony Giggins
Sent: 24 May 2010 01:53
To: mailscanner@lists.mailscanner.info
Subject: Errors with MailScanner --lint after upgrade to clamav

I know there was some talk about Errors in lint some weeks back but from
memory this is a different issue, I upgraded one of my test boxes to
4.79.11 to test but its also getting the same errors.

actual scanning appears to be working correctly this is only affecting lint.

I was running clamav 0.96.0-3 from rpmforge now 0.96.1-1

# MailScanner --lint
Trying to setlogsock(unix)
Read 882 hostnames from the phishing whitelist
Read 5183 hostnames from the phishing blacklists
Config: calling custom init function SQLBlacklist
Starting up SQL Blacklist
Read 1 blacklist entries
Config: calling custom init function MailWatchLogging
Started SQL Logging child
Config: calling custom init function SQLWhitelist
Starting up SQL Whitelist
Read 164 whitelist entries
Checking version numbers...
Version number in MailScanner.conf (4.76.24) is correct.

Your envelope_sender_header in spam.assassin.prefs.conf is correct.

Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Connected to processing-messages database
Created processing-messages database successfully
There are 0 messages in the processing-messages database
Using locktype = posix
MailScanner.conf says "Virus Scanners = clamd"
Found these virus scanners installed: clamavmodule, clamd
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/
Clamd::ERROR:: UNKNOWN CLAMD RETURN ./MSlintM22h4y/lstat() failed:
Permission denied. ERROR :: /var/spool/MailScanner/incoming/29907
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
Virus Scanning: Clamd found 3 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 3 viruses
===========================================================================

If any of your virus scanners (clamavmodule,clamd)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
Config: calling custom end function SQLBlacklist
Closing down by-domain spam blacklist
Config: calling custom end function MailWatchLogging
Config: calling custom end function SQLWhitelist
Closing down by-domain spam whitelist



-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From martin at vlach.us  Mon May 24 23:02:10 2010
From: martin at vlach.us (Martin Vlach)
Date: Mon May 24 23:03:03 2010
Subject: Negative SA score reported in subject line
Message-ID: <00c501cafb8c$c2972900$47c57b00$@us>

I have the following configuration set for MailScanner 4.78.17-1:

Required SpamAssassin Score	4
High SpamAssassin Score		8
Spam Modify Subject		start
Spam Subject Text			{Spam _SCORE_}

The problem:
negative scores are reported to users in their Subject Line. They see scores
-1 through -4.

I am fine with the scores themselves; the problem is that they are reported.
I assume that any scores below 4 should not modify the subject line.

I've searched many places (google, faqs, documentation), but can't find
anything.
I would like suggestions on the best approach to fix this problem for our
users.

Thx, Martin

From seven at seven.dorksville.net  Tue May 25 00:37:53 2010
From: seven at seven.dorksville.net (Anthony Giggins)
Date: Tue May 25 00:38:17 2010
Subject: Errors with MailScanner --lint after upgrade to clamav
In-Reply-To: <55630085E8957640B9AA8C04493D34C10BE596@DB2PRD0103MB043.eurprd01.prod.
	exchangelabs.com>
References: <13997.125.168.254.15.1274662358.squirrel@seven.dorksville.net>
	<55630085E8957640B9AA8C04493D34C10BE596@DB2PRD0103MB043.eurprd01.prod.exchangelabs.com>
Message-ID: <33420.125.168.254.15.1274744273.squirrel@seven.dorksville.net>

> Hi,
>
> No this is exactly the problem with lint that was reported and fixed a few
> weeks ago.
>
>
> --
> Anthony Peacock,
> Head of Applications & Programme Development,
> Advanced IT Support Centre (AISC),
> UCL Faculty of Biomedical Sciences,
> CHIME, Whittington Campus,
> http://www.chime.ucl.ac.uk/~rmhiajp/
>

I'm sorry which version is this fixed in? I thought upgrading to the
latest stable would have had the fix...

The thread history doesn't really mention this

http://lists.mailscanner.info/pipermail/mailscanner/2010-April/095643.html

Cheers,

Anthony


From a.peacock at ucl.ac.uk  Tue May 25 08:02:39 2010
From: a.peacock at ucl.ac.uk (Anthony Peacock)
Date: Tue May 25 08:02:56 2010
Subject: Errors with MailScanner --lint after upgrade to clamav
In-Reply-To: <33420.125.168.254.15.1274744273.squirrel@seven.dorksville.net>
References: <13997.125.168.254.15.1274662358.squirrel@seven.dorksville.net>
	<55630085E8957640B9AA8C04493D34C10BE596@DB2PRD0103MB043.eurprd01.prod.exchangelabs.com>
	<33420.125.168.254.15.1274744273.squirrel@seven.dorksville.net>
Message-ID: <55630085E8957640B9AA8C04493D34C10BFD4C@DB2PRD0103MB043.eurprd01.prod.exchangelabs.com>

Hi,

http://www.mailscanner.info/ChangeLog

24/04/2010 New in Version 4.80.4-1
==================================
* New Features and Improvements *
1 Upgraded AVG support to AVG version 8. Support no longer guaranteed for
  older versions.
2 Installers no longer over-write mailscanner.cf in SpamAssassin directory
  if the file or link exists.
3 Added support for McAfee version 6. Use the virus scanner name "mcafee6"
  to get this support. Many thanks to Phil Randal and Michael Miller for
  all their hard work on this.
4 Improved "file" command output processing so it stops at 1st "," to reduce
  false alarms greatly.

* Fixes *
1 A minor rewrite of a bit of the TNEF code to handle some systems' odd
  opinions about tainting data.
1 Minor tweak to avoid warning about insecure dependency in WorkArea.pm.
2 Fixed documentation for "Allow Multiple HTML Signatures" setting.
3 Fixed "MailScanner --lint" to not throw an erroneous error message about
  "MSlint" directory permissions.
3 Fixed error in MIME boundary checking that stopped a few very rare cases
  being checked.

-- 
Anthony Peacock,
Head of Applications & Programme Development,
Advanced IT Support Centre (AISC),
UCL Faculty of Biomedical Sciences,
CHIME, Whittington Campus,
http://www.chime.ucl.ac.uk/~rmhiajp/

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Anthony Giggins
Sent: 25 May 2010 00:38
To: MailScanner discussion
Subject: RE: Errors with MailScanner --lint after upgrade to clamav

> Hi,
>
> No this is exactly the problem with lint that was reported and fixed a few
> weeks ago.
>
>
> --
> Anthony Peacock,
> Head of Applications & Programme Development,
> Advanced IT Support Centre (AISC),
> UCL Faculty of Biomedical Sciences,
> CHIME, Whittington Campus,
> http://www.chime.ucl.ac.uk/~rmhiajp/
>

I'm sorry which version is this fixed in? I thought upgrading to the
latest stable would have had the fix...

The thread history doesn't really mention this

http://lists.mailscanner.info/pipermail/mailscanner/2010-April/095643.html

Cheers,

Anthony


-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From maxsec at gmail.com  Tue May 25 08:42:38 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Tue May 25 08:42:47 2010
Subject: Negative SA score reported in subject line
In-Reply-To: <00c501cafb8c$c2972900$47c57b00$@us>
References: <00c501cafb8c$c2972900$47c57b00$@us>
Message-ID: <AANLkTil_990xFCWuzJqpTh_qzuzMwWPLitOHowasmMfO@mail.gmail.com>

Check that you're not using RBL's directly in MailScanner. That will trigger
it as 'spam' and therefore tag the subject etc.

Martin

On 24 May 2010 23:02, Martin Vlach <martin@vlach.us> wrote:

> I have the following configuration set for MailScanner 4.78.17-1:
>
> Required SpamAssassin Score     4
> High SpamAssassin Score         8
> Spam Modify Subject             start
> Spam Subject Text                       {Spam _SCORE_}
>
> The problem:
> negative scores are reported to users in their Subject Line. They see
> scores
> -1 through -4.
>
> I am fine with the scores themselves; the problem is that they are
> reported.
> I assume that any scores below 4 should not modify the subject line.
>
> I've searched many places (google, faqs, documentation), but can't find
> anything.
> I would like suggestions on the best approach to fix this problem for our
> users.
>
> Thx, Martin
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



-- 
Martin Hepworth
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100525/c54301d5/attachment.html
From maillists at conactive.com  Tue May 25 11:32:30 2010
From: maillists at conactive.com (Kai Schaetzl)
Date: Tue May 25 11:32:42 2010
Subject: Errors with MailScanner --lint after upgrade to clamav
In-Reply-To: <55630085E8957640B9AA8C04493D34C10BE596@DB2PRD0103MB043.eurprd01.prod.exchangelabs.com>
References: <13997.125.168.254.15.1274662358.squirrel@seven.dorksville.net>
	<55630085E8957640B9AA8C04493D34C10BE596@DB2PRD0103MB043.eurprd01.prod.exchangelabs.com>
Message-ID: <VA.00003afd.082e2d40@news.conactive.com>

Anthony Peacock wrote on Mon, 24 May 2010 08:14:56 +0000:

> fixed a few weeks ago.

Fixed? I'm just back from four weeks vacation, so I may have missed 
something, but a quick look over the subjects and the changelog doesn't 
reveal any fix or new version.

Kai

-- 
Get your web at Conactive Internet Services: http://www.conactive.com



From maillists at conactive.com  Tue May 25 13:31:19 2010
From: maillists at conactive.com (Kai Schaetzl)
Date: Tue May 25 13:31:30 2010
Subject: Errors with MailScanner --lint after upgrade to clamav
In-Reply-To: <55630085E8957640B9AA8C04493D34C10BFD4C@DB2PRD0103MB043.eurprd01.prod.exchangelabs.com>
References: <13997.125.168.254.15.1274662358.squirrel@seven.dorksville.net>
	<55630085E8957640B9AA8C04493D34C10BE596@DB2PRD0103MB043.eurprd01.prod.exchangelabs.com>
	<33420.125.168.254.15.1274744273.squirrel@seven.dorksville.net>
	<55630085E8957640B9AA8C04493D34C10BFD4C@DB2PRD0103MB043.eurprd01.prod.exchangelabs.com>
Message-ID: <VA.00003afe.089af40e@news.conactive.com>

Anthony Peacock wrote on Tue, 25 May 2010 07:02:39 +0000:

> 24/04/2010

Ah, there, two days after I left. I just read April and thought there's 
nothing new. Thanks!

Kai

-- 
Get your web at Conactive Internet Services: http://www.conactive.com



From Denis.Beauchemin at USherbrooke.ca  Tue May 25 13:36:15 2010
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Tue May 25 13:36:32 2010
Subject: ClamAV definitions update problem
In-Reply-To: <AANLkTikDWXxVuRTkG1FQVi5BoIKf_q3lbJYWBAT-iqeh@mail.gmail.com>
References: <AANLkTikDWXxVuRTkG1FQVi5BoIKf_q3lbJYWBAT-iqeh@mail.gmail.com>
Message-ID: <4BFBC43F.5050102@USherbrooke.ca>

Le 2010-05-23 08:59, homyang cha a ?crit :
> Hello Ladies and Gentlemen
> Recently I have updated mailscanner to 4.79.11-1 and ClamAV 0.96 and 
> SpamAssassin 3.3.0 easy installation package. in my CentOS 5.5 server, 
> arch x86_64 using postfix as MTA. Everything went well except clamav 
> definitions update. I tried looking for the solutions in documents and 
> support pages of mailscanner plus the list archieves but to no avail. 
> I even tried googling but could not get any solutions. The problem is 
> when i do MailScanner --lint it shows;
>
> LibClamAV Warning: **************************************************
> LibClamAV Warning: ***  The virus database is older than 7 days!  ***
> LibClamAV Warning: ***   Please update it as soon as possible.    ***
> LibClamAV Warning: **************************************************
>
> When I looked at the log file; more /var/log/maillog it shows;
>
> mysystem ClamAV-autoupdate[4827]: ClamAV update warning: ERROR: 
> getpatch: Can't download daily-10848.cdiff from database.clamav.net 
> <http://database.clamav.net>
> mysystem ClamAV-autoupdate[4827]: ClamAV updater failed
> mysystem update.virus.scanners: Found generic installed
> mysystem update.virus.scanners: Running autoupdate for generic
>
> And when I try to update virus definitions manually with command 
> freshclam it shows
>
> ClamAV update process started at Sun May 23 18:55:11 2010
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.96 Recommended version: 0.96.1
> DON'T PANIC! Read http://www.clamav.net/support/faq
> main.cld is up to date (version: 52, sigs: 704727, f-level: 44, 
> builder: sven)
> Trying host database.clamav.net <http://database.clamav.net> 
> (61.177.194.226)...
> WARNING: getfile: daily-10848.cdiff not found on remote server (IP: 
> 61.177.194.226)
> WARNING: getpatch: Can't download daily-10848.cdiff from 
> database.clamav.net <http://database.clamav.net>
> Trying host database.clamav.net <http://database.clamav.net> 
> (61.177.194.226)...
> WARNING: getfile: daily-10848.cdiff not found on remote server (IP: 
> 61.177.194.226)
> WARNING: getpatch: Can't download daily-10848.cdiff from 
> database.clamav.net <http://database.clamav.net>
> Trying host database.clamav.net <http://database.clamav.net> 
> (61.177.194.226)...
>
> What could be the possible reasons for the same? Please help if you 
> have any idea on this or show me the link to the solutions.
>
> Thanks in advance.
>
> Homyang
>

Homyang,

Look into the DatabaseDirectory (mine is /var/clamav) for a file named 
mirrors.dat and delete it. Then run freshclam again. It may help.

Denis

-- 
Denis Beauchemin, analyste
Universit? de Sherbrooke, S.T.I.
T: 819.821.8000x62252 F: 819.821.8045

From submit at zuka.net  Tue May 25 16:46:33 2010
From: submit at zuka.net (Dave Filchak)
Date: Tue May 25 16:48:10 2010
Subject: Negative SA score reported in subject line
In-Reply-To: <AANLkTil_990xFCWuzJqpTh_qzuzMwWPLitOHowasmMfO@mail.gmail.com>
References: <00c501cafb8c$c2972900$47c57b00$@us>
	<AANLkTil_990xFCWuzJqpTh_qzuzMwWPLitOHowasmMfO@mail.gmail.com>
Message-ID: <4BFBF0D9.50309@zuka.net>

Sorry ... did I miss something? I am not supposed to refer/use RBL 
directly in MailScanner?

On 22/07/64 2:59 PM, Martin Hepworth wrote:
> Check that you're not using RBL's directly in MailScanner. That will 
> trigger it as 'spam' and therefore tag the subject etc.
>
> Martin
>
> On 24 May 2010 23:02, Martin Vlach <martin@vlach.us 
> <mailto:martin@vlach.us>> wrote:
>
>     I have the following configuration set for MailScanner 4.78.17-1:
>
>     Required SpamAssassin Score     4
>     High SpamAssassin Score         8
>     Spam Modify Subject             start
>     Spam Subject Text                       {Spam _SCORE_}
>
>     The problem:
>     negative scores are reported to users in their Subject Line. They
>     see scores
>     -1 through -4.
>
>     I am fine with the scores themselves; the problem is that they are
>     reported.
>     I assume that any scores below 4 should not modify the subject line.
>
>     I've searched many places (google, faqs, documentation), but can't
>     find
>     anything.
>     I would like suggestions on the best approach to fix this problem
>     for our
>     users.
>
>     Thx, Martin
>
>     --
>     MailScanner mailing list
>     mailscanner@lists.mailscanner.info
>     <mailto:mailscanner@lists.mailscanner.info>
>     http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>     Before posting, read http://wiki.mailscanner.info/posting
>
>     Support MailScanner development - buy the book off the website!
>
>
>
>
> -- 
> Martin Hepworth
> Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100525/199f5e8c/attachment.html
From maxsec at gmail.com  Tue May 25 17:02:20 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Tue May 25 17:02:29 2010
Subject: Negative SA score reported in subject line
In-Reply-To: <4BFBF0D9.50309@zuka.net>
References: <00c501cafb8c$c2972900$47c57b00$@us>
	<AANLkTil_990xFCWuzJqpTh_qzuzMwWPLitOHowasmMfO@mail.gmail.com>
	<4BFBF0D9.50309@zuka.net>
Message-ID: <AANLkTik1fGx1oKoAvy_ckO5QT-QcGT1ePVJnMNIPfZSe@mail.gmail.com>

I find most people do the RBL's either at the front end and smtp reject, or
withing SA so they add to the score. With MS you can use multiple RBL's and
one trigger spam if more than X agree (where X >=1, default value is 1).



On 25 May 2010 16:46, Dave Filchak <submit@zuka.net> wrote:

>  Sorry ... did I miss something? I am not supposed to refer/use RBL
> directly in MailScanner?
>
>
> On 22/07/64 2:59 PM, Martin Hepworth wrote:
>
> Check that you're not using RBL's directly in MailScanner. That will
> trigger it as 'spam' and therefore tag the subject etc.
>
> Martin
>
> On 24 May 2010 23:02, Martin Vlach <martin@vlach.us> wrote:
>
>> I have the following configuration set for MailScanner 4.78.17-1:
>>
>> Required SpamAssassin Score     4
>> High SpamAssassin Score         8
>> Spam Modify Subject             start
>> Spam Subject Text                       {Spam _SCORE_}
>>
>> The problem:
>> negative scores are reported to users in their Subject Line. They see
>> scores
>> -1 through -4.
>>
>> I am fine with the scores themselves; the problem is that they are
>> reported.
>> I assume that any scores below 4 should not modify the subject line.
>>
>> I've searched many places (google, faqs, documentation), but can't find
>> anything.
>> I would like suggestions on the best approach to fix this problem for our
>> users.
>>
>> Thx, Martin
>>
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
>
>
> --
> Martin Hepworth
> Oxford, UK
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>


-- 
Martin Hepworth
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100525/9e23cde5/attachment.html
From raubvogel at gmail.com  Wed May 26 14:56:37 2010
From: raubvogel at gmail.com (Mauricio Tavares)
Date: Wed May 26 14:56:47 2010
Subject: New spam has bayesian=0
Message-ID: <AANLkTimAH7p5fzdZ6VyMTC7HHyy1MqJ1_3TBwMVCCe5f@mail.gmail.com>

      I have been receiving some new spam in Spanish and Russian. At
first I just copied them to my spam folder as I run sa-learn --spam on
it every night. But the spam continues to come and it still does not
seem to register in the Bayesian filter. What would cause that?

On a somewhat related note, for now I was hoping to block it by
telling mailscanner I only want to take emails in English. So, I went
to spam.assassin.prefs.conf and had

loadplugin     Mail::SpamAssassin::Plugin::TextCat
ok_languages = en
ok_locales = en

And restarted mailscanner. It did not seem to help. Am I missing anything?
From martin at vlach.us  Wed May 26 19:53:13 2010
From: martin at vlach.us (Martin Vlach)
Date: Wed May 26 19:54:09 2010
Subject: Negative SA score reported in subject line
In-Reply-To: <201005261101.o4QB1P4Q028370@safir.blacknight.ie>
References: <201005261101.o4QB1P4Q028370@safir.blacknight.ie>
Message-ID: <015201cafd04$b1ac3530$15049f90$@us>

Martin Hepworth:

Thanks for your suggestion. I do indeed use
RBLs directly - it seemed to make a lot of
sense when I got MailScanner, and the relationship
between RBL checking in MailScanner and in
SpamAssassin is not obvious when one is just
starting.

However, this does not answer the question of why
a *negative* score would be reported on the subject line;
or else I don't understand the concept of scoring
and reporting.

Any more suggestions on how to turn off the *reporting*?
Or would you suggest that I turn off RBL checking
in MailScanner completely?

Am I wasting resources by having the following in my setup?

My MailScanner.conf has:

Spam Checks = yes
Spam List = spamhaus-ZEN NJABL
Spam Domain List = SORBS-DNSBL SORBS-SPAM
Spam Lists To Be Spam = 1
Spam Lists To Reach High Score = 2

And in spam.assassin.prefs.conf I have

ifplugin Mail::SpamAssassin::Plugin::Pyzor
pyzor_path /usr/bin/pyzor
pyzor_options --homedir /etc/mail/spamassassin
endif

ifplugin Mail::SpamAssassin::Plugin::DCC
dcc_path /usr/local/bin/dccproc
endif

Thanks!
Martin Vlach

Date: Tue, 25 May 2010 11:46:33 -0400
From: Dave Filchak <submit@zuka.net>
Subject: Re: Re: Negative SA score reported in subject line
To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Message-ID: <4BFBF0D9.50309@zuka.net>
Content-Type: text/plain; charset="iso-8859-1"

Sorry ... did I miss something? I am not supposed to refer/use RBL 
directly in MailScanner?

On 22/07/64 2:59 PM, Martin Hepworth wrote:
> Check that you're not using RBL's directly in MailScanner. That will 
> trigger it as 'spam' and therefore tag the subject etc.
>
> Martin
>
> On 24 May 2010 23:02, Martin Vlach <martin@vlach.us 
> <mailto:martin@vlach.us>> wrote:
>
>     I have the following configuration set for MailScanner 4.78.17-1:
>
>     Required SpamAssassin Score     4
>     High SpamAssassin Score         8
>     Spam Modify Subject             start
>     Spam Subject Text                       {Spam _SCORE_}
>
>     The problem:
>     negative scores are reported to users in their Subject Line. They
>     see scores
>     -1 through -4.
>
>     I am fine with the scores themselves; the problem is that they are
>     reported.
>     I assume that any scores below 4 should not modify the subject line.
>
>     I've searched many places (google, faqs, documentation), but can't
>     find
>     anything.
>     I would like suggestions on the best approach to fix this problem
>     for our
>     users.
>
>     Thx, Martin
>
>     --
>     MailScanner mailing list
>     mailscanner@lists.mailscanner.info
>     <mailto:mailscanner@lists.mailscanner.info>
>     http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>     Before posting, read http://wiki.mailscanner.info/posting
>
>     Support MailScanner development - buy the book off the website!
>
>
>
>
> -- 
> Martin Hepworth
> Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100525/199
f5e8c/attachment-0001.html

------------------------------

Message: 4
Date: Tue, 25 May 2010 17:02:20 +0100
From: Martin Hepworth <maxsec@gmail.com>
Subject: Re: Re: Negative SA score reported in subject line
To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Message-ID:
	<AANLkTik1fGx1oKoAvy_ckO5QT-QcGT1ePVJnMNIPfZSe@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

I find most people do the RBL's either at the front end and smtp reject, or
withing SA so they add to the score. With MS you can use multiple RBL's and
one trigger spam if more than X agree (where X >=1, default value is 1).



On 25 May 2010 16:46, Dave Filchak <submit@zuka.net> wrote:

>  Sorry ... did I miss something? I am not supposed to refer/use RBL
> directly in MailScanner?
>
>
> On 22/07/64 2:59 PM, Martin Hepworth wrote:
>
> Check that you're not using RBL's directly in MailScanner. That will
> trigger it as 'spam' and therefore tag the subject etc.
>
> Martin
>
> On 24 May 2010 23:02, Martin Vlach <martin@vlach.us> wrote:
>
>> I have the following configuration set for MailScanner 4.78.17-1:
>>
>> Required SpamAssassin Score     4
>> High SpamAssassin Score         8
>> Spam Modify Subject             start
>> Spam Subject Text                       {Spam _SCORE_}
>>
>> The problem:
>> negative scores are reported to users in their Subject Line. They see
>> scores
>> -1 through -4.
>>
>> I am fine with the scores themselves; the problem is that they are
>> reported.
>> I assume that any scores below 4 should not modify the subject line.
>>
>> I've searched many places (google, faqs, documentation), but can't find
>> anything.
>> I would like suggestions on the best approach to fix this problem for our
>> users.
>>
>> Thx, Martin
>>
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
>
>
> --
> Martin Hepworth
> Oxford, UK

From bpirie at rma.edu  Wed May 26 20:22:40 2010
From: bpirie at rma.edu (Brendan Pirie)
Date: Wed May 26 20:22:59 2010
Subject: Negative SA score reported in subject line
In-Reply-To: <015201cafd04$b1ac3530$15049f90$@us>
References: <201005261101.o4QB1P4Q028370@safir.blacknight.ie>
	<015201cafd04$b1ac3530$15049f90$@us>
Message-ID: <4BFD7500.4080908@rma.edu>

Martin,

I haven't tested with the settings you're using.  In particular I do not 
include the spam score in the subject.  However, if either:

Spam Lists To Be Spam = 1
Spam Lists To Reach High Score = 2

are matched, the message will be marked as spam regardless of 
spamassassin score, which could in fact be negative.  This could explain 
the behavior you're seeing, though I have not tested it.

Brendan


On 5/26/2010 2:53 PM, Martin Vlach wrote:
> However, this does not answer the question of why
> a *negative* score would be reported on the subject line;
> or else I don't understand the concept of scoring
> and reporting.
>    
>
From rlopezcnm at gmail.com  Thu May 27 02:45:59 2010
From: rlopezcnm at gmail.com (Robert Lopez)
Date: Thu May 27 02:46:09 2010
Subject: does MailScanner rewrite URL
Message-ID: <AANLkTinxz8nmNwZoyXMJikvt1IrqPWt65G93l6dtaDBh@mail.gmail.com>

My peers and I are having a discussion. This is the context taken from
an actual email an instructor sent to students:

I'm happy you've  enrolled in this course.  Begin by printing and
reading the  Week 1  Learning Map at MailScanner has detected a
possible fraud attempt from "lummail.cnm.edu:6777" claiming to be
https://people.cnm.edu/personal/nseeking/nanseeking/de0950/weeklymaps/week01_12wk.htm.
<http://lummail.cnm.edu:6777/redir.aspx?C=840d793b97b94b0c855f60f95249126c&URL=https%3a%2f%2fowa.cnm.edu%2fOWA%2fredir.aspx%3fC%3d3cf3a1ea1bc74939934074259ff11734%26URL%3dhttps%253a%252f%252fpeople.cnm.edu%252fpersonal%252fnseeking%252fnanseeking%252fde0950%252fdefault.aspx>
    This map will be your to-do list for completing the first week's
assignments.

My peers believe MailScanner sees this part:

https://people.cnm.edu/personal/nseeking/nanseeking/de0950/weeklymaps/week01_12wk.htm

And that MailScanner generates this and adds it to the message:

<http://lummail.cnm.edu:6777/redir.aspx?C=840d793b97b94b0c855f60f95249126c&URL=https%3a%2f%2fowa.cnm.edu%2fOWA%2fredir.aspx%3fC%3d3cf3a1ea1bc74939934074259ff11734%26URL%3dhttps%253a%252f%252fpeople.cnm.edu%252fpersonal%252fnseeking%252fnanseeking%252fde0950%252fdefault.aspx>

I am thinking (hoping) that in fact MailScanner is finding that last
long string hidden in the email (possibly in some html code?).

If MailScanner is generating it why?, how is it interpreted?, how to
stop it?  Is that port 6777 Beagle.A virus; a windows virus on a
Redhat server?

What MailScanner code is involved in generating this (possible fraud
attempt) message?

-- 
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
From Jeff.Mills at sydneytech.com.au  Thu May 27 03:11:45 2010
From: Jeff.Mills at sydneytech.com.au (Jeff Mills)
Date: Thu May 27 03:11:59 2010
Subject: does MailScanner rewrite URL
In-Reply-To: <AANLkTinxz8nmNwZoyXMJikvt1IrqPWt65G93l6dtaDBh@mail.gmail.com>
References: <AANLkTinxz8nmNwZoyXMJikvt1IrqPWt65G93l6dtaDBh@mail.gmail.com>
Message-ID: <5CC818E72EFF6C4CB0D4DFEF1C4E6CD50ED23DDF2A@SERVER01.sts.local>



-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Robert Lopez
Sent: Thursday, 27 May 2010 11:46 AM
To: MailScanner discussion
Subject: does MailScanner rewrite URL

If MailScanner is generating it why?, how is it interpreted?, how to
stop it?  Is that port 6777 Beagle.A virus; a windows virus on a
Redhat server?

What MailScanner code is involved in generating this (possible fraud
attempt) message?

-- 
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106


If the text of the URL does not match the URL, then this will be triggered.

For instance: 
Visit my nice friendly site: <a href="http://www.some.site.with.a.trjoan.com">http://www.my.safe.site.com</a>

So mailscanner would expose my attempt to trick a non-tech savvy user into visiting my malicious website.

From brent.addis at nsp.co.nz  Thu May 27 10:38:20 2010
From: brent.addis at nsp.co.nz (Brent Addis)
Date: Thu May 27 10:39:10 2010
Subject: Baruwa
Message-ID: <71EE5816EB7C4D4C9DEA1003EB79470F0D8475@nspexch01.nsp.local>

Skipped content of type multipart/alternative-------------- next part --------------
A non-text attachment was scrubbed...
Name: image87b970.GIF
Type: image/gif
Size: 1099 bytes
Desc: image87b970.GIF
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100527/a44e3f7f/image87b970.gif
From malli at mcrirents.com  Thu May 27 15:35:52 2010
From: malli at mcrirents.com (Mohammed Alli)
Date: Thu May 27 14:39:51 2010
Subject: Baruwa
In-Reply-To: <71EE5816EB7C4D4C9DEA1003EB79470F0D8475@nspexch01.nsp.local>
References: <71EE5816EB7C4D4C9DEA1003EB79470F0D8475@nspexch01.nsp.local>
Message-ID: <3B1A431BDA34C54581BE43253BC1BD930246FCD1@exchange.computerrents.com>

Skipped content of type multipart/alternative-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1099 bytes
Desc: image001.gif
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100527/095da3b1/attachment.gif
From rlopezcnm at gmail.com  Thu May 27 15:11:04 2010
From: rlopezcnm at gmail.com (Robert Lopez)
Date: Thu May 27 15:18:31 2010
Subject: does MailScanner rewrite URL
In-Reply-To: <5CC818E72EFF6C4CB0D4DFEF1C4E6CD50ED23DDF2A@SERVER01.sts.local>
References: <AANLkTinxz8nmNwZoyXMJikvt1IrqPWt65G93l6dtaDBh@mail.gmail.com>
	<5CC818E72EFF6C4CB0D4DFEF1C4E6CD50ED23DDF2A@SERVER01.sts.local>
Message-ID: <AANLkTil-LzTwqSXXuzu2SnxjSJpgN4hvCrHjHnv-GSTw@mail.gmail.com>

On Wed, May 26, 2010 at 8:11 PM, Jeff Mills
<Jeff.Mills@sydneytech.com.au> wrote:

> If the text of the URL does not match the URL, then this will be triggered.
>
> For instance:
> Visit my nice friendly site: <a href="http://www.some.site.with.a.trjoan.com">http://www.my.safe.site.com</a>
>
> So mailscanner would expose my attempt to trick a non-tech savvy user into visiting my malicious website.

OK

In this situation the author of the email may have manually typed the
url text only or she may have cut and pasted what she believed to be
the url only.

I am trying to find out if there is any possibility that MailScanner
played any role in the generation of the url beside the text of the
url?


-- 
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
From mark at msapiro.net  Thu May 27 15:28:24 2010
From: mark at msapiro.net (Mark Sapiro)
Date: Thu May 27 15:28:37 2010
Subject: does MailScanner rewrite URL
In-Reply-To: <AANLkTinxz8nmNwZoyXMJikvt1IrqPWt65G93l6dtaDBh@mail.gmail.com>
References: <AANLkTinxz8nmNwZoyXMJikvt1IrqPWt65G93l6dtaDBh@mail.gmail.com>
Message-ID: <4BFE8188.6000809@msapiro.net>

On 11:59 AM, Robert Lopez wrote:
> My peers and I are having a discussion. This is the context taken from
> an actual email an instructor sent to students:
> 
> I'm happy you've  enrolled in this course.  Begin by printing and
> reading the  Week 1  Learning Map at MailScanner has detected a
> possible fraud attempt from "lummail.cnm.edu:6777" claiming to be
> https://people.cnm.edu/personal/nseeking/nanseeking/de0950/weeklymaps/week01_12wk.htm.
> <http://lummail.cnm.edu:6777/redir.aspx?C?0d793b97b94b0c855f60f95249126c&URL=https%3a%2f%2fowa.cnm.edu%2fOWA%2fredir.aspx%3fC%3d3cf3a1ea1bc74939934074259ff11734%26URL%3dhttps%253a%252f%252fpeople.cnm.edu%252fpersonal%252fnseeking%252fnanseeking%252fde0950%252fdefault.aspx>
>     This map will be your to-do list for completing the first week's
> assignments.
> 
> My peers believe MailScanner sees this part:
> 
> https://people.cnm.edu/personal/nseeking/nanseeking/de0950/weeklymaps/week01_12wk.htm
> 
> And that MailScanner generates this and adds it to the message:
> 
> <http://lummail.cnm.edu:6777/redir.aspx?C?0d793b97b94b0c855f60f95249126c&URL=https%3a%2f%2fowa.cnm.edu%2fOWA%2fredir.aspx%3fC%3d3cf3a1ea1bc74939934074259ff11734%26URL%3dhttps%253a%252f%252fpeople.cnm.edu%252fpersonal%252fnseeking%252fnanseeking%252fde0950%252fdefault.aspx>
> 
> I am thinking (hoping) that in fact MailScanner is finding that last
> long string hidden in the email (possibly in some html code?).


MailScanner sees the following HTML in the incoming message:

<a
href="http://lummail.cnm.edu:6777/redir.aspx?C?0d793b97b94b0c855f60f95249126c&URL=https%3a%2f%2fowa.cnm.edu%2fOWA%2fredir.aspx%3fC%3d3cf3a1ea1bc74939934074259ff11734%26URL%3dhttps%253a%252f%252fpeople.cnm.edu%252fpersonal%252fnseeking%252fnanseeking%252fde0950%252fdefault.aspx">https://people.cnm.edu/personal/nseeking/nanseeking/de0950/weeklymaps/week01_12wk.htm</a>

This is generated by the MUA (probably some lummail mail app) used by
the instructor to generate the message. If the link were unchanged by
MailScanner, and a recipient clicks the visible
"https://people.cnm.edu/personal/nseeking/nanseeking/de0950/weeklymaps/week01_12wk.htm"
link, the target is actually the
"http://lummail.cnm.edu:6777/redir.aspx?C?0d793b97b94b0c855f60f95249126c&URL=https%3a%2f%2fowa.cnm.edu%2fOWA%2fredir.aspx%3fC%3d3cf3a1ea1bc74939934074259ff11734%26URL%3dhttps%253a%252f%252fpeople.cnm.edu%252fpersonal%252fnseeking%252fnanseeking%252fde0950%252fdefault.aspx"
URL which presumably will ultimately redirect to the visible URL after
accumulating whatever information it is trying to track.

MailScanner sees that the visible link text looks like a URL but doesn't
match the actual href= URL in the tag so it sanitizes the whole thing,
but MailScanner is in no way responsible for generating the
"http://lummail.cnm.edu:6777/redir.aspx?C?0d793b97b94b0c855f60f95249126c&URL=https%3a%2f%2fowa.cnm.edu%2fOWA%2fredir.aspx%3fC%3d3cf3a1ea1bc74939934074259ff11734%26URL%3dhttps%253a%252f%252fpeople.cnm.edu%252fpersonal%252fnseeking%252fnanseeking%252fde0950%252fdefault.aspx"
URL in the first place. That was generated by the application the
instructor used to generate the mail in the first place.

> If MailScanner is generating it why?, how is it interpreted?, how to
> stop it?  Is that port 6777 Beagle.A virus; a windows virus on a
> Redhat server?


No. Port 6777 is the port that the lummail statistics gathering (privacy
invasion) software is using. See http://lummail.com/.


> What MailScanner code is involved in generating this (possible fraud
> attempt) message?


# If a phishing fraud is detected, do you want to highlight the tag with
# a message stating that the link may be to a fraudulent web site.
# This can also be the filename of a ruleeset.
Highlight Phishing Fraud = yes

Also see other MailScanner.conf settings containing Phishing in their names.

-- 
Mark Sapiro <mark@msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From bpirie at rma.edu  Thu May 27 15:45:37 2010
From: bpirie at rma.edu (Brendan Pirie)
Date: Thu May 27 15:45:57 2010
Subject: Baruwa
In-Reply-To: <71EE5816EB7C4D4C9DEA1003EB79470F0D8475@nspexch01.nsp.local>
References: <71EE5816EB7C4D4C9DEA1003EB79470F0D8475@nspexch01.nsp.local>
Message-ID: <4BFE8591.8010706@rma.edu>

On 5/27/2010 5:38 AM, Brent Addis wrote:
>
> Guys,
>
> Has anyone used Baruwa? I've been using mailwatch for years and its 
> starting to get a little dated.
>
> http://www.topdog.za.net/baruwa
>
>
I wasn't aware of it, but it looks interesting.  It does appear to be 
missing a few features of mailwatch that I like, though, judging by the 
screenshots alone.  Highlighting on the incoming messages screen for 
spam/whitelisted/blacklisted emails, and black/whitelisting by host as 
well as sender address, to name two.  I'll definitely keep my eye on it, 
thanks for bringing it to my/our attention.

Brendan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100527/43d92e7a/attachment.html
From rlopezcnm at gmail.com  Thu May 27 16:46:09 2010
From: rlopezcnm at gmail.com (Robert Lopez)
Date: Thu May 27 16:46:19 2010
Subject: does MailScanner rewrite URL
In-Reply-To: <4BFE8188.6000809@msapiro.net>
References: <AANLkTinxz8nmNwZoyXMJikvt1IrqPWt65G93l6dtaDBh@mail.gmail.com>
	<4BFE8188.6000809@msapiro.net>
Message-ID: <AANLkTillJnDHSEsBfk0P3rlp8s8ZcMV7kIDo5FsaiJVD@mail.gmail.com>

On Thu, May 27, 2010 at 8:28 AM, Mark Sapiro <mark@msapiro.net> wrote:
> On 11:59 AM, Robert Lopez wrote:
>> My peers and I are having a discussion. This is the context taken from
>> an actual email an instructor sent to students:
>>
>> I'm happy you've ?enrolled in this course. ?Begin by printing and
>> reading the ?Week 1 ?Learning Map at MailScanner has detected a
>> possible fraud attempt from "lummail.cnm.edu:6777" claiming to be
>> https://people.cnm.edu/personal/nseeking/nanseeking/de0950/weeklymaps/week01_12wk.htm.
>> <http://lummail.cnm.edu:6777/redir.aspx?C?0d793b97b94b0c855f60f95249126c&URL=https%3a%2f%2fowa.cnm.edu%2fOWA%2fredir.aspx%3fC%3d3cf3a1ea1bc74939934074259ff11734%26URL%3dhttps%253a%252f%252fpeople.cnm.edu%252fpersonal%252fnseeking%252fnanseeking%252fde0950%252fdefault.aspx>
>> ? ? This map will be your to-do list for completing the first week's
>> assignments.
>>
>> My peers believe MailScanner sees this part:
>>
>> https://people.cnm.edu/personal/nseeking/nanseeking/de0950/weeklymaps/week01_12wk.htm
>>
>> And that MailScanner generates this and adds it to the message:
>>
>> <http://lummail.cnm.edu:6777/redir.aspx?C?0d793b97b94b0c855f60f95249126c&URL=https%3a%2f%2fowa.cnm.edu%2fOWA%2fredir.aspx%3fC%3d3cf3a1ea1bc74939934074259ff11734%26URL%3dhttps%253a%252f%252fpeople.cnm.edu%252fpersonal%252fnseeking%252fnanseeking%252fde0950%252fdefault.aspx>
>>
>> I am thinking (hoping) that in fact MailScanner is finding that last
>> long string hidden in the email (possibly in some html code?).
>
>
> MailScanner sees the following HTML in the incoming message:
>
> <a
> href="http://lummail.cnm.edu:6777/redir.aspx?C?0d793b97b94b0c855f60f95249126c&URL=https%3a%2f%2fowa.cnm.edu%2fOWA%2fredir.aspx%3fC%3d3cf3a1ea1bc74939934074259ff11734%26URL%3dhttps%253a%252f%252fpeople.cnm.edu%252fpersonal%252fnseeking%252fnanseeking%252fde0950%252fdefault.aspx">https://people.cnm.edu/personal/nseeking/nanseeking/de0950/weeklymaps/week01_12wk.htm</a>
>
> This is generated by the MUA (probably some lummail mail app) used by
> the instructor to generate the message. If the link were unchanged by
> MailScanner, and a recipient clicks the visible
> "https://people.cnm.edu/personal/nseeking/nanseeking/de0950/weeklymaps/week01_12wk.htm"
> link, the target is actually the
> "http://lummail.cnm.edu:6777/redir.aspx?C?0d793b97b94b0c855f60f95249126c&URL=https%3a%2f%2fowa.cnm.edu%2fOWA%2fredir.aspx%3fC%3d3cf3a1ea1bc74939934074259ff11734%26URL%3dhttps%253a%252f%252fpeople.cnm.edu%252fpersonal%252fnseeking%252fnanseeking%252fde0950%252fdefault.aspx"
> URL which presumably will ultimately redirect to the visible URL after
> accumulating whatever information it is trying to track.
>
> MailScanner sees that the visible link text looks like a URL but doesn't
> match the actual href= URL in the tag so it sanitizes the whole thing,

AH! That is enlightening. That was not clear before.
You have confirmed that MailScanner did not generate the long URL
that it then finds, determines the miss-match, and then sanitizes.

> but MailScanner is in no way responsible for generating the
> "http://lummail.cnm.edu:6777/redir.aspx?C?0d793b97b94b0c855f60f95249126c&URL=https%3a%2f%2fowa.cnm.edu%2fOWA%2fredir.aspx%3fC%3d3cf3a1ea1bc74939934074259ff11734%26URL%3dhttps%253a%252f%252fpeople.cnm.edu%252fpersonal%252fnseeking%252fnanseeking%252fde0950%252fdefault.aspx"
> URL in the first place. That was generated by the application the
> instructor used to generate the mail in the first place.
>
>> If MailScanner is generating it why?, how is it interpreted?, how to
>> stop it? ?Is that port 6777 Beagle.A virus; a windows virus on a
>> Redhat server?
>
>
> No. Port 6777 is the port that the lummail statistics gathering (privacy
> invasion) software is using. See http://lummail.com/.

I talked with the administrator of the services that run on the
lummail.cnm system
and I found 6777 is a port belonging to an application that sends SMTP
out that port.
Last night when I nmap'd that system that port was not listed and it
really got me
worried.

>
>
>> What MailScanner code is involved in generating this (possible fraud
>> attempt) message?
>
>
> # If a phishing fraud is detected, do you want to highlight the tag with
> # a message stating that the link may be to a fraudulent web site.
> # This can also be the filename of a ruleeset.
> Highlight Phishing Fraud = yes
>
> Also see other MailScanner.conf settings containing Phishing in their names.

In this case, it now looks like the instructor copied a few links that
were posted in an
email that was sent to her. She read that email via a Outlook Web
Access web page
and pasted them into her email.

I am now thinking the OWA system redirected the URL associated with the viable
URL text. It may have been appropriate for the client browser at the moment
the instructor was reading the email she received for her use to
follow the link. But she
copied it and then pasted it into an email she was composing on an
entirely different
(no Exchange, no .NET) Solaris based email system. At that point the
URL text and the
URL html were a miss-match. Then when she sent her email out to the
students that
email passed through MailScanner. MailScanner found the miss-match and performed
the resulting sanitation.  Then the students were not able to access the pages.

Sound plausible?

That is my current hypothesis, now I have to test it.

>
> --
> Mark Sapiro <mark@msapiro.net> ? ? ? ?The highway is for gamblers,
> San Francisco Bay Area, California ? ?better use your sense - B. Dylan
>
>


-- 
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
From philip at zeiglers.net  Thu May 27 18:19:46 2010
From: philip at zeiglers.net (Philip Zeigler)
Date: Thu May 27 18:20:53 2010
Subject: Bypass authenticated users
Message-ID: <4BFEA9B2.70209@zeiglers.net>

I have recently switched from using a Blackberry to using an 
Android-based phone.  Android email uses the wireless carrier's domain 
instead of the Blackberry domain.  Unfortunately, it seems that the 
carrier's domain is included in several of the RBLs.

What is the proper way to bypass RBL/SPAM checks for authenticated 
users?  I am using Postfix and 4.79.11 version of MailScanner.

Thanks,

Philip

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From alex at rtpty.com  Thu May 27 18:29:12 2010
From: alex at rtpty.com (Alex Neuman)
Date: Thu May 27 18:29:56 2010
Subject: Bypass authenticated users
In-Reply-To: <4BFEA9B2.70209@zeiglers.net>
References: <4BFEA9B2.70209@zeiglers.net>
Message-ID: <1049514792-1274981348-cardhu_decombobulator_blackberry.rim.net-1144263411-@bda942.bisx.prod.on.blackberry>

By domain you mean IP address, right?
--

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex@rtpty.com

-----Original Message-----
From: Philip Zeigler <philip@zeiglers.net>
Date: Thu, 27 May 2010 13:19:46 
To: MailScanner discussion<mailscanner@lists.mailscanner.info>
Subject: Bypass authenticated users

I have recently switched from using a Blackberry to using an 
Android-based phone.  Android email uses the wireless carrier's domain 
instead of the Blackberry domain.  Unfortunately, it seems that the 
carrier's domain is included in several of the RBLs.

What is the proper way to bypass RBL/SPAM checks for authenticated 
users?  I am using Postfix and 4.79.11 version of MailScanner.

Thanks,

Philip

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From philip at zeiglers.net  Thu May 27 18:52:41 2010
From: philip at zeiglers.net (Philip Zeigler)
Date: Thu May 27 18:53:44 2010
Subject: Bypass authenticated users
In-Reply-To: <1049514792-1274981348-cardhu_decombobulator_blackberry.rim.net-1144263411-@bda942.bisx.prod.on.blackberry>
References: <4BFEA9B2.70209@zeiglers.net>
	<1049514792-1274981348-cardhu_decombobulator_blackberry.rim.net-1144263411-@bda942.bisx.prod.on.blackberry>
Message-ID: <4BFEB169.5040201@zeiglers.net>

On 5/27/2010 1:29 PM, Alex Neuman wrote:
> By domain you mean IP address, right?
> --
>
> Alex Neuman
> BBM 20EA17C5
> +507 6781-9505
> Skype:alex@rtpty.com
>
> -----Original Message-----
> From: Philip Zeigler<philip@zeiglers.net>
> Date: Thu, 27 May 2010 13:19:46
> To: MailScanner discussion<mailscanner@lists.mailscanner.info>
> Subject: Bypass authenticated users
>
> I have recently switched from using a Blackberry to using an
> Android-based phone.  Android email uses the wireless carrier's domain
> instead of the Blackberry domain.  Unfortunately, it seems that the
> carrier's domain is included in several of the RBLs.
>
> What is the proper way to bypass RBL/SPAM checks for authenticated
> users?  I am using Postfix and 4.79.11 version of MailScanner.
>
> Thanks,
>
> Philip
>
>    

Mail sent from the Android phone uses the IP address that was assigned 
from the carrier.  For example, my phone currently has 
208.54.94.22       m165e36d0.tmodns.net
assigned to it.  That IP is in several RBLs such as spamhaus-ZEN.  I say 
domain because I am sure that the entire IP range that constitutes 
tmodns.net is included in the RBL.

Philip



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From alex at rtpty.com  Thu May 27 19:07:56 2010
From: alex at rtpty.com (Alex Neuman)
Date: Thu May 27 19:08:06 2010
Subject: Bypass authenticated users
In-Reply-To: <4BFEB169.5040201@zeiglers.net>
References: <4BFEA9B2.70209@zeiglers.net><1049514792-1274981348-cardhu_decombobulator_blackberry.rim.net-1144263411-@bda942.bisx.prod.on.blackberry><4BFEB169.5040201@zeiglers.net>
Message-ID: <2056415142-1274983672-cardhu_decombobulator_blackberry.rim.net-924043213-@bda942.bisx.prod.on.blackberry>

So by domain you mean netblock. Sorry about that, just wanted to understand you better. 
--

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex@rtpty.com

-----Original Message-----
From: Philip Zeigler <philip@zeiglers.net>
Date: Thu, 27 May 2010 13:52:41 
To: MailScanner discussion<mailscanner@lists.mailscanner.info>
Subject: Re: Bypass authenticated users

On 5/27/2010 1:29 PM, Alex Neuman wrote:
> By domain you mean IP address, right?
> --
>
> Alex Neuman
> BBM 20EA17C5
> +507 6781-9505
> Skype:alex@rtpty.com
>
> -----Original Message-----
> From: Philip Zeigler<philip@zeiglers.net>
> Date: Thu, 27 May 2010 13:19:46
> To: MailScanner discussion<mailscanner@lists.mailscanner.info>
> Subject: Bypass authenticated users
>
> I have recently switched from using a Blackberry to using an
> Android-based phone.  Android email uses the wireless carrier's domain
> instead of the Blackberry domain.  Unfortunately, it seems that the
> carrier's domain is included in several of the RBLs.
>
> What is the proper way to bypass RBL/SPAM checks for authenticated
> users?  I am using Postfix and 4.79.11 version of MailScanner.
>
> Thanks,
>
> Philip
>
>    

Mail sent from the Android phone uses the IP address that was assigned 
from the carrier.  For example, my phone currently has 
208.54.94.22       m165e36d0.tmodns.net
assigned to it.  That IP is in several RBLs such as spamhaus-ZEN.  I say 
domain because I am sure that the entire IP range that constitutes 
tmodns.net is included in the RBL.

Philip



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From mmmm82 at gmail.com  Thu May 27 19:11:40 2010
From: mmmm82 at gmail.com (Monis Monther)
Date: Thu May 27 19:11:50 2010
Subject: Baruwa
In-Reply-To: <4BFE8591.8010706@rma.edu>
References: <71EE5816EB7C4D4C9DEA1003EB79470F0D8475@nspexch01.nsp.local>
	<4BFE8591.8010706@rma.edu>
Message-ID: <AANLkTimmEfdAQbmNiGeWs3GQ2sWRyH8KKr1PiPiQRJ1_@mail.gmail.com>

Hi Everyone , Baruwa looks nice, I might give it a try, Thanks for pointing
it out, its always good to have alternatives.

Best Regards


Monis


On Thu, May 27, 2010 at 5:45 PM, Brendan Pirie <bpirie@rma.edu> wrote:

>  On 5/27/2010 5:38 AM, Brent Addis wrote:
>
>  Guys,
>
> Has anyone used Baruwa? I've been using mailwatch for years and its
> starting to get a little dated.
>
> http://www.topdog.za.net/baruwa
>
>
>
>  I wasn't aware of it, but it looks interesting.  It does appear to be
> missing a few features of mailwatch that I like, though, judging by the
> screenshots alone.  Highlighting on the incoming messages screen for
> spam/whitelisted/blacklisted emails, and black/whitelisting by host as well
> as sender address, to name two.  I'll definitely keep my eye on it, thanks
> for bringing it to my/our attention.
>
> Brendan
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100527/3cf0f381/attachment.html
From jonas at vrt.dk  Thu May 27 19:43:38 2010
From: jonas at vrt.dk (Jonas)
Date: Thu May 27 19:43:52 2010
Subject: Baruwa
In-Reply-To: <3B1A431BDA34C54581BE43253BC1BD930246FCD1@exchange.computerrents.com>
References: <71EE5816EB7C4D4C9DEA1003EB79470F0D8475@nspexch01.nsp.local>
	<3B1A431BDA34C54581BE43253BC1BD930246FCD1@exchange.computerrents.com>
Message-ID: <09F23668E315FD4597C13D73E5123ADF3F3174@SCTSBS.sct.dk>

Skipped content of type multipart/alternative-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1099 bytes
Desc: image001.gif
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100527/67a1fe11/attachment.gif
From mailbag at partnersolutions.ca  Thu May 27 19:59:05 2010
From: mailbag at partnersolutions.ca (PSI Mailbag)
Date: Thu May 27 19:59:07 2010
Subject: docx problems
In-Reply-To: <EMEW3|d44411b3af9464de4686c4a65a1defcem4LM6F0bMailScanner|ecs.soton.ac.uk|4BF84742.9090204@ecs.soton.ac.uk>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<4BF2776E.30702@ecs.soton.ac.uk>	<EMEW3|ae57ac8103126b0f834738de41ee1c88m4HCI90bMailScanner|ecs.soton.ac.uk|4BF2776E.30702@ecs.soton.ac.uk>	<4BF37D97.70207@tradoc.fr>	<4BF652CF.5000807@ecs.soton.ac.uk>	<EMEW3|032f90acf04417405de83314a67f7013m4KAUx0bMailScanner|ecs.soton.ac.uk|4BF652CF.5000807@ecs.soton.ac.uk>	<4BF65643.4040308@tradoc.fr>	<4BF663DC.7080604@ecs.soton.ac.uk>	<EMEW3|2b0f4f2616e10663c6e4d082a4e0c86bm4KBhl0bMailScanner|ecs.soton.ac.uk|4BF663DC.7080604@ecs.soton.ac.uk><4BF668AE.5030606@tradoc.fr>
	<4BF84742.9090204@ecs.soton.ac.uk>
	<EMEW3|d44411b3af9464de4686c4a65a1defcem4LM6F0bMailScanner|ecs.soton.ac.uk|4BF84742.9090204@ecs.soton.ac.uk>
Message-ID: <38773FB858C8DD4EB14ACC4310E34DF04D1F6D@PSIMS008.pshosting.intranet>

> I still can't find the problem. All the files extracted from any zips
> are created with the correct permissions. I really can't see what can
> be going wrong :-(

Hey folks,

 I updated to 4.79.11 on the weekend and I'm running into a similar
problem. Files extracted from zip's are being set with wonky
permissions, despite what's defined in MailScanner.conf. As a result,
Clamd can't scan them, and MailScanner can't delete the files from the
incoming folder as it removed its own write permissions.. so they just
get repeatedly scanned and error out until I erase them. For some odd
reason, the files are being created as 1130.

 I'm also running into the 'No programs allowed' error with JPG's within
zip files, even though running 'file' on the files directly in the
incoming folder doesn't return anything that's matched by one of the
denies.


(permissions on files attached directly in messages)
# find /var/spool/MailScanner/incoming -ls
12073626    8 -rw-r-----   1 postfix  clamav       5416 May 27 14:31
/var/spool/MailScanner/incoming/27898/61F3A746506.00000/nimage001.jpg
12073624    8 -rw-r-----   1 postfix  clamav       5416 May 27 14:31
/var/spool/MailScanner/incoming/27898/61F3A746506.00000/nimage002-1.jpg
12073622    8 -rw-r-----   1 postfix  clamav       5416 May 27 14:31
/var/spool/MailScanner/incoming/27898/61F3A746506.00000/nimage002.jpg


(permissions on files extracted from zips)
# find /var/spool/MailScanner/incoming -ls
12124279   16 ---x-wx--T   1 postfix  clamav      13699 May 27 11:30
/var/spool/MailScanner/incoming/28979/8C274746532.00000/zDSC02393.jpg
12124278    4 ---x-wx--T   1 postfix  clamav         82 May 27 11:30
/var/spool/MailScanner/incoming/28979/8C274746532.00000/z._DSC02392.jpg
12124277   20 ---x-wx--T   1 postfix  clamav      18810 May 27 11:30
/var/spool/MailScanner/incoming/28979/8C274746532.00000/zDSC02392.jpg
12124276    4 ---x-wx--T   1 postfix  clamav         82 May 27 11:29
/var/spool/MailScanner/incoming/28979/8C274746532.00000/z._DSC02391.jpg


Incoming Work User =
Incoming Work Group = clamav
Incoming Work Permissions = 0640
Run As User = postfix
Run As Group = postfix

MTA is Postfix 2.3.3; OS is CentOS 5.5, using the MailScanner gold RPM
repo.

 Thanks,
-Joshua
From mark at msapiro.net  Thu May 27 20:24:56 2010
From: mark at msapiro.net (Mark Sapiro)
Date: Thu May 27 20:25:32 2010
Subject: does MailScanner rewrite URL
In-Reply-To: <AANLkTillJnDHSEsBfk0P3rlp8s8ZcMV7kIDo5FsaiJVD@mail.gmail.com>
Message-ID: <PC1952010052712245603590b0a149f@msapiro>

Robert Lopez wrote:

>On Thu, May 27, 2010 at 8:28 AM, Mark Sapiro <mark@msapiro.net> wrote:

>> No. Port 6777 is the port that the lummail statistics gathering (privacy
>> invasion) software is using. See http://lummail.com/.
>
>I talked with the administrator of the services that run on the
>lummail.cnm system
>and I found 6777 is a port belonging to an application that sends SMTP
>out that port.
>Last night when I nmap'd that system that port was not listed and it
>really got me
>worried.


At the moment, there is something listening on lummail.cnm.edu:6777
which accepts an HTTP GET request and responds with an HTTP 404 status
and a short document that says "Not found". I expect this occurs in
part at least because the initial hash code in the url has gotten
garbled or maybe points to an expired record of some type.


>>> What MailScanner code is involved in generating this (possible fraud
>>> attempt) message?
>>
>>
>> # If a phishing fraud is detected, do you want to highlight the tag with
>> # a message stating that the link may be to a fraudulent web site.
>> # This can also be the filename of a ruleeset.
>> Highlight Phishing Fraud = yes
>>
>> Also see other MailScanner.conf settings containing Phishing in their names.
>
>In this case, it now looks like the instructor copied a few links that
>were posted in an
>email that was sent to her. She read that email via a Outlook Web
>Access web page
>and pasted them into her email.
>
>I am now thinking the OWA system redirected the URL associated with the viable
>URL text. It may have been appropriate for the client browser at the moment
>the instructor was reading the email she received for her use to
>follow the link. But she
>copied it and then pasted it into an email she was composing on an
>entirely different
>(no Exchange, no .NET) Solaris based email system. At that point the
>URL text and the
>URL html were a miss-match. Then when she sent her email out to the
>students that
>email passed through MailScanner. MailScanner found the miss-match and performed
>the resulting sanitation.  Then the students were not able to access the pages.
>
>Sound plausible?


The URL that is the target of the link actualy looks like a double
redirection. it goes to http://lummail.cnm.edu:6777/redir.aspx with a
long query fragment that looks like a redirect to
https://owa.cnm.edu/OWA/redir.aspx with its own query fragment that in
turn ultimately redirects to
https://people.cnm.edu/personal/nseeking/nanseeking/de0950/weeklymaps/week01_12wk.htm.

MailScanner doesn't do any analysis of this or its validity. All
MailScanner does is see that the text portion of the presented link
begins "https://people.cnm.edu/" and the href= URL begins
"http://lummail.cnm.edu:6777/" and these are not the same domain, so
that triggers its Phish fraud response.

The reason the student's couldn't access the page is that even though
MailScanner "disarmed" the link, the
https://people.cnm.edu/personal/nseeking/nanseeking/de0950/weeklymaps/week01_12wk.htm
in the email was still only the text portion of an HTML link that went
to the original target http://lummail.cnm.edu:6777/...etc URL, and
that URL didn't work.

Had the students copied the
https://people.cnm.edu/personal/nseeking/nanseeking/de0950/weeklymaps/week01_12wk.htm
URL and pasted it in a browser, it would have worked and in fact still
does work.

The first problem was the instructor copied and pasted an HTML link
without understanding that that original link was not a direct link to
https://people.cnm.edu/personal/nseeking/nanseeking/de0950/weeklymaps/week01_12wk.htm
but was in fact that complicated double redirect link. Whether the
link got garbled in this process or quit working for other reasons, I
can't say, but the bottom line is MailScanner didn't add anything or
invent that long URL, nor did MailScanner break it. MailScanner just
made visible what was hidden in the original mail.

-- 
Mark Sapiro <mark@msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mailbag at partnersolutions.ca  Thu May 27 21:17:10 2010
From: mailbag at partnersolutions.ca (PSI Mailbag)
Date: Thu May 27 21:17:15 2010
Subject: docx problems
In-Reply-To: <38773FB858C8DD4EB14ACC4310E34DF04D1F6D@PSIMS008.pshosting.intranet>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<4BF2776E.30702@ecs.soton.ac.uk>	<EMEW3|ae57ac8103126b0f834738de41ee1c88m4HCI90bMailScanner|ecs.soton.ac.uk|4BF2776E.30702@ecs.soton.ac.uk>	<4BF37D97.70207@tradoc.fr>	<4BF652CF.5000807@ecs.soton.ac.uk>	<EMEW3|032f90acf04417405de83314a67f7013m4KAUx0bMailScanner|ecs.soton.ac.uk|4BF652CF.5000807@ecs.soton.ac.uk>	<4BF65643.4040308@tradoc.fr>	<4BF663DC.7080604@ecs.soton.ac.uk>	<EMEW3|2b0f4f2616e10663c6e4d082a4e0c86bm4KBhl0bMailScanner|ecs.soton.ac.uk|4BF663DC.7080604@ecs.soton.ac.uk><4BF668AE.5030606@tradoc.fr><4BF84742.9090204@ecs.soton.ac.uk><EMEW3|d44411b3af9464de4686c4a65a1defcem4LM6F0bMailScanner|ecs.soton.ac.uk|4BF84742.9090204@ecs.soton.ac.uk>
	<38773FB858C8DD4EB14ACC4310E34DF04D1F6D@PSIMS008.pshosting.intranet>
Message-ID: <38773FB858C8DD4EB14ACC4310E34DF04D1F72@PSIMS008.pshosting.intranet>

Hey Jules,

 I found some more details for you. This appears to only affect zip
files created by a Linux or Unix variant (at least in my case). Window's
zips work fine. Here's a zip file with the MS logo, which triggers this
bug on my version: http://joshua.ca/ms.zip



$ zipinfo ms.zip 
Archive:  ms.zip   13548 bytes   1 file
-rw-rw-r--  2.3 unx    22599 bx defX  1-May-06 21:26
mailscanner_logo.jpg
1 file, 22599 bytes uncompressed, 13376 bytes compressed:  40.8%



# find /var/spool/MailScanner/incoming -name "*mailscanner_logo*" -ls  
12568744   24 ---x-wx--T   1 postfix  clamav      22599 May  1  2006
/var/spool/MailScanner/incoming/28462/711EB74654C.00000/zmailscanner_log
o.jpg


May 27 16:10:19 psimf001 MailScanner[28462]: Filetype Checks: No
executables (711EB74654C.00000 ) 
May 27 16:10:19 psimf001 MailScanner[28462]: Clamd::ERROR:: Access
denied. ERROR :: ./711EB74654C.00000/zmailscanner_logo.jpg


Quarantine: /var/data/MailStore/partnersolutions.ca,
/var/data/quarantine/20100527/711EB74654C.00000
    Report: MailScanner: No programs allowed (exec)
(mailscanner_logo.jpg)
    Report: MailScanner: No programs allowed (exec)
(mailscanner_logo.jpg)


Cheers,
-Joshua
From mailbag at partnersolutions.ca  Thu May 27 21:34:15 2010
From: mailbag at partnersolutions.ca (PSI Mailbag)
Date: Thu May 27 21:34:17 2010
Subject: docx problems
In-Reply-To: <38773FB858C8DD4EB14ACC4310E34DF04D1F72@PSIMS008.pshosting.intranet>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<4BF2776E.30702@ecs.soton.ac.uk>	<EMEW3|ae57ac8103126b0f834738de41ee1c88m4HCI90bMailScanner|ecs.soton.ac.uk|4BF2776E.30702@ecs.soton.ac.uk>	<4BF37D97.70207@tradoc.fr>	<4BF652CF.5000807@ecs.soton.ac.uk>	<EMEW3|032f90acf04417405de83314a67f7013m4KAUx0bMailScanner|ecs.soton.ac.uk|4BF652CF.5000807@ecs.soton.ac.uk>	<4BF65643.4040308@tradoc.fr>	<4BF663DC.7080604@ecs.soton.ac.uk>	<EMEW3|2b0f4f2616e10663c6e4d082a4e0c86bm4KBhl0bMailScanner|ecs.soton.ac.uk|4BF663DC.7080604@ecs.soton.ac.uk><4BF668AE.5030606@tradoc.fr><4BF84742.9090204@ecs.soton.ac.uk><EMEW3|d44411b3af9464de4686c4a65a1defcem4LM6F0bMailScanner|ecs.soton.ac.uk|4BF84742.9090204@ecs.soton.ac.uk><38773FB858C8DD4EB14ACC4310E34DF04D1F6D@PSIMS008.pshosting.intranet>
	<38773FB858C8DD4EB14ACC4310E34DF04D1F72@PSIMS008.pshosting.intranet>
Message-ID: <38773FB858C8DD4EB14ACC4310E34DF04D1F73@PSIMS008.pshosting.intranet>

Also... your "No programs allowed" error is a by product of the
permissions problem:

$ file ms.zip 
ms.zip: Zip archive data, at least v2.0 to extract
$ chmod 1130 ms.zip 
$ ls -l ms.zip 
---x-wx--T 1 hirshj hirshj 13548 May 27 16:30 ms.zip
$ file ms.zip 
ms.zip: sticky writable, executable, regular file, no read permission

Cheers,
-Joshua
From john at tradoc.fr  Thu May 27 21:38:42 2010
From: john at tradoc.fr (John Wilcock)
Date: Thu May 27 21:39:00 2010
Subject: docx problems
In-Reply-To: <38773FB858C8DD4EB14ACC4310E34DF04D1F72@PSIMS008.pshosting.intranet>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<4BF2776E.30702@ecs.soton.ac.uk>	<EMEW3|ae57ac8103126b0f834738de41ee1c88m4HCI90bMailScanner|ecs.soton.ac.uk|4BF2776E.30702@ecs.soton.ac.uk>	<4BF37D97.70207@tradoc.fr>	<4BF652CF.5000807@ecs.soton.ac.uk>	<EMEW3|032f90acf04417405de83314a67f7013m4KAUx0bMailScanner|ecs.soton.ac.uk|4BF652CF.5000807@ecs.soton.ac.uk>	<4BF65643.4040308@tradoc.fr>	<4BF663DC.7080604@ecs.soton.ac.uk>	<EMEW3|2b0f4f2616e10663c6e4d082a4e0c86bm4KBhl0bMailScanner|ecs.soton.ac.uk|4BF663DC.7080604@ecs.soton.ac.uk><4BF668AE.5030606@tradoc.fr><4BF84742.9090204@ecs.soton.ac.uk><EMEW3|d44411b3af9464de4686c4a65a1defcem4LM6F0bMailScanner|ecs.soton.ac.uk|4BF84742.9090204@ecs.soton.ac.uk>	<38773FB858C8DD4EB14ACC4310E34DF04D1F6D@PSIMS008.pshosting.intranet>
	<38773FB858C8DD4EB14ACC4310E34DF04D1F72@PSIMS008.pshosting.intranet>
Message-ID: <4BFED852.9090901@tradoc.fr>

Le 27/05/2010 22:17, PSI Mailbag a ?crit :
> This appears to only affect zip files created by a Linux or Unix
> variant (at least in my case). Window's zips work fine.

That tallies with what I discovered while attempting to create a test 
case (as discussed with Julian off-list). In my case MacOSX zips were 
problematic but WinZip zips of the same file were fine; Julian tested 
the same and other MacOSX zips on his setup and everything worked 
perfectly.

There must be something else common to your setup and mine but not to 
Julian's test box. Obvious culprits would seem to be perl itself (I have 
5.8.8) and the Archive::Zip module (I have 1.30).

John.

-- 
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr
From mailbag at partnersolutions.ca  Thu May 27 21:48:30 2010
From: mailbag at partnersolutions.ca (PSI Mailbag)
Date: Thu May 27 21:49:03 2010
Subject: docx problems
In-Reply-To: <4BFED852.9090901@tradoc.fr>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<4BF2776E.30702@ecs.soton.ac.uk>	<EMEW3|ae57ac8103126b0f834738de41ee1c88m4HCI90bMailScanner|ecs.soton.ac.uk|4BF2776E.30702@ecs.soton.ac.uk>	<4BF37D97.70207@tradoc.fr>	<4BF652CF.5000807@ecs.soton.ac.uk>	<EMEW3|032f90acf04417405de83314a67f7013m4KAUx0bMailScanner|ecs.soton.ac.uk|4BF652CF.5000807@ecs.soton.ac.uk>	<4BF65643.4040308@tradoc.fr>	<4BF663DC.7080604@ecs.soton.ac.uk>	<EMEW3|2b0f4f2616e10663c6e4d082a4e0c86bm4KBhl0bMailScanner|ecs.soton.ac.uk|4BF663DC.7080604@ecs.soton.ac.uk><4BF668AE.5030606@tradoc.fr><4BF84742.9090204@ecs.soton.ac.uk><EMEW3|d44411b3af9464de4686c4a65a1defcem4LM6F0bMailScanner|ecs.soton.ac.uk|4BF84742.9090204@ecs.soton.ac.uk>	<38773FB858C8DD4EB14ACC4310E34DF04D1F6D@PSIMS008.pshosting.intranet><38773FB858C8DD4EB14ACC4310E34DF04D1F72@PSIMS008.pshosting.intranet>
	<4BFED852.9090901@tradoc.fr>
Message-ID: <38773FB858C8DD4EB14ACC4310E34DF04D1F75@PSIMS008.pshosting.intranet>

> There must be something else common to your setup and mine but not to
> Julian's test box. Obvious culprits would seem to be perl itself (I
> have
> 5.8.8) and the Archive::Zip module (I have 1.30).
> 
> John.



Hope this helps..

# rpm -q postfix fsl-perl-Archive-Zip perl
postfix-2.3.3-2.1.el5_2
fsl-perl-Archive-Zip-1.24-1
perl-5.8.8-27.el5

# MailScanner -v    
Running on
Linux psimf001.partnersolutions.ca 2.6.18-194.3.1.el5PAE #1 SMP Thu May
13 13:48:44 EDT 2010 i686 athlon i386 GNU/Linux
This is CentOS release 5.5 (Final)
This is Perl version 5.008008 (5.8.8)

This is MailScanner version 4.79.11
Module versions are:
1.00    AnyDBM_File
1.24    Archive::Zip
0.17    bignum
1.04    Carp
2.015   Compress::Zlib
1.119   Convert::BinHex
0.17    Convert::TNEF
2.121_08        Data::Dumper
2.27    Date::Parse
1.00    DirHandle
1.05    Fcntl
2.74    File::Basename
2.09    File::Copy
2.01    FileHandle
2.04    File::Path
0.20    File::Temp
0.92    Filesys::Df
1.35    HTML::Entities
3.56    HTML::Parser
2.37    HTML::TokeParser
1.23    IO
1.14    IO::File
1.13    IO::Pipe
2.04    Mail::Header
1.89    Math::BigInt
0.15    Math::BigRat
3.07    MIME::Base64
5.427   MIME::Decoder
5.427   MIME::Decoder::UU
5.427   MIME::Head
5.427   MIME::Parser
3.07    MIME::QuotedPrint
5.427   MIME::Tools
0.11    Net::CIDR
1.25    Net::IP
0.16    OLE::Storage_Lite
missing Pod::Escapes
missing Pod::Simple
1.09    POSIX
1.19    Scalar::Util
1.78    Socket
2.18    Storable
1.4     Sys::Hostname::Long
0.26    Sys::Syslog
missing Test::Pod
0.62    Test::Simple
1.9715  Time::HiRes
1.02    Time::localtime

Optional module versions are:
1.38    Archive::Tar
0.17    bignum
missing Business::ISBN
missing Business::ISBN::Data
1.11    Data::Dump
1.817   DB_File
1.14    DBD::SQLite
1.607   DBI
1.14    Digest
1.01    Digest::HMAC
2.36    Digest::MD5
2.11    Digest::SHA1
1.01    Encode::Detect
0.17015 Error
missing ExtUtils::CBuilder
missing ExtUtils::ParseXS
2.37    Getopt::Long
0.44    Inline
missing IO::String
1.09    IO::Zlib
2.25    IP::Country
missing Mail::ClamAV
3.002005        Mail::SpamAssassin
v2.006  Mail::SPF
missing Mail::SPF::Query
missing Module::Build
missing Net::CIDR::Lite
0.63    Net::DNS
missing Net::DNS::Resolver::Programmable
missing Net::LDAP
 4.007  NetAddr::IP
missing Parse::RecDescent
missing SAVI
2.56    Test::Harness
missing Test::Manifest
1.95    Text::Balanced
1.37    URI
0.76    version
missing YAML
From mark at msapiro.net  Fri May 28 01:56:36 2010
From: mark at msapiro.net (Mark Sapiro)
Date: Fri May 28 01:56:48 2010
Subject: Bypass authenticated users
In-Reply-To: <4BFEA9B2.70209@zeiglers.net>
References: <4BFEA9B2.70209@zeiglers.net>
Message-ID: <4BFF14C4.8000701@msapiro.net>

On 11:59 AM, Philip Zeigler wrote:
> I have recently switched from using a Blackberry to using an
> Android-based phone.  Android email uses the wireless carrier's domain
> instead of the Blackberry domain.  Unfortunately, it seems that the
> carrier's domain is included in several of the RBLs.
> 
> What is the proper way to bypass RBL/SPAM checks for authenticated
> users?  I am using Postfix and 4.79.11 version of MailScanner.


Here's what I've done.

First put

smtpd_sasl_authenticated_header = yes

in Postfix main.cf so you get an "Authenticated sender:" entry in
Received headers for SASL autnenticated mail.

Then make the following spamassassin rules

header __X_GPC_SASL_1 Received =~ /Authenticated sender:.*by
sbh16.songbird.com/
header __X_GPC_SASL_2 ALL =~ /^Received:.*^Received:.* by
sbh16.songbird.com /msi
meta X_GPC_SASL __X_GPC_SASL_1 && !__X_GPC_SASL_2
describe X_GPC_SASL SASL Authenticated mail

__X_GPC_SASL_1 tests for a Received: with an Authenticad sender by my
server. __X_GPC_SASL_2 tests for a possible forged Received: by my
server header, i.e. a Received: header other than the first with my
server's name. Then the X_GPC_SASL meta rule says that the header that
matched __X_GPC_SASL_1 was my server's actual Received: header because
it was the first and only Received: by my server header.

Then you can give this rule a large negative score to get the mail
through. This will work if you are only scoring RBLs in spamassassin,
but not if you are separately testing them in MailScanner.

It turns out that while the above worked, it was not needed in my case.
My problem with mail from my android phone was with the botnet plugin
that I use with SpamAssassin, but as soon as I added

smtpd_sasl_authenticated_header = yes

to main.cf, SASL authenticated mail hit ALL_TRUSTED and not BOTNET. So
another possible approach is to just add the header info and give
ALL_TRUSTED a more negative score if necessary.

-- 
Mark Sapiro <mark@msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From MailScanner at ecs.soton.ac.uk  Fri May 28 09:11:16 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May 28 09:11:30 2010
Subject: docx problems
In-Reply-To: <4BFED852.9090901@tradoc.fr>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<4BF2776E.30702@ecs.soton.ac.uk>	<EMEW3|ae57ac8103126b0f834738de41ee1c88m4HCI90bMailScanner|ecs.soton.ac.uk|4BF2776E.30702@ecs.soton.ac.uk>	<4BF37D97.70207@tradoc.fr>	<4BF652CF.5000807@ecs.soton.ac.uk>	<EMEW3|032f90acf04417405de83314a67f7013m4KAUx0bMailScanner|ecs.soton.ac.uk|4BF652CF.5000807@ecs.soton.ac.uk>	<4BF65643.4040308@tradoc.fr>	<4BF663DC.7080604@ecs.soton.ac.uk>	<EMEW3|2b0f4f2616e10663c6e4d082a4e0c86bm4KBhl0bMailScanner|ecs.soton.ac.uk|4BF663DC.7080604@ecs.soton.ac.uk><4BF668AE.5030606@tradoc.fr><4BF84742.9090204@ecs.soton.ac.uk><EMEW3|d44411b3af9464de4686c4a65a1defcem4LM6F0bMailScanner|ecs.soton.ac.uk|4BF84742.9090204@ecs.soton.ac.uk>	<38773FB858C8DD4EB14ACC4310E34DF04D1F6D@PSIMS008.pshosting.intranet>	<38773FB858C8DD4EB14ACC4310E34DF04D1F72@PSIMS008.pshosting.intranet>
	<4BFED852.9090901@tradoc.fr> <4BFF7AA4.4050202@ecs.soton.ac.uk>
Message-ID: <EMEW3|d4fa56de6412e53a42897c217eca1778m4R9BH0bMailScanner|ecs.soton.ac.uk|4BFF7AA4.4050202@ecs.soton.ac.uk>

I've got good news and bad news.

The bad news is that I still can't reproduce this problem, it just works 
fine for me. :-(
The good news is that I haven't written you a fix anyway. :-)

Apply this patch to /usr/lib/MailScanner/MailScanner/Message.pm
-----START-----
--- Message.pm.old    2010-05-28 08:56:37.000000000 +0100
+++ Message.pm    2010-05-28 09:09:26.000000000 +0100
@@ -2504,8 +2504,8 @@
    # Set the owner and group on all the extracted files
    # JKF 20100211 chown $workarea->{uid}, $workarea->{gid}, map { 
m/(.*)/ } grep { -f } glob "$explodeinto/* $explodeinto/.*"
    # JKF 20100211  if $workarea->{changeowner};
+  my($tmplist1,@tmplist);
    if ($workarea->{changeowner}) {
-    my($tmplist1,@tmplist);
      foreach $tmplist1 (glob "$explodeinto/* $explodeinto/.*") {
        $tmplist1 =~ /(.*)/;
        $tmplist1 = $1;
@@ -2513,6 +2513,12 @@
      }
      chown $workarea->{uid}, $workarea->{gid}, @tmplist if @tmplist;
    }
+  # JKF 20100528 Now set the perms on all the extracted files
+  my $workperms = MailScanner::Config::Value('workperms') || '0600';
+  # Make it octal with a leading zero if necessary
+  $workperms = sprintf "0%lo", $workperms unless $workperms =~ /^0/;
+  $workperms = oct($workperms); # and back to decimal for chmod
+  chmod $workperms, @tmplist if @tmplist;
  }

  sub ListLeafEntities {
-----END-----

Please let me know if this fixes the problem, it should do.

Jules.


On 27/05/2010 21:38, John Wilcock wrote:
> Le 27/05/2010 22:17, PSI Mailbag a ?crit :
>> This appears to only affect zip files created by a Linux or Unix
>> variant (at least in my case). Window's zips work fine.
>
> That tallies with what I discovered while attempting to create a test 
> case (as discussed with Julian off-list). In my case MacOSX zips were 
> problematic but WinZip zips of the same file were fine; Julian tested 
> the same and other MacOSX zips on his setup and everything worked 
> perfectly.
>
> There must be something else common to your setup and mine but not to 
> Julian's test box. Obvious culprits would seem to be perl itself (I 
> have 5.8.8) and the Archive::Zip module (I have 1.30).
>
> John.
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Fri May 28 09:16:51 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May 28 09:17:07 2010
Subject: docx problems
In-Reply-To: <38773FB858C8DD4EB14ACC4310E34DF04D1F75@PSIMS008.pshosting.intranet>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<4BF2776E.30702@ecs.soton.ac.uk>	<EMEW3|ae57ac8103126b0f834738de41ee1c88m4HCI90bMailScanner|ecs.soton.ac.uk|4BF2776E.30702@ecs.soton.ac.uk>	<4BF37D97.70207@tradoc.fr>	<4BF652CF.5000807@ecs.soton.ac.uk>	<EMEW3|032f90acf04417405de83314a67f7013m4KAUx0bMailScanner|ecs.soton.ac.uk|4BF652CF.5000807@ecs.soton.ac.uk>	<4BF65643.4040308@tradoc.fr>	<4BF663DC.7080604@ecs.soton.ac.uk>	<EMEW3|2b0f4f2616e10663c6e4d082a4e0c86bm4KBhl0bMailScanner|ecs.soton.ac.uk|4BF663DC.7080604@ecs.soton.ac.uk><4BF668AE.5030606@tradoc.fr><4BF84742.9090204@ecs.soton.ac.uk><EMEW3|d44411b3af9464de4686c4a65a1defcem4LM6F0bMailScanner|ecs.soton.ac.uk|4BF84742.9090204@ecs.soton.ac.uk>	<38773FB858C8DD4EB14ACC4310E34DF04D1F6D@PSIMS008.pshosting.intranet><38773FB858C8DD4EB14ACC4310E34DF04D1F72@PSIMS008.pshosting.intranet>	<4BFED852.9090901@tradoc.fr>
	<38773FB858C8DD4EB14ACC4310E34DF04D1F75@PSIMS008.pshosting.intranet>
	<4BFF7BF3.9090100@ecs.soton.ac.uk>
Message-ID: <EMEW3|657fd017536992fa9876faf00920cec7m4R9Gs0bMailScanner|ecs.soton.ac.uk|4BFF7BF3.9090100@ecs.soton.ac.uk>



On 27/05/2010 21:48, PSI Mailbag wrote:
>> There must be something else common to your setup and mine but not to
>> Julian's test box. Obvious culprits would seem to be perl itself (I
>> have
>> 5.8.8) and the Archive::Zip module (I have 1.30).
>>
>> John.
>>      
>
>
> Hope this helps..
>
> # rpm -q postfix fsl-perl-Archive-Zip perl
> postfix-2.3.3-2.1.el5_2
> fsl-perl-Archive-Zip-1.24-1
> perl-5.8.8-27.el5
>
> # MailScanner -v
> Running on
> Linux psimf001.partnersolutions.ca 2.6.18-194.3.1.el5PAE #1 SMP Thu May
> 13 13:48:44 EDT 2010 i686 athlon i386 GNU/Linux
> This is CentOS release 5.5 (Final)
> This is Perl version 5.008008 (5.8.8)
>
> This is MailScanner version 4.79.11
> Module versions are:
> 1.00    AnyDBM_File
> 1.24    Archive::Zip
>    
You are running a much more recent version of Archive::Zip than the one 
I distribute, which would explain why only a few people are seeing the 
problem. I distribute 1.16 and this doesn't cause this problem to show 
itself.

Anyway, please try my fix and let me know if it solves the problem for you.

Jules.
> 0.17    bignum
> 1.04    Carp
> 2.015   Compress::Zlib
> 1.119   Convert::BinHex
> 0.17    Convert::TNEF
> 2.121_08        Data::Dumper
> 2.27    Date::Parse
> 1.00    DirHandle
> 1.05    Fcntl
> 2.74    File::Basename
> 2.09    File::Copy
> 2.01    FileHandle
> 2.04    File::Path
> 0.20    File::Temp
> 0.92    Filesys::Df
> 1.35    HTML::Entities
> 3.56    HTML::Parser
> 2.37    HTML::TokeParser
> 1.23    IO
> 1.14    IO::File
> 1.13    IO::Pipe
> 2.04    Mail::Header
> 1.89    Math::BigInt
> 0.15    Math::BigRat
> 3.07    MIME::Base64
> 5.427   MIME::Decoder
> 5.427   MIME::Decoder::UU
> 5.427   MIME::Head
> 5.427   MIME::Parser
> 3.07    MIME::QuotedPrint
> 5.427   MIME::Tools
> 0.11    Net::CIDR
> 1.25    Net::IP
> 0.16    OLE::Storage_Lite
> missing Pod::Escapes
> missing Pod::Simple
> 1.09    POSIX
> 1.19    Scalar::Util
> 1.78    Socket
> 2.18    Storable
> 1.4     Sys::Hostname::Long
> 0.26    Sys::Syslog
> missing Test::Pod
> 0.62    Test::Simple
> 1.9715  Time::HiRes
> 1.02    Time::localtime
>
> Optional module versions are:
> 1.38    Archive::Tar
> 0.17    bignum
> missing Business::ISBN
> missing Business::ISBN::Data
> 1.11    Data::Dump
> 1.817   DB_File
> 1.14    DBD::SQLite
> 1.607   DBI
> 1.14    Digest
> 1.01    Digest::HMAC
> 2.36    Digest::MD5
> 2.11    Digest::SHA1
> 1.01    Encode::Detect
> 0.17015 Error
> missing ExtUtils::CBuilder
> missing ExtUtils::ParseXS
> 2.37    Getopt::Long
> 0.44    Inline
> missing IO::String
> 1.09    IO::Zlib
> 2.25    IP::Country
> missing Mail::ClamAV
> 3.002005        Mail::SpamAssassin
> v2.006  Mail::SPF
> missing Mail::SPF::Query
> missing Module::Build
> missing Net::CIDR::Lite
> 0.63    Net::DNS
> missing Net::DNS::Resolver::Programmable
> missing Net::LDAP
>   4.007  NetAddr::IP
> missing Parse::RecDescent
> missing SAVI
> 2.56    Test::Harness
> missing Test::Manifest
> 1.95    Text::Balanced
> 1.37    URI
> 0.76    version
> missing YAML
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Fri May 28 09:26:29 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May 28 09:26:46 2010
Subject: docx problems
In-Reply-To: <EMEW3|d4fa56de6412e53a42897c217eca1778m4R9BH0bMailScanner|ecs.soton.ac.uk|4BFF7AA4.4050202@ecs.soton.ac.uk>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<EMEW3|ae57ac8103126b0f834738de41ee1c88m4HCI90bMailScanner|ecs.soton.ac.uk|4BF2776E.30702@ecs.soton.ac.uk>	<4BF37D97.70207@tradoc.fr>	<4BF652CF.5000807@ecs.soton.ac.uk>	<EMEW3|032f90acf04417405de83314a67f7013m4KAUx0bMailScanner|ecs.soton.ac.uk|4BF652CF.5000807@ecs.soton.ac.uk>	<4BF65643.4040308@tradoc.fr>	<4BF663DC.7080604@ecs.soton.ac.uk>	<EMEW3|2b0f4f2616e10663c6e4d082a4e0c86bm4KBhl0bMailScanner|ecs.soton.ac.uk|4BF663DC.7080604@ecs.soton.ac.uk><4BF668AE.5030606@tradoc.fr><4BF84742.9090204@ecs.soton.ac.uk><EMEW3|d44411b3af9464de4686c4a65a1defcem4LM6F0bMailScanner|ecs.soton.ac.uk|4BF84742.9090204@ecs.soton.ac.uk>	<38773FB858C8DD4EB14ACC4310E34DF04D1F6D@PSIMS008.pshosting.intranet>	<38773FB858C8DD4EB14ACC4310E34DF04D1F72@PSIMS008.pshosting.intranet>	<4BFED852.9090901@tradoc.fr>
	<4BFF7AA4.4050202@ecs.soton.ac.uk>
	<EMEW3|d4fa56de6412e53a42897c217eca1778m4R9BH0bMailScanner|ecs.soton.ac.uk|4BFF7AA4.4050202@ecs.soton.ac.uk>
	<4BFF7E35.4040903@ecs.soton.ac.uk>
Message-ID: <EMEW3|b93a5d60a7777ec89e584815762c211fm4R9QV0bMailScanner|ecs.soton.ac.uk|4BFF7E35.4040903@ecs.soton.ac.uk>



On 28/05/2010 09:11, Julian Field wrote:
> I've got good news and bad news.
>
> The bad news is that I still can't reproduce this problem, it just 
> works fine for me. :-(
> The good news is that I haven't written you a fix anyway. :-)
Errr.... slight typo there :-)

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From john at tradoc.fr  Fri May 28 10:45:54 2010
From: john at tradoc.fr (John Wilcock)
Date: Fri May 28 10:46:11 2010
Subject: docx problems
In-Reply-To: <EMEW3|d4fa56de6412e53a42897c217eca1778m4R9BH0bMailScanner|ecs.soton.ac.uk|4BFF7AA4.4050202@ecs.soton.ac.uk>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<EMEW3|ae57ac8103126b0f834738de41ee1c88m4HCI90bMailScanner|ecs.soton.ac.uk|4BF2776E.30702@ecs.soton.ac.uk>	<4BF37D97.70207@tradoc.fr>	<4BF652CF.5000807@ecs.soton.ac.uk>	<EMEW3|032f90acf04417405de83314a67f7013m4KAUx0bMailScanner|ecs.soton.ac.uk|4BF652CF.5000807@ecs.soton.ac.uk>	<4BF65643.4040308@tradoc.fr>	<4BF663DC.7080604@ecs.soton.ac.uk>	<EMEW3|2b0f4f2616e10663c6e4d082a4e0c86bm4KBhl0bMailScanner|ecs.soton.ac.uk|4BF663DC.7080604@ecs.soton.ac.uk><4BF668AE.5030606@tradoc.fr><4BF84742.9090204@ecs.soton.ac.uk><EMEW3|d44411b3af9464de4686c4a65a1defcem4LM6F0bMailScanner|ecs.soton.ac.uk|4BF84742.9090204@ecs.soton.ac.uk>	<38773FB858C8DD4EB14ACC4310E34DF04D1F6D@PSIMS008.pshosting.intranet>	<38773FB858C8DD4EB14ACC4310E34DF04D1F72@PSIMS008.pshosting.intranet>	<4BFED852.9090901@tradoc.fr>
	<4BFF7AA4.4050202@ecs.soton.ac.uk>
	<EMEW3|d4fa56de6412e53a42897c217eca1778m4R9BH0bMailScanner|ecs.soton.ac.uk|4BFF7AA4.4050202@ecs.soton.ac.uk>
Message-ID: <4BFF90D2.10607@tradoc.fr>

Le 28/05/2010 10:11, Julian Field a ?crit :
> Please let me know if this fixes the problem, it should do.

Almost there. The files end up with the right perms (640 postfix clamav 
in my case) but the container directory is created as 640 rather than 
750, resulting in the error "Clamd::ERROR:: lstat() failed: Permission 
denied."

John.

-- 
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr
From MailScanner at ecs.soton.ac.uk  Fri May 28 11:34:19 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May 28 11:34:33 2010
Subject: docx problems
In-Reply-To: <4BFF90D2.10607@tradoc.fr>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<4BF37D97.70207@tradoc.fr>	<4BF652CF.5000807@ecs.soton.ac.uk>	<EMEW3|032f90acf04417405de83314a67f7013m4KAUx0bMailScanner|ecs.soton.ac.uk|4BF652CF.5000807@ecs.soton.ac.uk>	<4BF65643.4040308@tradoc.fr>	<4BF663DC.7080604@ecs.soton.ac.uk>	<EMEW3|2b0f4f2616e10663c6e4d082a4e0c86bm4KBhl0bMailScanner|ecs.soton.ac.uk|4BF663DC.7080604@ecs.soton.ac.uk><4BF668AE.5030606@tradoc.fr><4BF84742.9090204@ecs.soton.ac.uk><EMEW3|d44411b3af9464de4686c4a65a1defcem4LM6F0bMailScanner|ecs.soton.ac.uk|4BF84742.9090204@ecs.soton.ac.uk>	<38773FB858C8DD4EB14ACC4310E34DF04D1F6D@PSIMS008.pshosting.intranet>	<38773FB858C8DD4EB14ACC4310E34DF04D1F72@PSIMS008.pshosting.intranet>	<4BFED852.9090901@tradoc.fr>	<4BFF7AA4.4050202@ecs.soton.ac.uk>	<EMEW3|d4fa56de6412e53a42897c217eca1778m4R9BH0bMailScanner|ecs.soton.ac.uk|4BFF7AA4.4050202@ecs.soton.ac.uk>
	<4BFF90D2.10607@tradoc.fr> <4BFF9C2B.7040004@ecs.soton.ac.uk>
Message-ID: <EMEW3|92f434067e4feb9ba072c8fab1f220e3m4RBYO0bMailScanner|ecs.soton.ac.uk|4BFF9C2B.7040004@ecs.soton.ac.uk>



On 28/05/2010 10:45, John Wilcock wrote:
> Le 28/05/2010 10:11, Julian Field a ?crit :
>> Please let me know if this fixes the problem, it should do.
>
> Almost there. The files end up with the right perms (640 postfix 
> clamav in my case) but the container directory is created as 640 
> rather than 750, resulting in the error "Clamd::ERROR:: lstat() 
> failed: Permission denied."
Sorry about that, you're absolutely right. Trivial fix. Find the line in 
the patch that says
       push @tmplist, $tmplist1;
and change it to
       push @tmplist, $tmplist1 unless -d $tmplist1;

Then give it another go.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From john at tradoc.fr  Fri May 28 11:58:39 2010
From: john at tradoc.fr (John Wilcock)
Date: Fri May 28 11:58:56 2010
Subject: docx problems
In-Reply-To: <EMEW3|92f434067e4feb9ba072c8fab1f220e3m4RBYO0bMailScanner|ecs.soton.ac.uk|4BFF9C2B.7040004@ecs.soton.ac.uk>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<EMEW3|032f90acf04417405de83314a67f7013m4KAUx0bMailScanner|ecs.soton.ac.uk|4BF652CF.5000807@ecs.soton.ac.uk>	<4BF65643.4040308@tradoc.fr>	<4BF663DC.7080604@ecs.soton.ac.uk>	<EMEW3|2b0f4f2616e10663c6e4d082a4e0c86bm4KBhl0bMailScanner|ecs.soton.ac.uk|4BF663DC.7080604@ecs.soton.ac.uk><4BF668AE.5030606@tradoc.fr><4BF84742.9090204@ecs.soton.ac.uk><EMEW3|d44411b3af9464de4686c4a65a1defcem4LM6F0bMailScanner|ecs.soton.ac.uk|4BF84742.9090204@ecs.soton.ac.uk>	<38773FB858C8DD4EB14ACC4310E34DF04D1F6D@PSIMS008.pshosting.intranet>	<38773FB858C8DD4EB14ACC4310E34DF04D1F72@PSIMS008.pshosting.intranet>	<4BFED852.9090901@tradoc.fr>	<4BFF7AA4.4050202@ecs.soton.ac.uk>	<EMEW3|d4fa56de6412e53a42897c217eca1778m4R9BH0bMailScanner|ecs.soton.ac.uk|4BFF7AA4.4050202@ecs.soton.ac.uk>	<4BFF90D2.10607@tradoc.fr>
	<4BFF9C2B.7040004@ecs.soton.ac.uk>
	<EMEW3|92f434067e4feb9ba072c8fab1f220e3m4RBYO0bMailScanner|ecs.soton.ac.uk|4BFF9C2B.7040004@ecs.soton.ac.uk
	>
Message-ID: <4BFFA1DF.1090800@tradoc.fr>

Le 28/05/2010 12:34, Julian Field a ?crit :
> Sorry about that, you're absolutely right. Trivial fix. Find the line in
...
> Then give it another go.

Perfect, thanks Julian.

I guess the "culprit" was this change to Archive::Zip

> 1.24 Sun 23 Aug 2008 - Adam Kennedy
>     * Incorrect file permissions after extraction.
>     * Archive-Zip did not set the file permissions correctly in extractToFileNamed().

Can we assume that you'll be posting a new beta (and possibly 
incorporating a slightly less antedeluvian version of Archive::Zip in 
your packages)?

John.

-- 
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr
From MailScanner at ecs.soton.ac.uk  Fri May 28 12:20:47 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May 28 12:21:03 2010
Subject: docx problems
In-Reply-To: <4BFFA1DF.1090800@tradoc.fr>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<4BF65643.4040308@tradoc.fr>	<4BF663DC.7080604@ecs.soton.ac.uk>	<EMEW3|2b0f4f2616e10663c6e4d082a4e0c86bm4KBhl0bMailScanner|ecs.soton.ac.uk|4BF663DC.7080604@ecs.soton.ac.uk><4BF668AE.5030606@tradoc.fr><4BF84742.9090204@ecs.soton.ac.uk><EMEW3|d44411b3af9464de4686c4a65a1defcem4LM6F0bMailScanner|ecs.soton.ac.uk|4BF84742.9090204@ecs.soton.ac.uk>	<38773FB858C8DD4EB14ACC4310E34DF04D1F6D@PSIMS008.pshosting.intranet>	<38773FB858C8DD4EB14ACC4310E34DF04D1F72@PSIMS008.pshosting.intranet>	<4BFED852.9090901@tradoc.fr>	<4BFF7AA4.4050202@ecs.soton.ac.uk>	<EMEW3|d4fa56de6412e53a42897c217eca1778m4R9BH0bMailScanner|ecs.soton.ac.uk|4BFF7AA4.4050202@ecs.soton.ac.uk>	<4BFF90D2.10607@tradoc.fr>	<4BFF9C2B.7040004@ecs.soton.ac.uk>	<EMEW3|92f434067e4feb9ba072c8fab1f220e3m4RBYO0bMailScanner|ecs.soton.ac.uk|4BFF9C2B.7040004@ecs.soton.ac.uk	>
	<4BFFA1DF.1090800@tradoc.fr> <4BFFA70F.30808@ecs.soton.ac.uk>
Message-ID: <EMEW3|95a8be7d3143bc4a5e939fd73f173c08m4RCKr0bMailScanner|ecs.soton.ac.uk|4BFFA70F.30808@ecs.soton.ac.uk>



On 28/05/2010 11:58, John Wilcock wrote:
> Le 28/05/2010 12:34, Julian Field a ?crit :
>> Sorry about that, you're absolutely right. Trivial fix. Find the line in
> ...
>> Then give it another go.
>
> Perfect, thanks Julian.
>
> I guess the "culprit" was this change to Archive::Zip
>
>> 1.24 Sun 23 Aug 2008 - Adam Kennedy
>>     * Incorrect file permissions after extraction.
>>     * Archive-Zip did not set the file permissions correctly in 
>> extractToFileNamed().
>
> Can we assume that you'll be posting a new beta (and possibly 
> incorporating a slightly less antedeluvian version of Archive::Zip in 
> your packages)?
I have updated to Archive::Zip 1.30 and added a new dependency on 
Compress::Raw::Zlib 2.027 for it.

I will release a new beta very soon with luck, there's just a bunch of 
checking of other stuff that has to be done first. So if you can run 
with the patch for a day or two, that would be great.

Glad we finally got the problem solved though! :-)

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From john at tradoc.fr  Fri May 28 12:43:50 2010
From: john at tradoc.fr (John Wilcock)
Date: Fri May 28 12:44:06 2010
Subject: docx problems
In-Reply-To: <EMEW3|95a8be7d3143bc4a5e939fd73f173c08m4RCKr0bMailScanner|ecs.soton.ac.uk|4BFFA70F.30808@ecs.soton.ac.uk>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<EMEW3|2b0f4f2616e10663c6e4d082a4e0c86bm4KBhl0bMailScanner|ecs.soton.ac.uk|4BF663DC.7080604@ecs.soton.ac.uk><4BF668AE.5030606@tradoc.fr><4BF84742.9090204@ecs.soton.ac.uk><EMEW3|d44411b3af9464de4686c4a65a1defcem4LM6F0bMailScanner|ecs.soton.ac.uk|4BF84742.9090204@ecs.soton.ac.uk>	<38773FB858C8DD4EB14ACC4310E34DF04D1F6D@PSIMS008.pshosting.intranet>	<38773FB858C8DD4EB14ACC4310E34DF04D1F72@PSIMS008.pshosting.intranet>	<4BFED852.9090901@tradoc.fr>	<4BFF7AA4.4050202@ecs.soton.ac.uk>	<EMEW3|d4fa56de6412e53a42897c217eca1778m4R9BH0bMailScanner|ecs.soton.ac.uk|4BFF7AA4.4050202@ecs.soton.ac.uk>	<4BFF90D2.10607@tradoc.fr>	<4BFF9C2B.7040004@ecs.soton.ac.uk>	<EMEW3|92f434067e4feb9ba072c8fab1f220e3m4RBYO0bMailScanner|ecs.soton.ac.uk|4BFF9C2B.7040004@ecs.soton.ac.uk	>	<4BFFA1DF.1090800@tradoc.fr>
	<4BFFA70F.30808@ecs.soton.ac.uk>
	<EMEW3|95a8be7d3143bc4a5e939fd73f173c08m4RCKr0bMailScanner|ecs.soton.ac.uk|4BFFA70F.30808@ecs.soton.ac.uk>
Message-ID: <4BFFAC76.1040304@tradoc.fr>

Le 28/05/2010 13:20, Julian Field a ?crit :
> I will release a new beta very soon with luck, there's just a bunch of
> checking of other stuff that has to be done first. So if you can run
> with the patch for a day or two, that would be great.

Will do.

Changing the subject slightly, is there any chance you'd also have time 
to take a look at the remaining /tmp symlink "vulnerabilities" in the 
autoupdate and wrapper scripts (that I mentioned to you offlist a while 
back), so as to placate the gentoo people who want to throw MailScanner 
out of their tree?

John.

-- 
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr
From dfrancis at dcf.net  Fri May 28 20:07:49 2010
From: dfrancis at dcf.net (David Francis)
Date: Fri May 28 20:01:54 2010
Subject: Fedora 13
Message-ID: <F054B4D4BE086B4AAA6C271B72E848AB29E8DE@exchsrv.office.dcf.net>

Hello All,

 

Running Fedora 13 and can't get an error free build installed of
MailScanner. The two packages that generate RPM build errors appear to
be:

 

perl-Compress-Zlib

perl-Archive-Zip

 

I have removed those packages and running:

./install.sh

./install.sh  reinstall

./install.sh inturn

 

I have reinstalled the above packages and re-ran the install script.

 

========= TRY TO START MAILSCANNER ================

[root@web ~]# service MailScanner start

Starting MailScanner daemons:

         incoming sendmail:                                [  OK  ]

         outgoing sendmail:                                [  OK  ]

         MailScanner:       Can't locate Compress/Raw/Zlib.pm in @INC
(@INC contains: /usr/lib/MailScanner /usr/local/lib/perl5
/usr/local/share/perl5

 /usr/local/share/perl5 /usr/lib/perl5 /usr/share/perl5 /usr/share/perl5
/usr/lib/perl5 /usr/share/perl5
/usr/local/lib/perl5/site_perl/5.10.0/i386-li

nux-thread-multi
/usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi
/usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0

/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0
/usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl
/usr/lib/MailScanner) at /usr/share/per

l5/Archive/Zip.pm line 12.

BEGIN failed--compilation aborted at /usr/share/perl5/Archive/Zip.pm
line 12.

Compilation failed in require at
/usr/lib/MailScanner/MailScanner/Message.pm line 48.

BEGIN failed--compilation aborted at
/usr/lib/MailScanner/MailScanner/Message.pm line 48.

Compilation failed in require at /usr/sbin/MailScanner line 108.

BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 108.

========= END TRY TO START MAILSCANNER ================

 

I can provide install log as well. Any clue where to start???

 

=============== INSTALL LOG SNIP ====================

Test Summary Report

-------------------

t/02zlib.t    (Wstat: 0 Tests: 239 Failed: 12)

  Failed tests:  35-37, 43-45, 51-53, 60, 62, 64

t/03examples.t (Wstat: 0 Tests: 16 Failed: 1)

  Failed test:  6

Files=6, Tests=305,  0 wallclock secs ( 0.07 usr  0.01 sys +  0.55 cusr
0.08 csys =  0.71 CPU)

Result: FAIL

Failed 2/6 test programs. 13/305 subtests failed.

make: *** [test_dynamic] Error 255

error: Bad exit status from /var/tmp/rpm-tmp.tUprX4 (%build)

 

RPM build errors:

    Bad exit status from /var/tmp/rpm-tmp.tUprX4 (%build)

 

Missing file
/root/rpmbuild/RPMS/i686/perl-Compress-Zlib-1.41-2.i686.rpm.

Maybe it did not build correctly?

 

Test Summary Report

-------------------

t/00.load.t       (Wstat: 512 Tests: 2 Failed: 2)

  Failed tests:  1-2

  Non-zero exit status: 2

t/test.t          (Wstat: 512 Tests: 0 Failed: 0)

  Non-zero exit status: 2

  Parse errors: No plan found in TAP output

t/testex.t        (Wstat: 512 Tests: 0 Failed: 0)

  Non-zero exit status: 2

  Parse errors: No plan found in TAP output

t/testMemberRead.t (Wstat: 512 Tests: 0 Failed: 0)

  Non-zero exit status: 2

  Parse errors: No plan found in TAP output

t/testTree.t      (Wstat: 512 Tests: 0 Failed: 0)

  Non-zero exit status: 2

  Parse errors: No plan found in TAP output

t/testUpdate.t    (Wstat: 512 Tests: 0 Failed: 0)

  Non-zero exit status: 2

  Parse errors: No plan found in TAP output

Files=7, Tests=10,  0 wallclock secs ( 0.04 usr  0.01 sys +  0.40 cusr
0.04 csys =  0.49 CPU)

Result: FAIL

Failed 6/7 test programs. 2/10 subtests failed.

make: *** [test_dynamic] Error 2

error: Bad exit status from /var/tmp/rpm-tmp.4BPULK (%build)

 

RPM build errors:

    Bad exit status from /var/tmp/rpm-tmp.4BPULK (%build)

 

Missing file
/root/rpmbuild/RPMS/noarch/perl-Archive-Zip-1.16-2.noarch.rpm.

Maybe it did not build correctly?

 

=============== END  INSTALL LOG SNIP ================

 

 

 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100528/b2c90b7f/attachment.html
From peter at farrows.org  Fri May 28 20:21:07 2010
From: peter at farrows.org (Peter Farrow)
Date: Fri May 28 20:21:18 2010
Subject: Fedora 13
In-Reply-To: <F054B4D4BE086B4AAA6C271B72E848AB29E8DE@exchsrv.office.dcf.net>
References: <F054B4D4BE086B4AAA6C271B72E848AB29E8DE@exchsrv.office.dcf.net>
Message-ID: <4C0017A3.9070004@farrows.org>

On 28/05/2010 20:07, David Francis wrote:
>
> Hello All,
>
> Running Fedora 13 and can't get an error free build installed of 
> MailScanner. The two packages that generate RPM build errors appear to be:
>
> perl-Compress-Zlib
>
> perl-Archive-Zip
>
> I have removed those packages and running:
>
> ./install.sh
>
> ./install.sh  reinstall
>
> ./install.sh inturn
>
> I have reinstalled the above packages and re-ran the install script.
>
> ========= TRY TO START MAILSCANNER ================
>
> [root@web ~]# service MailScanner start
>
> Starting MailScanner daemons:
>
>          incoming sendmail:                                [  OK  ]
>
>          outgoing sendmail:                                [  OK  ]
>
>          MailScanner:       Can't locate Compress/Raw/Zlib.pm in @INC 
> (@INC contains: /usr/lib/MailScanner /usr/local/lib/perl5 
> /usr/local/share/perl5
>
>  /usr/local/share/perl5 /usr/lib/perl5 /usr/share/perl5 
> /usr/share/perl5 /usr/lib/perl5 /usr/share/perl5 
> /usr/local/lib/perl5/site_perl/5.10.0/i386-li
>
> nux-thread-multi 
> /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi 
> /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0
>
> /i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 
> /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl 
> /usr/lib/MailScanner) at /usr/share/per
>
> l5/Archive/Zip.pm line 12.
>
> BEGIN failed--compilation aborted at /usr/share/perl5/Archive/Zip.pm 
> line 12.
>
> Compilation failed in require at 
> /usr/lib/MailScanner/MailScanner/Message.pm line 48.
>
> BEGIN failed--compilation aborted at 
> /usr/lib/MailScanner/MailScanner/Message.pm line 48.
>
> Compilation failed in require at /usr/sbin/MailScanner line 108.
>
> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 108.
>
> ========= END TRY TO START MAILSCANNER ================
>
> I can provide install log as well. Any clue where to start???
>
> =============== INSTALL LOG SNIP ====================
>
> Test Summary Report
>
> -------------------
>
> t/02zlib.t    (Wstat: 0 Tests: 239 Failed: 12)
>
>   Failed tests:  35-37, 43-45, 51-53, 60, 62, 64
>
> t/03examples.t (Wstat: 0 Tests: 16 Failed: 1)
>
>   Failed test:  6
>
> Files=6, Tests=305,  0 wallclock secs ( 0.07 usr  0.01 sys +  0.55 
> cusr  0.08 csys =  0.71 CPU)
>
> Result: FAIL
>
> Failed 2/6 test programs. 13/305 subtests failed.
>
> make: *** [test_dynamic] Error 255
>
> error: Bad exit status from /var/tmp/rpm-tmp.tUprX4 (%build)
>
> RPM build errors:
>
>     Bad exit status from /var/tmp/rpm-tmp.tUprX4 (%build)
>
> Missing file /root/rpmbuild/RPMS/i686/perl-Compress-Zlib-1.41-2.i686.rpm.
>
> Maybe it did not build correctly?
>
> Test Summary Report
>
> -------------------
>
> t/00.load.t       (Wstat: 512 Tests: 2 Failed: 2)
>
>   Failed tests:  1-2
>
>   Non-zero exit status: 2
>
> t/test.t          (Wstat: 512 Tests: 0 Failed: 0)
>
>   Non-zero exit status: 2
>
>   Parse errors: No plan found in TAP output
>
> t/testex.t        (Wstat: 512 Tests: 0 Failed: 0)
>
>   Non-zero exit status: 2
>
>   Parse errors: No plan found in TAP output
>
> t/testMemberRead.t (Wstat: 512 Tests: 0 Failed: 0)
>
>   Non-zero exit status: 2
>
>   Parse errors: No plan found in TAP output
>
> t/testTree.t      (Wstat: 512 Tests: 0 Failed: 0)
>
>   Non-zero exit status: 2
>
>   Parse errors: No plan found in TAP output
>
> t/testUpdate.t    (Wstat: 512 Tests: 0 Failed: 0)
>
>   Non-zero exit status: 2
>
>   Parse errors: No plan found in TAP output
>
> Files=7, Tests=10,  0 wallclock secs ( 0.04 usr  0.01 sys +  0.40 
> cusr  0.04 csys =  0.49 CPU)
>
> Result: FAIL
>
> Failed 6/7 test programs. 2/10 subtests failed.
>
> make: *** [test_dynamic] Error 2
>
> error: Bad exit status from /var/tmp/rpm-tmp.4BPULK (%build)
>
> RPM build errors:
>
>     Bad exit status from /var/tmp/rpm-tmp.4BPULK (%build)
>
> Missing file 
> /root/rpmbuild/RPMS/noarch/perl-Archive-Zip-1.16-2.noarch.rpm.
>
> Maybe it did not build correctly?
>
> =============== END  INSTALL LOG SNIP ================
>
Maybe the real question that should be asked is why are you trying to 
run Mailscanner on a "not for production" test/development OS?

Fedora is not the right platform for MailScanner, or any other 
production application, its a testing environment type OS and as such it 
has very regular, changes, updates and major OS revisions.

If you install it on Centos/RedHat or any other production ready OS 
these problems diminish, so make life easy and change the OS, anyway 
Fedora 14 will be out tomorrow afternoon and Fedora 15 next week, so 
you'll be doing this alot...


Just my 10p worth...

Pete


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100528/f3f5fde7/attachment.html
From ka at pacific.net  Fri May 28 21:53:42 2010
From: ka at pacific.net (Ken A)
Date: Fri May 28 21:54:23 2010
Subject: Fedora 13
In-Reply-To: <4C0017A3.9070004@farrows.org>
References: <F054B4D4BE086B4AAA6C271B72E848AB29E8DE@exchsrv.office.dcf.net>
	<4C0017A3.9070004@farrows.org>
Message-ID: <4C002D56.6060806@pacific.net>



On 5/28/2010 2:21 PM, Peter Farrow wrote:
>>     Bad exit status from /var/tmp/rpm-tmp.4BPULK (%build)
>>
>> Missing file
>> /root/rpmbuild/RPMS/noarch/perl-Archive-Zip-1.16-2.noarch.rpm.
>>
>> Maybe it did not build correctly?
>>
>> =============== END  INSTALL LOG SNIP ================
>>
> Maybe the real question that should be asked is why are you trying to
> run Mailscanner on a "not for production" test/development OS?
>
> Fedora is not the right platform for MailScanner, or any other
> production application, its a testing environment type OS and as such it
> has very regular, changes, updates and major OS revisions.


Fedora is a good environment for MailScanner. RedHat, *BSD, or *Solaris 
may be better in most circumstances. There are advantages to each. It 
just depends on how you operate. I don't mind the 6 month release cycle 
at all, though F13 does make me feel old.

Ken


-- 
Ken Anderson
Pacific Internet - http://www.pacific.net
From dfrancis at dcf.net  Fri May 28 23:00:43 2010
From: dfrancis at dcf.net (David Francis)
Date: Fri May 28 22:54:42 2010
Subject: Fedora 13
In-Reply-To: <4C0017A3.9070004@farrows.org>
References: <F054B4D4BE086B4AAA6C271B72E848AB29E8DE@exchsrv.office.dcf.net>
	<4C0017A3.9070004@farrows.org>
Message-ID: <F054B4D4BE086B4AAA6C271B72E848AB29E8DF@exchsrv.office.dcf.net>

 

Wow. People usually get spanked for not putting enough effort into
framing their question or researching a solution prior to posting. I get
spanked for the OS, did I just walk into a MAC forum?

 

You make a valid point though. Is CentOS the GPL OS of choice for
enterprise class mail servers? 

 

Any help on the existing Fedora issue?

 

Thanks...David

 

 

 

 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100528/e5839fbf/attachment.html
From ssilva at sgvwater.com  Fri May 28 23:39:08 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri May 28 23:39:25 2010
Subject: docx problems
In-Reply-To: <EMEW3|b93a5d60a7777ec89e584815762c211fm4R9QV0bMailScanner|ecs.soton.ac.uk|4BFF7E35.4040903@ecs.soton.ac.uk>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<EMEW3|032f90acf04417405de83314a67f7013m4KAUx0bMailScanner|ecs.soton.ac.uk|4BF652CF.5000807@ecs.soton.ac.uk>	<4BF65643.4040308@tradoc.fr>	<4BF663DC.7080604@ecs.soton.ac.uk>	<EMEW3|2b0f4f2616e10663c6e4d082a4e0c86bm4KBhl0bMailScanner|ecs.soton.ac.uk|4BF663DC.7080604@ecs.soton.ac.uk><4BF668AE.5030606@tradoc.fr><4BF84742.9090204@ecs.soton.ac.uk><EMEW3|d44411b3af9464de4686c4a65a1defcem4LM6F0bMailScanner|ecs.soton.ac.uk|4BF84742.9090204@ecs.soton.ac.uk>	<38773FB858C8DD4EB14ACC4310E34DF04D1F6D@PSIMS008.pshosting.intranet>	<38773FB858C8DD4EB14ACC4310E34DF04D1F72@PSIMS008.psh
	osting.intranet>	<4BFED852.9090901@tradoc.fr>	<4BFF7AA4.4050202@ecs.soton.ac.uk>	<EMEW3|d4fa56de6412e53a42897c217eca1778m4R9BH0bMailScanner|ecs.soton.ac.uk|4BFF7AA4.4050202@ecs.soton.ac.uk>	<4BFF7E35.4040903@ecs.soton.ac.uk>
	<EMEW3|b93a5d60a7777ec89e584815762c211fm4R9QV0bMailScanner|ecs.soton.ac.uk|4BFF7E35.4040903@ecs.soton.ac.uk>
Message-ID: <htpgmc$o8o$1@dough.gmane.org>

on 5-28-2010 1:26 AM Julian Field spake the following:
> 
> 
> On 28/05/2010 09:11, Julian Field wrote:
>> I've got good news and bad news.
>>
>> The bad news is that I still can't reproduce this problem, it just
>> works fine for me. :-(
>> The good news is that I haven't written you a fix anyway. :-)
> Errr.... slight typo there :-)
> 
> Jules
> 
Isn't it amazing when you can read something a dozen times, and not see the
typos until you hit "send"? And then suddenly there they are!

From ssilva at sgvwater.com  Fri May 28 23:47:24 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri May 28 23:47:50 2010
Subject: Fedora 13
In-Reply-To: <F054B4D4BE086B4AAA6C271B72E848AB29E8DF@exchsrv.office.dcf.net>
References: <F054B4D4BE086B4AAA6C271B72E848AB29E8DE@exchsrv.office.dcf.net>	<4C0017A3.9070004@farrows.org>
	<F054B4D4BE086B4AAA6C271B72E848AB29E8DF@exchsrv.office.dcf.net>
Message-ID: <htph65$qd8$1@dough.gmane.org>

on 5-28-2010 3:00 PM David Francis spake the following:
>  
> 
> Wow. People usually get spanked for not putting enough effort into
> framing their question or researching a solution prior to posting. I get
> spanked for the OS, did I just walk into a MAC forum?
> 
>  
> 
> You make a valid point though. Is CentOS the GPL OS of choice for
> enterprise class mail servers?
> 
Maybe not the OS of choice, but the RedHat compatible OS of choice. Any stable
Enterprise class OS will work, but the cutting edge is a little too sharp for
most of us. We like to set up a server, and not have to re-do it until its
hardware is replaced. Fedora problems usually stem from its wide changing
API/ABI structure and near bleeding edge perl. But it is great for a desktop
on new hardware.

From dfrancis at dcf.net  Sat May 29 00:16:41 2010
From: dfrancis at dcf.net (David Francis)
Date: Sat May 29 00:10:42 2010
Subject: Fedora 13
In-Reply-To: <htph65$qd8$1@dough.gmane.org>
References: <F054B4D4BE086B4AAA6C271B72E848AB29E8DE@exchsrv.office.dcf.net>	<4C0017A3.9070004@farrows.org><F054B4D4BE086B4AAA6C271B72E848AB29E8DF@exchsrv.office.dcf.net>
	<htph65$qd8$1@dough.gmane.org>
Message-ID: <F054B4D4BE086B4AAA6C271B72E848AB29E8E0@exchsrv.office.dcf.net>

>> Maybe not the OS of choice, but the RedHat compatible OS of choice. Any stable
>> Enterprise class OS will work,

I accept your point completely. While I'm going through this exercise, can you please point me to other Enterprise class OS that Admins favor? Thanks!

David 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From peter at farrows.org  Sat May 29 00:33:19 2010
From: peter at farrows.org (Peter Farrow)
Date: Sat May 29 00:33:30 2010
Subject: Fedora 13
In-Reply-To: <F054B4D4BE086B4AAA6C271B72E848AB29E8E0@exchsrv.office.dcf.net>
References: <F054B4D4BE086B4AAA6C271B72E848AB29E8DE@exchsrv.office.dcf.net>	<4C0017A3.9070004@farrows.org><F054B4D4BE086B4AAA6C271B72E848AB29E8DF@exchsrv.office.dcf.net>	<htph65$qd8$1@dough.gmane.org>
	<F054B4D4BE086B4AAA6C271B72E848AB29E8E0@exchsrv.office.dcf.net>
Message-ID: <4C0052BF.7050002@farrows.org>

On 29/05/2010 00:16, David Francis wrote:
>>> Maybe not the OS of choice, but the RedHat compatible OS of choice. Any stable
>>> Enterprise class OS will work,
>>>        
> I accept your point completely. While I'm going through this exercise, can you please point me to other Enterprise class OS that Admins favor? Thanks!
>
> David
>
>    
If you want the minimum of hassle and maximum reliability, there are two 
real choices, Centos or Red Hat Enterprise, if you want a free one, then 
its Centos.

The thing is,  unless you like wading through problems created by 
libraries so far up the crest of the wave you are falling down the other 
side, its best to go with an OS thats really solid and uses libraries 
that are not quite so bleeding edge.

Its all about having an easy life, and most people will have tested 
stuff on RedHat and/or Centos, which means if you do run into a problem 
someone will almst certainly have found it before you and published a fix.

If you want to go right out in front and use Fedora 13 (its probably 14 
by the time I finish writing this LOL) . Then really you are on a hiding 
to nothing trying to resolve library problems like the ones you found.   
Its probably not in the knowledge base of most people here to have a fix 
for that, because most people would say "wrong OS", and not even try.

I did not mean to be rude or too critical, but the problems you 
experienced are all down to the OS, so fix the easy thing, put it on an 
OS the developers would have tested it on, eg: RedHat/Centos. Its a 
wasted effort trying to get it to run on Fedora 13, its simply the wrong 
choice.

Centos 5.4 would be a very safe bet just now, or even 5.5, but I haven't 
gone there yet, I only upgrade when a security issue, bug or feature 
requirement demands it,

Other than that, I install it and forget it, thats how I like my servers 
to run,

Pete



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100529/7c8fbdbe/attachment.html
From zepplin at exemail.com.au  Sat May 29 05:49:44 2010
From: zepplin at exemail.com.au (George)
Date: Sat May 29 05:50:01 2010
Subject: Fedora 13
In-Reply-To: <4C0052BF.7050002@farrows.org>
References: <F054B4D4BE086B4AAA6C271B72E848AB29E8DE@exchsrv.office.dcf.net>	<4C0017A3.9070004@farrows.org><F054B4D4BE086B4AAA6C271B72E848AB29E8DF@exchsrv.office.dcf.net>	<htph65$qd8$1@dough.gmane.org>	<F054B4D4BE086B4AAA6C271B72E848AB29E8E0@exchsrv.office.dcf.net>
	<4C0052BF.7050002@farrows.org>
Message-ID: <4C009CE8.9020400@exemail.com.au>

An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100529/97787d1d/attachment.html
From MailScanner at ecs.soton.ac.uk  Sat May 29 18:17:18 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Sat May 29 18:17:35 2010
Subject: Fedora 13
In-Reply-To: <F054B4D4BE086B4AAA6C271B72E848AB29E8DE@exchsrv.office.dcf.net>
References: <F054B4D4BE086B4AAA6C271B72E848AB29E8DE@exchsrv.office.dcf.net>
	<4C014C1E.6070204@ecs.soton.ac.uk>
Message-ID: <EMEW3|0e5a16706878fb546aa0b3dd59d5ada6m4SIHQ0bMailScanner|ecs.soton.ac.uk|4C014C1E.6070204@ecs.soton.ac.uk>

Your version of Archive-Zip is very recent, and requires 
perl-Compress-Raw-Zlib instead of perl-Compress-Zlib. Install that from 
rpmforge first and then try again.

As for choice of OS, CentOS is a very popular choice. Fedora is okay if 
you want to reinstall every few months, but most people don't like to 
make work for themselves :-)

Jules.

On 28/05/2010 20:07, David Francis wrote:
>
> Hello All,
>
> Running Fedora 13 and can?t get an error free build installed of 
> MailScanner. The two packages that generate RPM build errors appear to be:
>
> perl-Compress-Zlib
>
> perl-Archive-Zip
>
> I have removed those packages and running:
>
> ./install.sh
>
> ./install.sh reinstall
>
> ./install.sh inturn
>
> I have reinstalled the above packages and re-ran the install script.
>
> ========= TRY TO START MAILSCANNER ================
>
> [root@web ~]# service MailScanner start
>
> Starting MailScanner daemons:
>
> incoming sendmail: [ OK ]
>
> outgoing sendmail: [ OK ]
>
> MailScanner: Can't locate Compress/Raw/Zlib.pm in @INC (@INC contains: 
> /usr/lib/MailScanner /usr/local/lib/perl5 /usr/local/share/perl5
>
> /usr/local/share/perl5 /usr/lib/perl5 /usr/share/perl5 
> /usr/share/perl5 /usr/lib/perl5 /usr/share/perl5 
> /usr/local/lib/perl5/site_perl/5.10.0/i386-li
>
> nux-thread-multi 
> /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi 
> /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0
>
> /i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 
> /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl 
> /usr/lib/MailScanner) at /usr/share/per
>
> l5/Archive/Zip.pm line 12.
>
> BEGIN failed--compilation aborted at /usr/share/perl5/Archive/Zip.pm 
> line 12.
>
> Compilation failed in require at 
> /usr/lib/MailScanner/MailScanner/Message.pm line 48.
>
> BEGIN failed--compilation aborted at 
> /usr/lib/MailScanner/MailScanner/Message.pm line 48.
>
> Compilation failed in require at /usr/sbin/MailScanner line 108.
>
> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 108.
>
> ========= END TRY TO START MAILSCANNER ================
>
> I can provide install log as well. Any clue where to start???
>
> =============== INSTALL LOG SNIP ====================
>
> Test Summary Report
>
> -------------------
>
> t/02zlib.t (Wstat: 0 Tests: 239 Failed: 12)
>
> Failed tests: 35-37, 43-45, 51-53, 60, 62, 64
>
> t/03examples.t (Wstat: 0 Tests: 16 Failed: 1)
>
> Failed test: 6
>
> Files=6, Tests=305, 0 wallclock secs ( 0.07 usr 0.01 sys + 0.55 cusr 
> 0.08 csys = 0.71 CPU)
>
> Result: FAIL
>
> Failed 2/6 test programs. 13/305 subtests failed.
>
> make: *** [test_dynamic] Error 255
>
> error: Bad exit status from /var/tmp/rpm-tmp.tUprX4 (%build)
>
> RPM build errors:
>
> Bad exit status from /var/tmp/rpm-tmp.tUprX4 (%build)
>
> Missing file /root/rpmbuild/RPMS/i686/perl-Compress-Zlib-1.41-2.i686.rpm.
>
> Maybe it did not build correctly?
>
> Test Summary Report
>
> -------------------
>
> t/00.load.t (Wstat: 512 Tests: 2 Failed: 2)
>
> Failed tests: 1-2
>
> Non-zero exit status: 2
>
> t/test.t (Wstat: 512 Tests: 0 Failed: 0)
>
> Non-zero exit status: 2
>
> Parse errors: No plan found in TAP output
>
> t/testex.t (Wstat: 512 Tests: 0 Failed: 0)
>
> Non-zero exit status: 2
>
> Parse errors: No plan found in TAP output
>
> t/testMemberRead.t (Wstat: 512 Tests: 0 Failed: 0)
>
> Non-zero exit status: 2
>
> Parse errors: No plan found in TAP output
>
> t/testTree.t (Wstat: 512 Tests: 0 Failed: 0)
>
> Non-zero exit status: 2
>
> Parse errors: No plan found in TAP output
>
> t/testUpdate.t (Wstat: 512 Tests: 0 Failed: 0)
>
> Non-zero exit status: 2
>
> Parse errors: No plan found in TAP output
>
> Files=7, Tests=10, 0 wallclock secs ( 0.04 usr 0.01 sys + 0.40 cusr 
> 0.04 csys = 0.49 CPU)
>
> Result: FAIL
>
> Failed 6/7 test programs. 2/10 subtests failed.
>
> make: *** [test_dynamic] Error 2
>
> error: Bad exit status from /var/tmp/rpm-tmp.4BPULK (%build)
>
> RPM build errors:
>
> Bad exit status from /var/tmp/rpm-tmp.4BPULK (%build)
>
> Missing file 
> /root/rpmbuild/RPMS/noarch/perl-Archive-Zip-1.16-2.noarch.rpm.
>
> Maybe it did not build correctly?
>
> =============== END INSTALL LOG SNIP ================
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean. 

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From dfrancis at dcf.net  Sun May 30 03:15:53 2010
From: dfrancis at dcf.net (David Francis)
Date: Sun May 30 03:09:55 2010
Subject: Fedora 13
In-Reply-To: <EMEW3|0e5a16706878fb546aa0b3dd59d5ada6m4SIHQ0bMailScanner|ecs.soton.ac.uk|4C014C1E.6070204@ecs.soton.ac.uk>
References: <F054B4D4BE086B4AAA6C271B72E848AB29E8DE@exchsrv.office.dcf.net><4C014C1E.6070204@ecs.soton.ac.uk>
	<EMEW3|0e5a16706878fb546aa0b3dd59d5ada6m4SIHQ0bMailScanner|ecs.soton.ac.uk|4C014C1E.6070204@ecs.soton.ac.uk>
Message-ID: <F054B4D4BE086B4AAA6C271B72E848AB29E8F0@exchsrv.office.dcf.net>

Thanks...that package is installed. Fixed-up two symbolic links to the
perl files and VIOLA!

Thanks again!  


-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jules
Field
Sent: Saturday, May 29, 2010 1:17 PM
To: MailScanner discussion
Subject: Re: Fedora 13

Your version of Archive-Zip is very recent, and requires 
perl-Compress-Raw-Zlib instead of perl-Compress-Zlib. Install that from 
rpmforge first and then try again.

As for choice of OS, CentOS is a very popular choice. Fedora is okay if 
you want to reinstall every few months, but most people don't like to 
make work for themselves :-)


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From alex at rtpty.com  Sun May 30 03:23:36 2010
From: alex at rtpty.com (Alex Neuman)
Date: Sun May 30 03:23:49 2010
Subject: Fedora 13
In-Reply-To: <F054B4D4BE086B4AAA6C271B72E848AB29E8F0@exchsrv.office.dcf.net>
References: <F054B4D4BE086B4AAA6C271B72E848AB29E8DE@exchsrv.office.dcf.net><4C014C1E.6070204@ecs.soton.ac.uk><EMEW3|0e5a16706878fb546aa0b3dd59d5ada6m4SIHQ0bMailScanner|ecs.soton.ac.uk|4C014C1E.6070204@ecs.soton.ac.uk><F054B4D4BE086B4AAA6C271B72E848AB29E8F0@exchsrv.office.dcf.net>
Message-ID: <1884860587-1275186215-cardhu_decombobulator_blackberry.rim.net-852896770-@bda942.bisx.prod.on.blackberry>

I'm glad the string instrument appeared!
--

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex@rtpty.com

-----Original Message-----
From: "David Francis" <dfrancis@dcf.net>
Date: Sat, 29 May 2010 22:15:53 
To: MailScanner discussion<mailscanner@lists.mailscanner.info>
Subject: RE: Fedora 13

Thanks...that package is installed. Fixed-up two symbolic links to the
perl files and VIOLA!

Thanks again!  


-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jules
Field
Sent: Saturday, May 29, 2010 1:17 PM
To: MailScanner discussion
Subject: Re: Fedora 13

Your version of Archive-Zip is very recent, and requires 
perl-Compress-Raw-Zlib instead of perl-Compress-Zlib. Install that from 
rpmforge first and then try again.

As for choice of OS, CentOS is a very popular choice. Fedora is okay if 
you want to reinstall every few months, but most people don't like to 
make work for themselves :-)


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
From mailbag at partnersolutions.ca  Sun May 30 05:31:36 2010
From: mailbag at partnersolutions.ca (PSI Mailbag)
Date: Sun May 30 05:31:28 2010
Subject: docx problems
In-Reply-To: <EMEW3|92f434067e4feb9ba072c8fab1f220e3m4RBYO0bMailScanner|ecs.soton.ac.uk|4BFF9C2B.7040004@ecs.soton.ac.uk>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<4BF37D97.70207@tradoc.fr>	<4BF652CF.5000807@ecs.soton.ac.uk>	<EMEW3|032f90acf04417405de83314a67f7013m4KAUx0bMailScanner|ecs.soton.ac.uk|4BF652CF.5000807@ecs.soton.ac.uk>	<4BF65643.4040308@tradoc.fr>	<4BF663DC.7080604@ecs.soton.ac.uk>	<EMEW3|2b0f4f2616e10663c6e4d082a4e0c86bm4KBhl0bMailScanner|ecs.soton.ac.uk|4BF663DC.7080604@ecs.soton.ac.uk><4BF668AE.5030606@tradoc.fr><4BF84742.9090204@ecs.soton.ac.uk><EMEW3|d44411b3af9464de4686c4a65a1defcem4LM6F0bMailScanner|ecs.soton.ac.uk|4BF84742.9090204@ecs.soton.ac.uk>	<38773FB858C8DD4EB14ACC4310E34DF04D1F6D@PSIMS008.pshosting.intranet>	<38773FB858C8DD4EB14ACC4310E34DF04D1F72@PSIMS008.pshosting.intranet>	<4BFED852.9090901@tradoc.fr>	<4BFF7AA4.4050202@ecs.soton.ac.uk>	<EMEW3|d4fa56de6412e53a42897c217eca1778m4R9BH0bMailScanner|ecs.soton.ac.uk|4BFF7AA4.4050202@ecs.soton.ac.uk><4BFF90D2.10607@tradoc.fr>
	<4BFF9C2B.7040004@ecs.soton.ac.uk>
	<EMEW3|92f434067e4feb9ba072c8fab1f220e3m4RBYO0 bMailSca
	nner|ecs.soton.ac.uk|4BFF9C2B.7040004@ecs.soton.ac.uk>
Message-ID: <38773FB858C8DD4EB14ACC4310E34DF04D1F80@PSIMS008.pshosting.intranet>

> Sorry about that, you're absolutely right. Trivial fix. Find the line
> in the patch that says
>        push @tmplist, $tmplist1;
> and change it to
>        push @tmplist, $tmplist1 unless -d $tmplist1;
> 
> Then give it another go.

Maybe I'm missing something, but this line wasn't in the patch you sent
to the list. Was this supposed to be after "$tmplist1 = $1;"? If so, is
it safe to backport this patch to 4.79.11? Is there anything I need to
watch out for if I add in the missing "push" to the patch and match the
"JFK 20100211" changes (as shown in your diff) in that section of the
module?

I would like to test out the patch, but would prefer to stay on the last
stable for this particular server..



> You are running a much more recent version of Archive::Zip than the
one
> I distribute, which would explain why only a few people are seeing the
> problem. I distribute 1.16 and this doesn't cause this problem to show
> itself.

My particular Archive::Zip (1.24) is from the FSL Gold repo.. which
you're technically the CTO of, right? ;-)



As an aside, today marks my 2,500th day running MailScanner! Oddly
enough, it's also the same day that we hit 6 TB of content being
processed by MailScanner. Thanks for your time over the years, Jules!

-Joshua
From MailScanner at ecs.soton.ac.uk  Sun May 30 14:36:22 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Sun May 30 14:36:43 2010
Subject: docx problems
In-Reply-To: <38773FB858C8DD4EB14ACC4310E34DF04D1F80@PSIMS008.pshosting.intranet>
References: <201713.99011.qm@web30008.mail.mud.yahoo.com>	<4BF65643.4040308@tradoc.fr>	<4BF663DC.7080604@ecs.soton.ac.uk>	<EMEW3|2b0f4f2616e10663c6e4d082a4e0c86bm4KBhl0bMailScanner|ecs.soton.ac.uk|4BF663DC.7080604@ecs.soton.ac.uk><4BF668AE.5030606@tradoc.fr><4BF84742.9090204@ecs.soton.ac.uk><EMEW3|d44411b3af9464de4686c4a65a1defcem4LM6F0bMailScanner|ecs.soton.ac.uk|4BF84742.9090204@ecs.soton.ac.uk>	<38773FB858C8DD4EB14ACC4310E34DF04D1F6D@PSIMS008.pshosting.intranet>	<38773FB858C8DD4EB14ACC4310E34DF04D1F72@PSIMS008.pshosting.intranet>	<4BFED852.9090901@tradoc.fr>	<4BFF7AA4.4050202@ecs.soton.ac.uk>	<EMEW3|d4fa56de6412e53a42897c217eca1778m4R9BH0bMailScanner|ecs.soton.ac.uk|4BFF7AA4.4050202@ecs.soton.ac.uk><4BFF90D2.10607@tradoc.fr>	<4BFF9C2B.7040004@ecs.soton.ac.uk>	<EMEW3|92f434067e4feb9ba072c8fab1f220e3m4RBYO0
	bMailSca	nner|ecs.soton.ac.uk|4BFF9C2B.7040004@ecs.soton.ac.uk>
	<38773FB858C8DD4EB14ACC4310E34DF04D1F80@PSIMS008.pshosting.intranet>
	<4C0269D6.2020807@ecs.soton.ac.uk>
Message-ID: <EMEW3|4fe9bef7b2f4bbb32004735cbab89374m4YEaS0bMailScanner|ecs.soton.ac.uk|4C0269D6.2020807@ecs.soton.ac.uk>



On 30/05/2010 05:31, PSI Mailbag wrote:
>> Sorry about that, you're absolutely right. Trivial fix. Find the line
>> in the patch that says
>>         push @tmplist, $tmplist1;
>> and change it to
>>         push @tmplist, $tmplist1 unless -d $tmplist1;
>>
>> Then give it another go.
>>      
> Maybe I'm missing something, but this line wasn't in the patch you sent
> to the list. Was this supposed to be after "$tmplist1 = $1;"? If so, is
> it safe to backport this patch to 4.79.11? Is there anything I need to
> watch out for if I add in the missing "push" to the patch and match the
> "JFK 20100211" changes (as shown in your diff) in that section of the
> module?
>    
The entire chunk of code just there in Message.pm should look like this:

   # Set the owner and group on all the extracted files
   # JKF 20100211 chown $workarea->{uid}, $workarea->{gid}, map { 
m/(.*)/ } grep { -f } glob "$explodeinto/* $explodeinto/.*"
   # JKF 20100211  if $workarea->{changeowner};
   my($tmplist1,@tmplist);
   if ($workarea->{changeowner}) {
     foreach $tmplist1 (glob "$explodeinto/* $explodeinto/.*") {
       $tmplist1 =~ /(.*)/;
       $tmplist1 = $1;
       push @tmplist, $tmplist1 unless -d $tmplist1;
     }
     chown $workarea->{uid}, $workarea->{gid}, @tmplist if @tmplist;
   }
   # JKF 20100528 Now set the perms on all the extracted files
   my $workperms = MailScanner::Config::Value('workperms') || '0600';
   # Make it octal with a leading zero if necessary
   $workperms = sprintf "0%lo", $workperms unless $workperms =~ /^0/;
   $workperms = oct($workperms); # and back to decimal for chmod
   chmod $workperms, @tmplist if @tmplist;
}

> I would like to test out the patch, but would prefer to stay on the last
> stable for this particular server..
>
>
>
>    
>> You are running a much more recent version of Archive::Zip than the
>>      
> one
>    
>> I distribute, which would explain why only a few people are seeing the
>> problem. I distribute 1.16 and this doesn't cause this problem to show
>> itself.
>>      
> My particular Archive::Zip (1.24) is from the FSL Gold repo.. which
> you're technically the CTO of, right? ;-)
>    
Doesn't mean I put together that particular repo...
>
>
> As an aside, today marks my 2,500th day running MailScanner! Oddly
> enough, it's also the same day that we hit 6 TB of content being
> processed by MailScanner. Thanks for your time over the years, Jules!
>    
No probs :-)

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From maillists at conactive.com  Mon May 31 13:31:15 2010
From: maillists at conactive.com (Kai Schaetzl)
Date: Mon May 31 13:31:25 2010
Subject: Fedora 13
In-Reply-To: <F054B4D4BE086B4AAA6C271B72E848AB29E8DF@exchsrv.office.dcf.net>
References: <F054B4D4BE086B4AAA6C271B72E848AB29E8DE@exchsrv.office.dcf.net>
	<4C0017A3.9070004@farrows.org>
	<F054B4D4BE086B4AAA6C271B72E848AB29E8DF@exchsrv.office.dcf.net>
Message-ID: <VA.00003b12.2780cb3e@news.conactive.com>

David Francis wrote on Fri, 28 May 2010 18:00:43 -0400:

> Any help on the existing Fedora issue?

Quite simple. You use an rpm-based Fedora system. So, first make sure you 
meet all the Perl requirements. If modules are missing then install them 
via yum from the *Fedora* repository. If there are still Perl modules 
missing then, again, install them via yum from one of the supporting, 
recommended repositories. I think that is EPEL, maybe others, maybe 
rpmforge. Once you have fulfilled all the Perl module requirements this 
way (and I know you can), only then proceed to install MailScanner and 
only install the mailscanner*.rpm from within the tarball. Do not install 
and build all the Perl modules. This applies to CentOS/RHEL as well.

Kai

-- 
Get your web at Conactive Internet Services: http://www.conactive.com



From linux.sergio at gmail.com  Mon May 31 20:52:55 2010
From: linux.sergio at gmail.com (Sergio Rodrigues)
Date: Mon May 31 20:53:05 2010
Subject: Warning Is Attachment
Message-ID: <AANLkTikoI6pGNotX_NhGVvIJgcoH4L6pvffwSQDzayAq@mail.gmail.com>

Mostrar romaniza??o
Hello everyone,
My MailScanner is almost 100%. I'm trying to get the warning messages arrive
in the message body and not as an attachment.
I've already set the "Warning Is Attachment = no", but the messages still
arrive as attachment.

sergios
ps.: sorry for my english
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100531/1569e5bd/attachment.html