From deejay.grp at gmail.com Mon Nov 1 10:55:30 2010 From: deejay.grp at gmail.com (Greg Pearson) Date: Mon Nov 1 10:55:48 2010 Subject: Foreign filename checking Message-ID: <4CCE9CA2.3060500@gmail.com> Hello all, some of my users are used to send attachments with foreign filenames (Russian etc.). It seems that MailScanner cannot properly handle those filenames when they are converted to UTF8 by the mail client. So a filename with foreign characters would become something like: "utf-8''%%CE%%95%%CF%%83%%CF%%89%%CF%%84%%CE%%B5%%CF%%81%%CE%%B9%%CE%%BA%%CF%%8C%%CF%%82%%20%%CE%%BA%%CE%%B1%%CE%%BD%%CE%%BF%%CE%%BD%%CE%%B9%%CF%%83%%CE%%BC%%CF%%8C%%CF%%82%%20lomi%%2001%%202008.doc" And hence Mailscanner will complain that this filename is too long, which is of course not the case. It is mentioned in the Changelog that the latest version (4.81.4) has dealt with this: "16 Improved handling of Unicode and foreign character sets used in attachment filenames." But the problem remains. I wouldn't want to disable the filename length rule completely, so I would appreciate some help on this. Thanks From noel.butler at ausics.net Mon Nov 1 12:31:16 2010 From: noel.butler at ausics.net (Noel Butler) Date: Mon Nov 1 12:31:31 2010 Subject: Process did not exit cleanly, and Insecure dependency in.. Message-ID: <1288614676.16175.6.camel@tardis> MailScanner: Process did not exit cleanly, returned 2 with signal 0 MailScanner: Process did not exit cleanly, returned 255 with signal 0 Seeing a lot of these with current stable. lint show no errors, occurs with any batch sizes, seen it with 30, seen it with 7, anyone else seen this? in debug, I see this every few times Insecure dependency in eval while running with -T switch at /opt/MailScanner/lib/MailScanner/Message.pm line 1054. doesnt process batch, then if i re-run it right away, it doesnt show error and processes the batch Cheers -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101101/0a5eeb4e/attachment.html From Kevin_Miller at ci.juneau.ak.us Mon Nov 1 17:22:06 2010 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Nov 1 17:22:23 2010 Subject: Foreign filename checking In-Reply-To: <4CCE9CA2.3060500@gmail.com> References: <4CCE9CA2.3060500@gmail.com> Message-ID: <4A09477D575C2C4B86497161427DD94C15B0D189C9@city-exchange07> Greg Pearson wrote: > Hello all, > > some of my users are used to send attachments with foreign filenames > (Russian etc.). It seems that MailScanner cannot properly handle > those filenames when they are converted to UTF8 by the mail client. > So a filename with foreign characters would become something like: > > "utf-8''%%CE%%95%%CF%%83%%CF%%89%%CF%%84%%CE%%B5%%CF%%81%%CE%%B9%%CE%%BA%%CF%%8C%%CF%%82%%20%%CE%%BA%%CE%%B1%%CE%%BD%%CE%%BF%%CE%%BD%%CE%%B9%%CF%%83%%CE%%BC%%CF%%8C%%CF%%82%%20lomi%%2001%%202008.doc" > > And hence Mailscanner will complain that this filename is too long, > which is of course not the case. It is mentioned in the Changelog > that the latest version (4.81.4) has dealt with this: > > "16 Improved handling of Unicode and foreign character sets used in > attachment filenames." > > But the problem remains. > > I wouldn't want to disable the filename length rule completely, so I > would appreciate some help on this. > > Thanks Is it a discreet set of users sending these? Or strictly internal users? Perhaps a ruleset would do the trick if can identify a manageable set of senders... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From maillists at conactive.com Mon Nov 1 17:31:20 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Nov 1 17:31:34 2010 Subject: Process did not exit cleanly, and Insecure dependency in.. In-Reply-To: <1288614676.16175.6.camel@tardis> References: <1288614676.16175.6.camel@tardis> Message-ID: you may want to tell your OS, Perl version etc. ;-) Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From lyndonl at mexcom.co.za Mon Nov 1 17:38:07 2010 From: lyndonl at mexcom.co.za (Lyndon Labuschagne) Date: Mon Nov 1 17:40:17 2010 Subject: Process did not exit cleanly, and Insecure dependency in.. In-Reply-To: References: <1288614676.16175.6.camel@tardis> Message-ID: Isn't it more fun to guess? Sent from my iPhone On 01 Nov 2010, at 19:31, Kai Schaetzl wrote: > you may want to tell your OS, Perl version etc. ;-) > > Kai > > -- > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From deejay.grp at gmail.com Mon Nov 1 18:15:11 2010 From: deejay.grp at gmail.com (Greg Pearson) Date: Mon Nov 1 18:15:21 2010 Subject: Foreign filename checking In-Reply-To: <4A09477D575C2C4B86497161427DD94C15B0D189C9@city-exchange07> References: <4CCE9CA2.3060500@gmail.com> <4A09477D575C2C4B86497161427DD94C15B0D189C9@city-exchange07> Message-ID: <4CCF03AF.7030302@gmail.com> On 1/11/2010 7:22 ??, Kevin Miller wrote: > Greg Pearson wrote: >> Hello all, >> >> some of my users are used to send attachments with foreign filenames >> (Russian etc.). It seems that MailScanner cannot properly handle >> those filenames when they are converted to UTF8 by the mail client. >> So a filename with foreign characters would become something like: >> >> "utf-8''%%CE%%95%%CF%%83%%CF%%89%%CF%%84%%CE%%B5%%CF%%81%%CE%%B9%%CE%%BA%%CF%%8C%%CF%%82%%20%%CE%%BA%%CE%%B1%%CE%%BD%%CE%%BF%%CE%%BD%%CE%%B9%%CF%%83%%CE%%BC%%CF%%8C%%CF%%82%%20lomi%%2001%%202008.doc" >> >> And hence Mailscanner will complain that this filename is too long, >> which is of course not the case. It is mentioned in the Changelog >> that the latest version (4.81.4) has dealt with this: >> >> "16 Improved handling of Unicode and foreign character sets used in >> attachment filenames." >> >> But the problem remains. >> >> I wouldn't want to disable the filename length rule completely, so I >> would appreciate some help on this. >> >> Thanks > Is it a discreet set of users sending these? Or strictly internal users? Perhaps a ruleset would do the trick if can identify a manageable set of senders... > > > ...Kevin Although I am not sure what you mean: I could as well disable the rule for everybody, or even add exceptions. But it seems to me this is not the proper approach. If Mailscanner is buggy when it comes to international support then shouldn't this be filed as a bug instead? From Kevin_Miller at ci.juneau.ak.us Mon Nov 1 18:33:35 2010 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Nov 1 18:33:48 2010 Subject: Foreign filename checking In-Reply-To: <4CCF03AF.7030302@gmail.com> References: <4CCE9CA2.3060500@gmail.com> <4A09477D575C2C4B86497161427DD94C15B0D189C9@city-exchange07> <4CCF03AF.7030302@gmail.com> Message-ID: <4A09477D575C2C4B86497161427DD94C15B0D189CE@city-exchange07> Greg Pearson wrote: > On 1/11/2010 7:22 ??, Kevin Miller wrote: >> Greg Pearson wrote: >>> Hello all, >>> >>> some of my users are used to send attachments with foreign filenames >>> (Russian etc.). It seems that MailScanner cannot properly handle >>> those filenames when they are converted to UTF8 by the mail client. >>> So a filename with foreign characters would become something like: >>> >>> "utf-8''%%CE%%95%%CF%%83%%CF%%89%%CF%%84%%CE%%B5%%CF%%81%%CE%%B9%%CE%%BA%%CF%%8C%%CF%%82%%20%%CE%%BA%%CE%%B1%%CE%%BD%%CE%%BF%%CE%%BD%%CE%%B9%%CF%%83%%CE%%BC%%CF%%8C%%CF%%82%%20lomi%%2001%%202008.doc" >>> >>> And hence Mailscanner will complain that this filename is too long, >>> which is of course not the case. It is mentioned in the Changelog >>> that the latest version (4.81.4) has dealt with this: >>> >>> "16 Improved handling of Unicode and foreign character sets used in >>> attachment filenames." >>> >>> But the problem remains. >>> >>> I wouldn't want to disable the filename length rule completely, so I >>> would appreciate some help on this. >>> >>> Thanks >> Is it a discreet set of users sending these? Or strictly internal >> users? Perhaps a ruleset would do the trick if can identify a >> manageable set of senders... >> >> >> ...Kevin > Although I am not sure what you mean: I could as well disable the > rule for everybody, or even add exceptions. But it seems to me this > is not the proper approach. If Mailscanner is buggy when it comes to > international support then shouldn't this be filed as a bug instead? I agree it would be nice to have a proper fix for it, but sometimes an alternative in the mean time is the best we can get. You wrote "some of my users". I don't know if that implies internal users, or outside clients (like an ISP would have). If they're internal, or there's just a few that you can easily identify, then you can use a rule set to turn off long filename checking on the assumption that the files are more than likely safe. By way of a slightly dissimilar example, I disallow password protected archives, since I can't scan them for viruses. However, there are a few external agencies that my users communicate with that need to protect the zip files they send. For these few I made a ruleset that allows them. They're trusted, but the rest of the world is still subject to the stock security settings. On the other hand, if the users are external, and/or not employees or necessarily trusted then you probably wouldn't want to do that. ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From noel.butler at ausics.net Mon Nov 1 23:16:41 2010 From: noel.butler at ausics.net (Noel Butler) Date: Mon Nov 1 23:16:58 2010 Subject: Process did not exit cleanly, and Insecure dependency in.. In-Reply-To: References: <1288614676.16175.6.camel@tardis> Message-ID: <1288653401.4878.3.camel@tardis> On Mon, 2010-11-01 at 19:38 +0200, Lyndon Labuschagne wrote: > Isn't it more fun to guess? > > Sent from my iPhone > > On 01 Nov 2010, at 19:31, Kai Schaetzl wrote: > > > you may want to tell your OS, Perl version etc. ;-) > > > > Kai > > Actually it was a simple question that doesnt require the zeleots demanding to know the ins and outs of everyone elses system. since you have to ask such a question, I can assume the two people who responded obviously don't see it Noel (8 + year mailscanner veteran) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101102/b42ec3de/attachment.html From lyndonl at mexcom.co.za Tue Nov 2 06:10:40 2010 From: lyndonl at mexcom.co.za (Lyndon Labuschagne) Date: Tue Nov 2 06:12:20 2010 Subject: Process did not exit cleanly, and Insecure dependency in.. In-Reply-To: <1288653401.4878.3.camel@tardis> References: <1288614676.16175.6.camel@tardis> <1288653401.4878.3.camel@tardis> Message-ID: <7AD39674-BAEA-4429-B6B0-8F62DE1E0A67@mexcom.co.za> > > Actually it was a simple question that doesnt require the zeleots demanding to know the ins and outs of everyone elses system. > since you have to ask such a question, I can assume the two people who responded obviously don't see it > > > Noel > (8 + year mailscanner veteran) > Well I'm no zealot and the comment was meant in jest but that being said there have been many cases on this list where particular OS's display certain issues, I am a heavy freebsd user, and many fellow BSD users ran into a taint / insecure dependancy issue with certain versions of perl so I think asking which OS and which perl version you are running is prudent. wish you well in finding the problem > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From bonivart at opencsw.org Tue Nov 2 14:17:50 2010 From: bonivart at opencsw.org (Peter Bonivart) Date: Tue Nov 2 14:18:20 2010 Subject: Ruleset result when multiple matches? Message-ID: I have a ruleset to determine which "Filename Rules" I will use. For mail coming from our external gateways (123.456.123.456 in the example below) I use a stricter set called filename.ext.rules.conf. I need some exceptions (foo@bar.com in the example below) and added them to the ruleset prior to the external gateway lines. When I test this I get multiple matches (which is logical) but I expected MailScanner to use only the first match as the result..? # MailScanner --value="Filename Rules" --from="foo@bar.com" --ip=123.456.123.456 Looked up internal option name "filenamerules" With sender = foo@bar.com Client IP = 123.456.123.456 Virus = Result is "/etc/MailScanner/filename.rules.conf /etc/MailScanner/filename.ext.rules.conf" Can I expect this to work, i.e. will MS use filename.rules.conf? /peter From NWL002 at shsu.edu Tue Nov 2 14:26:23 2010 From: NWL002 at shsu.edu (Laskie, Norman) Date: Tue Nov 2 14:26:35 2010 Subject: Seemingly cached PBL scores Message-ID: <8FAC1E47484E43469AA28DBF35C955E4BDF5E78CC6@EXMBX.SHSU.EDU> We are running into an issue on one of our edge boxes where I have RCVD_IN_PBL scored at 5, but it is still being scored at 10 which hasn't been configured in a month or so. I have checked all files I think of that may be scoring this at 10 with no luck (grep -R PBL /etc/MailScanner, /etc/mail/spamassassin and the local.cf file. Any ideas? Thanks, Norman /etc/MailScanner/spam.assassin.prefs.conf header RCVD_IN_PBL eval:check_rbl('pbl', 'XXXXXXXXXXXXXXXXXXXXXXXXX.pbl.dq.spamhaus.net.') score RCVD_IN_PBL 5 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101102/292b4f16/attachment.html From derek at csolve.net Tue Nov 2 14:47:50 2010 From: derek at csolve.net (Derek Buttineau) Date: Tue Nov 2 14:48:00 2010 Subject: Phishing Disarm Message-ID: <950B1570-CE40-4A16-8295-387FB1501BEA@csolve.net> We just encountered an interesting problem with the Phishing Disarm. The attached message body becomes corrupted when MailScanner tries to disarm it resulting in the message being undeliverable (It's spam but that's another issue). The problem is that the phishing link doesn't terminate so the rest of the document ends up being removed. Going to see if I can figure out how to work around it, but thought I should report it in case anyone else is encountering their queues growing with the recent Rolex spam. Cheers, Derek -------------- next part -------------- Mime-Version: 1.0 Content-type: text/html; charset="utf-8" Content-Transfer-Encoding: 7bit

Dear derek@thelostrealm.net

WANTS TO SHARE SOMETHING WITH YOU


While exploring the Rolex.Com website, discovered this official Rolex address and thought you would be interested.

http://www.rolex.com

and wanted to share it with you.


Thank you.

See you soon on Rolex.com






Rolex S.A. respects your right to privacy and is committed to maintaining your confidence and trust. Any information you provide us through our website will not be sold or rented.


Rolex S.A. does not collect any information from you without your knowledge and permission, and does not ask that you enter any personal information to access the website.


Information you provide Rolex S.A. is stored in a secure location and is accessible only by designated staff.


© Rolex SA, Geneva, Switzerland


From maillists at conactive.com Tue Nov 2 19:31:17 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Nov 2 19:31:27 2010 Subject: Process did not exit cleanly, and Insecure dependency in.. In-Reply-To: <1288653401.4878.3.camel@tardis> References: <1288614676.16175.6.camel@tardis> <1288653401.4878.3.camel@tardis> Message-ID: > (8 + year mailscanner veteran) And then you don't know what Lyndon told you? Hm. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From alex at rtpty.com Tue Nov 2 19:44:18 2010 From: alex at rtpty.com (Alex Neuman) Date: Tue Nov 2 19:45:04 2010 Subject: Process did not exit cleanly, and Insecure dependency in.. Message-ID: <1592533434-1288727090-cardhu_decombobulator_blackberry.rim.net-2013837176-@bda478.bisx.prod.on.blackberry> Maybe it's like a Pearson's Puppetteer kind of veteran, the kind that "leads from behind" ;-) ------Original Message------ From: Kai Schaetzl Sender: mailscanner-bounces@lists.mailscanner.info To: mailscanner@lists.mailscanner.info ReplyTo: MailScanner discussion Subject: Re: Process did not exit cleanly, and Insecure dependency in.. Sent: Nov 2, 2010 2:31 PM > (8 + year mailscanner veteran) And then you don't know what Lyndon told you? Hm. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 +1-440-253-9789 (USA) Recuerda visitar http://vidadigital.com.pa/ BB PIN 20EA17C5 Twitter: @AlexNeuman - @VidaDigitalTV http://facebook.com/vidadigital Skype: alexneuman From noel.butler at ausics.net Tue Nov 2 22:42:50 2010 From: noel.butler at ausics.net (Noel Butler) Date: Tue Nov 2 22:43:04 2010 Subject: Process did not exit cleanly, and Insecure dependency in.. In-Reply-To: References: <1288614676.16175.6.camel@tardis> <1288653401.4878.3.camel@tardis> Message-ID: <1288737770.7374.6.camel@tardis> On Tue, 2010-11-02 at 20:31 +0100, Kai Schaetzl wrote: > > (8 + year mailscanner veteran) > > And then you don't know what Lyndon told you? Hm. > > Kai > what part of "it was a simple question" do you not understand? Ask someone else to explain it to you. I have resolved this issue (caused by a perl module) patch submitted to its upstream. This ends my participation in this thread. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101103/9ec272e5/attachment.html From ssilva at sgvwater.com Tue Nov 2 23:03:55 2010 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Nov 2 23:04:21 2010 Subject: Process did not exit cleanly, and Insecure dependency in.. In-Reply-To: <1288737770.7374.6.camel@tardis> References: <1288614676.16175.6.camel@tardis> <1288653401.4878.3.camel@tardis> <1288737770.7374.6.camel@tardis> Message-ID: on 11-2-2010 3:42 PM Noel Butler spake the following: > On Tue, 2010-11-02 at 20:31 +0100, Kai Schaetzl wrote: >> > (8 + year mailscanner veteran) >> >> And then you don't know what Lyndon told you? Hm. >> >> Kai >> > > what part of "it was a simple question" do you not understand? Ask someone > else to explain it to you. > I have resolved this issue (caused by a perl module) patch submitted to its > upstream. > > This ends my participation in this thread. > Why I rarely participate anymore... Too much anger... From alex at rtpty.com Tue Nov 2 23:19:44 2010 From: alex at rtpty.com (Alex Neuman) Date: Tue Nov 2 23:22:19 2010 Subject: Process did not exit cleanly, and Insecure dependency in.. In-Reply-To: References: <1288614676.16175.6.camel@tardis> <1288653401.4878.3.camel@tardis> <1288737770.7374.6.camel@tardis> Message-ID: <1809110827-1288740016-cardhu_decombobulator_blackberry.rim.net-741917973-@bda478.bisx.prod.on.blackberry> That's what happens when SA stops most messages about cheap prozac! ;-) -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 +1-440-253-9789 (USA) Recuerda visitar http://vidadigital.com.pa/ BB PIN 20EA17C5 Twitter: @AlexNeuman - @VidaDigitalTV http://facebook.com/vidadigital Skype: alexneuman -----Original Message----- From: Scott Silva Sender: mailscanner-bounces@lists.mailscanner.info Date: Tue, 02 Nov 2010 16:03:55 To: Reply-To: MailScanner discussion Subject: Re: Process did not exit cleanly, and Insecure dependency in.. on 11-2-2010 3:42 PM Noel Butler spake the following: > On Tue, 2010-11-02 at 20:31 +0100, Kai Schaetzl wrote: >> > (8 + year mailscanner veteran) >> >> And then you don't know what Lyndon told you? Hm. >> >> Kai >> > > what part of "it was a simple question" do you not understand? Ask someone > else to explain it to you. > I have resolved this issue (caused by a perl module) patch submitted to its > upstream. > > This ends my participation in this thread. > Why I rarely participate anymore... Too much anger... -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Tue Nov 2 23:36:06 2010 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Nov 2 23:36:25 2010 Subject: Process did not exit cleanly, and Insecure dependency in.. In-Reply-To: <1809110827-1288740016-cardhu_decombobulator_blackberry.rim.net-741917973-@bda478.bisx.prod.on.blackberry> References: <1288614676.16175.6.camel@tardis> <1288653401.4878.3.camel@tardis> <1288737770.7374.6.camel@tardis> <1809110827-1288740016-cardhu_decombobulator_blackberry.rim.net-741917973-@bda478.bisx.prod.on.blackberry> Message-ID: on 11-2-2010 4:19 PM Alex Neuman spake the following: > That's what happens when SA stops most messages about cheap prozac! ;-) > LOL!!! From michael at huntley.net Wed Nov 3 02:01:10 2010 From: michael at huntley.net (Michael Huntley) Date: Wed Nov 3 02:01:34 2010 Subject: Process did not exit cleanly, and Insecure dependency in.. In-Reply-To: References: <1288614676.16175.6.camel@tardis> <1288653401.4878.3.camel@tardis> <1288737770.7374.6.camel@tardis> Message-ID: <4CD0C266.9060807@huntley.net> On 11/2/2010 4:03 PM, Scott Silva wrote: > on 11-2-2010 3:42 PM Noel Butler spake the following: >> On Tue, 2010-11-02 at 20:31 +0100, Kai Schaetzl wrote: >>>> (8 + year mailscanner veteran) >>> And then you don't know what Lyndon told you? Hm. >>> >>> Kai >>> >> what part of "it was a simple question" do you not understand? Ask someone >> else to explain it to you. >> I have resolved this issue (caused by a perl module) patch submitted to its >> upstream. >> >> This ends my participation in this thread. >> > Why I rarely participate anymore... Too much anger... > Yeah - I have enough tantrums from my 5 year old. From J.Ede at birchenallhowden.co.uk Wed Nov 3 08:15:10 2010 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Wed Nov 3 08:15:48 2010 Subject: Spam starting to slip in... Message-ID: For ages MailScanner and spamassassin have been doing a fantastic job and we've had almost no spam at all. However, recently I've noticed a slow but steady increase in spam that seems to be slipping past with a very low score. I'm still using some of the old sare rulesets (rulesets listed below) as they seem to be catching spam although the number these days seems to be dropping off apart from the adult one which is still quite effective. Could these be interfering with the standard rulesets in the version of SA installed (3.2.5 and perl 5.8.8)? Rulesets 70_sare_adult.cf.sare.sa-update.dostech.net 70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net 70_sare_header.cf.sare.sa-update.dostech.net 70_sare_obfu.cf.sare.sa-update.dostech.net 70_sare_specific.cf.sare.sa-update.dostech.net 70_sare_unsub.cf.sare.sa-update.dostech.net 70_sare_uri0.cf.sare.sa-update.dostech.net 70_sare_uri1.cf.sare.sa-update.dostech.net 99_FVGT_Tripwire.cf.sare.sa-update.dostech.net sought.rules.yerp.org We also use spamhaus, spamcop,m barracuda and abuseat blacklists in the MTA. MS is 4.79.11, and I've the KAM rulesets and ScamNailer 2.09 and clamav with the sanesecurity addins. Are there any tricks I'm missing on this setup? Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101103/7f593b13/attachment.html From paulo-m-roncon at ptinovacao.pt Wed Nov 3 12:13:21 2010 From: paulo-m-roncon at ptinovacao.pt (Paulo Roncon) Date: Wed Nov 3 12:13:32 2010 Subject: OT: Relay based on regex In-Reply-To: <201011031203.oA3C0NHs023001@safir.blacknight.ie> References: <201011031203.oA3C0NHs023001@safir.blacknight.ie> Message-ID: Hi, This is OT, but I'm struggling: I need to: Receive mail to: AS[3 letters]@mydomain.com and to deliver to SA[3 letters]@mysub.mydomain.com Ex: TO: ASaaa@mydomain.com DELIVER TO: SAaaa@mysub.mydomain.com I have sendmail and mailscanner :) I'm trying to use virtusertable but having trouble with regex... Changing to postfix is not an option... Anyone can please help? Thanks, Paulo From GSilver at rampuptech.com Wed Nov 3 19:47:17 2010 From: GSilver at rampuptech.com (Gavin Silver) Date: Wed Nov 3 19:47:09 2010 Subject: Relay based on regex In-Reply-To: References: <201011031203.oA3C0NHs023001@safir.blacknight.ie> Message-ID: As far as I know virtusertable does not support regex at all. Have you looked into milter-regex? ---------------------------------- Gavin Silver -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paulo Roncon Sent: Wednesday, November 03, 2010 8:13 AM To: mailscanner@lists.mailscanner.info Subject: OT: Relay based on regex Hi, This is OT, but I'm struggling: I need to: Receive mail to: AS[3 letters]@mydomain.com and to deliver to SA[3 letters]@mysub.mydomain.com Ex: TO: ASaaa@mydomain.com DELIVER TO: SAaaa@mysub.mydomain.com I have sendmail and mailscanner :) I'm trying to use virtusertable but having trouble with regex... Changing to postfix is not an option... Anyone can please help? Thanks, Paulo -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- From NWL002 at shsu.edu Thu Nov 4 14:03:11 2010 From: NWL002 at shsu.edu (Laskie, Norman) Date: Thu Nov 4 14:03:22 2010 Subject: Seemingly cached PBL scores In-Reply-To: <8FAC1E47484E43469AA28DBF35C955E4BDF5E78CC6@EXMBX.SHSU.EDU> References: <8FAC1E47484E43469AA28DBF35C955E4BDF5E78CC6@EXMBX.SHSU.EDU> Message-ID: <8FAC1E47484E43469AA28DBF35C955E4BDF5E78CCA@EXMBX.SHSU.EDU> Any ideas on why RCVD_IN_PBL would still be scored @ 10 when it is set to have a score of 5 in /etc/MailScanner/spam.assassin.prefs.conf. I copied spam.assassin.prefs.conf from another working edge box and restarted MailScanner with no visible changes. Also checked all .cf and .conf files for references to the PBL list but haven't seen anything at all that scores it to 10. Where else could this score be hiding? Thanks, Norman From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Laskie, Norman Sent: Tuesday, November 02, 2010 9:26 AM To: mailscanner@lists.mailscanner.info Subject: Seemingly cached PBL scores We are running into an issue on one of our edge boxes where I have RCVD_IN_PBL scored at 5, but it is still being scored at 10 which hasn't been configured in a month or so. I have checked all files I think of that may be scoring this at 10 with no luck (grep -R PBL /etc/MailScanner, /etc/mail/spamassassin and the local.cf file. Any ideas? Thanks, Norman /etc/MailScanner/spam.assassin.prefs.conf header RCVD_IN_PBL eval:check_rbl('pbl', 'XXXXXXXXXXXXXXXXXXXXXXXXX.pbl.dq.spamhaus.net.') score RCVD_IN_PBL 5 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101104/0ad4b241/attachment.html From bonivart at opencsw.org Thu Nov 4 14:29:53 2010 From: bonivart at opencsw.org (Peter Bonivart) Date: Thu Nov 4 14:30:27 2010 Subject: Make links non-clickable and rename attachments? Message-ID: We have lots of problems with users clicking on everything. If it's remotely interesting to them they click even on links or attachments that are executable. I know they should be educated but that's almost impossible it seems. Now I have gotten two requests: 1. Can we make links non-clickable? Outlook finds links even in plain text, it would mean more work to have to copy and paste into a web browser. I'm thinking one implementation would be to replace every dot with space-dot-space or similar. 2. Can we rename attachments? If attachments weren't executable but had to be saved to another name (from e.g. foo.exe.bar) it would also mean more work for the user. I'm thinking one implementation would be to have files denied by filename/filetype rules be renamed with a suffix added. As an option of course. The extra work needed may give these users (mostly PHB types) the time they need to remember it's not a good thing to click on everything they didn't ask for in the first place. Any ideas how to proceed? Anyone already have something similar implemented? /peter From alex at rtpty.com Thu Nov 4 14:54:36 2010 From: alex at rtpty.com (Alex Neuman) Date: Thu Nov 4 14:54:51 2010 Subject: Make links non-clickable and rename attachments? In-Reply-To: References: Message-ID: This is something I believe can be done with mimedefang. Haven't used it myself though. On Nov 4, 2010, at 9:29 AM, Peter Bonivart wrote: > We have lots of problems with users clicking on everything. If it's > remotely interesting to them they click even on links or attachments > that are executable. I know they should be educated but that's almost > impossible it seems. Now I have gotten two requests: > > 1. Can we make links non-clickable? Outlook finds links even in plain > text, it would mean more work to have to copy and paste into a web > browser. I'm thinking one implementation would be to replace every dot > with space-dot-space or similar. > > 2. Can we rename attachments? If attachments weren't executable but > had to be saved to another name (from e.g. foo.exe.bar) it would also > mean more work for the user. I'm thinking one implementation would be > to have files denied by filename/filetype rules be renamed with a > suffix added. As an option of course. > > The extra work needed may give these users (mostly PHB types) the time > they need to remember it's not a good thing to click on everything > they didn't ask for in the first place. > > Any ideas how to proceed? Anyone already have something similar implemented? > > /peter > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From hvdkooij at vanderkooij.org Thu Nov 4 15:11:07 2010 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Nov 4 15:17:52 2010 Subject: OT? netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included Message-ID: For the last few days I have this in my daily report. /etc/cron.daily/sa-update.cron: netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included Nov 4 05:52:41.936 [23194] warn: netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included Nov 4 05:52:41.937 [23194] warn: netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included Anyone seen this as well and found a workaround to disable that specific check? -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101104/39632e89/attachment.html From Denis.Beauchemin at USherbrooke.ca Thu Nov 4 15:30:06 2010 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Nov 4 15:30:26 2010 Subject: OT? netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included In-Reply-To: References: Message-ID: <4CD2D17E.1020109@USherbrooke.ca> Le 2010-11-04 11:11, Hugo van der Kooij a ?crit : > netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included Hugo, It is related to NetAddr::IP. Try a diffferent version. The one in Julian's easy install works fine. Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x62252 F: 819.821.8045 From NWL002 at shsu.edu Thu Nov 4 15:39:26 2010 From: NWL002 at shsu.edu (Laskie, Norman) Date: Thu Nov 4 15:39:38 2010 Subject: Seemingly cached PBL scores In-Reply-To: <8FAC1E47484E43469AA28DBF35C955E4BDF5E78CCA@EXMBX.SHSU.EDU> References: <8FAC1E47484E43469AA28DBF35C955E4BDF5E78CC6@EXMBX.SHSU.EDU> <8FAC1E47484E43469AA28DBF35C955E4BDF5E78CCA@EXMBX.SHSU.EDU> Message-ID: <8FAC1E47484E43469AA28DBF35C955E4BDF5E78CCB@EXMBX.SHSU.EDU> It was apparently hiding in ~root/.spamassassin/user_prefs which was not defined on any of our other edge boxes. From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Laskie, Norman Sent: Thursday, November 04, 2010 9:03 AM To: 'MailScanner discussion' Subject: RE: Seemingly cached PBL scores Any ideas on why RCVD_IN_PBL would still be scored @ 10 when it is set to have a score of 5 in /etc/MailScanner/spam.assassin.prefs.conf. I copied spam.assassin.prefs.conf from another working edge box and restarted MailScanner with no visible changes. Also checked all .cf and .conf files for references to the PBL list but haven't seen anything at all that scores it to 10. Where else could this score be hiding? Thanks, Norman From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Laskie, Norman Sent: Tuesday, November 02, 2010 9:26 AM To: mailscanner@lists.mailscanner.info Subject: Seemingly cached PBL scores We are running into an issue on one of our edge boxes where I have RCVD_IN_PBL scored at 5, but it is still being scored at 10 which hasn't been configured in a month or so. I have checked all files I think of that may be scoring this at 10 with no luck (grep -R PBL /etc/MailScanner, /etc/mail/spamassassin and the local.cf file. Any ideas? Thanks, Norman /etc/MailScanner/spam.assassin.prefs.conf header RCVD_IN_PBL eval:check_rbl('pbl', 'XXXXXXXXXXXXXXXXXXXXXXXXX.pbl.dq.spamhaus.net.') score RCVD_IN_PBL 5 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101104/092f62f4/attachment.html From alex at rtpty.com Thu Nov 4 15:53:03 2010 From: alex at rtpty.com (Alex Neuman) Date: Thu Nov 4 15:56:46 2010 Subject: Seemingly cached PBL scores In-Reply-To: <8FAC1E47484E43469AA28DBF35C955E4BDF5E78CCB@EXMBX.SHSU.EDU> References: <8FAC1E47484E43469AA28DBF35C955E4BDF5E78CC6@EXMBX.SHSU.EDU><8FAC1E47484E43469AA28DBF35C955E4BDF5E78CCA@EXMBX.SHSU.EDU><8FAC1E47484E43469AA28DBF35C955E4BDF5E78CCB@EXMBX.SHSU.EDU> Message-ID: <894839392-1288886015-cardhu_decombobulator_blackberry.rim.net-2054352101-@bda478.bisx.prod.on.blackberry> How did it get there? -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 +1-440-253-9789 (USA) Recuerda visitar http://vidadigital.com.pa/ BB PIN 20EA17C5 Twitter: @AlexNeuman - @VidaDigitalTV http://facebook.com/vidadigital Skype: alexneuman -----Original Message----- From: "Laskie, Norman" Sender: mailscanner-bounces@lists.mailscanner.info Date: Thu, 4 Nov 2010 10:39:26 To: 'MailScanner discussion' Reply-To: MailScanner discussion Subject: RE: Seemingly cached PBL scores -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From uxbod at splatnix.net Fri Nov 5 12:44:51 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Fri Nov 5 12:45:30 2010 Subject: Spam starting to slip in... In-Reply-To: Message-ID: <152017219.323.1288961091412.JavaMail.root@office.splatnix.net> ----- Original Message ----- For ages MailScanner and spamassassin have been doing a fantastic job and we?ve had almost no spam at all. However, recently I?ve noticed a slow but steady increase in spam that seems to be slipping past with a very low score. I?m still using some of the old sare rulesets (rulesets listed below) as they seem to be catching spam although the number these days seems to be dropping off apart from the adult one which is still quite effective. Could these be interfering with the standard rulesets in the version of SA installed (3.2.5 and perl 5.8.8)? Rulesets 70_sare_adult.cf.sare.sa-update.dostech.net 70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net 70_sare_header.cf.sare.sa-update.dostech.net 70_sare_obfu.cf.sare.sa-update.dostech.net 70_sare_specific.cf.sare.sa-update.dostech.net 70_sare_unsub.cf.sare.sa-update.dostech.net 70_sare_uri0.cf.sare.sa-update.dostech.net 70_sare_uri1.cf.sare.sa-update.dostech.net 99_FVGT_Tripwire.cf.sare.sa-update.dostech.net sought.rules.yerp.org We also use spamhaus, spamcop,m barracuda and abuseat blacklists in the MTA. MS is 4.79.11, and I?ve the KAM rulesets and ScamNailer 2.09 and clamav with the sanesecurity addins. Are there any tricks I?m missing on this setup? Jason Slap a sample up to pastebin and lets us know what you scored it as. We can then run though our own installations. Remember to include all the headers. -- Thanks, Phil -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101105/0cc42170/attachment.html From ms-list at alexb.ch Fri Nov 5 12:52:31 2010 From: ms-list at alexb.ch (Alex Broens) Date: Fri Nov 5 12:52:44 2010 Subject: Spam starting to slip in... In-Reply-To: <152017219.323.1288961091412.JavaMail.root@office.splatnix.net> References: <152017219.323.1288961091412.JavaMail.root@office.splatnix.net> Message-ID: <4CD3FE0F.1000102@alexb.ch> On 2010-11-05 13:44, --[ UxBoD ]-- wrote: > ----- Original Message ----- > > > > > > For ages MailScanner and spamassassin have been doing a fantastic job and we?ve had almost no spam at all. However, recently I?ve noticed a slow but steady increase in spam that seems to be slipping past with a very low score. I?m still using some of the old sare rulesets (rulesets listed below) as they seem to be catching spam although the number these days seems to be dropping off apart from the adult one which is still quite effective. Could these be interfering with the standard rulesets in the version of SA installed (3.2.5 and perl 5.8.8)? > > > > Rulesets > > 70_sare_adult.cf.sare.sa-update.dostech.net > > 70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net > > 70_sare_header.cf.sare.sa-update.dostech.net > > 70_sare_obfu.cf.sare.sa-update.dostech.net > > 70_sare_specific.cf.sare.sa-update.dostech.net > > 70_sare_unsub.cf.sare.sa-update.dostech.net > > 70_sare_uri0.cf.sare.sa-update.dostech.net > > 70_sare_uri1.cf.sare.sa-update.dostech.net > > 99_FVGT_Tripwire.cf.sare.sa-update.dostech.net > > sought.rules.yerp.org > > > > We also use spamhaus, spamcop,m barracuda and abuseat blacklists in the MTA.. MS is 4.79.11, and I?ve the KAM rulesets and ScamNailer 2.09 and clamav with the sanesecurity addins. > > > > Are there any tricks I?m missing on this setup? > Pyzor/Razor/iXhash? From maxsec at gmail.com Fri Nov 5 13:28:56 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Fri Nov 5 13:29:09 2010 Subject: Spam starting to slip in... In-Reply-To: References: Message-ID: I'd look at upgrading to 3.3.1 of SA and of course make sure you run SA-update regularly. -- Martin Hepworth Oxford, UK On 3 November 2010 08:15, Jason Ede wrote: > For ages MailScanner and spamassassin have been doing a fantastic job and > we?ve had almost no spam at all. However, recently I?ve noticed a slow but > steady increase in spam that seems to be slipping past with a very low > score. I?m still using some of the old sare rulesets (rulesets listed below) > as they seem to be catching spam although the number these days seems to be > dropping off apart from the adult one which is still quite effective. Could > these be interfering with the standard rulesets in the version of SA > installed (3.2.5 and perl 5.8.8)? > > > > Rulesets > > 70_sare_adult.cf.sare.sa-update.dostech.net > > 70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net > > 70_sare_header.cf.sare.sa-update.dostech.net > > 70_sare_obfu.cf.sare.sa-update.dostech.net > > 70_sare_specific.cf.sare.sa-update.dostech.net > > 70_sare_unsub.cf.sare.sa-update.dostech.net > > 70_sare_uri0.cf.sare.sa-update.dostech.net > > 70_sare_uri1.cf.sare.sa-update.dostech.net > > 99_FVGT_Tripwire.cf.sare.sa-update.dostech.net > > sought.rules.yerp.org > > > > We also use spamhaus, spamcop,m barracuda and abuseat blacklists in the > MTA. MS is 4.79.11, and I?ve the KAM rulesets and ScamNailer 2.09 and clamav > with the sanesecurity addins. > > > > Are there any tricks I?m missing on this setup? > > > > Jason > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101105/d0018e7a/attachment.html From prandal at herefordshire.gov.uk Fri Nov 5 13:55:02 2010 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Nov 5 13:55:20 2010 Subject: Spam starting to slip in... In-Reply-To: References: Message-ID: <76415AED4CCF214F80FD9B0DA9A9EE4501CF1E21@HC-MBX01.herefordshire.gov.uk> That will doubtless help, but I have similar issues with 3.1.1. This bug isn't helping: Mass-check generating nightly rules updates with 0 scores for rules with dependencies: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6510 Cheers, Phil -- Phil Randal | Infrastructure Engineer NHS Herefordshire & Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: 05 November 2010 13:29 To: MailScanner discussion Subject: Re: Spam starting to slip in... I'd look at upgrading to 3.3.1 of SA and of course make sure you run SA-update regularly. -- Martin Hepworth Oxford, UK On 3 November 2010 08:15, Jason Ede wrote: For ages MailScanner and spamassassin have been doing a fantastic job and we've had almost no spam at all. However, recently I've noticed a slow but steady increase in spam that seems to be slipping past with a very low score. I'm still using some of the old sare rulesets (rulesets listed below) as they seem to be catching spam although the number these days seems to be dropping off apart from the adult one which is still quite effective. Could these be interfering with the standard rulesets in the version of SA installed (3.2.5 and perl 5.8.8)? Rulesets 70_sare_adult.cf.sare.sa-update.dostech.net 70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net 70_sare_header.cf.sare.sa-update.dostech.net 70_sare_obfu.cf.sare.sa-update.dostech.net 70_sare_specific.cf.sare.sa-update.dostech.net 70_sare_unsub.cf.sare.sa-update.dostech.net 70_sare_uri0.cf.sare.sa-update.dostech.net 70_sare_uri1.cf.sare.sa-update.dostech.net 99_FVGT_Tripwire.cf.sare.sa-update.dostech.net sought.rules.yerp.org We also use spamhaus, spamcop,m barracuda and abuseat blacklists in the MTA. MS is 4.79.11, and I've the KAM rulesets and ScamNailer 2.09 and clamav with the sanesecurity addins. Are there any tricks I'm missing on this setup? Jason -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101105/ba4e51af/attachment.html From campbell at cnpapers.com Fri Nov 5 15:06:51 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Nov 5 15:09:00 2010 Subject: Wifely-type problem Message-ID: <4CD41D8B.5080202@cnpapers.com> All of this is concerning my home setup, not business, so.... My wife is constantly getting into a bind with her home email account. She's one of those types that subscribes to everything and gets tons of crappy email as a result. Her DSL server mailbox is so full now, that she can't download what's up there from the server. I'd like to do something like the following, so if anyone sees a problem with my plans or knows of a better way, please speak up. I'd like to build a Centos server and put MS and Mailwatch on it. Probably put some type of webmail on there also. Then use fetchmail as a cron job to download her DSL email to the Centos server, let MS clean up the junk, let her monitor the email on the Centos server with webmail and MW and flush the rest of the junk, and then point her mail client to retrieve the email from the Centos box byway of POP to her home machine. All this would be on my home network. Hopefully, it'll fall into some manageable order. Does that sound reasonable? Steve Campbell From ecasarero at gmail.com Fri Nov 5 15:19:51 2010 From: ecasarero at gmail.com (Eduardo Casarero) Date: Fri Nov 5 15:20:20 2010 Subject: Wifely-type problem In-Reply-To: <4CD41D8B.5080202@cnpapers.com> References: <4CD41D8B.5080202@cnpapers.com> Message-ID: 2010/11/5 Steve Campbell > All of this is concerning my home setup, not business, so.... > > My wife is constantly getting into a bind with her home email account. > She's one of those types that subscribes to everything and gets tons of > crappy email as a result. Her DSL server mailbox is so full now, that she > can't download what's up there from the server. I'd like to do something > like the following, so if anyone sees a problem with my plans or knows of a > better way, please speak up. > > I'd like to build a Centos server and put MS and Mailwatch on it. Probably > put some type of webmail on there also. Then use fetchmail as a cron job to > download her DSL email to the Centos server, let MS clean up the junk, let > her monitor the email on the Centos server with webmail and MW and flush the > rest of the junk, and then point her mail client to retrieve the email from > the Centos box byway of POP to her home machine. All this would be on my > home network. Hopefully, it'll fall into some manageable order. > > Does that sound reasonable? > > Just an idea, cant she create a gmail account and check all her email by imap/pop3 in the old account and store at the gmail account ? there is plenty of space in gmail to store all the spam she gets. > Steve Campbell > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101105/5bacad69/attachment.html From GSilver at rampuptech.com Fri Nov 5 15:42:31 2010 From: GSilver at rampuptech.com (Gavin Silver) Date: Fri Nov 5 15:47:36 2010 Subject: Wifely-type problem In-Reply-To: <4CD41D8B.5080202@cnpapers.com> References: <4CD41D8B.5080202@cnpapers.com> Message-ID: http://xkcd.com/763/ ---------------------------------- Gavin Silver________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Campbell [campbell@cnpapers.com] Sent: Friday, November 05, 2010 11:06 AM To: mailscanner@lists.mailscanner.info Subject: Wifely-type problem All of this is concerning my home setup, not business, so.... My wife is constantly getting into a bind with her home email account. She's one of those types that subscribes to everything and gets tons of crappy email as a result. Her DSL server mailbox is so full now, that she can't download what's up there from the server. I'd like to do something like the following, so if anyone sees a problem with my plans or knows of a better way, please speak up. I'd like to build a Centos server and put MS and Mailwatch on it. Probably put some type of webmail on there also. Then use fetchmail as a cron job to download her DSL email to the Centos server, let MS clean up the junk, let her monitor the email on the Centos server with webmail and MW and flush the rest of the junk, and then point her mail client to retrieve the email from the Centos box byway of POP to her home machine. All this would be on my home network. Hopefully, it'll fall into some manageable order. Does that sound reasonable? Steve Campbell -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- From derek.winkler at algorithmics.com Fri Nov 5 15:48:43 2010 From: derek.winkler at algorithmics.com (derek.winkler@algorithmics.com) Date: Fri Nov 5 15:49:39 2010 Subject: Wifely-type problem In-Reply-To: <4CD41D8B.5080202@cnpapers.com> References: <4CD41D8B.5080202@cnpapers.com> Message-ID: <52B78B63BA55B44284ACE2DE5106D611066C307C@TORMAIL1.algorithmics.com> I did this at home for awhile works fine, but became too much to manage. Upgrading MS/SA/Clam at home after doing it at work all day, no thanks. Now I use gmail accounts and fetchmail/Clam Milter on home email server, as effective but less maintenance. The advantage of using gmail instead of the DSL account is your email address is no longer tied to your provider. If she's just going to be monitoring all of the mail with MW, why not just not bother and have her do it in her mail client? Also, why not leave the mail on the server and back up the mail boxes as well? > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Steve Campbell > Sent: Friday, November 05, 2010 11:07 AM > To: mailscanner@lists.mailscanner.info > Subject: Wifely-type problem > > All of this is concerning my home setup, not business, so.... > > My wife is constantly getting into a bind with her home email account. > She's one of those types that subscribes to everything and gets tons of > crappy email as a result. Her DSL server mailbox is so full now, that > she can't download what's up there from the server. I'd like to do > something like the following, so if anyone sees a problem with my plans > or knows of a better way, please speak up. > > I'd like to build a Centos server and put MS and Mailwatch on it. > Probably put some type of webmail on there also. Then use fetchmail as > a > cron job to download her DSL email to the Centos server, let MS clean > up > the junk, let her monitor the email on the Centos server with webmail > and MW and flush the rest of the junk, and then point her mail client > to > retrieve the email from the Centos box byway of POP to her home > machine. > All this would be on my home network. Hopefully, it'll fall into some > manageable order. > > Does that sound reasonable? > > Steve Campbell > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------------------------------------------------------------------- This email and any files transmitted with it are confidential and proprietary to Algorithmics Incorporated and its affiliates ("Algorithmics"). If received in error, use is prohibited. Please destroy, and notify sender. Sender does not waive confidentiality or privilege. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. Algorithmics does not accept liability for any errors or omissions. Any commitment intended to bind Algorithmics must be reduced to writing and signed by an authorized signatory. -------------------------------------------------------------------------- From steve at fsl.com Fri Nov 5 15:53:40 2010 From: steve at fsl.com (Stephen Swaney) Date: Fri Nov 5 15:53:50 2010 Subject: Wifely-type problem In-Reply-To: <4CD41D8B.5080202@cnpapers.com> References: <4CD41D8B.5080202@cnpapers.com> Message-ID: On Nov 5, 2010, at 11:06 AM, Steve Campbell wrote: > All of this is concerning my home setup, not business, so.... > > My wife is constantly getting into a bind with her home email account. She's one of those types that subscribes to everything and gets tons of crappy email as a result. Her DSL server mailbox is so full now, that she can't download what's up there from the server. I'd like to do something like the following, so if anyone sees a problem with my plans or knows of a better way, please speak up. > > I'd like to build a Centos server and put MS and Mailwatch on it. Probably put some type of webmail on there also. Then use fetchmail as a cron job to download her DSL email to the Centos server, let MS clean up the junk, let her monitor the email on the Centos server with webmail and MW and flush the rest of the junk, and then point her mail client to retrieve the email from the Centos box byway of POP to her home machine. All this would be on my home network. Hopefully, it'll fall into some manageable order. > > Does that sound reasonable? > > Steve Campbell > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! Cheaper than Alimony :) Have a good weekend, Steve -- Steve Swaney steve@fsl.com 202 595-7760 ext: 601 www.fsl.com The most accurate and cost effective anti-spam solutions available From peter at farrows.org Fri Nov 5 16:09:34 2010 From: peter at farrows.org (Peter Farrow) Date: Fri Nov 5 16:09:44 2010 Subject: Wifely-type problem In-Reply-To: References: <4CD41D8B.5080202@cnpapers.com> Message-ID: <4CD42C3E.7060108@farrows.org> On 05/11/2010 15:53, Stephen Swaney wrote: > > > On Nov 5, 2010, at 11:06 AM, Steve Campbell wrote: > >> All of this is concerning my home setup, not business, so.... >> >> My wife is constantly getting into a bind with her home email account. She's one of those types that subscribes to everything and gets tons of crappy email as a result. Her DSL server mailbox is so full now, that she can't download what's up there from the server. I'd like to do something like the following, so if anyone sees a problem with my plans or knows of a better way, please speak up. >> >> I'd like to build a Centos server and put MS and Mailwatch on it. Probably put some type of webmail on there also. Then use fetchmail as a cron job to download her DSL email to the Centos server, let MS clean up the junk, let her monitor the email on the Centos server with webmail and MW and flush the rest of the junk, and then point her mail client to retrieve the email from the Centos box byway of POP to her home machine. All this would be on my home network. Hopefully, it'll fall into some manageable order. >> >> Does that sound reasonable? >> >> Steve Campbell >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > Cheaper than Alimony :) > > Have a good weekend, > > Steve use this: rpm -e --force --nodeps Wifey ;-) P. -- horizontal ruler Peter Farrow avatar ______________________ Home: 01249 654183 Fax: 01249 461 548 Mobile: 07799605617 Skype: peter_farrow Web: www.peterfarrow.com -------------- next part -------------- Skipped content of type multipart/related From maxsec at gmail.com Fri Nov 5 16:19:36 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Fri Nov 5 16:19:46 2010 Subject: Wifely-type problem In-Reply-To: <4CD42C3E.7060108@farrows.org> References: <4CD41D8B.5080202@cnpapers.com> <4CD42C3E.7060108@farrows.org> Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 8198 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101105/5fbff0b6/attachment.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 57 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101105/5fbff0b6/attachment-0001.gif From richard.siddall at elirion.net Fri Nov 5 16:23:17 2010 From: richard.siddall at elirion.net (Richard Siddall) Date: Fri Nov 5 16:23:15 2010 Subject: Wifely-type problem In-Reply-To: <4CD41D8B.5080202@cnpapers.com> References: <4CD41D8B.5080202@cnpapers.com> Message-ID: <4CD42F75.1040005@elirion.net> Steve Campbell wrote: > All of this is concerning my home setup, not business, so.... > > My wife is constantly getting into a bind with her home email account. > She's one of those types that subscribes to everything and gets tons of > crappy email as a result. Her DSL server mailbox is so full now, that > she can't download what's up there from the server. I'd like to do > something like the following, so if anyone sees a problem with my plans > or knows of a better way, please speak up. > Steve, Think about what you're going to do when you go on vacation, or you buy your wife an iPhone for your anniversary. Also, see if you can get fetchmail to run when she pops email, so she doesn't have to wait for the next cron run when she's expecting an urgent message. One of the other replies reminded me that I think I've seen a program that goes in via POP3 and deletes spam/viruses, so you might be able to clean up the DSL provider mailbox. I can't remember what it was called. Regards, Richard Siddall From mail_list at woh.rr.com Fri Nov 5 16:25:06 2010 From: mail_list at woh.rr.com (Mailing List) Date: Fri Nov 5 16:25:20 2010 Subject: Wifely-type problem In-Reply-To: <4CD41D8B.5080202@cnpapers.com> References: <4CD41D8B.5080202@cnpapers.com> Message-ID: <4CD42FE2.4090802@woh.rr.com> On 11/5/2010 11:06 AM, Steve Campbell wrote: > All of this is concerning my home setup, not business, so.... > > My wife is constantly getting into a bind with her home email account. > She's one of those types that subscribes to everything and gets tons > of crappy email as a result. Her DSL server mailbox is so full now, > that she can't download what's up there from the server. I'd like to > do something like the following, so if anyone sees a problem with my > plans or knows of a better way, please speak up. > > I'd like to build a Centos server and put MS and Mailwatch on it. > Probably put some type of webmail on there also. Then use fetchmail as > a cron job to download her DSL email to the Centos server, let MS > clean up the junk, let her monitor the email on the Centos server with > webmail and MW and flush the rest of the junk, and then point her mail > client to retrieve the email from the Centos box byway of POP to her > home machine. All this would be on my home network. Hopefully, it'll > fall into some manageable order. > > Does that sound reasonable? > > Steve Campbell I do exactly this here at home. all except for MW. It really makes it nice to be able to control several mail accounts from one server. ISP-fetchmail-MailScanner-clamav/spamassassin-pop3, or openwebmail. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6022 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101105/a45942cd/smime.bin From campbell at cnpapers.com Fri Nov 5 16:25:16 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Nov 5 16:25:48 2010 Subject: Wifely-type problem In-Reply-To: References: <4CD41D8B.5080202@cnpapers.com> Message-ID: <4CD42FEC.9080806@cnpapers.com> On 11/5/2010 11:19 AM, Eduardo Casarero wrote: > > > 2010/11/5 Steve Campbell > > > All of this is concerning my home setup, not business, so.... > > My wife is constantly getting into a bind with her home email > account. She's one of those types that subscribes to everything > and gets tons of crappy email as a result. Her DSL server mailbox > is so full now, that she can't download what's up there from the > server. I'd like to do something like the following, so if anyone > sees a problem with my plans or knows of a better way, please > speak up. > > I'd like to build a Centos server and put MS and Mailwatch on it. > Probably put some type of webmail on there also. Then use > fetchmail as a cron job to download her DSL email to the Centos > server, let MS clean up the junk, let her monitor the email on the > Centos server with webmail and MW and flush the rest of the junk, > and then point her mail client to retrieve the email from the > Centos box byway of POP to her home machine. All this would be on > my home network. Hopefully, it'll fall into some manageable order. > > Does that sound reasonable? > > > Just an idea, cant she create a gmail account and check all her email > by imap/pop3 in the old account and store at the gmail account ? there > is plenty of space in gmail to store all the spam she gets. > > Steve Campbell > > -- > > I'm not sure what you're suggesting as far as the gmail account and storage. To prevent any change to her email address, I'd like to keep her on the DSL account. So I'm really unclear on how she'd move the emails from the DSL to gmail. She could, at the moment, check and clean the pending DSL emails by their webmail facility. But the sheer volume of crap she gets (and most of it she thinks is normal) is overwhelming. I'll think about this though. Thanks all steve -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101105/329deff6/attachment.html From campbell at cnpapers.com Fri Nov 5 16:30:58 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Nov 5 16:31:19 2010 Subject: Wifely-type problem In-Reply-To: References: <4CD41D8B.5080202@cnpapers.com> <4CD42C3E.7060108@farrows.org> Message-ID: <4CD43142.2050906@cnpapers.com> I've been through one of those rpm -e wifey things, and I can guarantee the --nodeps doesn't work. As a matter of fact, once I hit the enter key, the job went into a loop that lasted for years. Nothing would abort it, either. steve On 11/5/2010 12:19 PM, Martin Hepworth wrote: > lol - I think the nodeps doesn't work with this package ;-) > -- > Martin Hepworth > Oxford, UK > > > On 5 November 2010 16:09, Peter Farrow > wrote: > > On 05/11/2010 15:53, Stephen Swaney wrote: >> On Nov 5, 2010, at 11:06 AM, Steve Campbell wrote: >> >>> All of this is concerning my home setup, not business, so.... >>> >>> My wife is constantly getting into a bind with her home email account. She's one of those types that subscribes to everything and gets tons of crappy email as a result. Her DSL server mailbox is so full now, that she can't download what's up there from the server. I'd like to do something like the following, so if anyone sees a problem with my plans or knows of a better way, please speak up. >>> >>> I'd like to build a Centos server and put MS and Mailwatch on it. Probably put some type of webmail on there also. Then use fetchmail as a cron job to download her DSL email to the Centos server, let MS clean up the junk, let her monitor the email on the Centos server with webmail and MW and flush the rest of the junk, and then point her mail client to retrieve the email from the Centos box byway of POP to her home machine. All this would be on my home network. Hopefully, it'll fall into some manageable order. >>> >>> Does that sound reasonable? >>> >>> Steve Campbell >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, readhttp://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> Cheaper than Alimony :) >> >> Have a good weekend, >> >> Steve > use this: > > rpm -e --force --nodeps Wifey > > ;-) > > P. > > > -- > horizontal ruler > > Peter Farrow > avatar > ______________________ > Home: 01249 654183 > Fax: 01249 461 548 > Mobile: 07799605617 > Skype: peter_farrow > Web: www.peterfarrow.com > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- Skipped content of type multipart/related From campbell at cnpapers.com Fri Nov 5 16:33:26 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Nov 5 16:34:11 2010 Subject: Wifely-type problem In-Reply-To: <4CD42F75.1040005@elirion.net> References: <4CD41D8B.5080202@cnpapers.com> <4CD42F75.1040005@elirion.net> Message-ID: <4CD431D6.3030702@cnpapers.com> On 11/5/2010 12:23 PM, Richard Siddall wrote: > Steve Campbell wrote: >> All of this is concerning my home setup, not business, so.... >> >> My wife is constantly getting into a bind with her home email account. >> She's one of those types that subscribes to everything and gets tons of >> crappy email as a result. Her DSL server mailbox is so full now, that >> she can't download what's up there from the server. I'd like to do >> something like the following, so if anyone sees a problem with my plans >> or knows of a better way, please speak up. >> > > Steve, > > Think about what you're going to do when you go on vacation, or you > buy your wife an iPhone for your anniversary. Also, see if you can > get fetchmail to run when she pops email, so she doesn't have to wait > for the next cron run when she's expecting an urgent message. > > One of the other replies reminded me that I think I've seen a program > that goes in via POP3 and deletes spam/viruses, so you might be able > to clean up the DSL provider mailbox. I can't remember what it was > called. > > Regards, > > Richard Siddall The main point of all this is to inject MS into her work flow to get rid of most of this junk. steve From alex at nanogherkin.com Fri Nov 5 16:34:38 2010 From: alex at nanogherkin.com (Alex Crow) Date: Fri Nov 5 16:34:47 2010 Subject: Wifely-type problem In-Reply-To: <4CD42C3E.7060108@farrows.org> References: <4CD41D8B.5080202@cnpapers.com> <4CD42C3E.7060108@farrows.org> Message-ID: <4CD4321E.8010201@nanogherkin.com> use this: > > rpm -e --force --nodeps Wifey > > ;-) > > P. > > Some of your dependencies may stop functioning that way. I can think of at least one or two that are good to keep - a possible resolution is to install the "girlfriend" package - but do make sure you remove the wife-related packages first. If there are any child processes still running they may not cooperate well with the above replacement. However terminating such processes is not recommended as it will certainly cause vastly more trouble in the future, including, but not limited to the arrest, imprisonment and subsequent demise of the operator. Tongue firmly in cheek as a husband and dad :-) I do sympathise with the original poster, but to keep life simple I'd agree it's easier to transition to a webmail or cloud provider if you don't have the time and don't enjoy fiddling around a lot to keep things up to date. My wifey has always used Yahoo and she gets very little spam, gmail I hear is even better. Unfortunately as your mail has already been rcpt'd you can't use greylisting. You could still check SPF records although that gets more complicated when you are a second-hand recipient. Alex From lstewart at superb.net Fri Nov 5 16:50:26 2010 From: lstewart at superb.net (Landon Stewart) Date: Fri Nov 5 16:50:36 2010 Subject: Wifely-type problem In-Reply-To: <4CD42FEC.9080806@cnpapers.com> References: <4CD41D8B.5080202@cnpapers.com> <4CD42FEC.9080806@cnpapers.com> Message-ID: I'm not sure what you're suggesting as far as the gmail account and storage. To prevent any change to her email address, I'd like to keep her on the DSL account. So I'm really unclear on how she'd move the emails from the DSL to gmail. She could, at the moment, check and clean the pending DSL emails by their webmail facility. But the sheer volume of crap she gets (and most of it she thinks is normal) is overwhelming. Gmail isn't just webmail for @gmail.com addresses any more. It is a full on mail client now. She can check all of her mail from one place and have gmail's (pretty awesome) spam filters handle her spam issues. This beats killing a mouse with an elephant gun or using a package manager to delete your wife. -- Landon Stewart SuperbHosting.Net by Superb Internet Corp. Toll Free (US/Canada): 888-354-6128 x 4199 Direct: 206-438-5879 Web hosting and more "Ahead of the Rest": http://www.superbhosting.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101105/18e37862/attachment.html From lstewart at superb.net Fri Nov 5 16:51:15 2010 From: lstewart at superb.net (Landon Stewart) Date: Fri Nov 5 16:51:26 2010 Subject: Wifely-type problem In-Reply-To: <4CD43142.2050906@cnpapers.com> References: <4CD41D8B.5080202@cnpapers.com> <4CD42C3E.7060108@farrows.org> <4CD43142.2050906@cnpapers.com> Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 57 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101105/6e417b52/attachment.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 8198 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101105/6e417b52/attachment-0001.gif From ka at pacific.net Fri Nov 5 17:00:38 2010 From: ka at pacific.net (Ken A) Date: Fri Nov 5 17:00:58 2010 Subject: Wifely-type problem In-Reply-To: <4CD42F75.1040005@elirion.net> References: <4CD41D8B.5080202@cnpapers.com> <4CD42F75.1040005@elirion.net> Message-ID: <4CD43836.4060703@pacific.net> On 11/5/2010 11:23 AM, Richard Siddall wrote: > Steve Campbell wrote: >> All of this is concerning my home setup, not business, so.... >> >> My wife is constantly getting into a bind with her home email account. >> She's one of those types that subscribes to everything and gets tons of >> crappy email as a result. Her DSL server mailbox is so full now, that >> she can't download what's up there from the server. I'd like to do >> something like the following, so if anyone sees a problem with my plans >> or knows of a better way, please speak up. >> > > Steve, > > Think about what you're going to do when you go on vacation, or you buy > your wife an iPhone for your anniversary. Also, see if you can get > fetchmail to run when she pops email, so she doesn't have to wait for > the next cron run when she's expecting an urgent message. > > One of the other replies reminded me that I think I've seen a program > that goes in via POP3 and deletes spam/viruses, so you might be able to > clean up the DSL provider mailbox. I can't remember what it was called. mailwasher is one, though I haven't used it in years. But, don't turn on it's bounce feature, just let it delete the crap. It would be interesting to have a MailScanner or SA only box that copied the mail from the ISP inbox, filtered it, then used POP or IMAP to delete or sort the mail on the ISP server to appropriate IMAP folders. Anyone know of such a beast? Ken > Regards, > > Richard Siddall -- Ken Anderson Pacific Internet - http://www.pacific.net From bonivart at opencsw.org Sat Nov 6 14:00:44 2010 From: bonivart at opencsw.org (Peter Bonivart) Date: Sat Nov 6 14:01:14 2010 Subject: Make links non-clickable and rename attachments? In-Reply-To: References: Message-ID: On Thu, Nov 4, 2010 at 3:54 PM, Alex Neuman wrote: > This is something I believe can be done with mimedefang. Haven't used it myself though. I've never wanted to use MimeDefang since MailScanner has always solved my problems and there seemed to be a lot of overlap between the two but now MailScanners development seems to have slowed down a lot. Looking through MimeDefangs documentation I think you're right, I sure seems capable of doing what I want. Maybe CustomFunctions in MailScanner could do it as well but not many seem to use those and I know little about how to proceed with those. Thanks for the tip. /peter From alex at rtpty.com Sat Nov 6 14:42:07 2010 From: alex at rtpty.com (Alex Neuman) Date: Sat Nov 6 14:42:49 2010 Subject: Make links non-clickable and rename attachments? In-Reply-To: References: Message-ID: <1653882016-1289054555-cardhu_decombobulator_blackberry.rim.net-700531381-@bda478.bisx.prod.on.blackberry> No problem. And IMHO the slowdown is more of an indicator of maturity than anything else. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 +1-440-253-9789 (USA) Recuerda visitar http://vidadigital.com.pa/ BB PIN 20EA17C5 Twitter: @AlexNeuman - @VidaDigitalTV http://facebook.com/vidadigital Skype: alexneuman -----Original Message----- From: Peter Bonivart Sender: mailscanner-bounces@lists.mailscanner.info Date: Sat, 6 Nov 2010 15:00:44 To: MailScanner discussion Reply-To: MailScanner discussion Subject: Re: Make links non-clickable and rename attachments? On Thu, Nov 4, 2010 at 3:54 PM, Alex Neuman wrote: > This is something I believe can be done with mimedefang. Haven't used it myself though. I've never wanted to use MimeDefang since MailScanner has always solved my problems and there seemed to be a lot of overlap between the two but now MailScanners development seems to have slowed down a lot. Looking through MimeDefangs documentation I think you're right, I sure seems capable of doing what I want. Maybe CustomFunctions in MailScanner could do it as well but not many seem to use those and I know little about how to proceed with those. Thanks for the tip. /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From markee at bandwidthco.com Sat Nov 6 16:58:14 2010 From: markee at bandwidthco.com (markee) Date: Sat Nov 6 16:58:28 2010 Subject: Make links non-clickable and rename attachments? In-Reply-To: <1653882016-1289054555-cardhu_decombobulator_blackberry.rim.net-700531381-@bda478.bisx.prod.on.blackberry> References: <1653882016-1289054555-cardhu_decombobulator_blackberry.rim.net-700531381-@bda478.bisx.prod.on.blackberry> Message-ID: <001701cb7dd3$cd654a50$682fdef0$@com> I agree with Alex 100%. I don't understand what a "slowdown" in the frequency of releases has anything to do with the desirability and effectiveness of function and results. ########################################## This is coming from the home and office of: Mark E. Donaldson Bandwidthco Computer Security markee@bandwidthco.com http://www.bandwidthco.com Copyright C 1999 Bandwidthco.com. All rights reserved. ########################################## "Hacking is the process of influencing a computer system in such a way that it performs an action that is useful to you." ########################################## .~. /V\ /( )\ ^^-^^ You can't solve your problems with the same level of thinking that created the problems. Albert Einstein -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Saturday, November 06, 2010 7:42 AM To: MailScanner discussion Subject: Re: Make links non-clickable and rename attachments? No problem. And IMHO the slowdown is more of an indicator of maturity than anything else. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 +1-440-253-9789 (USA) Recuerda visitar http://vidadigital.com.pa/ BB PIN 20EA17C5 Twitter: @AlexNeuman - @VidaDigitalTV http://facebook.com/vidadigital Skype: alexneuman -----Original Message----- From: Peter Bonivart Sender: mailscanner-bounces@lists.mailscanner.info Date: Sat, 6 Nov 2010 15:00:44 To: MailScanner discussion Reply-To: MailScanner discussion Subject: Re: Make links non-clickable and rename attachments? On Thu, Nov 4, 2010 at 3:54 PM, Alex Neuman wrote: > This is something I believe can be done with mimedefang. Haven't used it myself though. I've never wanted to use MimeDefang since MailScanner has always solved my problems and there seemed to be a lot of overlap between the two but now MailScanners development seems to have slowed down a lot. Looking through MimeDefangs documentation I think you're right, I sure seems capable of doing what I want. Maybe CustomFunctions in MailScanner could do it as well but not many seem to use those and I know little about how to proceed with those. Thanks for the tip. /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ######################################################## This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. postmaster@bandwidthco.com MailScanner at Bandwidthco Computer Security is for your absolute protection. ######################################################## ######################################################## This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. postmaster@bandwidthco.com MailScanner at Bandwidthco Computer Security is for your absolute protection. ######################################################## From noel.butler at ausics.net Sat Nov 6 22:45:28 2010 From: noel.butler at ausics.net (Noel Butler) Date: Sat Nov 6 22:45:42 2010 Subject: Make links non-clickable and rename attachments? In-Reply-To: <001701cb7dd3$cd654a50$682fdef0$@com> References: <1653882016-1289054555-cardhu_decombobulator_blackberry.rim.net-700531381-@bda478.bisx.prod.on.blackberry> <001701cb7dd3$cd654a50$682fdef0$@com> Message-ID: <1289083528.5212.4.camel@tardis> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101107/bb88148c/attachment.bin From MailScanner at ecs.soton.ac.uk Sun Nov 7 14:08:42 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sun Nov 7 14:08:53 2010 Subject: Bug in incomplete link handling in phishing checks References: <4CD6B2EA.9060603@ecs.soton.ac.uk> Message-ID: Derek has found a bug in the handling of incomplete HTML "a" tags, which bites when doing phishing checks. The symptom is that the rest of the email HTML body after the unterminated link gets chopped off. I have proposed a fix for this, which he is testing for me. I would be very greatful if some other people could test it too, to ensure it doesn't cause any other problems. It's a very short patch to /usr/lib/MailScanner/MailScanner/Message.pm. The patch file (gzipped) is attached. If it won't apply with the commands gunzip /tmp/BrokenA_patch.txt.gz cd /usr/lib/MailScanner/MailScanner patch -p0 < /tmp/BrokenA_patch.txt then just cat the patch file and you'll see the new code to be added. It's a tiny change. Any reports good or bad are most welcome! Sorry I haven't been around for so long, we've been down in staff at work (1 of my guys left for a better-paid job, and we've had a Voluntary Severance scheme too, which has caused a lot of people to leave). Also our student numbers are up massively from last year (PhD students doubled, MSc up by 35%) so the start of the academic year has been ridiculously hectic. As a result all my non-work time has been taken up with resting, as I seem to be able to eat less than ever recently, which is not good, but there's not a lot the docs can do about it now. I will start to try to catch up, but if there's anything important that I've missed which you need my help with, please do reply to this thread and I'll try to take a look. Thanks to all of you for providing such brilliant support (for me and MailScanner!) over recent times. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: BrokenA_patch.txt.gz Type: application/x-gzip Size: 388 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101107/4813c7f2/BrokenA_patch.txt.gz From MailScanner at ecs.soton.ac.uk Sun Nov 7 14:13:35 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sun Nov 7 14:13:48 2010 Subject: Foreign filename checking In-Reply-To: <4CCF03AF.7030302@gmail.com> References: <4CCE9CA2.3060500@gmail.com> <4A09477D575C2C4B86497161427DD94C15B0D189C9@city-exchange07> <4CCF03AF.7030302@gmail.com> <4CD6B40F.3070707@ecs.soton.ac.uk> Message-ID: Please can you send me an example message? Try to extract the raw queue files (use the Quarantine or Archive Mail options to store a copy of it), then zip those up and send them to me at mailscanner@ecs.soton.ac.uk. If you can't email them to me, then use http://dropoff.ecs.soton.ac.uk to send them to me (that's a ZendTo site, my other project, which you may also be interested in!). Then I can take a look. Jules. On 01/11/2010 18:15, Greg Pearson wrote: > > > On 1/11/2010 7:22 ??, Kevin Miller wrote: >> Greg Pearson wrote: >>> Hello all, >>> >>> some of my users are used to send attachments with foreign filenames >>> (Russian etc.). It seems that MailScanner cannot properly handle >>> those filenames when they are converted to UTF8 by the mail client. >>> So a filename with foreign characters would become something like: >>> >>> "utf-8''%%CE%%95%%CF%%83%%CF%%89%%CF%%84%%CE%%B5%%CF%%81%%CE%%B9%%CE%%BA%%CF%%8C%%CF%%82%%20%%CE%%BA%%CE%%B1%%CE%%BD%%CE%%BF%%CE%%BD%%CE%%B9%%CF%%83%%CE%%BC%%CF%%8C%%CF%%82%%20lomi%%2001%%202008.doc" >>> >>> >>> And hence Mailscanner will complain that this filename is too long, >>> which is of course not the case. It is mentioned in the Changelog >>> that the latest version (4.81.4) has dealt with this: >>> >>> "16 Improved handling of Unicode and foreign character sets used in >>> attachment filenames." >>> >>> But the problem remains. >>> >>> I wouldn't want to disable the filename length rule completely, so I >>> would appreciate some help on this. >>> >>> Thanks >> Is it a discreet set of users sending these? Or strictly internal >> users? Perhaps a ruleset would do the trick if can identify a >> manageable set of senders... >> >> >> ...Kevin > Although I am not sure what you mean: I could as well disable the rule > for everybody, or even add exceptions. But it seems to me this is not > the proper approach. If Mailscanner is buggy when it comes to > international support then shouldn't this be filed as a bug instead? Jules Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Nov 7 14:17:34 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sun Nov 7 14:17:55 2010 Subject: Sender Priorities In-Reply-To: <4CC4A8DC.8070502@schmueller.de> References: <8FAC1E47484E43469AA28DBF35C955E4BDF5E78CB2@EXMBX.SHSU.EDU> <4CC4A8DC.8070502@schmueller.de> <4CD6B4FE.1000203@ecs.soton.ac.uk> Message-ID: I have specifically not allowed this. All content of an email can be faked, so it's then trivial for a spammer, who has seen one of your emergency emails, to make sure his are bypassed too. Jules. On 24/10/2010 22:45, Norbert Schmidt wrote: > Hi Alex, > > I've solved this within Postfix. I've got a script, that moves the > important mails from the hold to the incoming queue. I do not know of > a way within Mailscanner yet. > > Best Regards > > Norbert Schmidt > Am 20:59, schrieb Alex Neuman: >> Scan Messages = %rules-dir%/whattoscan.rules >> >> /etc/MailScanner/rules/whattoscan.rules >> FromOrTo: default yes >> From: reallyreallysnappyemergencynotification@sillydomain.com no >> >> >> On Oct 22, 2010, at 5:04 PM, Laskie, Norman wrote: >> >>> Does anyone know if it?s possible to have messages from specific >>> senders bumped to the top of the processing queue in MailScanner or >>> even have it bypass MailScanner completely (it is already configured >>> not to scan these messages)? Our emergency notification system >>> sends through the same edge boxes as all of our other external >>> mail. This is not a good thing and we would rather send from >>> internally, but the powers that be decided to outsource emergency >>> notifications vs. something we could easily do. >>> >>> Thanks, >>> Norman >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Nov 7 15:21:05 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sun Nov 7 15:21:21 2010 Subject: MailScanner Wiki References: <4CD6C3E1.6030808@ecs.soton.ac.uk> Message-ID: Due to inappropriate content being placed on the wiki at wiki.mailscanner.info I have had to remove all the user accounts and disable automatic account creation. I have also been round and removed what inappropriate content I could find. But please do contribute to the wiki! All I ask is that, if you would like an account to be able to edit the site, please email me the username you would like and I will add you myself, once I have checked you out. Many thanks! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Jeff.Mills at sydneytech.com.au Mon Nov 8 01:50:54 2010 From: Jeff.Mills at sydneytech.com.au (Jeff Mills) Date: Mon Nov 8 01:51:10 2010 Subject: xlsx crashing MailScanner Message-ID: <5CC818E72EFF6C4CB0D4DFEF1C4E6CD50F43153980@SERVER01.sts.local> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 3656 bytes Desc: image001.jpg Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101108/4d544699/image001.jpg From johnnyb at marlboro.edu Mon Nov 8 20:33:19 2010 From: johnnyb at marlboro.edu (John Baker) Date: Mon Nov 8 19:34:16 2010 Subject: looking for suggestions to catch more phising attempts Message-ID: <4CD85E8F.7040209@marlboro.edu> Hi all, I'm trying to figure out what the easiest solution with the smallest footprint for this problem might be. Along with a lot of other schools we've had a chronic problem with phishing attempts that pretend to be us and ask for usernames and passwords. Pretty much all of them come from compromised accounts at other colleges and the spammers keep the numbers low enough and slow enough to not register on phising lists like ScamNailer. We always seem to have at least one taker who's account gets compromised by spammers for every major phishing attempt of this type. We have mechanisms like rate limiting in place to keep the damage limited but I'd really rather keep the accounts from getting compromised in the first place. What I need is something like the phishing feature in Mailscanner that looks for mismatches between claimed and actual addresses and warns that it might be phising but looks for things like password requests or pretending to be from "helpdesk" or "webmail" instead. I'd like to pick-out them out and warn users that it might be a phising attempt. I think that either Mailscanner MCP or postfix header/body checks could do this but I'm concerned about the added system load and possible slowdowns that either may add. Is their anything obvious I'm overlooking here like a way to do this in Mailscanner's non mcp configuration? Thanks -- John Baker Network Systems Administrator Marlboro College Phone: 451-7551 Cell: 451-6748 From steve at fsl.com Mon Nov 8 20:18:03 2010 From: steve at fsl.com (Stephen Swaney) Date: Mon Nov 8 20:18:13 2010 Subject: looking for suggestions to catch more phising attempts In-Reply-To: <4CD85E8F.7040209@marlboro.edu> References: <4CD85E8F.7040209@marlboro.edu> Message-ID: On Nov 8, 2010, at 3:33 PM, John Baker wrote: > Hi all, > > I'm trying to figure out what the easiest solution with the smallest footprint for this problem might be. > > Along with a lot of other schools we've had a chronic problem with phishing attempts that pretend to be us and ask for usernames and passwords. Pretty much all of them come from compromised accounts at other colleges and the spammers keep the numbers low enough and slow enough to not register on phising lists like ScamNailer. We always seem to have at least one taker who's account gets compromised by spammers for every major phishing attempt of this type. We have mechanisms like rate limiting in place to keep the damage limited but I'd really rather keep the accounts from getting compromised in the first place. > > What I need is something like the phishing feature in Mailscanner that looks for mismatches between claimed and actual addresses and warns that it might be phising but looks for things like password requests or pretending to be from "helpdesk" or "webmail" instead. I'd like to pick-out them out and warn users that it might be a phising attempt. > > I think that either Mailscanner MCP or postfix header/body checks could do this but I'm concerned about the added system load and possible slowdowns that either may add. > > Is their anything obvious I'm overlooking here like a way to do this in Mailscanner's non mcp configuration? > > Thanks > > -- > John Baker > Network Systems Administrator > Marlboro College > Phone: 451-7551 Cell: 451-6748 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! First. Do you publish SPF records to prevent scammers from forging the mail from address? Thanks, Steve -- Steve Swaney steve@fsl.com 202 595-7760 ext: 601 www.fsl.com The most accurate and cost effective anti-spam solutions available From johnnyb at marlboro.edu Mon Nov 8 22:04:29 2010 From: johnnyb at marlboro.edu (John Baker) Date: Mon Nov 8 21:05:18 2010 Subject: looking for suggestions to catch more phising attempts In-Reply-To: References: <4CD85E8F.7040209@marlboro.edu> Message-ID: <4CD873ED.3090109@marlboro.edu> Good point but no for various convoluted reasons we can't yet. It's actually not quite relevant as they no not use actually use our addresses for this. They typically just write the note to make it sound like they are our IT dept but the address clearly says it's from somebody else. Users not savvy enough to realize that password requests are scams are even less likely to notice that neither the from or reply to are actually our addresses. Stephen Swaney wrote: > On Nov 8, 2010, at 3:33 PM, John Baker wrote: > > >> Hi all, >> >> I'm trying to figure out what the easiest solution with the smallest footprint for this problem might be. >> >> Along with a lot of other schools we've had a chronic problem with phishing attempts that pretend to be us and ask for usernames and passwords. Pretty much all of them come from compromised accounts at other colleges and the spammers keep the numbers low enough and slow enough to not register on phising lists like ScamNailer. We always seem to have at least one taker who's account gets compromised by spammers for every major phishing attempt of this type. We have mechanisms like rate limiting in place to keep the damage limited but I'd really rather keep the accounts from getting compromised in the first place. >> >> What I need is something like the phishing feature in Mailscanner that looks for mismatches between claimed and actual addresses and warns that it might be phising but looks for things like password requests or pretending to be from "helpdesk" or "webmail" instead. I'd like to pick-out them out and warn users that it might be a phising attempt. >> >> I think that either Mailscanner MCP or postfix header/body checks could do this but I'm concerned about the added system load and possible slowdowns that either may add. >> >> Is their anything obvious I'm overlooking here like a way to do this in Mailscanner's non mcp configuration? >> >> Thanks >> >> -- >> John Baker >> Network Systems Administrator >> Marlboro College >> Phone: 451-7551 Cell: 451-6748 >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > First. Do you publish SPF records to prevent scammers from forging the mail from address? > > > Thanks, > > Steve > -- John Baker Network Systems Administrator Marlboro College Phone: 451-7551 Cell: 451-6748 From glenn.steen at gmail.com Tue Nov 9 00:26:53 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Nov 9 00:27:03 2010 Subject: MailScanner Wiki In-Reply-To: References: <4CD6C3E1.6030808@ecs.soton.ac.uk> Message-ID: Hi Jules, I'd like my account back, please... If nothing else, to be able to maintain what content I've put there (time permitting). IIRC I had the username "glenn", but I suppose most anything will do. Cheers -- -- Glenn Den 7 nov 2010 16.25, "Jules Field" skrev: Due to inappropriate content being placed on the wiki at wiki.mailscanner.info I have had to remove all the user accounts and disable automatic account creation. I have also been round and removed what inappropriate content I could find. But please do contribute to the wiki! All I ask is that, if you would like an account to be able to edit the site, please email me the username you would like and I will add you myself, once I have checked you out. Many thanks! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101109/69fd4b5c/attachment.html From glenn.steen at gmail.com Tue Nov 9 00:31:33 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Nov 9 00:31:42 2010 Subject: MailScanner Wiki In-Reply-To: References: <4CD6C3E1.6030808@ecs.soton.ac.uk> Message-ID: Oops, that wasn't supposed to go to the list... Danger of using a phone to send mail...:$ :-) sorry... Den 9 nov 2010 01.26, "Glenn Steen" skrev: Hi Jules, I'd like my account back, please... If nothing else, to be able to maintain what content I've put there (time permitting). IIRC I had the username "glenn", but I suppose most anything will do. Cheers -- -- Glenn Den 7 nov 2010 16.25, "Jules Field" skrev: > > Due to inappropriate content being placed on the wiki at > wiki.mailscanner.info > I have ha... -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101109/575acde5/attachment.html From jakari at bithose.com Tue Nov 9 00:49:19 2010 From: jakari at bithose.com (Jameel Akari) Date: Tue Nov 9 00:50:09 2010 Subject: Sender Priorities In-Reply-To: References: <8FAC1E47484E43469AA28DBF35C955E4BDF5E78CB2@EXMBX.SHSU.EDU> <4CC4A8DC.8070502@schmueller.de> <4CD6B4FE.1000203@ecs.soton.ac.uk> Message-ID: Another solution I've found for this sort of thing is to setup a seperate outbound MTA, without MailScanner or much of anything else running, to which you route your messages to those specific addresses. In sendmail parlance, this is using a mailertable entry. We longer use any outside services where this matters, but I've retained the mailertable routing as a way to control how our outbound mail gets distributed. Also handy for the theoretical MailScanner upgrades I never quite get around to doing - being able to route around a given server or site while its undergoing upgrades or has some WAN problem or what have you is very nice indeed. Also useful for testing new Mailscanner installs by only routing your test traffic through the new machine, etc. /jakari On Sun, 7 Nov 2010, Jules Field wrote: > I have specifically not allowed this. All content of an email can be faked, > so it's then trivial for a spammer, who has seen one of your emergency > emails, to make sure his are bypassed too. > > Jules. > > On 24/10/2010 22:45, Norbert Schmidt wrote: >> Hi Alex, >> >> I've solved this within Postfix. I've got a script, that moves the >> important mails from the hold to the incoming queue. I do not know of a >> way within Mailscanner yet. >> >> Best Regards >> >> Norbert Schmidt >> Am 20:59, schrieb Alex Neuman: >> > Scan Messages = %rules-dir%/whattoscan.rules >> > >> > /etc/MailScanner/rules/whattoscan.rules >> > FromOrTo: default yes >> > From: reallyreallysnappyemergencynotification@sillydomain.com no >> > >> > >> > On Oct 22, 2010, at 5:04 PM, Laskie, Norman wrote: >> > >> > > Does anyone know if it?s possible to have messages from specific >> > > senders bumped to the top of the processing queue in MailScanner or >> > > even have it bypass MailScanner completely (it is already configured >> > > not to scan these messages)? Our emergency notification system sends >> > > through the same edge boxes as all of our other external mail. This >> > > is not a good thing and we would rather send from internally, but the >> > > powers that be decided to outsource emergency notifications vs. >> > > something we could easily do. >> > > >> > > Thanks, >> > > Norman >> > > >> > > >> > > -- >> > > MailScanner mailing list >> > > mailscanner@lists.mailscanner.info >> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > > >> > > Before posting, read http://wiki.mailscanner.info/posting >> > > >> > > Support MailScanner development - buy the book off the website! >> > >> >> > > Jules > > -- Jameel Akari From ssilva at sgvwater.com Tue Nov 9 00:50:47 2010 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Nov 9 00:51:09 2010 Subject: MailScanner Wiki In-Reply-To: References: <4CD6C3E1.6030808@ecs.soton.ac.uk> Message-ID: What is seen can never be unseen!!! LOL How are you doing Glenn? > Oops, that wasn't supposed to go to the list... Danger of using a phone to > send mail...:$ :-)?? sorry... > > Den 9 nov 2010 01.26, "Glenn Steen" > skrev: > > Hi Jules, > I'd like my account back, please... If nothing else, to be able to maintain > what content I've put there (time permitting). > IIRC I had the username "glenn", but I suppose most anything will do. > > Cheers > -- > -- Glenn > >> Den 7 nov 2010 16.25, "Jules Field" > > skrev: >> >> >> > >> > Due to inappropriate content being placed on the wiki at >> > ? ?wiki.mailscanner.info >> > I have ha... >> From glenn.steen at gmail.com Tue Nov 9 01:02:43 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Nov 9 01:02:56 2010 Subject: looking for suggestions to catch more phising attempts In-Reply-To: <4CD85E8F.7040209@marlboro.edu> References: <4CD85E8F.7040209@marlboro.edu> Message-ID: So the envelope sender isn't forged, but a lot of the rest? Then this is a job for SA, write your own rules, and use SA rule hit actions in MS (this superseeds MCP, and is way more efficient than that). Cheers -- -- Glenn Den 8 nov 2010 20.41, "John Baker" skrev: Hi all, I'm trying to figure out what the easiest solution with the smallest footprint for this problem might be. Along with a lot of other schools we've had a chronic problem with phishing attempts that pretend to be us and ask for usernames and passwords. Pretty much all of them come from compromised accounts at other colleges and the spammers keep the numbers low enough and slow enough to not register on phising lists like ScamNailer. We always seem to have at least one taker who's account gets compromised by spammers for every major phishing attempt of this type. We have mechanisms like rate limiting in place to keep the damage limited but I'd really rather keep the accounts from getting compromised in the first place. What I need is something like the phishing feature in Mailscanner that looks for mismatches between claimed and actual addresses and warns that it might be phising but looks for things like password requests or pretending to be from "helpdesk" or "webmail" instead. I'd like to pick-out them out and warn users that it might be a phising attempt. I think that either Mailscanner MCP or postfix header/body checks could do this but I'm concerned about the added system load and possible slowdowns that either may add. Is their anything obvious I'm overlooking here like a way to do this in Mailscanner's non mcp configuration? Thanks -- John Baker Network Systems Administrator Marlboro College Phone: 451-7551 Cell: 451-6748 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101109/2bf454cd/attachment.html From glenn.steen at gmail.com Tue Nov 9 01:25:39 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Nov 9 01:25:49 2010 Subject: MailScanner Wiki In-Reply-To: References: <4CD6C3E1.6030808@ecs.soton.ac.uk> Message-ID: Quite true, Scott... Since the "downsize" @work about 1.5 years back, things have been hectic, to say the least... I'm supposed to be a windoze guru now, ss well as the other 3-4 jobs I'm supposed to do... Oh well, it sure beats unemployment...:-) Other than that, thibgs are good. With the android update to the SE Xperia X10, I even manage a bit of catching up on the mailing lists;-) Cheers! Den 9 nov 2010 02.00, "Scott Silva" skrev: What is seen can never be unseen!!! LOL How are you doing Glenn? > Oops, that wasn't supposed to go to the list... Danger of using a phone to > send mail...:$ :-)?... > > skrev: > > Hi Jules, > I'd like my account back, please... If nothing else, to be able to maintain > what ... >> > skrev: >> >> >> > >> > Due to inappropriate content being placed on the wiki at >> > ? ?wiki.mailscanner.info >> > I have ha... >> -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailm... -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101109/7b30496d/attachment.html From MailScanner at ecs.soton.ac.uk Tue Nov 9 14:19:01 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Nov 9 14:19:16 2010 Subject: Make links non-clickable and rename attachments? In-Reply-To: References: <4CD95855.9060806@ecs.soton.ac.uk> Message-ID: I cannot easily help with item 1 on your list, but I have implemented item 2 for you. There is a new type of rule in the filename.rules.conf and filetype.rules.conf files, where you can set the action to be "rename". To go with this, there is a new MailScanner.conf setting called "Rename Pattern" where you say how you want the detected attachments renamed. Here is the doc for the "Rename Pattern" setting: # In the "Filename Rules" and "Filetype Rules" rule files, you can # say that you want particular attachment names or types to be "disarmed" # by being renamed. See the sample files for examples of this. # The "rename" rules simply change the filename of the attachment # according to the pattern in this setting, so that the user cannot # simply double-click on the attachment, but must save it then rename it # back to its original name; only then can they double-click on the file. # This provides a simple safeguard so that users have to consciously # think about what they are doing. # # The file will be renamed according to this setting, where the string # "__FILENAME__" will be replaced with the attachment's original name. # # This can also be the filename of a ruleset. Rename Pattern = __FILENAME__.disarmed Hopefully will do what you want! I will release a new beta in a minute, including this feature. It should be 4.82.1. Jules. On 04/11/2010 14:29, Peter Bonivart wrote: > We have lots of problems with users clicking on everything. If it's > remotely interesting to them they click even on links or attachments > that are executable. I know they should be educated but that's almost > impossible it seems. Now I have gotten two requests: > > 1. Can we make links non-clickable? Outlook finds links even in plain > text, it would mean more work to have to copy and paste into a web > browser. I'm thinking one implementation would be to replace every dot > with space-dot-space or similar. > > 2. Can we rename attachments? If attachments weren't executable but > had to be saved to another name (from e.g. foo.exe.bar) it would also > mean more work for the user. I'm thinking one implementation would be > to have files denied by filename/filetype rules be renamed with a > suffix added. As an option of course. > > The extra work needed may give these users (mostly PHB types) the time > they need to remember it's not a good thing to click on everything > they didn't ask for in the first place. > > Any ideas how to proceed? Anyone already have something similar implemented? > > /peter Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Tue Nov 9 14:37:29 2010 From: alex at rtpty.com (Alex Neuman) Date: Tue Nov 9 14:38:10 2010 Subject: Make links non-clickable and rename attachments? In-Reply-To: References: <4CD95855.9060806@ecs.soton.ac.uk> Message-ID: <465411657-1289313476-cardhu_decombobulator_blackberry.rim.net-866720797-@bda478.bisx.prod.on.blackberry> Could this be done so that pps and ppsx files can be made into "ppt" and pptx? Pretty please? :-) -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 +1-440-253-9789 (USA) Recuerda visitar http://vidadigital.com.pa/ BB PIN 20EA17C5 Twitter: @AlexNeuman - @VidaDigitalTV http://facebook.com/vidadigital Skype: alexneuman -----Original Message----- From: Julian Field Sender: mailscanner-bounces@lists.mailscanner.info Date: Tue, 09 Nov 2010 14:19:01 To: MailScanner discussion Reply-To: MailScanner discussion Subject: Re: Make links non-clickable and rename attachments? I cannot easily help with item 1 on your list, but I have implemented item 2 for you. There is a new type of rule in the filename.rules.conf and filetype.rules.conf files, where you can set the action to be "rename". To go with this, there is a new MailScanner.conf setting called "Rename Pattern" where you say how you want the detected attachments renamed. Here is the doc for the "Rename Pattern" setting: # In the "Filename Rules" and "Filetype Rules" rule files, you can # say that you want particular attachment names or types to be "disarmed" # by being renamed. See the sample files for examples of this. # The "rename" rules simply change the filename of the attachment # according to the pattern in this setting, so that the user cannot # simply double-click on the attachment, but must save it then rename it # back to its original name; only then can they double-click on the file. # This provides a simple safeguard so that users have to consciously # think about what they are doing. # # The file will be renamed according to this setting, where the string # "__FILENAME__" will be replaced with the attachment's original name. # # This can also be the filename of a ruleset. Rename Pattern = __FILENAME__.disarmed Hopefully will do what you want! I will release a new beta in a minute, including this feature. It should be 4.82.1. Jules. On 04/11/2010 14:29, Peter Bonivart wrote: > We have lots of problems with users clicking on everything. If it's > remotely interesting to them they click even on links or attachments > that are executable. I know they should be educated but that's almost > impossible it seems. Now I have gotten two requests: > > 1. Can we make links non-clickable? Outlook finds links even in plain > text, it would mean more work to have to copy and paste into a web > browser. I'm thinking one implementation would be to replace every dot > with space-dot-space or similar. > > 2. Can we rename attachments? If attachments weren't executable but > had to be saved to another name (from e.g. foo.exe.bar) it would also > mean more work for the user. I'm thinking one implementation would be > to have files denied by filename/filetype rules be renamed with a > suffix added. As an option of course. > > The extra work needed may give these users (mostly PHB types) the time > they need to remember it's not a good thing to click on everything > they didn't ask for in the first place. > > Any ideas how to proceed? Anyone already have something similar implemented? > > /peter Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Phil.Udel at SalemCorp.com Tue Nov 9 15:26:59 2010 From: Phil.Udel at SalemCorp.com (Phil Udel) Date: Tue Nov 9 15:26:56 2010 Subject: aliases Question with Mail Scanner Message-ID: <4855A4DCF1424A74886A61A40160949B@salemcorp.com> I have been asked to Control Who can use a AllUser Aliases Group. I don't see anywhere in Sendmail where I can restrict such access to only a few Key users within the corporation. Can I use Mailscanner some how? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101109/09caea2a/attachment.html From bonivart at opencsw.org Tue Nov 9 15:37:02 2010 From: bonivart at opencsw.org (Peter Bonivart) Date: Tue Nov 9 15:37:33 2010 Subject: Make links non-clickable and rename attachments? In-Reply-To: References: <4CD95855.9060806@ecs.soton.ac.uk> Message-ID: On Tue, Nov 9, 2010 at 3:19 PM, Julian Field wrote: > I cannot easily help with item 1 on your list, but I have implemented item 2 > for you. > > Hopefully will do what you want! Awesome! I will test the beta. :-) /peter From MailScanner at ecs.soton.ac.uk Tue Nov 9 15:51:42 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Nov 9 15:52:01 2010 Subject: Make links non-clickable and rename attachments? In-Reply-To: <465411657-1289313476-cardhu_decombobulator_blackberry.rim.net-866720797-@bda478.bisx.prod.on.blackberry> References: <4CD95855.9060806@ecs.soton.ac.uk> <465411657-1289313476-cardhu_decombobulator_blackberry.rim.net-866720797-@bda478.bisx.prod.on.blackberry> <4CD96E0E.3030900@ecs.soton.ac.uk> Message-ID: Not very easily, without having to introduce you guys to the fun of search and replace regexps, which would scare most people s***less. On 09/11/2010 14:37, Alex Neuman wrote: > Could this be done so that pps and ppsx files can be made into "ppt" and pptx? Pretty please? :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Tue Nov 9 15:53:50 2010 From: alex at rtpty.com (Alex Neuman) Date: Tue Nov 9 15:54:32 2010 Subject: aliases Question with Mail Scanner In-Reply-To: <4855A4DCF1424A74886A61A40160949B@salemcorp.com> References: <4855A4DCF1424A74886A61A40160949B@salemcorp.com> Message-ID: <950352852-1289318058-cardhu_decombobulator_blackberry.rim.net-250141897-@bda478.bisx.prod.on.blackberry> Yes you can! Use a ruleset in spam.whitelist.rules that says: From: authorised@mydomain.com and to: mylist@mydomain.com yes And one in spam.blacklist.rules: To: mylist@mydomain.com yes IIRC whitelist trumps blacklist. If not, use the "scan for spam" ruleset + the blacklist so you "don't" scan the authorised email. Beware - this could, depending on your setup, be trivially spoofed. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 +1-440-253-9789 (USA) Recuerda visitar http://vidadigital.com.pa/ BB PIN 20EA17C5 Twitter: @AlexNeuman - @VidaDigitalTV http://facebook.com/vidadigital Skype: alexneuman -----Original Message----- From: "Phil Udel" Sender: mailscanner-bounces@lists.mailscanner.info Date: Tue, 9 Nov 2010 10:26:59 To: Reply-To: MailScanner discussion Subject: aliases Question with Mail Scanner -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Nov 9 15:55:01 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Nov 9 15:55:19 2010 Subject: aliases Question with Mail Scanner In-Reply-To: <4855A4DCF1424A74886A61A40160949B@salemcorp.com> References: <4855A4DCF1424A74886A61A40160949B@salemcorp.com> <4CD96ED5.8000108@ecs.soton.ac.uk> Message-ID: I do it with Mailman. You rename your *real* "AllUser" list to something like "AllUser-people". Then create a moderated mailing list called "AllUser", which has "AllUser-people" as the only member. All postings to "AllUser" have to be approved by the list moderator (probably you!), and Mailman carefully removes any mention of "AllUser-people" from the headers for you so no-one ever finds out what the list is actually called. Then the list moderation system controls access to the list. Very simple and effective, I do it here on all our big lists to stop internal spamming. On 09/11/2010 15:26, Phil Udel wrote: > I have been asked to Control Who can use a AllUser Aliases Group. I > don't see anywhere in Sendmail where I can restrict such access to > only a few Key users within the corporation. > Can I use Mailscanner some how? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From john at tradoc.fr Tue Nov 9 16:06:58 2010 From: john at tradoc.fr (John Wilcock) Date: Tue Nov 9 16:07:12 2010 Subject: Make links non-clickable and rename attachments? In-Reply-To: References: <4CD95855.9060806@ecs.soton.ac.uk> <465411657-1289313476-cardhu_decombobulator_blackberry.rim.net-866720797-@bda478.bisx.prod.on.blackberry> <4CD96E0E.3030900@ecs.soton.ac.uk> Message-ID: <4CD971A2.1050502@tradoc.fr> Le 09/11/2010 16:51, Julian Field a ?crit : > Not very easily, without having to introduce you guys to the fun of > search and replace regexps, which would scare most people s***less. I don't entirely agree - what might indeed be daunting for the majority of end users should be perfectly within the grasp of the average sysadmin. John. -- -- Over 4000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From alex at rtpty.com Tue Nov 9 16:38:22 2010 From: alex at rtpty.com (Alex Neuman) Date: Tue Nov 9 16:39:02 2010 Subject: Make links non-clickable and rename attachments? In-Reply-To: <4CD971A2.1050502@tradoc.fr> References: <4CD95855.9060806@ecs.soton.ac.uk> <465411657-1289313476-cardhu_decombobulator_blackberry.rim.net-866720797-@bda478.bisx.prod.on.blackberry> <4CD96E0E.3030900@ecs.soton.ac.uk><4CD971A2.1050502@tradoc.fr> Message-ID: <1593564753-1289320729-cardhu_decombobulator_blackberry.rim.net-809758501-@bda478.bisx.prod.on.blackberry> Should be. I love the power, but I must admit every time I use them I need to read up! :-) -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 +1-440-253-9789 (USA) Recuerda visitar http://vidadigital.com.pa/ BB PIN 20EA17C5 Twitter: @AlexNeuman - @VidaDigitalTV http://facebook.com/vidadigital Skype: alexneuman -----Original Message----- From: John Wilcock Sender: mailscanner-bounces@lists.mailscanner.info Date: Tue, 09 Nov 2010 17:06:58 To: MailScanner discussion Reply-To: MailScanner discussion Subject: Re: Make links non-clickable and rename attachments? Le 09/11/2010 16:51, Julian Field a ?crit : > Not very easily, without having to introduce you guys to the fun of > search and replace regexps, which would scare most people s***less. I don't entirely agree - what might indeed be daunting for the majority of end users should be perfectly within the grasp of the average sysadmin. John. -- -- Over 4000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Nov 9 16:42:32 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Nov 9 16:42:45 2010 Subject: Make links non-clickable and rename attachments? In-Reply-To: <4CD971A2.1050502@tradoc.fr> References: <4CD95855.9060806@ecs.soton.ac.uk> <465411657-1289313476-cardhu_decombobulator_blackberry.rim.net-866720797-@bda478.bisx.prod.on.blackberry> <4CD96E0E.3030900@ecs.soton.ac.uk> <4CD971A2.1050502@tradoc.fr> <4CD979F8.3060101@ecs.soton.ac.uk> Message-ID: On 09/11/2010 16:06, John Wilcock wrote: > Le 09/11/2010 16:51, Julian Field a ?crit : >> Not very easily, without having to introduce you guys to the fun of >> search and replace regexps, which would scare most people s***less. > > I don't entirely agree - what might indeed be daunting for the > majority of end users should be perfectly within the grasp of the > average sysadmin. The other problem is expressing this sensibly in a decent location in a config file. We've got to get a whole set of pairs of search and replace strings, and the syntax of the filename.rules.conf and filetype.rules.conf don't really allow for that. Where could I put it all? I don't want to have to stretch the syntax of those files any further, or they'll snap! :) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From campbell at cnpapers.com Tue Nov 9 16:58:39 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Tue Nov 9 16:58:54 2010 Subject: aliases Question with Mail Scanner In-Reply-To: References: <4855A4DCF1424A74886A61A40160949B@salemcorp.com> <4CD96ED5.8000108@ecs.soton.ac.uk> Message-ID: <4CD97DBF.1070706@cnpapers.com> Same here. steve campbell On 11/9/2010 10:55 AM, Julian Field wrote: > I do it with Mailman. > > You rename your *real* "AllUser" list to something like "AllUser-people". > Then create a moderated mailing list called "AllUser", which has > "AllUser-people" as the only member. > All postings to "AllUser" have to be approved by the list moderator > (probably you!), and Mailman carefully removes any mention of > "AllUser-people" from the headers for you so no-one ever finds out > what the list is actually called. > > Then the list moderation system controls access to the list. > > Very simple and effective, I do it here on all our big lists to stop > internal spamming. > > On 09/11/2010 15:26, Phil Udel wrote: >> I have been asked to Control Who can use a AllUser Aliases Group. I >> don't see anywhere in Sendmail where I can restrict such access to >> only a few Key users within the corporation. >> Can I use Mailscanner some how? > > Jules > From johnnyb at marlboro.edu Tue Nov 9 18:08:52 2010 From: johnnyb at marlboro.edu (John Baker) Date: Tue Nov 9 17:09:24 2010 Subject: looking for suggestions to catch more phising attempts In-Reply-To: References: <4CD85E8F.7040209@marlboro.edu> Message-ID: <4CD98E34.6020501@marlboro.edu> Thanks, I knew I must be missing something. I've read the MailScanner.conf file a million times and somehow missed the section for custom actions on specific rule hits. Glenn Steen wrote: > > So the envelope sender isn't forged, but a lot of the rest? > Then this is a job for SA, write your own rules, and use SA rule hit > actions in MS (this superseeds MCP, and is way more efficient than that). > > Cheers > -- > -- Glenn > >> Den 8 nov 2010 20.41, "John Baker" > > skrev: >> >> Hi all, >> >> I'm trying to figure out what the easiest solution with the smallest >> footprint for this problem might be. >> >> Along with a lot of other schools we've had a chronic problem with >> phishing attempts that pretend to be us and ask for usernames and >> passwords. Pretty much all of them come from compromised accounts at >> other colleges and the spammers keep the numbers low enough and slow >> enough to not register on phising lists like ScamNailer. We always >> seem to have at least one taker who's account gets compromised by >> spammers for every major phishing attempt of this type. We have >> mechanisms like rate limiting in place to keep the damage limited but >> I'd really rather keep the accounts from getting compromised in the >> first place. >> >> What I need is something like the phishing feature in Mailscanner >> that looks for mismatches between claimed and actual addresses and >> warns that it might be phising but looks for things like password >> requests or pretending to be from "helpdesk" or "webmail" instead. >> I'd like to pick-out them out and warn users that it might be a >> phising attempt. >> >> I think that either Mailscanner MCP or postfix header/body checks >> could do this but I'm concerned about the added system load and >> possible slowdowns that either may add. >> >> Is their anything obvious I'm overlooking here like a way to do this >> in Mailscanner's non mcp configuration? >> >> Thanks >> >> -- >> John Baker >> Network Systems Administrator >> Marlboro College >> Phone: 451-7551 Cell: 451-6748 >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! -- John Baker Network Systems Administrator Marlboro College Phone: 451-7551 Cell: 451-6748 From Kevin_Miller at ci.juneau.ak.us Tue Nov 9 17:46:15 2010 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Nov 9 17:46:27 2010 Subject: MailScanner Wiki In-Reply-To: References: <4CD6C3E1.6030808@ecs.soton.ac.uk> Message-ID: <4A09477D575C2C4B86497161427DD94C15B0D18A27@city-exchange07> At least it was't to your protocologist! ;-) ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Monday, November 08, 2010 3:32 PM To: MailScanner discussion Subject: Re: MailScanner Wiki Oops, that wasn't supposed to go to the list... Danger of using a phone to send mail...:$ :-) sorry... Den 9 nov 2010 01.26, "Glenn Steen" > skrev: Hi Jules, I'd like my account back, please... If nothing else, to be able to maintain what content I've put there (time permitting). IIRC I had the username "glenn", but I suppose most anything will do. Cheers -- -- Glenn Den 7 nov 2010 16.25, "Jules Field" > skrev: > > Due to inappropriate content being placed on the wiki at > wiki.mailscanner.info > I have ha... -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101109/7557d3ea/attachment.html From mark at msapiro.net Tue Nov 9 20:55:03 2010 From: mark at msapiro.net (Mark Sapiro) Date: Tue Nov 9 20:55:17 2010 Subject: Problem with new 'rename' action. was: Bug in incomplete link handling in phishing checks In-Reply-To: References: <4CD6B2EA.9060603@ecs.soton.ac.uk> Message-ID: <4CD9B527.3060105@msapiro.net> On 11:59 AM, Jules Field wrote: > Derek has found a bug in the handling of incomplete HTML "a" tags, which > bites when doing phishing checks. The symptom is that the rest of the > email HTML body after the unterminated link gets chopped off. > > I have proposed a fix for this, which he is testing for me. > I would be very greatful if some other people could test it too, to > ensure it doesn't cause any other problems. > > It's a very short patch to /usr/lib/MailScanner/MailScanner/Message.pm. I have just updated Mailscanner to 4.82.1-1 which apparently contains the above patch. So far, I see no issues with the patch, but I did see the following in my maillog upon restarting after the upgrade. Nov 9 12:24:07 sbh16 MailScanner[32297]: Possible syntax error in first keyword on line 22 of /etc/MailScanner/filename.rules.conf Refers to the line rename \.fdf$ Dangerous Adobe Acrobat data-file Opening this file can cause auto-loading of any file from the internet Nov 9 12:24:07 sbh16 MailScanner[32297]: Possible syntax error in first keyword on line 31 of /etc/MailScanner/filetype.rules.conf Refers to the line rename Registry Windows Registry entries (renamed) Windows Registry files (renamed) -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From MailScanner at ecs.soton.ac.uk Tue Nov 9 22:10:13 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Tue Nov 9 22:10:31 2010 Subject: Make links non-clickable and rename attachments? In-Reply-To: <4CD971A2.1050502@tradoc.fr> References: <4CD95855.9060806@ecs.soton.ac.uk> <465411657-1289313476-cardhu_decombobulator_blackberry.rim.net-866720797-@bda478.bisx.prod.on.blackberry> <4CD96E0E.3030900@ecs.soton.ac.uk> <4CD971A2.1050502@tradoc.fr> <4CD9C6C5.708@ecs.soton.ac.uk> Message-ID: On 09/11/2010 16:06, John Wilcock wrote: > Le 09/11/2010 16:51, Julian Field a ?crit : >> Not very easily, without having to introduce you guys to the fun of >> search and replace regexps, which would scare most people s***less. > > I don't entirely agree - what might indeed be daunting for the > majority of end users should be perfectly within the grasp of the > average sysadmin. You are quite right, and I found a reasonable way of extending the syntax. In filename.rules.conf, as well as saying rename \.reg$ Renaming Registry files Renaming Registry files you can now also say things like this: rename to .txt \.reg$ Disarming Registry files Renaming Registry files That rule will rename any file ending in ".reg" (in any combination of lower or upper case) so that the ".reg" is replaced with ".txt". So when the user receives it and double-clicks on it, instead of immediately being merged into their registry, it will be opened in a text editor. And as someone else suggested, you can do rename to .ppt \.pps$ Nasty Powerpoint shows Nasty shows to automatically rename .pps files to .ppt files instead. Note that the text matched by the rule's pattern is *replaced* with the "rename to" text, it isn't just added on the end. The "Rename Pattern" setting in MailScanner.conf is now called "Default Rename Pattern", as it is only used in filetype.rules.conf, and in filename.rules.conf where no "rename to" text is supplied, just the "rename" keyword on its own. That will hopefully do all you need to be able to do, without creating any new configuration files or anything nasty like that. I have just released 4.82.2 which contains all this (and a little fix Derek Buttineau needed). G'night! :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Nov 9 22:17:16 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Tue Nov 9 22:17:31 2010 Subject: Problem with new 'rename' action. was: Bug in incomplete link handling in phishing checks In-Reply-To: <4CD9B527.3060105@msapiro.net> References: <4CD6B2EA.9060603@ecs.soton.ac.uk> <4CD9B527.3060105@msapiro.net> <4CD9C86C.5030404@ecs.soton.ac.uk> Message-ID: Please can you try this with 4.82.2 and let me know if you still get this error in your maillog. On 09/11/2010 20:55, Mark Sapiro wrote: > On 11:59 AM, Jules Field wrote: >> Derek has found a bug in the handling of incomplete HTML "a" tags, which >> bites when doing phishing checks. The symptom is that the rest of the >> email HTML body after the unterminated link gets chopped off. >> >> I have proposed a fix for this, which he is testing for me. >> I would be very greatful if some other people could test it too, to >> ensure it doesn't cause any other problems. >> >> It's a very short patch to /usr/lib/MailScanner/MailScanner/Message.pm. > > I have just updated Mailscanner to 4.82.1-1 which apparently contains > the above patch. So far, I see no issues with the patch, but I did see > the following in my maillog upon restarting after the upgrade. > > Nov 9 12:24:07 sbh16 MailScanner[32297]: Possible syntax error in first > keyword on line 22 of /etc/MailScanner/filename.rules.conf > > Refers to the line > > rename \.fdf$ Dangerous Adobe Acrobat data-file Opening this file > can cause auto-loading of any file from the internet > > Nov 9 12:24:07 sbh16 MailScanner[32297]: Possible syntax error in first > keyword on line 31 of /etc/MailScanner/filetype.rules.conf > > Refers to the line > > rename Registry Windows Registry entries (renamed) Windows Registry > files (renamed) > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Tue Nov 9 22:42:51 2010 From: alex at rtpty.com (Alex Neuman) Date: Tue Nov 9 22:43:31 2010 Subject: Make links non-clickable and rename attachments? In-Reply-To: References: <4CD95855.9060806@ecs.soton.ac.uk> <465411657-1289313476-cardhu_decombobulator_blackberry.rim.net-866720797-@bda478.bisx.prod.on.blackberry> <4CD96E0E.3030900@ecs.soton.ac.uk> <4CD971A2.1050502@tradoc.fr> <4CD9C6C5.708@ecs.soton.ac.uk> Message-ID: <1992506455-1289342597-cardhu_decombobulator_blackberry.rim.net-1219747646-@bda478.bisx.prod.on.blackberry> Wow! Thanks a bunch! -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 +1-440-253-9789 (USA) Recuerda visitar http://vidadigital.com.pa/ BB PIN 20EA17C5 Twitter: @AlexNeuman - @VidaDigitalTV http://facebook.com/vidadigital Skype: alexneuman -----Original Message----- From: Jules Field Sender: mailscanner-bounces@lists.mailscanner.info Date: Tue, 09 Nov 2010 22:10:13 To: MailScanner discussion Reply-To: MailScanner discussion Subject: Re: Make links non-clickable and rename attachments? On 09/11/2010 16:06, John Wilcock wrote: > Le 09/11/2010 16:51, Julian Field a ?crit : >> Not very easily, without having to introduce you guys to the fun of >> search and replace regexps, which would scare most people s***less. > > I don't entirely agree - what might indeed be daunting for the > majority of end users should be perfectly within the grasp of the > average sysadmin. You are quite right, and I found a reasonable way of extending the syntax. In filename.rules.conf, as well as saying rename \.reg$ Renaming Registry files Renaming Registry files you can now also say things like this: rename to .txt \.reg$ Disarming Registry files Renaming Registry files That rule will rename any file ending in ".reg" (in any combination of lower or upper case) so that the ".reg" is replaced with ".txt". So when the user receives it and double-clicks on it, instead of immediately being merged into their registry, it will be opened in a text editor. And as someone else suggested, you can do rename to .ppt \.pps$ Nasty Powerpoint shows Nasty shows to automatically rename .pps files to .ppt files instead. Note that the text matched by the rule's pattern is *replaced* with the "rename to" text, it isn't just added on the end. The "Rename Pattern" setting in MailScanner.conf is now called "Default Rename Pattern", as it is only used in filetype.rules.conf, and in filename.rules.conf where no "rename to" text is supplied, just the "rename" keyword on its own. That will hopefully do all you need to be able to do, without creating any new configuration files or anything nasty like that. I have just released 4.82.2 which contains all this (and a little fix Derek Buttineau needed). G'night! :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mark at msapiro.net Wed Nov 10 00:21:05 2010 From: mark at msapiro.net (Mark Sapiro) Date: Wed Nov 10 00:21:21 2010 Subject: Problem with new 'rename' action. was: Bug in incomplete linkhandling in phishing checks In-Reply-To: Message-ID: Jules Field wrote: >Please can you try this with 4.82.2 and let me know if you still get >this error in your maillog. > >On 09/11/2010 20:55, Mark Sapiro wrote: [...] >> >> I have just updated Mailscanner to 4.82.1-1 which apparently contains >> the above patch. So far, I see no issues with the patch, but I did see >> the following in my maillog upon restarting after the upgrade. >> >> Nov 9 12:24:07 sbh16 MailScanner[32297]: Possible syntax error in first >> keyword on line 22 of /etc/MailScanner/filename.rules.conf >> >> Refers to the line >> >> rename \.fdf$ Dangerous Adobe Acrobat data-file Opening this file >> can cause auto-loading of any file from the internet >> >> Nov 9 12:24:07 sbh16 MailScanner[32297]: Possible syntax error in first >> keyword on line 31 of /etc/MailScanner/filetype.rules.conf >> >> Refers to the line >> >> rename Registry Windows Registry entries (renamed) Windows Registry >> files (renamed) With 4.82.2-1, I am getting only the usual startup messages. I am not seeing the above messages. Thanks for the prompt response. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From Denis.Beauchemin at USherbrooke.ca Wed Nov 10 16:27:51 2010 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Nov 10 16:28:11 2010 Subject: Bitdefender AntiSpam: worth a try? Message-ID: <4CDAC807.30600@USherbrooke.ca> Hi, It looks like Bitdefender just released a free AntiSpam engine for mail servers (Linux-based): http://www.bitdefender.com/business/antispam-for-mail-servers.html Anyone tried it yet? If so, could it complement MailScanner? Thanks! Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x62252 F: 819.821.8045 From ngoc5593 at yahoo.com Thu Nov 11 08:45:52 2010 From: ngoc5593 at yahoo.com (le minh ngoc) Date: Thu Nov 11 08:46:02 2010 Subject: (no subject) Message-ID: <768523.52254.qm@web53108.mail.re2.yahoo.com> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101111/d0dcd92f/attachment.html From zaeem.arshad at gmail.com Thu Nov 11 09:46:27 2010 From: zaeem.arshad at gmail.com (Zaeem Arshad) Date: Thu Nov 11 09:46:37 2010 Subject: Upgrade_MailScanner_conf not working for 4.81.4-1 Message-ID: Hi, As the subject states, I am having problems upgrading the config file from 4.77 to 4.84. The upgrade script creates an empty .new file and shows the usage message. Any ideas what could be wrong here? Regards Zaeem From zaeem.arshad at gmail.com Thu Nov 11 09:52:40 2010 From: zaeem.arshad at gmail.com (Zaeem Arshad) Date: Thu Nov 11 09:52:50 2010 Subject: Upgrade_MailScanner_conf not working for 4.81.4-1 In-Reply-To: References: Message-ID: On Thu, Nov 11, 2010 at 2:46 PM, Zaeem Arshad wrote: > Hi, > > As the subject states, I am having problems upgrading the config file > from 4.77 to 4.84. The upgrade script creates an empty .new file and > shows the usage message. Any ideas what could be wrong here? > > > Regards > > Zaeem > Found out the issue. The MailScanner.conf was 0 byte and the script was choking on it. That's another question why it was reduced to 0 bytes though. From zaeem.arshad at gmail.com Thu Nov 11 12:19:36 2010 From: zaeem.arshad at gmail.com (Zaeem Arshad) Date: Thu Nov 11 12:19:45 2010 Subject: MailScanner performance issues Message-ID: Hi List, For the past couple of days, my normally fine MailScanner system started showing signs of sluggishness. At one time, the queue climbed up to 90,000. We did not observe any sort of spam or other attack during that period. Since that fateful day, I have tried upgrading the version from 4.77 to 4.81 but no effect. While I am still trying to understand why the system is working slow, I have observed that the queue has more than a 1000 messages but MailScanner processes are picking up a random number instead of the configured 50 messages. A log of the processes is available at http://pastebin.com/hgBu66HL. . For now, I have bypassed MailScanner as the queue buildup is too much to handle. The incoming workdir is on tmpfs and I haven't seen any disk or IO issues. Here is the output of MailScanner -version. MailScanner -version Running on Linux antivirus5.cyber.net.pk 2.6.18-128.el5 #1 SMP Wed Jan 21 10:41:14 EST 2009 x86_64 x86_64 x86_64 GNU/Linux This is CentOS release 5.3 (Final) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.81.4 Module versions are: 1.00 AnyDBM_File 1.30 Archive::Zip 0.23 bignum 1.04 Carp 1.41 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121_08 Data::Dumper 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.20 File::Temp 0.90 Filesys::Df 3.64 HTML::Entities 3.64 HTML::Parser 3.57 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.04 Mail::Header 1.89 Math::BigInt 0.22 Math::BigRat 3.07 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.07 MIME::QuotedPrint 5.427 MIME::Tools 0.13 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.05 Pod::Simple 1.09 POSIX 1.19 Scalar::Util 1.78 Socket 2.16 Storable 1.4 Sys::Hostname::Long 0.27 Sys::Syslog 1.26 Test::Pod 0.86 Test::Simple 1.9707 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.30 Archive::Tar 0.23 bignum 1.82 Business::ISBN 1.10 Business::ISBN::Data 1.08 Data::Dump 1.814 DB_File 1.25 DBD::SQLite 1.607 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 1.00 Encode::Detect 0.17008 Error 0.18 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 2.38 Getopt::Long 0.44 Inline 1.08 IO::String 1.04 IO::Zlib 2.21 IP::Country missing Mail::ClamAV 3.002005 Mail::SpamAssassin v2.004 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.66 Net::DNS 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP 4.004 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.64 Test::Harness 0.95 Test::Manifest 1.98 Text::Balanced 1.35 URI 0.7203 version 0.62 YAML Regards Zaeem From MailScanner at ecs.soton.ac.uk Thu Nov 11 12:36:28 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Nov 11 12:36:45 2010 Subject: MailScanner performance issues In-Reply-To: References: <4CDBE34C.9010509@ecs.soton.ac.uk> Message-ID: If it's not picking up full batches, that's because they haven't finished being delivered to your server so cannot be processed. I would suggest that you have a lot of incoming sendmail processes and netstat will probably show loads of port 25/tcp connections inbound. Someone's pummelling you with mail. Jules. On 11/11/2010 12:19, Zaeem Arshad wrote: > Hi List, > > For the past couple of days, my normally fine MailScanner system > started showing signs of sluggishness. At one time, the queue climbed > up to 90,000. We did not observe any sort of spam or other attack > during that period. Since that fateful day, I have tried upgrading the > version from 4.77 to 4.81 but no effect. While I am still trying to > understand why the system is working slow, I have observed that the > queue has more than a 1000 messages but MailScanner processes are > picking up a random number instead of the configured 50 messages. A > log of the processes is available at http://pastebin.com/hgBu66HL. . > For now, I have bypassed MailScanner as the queue buildup is too much > to handle. The incoming workdir is on tmpfs and I haven't seen any > disk or IO issues. Here is the output of MailScanner -version. > > > MailScanner -version > Running on > Linux antivirus5.cyber.net.pk 2.6.18-128.el5 #1 SMP Wed Jan 21 > 10:41:14 EST 2009 x86_64 x86_64 x86_64 GNU/Linux > This is CentOS release 5.3 (Final) > This is Perl version 5.008008 (5.8.8) > > This is MailScanner version 4.81.4 > Module versions are: > 1.00 AnyDBM_File > 1.30 Archive::Zip > 0.23 bignum > 1.04 Carp > 1.41 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.121_08 Data::Dumper > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.74 File::Basename > 2.09 File::Copy > 2.01 FileHandle > 1.08 File::Path > 0.20 File::Temp > 0.90 Filesys::Df > 3.64 HTML::Entities > 3.64 HTML::Parser > 3.57 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.04 Mail::Header > 1.89 Math::BigInt > 0.22 Math::BigRat > 3.07 MIME::Base64 > 5.427 MIME::Decoder > 5.427 MIME::Decoder::UU > 5.427 MIME::Head > 5.427 MIME::Parser > 3.07 MIME::QuotedPrint > 5.427 MIME::Tools > 0.13 Net::CIDR > 1.25 Net::IP > 0.16 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.05 Pod::Simple > 1.09 POSIX > 1.19 Scalar::Util > 1.78 Socket > 2.16 Storable > 1.4 Sys::Hostname::Long > 0.27 Sys::Syslog > 1.26 Test::Pod > 0.86 Test::Simple > 1.9707 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.30 Archive::Tar > 0.23 bignum > 1.82 Business::ISBN > 1.10 Business::ISBN::Data > 1.08 Data::Dump > 1.814 DB_File > 1.25 DBD::SQLite > 1.607 DBI > 1.15 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > 1.00 Encode::Detect > 0.17008 Error > 0.18 ExtUtils::CBuilder > 2.18 ExtUtils::ParseXS > 2.38 Getopt::Long > 0.44 Inline > 1.08 IO::String > 1.04 IO::Zlib > 2.21 IP::Country > missing Mail::ClamAV > 3.002005 Mail::SpamAssassin > v2.004 Mail::SPF > 1.999001 Mail::SPF::Query > 0.2808 Module::Build > 0.20 Net::CIDR::Lite > 0.66 Net::DNS > 0.002.2 Net::DNS::Resolver::Programmable > missing Net::LDAP > 4.004 NetAddr::IP > 1.94 Parse::RecDescent > missing SAVI > 2.64 Test::Harness > 0.95 Test::Manifest > 1.98 Text::Balanced > 1.35 URI > 0.7203 version > 0.62 YAML > > > > Regards > > Zaeem Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From zaeem.arshad at gmail.com Thu Nov 11 12:45:18 2010 From: zaeem.arshad at gmail.com (Zaeem Arshad) Date: Thu Nov 11 12:45:28 2010 Subject: MailScanner performance issues In-Reply-To: References: <4CDBE34C.9010509@ecs.soton.ac.uk> Message-ID: On Thu, Nov 11, 2010 at 5:36 PM, Julian Field wrote: > If it's not picking up full batches, that's because they haven't finished > being delivered to your server so cannot be processed. With over 1500 emails in the hold queue, I think the messages are delivered to the server. Correct? > > I would suggest that you have a lot of incoming sendmail processes and > netstat will probably show loads of port 25/tcp connections inbound. > > Someone's pummelling you with mail. I suspected that first but my rejection rates are the same. I have gone through the postfix logs and did not find any thing suspicious. Regards Zaeem From MailScanner at ecs.soton.ac.uk Thu Nov 11 13:26:04 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Nov 11 13:26:24 2010 Subject: MailScanner performance issues In-Reply-To: References: <4CDBE34C.9010509@ecs.soton.ac.uk> <4CDBEEEC.7080302@ecs.soton.ac.uk> Message-ID: On 11/11/2010 12:45, Zaeem Arshad wrote: > On Thu, Nov 11, 2010 at 5:36 PM, Julian Field > wrote: >> If it's not picking up full batches, that's because they haven't finished >> being delivered to your server so cannot be processed. > With over 1500 emails in the hold queue, I think the messages are > delivered to the server. Correct? Not true. Postfix will move the message into the hold queue as soon as it has enough information to determine that it should be put there, even if it is still being received. That is what made implementing Postfix support in MailScanner so much fun :-) The sure sign that it has finished being received is that MailScanner has picked it up and is processing it. There are a *lot* of tests in MailScanner to be sure that this doesn't happen too early. But it will happen as soon as it is complete. >> I would suggest that you have a lot of incoming sendmail processes and >> netstat will probably show loads of port 25/tcp connections inbound. >> >> Someone's pummelling you with mail. > I suspected that first but my rejection rates are the same. I have > gone through the postfix logs and did not find any thing suspicious. > > Regards > > Zaeem Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maxsec at gmail.com Thu Nov 11 15:26:44 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Thu Nov 11 15:26:55 2010 Subject: MailScanner performance issues In-Reply-To: References: Message-ID: do you : reject invalid recipients on the incoming postfix only run a few RBL's in Spamassassin? run a local caching nameserver? looked at the tuning/performance stuff in the wiki for clues? -- Martin Hepworth Oxford, UK On 11 November 2010 12:19, Zaeem Arshad wrote: > Hi List, > > For the past couple of days, my normally fine MailScanner system > started showing signs of sluggishness. At one time, the queue climbed > up to 90,000. We did not observe any sort of spam or other attack > during that period. Since that fateful day, I have tried upgrading the > version from 4.77 to 4.81 but no effect. While I am still trying to > understand why the system is working slow, I have observed that the > queue has more than a 1000 messages but MailScanner processes are > picking up a random number instead of the configured 50 messages. A > log of the processes is available at http://pastebin.com/hgBu66HL. . > For now, I have bypassed MailScanner as the queue buildup is too much > to handle. The incoming workdir is on tmpfs and I haven't seen any > disk or IO issues. Here is the output of MailScanner -version. > > > MailScanner -version > Running on > Linux antivirus5.cyber.net.pk 2.6.18-128.el5 #1 SMP Wed Jan 21 > 10:41:14 EST 2009 x86_64 x86_64 x86_64 GNU/Linux > This is CentOS release 5.3 (Final) > This is Perl version 5.008008 (5.8.8) > > This is MailScanner version 4.81.4 > Module versions are: > 1.00 AnyDBM_File > 1.30 Archive::Zip > 0.23 bignum > 1.04 Carp > 1.41 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.121_08 Data::Dumper > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.74 File::Basename > 2.09 File::Copy > 2.01 FileHandle > 1.08 File::Path > 0.20 File::Temp > 0.90 Filesys::Df > 3.64 HTML::Entities > 3.64 HTML::Parser > 3.57 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.04 Mail::Header > 1.89 Math::BigInt > 0.22 Math::BigRat > 3.07 MIME::Base64 > 5.427 MIME::Decoder > 5.427 MIME::Decoder::UU > 5.427 MIME::Head > 5.427 MIME::Parser > 3.07 MIME::QuotedPrint > 5.427 MIME::Tools > 0.13 Net::CIDR > 1.25 Net::IP > 0.16 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.05 Pod::Simple > 1.09 POSIX > 1.19 Scalar::Util > 1.78 Socket > 2.16 Storable > 1.4 Sys::Hostname::Long > 0.27 Sys::Syslog > 1.26 Test::Pod > 0.86 Test::Simple > 1.9707 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.30 Archive::Tar > 0.23 bignum > 1.82 Business::ISBN > 1.10 Business::ISBN::Data > 1.08 Data::Dump > 1.814 DB_File > 1.25 DBD::SQLite > 1.607 DBI > 1.15 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > 1.00 Encode::Detect > 0.17008 Error > 0.18 ExtUtils::CBuilder > 2.18 ExtUtils::ParseXS > 2.38 Getopt::Long > 0.44 Inline > 1.08 IO::String > 1.04 IO::Zlib > 2.21 IP::Country > missing Mail::ClamAV > 3.002005 Mail::SpamAssassin > v2.004 Mail::SPF > 1.999001 Mail::SPF::Query > 0.2808 Module::Build > 0.20 Net::CIDR::Lite > 0.66 Net::DNS > 0.002.2 Net::DNS::Resolver::Programmable > missing Net::LDAP > 4.004 NetAddr::IP > 1.94 Parse::RecDescent > missing SAVI > 2.64 Test::Harness > 0.95 Test::Manifest > 1.98 Text::Balanced > 1.35 URI > 0.7203 version > 0.62 YAML > > > > Regards > > Zaeem > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101111/2d546ae4/attachment.html From Amelein at dantumadiel.eu Thu Nov 11 15:54:19 2010 From: Amelein at dantumadiel.eu (Arjan Melein) Date: Thu Nov 11 15:54:38 2010 Subject: Betr.: MailScanner performance issues In-Reply-To: References: Message-ID: <4CDC1FBB0200008E000167B8@10.1.0.206> I'm just going to go down the obvious .. What kind of load is the system giving when you look at 'top' ? Is there anything spiking ? Is there a message stuck in a loop ? (i've had this, it kept resubmitting a single message over and over) Is the filesystem mounted on a network share ? Do you see anything out of the ordinary when you look at 'iotop' or 'iostat' ? How many virusscanners do you have installed that MS uses ? Is any of them giving odd messages ? What do you see when you put 'Log Speed = yes' in the mailscanner.conf Thats .. all i can think of at the moment. I'm assuming the specs for the machine are 'modern' and not an old 486 that you found somewhere ? :-) - Arjan From Amelein at dantumadiel.eu Thu Nov 11 15:56:08 2010 From: Amelein at dantumadiel.eu (Arjan Melein) Date: Thu Nov 11 15:56:28 2010 Subject: Betr.: Re: MailScanner performance issues In-Reply-To: References: Message-ID: <4CDC20280200008E000167BC@10.1.0.206> > reject invalid recipients on the incoming postfix Just adding here .. sqlgrey works awesome for my MS with postfix. Bit of fiddling required to set up. - Arjan From zaeem.arshad at gmail.com Fri Nov 12 06:55:56 2010 From: zaeem.arshad at gmail.com (Zaeem Arshad) Date: Fri Nov 12 06:56:07 2010 Subject: MailScanner performance issues In-Reply-To: References: Message-ID: On Thu, Nov 11, 2010 at 8:26 PM, Martin Hepworth wrote: > do you : > > reject invalid recipients on the incoming postfix > Yes. > only run a few RBL's in Spamassassin? No RBLs in SpamAssassin. All RBL checks are run in postfix > > run a local caching nameserver? Yes. > > looked at the tuning/performance stuff in the wiki for clues? Yes. Infact, I have been using MailScanner for a high volume site (6million emails per day) for over a year now without any problems. Is there any way to debug how much time each MailScanner step is taking? Regards Zaeem From lyndonl at mexcom.co.za Fri Nov 12 08:35:10 2010 From: lyndonl at mexcom.co.za (Lyndon Labuschagne) Date: Fri Nov 12 08:38:38 2010 Subject: MailScanner performance issues In-Reply-To: References: Message-ID: Im not sure if you have this enabled but it might help # Do you want to log the processing speed for each section of the code # for a batch? This can be very useful for diagnosing speed problems, # particularly in spam checking. Log Speed = yes On 12 Nov 2010, at 8:55 AM, Zaeem Arshad wrote: > On Thu, Nov 11, 2010 at 8:26 PM, Martin Hepworth wrote: >> do you : >> >> reject invalid recipients on the incoming postfix >> > Yes. > >> only run a few RBL's in Spamassassin? > No RBLs in SpamAssassin. All RBL checks are run in postfix > >> >> run a local caching nameserver? > > Yes. > >> >> looked at the tuning/performance stuff in the wiki for clues? > > Yes. Infact, I have been using MailScanner for a high volume site > (6million emails per day) for over a year now without any problems. Is > there any way to debug how much time each MailScanner step is taking? > > > Regards > > Zaeem > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From maxsec at gmail.com Fri Nov 12 08:39:29 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Fri Nov 12 08:39:39 2010 Subject: MailScanner performance issues In-Reply-To: References: Message-ID: you can do in MS and SA running it on on the commandling to see if you can replicate the speed issues. (the debug lines in the startup). I'd also check if anythings the URIRBL's, Razor and Pyzor in SA make sure they are still running OK.(could be if you're running the URIRBL tests then spamhaus have greylisted you if you've turned them off or running the paid for feed). -- Martin Hepworth Oxford, UK On 12 November 2010 06:55, Zaeem Arshad wrote: > On Thu, Nov 11, 2010 at 8:26 PM, Martin Hepworth wrote: > > do you : > > > > reject invalid recipients on the incoming postfix > > > Yes. > > > only run a few RBL's in Spamassassin? > No RBLs in SpamAssassin. All RBL checks are run in postfix > > > > > run a local caching nameserver? > > Yes. > > > > > looked at the tuning/performance stuff in the wiki for clues? > > Yes. Infact, I have been using MailScanner for a high volume site > (6million emails per day) for over a year now without any problems. Is > there any way to debug how much time each MailScanner step is taking? > > > Regards > > Zaeem > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101112/eabf54db/attachment.html From zaeem.arshad at gmail.com Fri Nov 12 08:42:21 2010 From: zaeem.arshad at gmail.com (Zaeem Arshad) Date: Fri Nov 12 08:42:31 2010 Subject: MailScanner performance issues In-Reply-To: References: Message-ID: On Fri, Nov 12, 2010 at 1:35 PM, Lyndon Labuschagne wrote: > Im not sure if you have this enabled but it might help > > # Do you want to log the processing speed for each section of the code > # for a batch? This can be very useful for diagnosing speed problems, > # particularly in spam checking. > Log Speed = yes > This is enabled. I was wondering if there is a more detailed debugging available that could log the speeds at each step of the scanning process. > > On 12 Nov 2010, at 8:55 AM, Zaeem Arshad wrote: > >> On Thu, Nov 11, 2010 at 8:26 PM, Martin Hepworth wrote: >>> do you : >>> >>> reject invalid recipients on the incoming postfix >>> >> Yes. >> >>> only run a few RBL's in Spamassassin? >> No RBLs in SpamAssassin. All RBL checks are run in postfix >> >>> >>> run a local caching nameserver? >> >> Yes. >> >>> >>> looked at the tuning/performance stuff in the wiki for clues? >> >> Yes. Infact, I have been using MailScanner for a high volume site >> (6million emails per day) for over a year now without any problems. Is >> there any way to debug how much time each MailScanner step is taking? >> >> >> Regards >> >> Zaeem >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From hvdkooij at vanderkooij.org Fri Nov 12 11:07:13 2010 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Nov 12 11:14:14 2010 Subject: MailScanner performance issues In-Reply-To: References: Message-ID: On Fri, 12 Nov 2010 13:42:21 +0500, Zaeem Arshad wrote: > On Fri, Nov 12, 2010 at 1:35 PM, Lyndon Labuschagne > wrote: >> Im not sure if you have this enabled but it might help >> >> # Do you want to log the processing speed for each section of the >> code >> # for a batch? This can be very useful for diagnosing speed >> problems, >> # particularly in spam checking. >> Log Speed = yes > > This is enabled. I was wondering if there is a more detailed > debugging > available that could log the speeds at each step of the scanning > process. And what section is it currently pointing to as being relative slow? And how slow would that be in fact? Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc From msbeach at clevelandtrack.com Fri Nov 12 13:42:38 2010 From: msbeach at clevelandtrack.com (Mark Beach) Date: Fri Nov 12 13:46:42 2010 Subject: sendmail/mailscanner taking 19 hours to scan two attachments Message-ID: <4CDD444E.4050306@clevelandtrack.com> Our corporate email system is now taking the better part of a day to scan attachments. I need help please. Fedora 8 (werewolf), kernel 2.6.24.3-34.fc8 on a Dell server. sendmail 8.14.2 MailScanner-4.67.6-1 Clam 0.92-1 razor-agents-2.84 SpamAssassin perl5 /var/log/maillog only has one consistent error: ERROR: MALFORMED DATABASE -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: msbeach.vcf Type: text/x-vcard Size: 323 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101112/be56c7e5/msbeach.vcf From hvdkooij at vanderkooij.org Fri Nov 12 14:17:58 2010 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Nov 12 14:24:59 2010 Subject: sendmail/mailscanner taking 19 hours to scan two attachments In-Reply-To: <4CDD444E.4050306@clevelandtrack.com> References: <4CDD444E.4050306@clevelandtrack.com> Message-ID: On Fri, 12 Nov 2010 08:42:38 -0500, Mark Beach wrote: > Our corporate email system is now taking the better part of a day to > scan attachments. I need help please. > > Fedora 8 (werewolf), kernel 2.6.24.3-34.fc8 on a Dell server. > sendmail 8.14.2 > MailScanner-4.67.6-1 > Clam 0.92-1 > razor-agents-2.84 > SpamAssassin > perl5 > > /var/log/maillog only has one consistent error: > > ERROR: MALFORMED DATABASE Have you considered that some of the more critical components are rather outdated? Fedora 12 is about to go out of support. clam is on version 0.96 and versions below 0.95 will suffer from a known bug. See also: http://www.clamav.net/lang/en/2009/10/05/eol-clamav-094/ So frankly I am more then surprised it kept working untill now. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message was chiseled in stone and brought to you by pony express. PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc From alex at rtpty.com Fri Nov 12 14:27:53 2010 From: alex at rtpty.com (Alex Neuman) Date: Fri Nov 12 14:28:33 2010 Subject: sendmail/mailscanner taking 19 hours to scan two attachments In-Reply-To: <4CDD444E.4050306@clevelandtrack.com> References: <4CDD444E.4050306@clevelandtrack.com> Message-ID: <1880471353-1289572101-cardhu_decombobulator_blackberry.rim.net-838975986-@bda478.bisx.prod.on.blackberry> Is anything in the system not out of date? That single line from the log isn't enough information. What have you tried so far regarding the different options outlined in the wiki regarding troubleshooting and optimizations? -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 +1-440-253-9789 (USA) Recuerda visitar http://vidadigital.com.pa/ BB PIN 20EA17C5 Twitter: @AlexNeuman - @VidaDigitalTV http://facebook.com/vidadigital Skype: alexneuman -----Original Message----- From: Mark Beach Sender: mailscanner-bounces@lists.mailscanner.info Date: Fri, 12 Nov 2010 08:42:38 To: Reply-To: MailScanner discussion Subject: sendmail/mailscanner taking 19 hours to scan two attachments Our corporate email system is now taking the better part of a day to scan attachments. I need help please. Fedora 8 (werewolf), kernel 2.6.24.3-34.fc8 on a Dell server. sendmail 8.14.2 MailScanner-4.67.6-1 Clam 0.92-1 razor-agents-2.84 SpamAssassin perl5 /var/log/maillog only has one consistent error: ERROR: MALFORMED DATABASE -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Fri Nov 12 14:33:48 2010 From: alex at rtpty.com (Alex Neuman) Date: Fri Nov 12 14:34:21 2010 Subject: sendmail/mailscanner taking 19 hours to scan two attachments In-Reply-To: <4CDD444E.4050306@clevelandtrack.com> References: <4CDD444E.4050306@clevelandtrack.com> Message-ID: <56E1BE90-3111-4DBD-BA6B-E66A161F86EA@rtpty.com> According to http://tinyurl.com/2ujuueg - you may have a bad download of the Clam database. Considering your version of Clam is dangerously out of date, it's surprising it even runs at all. On Nov 12, 2010, at 8:42 AM, Mark Beach wrote: > ERROR: MALFORMED DATABASE From glenn.steen at gmail.com Fri Nov 12 16:19:03 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Nov 12 16:19:13 2010 Subject: MailScanner performance issues In-Reply-To: References: Message-ID: Check your hold directory for non-queue files/directories. They could foul up things pretty bad. Cheers -- -- Glenn On 12 November 2010 09:42, Zaeem Arshad wrote: > On Fri, Nov 12, 2010 at 1:35 PM, Lyndon Labuschagne > wrote: >> Im not sure if you have this enabled but it might help >> >> # Do you want to log the processing speed for each section of the code >> # for a batch? This can be very useful for diagnosing speed problems, >> # particularly in spam checking. >> Log Speed = yes >> > > This is enabled. I was wondering if there is a more detailed debugging > available that could log the speeds at each step of the scanning > process. > > >> >> On 12 Nov 2010, at 8:55 AM, Zaeem Arshad wrote: >> >>> On Thu, Nov 11, 2010 at 8:26 PM, Martin Hepworth wrote: >>>> do you : >>>> >>>> reject invalid recipients on the incoming postfix >>>> >>> Yes. >>> >>>> only run a few RBL's in Spamassassin? >>> No RBLs in SpamAssassin. All RBL checks are run in postfix >>> >>>> >>>> run a local caching nameserver? >>> >>> Yes. >>> >>>> >>>> looked at the tuning/performance stuff in the wiki for clues? >>> >>> Yes. Infact, I have been using MailScanner for a high volume site >>> (6million emails per day) for over a year now without any problems. Is >>> there any way to debug how much time each MailScanner step is taking? >>> >>> >>> Regards >>> >>> Zaeem >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Fri Nov 12 17:04:57 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Nov 12 17:05:15 2010 Subject: Make links non-clickable and rename attachments? In-Reply-To: <1992506455-1289342597-cardhu_decombobulator_blackberry.rim.net-1219747646-@bda478.bisx.prod.on.blackberry> References: <4CD95855.9060806@ecs.soton.ac.uk> <465411657-1289313476-cardhu_decombobulator_blackberry.rim.net-866720797-@bda478.bisx.prod.on.blackberry> <4CD96E0E.3030900@ecs.soton.ac.uk> <4CD971A2.1050502@tradoc.fr> <4CD9C6C5.708@ecs.soton.ac.uk> <1992506455-1289342597-cardhu_decombobulator_blackberry.rim.net-1219747646-@bda478.bisx.prod.on.blackberry> <4CDD73B9.5000104@ecs.soton.ac.uk> Message-ID: One more thing. In a rule that says something like rename to .txt \.reg$ - - you can also put things like this: rename to -BEWARE.$1_txt \.(reg)$ - - which will rename nastyfile.reg to nastyfile-BEWARE.reg_txt You can put any $1 $2... substitutions in the replacement string, so long as they match up with parenthesised parts of the regular expression you are looking for. Extra Brownie points to the first person who rewrites the "double filename extension trap" rule so that it swaps over the 2 filename extensions! I would be interested if someone can come up with some genuine real-world uses for this. I thought you might find it amusing when I wrote it, but as usual I just couldn't think of quite why :-) On 09/11/2010 22:42, Alex Neuman wrote: > Wow! Thanks a bunch! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From derek.winkler at algorithmics.com Fri Nov 12 19:03:43 2010 From: derek.winkler at algorithmics.com (derek.winkler@algorithmics.com) Date: Fri Nov 12 19:05:20 2010 Subject: Make links non-clickable and rename attachments? In-Reply-To: References: <4CD95855.9060806@ecs.soton.ac.uk> <465411657-1289313476-cardhu_decombobulator_blackberry.rim.net-866720797-@bda478.bisx.prod.on.blackberry> <4CD96E0E.3030900@ecs.soton.ac.uk> <4CD971A2.1050502@tradoc.fr> <4CD9C6C5.708@ecs.soton.ac.uk><1992506455-1289342597-cardhu_decombobulator_blackberry.rim.net-1219747646-@bda478.bisx.prod.on.blackberry><4CDD73B9.5000104@ecs.soton.ac.uk> Message-ID: <52B78B63BA55B44284ACE2DE5106D61106A45807@TORMAIL1.algorithmics.com> rename to .$2.$1 \.([a-z][a-z0-9]{2,3})\.([a-z0-9]{3})$ > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Friday, November 12, 2010 12:05 PM > To: MailScanner discussion > Subject: Re: Make links non-clickable and rename attachments? > > One more thing. > > In a rule that says something like > rename to .txt \.reg$ - - > you can also put things like this: > rename to -BEWARE.$1_txt \.(reg)$ - - > > which will rename > nastyfile.reg > to > nastyfile-BEWARE.reg_txt > > You can put any $1 $2... substitutions in the replacement string, so > long as they match up with parenthesised parts of the regular > expression > you are looking for. > > Extra Brownie points to the first person who rewrites the "double > filename extension trap" rule so that it swaps over the 2 filename > extensions! > > I would be interested if someone can come up with some genuine > real-world uses for this. I thought you might find it amusing when I > wrote it, but as usual I just couldn't think of quite why :-) > > On 09/11/2010 22:42, Alex Neuman wrote: > > Wow! Thanks a bunch! > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------------------------------------------------------------------- This email and any files transmitted with it are confidential and proprietary to Algorithmics Incorporated and its affiliates ("Algorithmics"). If received in error, use is prohibited. Please destroy, and notify sender. Sender does not waive confidentiality or privilege. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. Algorithmics does not accept liability for any errors or omissions. Any commitment intended to bind Algorithmics must be reduced to writing and signed by an authorized signatory. -------------------------------------------------------------------------- From prandal at herefordshire.gov.uk Fri Nov 12 19:06:06 2010 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Nov 12 19:06:27 2010 Subject: blackholes.five-ten-sg.com is no longer operational Message-ID: <7CA580B59C1ABD45B4614ED90D4C7B85019E6A@HC-EXMBX02.herefordshire.gov.uk> Hi folks, If you're using the blackholes.five-ten-sg.com RBL now's the time to disable it. http://www.dnsbl.com/2010/11/status-of-blackholesfive-ten-sgcom-dead.htm Cheers, Phil -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101112/cb4a7c01/attachment.html From arjan at anymore.nl Fri Nov 12 22:41:28 2010 From: arjan at anymore.nl (Arjan Schrijver) Date: Fri Nov 12 22:42:05 2010 Subject: xlsx crashing MailScanner In-Reply-To: <5CC818E72EFF6C4CB0D4DFEF1C4E6CD50F43153980@SERVER01.sts.local> References: <5CC818E72EFF6C4CB0D4DFEF1C4E6CD50F43153980@SERVER01.sts.local> Message-ID: <4CDDC298.6010705@anymore.nl> I'm having this issue as well with both .docx and .xlsx. Changing the max archive depth indeed 'fixes' the problem, although I believe it should be fixed for real. Arjan On 11/08/2010 02:50 AM, Jeff Mills wrote: > > I've got an issue with xlsx files crashing mailscanner since upgrading > to 4.81.4. > > I have found a bug relating to Archive::Zip. > > Is anyone else having this issue? > > For now I have set max archive depth to 0 as a workaround. > > *Jeff Mills* > Description: cid:image001.jpg@01C80A6B.DDA73380 > > *Sydney Technology Solutions Pty Ltd* > *Unit F10, 101 Rookwood Road** > **Yagoona, New South Wales 2199* > > *Phone: 02 8212 4722 > Email: jeff.mills@sydneytech.com.au * > > *Web : www.sydneytech.com.au * > > ** > > ** > > */Living our values, achi/**/eving success/* > > *//* > > /Sydney Technology Solutions' operating philosophy is based on > honesty, enthusiasm, respect, ownership, excellence and service. These > values guide the way we manage our business and the way we service yours./ > > *P****Please consider the environment before printing this email*// > > > *Disclaimer:* > The information contained in this message and or attachments is > intended only for the person or entity to which it is addressed and > may contain confidential and/or privileged material. Any review, > retransmission, dissemination or other use of, or taking of any action > in reliance upon, this information by persons or entities other than > the intended recipient is prohibited. If you received this in error, > please contact the sender and delete the material from any system and > destroy any copies. > -------------- next part -------------- Skipped content of type multipart/related From MailScanner at ecs.soton.ac.uk Fri Nov 12 23:27:44 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Fri Nov 12 23:27:57 2010 Subject: xlsx crashing MailScanner In-Reply-To: <4CDDC298.6010705@anymore.nl> References: <5CC818E72EFF6C4CB0D4DFEF1C4E6CD50F43153980@SERVER01.sts.local> <4CDDC298.6010705@anymore.nl> <4CDDCD70.2030708@ecs.soton.ac.uk> Message-ID: Please can you send me a zip file containing (preferably) a sendmail qf and df file presenting the problem. Then I can take a look and see what's going on that is causing the problem. Jules. On 12/11/2010 22:41, Arjan Schrijver wrote: > I'm having this issue as well with both .docx and .xlsx. > Changing the max archive depth indeed 'fixes' the problem, although I > believe it should be fixed for real. > Arjan > > > On 11/08/2010 02:50 AM, Jeff Mills wrote: >> >> I?ve got an issue with xlsx files crashing mailscanner since >> upgrading to 4.81.4. >> >> I have found a bug relating to Archive::Zip. >> >> Is anyone else having this issue? >> >> For now I have set max archive depth to 0 as a workaround. >> >> *Jeff Mills* >> Description: cid:image001.jpg@01C80A6B.DDA73380 >> >> *Sydney Technology Solutions Pty Ltd* >> *Unit F10, 101 Rookwood Road** >> **Yagoona, New South Wales 2199* >> >> *Phone: 02 8212 4722 >> Email: jeff.mills@sydneytech.com.au >> * >> >> *Web : www.sydneytech.com.au * >> >> ** >> >> ** >> >> */Living our values, achi/**/eving success/* >> >> *//* >> >> /Sydney Technology Solutions? operating philosophy is based on >> honesty, enthusiasm, respect, ownership, excellence and service. >> These values guide the way we manage our business and the way we >> service yours./ >> >> *P****Please consider the environment before printing this email*// >> >> >> *Disclaimer:* >> The information contained in this message and or attachments is >> intended only for the person or entity to which it is addressed and >> may contain confidential and/or privileged material. Any review, >> retransmission, dissemination or other use of, or taking of any >> action in reliance upon, this information by persons or entities >> other than the intended recipient is prohibited. If you received this >> in error, please contact the sender and delete the material from any >> system and destroy any copies. >> Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at mango.zw Sun Nov 14 16:56:50 2010 From: mailscanner at mango.zw (Jim Holland) Date: Sun Nov 14 16:55:20 2010 Subject: Setting Required SpamAssassin Score Message-ID: Hi all I am running MailScanner version 4.79.11 under Debian 5 with Exim4 version 4.69. Using the default MailScanner.conf setting of: Required SpamAssassin Score = 6 I find that MailScanner is quarantining messages as spam when the score is 5: MailScanner[16105]: Message 1PHew2-0004bD-71 from 196.27.122.30 (postmaster@mango.zw) to smtp.mango.zw is spam, SpamAssassin (not cached, score=5.002, required 5, DATE_IN_PAST_12_24 1.77, INVALID_DATE 1.65, MISSING_HEADERS 1.58) I append relevant config lines. Could someone please help out this newbie to SpamAssassin? Regards Jim Holland System Administrator Mango - Zimbabwe's non-profit e-mail service Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = no Use SpamAssassin = yes Max SpamAssassin Size = 200k Required SpamAssassin Score = 6 High SpamAssassin Score = 10 SpamAssassin Auto Whitelist = yes SpamAssassin Timeout = 75 Max SpamAssassin Timeouts = 10 SpamAssassin Timeouts History = 30 Check SpamAssassin If On Spam List = yes Include Binary Attachments In SpamAssassin = no Cache SpamAssassin Results = yes SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db SpamAssassin Rule Actions = Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt Log SpamAssassin Rule Actions = yes SpamAssassin Temporary Dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin User State Dir = /var/lib/MailScanner SpamAssassin Install Prefix = SpamAssassin Site Rules Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = SpamAssassin Default Rules Dir = MCP Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Max SpamAssassin Timeouts = 20 MCP Max SpamAssassin Size = 100k MCP SpamAssassin Timeout = 10 MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf MCP SpamAssassin User State Dir = MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% SpamAssassin Cache Timings = 1800,300,10800,172800,600 Debug SpamAssassin = no From maxsec at gmail.com Sun Nov 14 18:24:52 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Sun Nov 14 18:25:03 2010 Subject: Setting Required SpamAssassin Score In-Reply-To: References: Message-ID: Hi did you restart MailScanner after altering the MailScannerconf? Also is there a link from the spamassassin site preferences dir (where ever local.cf is found, usually /etc/mail/spamassassin but may be different in Debian)? There should be a mailscanner.cf which is a symbolic link to MailScanner.conf -- Martin Hepworth Oxford, UK On 14 November 2010 16:56, Jim Holland wrote: > Hi all > > I am running MailScanner version 4.79.11 under Debian 5 with Exim4 version > 4.69. > > Using the default MailScanner.conf setting of: > > Required SpamAssassin Score = 6 > > I find that MailScanner is quarantining messages as spam when the score is > 5: > > MailScanner[16105]: Message 1PHew2-0004bD-71 from 196.27.122.30 > (postmaster@mango.zw) to smtp.mango.zw is spam, SpamAssassin (not cached, > score=5.002, required 5, DATE_IN_PAST_12_24 1.77, INVALID_DATE 1.65, > MISSING_HEADERS 1.58) > > I append relevant config lines. > > Could someone please help out this newbie to SpamAssassin? > > Regards > > Jim Holland > System Administrator > Mango - Zimbabwe's non-profit e-mail service > > Include Scores In SpamAssassin Report = yes > Always Include SpamAssassin Report = no > Use SpamAssassin = yes > Max SpamAssassin Size = 200k > Required SpamAssassin Score = 6 > High SpamAssassin Score = 10 > SpamAssassin Auto Whitelist = yes > SpamAssassin Timeout = 75 > Max SpamAssassin Timeouts = 10 > SpamAssassin Timeouts History = 30 > Check SpamAssassin If On Spam List = yes > Include Binary Attachments In SpamAssassin = no > Cache SpamAssassin Results = yes > SpamAssassin Cache Database File = > /var/spool/MailScanner/incoming/SpamAssassin.cache.db > SpamAssassin Rule Actions = > Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt > Log SpamAssassin Rule Actions = yes > SpamAssassin Temporary Dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin User State Dir = /var/lib/MailScanner > SpamAssassin Install Prefix = > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > SpamAssassin Local Rules Dir = > SpamAssassin Default Rules Dir = > MCP Required SpamAssassin Score = 1 > MCP High SpamAssassin Score = 10 > MCP Max SpamAssassin Timeouts = 20 > MCP Max SpamAssassin Size = 100k > MCP SpamAssassin Timeout = 10 > MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf > MCP SpamAssassin User State Dir = > MCP SpamAssassin Local Rules Dir = %mcp-dir% > MCP SpamAssassin Default Rules Dir = %mcp-dir% > MCP SpamAssassin Install Prefix = %mcp-dir% > SpamAssassin Cache Timings = 1800,300,10800,172800,600 > Debug SpamAssassin = no > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101114/6f668d58/attachment.html From MailScanner at ecs.soton.ac.uk Sun Nov 14 19:48:30 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sun Nov 14 19:48:49 2010 Subject: Setting Required SpamAssassin Score In-Reply-To: References: <4CE03D0E.3010103@ecs.soton.ac.uk> Message-ID: On 14/11/2010 18:24, Martin Hepworth wrote: > Hi > > did you restart MailScanner after altering the MailScannerconf? > > Also is there a link from the spamassassin site preferences dir (where > ever local.cf is found, usually > /etc/mail/spamassassin but may be different in Debian)? There should > be a mailscanner.cf which is a symbolic link > to MailScanner.conf He meant spam.assassin.prefs.conf at the end of that sentence, not MailScanner.conf. Jules. > On 14 November 2010 16:56, Jim Holland > wrote: > > Hi all > > I am running MailScanner version 4.79.11 under Debian 5 with Exim4 > version > 4.69. > > Using the default MailScanner.conf setting of: > > Required SpamAssassin Score = 6 > > I find that MailScanner is quarantining messages as spam when the > score is 5: > > MailScanner[16105]: Message 1PHew2-0004bD-71 from 196.27.122.30 > (postmaster@mango.zw ) to > smtp.mango.zw is spam, SpamAssassin (not > cached, > score=5.002, required 5, DATE_IN_PAST_12_24 1.77, INVALID_DATE 1.65, > MISSING_HEADERS 1.58) > > I append relevant config lines. > > Could someone please help out this newbie to SpamAssassin? > > Regards > > Jim Holland > System Administrator > Mango - Zimbabwe's non-profit e-mail service > > Include Scores In SpamAssassin Report = yes > Always Include SpamAssassin Report = no > Use SpamAssassin = yes > Max SpamAssassin Size = 200k > Required SpamAssassin Score = 6 > High SpamAssassin Score = 10 > SpamAssassin Auto Whitelist = yes > SpamAssassin Timeout = 75 > Max SpamAssassin Timeouts = 10 > SpamAssassin Timeouts History = 30 > Check SpamAssassin If On Spam List = yes > Include Binary Attachments In SpamAssassin = no > Cache SpamAssassin Results = yes > SpamAssassin Cache Database File = > /var/spool/MailScanner/incoming/SpamAssassin.cache.db > SpamAssassin Rule Actions = > Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt > Log SpamAssassin Rule Actions = yes > SpamAssassin Temporary Dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin User State Dir = /var/lib/MailScanner > SpamAssassin Install Prefix = > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > SpamAssassin Local Rules Dir = > SpamAssassin Default Rules Dir = > MCP Required SpamAssassin Score = 1 > MCP High SpamAssassin Score = 10 > MCP Max SpamAssassin Timeouts = 20 > MCP Max SpamAssassin Size = 100k > MCP SpamAssassin Timeout = 10 > MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf > MCP SpamAssassin User State Dir = > MCP SpamAssassin Local Rules Dir = %mcp-dir% > MCP SpamAssassin Default Rules Dir = %mcp-dir% > MCP SpamAssassin Install Prefix = %mcp-dir% > SpamAssassin Cache Timings = 1800,300,10800,172800,600 > Debug SpamAssassin = no > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Sun Nov 14 19:59:24 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Nov 14 19:59:34 2010 Subject: Setting Required SpamAssassin Score In-Reply-To: References: Message-ID: Hi Jim, You have "Check SpamAssassin If On Spam List = yes" set, but I don't see what the BL settings are ... Very likely your "too low SA score ending up in quarantine" is due to a BL used in MS... And since you have the setting, you also get an SA score... Cheers -- -- Glenn On 14 November 2010 17:56, Jim Holland wrote: > Hi all > > I am running MailScanner version 4.79.11 under Debian 5 with Exim4 version > 4.69. > > Using the default MailScanner.conf setting of: > > ? ? ? ?Required SpamAssassin Score = 6 > > I find that MailScanner is quarantining messages as spam when the score is 5: > > MailScanner[16105]: Message 1PHew2-0004bD-71 from 196.27.122.30 > (postmaster@mango.zw) to smtp.mango.zw is spam, SpamAssassin (not cached, > score=5.002, required 5, DATE_IN_PAST_12_24 1.77, INVALID_DATE 1.65, > MISSING_HEADERS 1.58) > > I append relevant config lines. > > Could someone please help out this newbie to SpamAssassin? > > Regards > > Jim Holland > System Administrator > Mango - Zimbabwe's non-profit e-mail service > > Include Scores In SpamAssassin Report = yes > Always Include SpamAssassin Report = no > Use SpamAssassin = yes > Max SpamAssassin Size = 200k > Required SpamAssassin Score = 6 > High SpamAssassin Score = 10 > SpamAssassin Auto Whitelist = yes > SpamAssassin Timeout = 75 > Max SpamAssassin Timeouts = 10 > SpamAssassin Timeouts History = 30 > Check SpamAssassin If On Spam List = yes > Include Binary Attachments In SpamAssassin = no > Cache SpamAssassin Results = yes > SpamAssassin Cache Database File = > /var/spool/MailScanner/incoming/SpamAssassin.cache.db > SpamAssassin Rule Actions = > Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt > Log SpamAssassin Rule Actions = yes > SpamAssassin Temporary Dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin User State Dir = /var/lib/MailScanner > SpamAssassin Install Prefix = > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > SpamAssassin Local Rules Dir = > SpamAssassin Default Rules Dir = > MCP Required SpamAssassin Score = 1 > MCP High SpamAssassin Score = 10 > MCP Max SpamAssassin Timeouts = 20 > MCP Max SpamAssassin Size = 100k > MCP SpamAssassin Timeout = 10 > MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf > MCP SpamAssassin User State Dir = > MCP SpamAssassin Local Rules Dir = %mcp-dir% > MCP SpamAssassin Default Rules Dir = %mcp-dir% > MCP SpamAssassin Install Prefix = %mcp-dir% > SpamAssassin Cache Timings = 1800,300,10800,172800,600 > Debug SpamAssassin = no > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From terence.km.chan at gmail.com Mon Nov 15 12:02:30 2010 From: terence.km.chan at gmail.com (Terence Chan) Date: Mon Nov 15 12:02:40 2010 Subject: Mail Fail to deliver after ClamAV definition Update today Message-ID: Hi After an update of the definition on ClamAV 2AM GMT, all email on my mail server failed to deliver. An error message shows up like this. Nov 15 01:20:06 mail01a MailScanner[14801]: None of the files matched by the "Monitors For ClamAV Updates" patterns exist! When I restart MailScanner - the MailScanner process die repeatedly. (See the defunct MailScanner) 30589 ? Ss 0:00 MailScanner: starting child 30594 ? S 0:00 MailWatch SQL 30610 pts/1 S+ 0:00 grep MailScanner 30623 ? Z 0:04 [MailScanner] 30629 ? Z 0:04 [MailScanner] 30642 ? Z 0:04 [MailScanner] 30656 ? R 0:04 MailScanner: starting child 30670 ? S 0:00 MailScanner: starting child I have to disable virus scanning before I can restart MaiLScanner and email starts to deliver again. I am running ClamAV 0.96 and using the clamavmodule to activate the ClamAV. This setup has been running for over a year and not giving us any problem. Please advise how we can check what goes wrong. Thanks! -=Terence=- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101115/b3150af7/attachment.html From maxsec at gmail.com Mon Nov 15 12:17:17 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Mon Nov 15 12:17:26 2010 Subject: Mail Fail to deliver after ClamAV definition Update today In-Reply-To: References: Message-ID: Terrance have you tried clearing the defs restarting the update? also worth moving to the clamd method, it's faster to scan, startup the children and the children are smaller as they don't need the virus defs locally. -- Martin Hepworth Oxford, UK On 15 November 2010 12:02, Terence Chan wrote: > Hi After an update of the definition on ClamAV 2AM GMT, all email on my > mail server failed to deliver. > > An error message shows up like this. > > Nov 15 01:20:06 mail01a MailScanner[14801]: None of the files matched by > the "Monitors For ClamAV Updates" patterns exist! > > When I restart MailScanner - the MailScanner process die repeatedly. (See > the defunct MailScanner) > > 30589 ? Ss 0:00 MailScanner: starting child > 30594 ? S 0:00 MailWatch SQL > 30610 pts/1 S+ 0:00 grep MailScanner > 30623 ? Z 0:04 [MailScanner] > 30629 ? Z 0:04 [MailScanner] > 30642 ? Z 0:04 [MailScanner] > 30656 ? R 0:04 MailScanner: starting child > 30670 ? S 0:00 MailScanner: starting child > > > I have to disable virus scanning before I can restart MaiLScanner and email > starts to deliver again. > > I am running ClamAV 0.96 and using the clamavmodule to activate the ClamAV. > This setup has been running for over a year and not giving us any problem. > > Please advise how we can check what goes wrong. > > Thanks! > -=Terence=- > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101115/97f51a88/attachment.html From john at tradoc.fr Mon Nov 15 12:23:23 2010 From: john at tradoc.fr (John Wilcock) Date: Mon Nov 15 12:23:37 2010 Subject: Taint problem calling Archive::Zip? Message-ID: <4CE1263B.7020907@tradoc.fr> Since upgrading from Perl 5.8.8 to 5.12.2 on my gentoo box, I've had several instances of messages "attempting to kill" MailScanner, with .docx (or other similar zip-container format) files as attachments. Running in debug mode gives the following error: Insecure dependency in chmod while running with -T switch at /usr/lib64/perl5/vendor_perl/5.12.2/Archive/Zip/Member.pm line 490 This is with MailScanner 4.81.4, Archive::Zip 1.30. I haven't yet tried with MS 4.82 beta or the developer release of Archive::Zip 1.31_01, but don't see anything in the changelogs that suggests they would help. Any ideas? (other than setting Maximum Archive Depth = 0, which does seem to be an effective if less-than-satisfactory workaround) John. -- -- Over 4000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From terence.km.chan at gmail.com Mon Nov 15 13:23:12 2010 From: terence.km.chan at gmail.com (Terence Chan) Date: Mon Nov 15 13:23:22 2010 Subject: Mail Fail to deliver after ClamAV definition Update today In-Reply-To: References: Message-ID: Hi I just confirmed that the error message "Monitors For ClamAV Updates" patterns exist! shows up way before the MailScanner is giving us problem. so this is not related to the problem I am facing today. Please help me to troubleshoot this issue. I am sure this happens after clamav freshclam and restart the MailScanner. Thanks a lot. On Mon, Nov 15, 2010 at 8:02 PM, Terence Chan wrote: > Hi After an update of the definition on ClamAV 2AM GMT, all email on my > mail server failed to deliver. > > An error message shows up like this. > > Nov 15 01:20:06 mail01a MailScanner[14801]: None of the files matched by > the "Monitors For ClamAV Updates" patterns exist! > > When I restart MailScanner - the MailScanner process die repeatedly. (See > the defunct MailScanner) > > 30589 ? Ss 0:00 MailScanner: starting child > 30594 ? S 0:00 MailWatch SQL > 30610 pts/1 S+ 0:00 grep MailScanner > 30623 ? Z 0:04 [MailScanner] > 30629 ? Z 0:04 [MailScanner] > 30642 ? Z 0:04 [MailScanner] > 30656 ? R 0:04 MailScanner: starting child > 30670 ? S 0:00 MailScanner: starting child > > > I have to disable virus scanning before I can restart MaiLScanner and email > starts to deliver again. > > I am running ClamAV 0.96 and using the clamavmodule to activate the ClamAV. > This setup has been running for over a year and not giving us any problem. > > Please advise how we can check what goes wrong. > > Thanks! > -=Terence=- > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101115/f8103764/attachment.html From steve.freegard at fsl.com Mon Nov 15 14:09:04 2010 From: steve.freegard at fsl.com (Steve Freegard) Date: Mon Nov 15 14:09:19 2010 Subject: Mail Fail to deliver after ClamAV definition Update today In-Reply-To: References: Message-ID: <4CE13F00.9070003@fsl.com> Terence, On 15/11/10 13:23, Terence Chan wrote: > Hi I just confirmed that the error message > > "Monitors For ClamAV Updates" patterns exist! > > shows up way before the MailScanner is giving us problem. so this is not > related to the problem I am facing today. > > Please help me to troubleshoot this issue. I am sure this happens after > clamav freshclam and restart the MailScanner. > I had exactly the same issue on a machine this morning. You don't mention which OS you are using. So depending on where your ClamAV databases are; you'll need to set the following: Monitors for ClamAV Updates = /var/clamav/*.cvd /var/clamav/*.cld /var/clamav/*.inc/*' Change /var/clamav as necessary for your set-up and restart MailScanner and it will start working again. Regards, Steve. From prandal at herefordshire.gov.uk Mon Nov 15 14:22:33 2010 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Nov 15 14:22:52 2010 Subject: Mail Fail to deliver after ClamAV definition Update today In-Reply-To: References: Message-ID: <7CA580B59C1ABD45B4614ED90D4C7B85023BD7@HC-EXMBX02.herefordshire.gov.uk> There was an update to main.cvd version 53 in the weekend, so main.cvd should have become main.cld. What is the full "Monitors For ClamAV Updates" line in your MailScanner.conf? Have you checked the contents of /var/clamav (or wherever your clamav databases are)? Cheers, Phil -- Phil Randal | Infrastructure Engineer NHS Herefordshire & Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Terence Chan Sent: 15 November 2010 13:23 To: mailscanner@lists.mailscanner.info Subject: Re: Mail Fail to deliver after ClamAV definition Update today Hi I just confirmed that the error message "Monitors For ClamAV Updates" patterns exist! shows up way before the MailScanner is giving us problem. so this is not related to the problem I am facing today. Please help me to troubleshoot this issue. I am sure this happens after clamav freshclam and restart the MailScanner. Thanks a lot. On Mon, Nov 15, 2010 at 8:02 PM, Terence Chan > wrote: Hi After an update of the definition on ClamAV 2AM GMT, all email on my mail server failed to deliver. An error message shows up like this. Nov 15 01:20:06 mail01a MailScanner[14801]: None of the files matched by the "Monitors For ClamAV Updates" patterns exist! When I restart MailScanner - the MailScanner process die repeatedly. (See the defunct MailScanner) 30589 ? Ss 0:00 MailScanner: starting child 30594 ? S 0:00 MailWatch SQL 30610 pts/1 S+ 0:00 grep MailScanner 30623 ? Z 0:04 [MailScanner] 30629 ? Z 0:04 [MailScanner] 30642 ? Z 0:04 [MailScanner] 30656 ? R 0:04 MailScanner: starting child 30670 ? S 0:00 MailScanner: starting child I have to disable virus scanning before I can restart MaiLScanner and email starts to deliver again. I am running ClamAV 0.96 and using the clamavmodule to activate the ClamAV. This setup has been running for over a year and not giving us any problem. Please advise how we can check what goes wrong. Thanks! -=Terence=- Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. You should be aware that Herefordshire Council monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101115/03cc6162/attachment.html From maillists at conactive.com Mon Nov 15 16:04:41 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Nov 15 16:04:54 2010 Subject: Mail Fail to deliver after ClamAV definition Update today In-Reply-To: References: Message-ID: Terence Chan wrote on Mon, 15 Nov 2010 20:02:30 +0800: > clamavmodule AFAIK, clamavmodule is deprecated and may not work correctly. You should use clamd. I notice that the *.cld stuff is already in there, that's the default: Monitors for ClamAV Updates = /usr/local/share/clamav/*.cld /usr/local/share/clamav/*.cvd So, the change in definition format should not pose a problem. But your update may have changed the location to the path that Steve lists, depending on your unknown OS/package. And that may also be the reason why your MS doesn't work at all, even if clamavmodule may still work theoretically: the binaries for clamav may have changed location. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From davejones70 at gmail.com Mon Nov 15 20:17:20 2010 From: davejones70 at gmail.com (Dave Jones) Date: Mon Nov 15 20:17:30 2010 Subject: Bitdefender AntiSpam: worth a try? Message-ID: >Hi, > >It looks like Bitdefender just released a free AntiSpam engine for mail >servers (Linux-based): >http://www.bitdefender.com/business/antispam-for-mail-servers.html > >Anyone tried it yet? If so, could it complement MailScanner? > >Thanks! > >Denis I downloaded and installed it but MailScanner doesn't seem to support this version yet in the virus.scanners.conf and the wrapper script. It seems to have some potential goodness since it runs as a daemon. I am using an old version of McAffee that is End-Of-Life on Dec 31 2010. It's terrible taking 3-6 seconds to start and load defs for each batch. Dave -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101115/ae0b83df/attachment.html From Kevin_Miller at ci.juneau.ak.us Mon Nov 15 20:50:41 2010 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Nov 15 20:51:00 2010 Subject: Bitdefender AntiSpam: worth a try? In-Reply-To: References: Message-ID: <4A09477D575C2C4B86497161427DD94C15B0D18A4C@city-exchange07> Taking just a quick glance at it, I see it runs as a milter in Sendmail. As such, it would be called before MailScanner so integration wouldn't make sense in that case. I'm not sure about the other MTA configurations, since I'm not running them and didn't look. Are you just trying to use the antivirus part? If it has a command line option then it could probably be integrated using the custom scanner featrue in MailScanner. But it looks like it's trying to be a full featured anti-spam/anti-virus package. I.e., it's more a replacement for MailScanner rather than an augmentation to it. Again though, my thoughts are based on a 5 minute glance at the web page, so I could be missing the bigger picture... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave Jones Sent: Monday, November 15, 2010 11:17 AM To: mailscanner@lists.mailscanner.info Subject: Bitdefender AntiSpam: worth a try? >Hi, > >It looks like Bitdefender just released a free AntiSpam engine for mail >servers (Linux-based): >http://www.bitdefender.com/business/antispam-for-mail-servers.html > >Anyone tried it yet? If so, could it complement MailScanner? > >Thanks! > >Denis I downloaded and installed it but MailScanner doesn't seem to support this version yet in the virus.scanners.conf and the wrapper script. It seems to have some potential goodness since it runs as a daemon. I am using an old version of McAffee that is End-Of-Life on Dec 31 2010. It's terrible taking 3-6 seconds to start and load defs for each batch. Dave -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101115/655df1e4/attachment.html From Denis.Beauchemin at USherbrooke.ca Mon Nov 15 21:08:02 2010 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Nov 15 21:08:30 2010 Subject: Bitdefender AntiSpam: worth a try? In-Reply-To: <4A09477D575C2C4B86497161427DD94C15B0D18A4C@city-exchange07> References: <4A09477D575C2C4B86497161427DD94C15B0D18A4C@city-exchange07> Message-ID: <4CE1A132.60202@USherbrooke.ca> Le 2010-11-15 15:50, Kevin Miller a ?crit : > Taking just a quick glance at it, I see it runs as a milter in > Sendmail. As such, it would be called before MailScanner so > integration wouldn't make sense in that case. I'm not sure about the > other MTA configurations, since I'm not running them and didn't look. > Are you just trying to use the antivirus part? If it has a command > line option then it could probably be integrated using the custom > scanner featrue in MailScanner. But it looks like it's trying to be a > full featured anti-spam/anti-virus package. I.e., it's more a > replacement for MailScanner rather than an augmentation to it. > Again though, my thoughts are based on a 5 minute glance at the web > page, so I could be missing the bigger picture... > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > > > ------------------------------------------------------------------------ > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Dave Jones > *Sent:* Monday, November 15, 2010 11:17 AM > *To:* mailscanner@lists.mailscanner.info > *Subject:* Bitdefender AntiSpam: worth a try? > > >Hi, > > > >It looks like Bitdefender just released a free AntiSpam engine for mail > >servers (Linux-based): > >http://www.bitdefender.com/business/antispam-for-mail-servers.html > > > >Anyone tried it yet? If so, could it complement MailScanner? > > > >Thanks! > > > >Denis > > I downloaded and installed it but MailScanner doesn't seem to support > this version yet in the virus.scanners.conf and the wrapper script. > > It seems to have some potential goodness since it runs as a daemon. > I am using an old version of McAffee that is End-Of-Life on Dec 31 2010. > It's terrible taking 3-6 seconds to start and load defs for each batch. > > Dave I've looked at the docs and it really looks like a MS replacement without the antivirus part. They left it out of their free offering. They have an interesting twist on phishing and malware detection: they push definitions based on user feedback (a la sa-learn --ham/spam). They collect those submissions from all participating clients. The definitions are screened by humans (so they say) before being pushed to all customers. It may be a replacement for Barricade/MX. We'll be evaluating it as such. Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x62252 F: 819.821.8045 From steve at fsl.com Mon Nov 15 22:05:33 2010 From: steve at fsl.com (Stephen Swaney) Date: Mon Nov 15 22:05:43 2010 Subject: Bitdefender AntiSpam: worth a try? In-Reply-To: <4CE1A132.60202@USherbrooke.ca> References: <4A09477D575C2C4B86497161427DD94C15B0D18A4C@city-exchange07> <4CE1A132.60202@USherbrooke.ca> Message-ID: On Nov 15, 2010, at 4:08 PM, Denis Beauchemin wrote: > > Le 2010-11-15 15:50, Kevin Miller a ?crit : >> Taking just a quick glance at it, I see it runs as a milter in Sendmail. As such, it would be called before MailScanner so integration wouldn't make sense in that case. I'm not sure about the other MTA configurations, since I'm not running them and didn't look. >> Are you just trying to use the antivirus part? If it has a command line option then it could probably be integrated using the custom scanner featrue in MailScanner. But it looks like it's trying to be a full featured anti-spam/anti-virus package. I.e., it's more a replacement for MailScanner rather than an augmentation to it. >> Again though, my thoughts are based on a 5 minute glance at the web page, so I could be missing the bigger picture... >> >> ...Kevin >> -- >> Kevin Miller Registered Linux User No: 307357 >> CBJ MIS Dept. Network Systems Admin., Mail Admin. >> 155 South Seward Street ph: (907) 586-0242 >> Juneau, Alaska 99801 fax: (907 586-4500 >> >> >> ------------------------------------------------------------------------ >> *From:* mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of *Dave Jones >> *Sent:* Monday, November 15, 2010 11:17 AM >> *To:* mailscanner@lists.mailscanner.info >> *Subject:* Bitdefender AntiSpam: worth a try? >> >> >Hi, >> > >> >It looks like Bitdefender just released a free AntiSpam engine for mail >> >servers (Linux-based): >> >http://www.bitdefender.com/business/antispam-for-mail-servers.html >> > >> >Anyone tried it yet? If so, could it complement MailScanner? >> > >> >Thanks! >> > >> >Denis >> >> I downloaded and installed it but MailScanner doesn't seem to support >> this version yet in the virus.scanners.conf and the wrapper script. >> >> It seems to have some potential goodness since it runs as a daemon. >> I am using an old version of McAffee that is End-Of-Life on Dec 31 2010. >> It's terrible taking 3-6 seconds to start and load defs for each batch. >> >> Dave > > I've looked at the docs and it really looks like a MS replacement without the antivirus part. They left it out of their free offering. > > They have an interesting twist on phishing and malware detection: they push definitions based on user feedback (a la sa-learn --ham/spam). They collect those submissions from all participating clients. The definitions are screened by humans (so they say) before being pushed to all customers. > > It may be a replacement for Barricade/MX. We'll be evaluating it as such. > > Denis > > -- > Denis Beauchemin, analyste > Universit? de Sherbrooke, S.T.I. > T: 819.821.8000x62252 F: 819.821.8045 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! We'll probably be looking at adding support for the Daemon into BarricadeMX. It's pretty simple to add any virus scanner that can run as a daemon into BarricadeMX. I'll post progress on the port and our testing of BitDefender. I'm sure the list will be happy to hear any of your impressions and test results.. Thanks, Steve -- Steve Swaney steve@fsl.com 202 595-7760 ext: 601 www.fsl.com The most accurate and cost effective anti-spam solutions available From Jeff.Mills at sydneytech.com.au Tue Nov 16 00:44:13 2010 From: Jeff.Mills at sydneytech.com.au (Jeff Mills) Date: Tue Nov 16 00:44:28 2010 Subject: Taint problem calling Archive::Zip? In-Reply-To: <4CE1263B.7020907@tradoc.fr> References: <4CE1263B.7020907@tradoc.fr> Message-ID: <5CC818E72EFF6C4CB0D4DFEF1C4E6CD50F4986F676@SERVER01.sts.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of John Wilcock > Sent: Monday, 15 November 2010 11:23 PM > To: MailScanner discussion > Subject: Taint problem calling Archive::Zip? > > Since upgrading from Perl 5.8.8 to 5.12.2 on my gentoo box, I've had > several instances of messages "attempting to kill" MailScanner, with > .docx (or other similar zip-container format) files as attachments. > > Running in debug mode gives the following error: > > Insecure dependency in chmod while running with -T switch at > /usr/lib64/perl5/vendor_perl/5.12.2/Archive/Zip/Member.pm line 490 > > This is with MailScanner 4.81.4, Archive::Zip 1.30. I haven't yet tried > with MS 4.82 beta or the developer release of Archive::Zip 1.31_01, but > don't see anything in the changelogs that suggests they would help. > > Any ideas? (other than setting Maximum Archive Depth = 0, which does > seem to be an effective if less-than-satisfactory workaround) > > John. > I have the same issue at one site. I ended up setting the archive depth to zero as a workaround, but I did stumble apon a patch to the perl module somewhere that I didn't have time to look at. Jeff From john at tradoc.fr Tue Nov 16 08:09:29 2010 From: john at tradoc.fr (John Wilcock) Date: Tue Nov 16 08:09:47 2010 Subject: Taint problem calling Archive::Zip? In-Reply-To: <5CC818E72EFF6C4CB0D4DFEF1C4E6CD50F4986F676@SERVER01.sts.local> References: <4CE1263B.7020907@tradoc.fr> <5CC818E72EFF6C4CB0D4DFEF1C4E6CD50F4986F676@SERVER01.sts.local> Message-ID: <4CE23C39.9010407@tradoc.fr> Le 16/11/2010 01:44, Jeff Mills a ?crit : >> Insecure dependency in chmod while running with -T switch at >> /usr/lib64/perl5/vendor_perl/5.12.2/Archive/Zip/Member.pm line 490 > > I have the same issue at one site. I ended up setting the archive > depth to zero as a workaround, but I did stumble apon a patch to the > perl module somewhere that I didn't have time to look at. Could this be it? It certainly looks to fit the symptoms. I'll give the patch a try and report back... John. -- -- Over 4000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From john at tradoc.fr Tue Nov 16 12:03:55 2010 From: john at tradoc.fr (John Wilcock) Date: Tue Nov 16 12:04:16 2010 Subject: Taint problem calling Archive::Zip? In-Reply-To: <4CE23C39.9010407@tradoc.fr> References: <4CE1263B.7020907@tradoc.fr> <5CC818E72EFF6C4CB0D4DFEF1C4E6CD50F4986F676@SERVER01.sts.local> <4CE23C39.9010407@tradoc.fr> Message-ID: <4CE2732B.2050208@tradoc.fr> Le 16/11/2010 09:09, John Wilcock a ?crit : > Le 16/11/2010 01:44, Jeff Mills a ?crit : >>> Insecure dependency in chmod while running with -T switch at >>> /usr/lib64/perl5/vendor_perl/5.12.2/Archive/Zip/Member.pm line 490 >> >> I have the same issue at one site. I ended up setting the archive >> depth to zero as a workaround, but I did stumble apon a patch to the >> perl module somewhere that I didn't have time to look at. > > Could this be it? > It certainly looks to fit the symptoms. I'll give the patch a try and > report back... Tests confirm, for anyone else who might be suffering from this taint issue, that the patch in the CPAN bug does indeed fix the problem. Note that the patch isn't included in the 1.31_01 developer release of Archive::Zip. John. -- -- Over 4000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From terence.km.chan at gmail.com Tue Nov 16 22:14:32 2010 From: terence.km.chan at gmail.com (Terence Chan) Date: Tue Nov 16 22:14:41 2010 Subject: Mail Fail to deliver after ClamAV definition Update today In-Reply-To: <4CE13F00.9070003@fsl.com> References: <4CE13F00.9070003@fsl.com> Message-ID: Thanks Steve and others response to my email. I have the Monitors for ClamAV Updates setup correctly, but still the MailScanner is not starting up correctly. As Kai and Martin have suggested, I may just change to clamd instead. Best Regards, On Tue, Nov 16, 2010 at 1:09 AM, Steve Freegard wrote: > Terence, > > > On 15/11/10 13:23, Terence Chan wrote: > >> Hi I just confirmed that the error message >> >> "Monitors For ClamAV Updates" patterns exist! >> >> shows up way before the MailScanner is giving us problem. so this is not >> related to the problem I am facing today. >> >> Please help me to troubleshoot this issue. I am sure this happens after >> clamav freshclam and restart the MailScanner. >> >> > I had exactly the same issue on a machine this morning. > > You don't mention which OS you are using. So depending on where your > ClamAV databases are; you'll need to set the following: > > Monitors for ClamAV Updates = /var/clamav/*.cvd /var/clamav/*.cld > /var/clamav/*.inc/*' > > Change /var/clamav as necessary for your set-up and restart MailScanner and > it will start working again. > > Regards, > Steve. > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101117/fdedb537/attachment.html From johnnyb at marlboro.edu Wed Nov 17 17:34:00 2010 From: johnnyb at marlboro.edu (John Baker) Date: Wed Nov 17 17:34:56 2010 Subject: rule actions and reports Message-ID: <4CE41208.1020608@marlboro.edu> Hi, I'm tweaking things to catch more scams and wanted to clarify some parts of rule actions that I'm not sure I understand. I have found that almost all of the scams that come through get scored by scamnailer but some don't get any other rule hits and thus don't get marked. For the ones that don't get caught by scamnailer or an RBL I'm working on a custom spamassin rule to catch key phrases in the subject and/or sender. For all of these instances what I want is to deliver the mail as an attachment and include a report stating that it looks like a scam and where to send questions. It would be nice to mangle the subject with something like "Scam?" as well. But it should still use spam and high scoring spam actions as well if it scores high enough. It seems clear enough that I can use "attachment" for certain rules under "SpamAssassin Rule Actions" in addition to spam actions but it's not clear if it can include some kind of report along with it as it does with Spam Action or High Scoring Spam Action. Can a rule action trigger a custom inline report or even the standard inline spam report? I don't use it for other spam actions so altering it there would suit my purposes fine. And can header "name: value" insert a word into the subject rather than just write a new header? Thanks -- John Baker Network Systems Administrator Marlboro College Phone: 451-7551 Cell: 451-6748 From lepage at grm.polymtl.ca Thu Nov 18 02:08:26 2010 From: lepage at grm.polymtl.ca (Rejean Lepage) Date: Thu Nov 18 02:24:45 2010 Subject: MailScanner 4.81.4-1 on Solaris 9 ? In-Reply-To: References: Message-ID: <4CE48A9A.3090705@grm.polymtl.ca> Hello all, I rarely have to ask questions but now my logs are filling with this... continuously. I was using 4.81.4-1 and then try to go back to an older version 4.79.11 but had the same result. any idea ? Nov 17 20:59:15 localhost MailScanner[9091]: MailScanner E-Mail Virus Scanner version 4.79.11 starting... Nov 17 20:59:15 localhost MailScanner[9091]: Reading configuration file /opt/MailScanner/etc/MailScanner.conf Nov 17 20:59:15 localhost MailScanner[9091]: Reading configuration file /opt/MailScanner/etc/conf.d/README Nov 17 20:59:15 localhost MailScanner[9091]: Read 866 hostnames from the phishing whitelist Nov 17 20:59:15 localhost MailScanner[9091]: Read 6113 hostnames from the phishing blacklists Nov 17 20:59:16 localhost MailScanner[9091]: Using SpamAssassin results cache Nov 17 20:59:16 localhost MailScanner[9091]: Connected to SpamAssassin cache database Nov 17 20:59:17 localhost MailScanner[8974]: None of the files matched by the "Monitors For ClamAV Updates" patterns exist! Nov 17 20:59:18 localhost MailScanner[9091]: I have found clamavmodule f-prot-6 scanners installed, and will use them all by default. Nov 17 20:59:20 localhost MailScanner[9132]: MailScanner E-Mail Virus Scanner version 4.79.11 starting... Nov 17 20:59:20 localhost MailScanner[9132]: Reading configuration file /opt/MailScanner/etc/MailScanner.conf Nov 17 20:59:20 localhost MailScanner[9132]: Reading configuration file /opt/MailScanner/etc/conf.d/README Nov 17 20:59:20 localhost MailScanner[9132]: Read 866 hostnames from the phishing whitelist Nov 17 20:59:20 localhost MailScanner[9132]: Read 6113 hostnames from the phishing blacklists Nov 17 20:59:21 localhost MailScanner[9132]: Using SpamAssassin results cache Nov 17 20:59:21 localhost MailScanner[9132]: Connected to SpamAssassin cache database Nov 17 20:59:22 localhost MailScanner[9013]: None of the files matched by the "Monitors For ClamAV Updates" patterns exist! Nov 17 20:59:23 localhost MailScanner[9132]: I have found clamavmodule f-prot-6 scanners installed, and will use them all by default. Nov 17 20:59:25 localhost MailScanner[9171]: MailScanner E-Mail Virus Scanner version 4.79.11 starting... Nov 17 20:59:25 localhost MailScanner[9171]: Reading configuration file /opt/MailScanner/etc/MailScanner.conf Nov 17 20:59:25 localhost MailScanner[9171]: Reading configuration file /opt/MailScanner/etc/conf.d/README Nov 17 20:59:25 localhost MailScanner[9171]: Read 866 hostnames from the phishing whitelist Nov 17 20:59:25 localhost MailScanner[9171]: Read 6113 hostnames from the phishing blacklists Nov 17 20:59:26 localhost MailScanner[9171]: Using SpamAssassin results cache Nov 17 20:59:26 localhost MailScanner[9171]: Connected to SpamAssassin cache database Nov 17 20:59:27 localhost MailScanner[9052]: None of the files matched by the "Monitors For ClamAV Updates" patterns exist! Nov 17 20:59:28 localhost MailScanner[9171]: I have found clamavmodule f-prot-6 scanners installed, and will use them all by default. Nov 17 20:59:30 localhost MailScanner[9210]: MailScanner E-Mail Virus Scanner version 4.79.11 starting... Nov 17 20:59:30 localhost MailScanner[9210]: Reading configuration file /opt/MailScanner/etc/MailScanner.conf Nov 17 20:59:30 localhost MailScanner[9210]: Reading configuration file /opt/MailScanner/etc/conf.d/README Nov 17 20:59:30 localhost MailScanner[9210]: Read 866 hostnames from the phishing whitelist Nov 17 20:59:30 localhost MailScanner[9210]: Read 6113 hostnames from the phishing blacklists Nov 17 20:59:31 localhost MailScanner[9210]: Using SpamAssassin results cache Nov 17 20:59:31 localhost MailScanner[9210]: Connected to SpamAssassin cache database Nov 17 20:59:33 localhost MailScanner[9091]: None of the files matched by the "Monitors For ClamAV Updates" patterns exist! Nov 17 20:59:33 localhost MailScanner[9210]: I have found clamavmodule f-prot-6 scanners installed, and will use them all by default. Nov 17 20:59:35 localhost MailScanner[9252]: MailScanner E-Mail Virus Scanner version 4.79.11 starting... Nov 17 20:59:35 localhost MailScanner[9252]: Reading configuration file /opt/MailScanner/etc/MailScanner.conf Nov 17 20:59:35 localhost MailScanner[9252]: Reading configuration file /opt/MailScanner/etc/conf.d/README Nov 17 20:59:35 localhost MailScanner[9252]: Read 866 hostnames from the phishing whitelist Nov 17 20:59:35 localhost MailScanner[9252]: Read 6113 hostnames from the phishing blacklists Nov 17 20:59:36 localhost MailScanner[9252]: Using SpamAssassin results cache Nov 17 20:59:36 localhost MailScanner[9252]: Connected to SpamAssassin cache database Nov 17 20:59:38 localhost MailScanner[9132]: None of the files matched by the "Monitors For ClamAV Updates" patterns exist! Nov 17 20:59:38 localhost MailScanner[9252]: I have found clamavmodule f-prot-6 scanners installed, and will use them all by default. Nov 17 20:59:40 localhost MailScanner[9292]: MailScanner E-Mail Virus Scanner version 4.79.11 starting... Nov 17 20:59:40 localhost MailScanner[9292]: Reading configuration file /opt/MailScanner/etc/MailScanner.conf Nov 17 20:59:40 localhost MailScanner[9292]: Reading configuration file /opt/MailScanner/etc/conf.d/README Nov 17 20:59:40 localhost MailScanner[9292]: Read 866 hostnames from the phishing whitelist Nov 17 20:59:40 localhost MailScanner[9292]: Read 6113 hostnames from the phishing blacklists Nov 17 20:59:41 localhost MailScanner[9292]: Using SpamAssassin results cache Nov 17 20:59:41 localhost MailScanner[9292]: Connected to SpamAssassin cache database Nov 17 20:59:43 localhost MailScanner[9171]: None of the files matched by the "Monitors For ClamAV Updates" patterns exist! Nov 17 20:59:43 localhost MailScanner[9292]: I have found clamavmodule f-prot-6 scanners installed, and will use them all by default. -- R?jean Lepage, M.Sc. Charg? de cours/Lecturer Z-410 Analyst / Senior System Administrator Microelectronic Research Group/VLSI Electrical Eng, Ecole Polytechnique / Montreal University / Canada http://www.grm.polymtl.ca/~lepage Tel: (514) 340-4711 Ext: 4837 Fax: (514) 340-4147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 260 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101117/8165b188/signature.bin From lepage at grm.polymtl.ca Thu Nov 18 02:51:52 2010 From: lepage at grm.polymtl.ca (Rejean Lepage) Date: Thu Nov 18 02:52:15 2010 Subject: MailScanner 4.81.4-1 on Solaris 9 ? In-Reply-To: <4CE48A9A.3090705@grm.polymtl.ca> References: <4CE48A9A.3090705@grm.polymtl.ca> Message-ID: <4CE494C8.2050302@grm.polymtl.ca> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 260 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101117/a2ddc473/signature.bin From noel.butler at ausics.net Thu Nov 18 03:26:28 2010 From: noel.butler at ausics.net (Noel Butler) Date: Thu Nov 18 03:26:41 2010 Subject: MailScanner 4.81.4-1 on Solaris 9 ? In-Reply-To: <4CE494C8.2050302@grm.polymtl.ca> References: <4CE48A9A.3090705@grm.polymtl.ca> <4CE494C8.2050302@grm.polymtl.ca> Message-ID: <1290050788.15500.2.camel@tardis> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101118/93c995a1/attachment.bin From lepage at grm.polymtl.ca Fri Nov 19 23:22:15 2010 From: lepage at grm.polymtl.ca (Rejean Lepage) Date: Fri Nov 19 23:22:35 2010 Subject: MailScanner 4.81.4-1 on Solaris 9 ? In-Reply-To: <1290050788.15500.2.camel@tardis> References: <4CE48A9A.3090705@grm.polymtl.ca> <4CE494C8.2050302@grm.polymtl.ca> <1290050788.15500.2.camel@tardis> Message-ID: <4CE706A7.90009@grm.polymtl.ca> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 260 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101119/107241b8/signature.bin From glenn.steen at gmail.com Fri Nov 19 23:55:02 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Nov 19 23:55:12 2010 Subject: MailScanner 4.81.4-1 on Solaris 9 ? In-Reply-To: <4CE706A7.90009@grm.polymtl.ca> References: <4CE48A9A.3090705@grm.polymtl.ca> <4CE494C8.2050302@grm.polymtl.ca> <1290050788.15500.2.camel@tardis> <4CE706A7.90009@grm.polymtl.ca> Message-ID: On 20 November 2010 00:22, Rejean Lepage wrote: > thanks Noel, > > no perl was not recently updated. > and here is the output of MailScanner --lint > > not sure were the virus is stored and why it reported that clamav is > outdated? > > > =========================================================================== > =========================================================================== > % /opt/MailScanner/bin/MailScanner --lint > Trying to setlogsock(udp) > > > Reading configuration file /opt/MailScanner/etc/MailScanner.conf > Reading configuration file /opt/MailScanner/etc/conf.d/README > Read 866 hostnames from the phishing whitelist > Read 1601 hostnames from the phishing blacklists > > Checking version numbers... > Version number in MailScanner.conf (4.81.4) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > MailScanner setting GID to (25) > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > > I have found clamavmodule f-prot-6 scanners installed, and will use them > all by default. > * > LibClamAV Warning: ************************************************** > LibClamAV Warning: *** The virus database is older than 7 days! *** > LibClamAV Warning: *** Please update it as soon as possible. *** > LibClamAV Warning: *************************************************** > > You may have an old libclamav lurking around on your system, or even multiple clamav installations entire... can happen if you both have installed from a package (like an RPM package) and from source (tarball, Jules packaging....) ... Make sure you only have one and that that is up to date. Also consider switching to clamd, which is way more efficient than clamavmodule... Yes, it needs some setting up, but is wel worth it... Look in the wiki for tips on how to do the switch. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101120/71533264/attachment.html From mailscanner at mango.zw Sun Nov 21 11:43:00 2010 From: mailscanner at mango.zw (Jim Holland) Date: Sun Nov 21 11:40:45 2010 Subject: Setting Required SpamAssassin Score In-Reply-To: Message-ID: Hi Martin and Jules Thanks for your feedback, which was very helpful as I had not set up the symbolic link. Unfortunately that did not solve my original problem, as MailScanner still used the default value of 5.0 for SpamAssassin. I could only hit myself over the head when I finally tracked down the cause of the problem: On this new server (which I am just getting to grips with) I am using for the first time the very useful "include /etc/MailScanner/conf.d/*" facility and I had been storing all the modifications to a local configuration file there, and that had the default value of 5.0 set in it. However I was trying to change the SpamAssassin score in the MailScanner.conf file, which of course was then duly ignored . . . What can I say? I will try and take comfort in the thought that there must be at least one or two others that have made this kind of mistake at some time or other in the long distant past. No? Regards Jim Holland On Sun, 14 Nov 2010, Jules Field wrote: > Date: Sun, 14 Nov 2010 19:48:30 +0000 > From: Jules Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: Setting Required SpamAssassin Score > > > > On 14/11/2010 18:24, Martin Hepworth wrote: > > Hi > > > > did you restart MailScanner after altering the MailScannerconf? > > > > Also is there a link from the spamassassin site preferences dir (where > > ever local.cf is found, usually > > /etc/mail/spamassassin but may be different in Debian)? There should > > be a mailscanner.cf which is a symbolic link > > to MailScanner.conf > He meant spam.assassin.prefs.conf at the end of that sentence, not > MailScanner.conf. > > Jules. > > > On 14 November 2010 16:56, Jim Holland > > wrote: > > > > Hi all > > > > I am running MailScanner version 4.79.11 under Debian 5 with Exim4 > > version > > 4.69. > > > > Using the default MailScanner.conf setting of: > > > > Required SpamAssassin Score = 6 > > > > I find that MailScanner is quarantining messages as spam when the > > score is 5: > > > > MailScanner[16105]: Message 1PHew2-0004bD-71 from 196.27.122.30 > > (postmaster@mango.zw ) to > > smtp.mango.zw is spam, SpamAssassin (not > > cached, > > score=5.002, required 5, DATE_IN_PAST_12_24 1.77, INVALID_DATE 1.65, > > MISSING_HEADERS 1.58) > > > > I append relevant config lines. > > > > Could someone please help out this newbie to SpamAssassin? > > > > Regards > > > > Jim Holland > > System Administrator > > Mango - Zimbabwe's non-profit e-mail service > > > > Include Scores In SpamAssassin Report = yes > > Always Include SpamAssassin Report = no > > Use SpamAssassin = yes > > Max SpamAssassin Size = 200k > > Required SpamAssassin Score = 6 > > High SpamAssassin Score = 10 > > SpamAssassin Auto Whitelist = yes > > SpamAssassin Timeout = 75 > > Max SpamAssassin Timeouts = 10 > > SpamAssassin Timeouts History = 30 > > Check SpamAssassin If On Spam List = yes > > Include Binary Attachments In SpamAssassin = no > > Cache SpamAssassin Results = yes > > SpamAssassin Cache Database File = > > /var/spool/MailScanner/incoming/SpamAssassin.cache.db > > SpamAssassin Rule Actions = > > Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt > > Log SpamAssassin Rule Actions = yes > > SpamAssassin Temporary Dir = > > /var/spool/MailScanner/incoming/SpamAssassin-Temp > > SpamAssassin User State Dir = /var/lib/MailScanner > > SpamAssassin Install Prefix = > > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > > SpamAssassin Local Rules Dir = > > SpamAssassin Default Rules Dir = > > MCP Required SpamAssassin Score = 1 > > MCP High SpamAssassin Score = 10 > > MCP Max SpamAssassin Timeouts = 20 > > MCP Max SpamAssassin Size = 100k > > MCP SpamAssassin Timeout = 10 > > MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf > > MCP SpamAssassin User State Dir = > > MCP SpamAssassin Local Rules Dir = %mcp-dir% > > MCP SpamAssassin Default Rules Dir = %mcp-dir% > > MCP SpamAssassin Install Prefix = %mcp-dir% > > SpamAssassin Cache Timings = 1800,300,10800,172800,600 > > Debug SpamAssassin = no > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > Jules > > Regards Jim Holland System Administrator Mango - Zimbabwe's non-profit e-mail service From bonivart at opencsw.org Mon Nov 22 10:30:15 2010 From: bonivart at opencsw.org (Peter Bonivart) Date: Mon Nov 22 10:30:45 2010 Subject: Virus scanners able to run as a daemon? Message-ID: Does anyone know which virus scanners I can run as a daemon, besides ClamAV of course? I think F-prot is able to, anyone use that? Is it simple to install, keep updated and so on? How does it compare to ClamAV? /peter From ms-list at alexb.ch Mon Nov 22 10:46:00 2010 From: ms-list at alexb.ch (Alex Broens) Date: Mon Nov 22 10:46:20 2010 Subject: Virus scanners able to run as a daemon? In-Reply-To: References: Message-ID: <4CEA49E8.1080706@alexb.ch> On 2010-11-22 11:30, Peter Bonivart wrote: > Does anyone know which virus scanners I can run as a daemon, besides > ClamAV of course? > > I think F-prot is able to, anyone use that? Is it simple to install, > keep updated and so on? How does it compare to ClamAV? Its simple to install robust, easy to handle and the price is right. Compare to ClamAv? It has caused less issues than ClamAV. Detection is good. From steve at fsl.com Mon Nov 22 12:41:46 2010 From: steve at fsl.com (Stephen Swaney) Date: Mon Nov 22 12:41:57 2010 Subject: Virus scanners able to run as a daemon? In-Reply-To: <4CEA49E8.1080706@alexb.ch> References: <4CEA49E8.1080706@alexb.ch> Message-ID: <2B6625B4-C5A8-4985-AE67-1BF7142EB116@fsl.com> On Nov 22, 2010, at 5:46 AM, Alex Broens wrote: > On 2010-11-22 11:30, Peter Bonivart wrote: >> Does anyone know which virus scanners I can run as a daemon, besides >> ClamAV of course? >> >> I think F-prot is able to, anyone use that? Is it simple to install, >> keep updated and so on? How does it compare to ClamAV? > > Its simple to install > robust, easy to handle and the price is right. > > Compare to ClamAv? > It has caused less issues than ClamAV. > Detection is good. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! Agreed. And we've used it for years. Steve -- Steve Swaney steve@fsl.com www.fsl.com From post at damschott.dk Mon Nov 22 20:34:42 2010 From: post at damschott.dk (=?ISO-8859-1?Q?S=F8ren_Dam?=) Date: Mon Nov 22 20:34:53 2010 Subject: Non Spam actions problem Message-ID: Dear Folks I want to send a copy of the non spam mails to another mailbox for some specific mail users. I have made this Non.SpamAction.Rules file: ".. FromOrTo: aa@bb.com forward cc@bb.com FromOrTo: default deliver header "X-Spam-Status: No" .." And I've put this line i Mailscanner.conf Non Spam Actions = %rules-dir%/Non.Spam.Action.Rules It does not seem to forward any mail at all. What do I do wrong? /Soeren -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101122/d668e5d4/attachment.html From MailScanner at ecs.soton.ac.uk Mon Nov 22 20:53:16 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Nov 22 20:53:30 2010 Subject: Non Spam actions problem In-Reply-To: References: <4CEAD83C.7090103@ecs.soton.ac.uk> Message-ID: On 22/11/2010 20:34, S?ren Dam wrote: > Dear Folks > > I want to send a copy of the non spam mails to another mailbox for > some specific mail users. I have made this Non.SpamAction.Rules file: > > ".. > FromOrTo: aa@bb.com forward cc@bb.com > You want to add the action "deliver" to that line as well, or the original recipient will not get their copy of the message. > > FromOrTo: default deliver header "X-Spam-Status: No" > > .." > > And I've put this line i Mailscanner.conf > > Non Spam Actions = %rules-dir%/Non.Spam.Action.Rules Did you ask MailScanner to reload its config after making the change? "service MailScanner reload" will work on quite a few platforms, otherwise try "/etc/init.d/MailScanner reload". And also try doing the command MailScanner --lint to see what that says about your configuration. And also look in your /var/log/maillog to see what MailScanner is logging when it starts up, there may be some error messages in there. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From noel.butler at ausics.net Mon Nov 22 23:09:05 2010 From: noel.butler at ausics.net (Noel Butler) Date: Mon Nov 22 23:10:53 2010 Subject: Virus scanners able to run as a daemon? In-Reply-To: <4CEA49E8.1080706@alexb.ch> References: <4CEA49E8.1080706@alexb.ch> Message-ID: <1290467345.5463.5.camel@tardis> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101123/00ad91e3/attachment.bin From bonivart at opencsw.org Mon Nov 22 23:24:38 2010 From: bonivart at opencsw.org (Peter Bonivart) Date: Mon Nov 22 23:25:07 2010 Subject: Virus scanners able to run as a daemon? In-Reply-To: <1290467345.5463.5.camel@tardis> References: <4CEA49E8.1080706@alexb.ch> <1290467345.5463.5.camel@tardis> Message-ID: On Tue, Nov 23, 2010 at 12:09 AM, Noel Butler wrote: > Actually, the price is not right, you need to pay per address regardless, we > had argument with them over this on a sec mx server > where we had to guess, and assumed if we had 100K users on primary, we'd > have to pay for 100K on primary AND another 100K license for secondary, > rather than the far cheaper file server license for sec MX, end result, we > told em to shove it and use clamav everywhere. What do you mean per user? I'm only interested in a file scanner, no integration with the mail server software. When looking at their products it looks like the file scanner for $299/year fits the bill. /peter From noel.butler at ausics.net Mon Nov 22 23:25:07 2010 From: noel.butler at ausics.net (Noel Butler) Date: Mon Nov 22 23:26:16 2010 Subject: Virus scanners able to run as a daemon? In-Reply-To: <1290467345.5463.5.camel@tardis> References: <4CEA49E8.1080706@alexb.ch> <1290467345.5463.5.camel@tardis> Message-ID: <1290468307.5463.15.camel@tardis> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101123/a51dc55a/attachment.bin From noel.butler at ausics.net Mon Nov 22 23:39:40 2010 From: noel.butler at ausics.net (Noel Butler) Date: Mon Nov 22 23:39:52 2010 Subject: Virus scanners able to run as a daemon? In-Reply-To: References: <4CEA49E8.1080706@alexb.ch> <1290467345.5463.5.camel@tardis> Message-ID: <1290469180.5463.17.camel@tardis> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101123/780ce94d/attachment.bin From alex at rtpty.com Mon Nov 22 23:47:07 2010 From: alex at rtpty.com (Alex Neuman) Date: Mon Nov 22 23:47:17 2010 Subject: Virus scanners able to run as a daemon? In-Reply-To: References: <4CEA49E8.1080706@alexb.ch> <1290467345.5463.5.camel@tardis> Message-ID: They don't "see it" that way. They "see it" as a "per e-mail address" (not even per mailbox) thing. Just as they have every right to see "their" point of view as "correct", you have every right to believe your point of view. FWIW I happen to agree with *you*, but I recognize their right to sell (or not sell) their software as they see fit, just as I recognize your right to take your business elsewhere, such as with ClamAV. Which I also like better, for other reasons. On Mon, Nov 22, 2010 at 6:24 PM, Peter Bonivart wrote: > On Tue, Nov 23, 2010 at 12:09 AM, Noel Butler wrote: >> Actually, the price is not right, you need to pay per address regardless, we >> had argument with them over this on a sec mx server >> where we had to guess, and assumed if we had 100K users on primary, we'd >> have to pay for 100K on primary AND another 100K license for secondary, >> rather than the far cheaper file server license for sec MX, end result, we >> told em to shove it and use clamav everywhere. > > What do you mean per user? I'm only interested in a file scanner, no > integration with the mail server software. When looking at their > products it looks like the file scanner for $299/year fits the bill. > > /peter > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 BB Pin: 20EA17C5 alex@rtpty.com Skype: alexneuman From post at damschott.dk Tue Nov 23 09:51:05 2010 From: post at damschott.dk (=?ISO-8859-1?Q?S=F8ren_Dam?=) Date: Tue Nov 23 09:51:15 2010 Subject: Non Spam actions problem In-Reply-To: References: <4CEAD83C.7090103@ecs.soton.ac.uk> Message-ID: 2010/11/22 Jules Field > > > On 22/11/2010 20:34, S?ren Dam wrote: > >> Dear Folks >> >> I want to send a copy of the non spam mails to another mailbox for some >> specific mail users. I have made this Non.SpamAction.Rules file: >> >> ".. >> FromOrTo: aa@bb.com forward cc@bb.com > cc@bb.com> >> > You want to add the action "deliver" to that line as well, or the original > recipient will not get their copy of the message. > > >> FromOrTo: default deliver header "X-Spam-Status: No" >> >> .." >> >> And I've put this line i Mailscanner.conf >> >> Non Spam Actions = %rules-dir%/Non.Spam.Action.Rules >> > Did you ask MailScanner to reload its config after making the change? > "service MailScanner reload" will work on quite a few platforms, otherwise > try "/etc/init.d/MailScanner reload". > > I reload the configuration every time I do a change.. > And also try doing the command > MailScanner --lint > to see what that says about your configuration. > Mailscanner --lint did'nt return any errors > > And also look in your /var/log/maillog to see what MailScanner is logging > when it starts up, there may be some error messages in there. > > Maillog didn't return any errors on the reload Can I see if the copy of the mail is going into outgoing spool? > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101123/fb5bf629/attachment.html From dgattis at floydboe.net Tue Nov 23 11:17:29 2010 From: dgattis at floydboe.net (Dave Gattis) Date: Tue Nov 23 11:17:41 2010 Subject: dk-filter, postfix, and mailscanner Message-ID: <88c55d6bb15065d974917a362ce55538.squirrel@mail.romehosting.com> Hello everyone, Yahoo is sticking my mail straight in the junk folder, so it looks like domainkeys is my only hope. While I was at it, I also installed dkim, which works perfectly. Domainkeys is set up too but no matter what I do, the test always comes back as bad signature. I've tried installing domainkeys without dkim and the test still fails. Has anyone had any luck with this setup? Debian 4.1.2 Postfix 2.5.5 Mailscanner 4.81 DK-Filter 1.0.0 Thanks! Dave From hvdkooij at vanderkooij.org Tue Nov 23 11:43:18 2010 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Nov 23 11:50:36 2010 Subject: dk-filter, postfix, and mailscanner In-Reply-To: <88c55d6bb15065d974917a362ce55538.squirrel@mail.romehosting.com> References: <88c55d6bb15065d974917a362ce55538.squirrel@mail.romehosting.com> Message-ID: On Tue, 23 Nov 2010 06:17:29 -0500, "Dave Gattis" wrote: > Hello everyone, > Yahoo is sticking my mail straight in the junk folder, so it looks > like > domainkeys is my only hope. While I was at it, I also installed > dkim, > which works perfectly. Domainkeys is set up too but no matter what I > do, > the test always comes back as bad signature. I've tried installing > domainkeys without dkim and the test still fails. Has anyone had any > luck > with this setup? Given the amount of crap messages I get from Yahoo I am more and more leaning towards a full ban on Yahoo traffic. In my experience the presence of a DKIM signature is more likely to indicate that a message is spam then non-spam. So in my experience DKIM failed to contribute towards a reduction in SPAM messages. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc From dgattis at floydboe.net Tue Nov 23 11:54:50 2010 From: dgattis at floydboe.net (Dave Gattis) Date: Tue Nov 23 11:55:02 2010 Subject: dk-filter, postfix, and mailscanner In-Reply-To: References: <88c55d6bb15065d974917a362ce55538.squirrel@mail.romehosting.com> Message-ID: <0b5ed0cf1fae0295fdeaaffd308e7fb4.squirrel@mail.romehosting.com> I'm not using it for filtering. I'm using it to get Yahoo to accept my mail. Dave Hugo van der Kooij wrote: > On Tue, 23 Nov 2010 06:17:29 -0500, "Dave Gattis" > wrote: >> Hello everyone, >> Yahoo is sticking my mail straight in the junk folder, so it looks >> like >> domainkeys is my only hope. While I was at it, I also installed >> dkim, >> which works perfectly. Domainkeys is set up too but no matter what I >> do, >> the test always comes back as bad signature. I've tried installing >> domainkeys without dkim and the test still fails. Has anyone had any >> luck >> with this setup? > > Given the amount of crap messages I get from Yahoo I am more and more > leaning towards a full ban on Yahoo traffic. > > In my experience the presence of a DKIM signature is more likely to > indicate that a message is spam then non-spam. So in my experience DKIM > failed to contribute towards a reduction in SPAM messages. > > Hugo. > > -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From J.Ede at birchenallhowden.co.uk Tue Nov 23 11:58:38 2010 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Nov 23 11:58:57 2010 Subject: dk-filter, postfix, and mailscanner In-Reply-To: <88c55d6bb15065d974917a362ce55538.squirrel@mail.romehosting.com> References: <88c55d6bb15065d974917a362ce55538.squirrel@mail.romehosting.com> Message-ID: I've been looking at this too and if you've a single instance of postfix then I believe you can't do it as it signs the message before it gets passed to mailscanner and then the mailscanner stuff changes the email invalidating the signature. The solution is to have multiple instances of postfix. The first instance accepts and scans the email using mailscanner and then the email gets passed to the second instance which does the signing on the way out. If you can update to postfix >2.6 then it is much better supported from within postfix and http://www.postfix.org/MULTI_INSTANCE_README.html documents how to do it. We're in process of setting up a system that uses multiple instances and once it's all complete I hope to add what we've learnt to the wiki. Jason > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Dave Gattis > Sent: 23 November 2010 11:17 > To: mailscanner@lists.mailscanner.info > Subject: dk-filter, postfix, and mailscanner > > Hello everyone, > Yahoo is sticking my mail straight in the junk folder, so it looks like > domainkeys is my only hope. While I was at it, I also installed dkim, which > works perfectly. Domainkeys is set up too but no matter what I do, the test > always comes back as bad signature. I've tried installing domainkeys without > dkim and the test still fails. Has anyone had any luck with this setup? > > Debian 4.1.2 > > Postfix 2.5.5 > Mailscanner 4.81 > DK-Filter 1.0.0 > > Thanks! > > Dave > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From davejones70 at gmail.com Tue Nov 23 13:18:44 2010 From: davejones70 at gmail.com (Dave Jones) Date: Tue Nov 23 13:18:56 2010 Subject: Bitdefender AntiSpam: worth a try? In-Reply-To: References: Message-ID: On Mon, Nov 15, 2010 at 2:17 PM, Dave Jones wrote: > >Hi, > > > >It looks like Bitdefender just released a free AntiSpam engine for mail > >servers (Linux-based): > >http://www.bitdefender.com/business/antispam-for-mail-servers.html > > > >Anyone tried it yet? If so, could it complement MailScanner? > > > >Thanks! > > > >Denis > > I downloaded and installed it but MailScanner doesn't seem to support > this version yet in the virus.scanners.conf and the wrapper script. > > It seems to have some potential goodness since it runs as a daemon. > I am using an old version of McAffee that is End-Of-Life on Dec 31 2010. > It's terrible taking 3-6 seconds to start and load defs for each batch. > > Dave > Has anyone been able to integrate this into MailScanner yet? Anyone looked at it? I just received a quote from CDW and the price is very good. They license by server and not by mailbox/email address so 5 servers was under $150.00 US for a year of Security for Mail Servers (the middle one in the link below): http://kb.bitdefender.com/site/business/antispam-for-mail-servers.html The software does way more than needed when you already have MailScanner but I would like to use the AV engine if it's worth anything. Anyone have an experience with bitdefender AV in the past? I'm running McAffee that is end-of-life soon so I'm willing to spend some "free" time this holiday season to learn how to integrate this into MS and contribute it back as long as I'm not waisting my time. P.S. Jules, if you want to give me a quote to do this, contact me offline. I bet you could whip this out in no time and I would know that it's done right. Dave -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101123/1aa9fdfd/attachment.html From glenn.steen at gmail.com Tue Nov 23 14:02:42 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Nov 23 14:02:52 2010 Subject: Bitdefender AntiSpam: worth a try? In-Reply-To: References: Message-ID: On 23 November 2010 14:18, Dave Jones wrote: > > On Mon, Nov 15, 2010 at 2:17 PM, Dave Jones wrote: >> >> >Hi, >> > >> >It looks like Bitdefender just released a free AntiSpam engine for mail >> >servers (Linux-based): >> >http://www.bitdefender.com/business/antispam-for-mail-servers.html >> > >> >Anyone tried it yet? If so, could it complement MailScanner? >> > >> >Thanks! >> > >> >Denis >> >> I downloaded and installed it but MailScanner doesn't seem to support >> this version yet in the virus.scanners.conf and the wrapper script. >> It seems to have some potential goodness since it runs as a daemon. >> I am using an old version of McAffee that is End-Of-Life on Dec 31 2010. >> It's terrible taking 3-6 seconds to start and load defs for each batch. >> Dave > > Has anyone been able to integrate this into MailScanner yet? ?Anyone looked > at it? > I just received a quote from CDW and the price is very good. ?They license > by server > and not by mailbox/email address so 5 servers was under $150.00 US for a > year of > Security for Mail Servers (the middle one in the link below): > http://kb.bitdefender.com/site/business/antispam-for-mail-servers.html > The software does way more than needed when you already have MailScanner but > I would like to use the AV engine if it's worth anything. ?Anyone have an > experience > with bitdefender AV in the past? > I'm running McAffee that is end-of-life soon so I'm willing to spend some > "free" time > this holiday season to learn how to integrate this into MS and contribute it > back as > long as I'm not waisting my time. > P.S. ?Jules, if you want to give me a quote to do this, contact me offline. > ?I bet you > could whip this out in no time and I would know that it's done right. > Dave > Unlike McAfee and ClamAV, bdc never had any phishing sigs to talk about, so percentage of detections were significantly lower (as with FPs:-). bdc was/is a bit of a CPU hog, as all scanners that need load a massive set of sigs for every scan run. Other than that, it was very nicely priced, back then... :-). How their mailserver stuff measure up, I do not know... All that we've ever tried is the commandline scanner. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Tue Nov 23 14:07:43 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Nov 23 14:07:58 2010 Subject: Bitdefender AntiSpam: worth a try? In-Reply-To: References: <4CEBCAAF.9090406@ecs.soton.ac.uk> Message-ID: Can you get me a downloaded copy and a demo licence so I can write the code please? You can send me big downloads and files via dropoff.ecs.soton.ac.uk with email address mailscanner@ecs.soton.ac.uk. Send me any licence keys off-list. Then I'll see what I can do for you. Cheers, Jules. On 23/11/2010 13:18, Dave Jones wrote: > > On Mon, Nov 15, 2010 at 2:17 PM, Dave Jones > wrote: > > >Hi, > > > >It looks like Bitdefender just released a free AntiSpam engine > for mail > >servers (Linux-based): > >http://www.bitdefender.com/business/antispam-for-mail-servers.html > > > >Anyone tried it yet? If so, could it complement MailScanner? > > > >Thanks! > > > >Denis > > I downloaded and installed it but MailScanner doesn't seem to support > this version yet in the virus.scanners.conf and the wrapper script. > > It seems to have some potential goodness since it runs as a daemon. > I am using an old version of McAffee that is End-Of-Life on Dec 31 > 2010. > It's terrible taking 3-6 seconds to start and load defs for each > batch. > > Dave > > Has anyone been able to integrate this into MailScanner yet? Anyone > looked at it? > > I just received a quote from CDW and the price is very good. They > license by server > and not by mailbox/email address so 5 servers was under $150.00 US for > a year of > Security for Mail Servers (the middle one in the link below): > > http://kb.bitdefender.com/site/business/antispam-for-mail-servers.html > > The software does way more than needed when you already have > MailScanner but > I would like to use the AV engine if it's worth anything. Anyone have > an experience > with bitdefender AV in the past? > > I'm running McAffee that is end-of-life soon so I'm willing to spend > some "free" time > this holiday season to learn how to integrate this into MS and > contribute it back as > long as I'm not waisting my time. > > P.S. Jules, if you want to give me a quote to do this, contact me > offline. I bet you > could whip this out in no time and I would know that it's done right. > > Dave Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Tue Nov 23 14:08:14 2010 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Nov 23 14:15:33 2010 Subject: Bitdefender AntiSpam: worth a try? In-Reply-To: References: <4CEBCAAF.9090406@ecs.soton.ac.uk> Message-ID: <61d3b8639e191c2a24522a685f4f92c0@vps517.directvps.nl> On Tue, 23 Nov 2010 14:07:43 +0000, Julian Field wrote: > Can you get me a downloaded copy and a demo licence so I can write > the code please? > You can send me big downloads and files via dropoff.ecs.soton.ac.uk > with email address mailscanner@ecs.soton.ac.uk. Send me any licence > keys off-list. Jules, You should be able to download it all from the link below yourself: >> >> >http://www.bitdefender.com/business/antispam-for-mail-servers.html That is the least of your worries I guess. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc From dgattis at floydboe.net Tue Nov 23 18:55:37 2010 From: dgattis at floydboe.net (Dave Gattis) Date: Tue Nov 23 18:55:51 2010 Subject: dk-filter, postfix, and mailscanner In-Reply-To: References: <88c55d6bb15065d974917a362ce55538.squirrel@mail.romehosting.com> Message-ID: <11cf8bd8901af78c610a8221dce660a0.squirrel@mail.romehosting.com> Why do you think that MailScanner doesn't break dkim? Dave Jason Ede wrote: > I've been looking at this too and if you've a single instance of postfix > then I believe you can't do it as it signs the message before it gets > passed to mailscanner and then the mailscanner stuff changes the email > invalidating the signature. > > The solution is to have multiple instances of postfix. The first instance > accepts and scans the email using mailscanner and then the email gets > passed to the second instance which does the signing on the way out. > > If you can update to postfix >2.6 then it is much better supported from > within postfix and http://www.postfix.org/MULTI_INSTANCE_README.html > documents how to do it. We're in process of setting up a system that uses > multiple instances and once it's all complete I hope to add what we've > learnt to the wiki. > > Jason > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Dave Gattis >> Sent: 23 November 2010 11:17 >> To: mailscanner@lists.mailscanner.info >> Subject: dk-filter, postfix, and mailscanner >> >> Hello everyone, >> Yahoo is sticking my mail straight in the junk folder, so it looks like >> domainkeys is my only hope. While I was at it, I also installed dkim, >> which >> works perfectly. Domainkeys is set up too but no matter what I do, the >> test >> always comes back as bad signature. I've tried installing domainkeys >> without >> dkim and the test still fails. Has anyone had any luck with this setup? >> >> Debian 4.1.2 >> >> Postfix 2.5.5 >> Mailscanner 4.81 >> DK-Filter 1.0.0 >> >> Thanks! >> >> Dave >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From post at damschott.dk Tue Nov 23 19:45:12 2010 From: post at damschott.dk (=?ISO-8859-1?Q?S=F8ren_Dam?=) Date: Tue Nov 23 19:45:23 2010 Subject: Non Spam actions problem In-Reply-To: References: <4CEAD83C.7090103@ecs.soton.ac.uk> Message-ID: Dear Folks Just to be clear.. There seems nothing wrong with my Non.SpamAction.Rules, right? Just so I can put my efforts into another direction.. /Soeren 2010/11/23 S?ren Dam > > > 2010/11/22 Jules Field > > >> >> On 22/11/2010 20:34, S?ren Dam wrote: >> >>> Dear Folks >>> >>> I want to send a copy of the non spam mails to another mailbox for some >>> specific mail users. I have made this Non.SpamAction.Rules file: >>> >>> ".. >>> FromOrTo: aa@bb.com forward cc@bb.com >> cc@bb.com> >>> >> You want to add the action "deliver" to that line as well, or the original >> recipient will not get their copy of the message. >> >> >>> FromOrTo: default deliver header "X-Spam-Status: No" >>> >>> .." >>> >>> And I've put this line i Mailscanner.conf >>> >>> Non Spam Actions = %rules-dir%/Non.Spam.Action.Rules >>> >> Did you ask MailScanner to reload its config after making the change? >> "service MailScanner reload" will work on quite a few platforms, otherwise >> try "/etc/init.d/MailScanner reload". >> >> > I reload the configuration every time I do a change.. > > >> And also try doing the command >> MailScanner --lint >> to see what that says about your configuration. >> > > Mailscanner --lint did'nt return any errors > > >> >> And also look in your /var/log/maillog to see what MailScanner is logging >> when it starts up, there may be some error messages in there. >> >> > Maillog didn't return any errors on the reload > > Can I see if the copy of the mail is going into outgoing spool? > > >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101123/22bcc6ba/attachment.html From iveymr at gmail.com Tue Nov 23 20:41:08 2010 From: iveymr at gmail.com (Ryan Ivey) Date: Tue Nov 23 20:41:20 2010 Subject: Non Spam actions problem In-Reply-To: References: <4CEAD83C.7090103@ecs.soton.ac.uk> Message-ID: On Tue, Nov 23, 2010 at 2:45 PM, S?ren Dam wrote: > Dear Folks > > Just to be clear.. > There seems nothing wrong with my Non.SpamAction.Rules, right? > Is it Non.SpamAction.Rules or Non.Spam[.]Action.Rules that's defined in MailScanner.conf? It has to match the exact name in %rules-dir% ? [snip] * **And I've put this line i Mailscanner.conf* * * * Non Spam Actions = %rules-dir%/Non.Spam.Action.**Rules *[/snip] > Just so I can put my efforts into another direction.. > > /Soeren > > 2010/11/23 S?ren Dam > > >> >> 2010/11/22 Jules Field >> >> >>> >>> On 22/11/2010 20:34, S?ren Dam wrote: >>> >>>> Dear Folks >>>> >>>> I want to send a copy of the non spam mails to another mailbox for some >>>> specific mail users. I have made this Non.SpamAction.Rules file: >>>> >>>> ".. >>>> FromOrTo: aa@bb.com forward cc@bb.com >>> cc@bb.com> >>>> >>> You want to add the action "deliver" to that line as well, or the >>> original recipient will not get their copy of the message. >>> >>> >>>> FromOrTo: default deliver header "X-Spam-Status: No" >>>> >>>> .." >>>> >>>> And I've put this line i Mailscanner.conf >>>> >>>> Non Spam Actions = %rules-dir%/Non.Spam.Action.Rules >>>> >>> Did you ask MailScanner to reload its config after making the change? >>> "service MailScanner reload" will work on quite a few platforms, >>> otherwise try "/etc/init.d/MailScanner reload". >>> >>> >> I reload the configuration every time I do a change.. >> >> >>> And also try doing the command >>> MailScanner --lint >>> to see what that says about your configuration. >>> >> >> Mailscanner --lint did'nt return any errors >> >> >>> >>> And also look in your /var/log/maillog to see what MailScanner is logging >>> when it starts up, there may be some error messages in there. >>> >>> >> Maillog didn't return any errors on the reload >> >> Can I see if the copy of the mail is going into outgoing spool? >> >> >>> Jules >>> >>> -- >>> Julian Field MEng CITP CEng >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> Need help customising MailScanner? >>> Contact me! >>> Need help fixing or optimising your systems? >>> Contact me! >>> Need help getting you started solving new requirements from your boss? >>> Contact me! >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> Follow me at twitter.com/JulesFM >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101123/dbbf4e68/attachment.html From post at damschott.dk Tue Nov 23 21:48:38 2010 From: post at damschott.dk (=?ISO-8859-1?Q?S=F8ren_Dam?=) Date: Tue Nov 23 21:48:48 2010 Subject: Non Spam actions problem In-Reply-To: References: <4CEAD83C.7090103@ecs.soton.ac.uk> Message-ID: 2010/11/23 Ryan Ivey > On Tue, Nov 23, 2010 at 2:45 PM, S?ren Dam wrote: > >> Dear Folks >> >> Just to be clear.. >> There seems nothing wrong with my Non.SpamAction.Rules, right? >> > > Is it Non.SpamAction.Rules or Non.Spam[.]Action.Rules that's defined in > MailScanner.conf? It has to match the exact name in %rules-dir% ? > > Oh, that was just a typo in the mail, not in the conf file..;-) It also seems that the other mail don't get the " deliver header "X-Spam-Status: No" " attached. So it seems that mailscanner is not reading the rules file. But still no errors anywhere. /Soeren [snip] > > * **And I've put this line i Mailscanner.conf* > * > * > * Non Spam Actions = %rules-dir%/Non.Spam.Action.**Rules > * > [/snip] > > >> Just so I can put my efforts into another direction.. >> >> /Soeren >> >> 2010/11/23 S?ren Dam >> >> >>> >>> 2010/11/22 Jules Field >>> >>> >>>> >>>> On 22/11/2010 20:34, S?ren Dam wrote: >>>> >>>>> Dear Folks >>>>> >>>>> I want to send a copy of the non spam mails to another mailbox for some >>>>> specific mail users. I have made this Non.SpamAction.Rules file: >>>>> >>>>> ".. >>>>> FromOrTo: aa@bb.com forward cc@bb.com >>>> cc@bb.com> >>>>> >>>> You want to add the action "deliver" to that line as well, or the >>>> original recipient will not get their copy of the message. >>>> >>>> >>>>> FromOrTo: default deliver header "X-Spam-Status: No" >>>>> >>>>> .." >>>>> >>>>> And I've put this line i Mailscanner.conf >>>>> >>>>> Non Spam Actions = %rules-dir%/Non.Spam.Action.Rules >>>>> >>>> Did you ask MailScanner to reload its config after making the change? >>>> "service MailScanner reload" will work on quite a few platforms, >>>> otherwise try "/etc/init.d/MailScanner reload". >>>> >>>> >>> I reload the configuration every time I do a change.. >>> >>> >>>> And also try doing the command >>>> MailScanner --lint >>>> to see what that says about your configuration. >>>> >>> >>> Mailscanner --lint did'nt return any errors >>> >>> >>>> >>>> And also look in your /var/log/maillog to see what MailScanner is >>>> logging when it starts up, there may be some error messages in there. >>>> >>>> >>> Maillog didn't return any errors on the reload >>> >>> Can I see if the copy of the mail is going into outgoing spool? >>> >>> >>>> Jules >>>> >>>> -- >>>> Julian Field MEng CITP CEng >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> >>>> Need help customising MailScanner? >>>> Contact me! >>>> Need help fixing or optimising your systems? >>>> Contact me! >>>> Need help getting you started solving new requirements from your boss? >>>> Contact me! >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> Follow me at twitter.com/JulesFM >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> -- >> >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101123/435666d7/attachment.html From homyang4u at gmail.com Wed Nov 24 07:57:42 2010 From: homyang4u at gmail.com (homyang cha) Date: Wed Nov 24 07:57:50 2010 Subject: ClamAV SpamAssassin easy installation package outdated Message-ID: Hello Everybody I have used ClamAV and SpamAssassin easy installation package with MailScanner. Now I want to upgrade the easy installation package but it is outdated. When I debug MailScanner --lint it shows the version of the ClamAV engine is outdated. So when will this package be updated? Is there other ways to update this package? Is using ClamAV and SpamAssassin seperately a better option? I found insalling easy package is much faster and works fine without any problems. Please help. Thanks in advance -- homyang (aka puran) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101124/ea15ca84/attachment.html From J.Ede at birchenallhowden.co.uk Wed Nov 24 08:58:32 2010 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Wed Nov 24 08:58:50 2010 Subject: dk-filter, postfix, and mailscanner In-Reply-To: <11cf8bd8901af78c610a8221dce660a0.squirrel@mail.romehosting.com> References: <88c55d6bb15065d974917a362ce55538.squirrel@mail.romehosting.com> <11cf8bd8901af78c610a8221dce660a0.squirrel@mail.romehosting.com> Message-ID: If you add a footer to the bottom of the email after it is signed then surely that invalidates the signature? Also I think some of the extra headers might although not sure on that. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Dave Gattis > Sent: 23 November 2010 18:56 > To: MailScanner discussion > Subject: RE: dk-filter, postfix, and mailscanner > > Why do you think that MailScanner doesn't break dkim? > Dave > > Jason Ede wrote: > > I've been looking at this too and if you've a single instance of > > postfix then I believe you can't do it as it signs the message before > > it gets passed to mailscanner and then the mailscanner stuff changes > > the email invalidating the signature. > > > > The solution is to have multiple instances of postfix. The first > > instance accepts and scans the email using mailscanner and then the > > email gets passed to the second instance which does the signing on the > way out. > > > > If you can update to postfix >2.6 then it is much better supported > > from within postfix and > > http://www.postfix.org/MULTI_INSTANCE_README.html > > documents how to do it. We're in process of setting up a system that > > uses multiple instances and once it's all complete I hope to add what > > we've learnt to the wiki. > > > > Jason > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Dave Gattis > >> Sent: 23 November 2010 11:17 > >> To: mailscanner@lists.mailscanner.info > >> Subject: dk-filter, postfix, and mailscanner > >> > >> Hello everyone, > >> Yahoo is sticking my mail straight in the junk folder, so it looks > >> like domainkeys is my only hope. While I was at it, I also installed > >> dkim, which works perfectly. Domainkeys is set up too but no matter > >> what I do, the test always comes back as bad signature. I've tried > >> installing domainkeys without dkim and the test still fails. Has > >> anyone had any luck with this setup? > >> > >> Debian 4.1.2 > >> > >> Postfix 2.5.5 > >> Mailscanner 4.81 > >> DK-Filter 1.0.0 > >> > >> Thanks! > >> > >> Dave > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Nov 24 10:40:45 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Nov 24 10:40:55 2010 Subject: Non Spam actions problem In-Reply-To: References: <4CEAD83C.7090103@ecs.soton.ac.uk> Message-ID: On 23 November 2010 22:48, S?ren Dam wrote: > > > 2010/11/23 Ryan Ivey >> >> On Tue, Nov 23, 2010 at 2:45 PM, S?ren Dam wrote: >>> >>> Dear Folks >>> Just to be clear.. >>> There seems nothing wrong with my?Non.SpamAction.Rules, right? >> >> Is it Non.SpamAction.Rules or Non.Spam[.]Action.Rules that's defined in >> MailScanner.conf?? It has to match the exact name in %rules-dir% ? >> > > Oh, that was just a typo in the mail, not in the conf file..;-) > It also seems that the other mail don't get the "?deliver header > "X-Spam-Status: No" " attached. So it seems that mailscanner is not reading > the rules file. But still no errors anywhere. > /Soeren What does MailScanner --lint tell you? Any errors? What MTA do you use? If PF, then you'd need make sure the rule file is actually readable by the user postfix runs as. Also... you did note Jules tip about adding in "deliver" to your rule, right? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Nov 24 10:46:56 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Nov 24 10:47:05 2010 Subject: Non Spam actions problem In-Reply-To: References: <4CEAD83C.7090103@ecs.soton.ac.uk> Message-ID: On 24 November 2010 11:40, Glenn Steen wrote: > On 23 November 2010 22:48, S?ren Dam wrote: >> >> >> 2010/11/23 Ryan Ivey >>> >>> On Tue, Nov 23, 2010 at 2:45 PM, S?ren Dam wrote: >>>> >>>> Dear Folks >>>> Just to be clear.. >>>> There seems nothing wrong with my?Non.SpamAction.Rules, right? >>> >>> Is it Non.SpamAction.Rules or Non.Spam[.]Action.Rules that's defined in >>> MailScanner.conf?? It has to match the exact name in %rules-dir% ? >>> >> >> Oh, that was just a typo in the mail, not in the conf file..;-) >> It also seems that the other mail don't get the "?deliver header >> "X-Spam-Status: No" " attached. So it seems that mailscanner is not reading >> the rules file. But still no errors anywhere. >> /Soeren > What does MailScanner --lint tell you? Any errors? > What MTA do you use? If PF, then you'd need make sure the rule file is > actually readable by the user postfix runs as. > Also... you did note Jules tip about adding in "deliver" to your rule, right? > > Cheers BTW, you can use the MailScanner command to check the validity of your rulesets,,, Do "MailScanner --help" for the options... you could test out things like: MailScanner --value=nonspamactions --from=someone@somewhe.re --to=someone@your.doma.in and see what MS would think about that (replace addresses as needed, to get different results). Example: ]# MailScanner --value=nonspamactions --from=arne@example.net --to=glenn.steen@ap1.se Looked up internal option name "hamactions" With sender = arne@example.net recipient = glenn.steen@ap1.se Client IP = Virus = Result is "deliver header "X-Spam-Status: No"" # Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From post at damschott.dk Wed Nov 24 22:20:05 2010 From: post at damschott.dk (=?ISO-8859-1?Q?S=F8ren_Dam?=) Date: Wed Nov 24 22:20:15 2010 Subject: Non Spam actions problem In-Reply-To: References: <4CEAD83C.7090103@ecs.soton.ac.uk> Message-ID: 2010/11/24 Glenn Steen > On 24 November 2010 11:40, Glenn Steen wrote: > > On 23 November 2010 22:48, S?ren Dam wrote: > >> > >> > >> 2010/11/23 Ryan Ivey > >>> > >>> On Tue, Nov 23, 2010 at 2:45 PM, S?ren Dam wrote: > >>>> > >>>> Dear Folks > >>>> Just to be clear.. > >>>> There seems nothing wrong with my Non.SpamAction.Rules, right? > >>> > >>> Is it Non.SpamAction.Rules or Non.Spam[.]Action.Rules that's defined in > >>> MailScanner.conf? It has to match the exact name in %rules-dir% ? > >>> > >> > >> Oh, that was just a typo in the mail, not in the conf file..;-) > >> It also seems that the other mail don't get the " deliver header > >> "X-Spam-Status: No" " attached. So it seems that mailscanner is not > reading > >> the rules file. But still no errors anywhere. > >> /Soeren > > What does MailScanner --lint tell you? Any errors? > > What MTA do you use? If PF, then you'd need make sure the rule file is > > actually readable by the user postfix runs as. > > Also... you did note Jules tip about adding in "deliver" to your rule, > right? > > > > Cheers > > BTW, you can use the MailScanner command to check the validity of your > rulesets,,, Do "MailScanner --help" for the options... you could test > out things like: > > MailScanner --value=nonspamactions --from=someone@somewhe.re > --to=someone@your.doma.in > and see what MS would think about that (replace addresses as needed, > to get different results). > > Example: > ]# MailScanner --value=nonspamactions --from=arne@example.net > --to=glenn.steen@ap1.se > Looked up internal option name "hamactions" > With sender = arne@example.net > recipient = glenn.steen@ap1.se > Client IP = > Virus = > Result is "deliver header "X-Spam-Status: No"" > # > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Thank you for your help! I've found the error.. When I did that test you proposed, Mailscanner couldn't read the rules file. Then I changed the file name from "Non.SpamAction.*Rules*" to "Non.SpamAction.*rules" *That helped! This is properly common knowledge if you read the Mailscanner book, which i will buy now..;-) /Soeren -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101124/c07b4565/attachment.html From garry at glendown.de Thu Nov 25 08:22:01 2010 From: garry at glendown.de (Garry Glendown) Date: Thu Nov 25 08:22:08 2010 Subject: MS renames xlsx as xls in quarantine? Message-ID: <4CEE1CA9.9010609@glendown.de> Hi, I've set up a script to download quarantined attachments, which works fine ... anyway, I came across a problem recently which I can't really find a reason for ... A mail attachment was received with an .xlsx file, which was quarantined. Anyway, the original filename wasn't kept, but rather renamed to .xls, which can mess up certain Excel versions when loading (Excel 2010 will load it none the less, albeit with a warning). I was trying to find some sort of setting that may have caused this behavior, but couldn't see anything in the filename rules etc ... Any idea what's going wrong? Thanks, Garry From hvdkooij at vanderkooij.org Thu Nov 25 08:57:41 2010 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Nov 25 09:05:13 2010 Subject: Non Spam actions problem In-Reply-To: References: <4CEAD83C.7090103@ecs.soton.ac.uk> Message-ID: <0ca479f63463f464fd0f1e5ad3063b1b@vps517.directvps.nl> Skipped content of type multipart/alternative-------------- next part -------------- -- This mail was scanned by BitDefender For more information please visit http://www.bitdefender.com/links/en/frams.html From MailScanner at ecs.soton.ac.uk Thu Nov 25 11:29:56 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Nov 25 11:30:16 2010 Subject: MS renames xlsx as xls in quarantine? In-Reply-To: <4CEE1CA9.9010609@glendown.de> References: <4CEE1CA9.9010609@glendown.de> <4CEE48B4.30904@ecs.soton.ac.uk> Message-ID: I would advise doing some basic sanity checks on your setup. There is nothing in MailScanner that can possibly do this, unless you are running the latest beta releases which can quietly rename attachments to "disarm" them while still allowing them to reach the recipient. Never seen this one before, something strange is happening in your setup. Jules. On 25/11/2010 08:22, Garry Glendown wrote: > Hi, > > I've set up a script to download quarantined attachments, which works > fine ... anyway, I came across a problem recently which I can't really > find a reason for ... > A mail attachment was received with an .xlsx file, which was > quarantined. Anyway, the original filename wasn't kept, but rather > renamed to .xls, which can mess up certain Excel versions when loading > (Excel 2010 will load it none the less, albeit with a warning). > I was trying to find some sort of setting that may have caused this > behavior, but couldn't see anything in the filename rules etc ... > > Any idea what's going wrong? > > Thanks, Garry Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Nov 25 11:35:33 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Nov 25 11:35:55 2010 Subject: ClamAV SpamAssassin easy installation package outdated In-Reply-To: References: <4CEE4A05.5020406@ecs.soton.ac.uk> Message-ID: Just updated it for you! On 24/11/2010 07:57, homyang cha wrote: > Hello Everybody > I have used ClamAV and SpamAssassin easy installation package with > MailScanner. Now I want to upgrade the easy installation package but > it is outdated. When I debug MailScanner --lint it shows the version > of the ClamAV engine is outdated. So when will this package be > updated? Is there other ways to update this package? Is using ClamAV > and SpamAssassin seperately a better option? I found insalling easy > package is much faster and works fine without any problems. Please help. > > Thanks in advance > > > -- > homyang (aka puran) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Thu Nov 25 11:40:20 2010 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Nov 25 11:47:51 2010 Subject: Bitdefender AntiSpam: worth a try? In-Reply-To: <4CDAC807.30600@USherbrooke.ca> References: <4CDAC807.30600@USherbrooke.ca> Message-ID: On Wed, 10 Nov 2010 11:27:51 -0500, Denis Beauchemin wrote: > Hi, > > It looks like Bitdefender just released a free AntiSpam engine for > mail servers (Linux-based): > http://www.bitdefender.com/business/antispam-for-mail-servers.html > > Anyone tried it yet? If so, could it complement MailScanner? I have given it a spin. I noticed that it had a relative low score on message that were marked as spam but not highscoring spam. So I would rate it below my current setup with MailScanner + SpamAssassin. I will deinstall it as it needs more CPU cycles but performs not as wll as my current setup with MailScanner. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc -- This mail was scanned by BitDefender For more information please visit http://www.bitdefender.com/links/en/frams.html From alex at rtpty.com Thu Nov 25 13:40:21 2010 From: alex at rtpty.com (Alex Neuman) Date: Thu Nov 25 13:43:43 2010 Subject: Non Spam actions problem In-Reply-To: <0ca479f63463f464fd0f1e5ad3063b1b@vps517.directvps.nl> References: <4CEAD83C.7090103@ecs.soton.ac.uk><0ca479f63463f464fd0f1e5ad3063b1b@vps517.directvps.nl> Message-ID: <1795784593-1290692609-cardhu_decombobulator_blackberry.rim.net-70029255-@bda478.bisx.prod.on.blackberry> And caps are only to be used if absolutely necessary! OverCompensating By Spurious Use Of Caps Is Ugly And Often Brings Problems! :-P -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 +1-440-253-9789 (USA) Recuerda visitar http://vidadigital.com.pa/ BB PIN 20EA17C5 Twitter: @AlexNeuman - @VidaDigitalTV http://facebook.com/vidadigital Skype: alexneuman -----Original Message----- From: Hugo van der Kooij Sender: mailscanner-bounces@lists.mailscanner.info Date: Thu, 25 Nov 2010 10:57:41 To: MailScanner discussion Reply-To: MailScanner discussion Subject: Re: Non Spam actions problem -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From post at damschott.dk Thu Nov 25 14:47:35 2010 From: post at damschott.dk (=?ISO-8859-1?Q?S=F8ren_Dam?=) Date: Thu Nov 25 14:47:46 2010 Subject: Non Spam actions problem In-Reply-To: <0ca479f63463f464fd0f1e5ad3063b1b@vps517.directvps.nl> References: <4CEAD83C.7090103@ecs.soton.ac.uk> <0ca479f63463f464fd0f1e5ad3063b1b@vps517.directvps.nl> Message-ID: 2010/11/25 Hugo van der Kooij > On Wed, 24 Nov 2010 23:20:05 +0100, S?ren Dam wrote: > > When I did that test you proposed, Mailscanner couldn't read the rules > file. Then I changed the file name from "Non.SpamAction.*Rules*" to > "Non.SpamAction.*rules" *That helped! > This is properly common knowledge if you read the Mailscanner book, which > i will buy now..;-) > /Soeren > > Sounds more like common unix knowledge. Things are case sensetive untill > proven otherwise. > > Hugo. > > No..thats NOT common UNIX knowledge.. I'm fully aware of case sensitivity.. I named the entry in the Mailscanner.conf the EXACT same way as the .rules file. But it does simply not work if you name a something.rules file something.Rules. Try it out! That is NOT normal i would say.. /Soeren > -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG ? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > > -- > This mail was scanned by BitDefender > For more information please visit > http://www.bitdefender.com/links/en/frams.html > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101125/171e0fea/attachment.html From MailScanner at ecs.soton.ac.uk Thu Nov 25 15:02:50 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Nov 25 15:03:06 2010 Subject: Non Spam actions problem In-Reply-To: References: <4CEAD83C.7090103@ecs.soton.ac.uk> <0ca479f63463f464fd0f1e5ad3063b1b@vps517.directvps.nl> <4CEE7A9A.9060103@ecs.soton.ac.uk> Message-ID: On 25/11/2010 14:47, S?ren Dam wrote: > > > 2010/11/25 Hugo van der Kooij > > > On Wed, 24 Nov 2010 23:20:05 +0100, S?ren Dam > wrote: > >> When I did that test you proposed, Mailscanner couldn't read the >> rules file. Then I changed the file name from >> "Non.SpamAction.*Rules*" to "Non.SpamAction.*rules" *That helped! >> This is properly common knowledge if you read the Mailscanner >> book, which i will buy now..;-) >> /Soeren > > Sounds more like common unix knowledge. Things are case sensetive > untill proven otherwise. > > Hugo. > > No..thats NOT common UNIX knowledge.. > I'm fully aware of case sensitivity.. > I named the entry in the Mailscanner.conf the EXACT same way as the > .rules file. But it does simply not work if you name a something.rules > file something.Rules. Try it out! > > That is NOT normal i would say.. MailScanner uses a lot of heuristics to work out what you mean by what you put in the MailScanner.conf file. There is no defined syntax, it's just not that simple. If I had made it easy for me, all you guys would have to put explanatory things all over the place so my code could easily see what you meant. I made it easy for you, not for me; so the parser is very much heuristics-based, and so does tend to make a few assumptions to start with. And yes, one of those is that rules filenames end in ".rules" usually. It doesn't enforce that everywhere by any means, but it does make that assumption occasionally. I'll change the code to allow .Rules as well as .rules to keep you happy, that shouldn't break anything too major. Jules. > > /Soeren > > -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG ? Use:http://hugo.vanderkooij.org/0x58F19981.asc > > > -- > This mail was scanned by BitDefender > For more information please visit > http://www.bitdefender.com/links/en/frams.html > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Thu Nov 25 15:01:06 2010 From: alex at rtpty.com (Alex Neuman) Date: Thu Nov 25 15:12:37 2010 Subject: Non Spam actions problem Message-ID: <541388551-1290697944-cardhu_decombobulator_blackberry.rim.net-1251166552-@bda478.bisx.prod.on.blackberry> Specs say ".rules". You Used Rules Since You Thought It Looked Better. Works "as it says on the tin" ;-) ------Original Message------ From: S?ren Dam Sender: mailscanner-bounces@lists.mailscanner.info To: MailScanner discussion ReplyTo: MailScanner discussion Subject: Re: Non Spam actions problem Sent: Nov 25, 2010 9:47 AM ? 2010/11/25 Hugo van der Kooij On Wed, 24 Nov 2010 23:20:05 +0100, S?ren Dam wrote: When I did that test you proposed, Mailscanner couldn't read the rules file. Then I changed the file name from "Non.SpamAction.Rules" to "Non.SpamAction.rules" That helped! This is properly common knowledge if you read the Mailscanner book, which i will buy now..;-) /Soeren Sounds more like common unix knowledge. Things are case sensetive untill proven otherwise. Hugo. No..thats NOT common UNIX knowledge.. I'm fully aware of case sensitivity.. I named the entry in the Mailscanner.conf the EXACT same way as the .rules file. But it does simply not work if you name a something.rules file something.Rules. Try it out! That is NOT normal i would say.. /Soeren? -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc -- This mail was scanned by BitDefender For more information please visit http://www.bitdefender.com/links/en/frams.html -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 +1-440-253-9789 (USA) Recuerda visitar http://vidadigital.com.pa/ BB PIN 20EA17C5 Twitter: @AlexNeuman - @VidaDigitalTV http://facebook.com/vidadigital Skype: alexneuman From post at damschott.dk Thu Nov 25 16:48:39 2010 From: post at damschott.dk (=?ISO-8859-1?Q?S=F8ren_Dam?=) Date: Thu Nov 25 16:48:50 2010 Subject: Non Spam actions problem In-Reply-To: References: <4CEAD83C.7090103@ecs.soton.ac.uk> <0ca479f63463f464fd0f1e5ad3063b1b@vps517.directvps.nl> <4CEE7A9A.9060103@ecs.soton.ac.uk> Message-ID: 2010/11/25 Julian Field > > > On 25/11/2010 14:47, S?ren Dam wrote: > >> >> >> 2010/11/25 Hugo van der Kooij > hvdkooij@vanderkooij.org>> >> >> >> On Wed, 24 Nov 2010 23:20:05 +0100, S?ren Dam > > wrote: >> >> When I did that test you proposed, Mailscanner couldn't read the >>> rules file. Then I changed the file name from >>> "Non.SpamAction.*Rules*" to "Non.SpamAction.*rules" *That helped! >>> This is properly common knowledge if you read the Mailscanner >>> book, which i will buy now..;-) >>> /Soeren >>> >> >> Sounds more like common unix knowledge. Things are case sensetive >> untill proven otherwise. >> >> Hugo. >> >> No..thats NOT common UNIX knowledge.. >> I'm fully aware of case sensitivity.. >> I named the entry in the Mailscanner.conf the EXACT same way as the .rules >> file. But it does simply not work if you name a something.rules file >> something.Rules. Try it out! >> >> That is NOT normal i would say.. >> > MailScanner uses a lot of heuristics to work out what you mean by what you > put in the MailScanner.conf file. There is no defined syntax, it's just not > that simple. > > If I had made it easy for me, all you guys would have to put explanatory > things all over the place so my code could easily see what you meant. > > I made it easy for you, not for me; so the parser is very much > heuristics-based, and so does tend to make a few assumptions to start with. > And yes, one of those is that rules filenames end in ".rules" usually. It > doesn't enforce that everywhere by any means, but it does make that > assumption occasionally. > > I'll change the code to allow .Rules as well as .rules to keep you happy, > that shouldn't break anything too major. > > Jules. > > Hey, You wrote some fantastic software here, and my users and me are grateful to use it. I worked for many years with Amavisd-new, and I think you are right, Mailscanner is easy and intutitive. I just replied to the statement that I don't know my UNIX. A bit harsh when you, like me, have worked with UNIX professionally for 10 years. /Soeren > >> -- hvdkooij@vanderkooij.org >> http://hugo.vanderkooij.org/ >> PGP/GPG ? Use: >> http://hugo.vanderkooij.org/0x58F19981.asc >> >> >> >> -- >> This mail was scanned by BitDefender >> For more information please visit >> http://www.bitdefender.com/links/en/frams.html >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101125/5747c8f9/attachment.html From MailScanner at ecs.soton.ac.uk Thu Nov 25 21:52:36 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Thu Nov 25 21:52:51 2010 Subject: Non Spam actions problem In-Reply-To: References: <4CEAD83C.7090103@ecs.soton.ac.uk> <0ca479f63463f464fd0f1e5ad3063b1b@vps517.directvps.nl> <4CEE7A9A.9060103@ecs.soton.ac.uk> <4CEEDAA4.4080403@ecs.soton.ac.uk> Message-ID: On 25/11/2010 16:48, S?ren Dam wrote: > > > 2010/11/25 Julian Field > > > > > On 25/11/2010 14:47, S?ren Dam wrote: > > > > 2010/11/25 Hugo van der Kooij > >> > > > On Wed, 24 Nov 2010 23:20:05 +0100, S?ren Dam > > >> wrote: > > When I did that test you proposed, Mailscanner couldn't > read the > rules file. Then I changed the file name from > "Non.SpamAction.*Rules*" to "Non.SpamAction.*rules" > *That helped! > This is properly common knowledge if you read the > Mailscanner > book, which i will buy now..;-) > /Soeren > > > Sounds more like common unix knowledge. Things are case > sensetive > untill proven otherwise. > > Hugo. > > No..thats NOT common UNIX knowledge.. > I'm fully aware of case sensitivity.. > I named the entry in the Mailscanner.conf the EXACT same way > as the .rules file. But it does simply not work if you name a > something.rules file something.Rules. Try it out! > > That is NOT normal i would say.. > > MailScanner uses a lot of heuristics to work out what you mean by > what you put in the MailScanner.conf file. There is no defined > syntax, it's just not that simple. > > If I had made it easy for me, all you guys would have to put > explanatory things all over the place so my code could easily see > what you meant. > > I made it easy for you, not for me; so the parser is very much > heuristics-based, and so does tend to make a few assumptions to > start with. And yes, one of those is that rules filenames end in > ".rules" usually. It doesn't enforce that everywhere by any means, > but it does make that assumption occasionally. > > I'll change the code to allow .Rules as well as .rules to keep you > happy, that shouldn't break anything too major. > > Jules. > > Hey, You wrote some fantastic software here, and my users and me are > grateful to use it. I worked for many years with Amavisd-new, and I > think you are right, Mailscanner is easy and intutitive. I just > replied to the statement that I don't know my UNIX. A bit harsh when > you, like me, have worked with UNIX professionally for 10 years. A bit harsh, I agree. But everyone knows you have to take anything said by email with a pinch of salt; as we all know and appreciate, it isn't the best medium ever invented :-) But then again, I don't think anyone has ever found an ideal one, or even possibly a "best" one! :) Cheers, Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From homyang4u at gmail.com Fri Nov 26 09:14:28 2010 From: homyang4u at gmail.com (homyang cha) Date: Fri Nov 26 09:14:37 2010 Subject: ClamAV SpamAssassin easy installation package outdated In-Reply-To: References: <4CEE4A05.5020406@ecs.soton.ac.uk> Message-ID: Thank you so much Julian On Thu, Nov 25, 2010 at 5:35 PM, Julian Field wrote: > Just updated it for you! > > > On 24/11/2010 07:57, homyang cha wrote: > >> Hello Everybody >> I have used ClamAV and SpamAssassin easy installation package with >> MailScanner. Now I want to upgrade the easy installation package but it is >> outdated. When I debug MailScanner --lint it shows the version of the ClamAV >> engine is outdated. So when will this package be updated? Is there other >> ways to update this package? Is using ClamAV and SpamAssassin seperately a >> better option? I found insalling easy package is much faster and works fine >> without any problems. Please help. >> >> Thanks in advance >> >> >> -- >> homyang (aka puran) >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- homyang (aka puran) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101126/91bf7f12/attachment.html From bonivart at opencsw.org Fri Nov 26 09:31:09 2010 From: bonivart at opencsw.org (Peter Bonivart) Date: Fri Nov 26 09:31:38 2010 Subject: A way to throttle mail from domain/ip? Message-ID: I would like to throttle mail so no single domain/ip can send a lot of mail to us in a short amount of time (think newsletters bogging down MailScanner). I can't find anything in Sendmail that offers that, only generic throttling that doesn't keep state of who sends how much. I have found two milters that I think would work: 1. milter-limit from Snertsoft. Costs money. 2. j-chkmail. Free. Does anyone use any of the two above for this and what do you think of them? Or is there more solutions available (for Sendmail)? /peter From ms-list at alexb.ch Fri Nov 26 09:39:40 2010 From: ms-list at alexb.ch (Alex Broens) Date: Fri Nov 26 09:39:48 2010 Subject: A way to throttle mail from domain/ip? In-Reply-To: References: Message-ID: <4CEF805C.5040802@alexb.ch> On 2010-11-26 10:31, Peter Bonivart wrote: > I would like to throttle mail so no single domain/ip can send a lot of > mail to us in a short amount of time (think newsletters bogging down > MailScanner). I can't find anything in Sendmail that offers that, only > generic throttling that doesn't keep state of who sends how much. > > I have found two milters that I think would work: > > 1. milter-limit from Snertsoft. Costs money. > 2. j-chkmail. Free. > > Does anyone use any of the two above for this and what do you think of > them? Or is there more solutions available (for Sendmail)? milter-limit ?s free see http://www.snertsoft.com/download.php From glenn.steen at gmail.com Fri Nov 26 10:29:48 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Nov 26 10:29:58 2010 Subject: A way to throttle mail from domain/ip? In-Reply-To: References: Message-ID: On 26 November 2010 10:31, Peter Bonivart wrote: > I would like to throttle mail so no single domain/ip can send a lot of > mail to us in a short amount of time (think newsletters bogging down > MailScanner). I can't find anything in Sendmail that offers that, only > generic throttling that doesn't keep state of who sends how much. > > I have found two milters that I think would work: > > 1. milter-limit from Snertsoft. Costs money. > 2. j-chkmail. Free. > > Does anyone use any of the two above for this and what do you think of > them? Or is there more solutions available (for Sendmail)? > > /peter Didn't Vispan do something like that? Although with some firewall integration...? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From shuttlebox at gmail.com Fri Nov 26 11:21:52 2010 From: shuttlebox at gmail.com (Peter Bonivart) Date: Fri Nov 26 11:22:08 2010 Subject: A way to throttle mail from domain/ip? In-Reply-To: References: Message-ID: <530756963242499720@unknownmsgid> On 26 nov 2010, at 11:34, Glenn Steen wrote: > Didn't Vispan do something like that? Although with some firewall > integration...? You may be right, I'm at lunch so I will have to verify that later. I also found that milter-greylist has some ratelimit feature built in. /peter Sent from my iPhone From paulo-m-roncon at ptinovacao.pt Fri Nov 26 12:09:53 2010 From: paulo-m-roncon at ptinovacao.pt (Paulo Roncon) Date: Fri Nov 26 12:10:03 2010 Subject: Data Loss Protection In-Reply-To: <201011261202.oAQC0U8A009855@safir.blacknight.ie> References: <201011261202.oAQC0U8A009855@safir.blacknight.ie> Message-ID: Does anyone have any form of data loss protection working with mailscanner? A simple feature could be: outbound mail: based on the analysis of the header the service could aply rules (quarantine, reject with notification, send mail in SSL, other) The basic ideia is to prevent that unauthorized content leaves the corporate and/or goes to the internet without encryption. I think it could be a nice feature or even a new project. Any coments? Thanks Paulo From MailScanner at ecs.soton.ac.uk Fri Nov 26 12:18:51 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Nov 26 12:19:05 2010 Subject: Data Loss Protection In-Reply-To: References: <201011261202.oAQC0U8A009855@safir.blacknight.ie> <4CEFA5AB.3010408@ecs.soton.ac.uk> Message-ID: On 26/11/2010 12:09, Paulo Roncon wrote: > Does anyone have any form of data loss protection working with mailscanner? > A simple feature could be: > outbound mail: based on the analysis of the header the service could aply rules (quarantine, reject with notification, send mail in SSL, other) > The basic ideia is to prevent that unauthorized content leaves the corporate and/or goes to the internet without encryption. > I think it could be a nice feature or even a new project. > > Any coments? Pretty much all of what you want to do is already there. See these settings in MailScanner.conf : Block Encrypted Messages = Block Unencrypted Messages = Allow Password-Protected Archives = Archives Must Be Password-Protected = Check Filenames In Password-Protected Archives = and last but very importantly SpamAssassin Rule Actions = Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Fri Nov 26 12:21:45 2010 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Fri Nov 26 12:25:03 2010 Subject: Data Loss Protection In-Reply-To: References: <201011261202.oAQC0U8A009855@safir.blacknight.ie><4CEFA5AB.3010408@ecs.soton.ac.uk> Message-ID: <493932484-1290774291-cardhu_decombobulator_blackberry.rim.net-905971686-@bda478.bisx.prod.on.blackberry> Or if you're using an ancient version, MCP! :-) -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 +1-440-253-9789 (USA) Recuerda visitar http://vidadigital.com.pa/ BB PIN 20EA17C5 Twitter: @AlexNeuman - @VidaDigitalTV http://facebook.com/vidadigital Skype: alexneuman -----Original Message----- From: Julian Field Sender: mailscanner-bounces@lists.mailscanner.info Date: Fri, 26 Nov 2010 12:18:51 To: MailScanner discussion Reply-To: MailScanner discussion Subject: Re: Data Loss Protection On 26/11/2010 12:09, Paulo Roncon wrote: > Does anyone have any form of data loss protection working with mailscanner? > A simple feature could be: > outbound mail: based on the analysis of the header the service could aply rules (quarantine, reject with notification, send mail in SSL, other) > The basic ideia is to prevent that unauthorized content leaves the corporate and/or goes to the internet without encryption. > I think it could be a nice feature or even a new project. > > Any coments? Pretty much all of what you want to do is already there. See these settings in MailScanner.conf : Block Encrypted Messages = Block Unencrypted Messages = Allow Password-Protected Archives = Archives Must Be Password-Protected = Check Filenames In Password-Protected Archives = and last but very importantly SpamAssassin Rule Actions = Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USherbrooke.ca Fri Nov 26 13:14:38 2010 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Nov 26 13:14:50 2010 Subject: A way to throttle mail from domain/ip? In-Reply-To: References: Message-ID: <4CEFB2BE.5070106@USherbrooke.ca> Le 2010-11-26 04:31, Peter Bonivart a ?crit : > I would like to throttle mail so no single domain/ip can send a lot of > mail to us in a short amount of time (think newsletters bogging down > MailScanner). I can't find anything in Sendmail that offers that, only > generic throttling that doesn't keep state of who sends how much. > > I have found two milters that I think would work: > > 1. milter-limit from Snertsoft. Costs money. > 2. j-chkmail. Free. > > Does anyone use any of the two above for this and what do you think of > them? Or is there more solutions available (for Sendmail)? > > /peter We're using milter-limit. It's free. It works very well! Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x62252 F: 819.821.8045 From bonivart at opencsw.org Fri Nov 26 13:19:40 2010 From: bonivart at opencsw.org (Peter Bonivart) Date: Fri Nov 26 13:20:13 2010 Subject: Syntax of SA Rule Actions ruleset? Message-ID: I have trouble understanding the required syntax for defining several rules in the ruleset. This is simple, if it's to foo.com and it hits PB_PDF then apply store-nonspam. To: *@foo.com PB_PDF=>store-nonspam But how about if you have several rules that can possibly match, even if the actions should be same I have trouble defining it. Should I do like this: To: *@foo.com PB_FOO2=>not-deliver,store-nonspam,forward mail.quarantine@foo.com To: *@foo.com PB_FOO3=>not-deliver,store-nonspam,forward mail.quarantine@foo.com FromOrTo: default Or like this: To: *@foo.com PB_FOO2=>not-deliver,store-nonspam,forward mail.quarantine@foo.com,PB_FOO3=>not-deliver,store-nonspam,forward mail.quarantine@foo.com FromOrTo: default I have tried a few variations and the last one works but with some side effects like it also tries to forward to an address "mail.quarantine@foo.com PB_FOO2=>not-deliver" so obviously it doesn't like that syntax either. /peter From bonivart at opencsw.org Fri Nov 26 13:25:37 2010 From: bonivart at opencsw.org (Peter Bonivart) Date: Fri Nov 26 13:26:08 2010 Subject: A way to throttle mail from domain/ip? In-Reply-To: <530756963242499720@unknownmsgid> References: <530756963242499720@unknownmsgid> Message-ID: On Fri, Nov 26, 2010 at 12:21 PM, Peter Bonivart wrote: > On 26 nov 2010, at 11:34, Glenn Steen wrote: > >> Didn't Vispan do something like that? Although with some firewall >> integration...? > > You may be right, I'm at lunch so I will have to verify that later. I > also found that milter-greylist has some ratelimit feature built in. Vispan uses iptables which I don't want to use and it adds ip addresses which have sent spam. It's a nice feature but it's not what I want here, these newsletters may very well not be spam but I simply don't want them to bog down the servers by sending thousands of mail in a few minutes. /peter From bonivart at opencsw.org Fri Nov 26 13:27:09 2010 From: bonivart at opencsw.org (Peter Bonivart) Date: Fri Nov 26 13:27:39 2010 Subject: A way to throttle mail from domain/ip? In-Reply-To: <4CEFB2BE.5070106@USherbrooke.ca> References: <4CEFB2BE.5070106@USherbrooke.ca> Message-ID: 2010/11/26 Denis Beauchemin : > We're using milter-limit. It's free. It works very well! I was under the impression libsnert cost money..? But as Alex posted it's listed as free in deed so I will give it a try. Thanks. /peter From ecasarero at gmail.com Fri Nov 26 13:33:39 2010 From: ecasarero at gmail.com (Eduardo Casarero) Date: Fri Nov 26 13:33:54 2010 Subject: A way to throttle mail from domain/ip? In-Reply-To: References: <530756963242499720@unknownmsgid> Message-ID: <655099662-1290778422-cardhu_decombobulator_blackberry.rim.net-314220631-@bda753.bisx.prod.on.blackberry> Did you try milter-limit? It has per Ip/user/domain rate limits. Sorry for the top posting ikm writing from my phone. Sent from my BB. -----Original Message----- From: Peter Bonivart Sender: mailscanner-bounces@lists.mailscanner.info Date: Fri, 26 Nov 2010 14:25:37 To: MailScanner discussion Reply-To: MailScanner discussion Subject: Re: A way to throttle mail from domain/ip? On Fri, Nov 26, 2010 at 12:21 PM, Peter Bonivart wrote: > On 26 nov 2010, at 11:34, Glenn Steen wrote: > >> Didn't Vispan do something like that? Although with some firewall >> integration...? > > You may be right, I'm at lunch so I will have to verify that later. I > also found that milter-greylist has some ratelimit feature built in. Vispan uses iptables which I don't want to use and it adds ip addresses which have sent spam. It's a nice feature but it's not what I want here, these newsletters may very well not be spam but I simply don't want them to bog down the servers by sending thousands of mail in a few minutes. /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From steve at fsl.com Fri Nov 26 13:49:06 2010 From: steve at fsl.com (Stephen Swaney) Date: Fri Nov 26 13:49:16 2010 Subject: A way to throttle mail from domain/ip? In-Reply-To: References: <4CEFB2BE.5070106@USherbrooke.ca> Message-ID: On Nov 26, 2010, at 8:27 AM, Peter Bonivart wrote: > 2010/11/26 Denis Beauchemin : >> We're using milter-limit. It's free. It works very well! > > I was under the impression libsnert cost money..? But as Alex posted > it's listed as free in deed so I will give it a try. > > Thanks. > > /peter > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! Many libsnert based applications are free. You need to check the website: www.snertsoft.com For the most current information. Best regards, Steve -- Steve Swaney steve@fsl.com www.fsl.com The most accurate and cost effective anti-spam solutions available From MailScanner at ecs.soton.ac.uk Fri Nov 26 15:53:42 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Nov 26 15:53:59 2010 Subject: Syntax of SA Rule Actions ruleset? In-Reply-To: References: <4CEFD806.2@ecs.soton.ac.uk> Message-ID: On 26/11/2010 13:19, Peter Bonivart wrote: > I have trouble understanding the required syntax for defining several > rules in the ruleset. > > This is simple, if it's to foo.com and it hits PB_PDF then apply store-nonspam. > > To: *@foo.com PB_PDF=>store-nonspam > > But how about if you have several rules that can possibly match, even > if the actions should be same I have trouble defining it. Should I do > like this: > > To: *@foo.com PB_FOO2=>not-deliver,store-nonspam,forward > mail.quarantine@foo.com > To: *@foo.com PB_FOO3=>not-deliver,store-nonspam,forward > mail.quarantine@foo.com > FromOrTo: default > > Or like this: > > To: *@foo.com PB_FOO2=>not-deliver,store-nonspam,forward > mail.quarantine@foo.com,PB_FOO3=>not-deliver,store-nonspam,forward > mail.quarantine@foo.com > FromOrTo: default Create a meta-rule in SpamAssassin that is something like this: meta PB_F002_OR_3 PB_F002 || PB_F003 Then use a rule in MailScanner that looks like To: *@foo.com PB_F002_OR_3=>not-deliver,store-nonspam,forward mail.quarantine@foo.com So in your SpamAssassin rules, combine every relevant rule into a meta-rule that is a logical expression using your original rule names. Then in MailScanner, just trigger actions off the meta-rule. > I have tried a few variations and the last one works but with some > side effects like it also tries to forward to an address > "mail.quarantine@foo.com PB_FOO2=>not-deliver" so obviously it doesn't > like that syntax either. > > /peter Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From bonivart at opencsw.org Fri Nov 26 16:10:13 2010 From: bonivart at opencsw.org (Peter Bonivart) Date: Fri Nov 26 16:10:44 2010 Subject: Syntax of SA Rule Actions ruleset? In-Reply-To: References: <4CEFD806.2@ecs.soton.ac.uk> Message-ID: On Fri, Nov 26, 2010 at 4:53 PM, Julian Field wrote: > Create a meta-rule in SpamAssassin that is something like this: > meta PB_F002_OR_3 PB_F002 || PB_F003 > > Then use a rule in MailScanner that looks like > > To: *@foo.com PB_F002_OR_3=>not-deliver,store-nonspam,forward > mail.quarantine@foo.com > > So in your SpamAssassin rules, combine every relevant rule into a meta-rule > that is a logical expression using your original rule names. Then in > MailScanner, just trigger actions off the meta-rule. Sounds brilliant! I'll test it on Monday though, I never change anything before I go home for the weekend. :-) /peter From ssilva at sgvwater.com Mon Nov 29 18:11:48 2010 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Nov 29 18:12:12 2010 Subject: Non Spam actions problem In-Reply-To: References: <4CEAD83C.7090103@ecs.soton.ac.uk> <0ca479f63463f464fd0f1e5ad3063b1b@vps517.directvps.nl> <4CEE7A9A.9060103@ecs.soton.ac.uk> Message-ID: on 11-25-2010 7:02 AM Julian Field spake the following: > > > On 25/11/2010 14:47, S?ren Dam wrote: >> >> >> 2010/11/25 Hugo van der Kooij > > >> >> On Wed, 24 Nov 2010 23:20:05 +0100, S?ren Dam > > wrote: >> >>> When I did that test you proposed, Mailscanner couldn't read the >>> rules file. Then I changed the file name from >>> "Non.SpamAction.*Rules*" to "Non.SpamAction.*rules" *That helped! >>> This is properly common knowledge if you read the Mailscanner >>> book, which i will buy now..;-) >>> /Soeren >> >> Sounds more like common unix knowledge. Things are case sensetive >> untill proven otherwise. >> >> Hugo. >> >> No..thats NOT common UNIX knowledge.. >> I'm fully aware of case sensitivity.. >> I named the entry in the Mailscanner.conf the EXACT same way as the .rules >> file. But it does simply not work if you name a something.rules file >> something.Rules. Try it out! >> >> That is NOT normal i would say.. > MailScanner uses a lot of heuristics to work out what you mean by what you put > in the MailScanner.conf file. There is no defined syntax, it's just not that > simple. > > If I had made it easy for me, all you guys would have to put explanatory > things all over the place so my code could easily see what you meant. > > I made it easy for you, not for me; so the parser is very much > heuristics-based, and so does tend to make a few assumptions to start with. > And yes, one of those is that rules filenames end in ".rules" usually. It > doesn't enforce that everywhere by any means, but it does make that assumption > occasionally. > > I'll change the code to allow .Rules as well as .rules to keep you happy, that > shouldn't break anything too major. > > Jules. It might be a lot less coding to just add a note stating that it is case sensitive... You already have so much to do, why play in the code for this? From Kevin_Miller at ci.juneau.ak.us Mon Nov 29 18:19:05 2010 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Nov 29 18:19:16 2010 Subject: Non Spam actions problem In-Reply-To: References: <4CEAD83C.7090103@ecs.soton.ac.uk> <0ca479f63463f464fd0f1e5ad3063b1b@vps517.directvps.nl> <4CEE7A9A.9060103@ecs.soton.ac.uk> Message-ID: <4A09477D575C2C4B86497161427DD94C15B0D18A88@city-exchange07> Scott Silva wrote: > It might be a lot less coding to just add a note stating that it is > case sensitive... You already have so much to do, why play in the > code for this? I agree. It already says it must end in .rules. That implies there's something going on internally that is looking for a .rules extension, not just a match to the filename in MailScanner.conf. What's next, accomodating 'leet haxors' so that .Roolz works too? :-) As they say, "If it ain't broke, don't fix it". ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From peter.ong at hypermediasystems.com Mon Nov 29 18:28:08 2010 From: peter.ong at hypermediasystems.com (Peter Ong) Date: Mon Nov 29 18:28:18 2010 Subject: Postfix reject_unverified_recipient question In-Reply-To: <2132954328.22005.1291055162626.JavaMail.root@mail021.dti> Message-ID: <2053593310.22014.1291055288546.JavaMail.root@mail021.dti> Hello Everyone, I know this is a MailScanner list, but in the off chance there's a postfix expert here, I'll venture to ask. In my postfix installation, I have enabled this: reject_unverified_recipient This postfix is the MTA for our MailScanner gateway. With said option enabled, it takes the recipient and verifies it exists with the final destination mail server. If that server says that address exists, then the gateway will proceed to receive the rest of the email. However, when the recipient is one that does not exist, the final destination server replies a 550 etc. The gateway then replies to the sending SMTP server with a 450. This is bad because with a 450, many mail servers will not let the senders know until after 5 days have past that the email couldn't be sent. I need the gateway (postfix) configured such that when the final destination server replies with a 550 when verifying the existence of an address, that it will also reply a 550 to the sending email server. Would there be an postfix experts on the list that could shed some light on this? Thank you. p From malli at mcrirents.com Mon Nov 29 18:40:21 2010 From: malli at mcrirents.com (Mohammed Alli) Date: Mon Nov 29 18:42:02 2010 Subject: Postfix reject_unverified_recipient question In-Reply-To: <2053593310.22014.1291055288546.JavaMail.root@mail021.dti> References: <2132954328.22005.1291055162626.JavaMail.root@mail021.dti> <2053593310.22014.1291055288546.JavaMail.root@mail021.dti> Message-ID: <3B1A431BDA34C54581BE43253BC1BD93024701DB@exchange.computerrents.com> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter Ong Sent: Monday, November 29, 2010 1:28 PM To: mailscanner Subject: Postfix reject_unverified_recipient question Hello Everyone, I know this is a MailScanner list, but in the off chance there's a postfix expert here, I'll venture to ask. In my postfix installation, I have enabled this: reject_unverified_recipient This postfix is the MTA for our MailScanner gateway. With said option enabled, it takes the recipient and verifies it exists with the final destination mail server. If that server says that address exists, then the gateway will proceed to receive the rest of the email. However, when the recipient is one that does not exist, the final destination server replies a 550 etc. The gateway then replies to the sending SMTP server with a 450. This is bad because with a 450, many mail servers will not let the senders know until after 5 days have past that the email couldn't be sent. I need the gateway (postfix) configured such that when the final destination server replies with a 550 when verifying the existence of an address, that it will also reply a 550 to the sending email server. Would there be an postfix experts on the list that could shed some light on this? Thank you. p -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Hey, You can try this: unverified_recipient_reject_code = 550 Rocky From peter.ong at hypermediasystems.com Mon Nov 29 19:01:11 2010 From: peter.ong at hypermediasystems.com (Peter Ong) Date: Mon Nov 29 19:01:22 2010 Subject: Postfix reject_unverified_recipient question In-Reply-To: <832827664.22052.1291057192543.JavaMail.root@mail021.dti> Message-ID: <625103819.22054.1291057271712.JavaMail.root@mail021.dti> ----- Original Message ----- > From: "Mohammed Alli" > You can try this: > unverified_recipient_reject_code = 550 I was just reading the documentation about it, and found this. However, I fear that this is sort of painting with broad brush strokes. Postfix will reply 550 on any problem even if the final destination server replies with a 4xx. What I really want to do is to make it so that the gateway repeats the error back to the sending server. If the final destination servers says 4xx or 5xx, I need postfix to return the same to the sending server. p From glenn.steen at gmail.com Tue Nov 30 08:09:09 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Nov 30 08:09:19 2010 Subject: Postfix reject_unverified_recipient question In-Reply-To: <625103819.22054.1291057271712.JavaMail.root@mail021.dti> References: <832827664.22052.1291057192543.JavaMail.root@mail021.dti> <625103819.22054.1291057271712.JavaMail.root@mail021.dti> Message-ID: On 29 November 2010 20:01, Peter Ong wrote: > > ----- Original Message ----- > >> From: "Mohammed Alli" > >> You can try this: >> unverified_recipient_reject_code = 550 > > I was just reading the documentation about it, and found this. However, I fear that this is sort of painting with broad brush strokes. Postfix will reply 550 on any problem even if the final destination server replies with a 4xx. What I really want to do is to make it so that the gateway repeats the error back to the sending server. If the final destination servers says 4xx or 5xx, I need postfix to return the same to the sending server. > > p And did you verify this, empirically? I don't think you did, because (according to that last resort: the docs;-) Postfix should be smarter than that.... Read the section about "reject_unverified_recipient" again. My interpretation is that the unverified_recipient_reject_code only affect things that generate a 5xx return code, so the "soft_bounce default behaviour" is only there so that it doesn't mess things up while you test the recipient verifiacion out (dependong on whether you have control of the detsination, it being correctly configured for rejecting unknown recipients etc, this is prudence). Bottom line... When you set it to the 550 return code, it'll behave exactly as you want... Try it, you'll like it;-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Tue Nov 30 08:57:07 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Nov 30 08:57:22 2010 Subject: Non Spam actions problem In-Reply-To: <4A09477D575C2C4B86497161427DD94C15B0D18A88@city-exchange07> References: <4CEAD83C.7090103@ecs.soton.ac.uk> <0ca479f63463f464fd0f1e5ad3063b1b@vps517.directvps.nl> <4CEE7A9A.9060103@ecs.soton.ac.uk> <4A09477D575C2C4B86497161427DD94C15B0D18A88@city-exchange07> <4CF4BC63.5000007@ecs.soton.ac.uk> Message-ID: On 29/11/2010 18:19, Kevin Miller wrote: > Scott Silva wrote: > >> It might be a lot less coding to just add a note stating that it is >> case sensitive... You already have so much to do, why play in the >> code for this? > I agree. It already says it must end in .rules. That implies there's something going on internally that is looking for a .rules extension, not just a match to the filename in MailScanner.conf. > > What's next, accomodating 'leet haxors' so that .Roolz works too? :-) Don't worry, I'm certainly not allowing that! The 'leet haxor' type are a bunch of pathetic amateurs in my book. :-) > As they say, "If it ain't broke, don't fix it". It was a 3 character modification to 3 lines of code, just changing "r" to "[Rr]". Only took me 2 minutes to do :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From bonivart at opencsw.org Tue Nov 30 12:35:15 2010 From: bonivart at opencsw.org (Peter Bonivart) Date: Tue Nov 30 12:35:44 2010 Subject: Syntax of SA Rule Actions ruleset? In-Reply-To: References: <4CEFD806.2@ecs.soton.ac.uk> Message-ID: On Fri, Nov 26, 2010 at 5:10 PM, Peter Bonivart wrote: > On Fri, Nov 26, 2010 at 4:53 PM, Julian Field > wrote: >> Create a meta-rule in SpamAssassin that is something like this: >> meta PB_F002_OR_3 PB_F002 || PB_F003 >> >> Then use a rule in MailScanner that looks like >> >> To: *@foo.com PB_F002_OR_3=>not-deliver,store-nonspam,forward >> mail.quarantine@foo.com >> >> So in your SpamAssassin rules, combine every relevant rule into a meta-rule >> that is a logical expression using your original rule names. Then in >> MailScanner, just trigger actions off the meta-rule. > > Sounds brilliant! I'll test it on Monday though, I never change > anything before I go home for the weekend. :-) This worked. Thanks Julian! /peter From hvdkooij at vanderkooij.org Tue Nov 30 14:28:55 2010 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Nov 30 14:36:24 2010 Subject: Fwd: [Clamav-announce] announcing ClamAV 0.96.5 Message-ID: Dear ClamAV users, ClamAV 0.96.5 includes bugfixes and minor feature enhancements, such as improved handling of detection statistics, better file logging, and support for custom database URLs in freshclam. Please refer to the ChangeLog for details. Download : http://downloads.sourceforge.net/clamav/clamav-0.96.5.tar.gz PGP sig : http://downloads.sourceforge.net/clamav/clamav-0.96.5.tar.gz.sig Bugfixes : http://www.clamav.net/release-info/bugs/0.96.5 ChangeLog: http://www.clamav.net/release-info/changelog/0.96.5 -- The ClamAV team (http://www.clamav.net/team) -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc From prandal at herefordshire.gov.uk Tue Nov 30 14:43:55 2010 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Nov 30 14:44:15 2010 Subject: FW: [Clamav-announce] announcing ClamAV 0.96.5 In-Reply-To: <20101130141720.GA5003@adsl.nervous.it> References: <20101130141720.GA5003@adsl.nervous.it> Message-ID: <7CA580B59C1ABD45B4614ED90D4C7B85087B44@HC-EXMBX02.herefordshire.gov.uk> FYI -- Phil Randal | Infrastructure Engineer NHS Herefordshire & Herefordshire Council? | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 -----Original Message----- From: clamav-announce-bounces@lists.clamav.net [mailto:clamav-announce-bounces@lists.clamav.net] On Behalf Of Luca Gibelli Sent: 30 November 2010 14:17 To: clamav-announce@lists.clamav.net Subject: [Clamav-announce] announcing ClamAV 0.96.5 Dear ClamAV users, ClamAV 0.96.5 includes bugfixes and minor feature enhancements, such as improved handling of detection statistics, better file logging, and support for custom database URLs in freshclam. Please refer to the ChangeLog for details. Download : http://downloads.sourceforge.net/clamav/clamav-0.96.5.tar.gz PGP sig : http://downloads.sourceforge.net/clamav/clamav-0.96.5.tar.gz.sig Bugfixes : http://www.clamav.net/release-info/bugs/0.96.5 ChangeLog: http://www.clamav.net/release-info/changelog/0.96.5 -- The ClamAV team (http://www.clamav.net/team) -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. You should be aware that Herefordshire Council monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From MailScanner at ecs.soton.ac.uk Tue Nov 30 14:55:17 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Nov 30 14:55:30 2010 Subject: Fwd: [Clamav-announce] announcing ClamAV 0.96.5 In-Reply-To: References: <4CF51055.1040806@ecs.soton.ac.uk> Message-ID: I have just upgraded the SpamAssassin+ClamAV easy-install package on www.mailscanner.info. On 30/11/2010 14:28, Hugo van der Kooij wrote: > Dear ClamAV users, > > ClamAV 0.96.5 includes bugfixes and minor feature enhancements, such as > improved handling of detection statistics, better file logging, > and support for custom database URLs in freshclam. Please refer to the > ChangeLog for details. > > Download : http://downloads.sourceforge.net/clamav/clamav-0.96.5.tar.gz > PGP sig : > http://downloads.sourceforge.net/clamav/clamav-0.96.5.tar.gz.sig > Bugfixes : http://www.clamav.net/release-info/bugs/0.96.5 > ChangeLog: http://www.clamav.net/release-info/changelog/0.96.5 > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From peter.ong at hypermediasystems.com Tue Nov 30 15:01:10 2010 From: peter.ong at hypermediasystems.com (Peter Ong) Date: Tue Nov 30 15:01:23 2010 Subject: Postfix reject_unverified_recipient question In-Reply-To: <332549112.22492.1291129247280.JavaMail.root@mail021.dti> Message-ID: <2138138126.22494.1291129270129.JavaMail.root@mail021.dti> ----- Original Message ----- > From: "Glenn Steen" > And did you verify this, empirically? I don't think you did, because > (according to that last resort: the docs;-) Postfix should be smarter > than that.... Read the section about "reject_unverified_recipient" > again. My interpretation is that the unverified_recipient_reject_code > only affect things that generate a 5xx return code, so the > "soft_bounce default behaviour" is only there so that it doesn't mess > things up while you test the recipient verifiacion out (dependong on > whether you have control of the detsination, it being correctly > configured for rejecting unknown recipients etc, this is prudence). Yes, I verified it quite extensively. (http://www.postfix.org/ADDRESS_VERIFICATION_README.html) The unverified_recipient_reject_code was confusing in this regard when I read it at first. But upon closer examination in Postfix 2.6 there is an unverified_recipient_defer_code which clued me into maybe that "reject" was supposed to be modified. At first, I feared that it was going to unconditionally reply 5xx to anything even for lesser offenses. But now that I see the "defer" version, I'm quite convinced it's okay to change it to 550. After the change, I've tested it and it works. However, I am unable to create a test situation where the final destination server would reply in the 4xx or less. But I think it's working now. Thanks Glenn and everyone. p From glenn.steen at gmail.com Tue Nov 30 15:35:18 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Nov 30 15:35:30 2010 Subject: Postfix reject_unverified_recipient question In-Reply-To: <2138138126.22494.1291129270129.JavaMail.root@mail021.dti> References: <332549112.22492.1291129247280.JavaMail.root@mail021.dti> <2138138126.22494.1291129270129.JavaMail.root@mail021.dti> Message-ID: For testing, simply create a mailbox with a vanishingly small quota on some destination system, then ... exceed the "warning level"...;-) Cheers Den 30 nov 2010 16.04, "Peter Ong" skrev: ----- Original Message ----- > From: "Glenn Steen" > And did you verify t... Yes, I verified it quite extensively. (http://www.postfix.org/ADDRESS_VERIFICATION_README.html) The unverified_recipient_reject_code was confusing in this regard when I read it at first. But upon closer examination in Postfix 2.6 there is an unverified_recipient_defer_code which clued me into maybe that "reject" was supposed to be modified. At first, I feared that it was going to unconditionally reply 5xx to anything even for lesser offenses. But now that I see the "defer" version, I'm quite convinced it's okay to change it to 550. After the change, I've tested it and it works. However, I am unable to create a test situation where the final destination server would reply in the 4xx or less. But I think it's working now. Thanks Glenn and everyone. p -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mai... -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101130/009f36ac/attachment.html From peter.ong at hypermediasystems.com Tue Nov 30 15:57:28 2010 From: peter.ong at hypermediasystems.com (Peter Ong) Date: Tue Nov 30 15:57:38 2010 Subject: Postfix reject_unverified_recipient question In-Reply-To: Message-ID: <799960755.22580.1291132648865.JavaMail.root@mail021.dti> That's a great idea. I'll do that. Thanks. p ----- Original Message ----- > From: "Glenn Steen" > To: "MailScanner discussion" > Sent: Tuesday, November 30, 2010 7:35:18 AM > Subject: Re: Postfix reject_unverified_recipient question > > For testing, simply create a mailbox with a vanishingly small quota on > some destination system, then ... exceed the "warning level"...;-) > Cheers > > > > Den 30 nov 2010 16.04, "Peter Ong" < peter.ong@hypermediasystems.com > > skrev: > > > > > ----- Original Message ----- > > > From: "Glenn Steen" < glenn.steen@gmail.com > > > > And did you verify t... Yes, I verified it quite extensively. > > ( http://www.postfix.org/ADDRESS_VERIFICATION_README.html ) > The unverified_recipient_reject_code was confusing in this regard when > I read it at first. But upon closer examination in Postfix 2.6 there > is an unverified_recipient_defer_code which clued me into maybe that > "reject" was supposed to be modified. At first, I feared that it was > going to unconditionally reply 5xx to anything even for lesser > offenses. But now that I see the "defer" version, I'm quite convinced > it's okay to change it to 550. > > After the change, I've tested it and it works. However, I am unable to > create a test situation where the final destination server would reply > in the 4xx or less. But I think it's working now. Thanks Glenn and > everyone. > > > > p > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mai. .. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From Kevin_Miller at ci.juneau.ak.us Tue Nov 30 18:13:03 2010 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Nov 30 18:13:18 2010 Subject: Non Spam actions problem In-Reply-To: References: <4CEAD83C.7090103@ecs.soton.ac.uk> <0ca479f63463f464fd0f1e5ad3063b1b@vps517.directvps.nl> <4CEE7A9A.9060103@ecs.soton.ac.uk> <4A09477D575C2C4B86497161427DD94C15B0D18A88@city-exchange07> <4CF4BC63.5000007@ecs.soton.ac.uk> Message-ID: <4A09477D575C2C4B86497161427DD94C15B0D18A91@city-exchange07> Julian Field wrote: > It was a 3 character modification to 3 lines of code, just changing > "r" > to "[Rr]". Only took me 2 minutes to do :-) Well, that's pretty safe I guess. You're a saint Julian... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From ecasarero at gmail.com Tue Nov 30 20:42:30 2010 From: ecasarero at gmail.com (Eduardo Casarero) Date: Tue Nov 30 20:50:42 2010 Subject: Problem with SQL config on MailScanner Message-ID: Hi everybody! Today i started playing with the sql config options for MailScanner and i cant make it work. My "config" table definition: CREATE TABLE `config` ( `id` int(11) NOT NULL auto_increment, `hostname` varchar(100) NOT NULL, `value` varchar(100) NOT NULL, `external` varchar(100) NOT NULL, `options` varchar(100) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM MailScanner.conf: DB DSN = DBI:mysql:dbname=mailscanner;host=localhost;port=3306 DB Username = root DB Password = password SQL Serial Number = SELECT value FROM config WHERE options='confserialnumber' SQL Quick Peek = SELECT value FROM config WHERE external=? AND hostname=? SQL Config = SELECT options, value FROM config WHERE hostname=? SQL Ruleset = SQL SpamAssassin Config = SQL Debug = yes this is the output i get: /opt/MailScanner/bin/MailScanner --debug --lint *Database functions disabled* Trying to setlogsock(unix) Reading configuration file /opt/MailScanner/etc/MailScanner.conf Read 865 hostnames from the phishing whitelist Read 5278 hostnames from the phishing blacklists Checking version numbers... Version number in MailScanner.conf (4.81.4) is correct. (...) Does anybody have any idea of what i am doing wrong? Also, if the line "include" is enable at the end of MailScanner.conf with a valid config file all the DB config seems to dissapear, does anybody knows what is the precedence between the include and the db? Thanks!!! Eduardo. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101130/cf2ccd94/attachment.html From danield at igb.uiuc.edu Tue Nov 30 21:14:13 2010 From: danield at igb.uiuc.edu (Daniel Davidson) Date: Tue Nov 30 21:14:28 2010 Subject: Many cache hits before message finally delivered Message-ID: <1291151653.24471.61.camel@localhost.localdomain> I am having an odd problem were simple messages seemingly at random take a very long time to deliver. Most others, deliver right away. A little checking reveals that they are getting scanned for viruses multiple times. For example: [root@mail etc]# grep Nov\ 30 /var/log/maillog|grep 98A1140460 |grep SpamAssassin\ cache Nov 30 08:55:29 mail MailScanner[27405]: SpamAssassin cache hit for message 98A1140460.79963 Nov 30 08:55:37 mail MailScanner[28156]: SpamAssassin cache hit for message 98A1140460.25237 Nov 30 08:55:43 mail MailScanner[28270]: SpamAssassin cache hit for message 98A1140460.A8B9B ......... Nov 30 10:12:11 mail MailScanner[11353]: SpamAssassin cache hit for message 98A1140460.37797 Nov 30 10:12:15 mail MailScanner[11353]: Requeue: 98A1140460.37797 to 8D23F4033E This ran about 500 times before the requeue finally took effect. Any ideas as to what can cause this? I just updated clamav, but that does not seem to help. Below are the appropriate package versions. Thanks for any help in advance. mailscanner-4.61.7-2 spamassassin-3.3.1-3.el5.rf clamav-0.96.5-1.el5.rf postfix-2.3.3-2.1.el5_2 procmail-3.22-17.1 From mikael at syska.dk Tue Nov 30 21:43:17 2010 From: mikael at syska.dk (Mikael Syska) Date: Tue Nov 30 21:43:33 2010 Subject: Many cache hits before message finally delivered In-Reply-To: <1291151653.24471.61.camel@localhost.localdomain> References: <1291151653.24471.61.camel@localhost.localdomain> Message-ID: Hi. On Tue, Nov 30, 2010 at 10:14 PM, Daniel Davidson wrote: > I am having an odd problem were simple messages seemingly at random take > a very long time to deliver. ?Most others, deliver right away. A little > checking reveals that they are getting scanned for viruses multiple > times. ?For example: > > [root@mail etc]# grep Nov\ 30 /var/log/maillog|grep 98A1140460 |grep > SpamAssassin\ cache > Nov 30 08:55:29 mail MailScanner[27405]: SpamAssassin cache hit for > message 98A1140460.79963 > Nov 30 08:55:37 mail MailScanner[28156]: SpamAssassin cache hit for > message 98A1140460.25237 > Nov 30 08:55:43 mail MailScanner[28270]: SpamAssassin cache hit for > message 98A1140460.A8B9B > ......... > Nov 30 10:12:11 mail MailScanner[11353]: SpamAssassin cache hit for > message 98A1140460.37797 > Nov 30 10:12:15 mail MailScanner[11353]: Requeue: 98A1140460.37797 to > 8D23F4033E > > This ran about 500 times before the requeue finally took effect. ?Any > ideas as to what can cause this? ?I just updated clamav, but that does > not seem to help. ?Below are the appropriate package versions. ?Thanks > for any help in advance. > > mailscanner-4.61.7-2 Just stating the obviously ... you know that version is 3? years old, right ? The first thing people will say it to upgrade to latest stable. Were do you get this package from? > spamassassin-3.3.1-3.el5.rf This is also new ... > clamav-0.96.5-1.el5.rf This one is new ... > postfix-2.3.3-2.1.el5_2 > procmail-3.22-17.1 > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > I would upgrade MS ... and then see if this continues. There have been done alot to catch mails thats crashing MS. mvh Mikael Syska From danield at igb.uiuc.edu Tue Nov 30 22:11:18 2010 From: danield at igb.uiuc.edu (Daniel Davidson) Date: Tue Nov 30 22:11:32 2010 Subject: Many cache hits before message finally delivered In-Reply-To: References: <1291151653.24471.61.camel@localhost.localdomain> Message-ID: <1291155078.26771.7.camel@localhost.localdomain> Sounds like I need to schedule a server outage then. It is odd that this seems to be a fairly new problem though. Dan On Tue, 2010-11-30 at 22:43 +0100, Mikael Syska wrote: > Hi. > > On Tue, Nov 30, 2010 at 10:14 PM, Daniel Davidson wrote: > > I am having an odd problem were simple messages seemingly at random take > > a very long time to deliver. Most others, deliver right away. A little > > checking reveals that they are getting scanned for viruses multiple > > times. For example: > > > > [root@mail etc]# grep Nov\ 30 /var/log/maillog|grep 98A1140460 |grep > > SpamAssassin\ cache > > Nov 30 08:55:29 mail MailScanner[27405]: SpamAssassin cache hit for > > message 98A1140460.79963 > > Nov 30 08:55:37 mail MailScanner[28156]: SpamAssassin cache hit for > > message 98A1140460.25237 > > Nov 30 08:55:43 mail MailScanner[28270]: SpamAssassin cache hit for > > message 98A1140460.A8B9B > > ......... > > Nov 30 10:12:11 mail MailScanner[11353]: SpamAssassin cache hit for > > message 98A1140460.37797 > > Nov 30 10:12:15 mail MailScanner[11353]: Requeue: 98A1140460.37797 to > > 8D23F4033E > > > > This ran about 500 times before the requeue finally took effect. Any > > ideas as to what can cause this? I just updated clamav, but that does > > not seem to help. Below are the appropriate package versions. Thanks > > for any help in advance. > > > > mailscanner-4.61.7-2 > > Just stating the obviously ... you know that version is 3? years old, > right ? The first thing people will say it to upgrade to latest > stable. Were do you get this package from? > > > spamassassin-3.3.1-3.el5.rf > > This is also new ... > > > clamav-0.96.5-1.el5.rf > > This one is new ... > > > postfix-2.3.3-2.1.el5_2 > > procmail-3.22-17.1 > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > I would upgrade MS ... and then see if this continues. There have been > done alot to catch mails thats crashing MS. > > mvh > Mikael Syska From glenn.steen at gmail.com Tue Nov 30 22:27:54 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Nov 30 22:28:04 2010 Subject: Many cache hits before message finally delivered In-Reply-To: <1291155078.26771.7.camel@localhost.localdomain> References: <1291151653.24471.61.camel@localhost.localdomain> <1291155078.26771.7.camel@localhost.localdomain> Message-ID: Done right, the outage should be minutes, hardly more. Take a look at the maq, in the wiki, for tips on how to do that. Oh, and that a ticking bomb goes off in a ... sudden... way shouldn't come as a surprise...;-) If the problem persists after upgrading, we'll take it from there. Cheers Den 30 nov 2010 23.15, "Daniel Davidson" skrev: Sounds like I need to schedule a server outage then. It is odd that this seems to be a fairly new problem though. Dan On Tue, 2010-11-30 at 22:43 +0100, Mikael Syska wrote: > Hi. > > On Tue, Nov 30, 2010 at 10:14 PM... -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101130/c0de2135/attachment.html From bonivart at opencsw.org Tue Nov 30 22:38:15 2010 From: bonivart at opencsw.org (Peter Bonivart) Date: Tue Nov 30 22:38:45 2010 Subject: Many cache hits before message finally delivered In-Reply-To: References: <1291151653.24471.61.camel@localhost.localdomain> <1291155078.26771.7.camel@localhost.localdomain> Message-ID: On Tue, Nov 30, 2010 at 11:27 PM, Glenn Steen wrote: > Done right, the outage should be minutes, hardly more. Take a look at the > maq, in the wiki, for tips on how to do that. Or use two servers, take as long as you need to upgrade one with no service outage. :-) /peter