From m.anderlini at database.it  Fri Oct  1 09:17:04 2010
From: m.anderlini at database.it (Marcello Anderlini)
Date: Fri Oct  1 09:19:10 2010
Subject: [OT] how to debug spamassassin timeout
Message-ID: <FF9DFD485E414A15A6EB98CEC4CD9C29@dbdomain.database.it>

Hello guys, I know this could be named the "one million dollar question" but
someone could me please tells an easy and full way to debug my spamassassin
getting killed by timeout ?

I ran a spamassassin --lint -D and I get a very long file very obscure for
me to understand

I attach just the last two lines:
==============
Sep 30 12:47:52.808 [13455] dbg: timing: total 58389 ms - init: 48281
(82.7%), parse: 9 (0.0%), extract_message_metadata: 15 (0.0%),
get_uri_detail_list: 7 (0.0%), tests_pri_-1000: 376 (0.6%), compile_gen:
3777 (6.5%), compile_eval: 258 (0.4%), tests_pri_-950: 28 (0.0%),
tests_pri_-900: 56 (0.1%), tests_pri_-400: 1241 (2.1%), check_bayes: 1035
(1.8%), tests_pri_0: 6026 (10.3%), tests_pri_500: 1995 (3.4%),
tests_pri_900: 24 (0.0%), tests_pri_1000: 24 (0.0%)
==============

Starting from this point where should I go to check what is slow ?

Thanks to all and sorry for my worst english.

cheers

Dr. Marcello Anderlini
m.anderlini@database.it
---------------------------------------------
Database Informatica S.r.l.
Microsoft Certified Partner
Tel.  +39059775070
Fax. +39059779545
http://www.database.it
--------------------------------------------- 


-- 
Messaggio verificato dal servizio antivirus di Database Informatica

From Rainer.Blaes at astrium.eads.net  Fri Oct  1 11:22:01 2010
From: Rainer.Blaes at astrium.eads.net (Rainer Blaes)
Date: Fri Oct  1 11:23:25 2010
Subject: Clamav + Mailscanner: Denial of Service Attack in message
Message-ID: <4CA5B649.3010603@astrium.eads.net>

Dear all,
we are sending during the night some text based notifications to 
hundreds of users.
When we  enable virus scanning by Clamav 0.96 there are a lot of 
messages in the log
saying
Virus Scanning: Denial of Service attack in message
 From the list we learnt that this could be (is) a server's  resource 
problem ie
setting Virus Scanner Timeout to 600 and/or using clamdscan instead of 
clamscan
in the wrapper script should solve our problem. This we will check in 
the night.
Only to understand:
Why does Mailscanner has this DOS Attack Protection for OUTGOING mails
what's the reason for, for INCOMING mails it is obvious respectively is 
there a
config parameter to stop scanning OUTGOING mails?

Thanks for any hint!

Rainer


This email (including any attachments) may contain confidential and/or privileged information or information otherwise protected from disclosure. If you are not the intended recipient, please notify the sender immediately, do not copy this message or any attachments and do not use it for any purpose or disclose its content to any person, but delete this message and any attachments from your system. Astrium disclaims any and all liability if this email transmission was virus corrupted, altered or falsified.
---------------------------------------------------------
Astrium GmbH Vorsitzender des Aufsichtsrates: Thomas Mueller - Geschaeftsfuehrung: Evert Dudok (Vorsitzender), Dr. Reinhold Lutz, Josef Stukenborg
Sitz der Gesellschaft: Muenchen - Registergericht: Amtsgericht Muenchen, HRB Nr. 107 647  

Weitere Informationen ueber EADS Astrium @ http://www.astrium.eads.net/
From hvdkooij at vanderkooij.org  Fri Oct  1 11:26:31 2010
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Fri Oct  1 11:32:17 2010
Subject: [OT] how to debug spamassassin timeout
In-Reply-To: <FF9DFD485E414A15A6EB98CEC4CD9C29@dbdomain.database.it>
References: <FF9DFD485E414A15A6EB98CEC4CD9C29@dbdomain.database.it>
Message-ID: <4abc1b97df23f444349a5b22c38e02b0@127.0.0.1>

On Fri, 1 Oct 2010 10:17:04 +0200, "Marcello Anderlini"
<m.anderlini@database.it> wrote:
> Sep 30 12:47:52.808 [13455] dbg: timing: total 58389 ms - init: 48281
> (82.7%), parse: 9 (0.0%), extract_message_metadata: 15 (0.0%),

It takes 58.3 seconds to run. Of which 48.2 seconds is needed just to
start spamassassin and load everything.

I would definitly check if your system is not overloaded or just short of
RAM.

Hugo.

-- 
hvdkooij@vanderkooij.org   http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
From hvdkooij at vanderkooij.org  Fri Oct  1 14:56:29 2010
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Fri Oct  1 15:02:17 2010
Subject: AVG 8.5 support?
Message-ID: <5ef8d9eba070609da7251fc979116dee@127.0.0.1>



Hi Jules, 

AVG has brought us AVG v8.5 which you can download from
http://free.avg.com/us-en/download.prd-alf 

It might be nice to add this
to MailScanner in a future release. 

-- 
hvdkooij@vanderkooij.org
http://hugo.vanderkooij.org/
PGP/GPG? Use:
http://hugo.vanderkooij.org/0x58F19981.asc
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101001/8767a278/attachment.html
From alex at rtpty.com  Fri Oct  1 15:10:14 2010
From: alex at rtpty.com (Alex Neuman)
Date: Fri Oct  1 15:09:42 2010
Subject: AVG 8.5 support?
In-Reply-To: <5ef8d9eba070609da7251fc979116dee@127.0.0.1>
References: <5ef8d9eba070609da7251fc979116dee@127.0.0.1>
Message-ID: <954634577-1285942168-cardhu_decombobulator_blackberry.rim.net-1620559316-@bda957.bisx.prod.on.blackberry>

What's the deal with the free version of avg licensewise? Can it be used in a commercial environment? How about on a home server?
-- 
Alex Neuman van der Hans
Reliant Technologies
+507 6781-9505
+507 832-6725
+1-440-253-9789 (USA)

Recuerda visitar http://vidadigital.com.pa/ 

BB PIN 20EA17C5
Twitter: @AlexNeuman - @VidaDigitalTV
http://facebook.com/vidadigital
Skype: alexneuman

-----Original Message-----
From: Hugo van der Kooij <hvdkooij@vanderkooij.org>
Sender: mailscanner-bounces@lists.mailscanner.info
Date: Fri, 01 Oct 2010 15:56:29 
To: <mailscanner@lists.mailscanner.info>
Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Subject: AVG 8.5 support?

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


From hvdkooij at vanderkooij.org  Fri Oct  1 15:45:17 2010
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Fri Oct  1 15:51:07 2010
Subject: AVG 8.5 support?
In-Reply-To: <954634577-1285942168-cardhu_decombobulator_blackberry.rim.net-1620559316-@bda957.bisx.prod.on.blackberry>
References: <5ef8d9eba070609da7251fc979116dee@127.0.0.1>
	<954634577-1285942168-cardhu_decombobulator_blackberry.rim.net-1620559316-@bda957.bisx.prod.on.blackberry>
Message-ID: <348494bfa0901d51990ed1493ca2602d@127.0.0.1>

On Fri, 1 Oct 2010 14:10:14 +0000, "Alex Neuman" <alex@rtpty.com> wrote:
> What's the deal with the free version of avg licensewise? Can it be used
> in a commercial environment? How about on a home server?

I guess you can find those details on the link there. I suggest you read
them to see how they apply to your setup.

Hugo.

-- 
hvdkooij@vanderkooij.org   http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
From alex at rtpty.com  Fri Oct  1 15:58:24 2010
From: alex at rtpty.com (Alex Neuman)
Date: Fri Oct  1 15:57:55 2010
Subject: AVG 8.5 support?
Message-ID: <1803833154-1285945059-cardhu_decombobulator_blackberry.rim.net-764347920-@bda957.bisx.prod.on.blackberry>

Thanks. 
------Original Message------
From: Hugo van der Kooij
Sender: mailscanner-bounces@lists.mailscanner.info
To: MailScanner discussion
ReplyTo: MailScanner discussion
Subject: Re: AVG 8.5 support?
Sent: Oct 1, 2010 9:45 AM

On Fri, 1 Oct 2010 14:10:14 +0000, "Alex Neuman" <alex@rtpty.com> wrote:
> What's the deal with the free version of avg licensewise? Can it be used
> in a commercial environment? How about on a home server?

I guess you can find those details on the link there. I suggest you read
them to see how they apply to your setup.

Hugo.

-- 
hvdkooij@vanderkooij.org   http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


-- 
Alex Neuman van der Hans
Reliant Technologies
+507 6781-9505
+507 832-6725
+1-440-253-9789 (USA)

Recuerda visitar http://vidadigital.com.pa/ 

BB PIN 20EA17C5
Twitter: @AlexNeuman - @VidaDigitalTV
http://facebook.com/vidadigital
Skype: alexneuman
From campbell at cnpapers.com  Fri Oct  1 16:18:29 2010
From: campbell at cnpapers.com (Steve Campbell)
Date: Fri Oct  1 16:18:41 2010
Subject: Charter.net just seems to be A-holes
Message-ID: <4CA5FBC5.2040905@cnpapers.com>

  It's OT, but I've been fighting this one on and off for a while. Time 
to vent.

charter.net keeps tempfailing our servers with a 452.4.1.0. All the 
research and all the efforts to contact them seems to be useless. I've 
blocked outgoing to charter.net from our most commonly used server to 
charter, but still get that stupid "exceeded limit" return code.

If any of you all are charter.net customers, do us all a favor and 
notify someone there that they're blocking valid emails being sent from 
websites to their own accounts with really stupid rules. The rules they 
use for resetting limits never reset themselves.

None of their email addresses for reporting this seems to be open, and 
I'm tired of answering the same question over and over again about why 
charter thinks 6 emails a week is too much.

There, I feel better now.

Steve Campbell

From davejones70 at gmail.com  Fri Oct  1 16:30:12 2010
From: davejones70 at gmail.com (Dave Jones)
Date: Fri Oct  1 16:30:21 2010
Subject: X-???-MailScanner-SpamCheck: header empty when forwarding with
	rules
In-Reply-To: <AANLkTin9eMAqbAMsnNZ_5h1v0A6cncX=YWY3UbwBC9iK@mail.gmail.com>
References: <AANLkTimHpOjD=YHA9AOVE-fVSXaS1NhGqar0mGaoL7iJ@mail.gmail.com>
	<AANLkTin9eMAqbAMsnNZ_5h1v0A6cncX=YWY3UbwBC9iK@mail.gmail.com>
Message-ID: <AANLkTikA33EMS0u3MR2_b2pC94nFK+Ljhs2y4n2by4_5@mail.gmail.com>

I tried just doing plain "Archive Mail" rule and I am seeing the same
results.  I am getting the blank SpamCheck: header still.  The only subject
modifications that are happening is the {Disarmed} tag so it appears that
these are getting forwarded/archived before the SA check.

Do I have something wrong with my rules file?  I have removed the original
rules below so I only have this single archive rule in place now.

Archive Mail = %rules-dir%/archive.rules
FromOrTo:       mailbox@mydomain.com     maibox@archive.mydomain.com
FromOrTo:       default         no


On Mon, Sep 27, 2010 at 8:45 AM, Dave Jones <davejones70@gmail.com> wrote:

> Update:  The problem seems to occur mainly when I have the forward in the
> nonspam.actions.rules file.  I get all email to the forwarded address
> including High Spam that should be deleted.
>
> MailScanner Version Number = 4.79.11
>
> On Mon, Sep 27, 2010 at 8:35 AM, Dave Jones <davejones70@gmail.com> wrote:
>
>> Detailed Spam Report = yes
>> Include Scores In SpamAssassin Report = yes
>> Always Include SpamAssassin Report = yes
>>
>> I am trying to send nonspam and spam to alternate mailboxes for copying
>> email using rules with the forward action.  When a forward comes from the
>> Spam Actions rule, I get the subject tagged with spam like I expect and I
>> get a full SpamCheck: header like below.  However, when I put an email
>> address in both Spam Actions and Non Spam Actions rule, I appear to get all
>> email forwarded to my copy mailbox without and subject changes and the
>> SpamCheck: is empty.  The original recipient doesn't get the email when it's
>> obviously High Spam based on the subject so the problem seems to only be
>> with the forwarded address.
>>
>> Spam Actions = %rules-dir%/spam.actions.rules
>> High Scoring Spam Actions = delete
>> Non Spam Actions = %rules-dir%/nonspam.actions.rules
>>
>> X-???-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=8.939,
>>  required 6, DCC_CHECK 1.10, HTML_MESSAGE 0.50, INVALID_DATE 1.10,
>> KAM_MX4 2.00, MIME_HTML_MOSTLY 0.43, MIME_QP_LONG_LINE 0.00,
>>  MPART_ALT_DIFF 0.79, SPF_PASS -0.20, T_DOS_OUTLOOK_TO_MX_IMAGE 0.01,
>> URIBL_DBL_SPAM 1.70, URIBL_RHS_DOB 1.51)
>>
>> %rules-dir%/nonspam.actions.rules
>> ==========================
>> FromOrTo:     mailbox@mydomain.com     deliver forward
>> mailbox@archive.mydomain.com
>> FromOrTo:        default        deliver
>>
>> %rules-dir%/spam.actions.rules
>> =======================
>> FromOrTo:     mailbox@mydomain.com     deliver striphtml forward
>> mailbox@archive.mydomain.com
>> FromOrTo:       default         deliver striphtml
>>
>> An interesting point to note is that when I put my archive address in as
>> the default, everything appears to work properly and I receive the
>> SpamCheck: header and the subjects are modified.
>>
>> I realize I could use the Archive feature but I wasn't sure if this
>> feature followed the Actions rules.  I don't want to copy High Scoring Spam.
>>  Does the Archive feature forward all email?
>>
>> Dave
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101001/40c18000/attachment.html
From peter at farrows.org  Fri Oct  1 16:40:17 2010
From: peter at farrows.org (Peter Farrow)
Date: Fri Oct  1 16:40:26 2010
Subject: Charter.net just seems to be A-holes
In-Reply-To: <4CA5FBC5.2040905@cnpapers.com>
References: <4CA5FBC5.2040905@cnpapers.com>
Message-ID: <4CA600E1.2010004@farrows.org>

  On 01/10/2010 16:18, Steve Campbell wrote:
>  It's OT, but I've been fighting this one on and off for a while. Time 
> to vent.
>
> charter.net keeps tempfailing our servers with a 452.4.1.0. All the 
> research and all the efforts to contact them seems to be useless. I've 
> blocked outgoing to charter.net from our most commonly used server to 
> charter, but still get that stupid "exceeded limit" return code.
>
> If any of you all are charter.net customers, do us all a favor and 
> notify someone there that they're blocking valid emails being sent 
> from websites to their own accounts with really stupid rules. The 
> rules they use for resetting limits never reset themselves.
>
> None of their email addresses for reporting this seems to be open, and 
> I'm tired of answering the same question over and over again about why 
> charter thinks 6 emails a week is too much.
>
> There, I feel better now.
>
> Steve Campbell
>
This is how I deal with charter.net:


charter.net                    DISCARD

;-)


-- 
horizontal ruler

Peter Farrow
avatar 	
______________________
Home: 	01249 654183
Fax: 	01249 461 548
Mobile: 	07799605617
Skype: 	peter_farrow
Web: 	www.peterfarrow.com <http://www.peterfarrow.com>

-------------- next part --------------
Skipped content of type multipart/related
From mrebsamen at unimatrix0.ch  Fri Oct  1 17:38:45 2010
From: mrebsamen at unimatrix0.ch (Marco Rebsamen)
Date: Sat Oct  2 09:57:17 2010
Subject: AW: "Notices To" As a ruleset
References: <F70FD6682C026E40970A322E98E76454055F13@tranceiver.hive.loc>
Message-ID: <F70FD6682C026E40970A322E98E76454055F15@tranceiver.hive.loc>

OK It's a bug... I Updated to  the newest version...

 

Von: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Marco
Rebsamen
Gesendet: Mittwoch, 29. September 2010 10:48
An: mailscanner@lists.mailscanner.info
Betreff: "Notices To" As a ruleset

 

Hello Everbody

 

I set the parameter  "Notices to" to %rules-dir%/notice_recipients.rules
. But now I have seen in the logfile that the notice messages are
delivered to this:
/etc/mailscanner/rules/notice_recipients.rules@mx-rel.unimatrix0.ch
which i guess isn't correct obviously....

 

What did happen here ??

 

Thank you

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101001/e3a5e996/attachment.html
From davejones70 at gmail.com  Sat Oct  2 21:45:45 2010
From: davejones70 at gmail.com (Dave Jones)
Date: Sat Oct  2 21:45:54 2010
Subject: X-???-MailScanner-SpamCheck: header empty when forwarding with
	rules
In-Reply-To: <AANLkTikA33EMS0u3MR2_b2pC94nFK+Ljhs2y4n2by4_5@mail.gmail.com>
References: <AANLkTimHpOjD=YHA9AOVE-fVSXaS1NhGqar0mGaoL7iJ@mail.gmail.com>
	<AANLkTin9eMAqbAMsnNZ_5h1v0A6cncX=YWY3UbwBC9iK@mail.gmail.com>
	<AANLkTikA33EMS0u3MR2_b2pC94nFK+Ljhs2y4n2by4_5@mail.gmail.com>
Message-ID: <AANLkTinT0mGoybYJKENHjZtBX32ECSeavOJz-y3xdOTc@mail.gmail.com>

Something is strange with this.  I have tested 2 other MailScanner instances
and they work perfectly.   I guess this MailScanner.conf has something that
is causing the empty SpamCheck: header.  I have done a diff on the configs
and nothing major jumps out as being different.  I will try to debug this
further but it's an odd one.

On Fri, Oct 1, 2010 at 10:30 AM, Dave Jones <davejones70@gmail.com> wrote:

> I tried just doing plain "Archive Mail" rule and I am seeing the same
> results.  I am getting the blank SpamCheck: header still.  The only subject
> modifications that are happening is the {Disarmed} tag so it appears that
> these are getting forwarded/archived before the SA check.
>
> Do I have something wrong with my rules file?  I have removed the original
> rules below so I only have this single archive rule in place now.
>
> Archive Mail = %rules-dir%/archive.rules
> FromOrTo:       mailbox@mydomain.com     maibox@archive.mydomain.com
> FromOrTo:       default         no
>
>
> On Mon, Sep 27, 2010 at 8:45 AM, Dave Jones <davejones70@gmail.com> wrote:
>
>> Update:  The problem seems to occur mainly when I have the forward in the
>> nonspam.actions.rules file.  I get all email to the forwarded address
>> including High Spam that should be deleted.
>>
>> MailScanner Version Number = 4.79.11
>>
>> On Mon, Sep 27, 2010 at 8:35 AM, Dave Jones <davejones70@gmail.com>wrote:
>>
>>> Detailed Spam Report = yes
>>> Include Scores In SpamAssassin Report = yes
>>> Always Include SpamAssassin Report = yes
>>>
>>> I am trying to send nonspam and spam to alternate mailboxes for copying
>>> email using rules with the forward action.  When a forward comes from the
>>> Spam Actions rule, I get the subject tagged with spam like I expect and I
>>> get a full SpamCheck: header like below.  However, when I put an email
>>> address in both Spam Actions and Non Spam Actions rule, I appear to get all
>>> email forwarded to my copy mailbox without and subject changes and the
>>> SpamCheck: is empty.  The original recipient doesn't get the email when it's
>>> obviously High Spam based on the subject so the problem seems to only be
>>> with the forwarded address.
>>>
>>> Spam Actions = %rules-dir%/spam.actions.rules
>>> High Scoring Spam Actions = delete
>>> Non Spam Actions = %rules-dir%/nonspam.actions.rules
>>>
>>> X-???-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=8.939,
>>>  required 6, DCC_CHECK 1.10, HTML_MESSAGE 0.50, INVALID_DATE 1.10,
>>> KAM_MX4 2.00, MIME_HTML_MOSTLY 0.43, MIME_QP_LONG_LINE 0.00,
>>>  MPART_ALT_DIFF 0.79, SPF_PASS -0.20, T_DOS_OUTLOOK_TO_MX_IMAGE 0.01,
>>> URIBL_DBL_SPAM 1.70, URIBL_RHS_DOB 1.51)
>>>
>>> %rules-dir%/nonspam.actions.rules
>>> ==========================
>>> FromOrTo:     mailbox@mydomain.com     deliver forward
>>> mailbox@archive.mydomain.com
>>> FromOrTo:        default        deliver
>>>
>>> %rules-dir%/spam.actions.rules
>>> =======================
>>> FromOrTo:     mailbox@mydomain.com     deliver striphtml forward
>>> mailbox@archive.mydomain.com
>>> FromOrTo:       default         deliver striphtml
>>>
>>> An interesting point to note is that when I put my archive address in as
>>> the default, everything appears to work properly and I receive the
>>> SpamCheck: header and the subjects are modified.
>>>
>>> I realize I could use the Archive feature but I wasn't sure if this
>>> feature followed the Actions rules.  I don't want to copy High Scoring Spam.
>>>  Does the Archive feature forward all email?
>>>
>>> Dave
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101002/68633a3e/attachment.html
From noel.butler at ausics.net  Sun Oct  3 02:13:08 2010
From: noel.butler at ausics.net (Noel Butler)
Date: Sun Oct  3 02:13:52 2010
Subject: [Fwd: [mailop] Change at dnswl.org]
Message-ID: <1286068388.8150.1.camel@tardis>

For those who have not seen...

-------- Forwarded Message --------
From: Matthias Leisi
Subject: [mailop] Change at dnswl.org
Date: Sat, 2 Oct 2010 20:48:45 +0200


Hello all,

dnswl.org has been running as a pure volunteer project since 2006.
However, given the changing anti-spam industry and the challenges
ahead, we decided that we need some sound financial basis. In a number
of steps, we will introduce a subscription model for "heavy" users and
vendors of anti-spam solutions using our data.

The vast majority of our 50'000 users will not be affected by this
change, since they neither need rsync access nor are they "heavy"
users (which we define as above 100'000 queries / 24 hours on our
public nameserver mirrors). Those who contribute to the project (eg
with resources, data, time, know how) will get a free subscription,
and we plan to introduce a reduced rate for educational and
not-for-profit organisations.

The current implementation schedule is in this blog posting:
http://www.dnswl.org/news/archives/18-Changes-at-dnswl.org.html
(http://goo.gl/info/T0j3)

Any inputs are of course appreciated - and you are very welcome to
contribute to the project :)

-- Matthias

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101003/91363152/attachment.html
From jan-peter at koopmann.eu  Mon Oct  4 11:43:59 2010
From: jan-peter at koopmann.eu (Koopmann, Jan-Peter)
Date: Mon Oct  4 11:44:39 2010
Subject: Still Deliver Silent Viruses
References: <C8CF7C8F.1ED30%jan-peter.koopmann@seceidos.de>
Message-ID: <EMEW3|458fb9d3d544d09a3150c5c5b574657fm93CiR12Jan-Peter.Koopmann|seceidos.de|C8CF7C8F.1ED30%jan-peter.koopmann@seceidos.de>

Hi Julian,

as discussed here

http://lists.mailscanner.info/pipermail/mailscanner/2010-April/095450.html
http://lists.mailscanner.info/pipermail/mailscanner/2010-March/095233.h<http://lists.mailscanner.info/pipermail/mailscanner/2010-March/095233.html>

there seems to be a problem bug with Still Deliver Silent Viruses. If this is set to yes some attachments are delivered even if they contain viruses. This caused some trouble here as you can imagine. :-)

I can say for sure that ZIPs containing viruses are delivered (without the attachment being replaced by a warning) if the virus is classified silent (e.g. All-Viruses) and silent deliver is set to yes. I would consider this a bug. Is there any plan to change this?

Regards,
  JP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101004/8dc0a142/attachment.html
From peter at farrows.org  Mon Oct  4 16:29:52 2010
From: peter at farrows.org (Peter Farrow)
Date: Mon Oct  4 16:30:02 2010
Subject: scamp error
Message-ID: <4CA9F2F0.3000702@farrows.org>

  Hi There,

as part of my mailscanner installation, I run the scamp shell utility to 
add extra databases to clamav.

All my mailscanners work fine with this, except one, which repeatedly 
gets this error:

	********** WARNING **********
	Unable to install: securiteinfosh.hdb
	Clamscan exited with error code 2
	Try downloading and installing the file again.

The file is good (same as the others), clamav is all uptodate the permissions are correct, but it just keeps bailing out on this one file

Has anyone else seen this problem?

Pete



From peter.ong at hypermediasystems.com  Mon Oct  4 18:03:38 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Mon Oct  4 18:03:49 2010
Subject: Getting Past SpamAssassin
In-Reply-To: <352950744.40413.1286211720544.JavaMail.root@mail021.dti>
Message-ID: <2083495480.40415.1286211818683.JavaMail.root@mail021.dti>

Dear MailScanner Gods,

MailScanner: 4.79.11
spamassassin-3.2.5-1.el5


Please hear my prayers. Here's the weirdest thing...

Under what circumstance could an email come through without passing through SpamAssassin? My configuration is as close to vanilla as possible. There have been no esoteric changes.

A piece of spam came through this morning. It does not appear to have been scanned by SpamAssassin. Just to test, I scanned it as root. It scored a whopping 25.5 points. Then, I thought, maybe MailScanner runs spamassassin as postfix. So I scanned the same email as postfix, and spamassassin gave it a 32 points. Either way this should've been obliterated, but it shows:

X-Spam-Status: No
X-DTi-MailScanner-From: myemail@myserver.com
X-DTi-MailScanner: Found to be clean
X-DTi-MailScanner-ID: 7BB9B1908B1.AB3F2
X-DTi-MailScanner-Information: Please contact the ISP for more information
X-Greylist: delayed 303 seconds by postgrey-1.32 at mygateway.tld; Mon, 04 Oct 2010 06:22:01 UTC
Received: from 240.34.177.94.netvisiontelecom.ro (unknown [94.177.34.240])
	by myserver.com (Postfix) with ESMTP id 7BB9B1908B1
	for <myemail@myserver.com>; Mon,  4 Oct 2010 06:22:01 +0000 (UTC)

At first, I thought this was the reason:
Max SpamAssassin Size = 200k

But the message was only 4K. Therefore, it is something else.

Running spamassassin as postfix, I got these:
[26774] warn: config: cannot write to /var/spool/postfix/.spamassassin/user_prefs: No such file or directory
[26774] warn: config: failed to create default user preference file /var/spool/postfix/.spamassassin/user_prefs

Could these have something to do with my problem? Under what circumstance could an email come through without passing through SpamAssassin?

Thanks.

p
From steve.freegard at fsl.com  Mon Oct  4 19:18:20 2010
From: steve.freegard at fsl.com (Steve Freegard)
Date: Mon Oct  4 19:18:32 2010
Subject: Getting Past SpamAssassin
In-Reply-To: <2083495480.40415.1286211818683.JavaMail.root@mail021.dti>
References: <352950744.40413.1286211720544.JavaMail.root@mail021.dti>
	<2083495480.40415.1286211818683.JavaMail.root@mail021.dti>
Message-ID: <4CAA1A6C.1060701@fsl.com>

On 04/10/10 18:03, Peter Ong wrote:
>
> Under what circumstance could an email come through without passing through SpamAssassin? My configuration is as close to vanilla as possible. There have been no esoteric changes.
>

Check the following MailScanner.conf settings and make sure they are 
*blank*:

SpamAssassin User State Dir
SpamAssassin Local Rules Dir
SpamAssassin Local State Dir
SpamAssassin Default Rules Dir

Otherwise you'll find SA will not find it's rules properly and will run 
considerably degraded.

Cheers,
Steve.
From maxsec at gmail.com  Mon Oct  4 19:41:39 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Mon Oct  4 19:42:06 2010
Subject: Getting Past SpamAssassin
In-Reply-To: <2083495480.40415.1286211818683.JavaMail.root@mail021.dti>
References: <352950744.40413.1286211720544.JavaMail.root@mail021.dti>
	<2083495480.40415.1286211818683.JavaMail.root@mail021.dti>
Message-ID: <AANLkTiku0UaT2JnXuWzM6bBAamoH-DkX2eUGVAxbdoBt@mail.gmail.com>

HI

try putting in the additional headers for spamassassin in the mails, then
you'll know what spamassassin actually said about the email as as far as
MailScanner was concerned. Make the following changes to the settings in
MailScanner.conf:

Spam Score Number Format = %5.2f

Detailed Spam Report = yes

Include Scores In SpamAssassin Report = yes

Always Include SpamAssassin Report = yes

Spam Score Number Format = %5.2f



Also the "X-Spam-Status:No" headers isn't anything do with MailScanner
unless you're trusting this header which is perhaps a bad thing.


-- 
Martin Hepworth
Oxford, UK


On 4 October 2010 18:03, Peter Ong <peter.ong@hypermediasystems.com> wrote:

> Dear MailScanner Gods,
>
> MailScanner: 4.79.11
> spamassassin-3.2.5-1.el5
>
>
> Please hear my prayers. Here's the weirdest thing...
>
> Under what circumstance could an email come through without passing through
> SpamAssassin? My configuration is as close to vanilla as possible. There
> have been no esoteric changes.
>
> A piece of spam came through this morning. It does not appear to have been
> scanned by SpamAssassin. Just to test, I scanned it as root. It scored a
> whopping 25.5 points. Then, I thought, maybe MailScanner runs spamassassin
> as postfix. So I scanned the same email as postfix, and spamassassin gave it
> a 32 points. Either way this should've been obliterated, but it shows:
>
> X-Spam-Status: No
> X-DTi-MailScanner-From: myemail@myserver.com
> X-DTi-MailScanner: Found to be clean
> X-DTi-MailScanner-ID: 7BB9B1908B1.AB3F2
> X-DTi-MailScanner-Information: Please contact the ISP for more information
> X-Greylist: delayed 303 seconds by postgrey-1.32 at mygateway.tld; Mon, 04
> Oct 2010 06:22:01 UTC
> Received: from 240.34.177.94.netvisiontelecom.ro (unknown [94.177.34.240])
>        by myserver.com (Postfix) with ESMTP id 7BB9B1908B1
>        for <myemail@myserver.com>; Mon,  4 Oct 2010 06:22:01 +0000 (UTC)
>
> At first, I thought this was the reason:
> Max SpamAssassin Size = 200k
>
> But the message was only 4K. Therefore, it is something else.
>
> Running spamassassin as postfix, I got these:
> [26774] warn: config: cannot write to
> /var/spool/postfix/.spamassassin/user_prefs: No such file or directory
> [26774] warn: config: failed to create default user preference file
> /var/spool/postfix/.spamassassin/user_prefs
>
> Could these have something to do with my problem? Under what circumstance
> could an email come through without passing through SpamAssassin?
>
> Thanks.
>
> p
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101004/f82cfb3b/attachment.html
From peter.ong at hypermediasystems.com  Mon Oct  4 19:46:02 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Mon Oct  4 19:46:12 2010
Subject: Getting Past SpamAssassin
In-Reply-To: <4CAA1A6C.1060701@fsl.com>
Message-ID: <553330351.40520.1286217962048.JavaMail.root@mail021.dti>

> Check the following MailScanner.conf settings and make sure they are 
> *blank*:

Here's my config:
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin Local Rules Dir =
SpamAssassin Local State Dir = # /var/lib/spamassassin
SpamAssassin Default Rules Dir =

So let me confirm, you want me to make these settings blank?

p

----- Original Message -----

> From: "Steve Freegard" <steve.freegard@fsl.com>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Monday, October 4, 2010 11:18:20 AM
> Subject: Re: Getting Past SpamAssassin
> 
> On 04/10/10 18:03, Peter Ong wrote:
> >
> > Under what circumstance could an email come through without passing
> through SpamAssassin? My configuration is as close to vanilla as
> possible. There have been no esoteric changes.
> >
> 
> Check the following MailScanner.conf settings and make sure they are 
> *blank*:
> 
> SpamAssassin User State Dir
> SpamAssassin Local Rules Dir
> SpamAssassin Local State Dir
> SpamAssassin Default Rules Dir
> 
> Otherwise you'll find SA will not find it's rules properly and will
> run 
> considerably degraded.
> 
> Cheers,
> Steve.
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From peter.ong at hypermediasystems.com  Mon Oct  4 19:49:35 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Mon Oct  4 19:49:45 2010
Subject: Getting Past SpamAssassin
In-Reply-To: <AANLkTiku0UaT2JnXuWzM6bBAamoH-DkX2eUGVAxbdoBt@mail.gmail.com>
Message-ID: <516882619.40522.1286218175691.JavaMail.root@mail021.dti>

Martin,

Brilliant! I was just going to do that.

p


----- Original Message -----

> From: "Martin Hepworth" <maxsec@gmail.com>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Monday, October 4, 2010 11:41:39 AM
> Subject: Re: Getting Past SpamAssassin
> 
> HI
> 
> 
> try putting in the additional headers for spamassassin in the mails,
> then you'll know what spamassassin actually said about the email as as
> far as MailScanner was concerned. Make the following changes to the
> settings in MailScanner.conf:
> 
> 
> 
> 
> Spam Score Number Format = %5.2f
> 
> Detailed Spam Report = yes
> 
> Include Scores In SpamAssassin Report = yes
> 
> Always Include SpamAssassin Report = yes
> 
> Spam Score Number Format = %5.2f
> 
> 
> 
> 
> 
> 
> 
> Also the "X-Spam-Status:No" headers isn't anything do with MailScanner
> unless you're trusting this header which is perhaps a bad thing.
> 
> 
> --
> Martin Hepworth
> Oxford, UK
> 
> 
> 
> On 4 October 2010 18:03, Peter Ong < peter.ong@hypermediasystems.com >
> wrote:
> 
> 
> Dear MailScanner Gods,
> 
> MailScanner: 4.79.11
> spamassassin-3.2.5-1.el5
> 
> 
> Please hear my prayers. Here's the weirdest thing...
> 
> Under what circumstance could an email come through without passing
> through SpamAssassin? My configuration is as close to vanilla as
> possible. There have been no esoteric changes.
> 
> A piece of spam came through this morning. It does not appear to have
> been scanned by SpamAssassin. Just to test, I scanned it as root. It
> scored a whopping 25.5 points. Then, I thought, maybe MailScanner runs
> spamassassin as postfix. So I scanned the same email as postfix, and
> spamassassin gave it a 32 points. Either way this should've been
> obliterated, but it shows:
> 
> X-Spam-Status: No
> X-DTi-MailScanner-From: myemail@myserver.com
> X-DTi-MailScanner: Found to be clean
> X-DTi-MailScanner-ID: 7BB9B1908B1.AB3F2
> X-DTi-MailScanner-Information: Please contact the ISP for more
> information
> X-Greylist: delayed 303 seconds by postgrey-1.32 at mygateway.tld;
> Mon, 04 Oct 2010 06:22:01 UTC
> Received: from 240.34.177.94.netvisiontelecom.ro (unknown
> [94.177.34.240])
> by myserver.com (Postfix) with ESMTP id 7BB9B1908B1
> for < myemail@myserver.com >; Mon, 4 Oct 2010 06:22:01 +0000 (UTC)
> 
> At first, I thought this was the reason:
> Max SpamAssassin Size = 200k
> 
> But the message was only 4K. Therefore, it is something else.
> 
> Running spamassassin as postfix, I got these:
> [26774] warn: config: cannot write to
> /var/spool/postfix/.spamassassin/user_prefs: No such file or directory
> [26774] warn: config: failed to create default user preference file
> /var/spool/postfix/.spamassassin/user_prefs
> 
> Could these have something to do with my problem? Under what
> circumstance could an email come through without passing through
> SpamAssassin?
> 
> Thanks.
> 
> p
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
> 
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From jvoorhees1 at gmail.com  Mon Oct  4 23:07:08 2010
From: jvoorhees1 at gmail.com (Jason Voorhees)
Date: Mon Oct  4 23:07:16 2010
Subject: Old MS versions
Message-ID: <AANLkTintjzeRGZ88d6pUkifZUfKzDW7U+bC_D1KTRVQh@mail.gmail.com>

Hi all:

Does anybody know where can I get older MailScanner versions?

Thanks
From bonivart at opencsw.org  Tue Oct  5 08:08:16 2010
From: bonivart at opencsw.org (Peter Bonivart)
Date: Tue Oct  5 08:08:44 2010
Subject: Old MS versions
In-Reply-To: <AANLkTintjzeRGZ88d6pUkifZUfKzDW7U+bC_D1KTRVQh@mail.gmail.com>
References: <AANLkTintjzeRGZ88d6pUkifZUfKzDW7U+bC_D1KTRVQh@mail.gmail.com>
Message-ID: <AANLkTi=5uEEJyKx2gErvGfZEN4i4JHihG=bNw2xPgL9J@mail.gmail.com>

On Tue, Oct 5, 2010 at 12:07 AM, Jason Voorhees <jvoorhees1@gmail.com> wrote:
> Hi all:
>
> Does anybody know where can I get older MailScanner versions?

You used to be able to browse http://mailscanner.info/files/4/ but not
any more. Maybe Julian can fix that?

-- 
/peter
From maxsec at gmail.com  Tue Oct  5 08:17:55 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Tue Oct  5 08:18:04 2010
Subject: Old MS versions
In-Reply-To: <AANLkTintjzeRGZ88d6pUkifZUfKzDW7U+bC_D1KTRVQh@mail.gmail.com>
References: <AANLkTintjzeRGZ88d6pUkifZUfKzDW7U+bC_D1KTRVQh@mail.gmail.com>
Message-ID: <AANLkTinWTUJXi9RX+PDLnaM9i2Aiehb+mdprbRumMmQ9@mail.gmail.com>

Why would you want an older version, 1st thing with any question people ask
here is that you are requested to upgrade to latest version and try that.

I guess if you're trying to replicate an environment that's already running
then that's maybe a reason. but I'd take the opportunity to upgrade anyway.

-- 
Martin Hepworth
Oxford, UK


On 4 October 2010 23:07, Jason Voorhees <jvoorhees1@gmail.com> wrote:

> Hi all:
>
> Does anybody know where can I get older MailScanner versions?
>
> Thanks
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101005/76935c23/attachment.html
From glenn.steen at gmail.com  Tue Oct  5 10:20:35 2010
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Oct  5 10:20:45 2010
Subject: Deny Filetypes
In-Reply-To: <F150A6E1D50DA040AE8198A377D7F0AC12945A8A0F@exchange2007>
References: <F150A6E1D50DA040AE8198A377D7F0AC12945A8A0F@exchange2007>
Message-ID: <AANLkTi=GBd5=ZuTUYuCOb4c+VNa_L5rRBBJhFx07U08V@mail.gmail.com>

On 24 September 2010 16:11, Joshua F. Withrow <jwithrow@matech.net> wrote:
>
> Question?
>
>
>
> How would I go about either stripping <script> tags out of HTML attachments, or blocking HTML attachments outright?? I gave a short look for how to strip <script> tags from HTML attachments and didn?t find anything (which doesn?t mean it?s not out there), and when that proved unfruitful for me I decided to try to block HTML attachments altogether.
>
>
>
> I modified these settings in MailScanner.conf:
>
>
>
> Deny Filetypes = html
>
> Deny File MIME Types = text/html
>
>
These are wrong, please read the comment immediatly above the settings
you changed, to see valid settings.
There are examples aplenty, in this lists archives, the wiki etc (why
not get the Book?)... Please do some reading on the subject... At
least look through the entire MailScanner.conf, to get a feel for what
you can do, and how to do it.

>
> Upon doing so, my incoming queues (per MailWatch) began retaining mail.? Some would process and pass thru the outbound queue, but most was retained until I changed the settings back to being blank.
>
Expected outcome;).

>
> Any input is much appreciated J? Thanks!
>

Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Tue Oct  5 10:44:50 2010
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Oct  5 10:45:01 2010
Subject: OT postfix multiple instances and recipient verification
In-Reply-To: <BEB224656722D0419B9B2E0CD61E20C70D46E77E@BHLexchange.bhl.local>
References: <BEB224656722D0419B9B2E0CD61E20C70D46E77E@BHLexchange.bhl.local>
Message-ID: <AANLkTinHi8TwyrkSmFnovV0C7szROWqYf5D0_ncthjiD@mail.gmail.com>

On 28 September 2010 10:13, Jason Ede <J.Ede@birchenallhowden.co.uk> wrote:
> I?m thinking of using multiple postfix instances to split up emails with
> multiple recipients (to make sure blacklisting and whitelisting works
> properly) and maybe to sign some outbound emails using domain keys?
>
>
>
> From what I?ve read on the postfix documentation I?ll have an inbound
> postfix instance that just passes all email on internally via a port I
> specify to the next instance where MS does its work and then sends it on to
> the destination server. All of this seems relatively straightforward so far.
>
>
>
> However, I use recipient verification to make sure we only accept emails
> that can be delivered. As the inbound postfix will not have any direct SMTP
> out then will this still work as it won?t be able to check where the emails
> are going to as it just passes all emails on to another port? I could put a
> transports file in place, but surely that would contradict a relayhosts
> setting in main.cf?
>
Eric is correct... The first instance has to know how the second
instance will route things, but without actually using that route
information... So that too is pretty straightforward:-).
>
>
> Also have others used multiple instances like this before with MS and what
> is the performance hit in having multiple instances? Are there any gotchas
> that I need to be aware of?
>
>
Well... The use of a second instance was the norm in the old days:-).
What you get there is a "static overhead" sort of, plus a per-message
overhead, but ... those are minor compared to the overhead incurred by
actually splitting mails/recipient (as long as the memory use doesn't
mak you start swaping, at least... No Alex, this is not the time to
reiterate the old "MS = swapping" joke...:).
I don't have any comparative statistics for you, but ... if you use
MailWatch, you should be able to deduce the impact on your gateways
and mailstore(s) by some smart use of SQL;-). The impact for a
single-store mailstore (like Exchange) can be huge, since the split
messages will be _new_ messages with new Message-IDs.
But as said, you can probably get a good picture of what impact it has
via log analysis.

I haven't had the time to ... freshen ... this up, and unfortunately
will probably not have any time to spend on it, in the near future at
least. Would be great if you could spruce up the wiki page a bit, when
you're done;-).

>
> Jason
>

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Tue Oct  5 11:09:21 2010
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Oct  5 11:09:55 2010
Subject: Old MS versions
In-Reply-To: <AANLkTintjzeRGZ88d6pUkifZUfKzDW7U+bC_D1KTRVQh@mail.gmail.com>
References: <AANLkTintjzeRGZ88d6pUkifZUfKzDW7U+bC_D1KTRVQh@mail.gmail.com>
Message-ID: <AANLkTik0y+p2zjH-PMVm+Rg8MDu2xo63cr7XepgC_FCR@mail.gmail.com>

On 5 October 2010 00:07, Jason Voorhees <jvoorhees1@gmail.com> wrote:
> Hi all:
>
> Does anybody know where can I get older MailScanner versions?
>
> Thanks
<Semi-Joke> Use debian, pretty much any flavour (like Unbuntu) </Semi-Joke>

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Tue Oct  5 11:21:49 2010
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Oct  5 11:22:00 2010
Subject: Old MS versions
In-Reply-To: <AANLkTik0y+p2zjH-PMVm+Rg8MDu2xo63cr7XepgC_FCR@mail.gmail.com>
References: <AANLkTintjzeRGZ88d6pUkifZUfKzDW7U+bC_D1KTRVQh@mail.gmail.com>
	<AANLkTik0y+p2zjH-PMVm+Rg8MDu2xo63cr7XepgC_FCR@mail.gmail.com>
Message-ID: <AANLkTinbVJrJ0USjLrdkdU-k9S9KU1iCmggenxXrF92x@mail.gmail.com>

On 5 October 2010 12:09, Glenn Steen <glenn.steen@gmail.com> wrote:
> On 5 October 2010 00:07, Jason Voorhees <jvoorhees1@gmail.com> wrote:
>> Hi all:
>>
>> Does anybody know where can I get older MailScanner versions?
>>
>> Thanks
> <Semi-Joke> Use debian, pretty much any flavour (like Unbuntu) </Semi-Joke>

A bit more serious... All the releases are in place at the download
area on www.mailscanner.info, as implied by Martin, so all you need do
is look at the release you want (rpm, tar ...) and (deduced from the
changelog...) ... do some guessing...:-).
For example: http://www.mailscanner.info/files/4/tar/MailScanner-install-4.32.1-1.tar.gz
will get you version 4.32.1 in tar format (the "other Unix" thing).

As others mentioned... Don't try to USE anything antiquated... Not
even on an antiquated system... It'll bite you bad.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Tue Oct  5 12:21:22 2010
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Oct  5 12:21:40 2010
Subject: Spam-Virus scoring not working any more for me
In-Reply-To: <4C9B6379.6060306@msapiro.net>
References: <649160.62943.qm@web33302.mail.mud.yahoo.com>
	<4C9B6379.6060306@msapiro.net>
Message-ID: <AANLkTinJJBjKEFftwLue6OSg2awHK3s+0y2fkdJD-SbF@mail.gmail.com>

On 23 September 2010 16:26, Mark Sapiro <mark@msapiro.net> wrote:
> On Sept 22 at 7:00 PM, Michael Mansour wrote:
>>
>> --- On Thu, 23/9/10, Mark Sapiro <mark@msapiro.net> wrote:
>>
>> I haven't changed the %org-name% no.
>>
>> I do have a different setting for this though:
>
>
> This is not relevant in your case. it only matters if you have the
> default or similar setting for Spam-Virus Header which includes %org-name%.
>
>
>> Another question, I use MailWatch, should the X-MailScanner-blah headers be present when viewing the message headers in MailWatch?
>>
>> I don't see them in MailWatch, but when I release the message from MailWatch to my Inbox and view full headers, I see the MailScanner lines no problems.
>
>
> I have never used MailWatch. I can't answer that.
>
No, the MailScanner headers should not be visible there. Those headers
are "pre-insertion" of the MS headers, and should be pretty much
untouched.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Tue Oct  5 12:32:34 2010
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Oct  5 12:32:44 2010
Subject: spam.blacklist.rules
In-Reply-To: <op.vju6scnd8p6pfh@portatil>
References: <op.vju6scnd8p6pfh@portatil>
Message-ID: <AANLkTi=9qOEWFY_ZOq54knSTE__KyuNuekvwzYLXsAF7@mail.gmail.com>

On 30 September 2010 23:18, Ludgero Parreira <bttterceira@net.sapo.pt> wrote:
> Hello,
>
> I have this file: /etc/MailScanner/rules/spam.blacklist.rules with all the
> email address's I considered spam. This was working with no problems, but
> the last 2 or 3 days it stop, and I started to receive spam from this
> address's.
> I haven't changed anything lately and double checked my config files, and
> it's all setup as it should.
> Any idea what could have happend, or anyway I can check a log for errors ?
>
> Thanks in Advance.
> Ludgero Parreira

Well, things never break for no reason... Perhaps "no APPARENT
reason", but never "out of the blue":-)

1. The list you refer to operate on the SMTP envelope addresses, not
on whatever happen to be in the To:/From:/CC: headers. Are you sure
(from log analysis) that they really don't work?

2. There may be a typo in the rule file. Have you run "MailScanner
--lint" or similar, to ascertain that no such typo is tripping you up?

3. There is a limit on how large such rulesets can practicably be...
How many entries do you have in there? ISTR 4000 rules/ruleset being a
limit one should stay under.

4. If nothing of that helps, provide exact examples for us to help
analyse. Mail log entries, headers etc.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Tue Oct  5 13:24:20 2010
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Oct  5 13:24:44 2010
Subject: Clamav + Mailscanner: Denial of Service Attack in message
In-Reply-To: <4CA5B649.3010603@astrium.eads.net>
References: <4CA5B649.3010603@astrium.eads.net>
Message-ID: <AANLkTimxvxXpXY-tjk9=mjdHA1rbbVPkr0yJ_A8Nd1QF@mail.gmail.com>

On 1 October 2010 12:22, Rainer Blaes <Rainer.Blaes@astrium.eads.net> wrote:
> Dear all,
> we are sending during the night some text based notifications to hundreds of
> users.
> When we ?enable virus scanning by Clamav 0.96 there are a lot of messages in
> the log
> saying
> Virus Scanning: Denial of Service attack in message
> From the list we learnt that this could be (is) a server's ?resource problem
> ie
> setting Virus Scanner Timeout to 600 and/or using clamdscan instead of
> clamscan
> in the wrapper script should solve our problem. This we will check in the
> night.

No, the recommendation these days (and for a while now) is to use the
clamd virus scanner, not clamscan or some unsupported clamdscan
"fix"... nor is ClamAVModule prefered. In stall/configure clamd as
detailed in the wiki page
http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:clamav:switch_to_rpm_clamd
.... if, like me, you use a source package install of ClamAV (I use
Jules repackaging), one has to adapt the wikipage info a bit, but most
should be easily deducable:-).

> Only to understand:
> Why does Mailscanner has this DOS Attack Protection for OUTGOING mails
> what's the reason for, for INCOMING mails it is obvious respectively is
> there a
> config parameter to stop scanning OUTGOING mails?

MailScanner has no notion of "incoming" or "outgoing" mail, unless you
explicitly teach it the difference. You can do that by way of some
well-placed rulesets... as an example: I "whitelist" my internal
MTAs/mailstores IP address wrt spam, but I still do virus scanning.
This way I can be fairly sure I don't send viruses, but I have no clue
as to whether my users spam the world (well, actually I do, but not
from that:-).

> Thanks for any hint!
>
> Rainer
>
Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From J.Ede at birchenallhowden.co.uk  Tue Oct  5 14:11:30 2010
From: J.Ede at birchenallhowden.co.uk (Jason Ede)
Date: Tue Oct  5 14:11:50 2010
Subject: OT postfix multiple instances and recipient verification
In-Reply-To: <AANLkTinHi8TwyrkSmFnovV0C7szROWqYf5D0_ncthjiD@mail.gmail.com>
References: <BEB224656722D0419B9B2E0CD61E20C70D46E77E@BHLexchange.bhl.local>
	<AANLkTinHi8TwyrkSmFnovV0C7szROWqYf5D0_ncthjiD@mail.gmail.com>
Message-ID: <BEB224656722D0419B9B2E0CD61E20C71BE4BE50@BHLexchange.bhl.local>

> 
> On 28 September 2010 10:13, Jason Ede <J.Ede@birchenallhowden.co.uk>
> wrote:
> > I'm thinking of using multiple postfix instances to split up emails
> > with multiple recipients (to make sure blacklisting and whitelisting
> > works
> > properly) and maybe to sign some outbound emails using domain keys...
> >
> >
> >
> > From what I've read on the postfix documentation I'll have an inbound
> > postfix instance that just passes all email on internally via a port I
> > specify to the next instance where MS does its work and then sends it
> > on to the destination server. All of this seems relatively straightforward so
> far.
> >
> >
> >
> > However, I use recipient verification to make sure we only accept
> > emails that can be delivered. As the inbound postfix will not have any
> > direct SMTP out then will this still work as it won't be able to check
> > where the emails are going to as it just passes all emails on to
> > another port? I could put a transports file in place, but surely that
> > would contradict a relayhosts setting in main.cf?
> >
> Eric is correct... The first instance has to know how the second instance will
> route things, but without actually using that route information... So that too
> is pretty straightforward:-).
> >
> >
> > Also have others used multiple instances like this before with MS and
> > what is the performance hit in having multiple instances? Are there
> > any gotchas that I need to be aware of?
> >
> >
> Well... The use of a second instance was the norm in the old days:-).

When I started using MS, which was quite a few years back then we did have 2 instances and it was noticeable the resources freed up when moving back to a single instance, but I can't remember the figures now.

> What you get there is a "static overhead" sort of, plus a per-message
> overhead, but ... those are minor compared to the overhead incurred by
> actually splitting mails/recipient (as long as the memory use doesn't mak you
> start swaping, at least... No Alex, this is not the time to reiterate the old "MS
> = swapping" joke...:).

I'd prefer to leave the emails batched as they are, but then it won't correctly respect black/whitelisting if it is done on addresses. It'd be nice if MS could check against each address, but that could easily involve MS needing to split the mail into multiple copies depending on the rules applied. (i.e. someone whitelists an address to them, but someone else doesn't want address whitelisted and an email is over the spam score)

> I don't have any comparative statistics for you, but ... if you use MailWatch,
> you should be able to deduce the impact on your gateways and mailstore(s)
> by some smart use of SQL;-). The impact for a single-store mailstore (like
> Exchange) can be huge, since the split messages will be _new_ messages
> with new Message-IDs.
> But as said, you can probably get a good picture of what impact it has via log
> analysis.

That used to be the case, but Exchange 2010 has ditched Single Instance Storage anyway so it will become less of an issue esp as the limit per Exchange store is now (I think) 2TB and can have upto 5 stores for a standard exchange licence. MS's argument is that now storage is cheap so don't need the space saving measures of before.

 
> I haven't had the time to ... freshen ... this up, and unfortunately will
> probably not have any time to spend on it, in the near future at least. Would
> be great if you could spruce up the wiki page a bit, when you're done;-).
> 

I'll have a go at that once we've got it all working. It looks like the new postmulti command in postfix (ver 2.6 and later, which is nice cos the new RH6/CentOS 6 when it comes out has postfix 2.6.5 included) just provides a neater way of doing the configuration that was done in the wiki. I also like the idea of having the capability to sign the outbound emails with domain keys or the like and that obviously needs to be done post MS.

Jason

> >
> > Jason
> >
> 
> Cheers
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From davejones70 at gmail.com  Tue Oct  5 15:32:46 2010
From: davejones70 at gmail.com (Dave Jones)
Date: Tue Oct  5 15:32:56 2010
Subject: X-???-MailScanner-SpamCheck: header empty when forwarding with
	rules
In-Reply-To: <AANLkTinT0mGoybYJKENHjZtBX32ECSeavOJz-y3xdOTc@mail.gmail.com>
References: <AANLkTimHpOjD=YHA9AOVE-fVSXaS1NhGqar0mGaoL7iJ@mail.gmail.com>
	<AANLkTin9eMAqbAMsnNZ_5h1v0A6cncX=YWY3UbwBC9iK@mail.gmail.com>
	<AANLkTikA33EMS0u3MR2_b2pC94nFK+Ljhs2y4n2by4_5@mail.gmail.com>
	<AANLkTinT0mGoybYJKENHjZtBX32ECSeavOJz-y3xdOTc@mail.gmail.com>
Message-ID: <AANLkTimnvvn+kTwkehTmmJgzT-E0zCpJiqGOo7yfNwJ-@mail.gmail.com>

I found the problem with my setup.  This is an inherited MailScanner
instance and the "Spam Check" rule was pointing to a file that didn't end
with .rules like I expected so my grep of *.rules was not finding a hit on
these domains that have a second level of filtering downstream.

I have changed the rule to have a standard .rules extension now.

Dave

On Sat, Oct 2, 2010 at 3:45 PM, Dave Jones <davejones70@gmail.com> wrote:

> Something is strange with this.  I have tested 2 other MailScanner
> instances and they work perfectly.   I guess this MailScanner.conf has
> something that is causing the empty SpamCheck: header.  I have done a diff
> on the configs and nothing major jumps out as being different.  I will try
> to debug this further but it's an odd one.
>
>
> On Fri, Oct 1, 2010 at 10:30 AM, Dave Jones <davejones70@gmail.com> wrote:
>
>> I tried just doing plain "Archive Mail" rule and I am seeing the same
>> results.  I am getting the blank SpamCheck: header still.  The only subject
>> modifications that are happening is the {Disarmed} tag so it appears that
>> these are getting forwarded/archived before the SA check.
>>
>> Do I have something wrong with my rules file?  I have removed the original
>> rules below so I only have this single archive rule in place now.
>>
>> Archive Mail = %rules-dir%/archive.rules
>> FromOrTo:       mailbox@mydomain.com     maibox@archive.mydomain.com
>> FromOrTo:       default         no
>>
>>
>> On Mon, Sep 27, 2010 at 8:45 AM, Dave Jones <davejones70@gmail.com>wrote:
>>
>>> Update:  The problem seems to occur mainly when I have the forward in the
>>> nonspam.actions.rules file.  I get all email to the forwarded address
>>> including High Spam that should be deleted.
>>>
>>> MailScanner Version Number = 4.79.11
>>>
>>> On Mon, Sep 27, 2010 at 8:35 AM, Dave Jones <davejones70@gmail.com>wrote:
>>>
>>>> Detailed Spam Report = yes
>>>> Include Scores In SpamAssassin Report = yes
>>>> Always Include SpamAssassin Report = yes
>>>>
>>>> I am trying to send nonspam and spam to alternate mailboxes for copying
>>>> email using rules with the forward action.  When a forward comes from the
>>>> Spam Actions rule, I get the subject tagged with spam like I expect and I
>>>> get a full SpamCheck: header like below.  However, when I put an email
>>>> address in both Spam Actions and Non Spam Actions rule, I appear to get all
>>>> email forwarded to my copy mailbox without and subject changes and the
>>>> SpamCheck: is empty.  The original recipient doesn't get the email when it's
>>>> obviously High Spam based on the subject so the problem seems to only be
>>>> with the forwarded address.
>>>>
>>>> Spam Actions = %rules-dir%/spam.actions.rules
>>>> High Scoring Spam Actions = delete
>>>> Non Spam Actions = %rules-dir%/nonspam.actions.rules
>>>>
>>>> X-???-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
>>>> score=8.939,
>>>>  required 6, DCC_CHECK 1.10, HTML_MESSAGE 0.50, INVALID_DATE 1.10,
>>>> KAM_MX4 2.00, MIME_HTML_MOSTLY 0.43, MIME_QP_LONG_LINE 0.00,
>>>>  MPART_ALT_DIFF 0.79, SPF_PASS -0.20, T_DOS_OUTLOOK_TO_MX_IMAGE 0.01,
>>>> URIBL_DBL_SPAM 1.70, URIBL_RHS_DOB 1.51)
>>>>
>>>> %rules-dir%/nonspam.actions.rules
>>>> ==========================
>>>> FromOrTo:     mailbox@mydomain.com     deliver forward
>>>> mailbox@archive.mydomain.com
>>>> FromOrTo:        default        deliver
>>>>
>>>> %rules-dir%/spam.actions.rules
>>>> =======================
>>>> FromOrTo:     mailbox@mydomain.com     deliver striphtml forward
>>>> mailbox@archive.mydomain.com
>>>> FromOrTo:       default         deliver striphtml
>>>>
>>>> An interesting point to note is that when I put my archive address in as
>>>> the default, everything appears to work properly and I receive the
>>>> SpamCheck: header and the subjects are modified.
>>>>
>>>> I realize I could use the Archive feature but I wasn't sure if this
>>>> feature followed the Actions rules.  I don't want to copy High Scoring Spam.
>>>>  Does the Archive feature forward all email?
>>>>
>>>> Dave
>>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101005/4cf42383/attachment.html
From matteo.filippetto at gmail.com  Tue Oct  5 15:58:06 2010
From: matteo.filippetto at gmail.com (matteo filippetto)
Date: Tue Oct  5 15:58:40 2010
Subject: soft links for incoming and quarantine directory
Message-ID: <AANLkTimbFFXxt0UNvLnG_YPhUgE4UH11WYVXMM8p67_E@mail.gmail.com>

Hi all,

I read in the MailScanner.conf file that it is not possible to set
soft links for

Incoming Work Dir
Quarantine Dir

but....I set a soft link in those directives and so in the log I get

"Your "Incoming Work Directory" should be specified as an absolute
path, not including any links. But I will work okay anyway"

Mailscanner is working ok. Now the questions are: what problems could
I have with this configuration?
What problems could rise with soft links?

Best regards.
-- 
Matteo Filippetto
http://op83.blogspot.com
From glenn.steen at gmail.com  Wed Oct  6 08:45:06 2010
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed Oct  6 08:45:17 2010
Subject: soft links for incoming and quarantine directory
In-Reply-To: <AANLkTimbFFXxt0UNvLnG_YPhUgE4UH11WYVXMM8p67_E@mail.gmail.com>
References: <AANLkTimbFFXxt0UNvLnG_YPhUgE4UH11WYVXMM8p67_E@mail.gmail.com>
Message-ID: <AANLkTinndGMN37f9b4SvnW+Q9_cNn65PmquarBJX_GHg@mail.gmail.com>

On 5 October 2010 16:58, matteo filippetto <matteo.filippetto@gmail.com> wrote:
> Hi all,
>
> I read in the MailScanner.conf file that it is not possible to set
> soft links for
>
> Incoming Work Dir
> Quarantine Dir
>
> but....I set a soft link in those directives and so in the log I get
>
> "Your "Incoming Work Directory" should be specified as an absolute
> path, not including any links. But I will work okay anyway"
>
> Mailscanner is working ok. Now the questions are: what problems could
> I have with this configuration?
> What problems could rise with soft links?
>

MailScanner itself will likely have no problem at all, the
recommendation stem from some antivirus scanners having ... severe...
problems (at least historically) with handling symlinked
directories... Notably McAfee has had problems in this regard.

So ... thats the "root cause" of that informational message. It is
easily solved, by explicitly specifying whatever directory you have
'em symlinked to...! So as to avoid the message (and any _possible_
problem).

> Best regards.
> --
> Matteo Filippetto
> http://op83.blogspot.com

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Wed Oct  6 08:53:49 2010
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed Oct  6 08:54:01 2010
Subject: OT postfix multiple instances and recipient verification
In-Reply-To: <BEB224656722D0419B9B2E0CD61E20C71BE4BE50@BHLexchange.bhl.local>
References: <BEB224656722D0419B9B2E0CD61E20C70D46E77E@BHLexchange.bhl.local>
	<AANLkTinHi8TwyrkSmFnovV0C7szROWqYf5D0_ncthjiD@mail.gmail.com>
	<BEB224656722D0419B9B2E0CD61E20C71BE4BE50@BHLexchange.bhl.local>
Message-ID: <AANLkTimECTS2UTcL7Mq62sVN7krT9XV=YAZ3anGgwcEx@mail.gmail.com>

On 5 October 2010 15:11, Jason Ede <J.Ede@birchenallhowden.co.uk> wrote:
>>
>> On 28 September 2010 10:13, Jason Ede <J.Ede@birchenallhowden.co.uk>
>> wrote:
>> > I'm thinking of using multiple postfix instances to split up emails
>> > with multiple recipients (to make sure blacklisting and whitelisting
>> > works
>> > properly) and maybe to sign some outbound emails using domain keys...
>> >
>> >
>> >
>> > From what I've read on the postfix documentation I'll have an inbound
>> > postfix instance that just passes all email on internally via a port I
>> > specify to the next instance where MS does its work and then sends it
>> > on to the destination server. All of this seems relatively straightforward so
>> far.
>> >
>> >
>> >
>> > However, I use recipient verification to make sure we only accept
>> > emails that can be delivered. As the inbound postfix will not have any
>> > direct SMTP out then will this still work as it won't be able to check
>> > where the emails are going to as it just passes all emails on to
>> > another port? I could put a transports file in place, but surely that
>> > would contradict a relayhosts setting in main.cf?
>> >
>> Eric is correct... The first instance has to know how the second instance will
>> route things, but without actually using that route information... So that too
>> is pretty straightforward:-).
>> >
>> >
>> > Also have others used multiple instances like this before with MS and
>> > what is the performance hit in having multiple instances? Are there
>> > any gotchas that I need to be aware of?
>> >
>> >
>> Well... The use of a second instance was the norm in the old days:-).
>
> When I started using MS, which was quite a few years back then we did have 2 instances and it was noticeable the resources freed up when moving back to a single instance, but I can't remember the figures now.
>
As I remember it, mostly larger (ISP type) installs would notice, but
I may be ... far... off on that:-).

>> What you get there is a "static overhead" sort of, plus a per-message
>> overhead, but ... those are minor compared to the overhead incurred by
>> actually splitting mails/recipient (as long as the memory use doesn't mak you
>> start swaping, at least... No Alex, this is not the time to reiterate the old "MS
>> = swapping" joke...:).
>
> I'd prefer to leave the emails batched as they are, but then it won't correctly respect black/whitelisting if it is done on addresses. It'd be nice if MS could check against each address, but that could easily involve MS needing to split the mail into multiple copies depending on the rules applied. (i.e. someone whitelists an address to them, but someone else doesn't want address whitelisted and an email is over the spam score)
>
If you check the ML archives from back then, I think you'll find that
Jules was rather against that notion back then... It'd kind of mess
with the notion that "MailScanner is not an MTA", and the splitting is
indeed an MTA job... So I wouldn't start retaining air in any major
fashion, expecting this to happen:-D.

>> I don't have any comparative statistics for you, but ... if you use MailWatch,
>> you should be able to deduce the impact on your gateways and mailstore(s)
>> by some smart use of SQL;-). The impact for a single-store mailstore (like
>> Exchange) can be huge, since the split messages will be _new_ messages
>> with new Message-IDs.
>> But as said, you can probably get a good picture of what impact it has via log
>> analysis.
>
> That used to be the case, but Exchange 2010 has ditched Single Instance Storage anyway so it will become less of an issue esp as the limit per Exchange store is now (I think) 2TB and can have upto 5 stores for a standard exchange licence. MS's argument is that now storage is cheap so don't need the space saving measures of before.
>
... Just goes to show how old our M-Sexchange(s) are:-). Thanks for the info.

>
>> I haven't had the time to ... freshen ... this up, and unfortunately will
>> probably not have any time to spend on it, in the near future at least. Would
>> be great if you could spruce up the wiki page a bit, when you're done;-).
>>
>
> I'll have a go at that once we've got it all working. It looks like the new postmulti command in postfix (ver 2.6 and later, which is nice cos the new RH6/CentOS 6 when it comes out has postfix 2.6.5 included) just provides a neater way of doing the configuration that was done in the wiki. I also like the idea of having the capability to sign the outbound emails with domain keys or the like and that obviously needs to be done post MS.
>
Great!
Just keep a bit of the old stuff there, so that someone stuck in "pre
2.6" can still make something work:-).

> Jason
>

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From matteo.filippetto at gmail.com  Wed Oct  6 09:03:19 2010
From: matteo.filippetto at gmail.com (matteo filippetto)
Date: Wed Oct  6 09:03:48 2010
Subject: soft links for incoming and quarantine directory
In-Reply-To: <AANLkTinndGMN37f9b4SvnW+Q9_cNn65PmquarBJX_GHg@mail.gmail.com>
References: <AANLkTimbFFXxt0UNvLnG_YPhUgE4UH11WYVXMM8p67_E@mail.gmail.com>
	<AANLkTinndGMN37f9b4SvnW+Q9_cNn65PmquarBJX_GHg@mail.gmail.com>
Message-ID: <AANLkTimn5kM2tHitjB6BeWcN2jitsUWfLjNdOkwWwERc@mail.gmail.com>

> MailScanner itself will likely have no problem at all, the
> recommendation stem from some antivirus scanners having ... severe...
> problems (at least historically) with handling symlinked
> directories... Notably McAfee has had problems in this regard.
>
> So ... thats the "root cause" of that informational message. It is
> easily solved, by explicitly specifying whatever directory you have
> 'em symlinked to...! So as to avoid the message (and any _possible_
> problem).
>

Hi Glenn,

thanks for the explanation.

Best regards

-- 
Matteo Filippetto
http://op83.blogspot.com
From edward.prendergast at netring.co.uk  Wed Oct  6 10:47:04 2010
From: edward.prendergast at netring.co.uk (Edward Prendergast)
Date: Wed Oct  6 10:45:42 2010
Subject: compatibility issue with Archive::Zip::Member v1.30?
Message-ID: <4CAC4598.6050409@netring.co.uk>

  Hi,

I'm seeing MailScanner 4.81.4 return "MailScanner: Message attempted to 
kill MailScanner" every time it tries to process an .xlsx file 
(Microsoft Excel 2010's format). IIRC the format is a zip container with 
the actual Excel data inside it.

When I run MailScanner in debug mode and send one of these files through 
I get the error message:

Insecure dependency in chmod while running with -T switch at 
/opt/perl5/lib/site_perl/5.12.2/Archive/Zip/Member.pm line 490.

That line in Member.pm (v1.30) says:

chmod ($self->unixFileAttributes(), $name)

My guess is that $name is being passed down, hasn't been checked 
anywhere and so is causing a taint issue.

Should I just do a local rebuild of this module that does $name =~ /.*/ 
to fix this issue for now and then submit it as a patch back to the 
vendor? Just modifying the code like this doesn't seem like a great long 
term solution though as it could be a security risk?

Thanks,
Edward

************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorised. If you are not the intended recipient, any action taken or
omitted to be taken in reliance on it, any form of reproduction,
dissemination, copying, disclosure, modification, distribution and/or
publication of this E-mail message is strictly prohibited and may be
unlawful. If you have received this E-mail message in error, please notify
us immediately. Please also destroy and delete the message from your
computer.
************

From edward.prendergast at netring.co.uk  Wed Oct  6 11:34:33 2010
From: edward.prendergast at netring.co.uk (Edward Prendergast)
Date: Wed Oct  6 11:33:17 2010
Subject: compatibility issue with Archive::Zip::Member v1.30?
In-Reply-To: <4CAC4598.6050409@netring.co.uk>
References: <4CAC4598.6050409@netring.co.uk>
Message-ID: <4CAC50B9.2060609@netring.co.uk>

  I tried modifying Member.pm as follows in a test environment for 
debugging:

         $name =~ /^(.*)$/;
         chmod ($self->unixFileAttributes(), $1)
             or return _error("Can't chmod() ${1}: $!");

But I'm still seeing taint errors:
Insecure dependency in chmod while running with -T switch at 
/opt/perl5/lib/site_perl/5.12.2/Archive/Zip/Member.pm line 491.

I guess this means $self->unixFileAttributes() is returning something 
tainted, rather than $name being the tainted variable?

-Edward


On 06/10/2010 10:47, Edward Prendergast wrote:
>  Hi,
>
> I'm seeing MailScanner 4.81.4 return "MailScanner: Message attempted 
> to kill MailScanner" every time it tries to process an .xlsx file 
> (Microsoft Excel 2010's format). IIRC the format is a zip container 
> with the actual Excel data inside it.
>
> When I run MailScanner in debug mode and send one of these files 
> through I get the error message:
>
> Insecure dependency in chmod while running with -T switch at 
> /opt/perl5/lib/site_perl/5.12.2/Archive/Zip/Member.pm line 490.
>
> That line in Member.pm (v1.30) says:
>
> chmod ($self->unixFileAttributes(), $name)
>
> My guess is that $name is being passed down, hasn't been checked 
> anywhere and so is causing a taint issue.
>
> Should I just do a local rebuild of this module that does $name =~ 
> /.*/ to fix this issue for now and then submit it as a patch back to 
> the vendor? Just modifying the code like this doesn't seem like a 
> great long term solution though as it could be a security risk?
>
> Thanks,
> Edward
>
> ************
> The information in this email is confidential and may be legally 
> privileged.
> It is intended solely for the addressee. Access to this email by 
> anyone else
> is unauthorised. If you are not the intended recipient, any action 
> taken or
> omitted to be taken in reliance on it, any form of reproduction,
> dissemination, copying, disclosure, modification, distribution and/or
> publication of this E-mail message is strictly prohibited and may be
> unlawful. If you have received this E-mail message in error, please 
> notify
> us immediately. Please also destroy and delete the message from your
> computer.
> ************
>


************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorised. If you are not the intended recipient, any action taken or
omitted to be taken in reliance on it, any form of reproduction,
dissemination, copying, disclosure, modification, distribution and/or
publication of this E-mail message is strictly prohibited and may be
unlawful. If you have received this E-mail message in error, please notify
us immediately. Please also destroy and delete the message from your
computer.
************

From deejay.grp at gmail.com  Wed Oct  6 12:07:22 2010
From: deejay.grp at gmail.com (Greg Pearson)
Date: Wed Oct  6 12:07:32 2010
Subject: Foreign filename checking
Message-ID: <4CAC586A.4080201@gmail.com>

Hello all,

some of my users are used to send attachments with foreign filenames 
(Greek, Russian etc.). It seems that MailScanner cannot properly handle 
those filenames when they are converted to UTF8 by the mail client. So a 
filename with foreign characters would become something like:

"utf-8''%%CE%%95%%CF%%83%%CF%%89%%CF%%84%%CE%%B5%%CF%%81%%CE%%B9%%CE%%BA%%CF%%8C%%CF%%82%%20%%CE%%BA%%CE%%B1%%CE%%BD%%CE%%BF%%CE%%BD%%CE%%B9%%CF%%83%%CE%%BC%%CF%%8C%%CF%%82%%20lomi%%2001%%202008.doc"

And hence Mailscanner will complain that this filename is too long, 
which is of course not the case. It is mentioned in the Changelog that 
the latest version (4.81.4) has dealt with this:

"16 Improved handling of Unicode and foreign character sets used in 
attachment filenames."

But the problem remains.

I wouldn't want to disable the filename length rule completely, so I 
would appreciate some help on this.

Thanks

From GSilver at rampuptech.com  Wed Oct  6 14:25:00 2010
From: GSilver at rampuptech.com (Gavin Silver)
Date: Wed Oct  6 14:28:06 2010
Subject: example database structure for rules and configs
In-Reply-To: <AF3B610E0140EA4C9D8C9D50ECF75D9201BFD726B495@galvatron>
References: <AF3B610E0140EA4C9D8C9D50ECF75D9201BFD726B495@galvatron>
Message-ID: <AF3B610E0140EA4C9D8C9D50ECF75D9201BFD72BC450@galvatron>

Is anyone using the SQL functionality successfully?


----------------------------------
Gavin Silver
________________________________
From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gavin Silver [GSilver@rampuptech.com]
Sent: Thursday, September 30, 2010 10:50 AM
To: mailscanner@lists.mailscanner.info
Subject: example database structure for rules and configs

Does anyone have any working examples of database/table structures that they use for SQL support in mailscanner (rulesets and config)?

I have read through the conf file in the SQL section but I am still not certain I am comfortable enough to jump right in and I cannot find any other documentation on the subject.

Thanks in advance.

----------------------------------
Gavin Silver


--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101006/6f1f38bd/attachment.html
From steve.freegard at fsl.com  Thu Oct  7 17:08:52 2010
From: steve.freegard at fsl.com (Steve Freegard)
Date: Thu Oct  7 17:09:02 2010
Subject: example database structure for rules and configs
In-Reply-To: <AF3B610E0140EA4C9D8C9D50ECF75D9201BFD72BC450@galvatron>
References: <AF3B610E0140EA4C9D8C9D50ECF75D9201BFD726B495@galvatron>
	<AF3B610E0140EA4C9D8C9D50ECF75D9201BFD72BC450@galvatron>
Message-ID: <4CADF094.2010909@fsl.com>

On 06/10/10 14:25, Gavin Silver wrote:
> Is anyone using the SQL functionality successfully?

Yes - as I wrote and contributed the code for this.

Here's something to get you started; you'll need to create a database 
table called 'config' with three columns:

hostname
option
value
external

Next - pick an option that you want to override from the database; for 
example 'Non Spam Actions'.

MailScanner stores two versions of this variable; the name of the option 
in MailScanner.conf is the external version with the spaces removed and 
lowercased, so 'Non Spam Actions' becomes 'nonspamactions'.

To find the internal version of the option name you have to look in 
ConfigDefs.pl in /usr/lib/MailScanner at the translation table.  If the 
internal variable is different then it will appear within this 
translation list; otherwise the internal is the same as the external 
variable - in this case 'nonspamactions' = 'hamactions'.

So you would add the following values to your database table:

hostname = <your machine hostname (e.g. output of `hostname -f`)>
option = 'hamactions'
value = 'deliver store'
external = 'nonspamactions'

Then you'll need to add a dummy serial number option (this is used to 
cause the children to restart when you increment the number):

hostname = <you machine hostname (as above)>
option = 'confserialnumber'
value = 1
external = 'confserialnumber'

In MailScanner.conf you would then set-up the following options:

DB DSN = <settings to connect to your chosen database>
DB Username = <username>
DB Password = <password>
SQL Serial Number = SELECT value FROM config WHERE option='confserialnumber'
SQL Quick Peek = SELECT value FROM config WHERE external=? AND hostname=?
SQL Cofnig = SELECT option, value FROM config WHERE hostname=?
SQL Debug = yes

Then if you run 'MailScanner --lint' you will be able to see the 
database functions running and overriding the value read from 
MailScanner.conf for 'Non Spam Actions' along with it picking up the 
serial number.

To override *all* settings; you'll need to write some sort of script to 
parse both MailScanner.conf and ConfigDefs.pl (you can rip most of this 
code from Config.pm) to gather all of the configuration options and the 
internal => external translations and create your 'config' table from them.

Hopefully that should get you started.

Kind regards,
Steve.
From mailbag at partnersolutions.ca  Thu Oct  7 18:55:56 2010
From: mailbag at partnersolutions.ca (PSI Mailbag)
Date: Thu Oct  7 18:56:18 2010
Subject: Small bug in update_spamassassin
Message-ID: <38773FB858C8DD4EB14ACC4310E34DF0967AEE@PSIMS008.pshosting.intranet>

Hey Jules,

 In /etc/cron.daily/update_spamassassin and
/usr/sbin/update_spamassassin you're sourcing the file
/etc/sysconfig/update_spamassassin instead of
/etc/sysconfig/MailScanner. Was this by design, or by accident? ;-)


 As a result, sa-update spits out dependency errors for those of us that
use the FSL Gold repo, as @INC isn't modified to include
/opt/fsl/lib/perl5 (defined via /etc/sysconfig/MailScanner).


 The fix is easy enough.. I just wanted to bring it to your attention.

 Cheers,
-Joshua
From bonivart at opencsw.org  Thu Oct  7 19:20:44 2010
From: bonivart at opencsw.org (Peter Bonivart)
Date: Thu Oct  7 19:23:22 2010
Subject: Small bug in update_spamassassin
In-Reply-To: <38773FB858C8DD4EB14ACC4310E34DF0967AEE@PSIMS008.pshosting.intranet>
References: <38773FB858C8DD4EB14ACC4310E34DF0967AEE@PSIMS008.pshosting.intranet>
Message-ID: <AANLkTikNO+XNM+P2_1RNEOGeJx=09uyMr-bygBqC_T-0@mail.gmail.com>

On Thu, Oct 7, 2010 at 7:55 PM, PSI Mailbag <mailbag@partnersolutions.ca> wrote:
> ?In /etc/cron.daily/update_spamassassin and
> /usr/sbin/update_spamassassin you're sourcing the file
> /etc/sysconfig/update_spamassassin instead of
> /etc/sysconfig/MailScanner. Was this by design, or by accident? ;-)

It was changed recently so that update_spamassassin had its own sysconfig file.

01/02/2010 New in Version 4.79.11-1
==================================
* New Features and Improvements *
1 Settings relevant to update_spamassassin have moved from /etc/sysconfig/
  MailScanner to /etc/sysconfig/update_spamassassin.

/peter
From mailbag at partnersolutions.ca  Thu Oct  7 21:34:58 2010
From: mailbag at partnersolutions.ca (PSI Mailbag)
Date: Thu Oct  7 21:34:56 2010
Subject: Small bug in update_spamassassin
In-Reply-To: <AANLkTikNO+XNM+P2_1RNEOGeJx=09uyMr-bygBqC_T-0@mail.gmail.com>
References: <38773FB858C8DD4EB14ACC4310E34DF0967AEE@PSIMS008.pshosting.intranet>
	<AANLkTikNO+XNM+P2_1RNEOGeJx=09uyMr-bygBqC_T-0@mail.gmail.com>
Message-ID: <38773FB858C8DD4EB14ACC4310E34DF0967AFD@PSIMS008.pshosting.intranet>

> 01/02/2010 New in Version 4.79.11-1
> ==================================
> * New Features and Improvements *
> 1 Settings relevant to update_spamassassin have moved from
> /etc/sysconfig/
>   MailScanner to /etc/sysconfig/update_spamassassin.

Thanks Peter.. I must have missed that the last time I read through the
changes. Funny, though.. considering these comments from the top of
/usr/sbin/update_spamassassin:

# JKF This is part of MailScanner.
# Call sa-update and sa-compile if you have them both.
# If you want to add arguments (such as channel file settings) to
sa-update
# then do it by editing /etc/sysconfig/MailScanner, *NOT* by editing
this
# script.


:-P

-Joshua
From GSilver at rampuptech.com  Thu Oct  7 22:58:07 2010
From: GSilver at rampuptech.com (Gavin Silver)
Date: Thu Oct  7 22:57:52 2010
Subject: example database structure for rules and configs
In-Reply-To: <4CADF094.2010909@fsl.com>
References: <AF3B610E0140EA4C9D8C9D50ECF75D9201BFD726B495@galvatron>
	<AF3B610E0140EA4C9D8C9D50ECF75D9201BFD72BC450@galvatron>
	<4CADF094.2010909@fsl.com>
Message-ID: <AF3B610E0140EA4C9D8C9D50ECF75D9201BFD726B84B@galvatron>


Perfect, thanks steve!


----------------------------------
Gavin Silver


-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Freegard
Sent: Thursday, October 07, 2010 12:09 PM
To: MailScanner discussion
Subject: Re: example database structure for rules and configs

On 06/10/10 14:25, Gavin Silver wrote:
> Is anyone using the SQL functionality successfully?

Yes - as I wrote and contributed the code for this.

Here's something to get you started; you'll need to create a database 
table called 'config' with three columns:

hostname
option
value
external

Next - pick an option that you want to override from the database; for 
example 'Non Spam Actions'.

MailScanner stores two versions of this variable; the name of the option 
in MailScanner.conf is the external version with the spaces removed and 
lowercased, so 'Non Spam Actions' becomes 'nonspamactions'.

To find the internal version of the option name you have to look in 
ConfigDefs.pl in /usr/lib/MailScanner at the translation table.  If the 
internal variable is different then it will appear within this 
translation list; otherwise the internal is the same as the external 
variable - in this case 'nonspamactions' = 'hamactions'.

So you would add the following values to your database table:

hostname = <your machine hostname (e.g. output of `hostname -f`)>
option = 'hamactions'
value = 'deliver store'
external = 'nonspamactions'

Then you'll need to add a dummy serial number option (this is used to 
cause the children to restart when you increment the number):

hostname = <you machine hostname (as above)>
option = 'confserialnumber'
value = 1
external = 'confserialnumber'

In MailScanner.conf you would then set-up the following options:

DB DSN = <settings to connect to your chosen database>
DB Username = <username>
DB Password = <password>
SQL Serial Number = SELECT value FROM config WHERE option='confserialnumber'
SQL Quick Peek = SELECT value FROM config WHERE external=? AND hostname=?
SQL Cofnig = SELECT option, value FROM config WHERE hostname=?
SQL Debug = yes

Then if you run 'MailScanner --lint' you will be able to see the 
database functions running and overriding the value read from 
MailScanner.conf for 'Non Spam Actions' along with it picking up the 
serial number.

To override *all* settings; you'll need to write some sort of script to 
parse both MailScanner.conf and ConfigDefs.pl (you can rip most of this 
code from Config.pm) to gather all of the configuration options and the 
internal => external translations and create your 'config' table from them.

Hopefully that should get you started.

Kind regards,
Steve.
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 



--

From Amelein at dantumadiel.eu  Fri Oct  8 09:08:08 2010
From: Amelein at dantumadiel.eu (Arjan Melein)
Date: Fri Oct  8 09:08:30 2010
Subject: Problems getting relay country to work
Message-ID: <4CAEED880200008E00015FED@10.1.0.206>

I'm trying to get the relay country plugin to work so I can start picking off whole countries but for some reason I cannot seem to get it to actually put the header.
I put the custom rules/score in local.cf as well as 'add_header all Relay-Country _RELAYCOUNTRY_' but that doesn't seem to do anything.
I also tried putting the add_header line in 10_default_prefs.cf below the clear_headers but that didn't work either.

What am I forgetting ? The spamassassin install is the latest one from the MS website.

-
Arjan

MailScanner -V output(in case it helps):
This is Fedora release 11 (Leonidas)
This is Perl version 5.010000 (5.10.0)

This is MailScanner version 4.81.4
Module versions are:
1.00    AnyDBM_File
1.30    Archive::Zip
0.23    bignum
1.08    Carp
2.008   Compress::Zlib
1.119   Convert::BinHex
0.17    Convert::TNEF
2.121_14        Data::Dumper
2.27    Date::Parse
1.01    DirHandle
1.06    Fcntl
2.77    File::Basename
2.11    File::Copy
2.01    FileHandle
2.07    File::Path
0.21    File::Temp
0.92    Filesys::Df
3.64    HTML::Entities
3.64    HTML::Parser
3.57    HTML::TokeParser
1.23    IO
1.14    IO::File
1.13    IO::Pipe
2.04    Mail::Header
1.89    Math::BigInt
0.22    Math::BigRat
3.07_01 MIME::Base64
5.427   MIME::Decoder
5.427   MIME::Decoder::UU
5.427   MIME::Head
5.427   MIME::Parser
3.07    MIME::QuotedPrint
5.427   MIME::Tools
0.13    Net::CIDR
1.25    Net::IP
0.18    OLE::Storage_Lite
1.04    Pod::Escapes
3.07    Pod::Simple
1.16    POSIX
1.21    Scalar::Util
1.81    Socket
2.18    Storable
1.4     Sys::Hostname::Long
0.27    Sys::Syslog
1.26    Test::Pod
0.92    Test::Simple
1.9719  Time::HiRes
1.02    Time::localtime

Optional module versions are:
1.29    Archive::Tar
0.23    bignum
1.82    Business::ISBN
1.10    Business::ISBN::Data
1.08    Data::Dump
1.816_1 DB_File
1.25    DBD::SQLite
1.609   DBI
1.15    Digest
1.01    Digest::HMAC
2.36_01 Digest::MD5
2.11    Digest::SHA1
1.01    Encode::Detect
0.17015 Error
0.18    ExtUtils::CBuilder
2.18_02 ExtUtils::ParseXS
2.38    Getopt::Long
0.44    Inline
1.08    IO::String
1.04    IO::Zlib
2.21    IP::Country
0.29    Mail::ClamAV
3.003001        Mail::SpamAssassin
v2.006  Mail::SPF
1.999001        Mail::SPF::Query
0.34    Module::Build
0.20    Net::CIDR::Lite
0.65    Net::DNS
v0.003  Net::DNS::Resolver::Programmable
missing Net::LDAP
 4.004  NetAddr::IP
1.94    Parse::RecDescent
missing SAVI
3.16    Test::Harness
0.95    Test::Manifest
2.0.0   Text::Balanced
1.37    URI
0.77    version
0.68    YAML

From glenn.steen at gmail.com  Fri Oct  8 09:37:10 2010
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri Oct  8 09:37:19 2010
Subject: Problems getting relay country to work
In-Reply-To: <4CAEED880200008E00015FED@10.1.0.206>
References: <4CAEED880200008E00015FED@10.1.0.206>
Message-ID: <AANLkTi=RfVDkXnFE6t9od9-5Dt0ywfkbnEumiHqNzpH2@mail.gmail.com>

On 8 October 2010 10:08, Arjan Melein <Amelein@dantumadiel.eu> wrote:
> I'm trying to get the relay country plugin to work so I can start picking off whole countries but for some reason I cannot seem to get it to actually put the header.
> I put the custom rules/score in local.cf as well as 'add_header all Relay-Country _RELAYCOUNTRY_' but that doesn't seem to do anything.
> I also tried putting the add_header line in 10_default_prefs.cf below the clear_headers but that didn't work either.
>
> What am I forgetting ? The spamassassin install is the latest one from the MS website.
>
That MailScanner only add "its own" headers, not the standard SA ones?

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From Amelein at dantumadiel.eu  Fri Oct  8 09:45:12 2010
From: Amelein at dantumadiel.eu (Arjan Melein)
Date: Fri Oct  8 09:45:31 2010
Subject: Betr.: Re: Problems getting relay country to work
In-Reply-To: <AANLkTi=RfVDkXnFE6t9od9-5Dt0ywfkbnEumiHqNzpH2@mail.gmail.com>
References: <4CAEED880200008E00015FED@10.1.0.206>
	<AANLkTi=RfVDkXnFE6t9od9-5Dt0ywfkbnEumiHqNzpH2@mail.gmail.com>
Message-ID: <4CAEF6380200008E00015FF2@10.1.0.206>

>>> Op 8-10-2010 om 10:37 is door Glenn Steen <glenn.steen@gmail.com> geschreven:

> That MailScanner only add "its own" headers, not the standard SA ones?
> 
> Cheers


That would be a very good reason for it to not show up .... 
Any way to get this to work or is it a matter of 'its working but you just cant see it till you get a hit' ?

-
Arjan

From john at tradoc.fr  Fri Oct  8 10:17:46 2010
From: john at tradoc.fr (John Wilcock)
Date: Fri Oct  8 10:18:04 2010
Subject: Problems getting relay country to work
In-Reply-To: <4CAEED880200008E00015FED@10.1.0.206>
References: <4CAEED880200008E00015FED@10.1.0.206>
Message-ID: <4CAEE1BA.4070903@tradoc.fr>

Le 08/10/2010 10:08, Arjan Melein a ?crit :
> I'm trying to get the relay country plugin to work so I can start picking off whole countries but for some reason I cannot seem to get it to actually put the header.
> I put the custom rules/score in local.cf as well as 'add_header all Relay-Country _RELAYCOUNTRY_' but that doesn't seem to do anything.
> I also tried putting the add_header line in 10_default_prefs.cf below the clear_headers but that didn't work either.
>
> What am I forgetting ? The spamassassin install is the latest one from the MS website.

Have you uncommented the loadplugin line in your spamassassin init.pre file?

As others have pointed out, add_header lines with MailScanner have no 
effect. The X-Relay-Countries pseudo-header only lasts for the duration 
of the spamassassin scan.

Try a test rule with your own country's code, and/or with US, either of 
which are pretty much guaranteed to trigger fairly often:
header T_RELAY_FRANCE X-Relay-Countries =~ /FR/

John.

-- 
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr
From LGi at b-w-computer.de  Fri Oct  8 13:24:46 2010
From: LGi at b-w-computer.de (LGi@b-w-computer.de)
Date: Fri Oct  8 13:24:59 2010
Subject: Mailscanner does not scan mails
Message-ID: <OF3CA0186D.59B8C44D-ONC12577B6.00429654-C12577B6.00442FCB@b-w-computer.de>

I just ugraded to MailScanner-4.81.4-1

All seems fine, but it's just not scanning messages.
The debug output says:

        14:10:29 Building a message batch to scan...

but nothing happens

ps ax shows:

        29532 pts/3    S+     0:38 MailScanner: waiting for messages

The Incoming Queue Dir is configured correctly:

Incoming Queue Dir = /var/spool/postfix/hold

When I start the job with strace the Mailscanner processs seem to look 
into the queue directory every 6 seconds:

[pid 29692] chdir("/var/spool/postfix/hold") = 0
[pid 29692] open(".", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000) 
= 9
[pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
[pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
[pid 29692] close(9)                    = 0
[pid 29692] umask(0177)                 = 077
[pid 29692] umask(077)                  = 0177
[pid 29692] time(NULL)                  = 1286540143
[pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
[pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
[pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 29692] nanosleep({6, 0}, {6, 0})   = 0
[pid 29692] time(NULL)                  = 1286540149
[pid 29692] chdir("/var/spool/postfix/hold") = 0
[pid 29692] open(".", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000) 
= 9
[pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
[pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
[pid 29692] close(9)                    = 0
[pid 29692] umask(0177)                 = 077
[pid 29692] umask(077)                  = 0177
[pid 29692] time(NULL)                  = 1286540149
[pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
[pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
[pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 29692] nanosleep({6, 0},


There are several new messages in the directory /var/spool/postfix/hold 
but MailScanner does not pick them.

any idea how to get this to work?
Previus Version MailScanner-4.52.2 is working fine.





best regards


Lars Gierling




Think before you print
Diese E-Mail und alle Anh?nge enthalten vertrauliche und/oder rechtlich 
gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder 
diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort den 
Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das unerlaubte 
Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.

This e-mail and any attached files may contain confidential and/or 
privileged information. If you are not the intended recipient (or have 
received this e-mail by mistake) please notify the sender immediately and 
delete this e-mail. Any unauthorised duplication, disclosure or 
distribution of this e-mail and content is strictly forbidden. 

-------------- next part --------------
fw-1 opt # /opt/MailScanner/bin/MailScanner --debug --debug-sa


In Debugging mode, not forking...
Trying to setlogsock(unix)
14:09:53 Oct  8 14:09:53.455 [29532] dbg: logger: adding facilities: all
14:09:53 Oct  8 14:09:53.455 [29532] dbg: logger: logging level is DBG
14:09:53 Oct  8 14:09:53.456 [29532] dbg: generic: SpamAssassin version 3.3.1
14:09:53 Oct  8 14:09:53.456 [29532] dbg: generic: Perl 5.008008, PREFIX=/usr, DEF_RULES_DIR=/usr/share/spamassassin, LOCAL_RULES_DIR=/etc/mail/spamassassin, LOCAL_STATE_DIR=/var/lib/spamassassin
14:09:53 Oct  8 14:09:53.456 [29532] dbg: config: timing enabled
14:09:53 Oct  8 14:09:53.458 [29532] dbg: config: score set 0 chosen.
14:09:53 Oct  8 14:09:53.462 [29532] dbg: util: running in taint mode? no
14:09:53 Oct  8 14:09:53.470 [29532] dbg: dns: no ipv6
14:09:53 Oct  8 14:09:53.470 [29532] dbg: dns: is Net::DNS::Resolver available? yes
14:09:53 Oct  8 14:09:53.470 [29532] dbg: dns: Net::DNS version: 0.65
14:09:53 Oct  8 14:09:53.472 [29532] dbg: config: using "/etc/mail/spamassassin" for site rules pre files
14:09:53 Oct  8 14:09:53.472 [29532] dbg: config: read file /etc/mail/spamassassin/init.pre
14:09:53 Oct  8 14:09:53.473 [29532] dbg: config: read file /etc/mail/spamassassin/v310.pre
14:09:53 Oct  8 14:09:53.473 [29532] dbg: config: read file /etc/mail/spamassassin/v312.pre
14:09:53 Oct  8 14:09:53.473 [29532] dbg: config: read file /etc/mail/spamassassin/v320.pre
14:09:53 Oct  8 14:09:53.474 [29532] dbg: config: read file /etc/mail/spamassassin/v330.pre
14:09:53 Oct  8 14:09:53.474 [29532] dbg: config: using "/usr/share/spamassassin" for sys rules pre files
14:09:53 Oct  8 14:09:53.474 [29532] dbg: config: using "/usr/share/spamassassin" for default rules dir
14:09:53 Oct  8 14:09:53.475 [29532] dbg: config: using "/etc/mail/spamassassin" for site rules dir
14:09:53 Oct  8 14:09:53.476 [29532] dbg: config: read file /etc/mail/spamassassin/local.cf
14:09:53 Oct  8 14:09:53.476 [29532] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf
14:09:53 Oct  8 14:09:53.476 [29532] dbg: config: read file /etc/mail/spamassassin/secrets.cf
14:09:53 Oct  8 14:09:53.478 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
14:09:53 Oct  8 14:09:53.491 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
14:09:53 Oct  8 14:09:53.499 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
14:09:53 Oct  8 14:09:53.509 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
14:09:53 Oct  8 14:09:53.515 [29532] dbg: pyzor: network tests on, attempting Pyzor
14:09:53 Oct  8 14:09:53.515 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC
14:09:53 Oct  8 14:09:53.521 [29532] dbg: razor2: razor2 is not available
14:09:53 Oct  8 14:09:53.522 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC
14:09:53 Oct  8 14:09:53.549 [29532] dbg: reporter: network tests on, attempting SpamCop
14:09:53 Oct  8 14:09:53.550 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
14:09:53 Oct  8 14:09:53.553 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
14:09:53 Oct  8 14:09:53.555 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC
14:09:53 Oct  8 14:09:53.558 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC
14:09:53 Oct  8 14:09:53.562 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::DKIM from @INC
14:09:53 Oct  8 14:09:53.574 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from @INC
14:09:53 Oct  8 14:09:53.591 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC
14:09:53 Oct  8 14:09:53.593 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDetail from @INC
14:09:53 Oct  8 14:09:53.597 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes from @INC
14:09:53 Oct  8 14:09:53.619 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval from @INC
14:09:53 Oct  8 14:09:53.624 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval from @INC
14:09:53 Oct  8 14:09:53.631 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from @INC
14:09:53 Oct  8 14:09:53.636 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval from @INC
14:09:53 Oct  8 14:09:53.651 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval from @INC
14:09:53 Oct  8 14:09:53.658 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval from @INC
14:09:53 Oct  8 14:09:53.664 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval from @INC
14:09:53 Oct  8 14:09:53.666 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval from @INC
14:09:53 Oct  8 14:09:53.672 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from @INC
14:09:53 Oct  8 14:09:53.675 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from @INC
14:09:53 Oct  8 14:09:53.681 [29532] dbg: plugin: loading Mail::SpamAssassin::Plugin::FreeMail from @INC
14:09:53 Oct  8 14:09:53.695 [29532] dbg: plugin: Mail::SpamAssassin::Plugin::FreeMail=HASH(0xb9f6a3c8) implements 'parse_config', priority 0
14:09:53 Oct  8 14:09:53.695 [29532] info: config: failed to parse line, skipping, in "/etc/mail/spamassassin/mailscanner.cf": use_auto_whitelist 0
14:09:53 Oct  8 14:09:53.697 [29532] dbg: config: finish parsing
14:09:53 Oct  8 14:09:53.698 [29532] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xb9d52e98) implements 'finish_parsing_end', priority 0
14:09:53 Oct  8 14:09:53.698 [29532] dbg: plugin: Mail::SpamAssassin::Plugin::FreeMail=HASH(0xb9f6a3c8) implements 'finish_parsing_end', priority 0
14:09:53 Oct  8 14:09:53.698 [29532] dbg: replacetags: replacing tags
14:09:53 Oct  8 14:09:53.698 [29532] dbg: replacetags: done replacing tags
14:09:53 Oct  8 14:09:53.699 [29532] dbg: FreeMail: no freemail_domains entries defined, disabling plugin
14:09:53 Oct  8 14:09:53.701 [29532] dbg: plugin: Mail::SpamAssassin::Plugin::Bayes=HASH(0xb9df392c) implements 'learner_new', priority 0
14:09:53 Oct  8 14:09:53.702 [29532] dbg: bayes: learner_new self=Mail::SpamAssassin::Plugin::Bayes=HASH(0xb9df392c), bayes_store_module=Mail::SpamAssassin::BayesStore::DBM
14:09:53 Oct  8 14:09:53.733 [29532] dbg: bayes: learner_new: got store=Mail::SpamAssassin::BayesStore::DBM=HASH(0xb9f88be8)
14:09:53 Oct  8 14:09:53.734 [29532] dbg: plugin: Mail::SpamAssassin::Plugin::Bayes=HASH(0xb9df392c) implements 'learner_is_scan_available', priority 0
14:09:53 Oct  8 14:09:53.734 [29532] dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_toks
14:09:53 Oct  8 14:09:53.735 [29532] dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_seen
14:09:53 Oct  8 14:09:53.736 [29532] dbg: bayes: found bayes db version 3
14:09:53 Oct  8 14:09:53.737 [29532] dbg: bayes: DB journal sync: last sync: 0
14:09:53 Oct  8 14:09:53.738 [29532] dbg: bayes: not available for scanning, only 0 spam(s) in bayes DB < 200
14:09:53 Oct  8 14:09:53.738 [29532] dbg: bayes: untie-ing
14:09:53 Oct  8 14:09:53.738 [29532] dbg: config: score set 1 chosen.
14:09:53 Oct  8 14:09:53.739 [29532] dbg: ignore: test message to precompile patterns and load modules
14:09:53 Oct  8 14:09:53.739 [29532] dbg: plugin: Mail::SpamAssassin::Plugin::HeaderEval=HASH(0xb9ed15e4) implements 'compile_now_start', priority 0
14:09:53 Oct  8 14:09:53.740 [29532] dbg: eval: failed to locate the triplets.txt file
14:09:53 Oct  8 14:09:53.741 [29532] dbg: message: main message type: text/plain
14:09:53 Oct  8 14:09:53.741 [29532] dbg: message: ---- MIME PARSER START ----
14:09:53 Oct  8 14:09:53.741 [29532] dbg: message: parsing normal part
14:09:53 Oct  8 14:09:53.741 [29532] dbg: message: ---- MIME PARSER END ----
14:09:53 Oct  8 14:09:53.742 [29532] dbg: plugin: Mail::SpamAssassin::Plugin::DNSEval=HASH(0xb9e7486c) implements 'check_start', priority 0
14:09:53 Oct  8 14:09:53.744 [29532] dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_toks
14:09:53 Oct  8 14:09:53.745 [29532] dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_seen
14:09:53 Oct  8 14:09:53.746 [29532] dbg: bayes: found bayes db version 3
14:09:53 Oct  8 14:09:53.747 [29532] dbg: bayes: DB journal sync: last sync: 0
14:09:53 Oct  8 14:09:53.747 [29532] dbg: bayes: not available for scanning, only 0 spam(s) in bayes DB < 200
14:09:53 Oct  8 14:09:53.747 [29532] dbg: bayes: untie-ing
14:09:53 Oct  8 14:09:53.748 [29532] dbg: plugin: Mail::SpamAssassin::Plugin::Check=HASH(0xb9dd98b0) implements 'check_main', priority 0
14:09:53 Oct  8 14:09:53.749 [29532] dbg: config: trusted_networks are not configured; it is recommended that you configure trusted_networks manually
14:09:53 Oct  8 14:09:53.749 [29532] dbg: metadata: X-Spam-Relays-Trusted:
14:09:53 Oct  8 14:09:53.750 [29532] dbg: metadata: X-Spam-Relays-Untrusted:
14:09:53 Oct  8 14:09:53.750 [29532] dbg: metadata: X-Spam-Relays-Internal:
14:09:53 Oct  8 14:09:53.750 [29532] dbg: metadata: X-Spam-Relays-External:
14:09:53 Oct  8 14:09:53.751 [29532] dbg: message: no encoding detected
14:09:53 Oct  8 14:09:53.751 [29532] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xb9c469e0) implements 'parsed_metadata', priority 0
14:09:53 Oct  8 14:09:53.752 [29532] dbg: dns: no ipv6
14:09:53 Oct  8 14:09:53.752 [29532] dbg: dns: is Net::DNS::Resolver available? yes
14:09:53 Oct  8 14:09:53.753 [29532] dbg: dns: Net::DNS version: 0.65
14:09:53 Oct  8 14:09:53.753 [29532] dbg: dns: name server: 193.97.213.10, LocalAddr: 0.0.0.0
14:09:53 Oct  8 14:09:53.754 [29532] dbg: dns: resolver socket rx buffer size is 108544 bytes
14:09:53 Oct  8 14:09:53.754 [29532] dbg: dns: dns_available set to yes in config file, skipping test
14:09:53 Oct  8 14:09:53.757 [29532] dbg: uridnsbl: domains to query:
14:09:53 Oct  8 14:09:53.758 [29532] dbg: check: running tests for priority: 0
14:09:53 Oct  8 14:09:53.758 [29532] dbg: rules: running head tests; score so far=0
14:09:53 Oct  8 14:09:53.760 [29532] dbg: rules: flush_evalstr (run_generic_tests) compiling 858 chars of Mail::SpamAssassin::Plugin::Check::_head_tests_0_1
14:09:53 Oct  8 14:09:53.760 [29532] dbg: rules: run_generic_tests - compiling eval code: head, priority 0
14:09:53 Oct  8 14:09:53.761 [29532] dbg: rules: compiled head tests
14:09:53 Oct  8 14:09:53.761 [29532] dbg: rules: running body tests; score so far=0
14:09:53 Oct  8 14:09:53.762 [29532] dbg: rules: flush_evalstr (run_generic_tests) compiling 221 chars of Mail::SpamAssassin::Plugin::Check::_body_tests_0_1
14:09:53 Oct  8 14:09:53.762 [29532] dbg: rules: run_generic_tests - compiling eval code: body, priority 0
14:09:53 Oct  8 14:09:53.763 [29532] dbg: rules: compiled body tests
14:09:53 Oct  8 14:09:53.763 [29532] dbg: rules: running uri tests; score so far=0
14:09:53 Oct  8 14:09:53.763 [29532] dbg: rules: flush_evalstr (run_generic_tests) compiling 219 chars of Mail::SpamAssassin::Plugin::Check::_uri_tests_0_1
14:09:53 Oct  8 14:09:53.764 [29532] dbg: rules: run_generic_tests - compiling eval code: uri, priority 0
14:09:53 Oct  8 14:09:53.764 [29532] dbg: rules: compiled uri tests
14:09:53 Oct  8 14:09:53.765 [29532] dbg: rules: running rawbody tests; score so far=0
14:09:53 Oct  8 14:09:53.765 [29532] dbg: rules: flush_evalstr (run_generic_tests) compiling 227 chars of Mail::SpamAssassin::Plugin::Check::_rawbody_tests_0_1
14:09:53 Oct  8 14:09:53.766 [29532] dbg: rules: run_generic_tests - compiling eval code: rawbody, priority 0
14:09:53 Oct  8 14:09:53.766 [29532] dbg: rules: compiled rawbody tests
14:09:53 Oct  8 14:09:53.767 [29532] dbg: rules: running full tests; score so far=0
14:09:53 Oct  8 14:09:53.767 [29532] dbg: rules: flush_evalstr (run_generic_tests) compiling 256 chars of Mail::SpamAssassin::Plugin::Check::_full_tests_0_1
14:09:53 Oct  8 14:09:53.767 [29532] dbg: rules: run_generic_tests - compiling eval code: full, priority 0
14:09:53 Oct  8 14:09:53.768 [29532] dbg: rules: compiled full tests
14:09:53 Oct  8 14:09:53.768 [29532] dbg: rules: running meta tests; score so far=0
14:09:53 Oct  8 14:09:53.769 [29532] dbg: rules: flush_evalstr (run_generic_tests) compiling 281 chars of Mail::SpamAssassin::Plugin::Check::_meta_tests_0_1
14:09:53 Oct  8 14:09:53.769 [29532] dbg: rules: run_generic_tests - compiling eval code: meta, priority 0
14:09:53 Oct  8 14:09:53.770 [29532] dbg: rules: compiled meta tests
14:09:53 Oct  8 14:09:53.770 [29532] dbg: dns: harvest_dnsbl_queries
14:09:53 Oct  8 14:09:53.771 [29532] dbg: check: is spam? score=0 required=5
14:09:53 Oct  8 14:09:53.772 [29532] dbg: check: tests=
14:09:53 Oct  8 14:09:53.772 [29532] dbg: check: subtests=
14:09:53 Oct  8 14:09:53.773 [29532] dbg: plugin: Mail::SpamAssassin::Plugin::Bayes=HASH(0xb9df392c) implements 'learner_close', priority 0

14:10:29 Building a message batch to scan...
-------------- next part --------------
fw-1 opt # /opt/MailScanner/bin/MailScanner --lint
Trying to setlogsock(unix)

Reading configuration file /opt/MailScanner/etc/MailScanner.conf
Reading configuration file /opt/MailScanner/etc/conf.d/README
Read 865 hostnames from the phishing whitelist
Read 5718 hostnames from the phishing blacklists

Checking version numbers...
Version number in MailScanner.conf (4.81.4) is correct.

ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf
ERROR: is not correct, it should match X-VOSSCHEMIE-MailScanner-From

MailScanner setting GID to  (207)
MailScanner setting UID to  (207)

Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Connected to Processing Attempts Database
Created Processing Attempts Database successfully
There are 0 messages in the Processing Attempts Database
lock.pl sees Config  LockType =  posix
lock.pl sees have_module =  0
Using locktype = posix
MailScanner.conf says "Virus Scanners = clamavmodule"
Debug Mode Is On
Use Threads : NO
Socket    : /tmp/clamd.socket
IP        : Using Sockets
Lock File : NOT USED
Time Out  : 300
Scan Dir  : /var/spool/MailScanner/incoming/30108/ISITINSTALLED
Found these virus scanners installed: clamavmodule
===========================================================================
Created attachment dirs for 1 messages
Looked up unknown string nonpasswordedarchive in language translation file /opt/MailScanner/etc/vosschemie-reports/de/languages.conf at /opt/MailScanner/lib/MailScanner/Config.pm line 1372
Filename Checks: Windows/DOS Executable (1 eicar.com)
Completed checking by /usr/bin/file
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Commencing scanning by clamavmodule...
ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./1/eicar.com
Completed scanning by clamavmodule
Virus Scanning: ClamAVModule found 2 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 2 viruses
===========================================================================
Virus Scanner test reports:
ClamAVModule said "eicar.com was infected: Eicar-Test-Signature"

If any of your virus scanners (clamavmodule)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
From ms-list at alexb.ch  Fri Oct  8 13:34:15 2010
From: ms-list at alexb.ch (Alex Broens)
Date: Fri Oct  8 13:34:27 2010
Subject: Mailscanner does not scan mails
In-Reply-To: <OF3CA0186D.59B8C44D-ONC12577B6.00429654-C12577B6.00442FCB@b-w-computer.de>
References: <OF3CA0186D.59B8C44D-ONC12577B6.00429654-C12577B6.00442FCB@b-w-computer.de>
Message-ID: <4CAF0FC7.9030508@alexb.ch>

did you check permsisions as per docs?
MailScanner setup may reset them after running

h2h
Alex

On 2010-10-08 14:24, LGi@b-w-computer.de wrote:
> I just ugraded to MailScanner-4.81.4-1
> 
> All seems fine, but it's just not scanning messages.
> The debug output says:
> 
>         14:10:29 Building a message batch to scan...
> 
> but nothing happens
> 
> ps ax shows:
> 
>         29532 pts/3    S+     0:38 MailScanner: waiting for messages
> 
> The Incoming Queue Dir is configured correctly:
> 
> Incoming Queue Dir = /var/spool/postfix/hold
> 
> When I start the job with strace the Mailscanner processs seem to look 
> into the queue directory every 6 seconds:
> 
> [pid 29692] chdir("/var/spool/postfix/hold") = 0
> [pid 29692] open(".", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000) 
> = 9
> [pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
> [pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
> [pid 29692] close(9)                    = 0
> [pid 29692] umask(0177)                 = 077
> [pid 29692] umask(077)                  = 0177
> [pid 29692] time(NULL)                  = 1286540143
> [pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
> [pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
> [pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> [pid 29692] nanosleep({6, 0}, {6, 0})   = 0
> [pid 29692] time(NULL)                  = 1286540149
> [pid 29692] chdir("/var/spool/postfix/hold") = 0
> [pid 29692] open(".", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000) 
> = 9
> [pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
> [pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
> [pid 29692] close(9)                    = 0
> [pid 29692] umask(0177)                 = 077
> [pid 29692] umask(077)                  = 0177
> [pid 29692] time(NULL)                  = 1286540149
> [pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
> [pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
> [pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> [pid 29692] nanosleep({6, 0},
> 
> 
> There are several new messages in the directory /var/spool/postfix/hold 
> but MailScanner does not pick them.
> 
> any idea how to get this to work?
> Previus Version MailScanner-4.52.2 is working fine.
> 
> 
> 
> 
> 
> best regards
> 
> 
> Lars Gierling
> 
> 
> 
> 
> Think before you print
> Diese E-Mail und alle Anh?nge enthalten vertrauliche und/oder rechtlich 
> gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder 
> diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort den 
> Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das unerlaubte 
> Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.
> 
> This e-mail and any attached files may contain confidential and/or 
> privileged information. If you are not the intended recipient (or have 
> received this e-mail by mistake) please notify the sender immediately and 
> delete this e-mail. Any unauthorised duplication, disclosure or 
> distribution of this e-mail and content is strictly forbidden. 
> 

From LGi at b-w-computer.de  Fri Oct  8 13:44:25 2010
From: LGi at b-w-computer.de (LGi@b-w-computer.de)
Date: Fri Oct  8 13:44:46 2010
Subject: Mailscanner does not scan mails
In-Reply-To: <4CAF0FC7.9030508@alexb.ch>
References: <OF3CA0186D.59B8C44D-ONC12577B6.00429654-C12577B6.00442FCB@b-w-computer.de>
	<4CAF0FC7.9030508@alexb.ch>
Message-ID: <OF0A3F8C7A.7D7D450D-ONC12577B6.0045E193-C12577B6.0045FC22@b-w-computer.de>

yes, i think permissions are OK

fw-1 opt # ls -ls /var/spool/postfix/
total 20
 0 drwx------  2 postfix root        6 Oct  8 14:40 active
 0 drwx------  2 postfix root        6 Oct  8 13:41 bounce
 0 drwx------  2 postfix root        6 Apr  5  2006 corrupt
 0 drwx------ 18 postfix root      134 Apr 26  2006 defer
 0 drwx------ 18 postfix root      134 Apr 26  2006 deferred
 0 drwx------  2 postfix root       45 Oct  1 08:27 flush
12 drwx------  2 postfix root     8192 Oct  8 14:42 hold
 0 drwx------  2 postfix root       61 Oct  8 14:42 incoming
 0 drwx-wx---  2 postfix postdrop   25 Oct  8 14:07 maildrop
 4 drwxr-xr-x  2 root    root     4096 Sep  1  2008 pid
 4 drwx------  2 postfix root     4096 Oct  7 20:05 private
 0 drwx--x---  2 postfix postdrop   68 Oct  7 20:05 public
 0 drwx------  2 postfix root        6 Apr  5  2006 saved
 0 drwx------  2 postfix root       44 Oct  8 13:32 trace


fw-1 opt # ls -la /var/spool/MailScanner/
total 8
drwxr-xr-x  6 postfix postfix   69 Mar  5  2009 .
drwxr-xr-x  9 root    root      98 Mar  5  2009 ..
drwxr-xr-x  2 postfix postfix    6 May 11  2006 bayes
drwxr-xr-x 46 postfix postfix 4096 Oct  8 14:22 incoming
drwxr-xr-x 34 postfix postfix 4096 Oct  8 05:23 quarantine
drwx------  2 postfix postfix   58 Apr  7  2006 spamassassin




Fragen? Kommen Sie jederzeit gerne auf uns zu!

Herzliche Gr??e aus Hamburg
b&w computer

Lars Gierling
b&w computer 
Inh.: Michael Papenhagen
Fangdieckstr. 64
D-22547 Hamburg | Germany
Tel:  +49 40 / 49 296 - 0 
Fax: +49 40 / 49 296 - 100 
http://www.b-w-computer.de 





Von:    Alex Broens <ms-list@alexb.ch>
An:     MailScanner discussion <mailscanner@lists.mailscanner.info>
Datum:  08.10.2010 14:37
Betreff:        Re: Mailscanner does not scan mails
Gesendet von:   mailscanner-bounces@lists.mailscanner.info



did you check permsisions as per docs?
MailScanner setup may reset them after running

h2h
Alex

On 2010-10-08 14:24, LGi@b-w-computer.de wrote:
> I just ugraded to MailScanner-4.81.4-1
> 
> All seems fine, but it's just not scanning messages.
> The debug output says:
> 
>         14:10:29 Building a message batch to scan...
> 
> but nothing happens
> 
> ps ax shows:
> 
>         29532 pts/3    S+     0:38 MailScanner: waiting for messages
> 
> The Incoming Queue Dir is configured correctly:
> 
> Incoming Queue Dir = /var/spool/postfix/hold
> 
> When I start the job with strace the Mailscanner processs seem to look 
> into the queue directory every 6 seconds:
> 
> [pid 29692] chdir("/var/spool/postfix/hold") = 0
> [pid 29692] open(".", 
O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000) 
> = 9
> [pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
> [pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
> [pid 29692] close(9)                    = 0
> [pid 29692] umask(0177)                 = 077
> [pid 29692] umask(077)                  = 0177
> [pid 29692] time(NULL)                  = 1286540143
> [pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
> [pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
> [pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> [pid 29692] nanosleep({6, 0}, {6, 0})   = 0
> [pid 29692] time(NULL)                  = 1286540149
> [pid 29692] chdir("/var/spool/postfix/hold") = 0
> [pid 29692] open(".", 
O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000) 
> = 9
> [pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
> [pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
> [pid 29692] close(9)                    = 0
> [pid 29692] umask(0177)                 = 077
> [pid 29692] umask(077)                  = 0177
> [pid 29692] time(NULL)                  = 1286540149
> [pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
> [pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
> [pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> [pid 29692] nanosleep({6, 0},
> 
> 
> There are several new messages in the directory /var/spool/postfix/hold 
> but MailScanner does not pick them.
> 
> any idea how to get this to work?
> Previus Version MailScanner-4.52.2 is working fine.
> 
> 
> 
> 
> 
> best regards
> 
> 
> Lars Gierling
> 
> 
> 
> 
> Think before you print
> Diese E-Mail und alle Anh?nge enthalten vertrauliche und/oder rechtlich 
> gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder 

> diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort den 

> Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das 
unerlaubte 
> Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht 
gestattet.
> 
> This e-mail and any attached files may contain confidential and/or 
> privileged information. If you are not the intended recipient (or have 
> received this e-mail by mistake) please notify the sender immediately 
and 
> delete this e-mail. Any unauthorised duplication, disclosure or 
> distribution of this e-mail and content is strictly forbidden. 
> 

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 



Think before you print
Diese E-Mail und alle Anh?nge enthalten vertrauliche und/oder rechtlich 
gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder 
diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort den 
Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das unerlaubte 
Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.

This e-mail and any attached files may contain confidential and/or 
privileged information. If you are not the intended recipient (or have 
received this e-mail by mistake) please notify the sender immediately and 
delete this e-mail. Any unauthorised duplication, disclosure or 
distribution of this e-mail and content is strictly forbidden. 


From ms-list at alexb.ch  Fri Oct  8 14:04:46 2010
From: ms-list at alexb.ch (Alex Broens)
Date: Fri Oct  8 14:04:58 2010
Subject: Mailscanner does not scan mails
In-Reply-To: <OF0A3F8C7A.7D7D450D-ONC12577B6.0045E193-C12577B6.0045FC22@b-w-computer.de>
References: <OF3CA0186D.59B8C44D-ONC12577B6.00429654-C12577B6.00442FCB@b-w-computer.de>	<4CAF0FC7.9030508@alexb.ch>
	<OF0A3F8C7A.7D7D450D-ONC12577B6.0045E193-C12577B6.0045FC22@b-w-computer.de>
Message-ID: <4CAF16EE.4060005@alexb.ch>

At the bottom of your first post:

ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf
ERROR: is not correct, it should match X-VOSSCHEMIE-MailScanner-From

- you've configured MS clamavmodule (not recommended) but it seems you 
also have clamd (recommended)

Alex


On 2010-10-08 14:44, LGi@b-w-computer.de wrote:
> yes, i think permissions are OK
> 
> fw-1 opt # ls -ls /var/spool/postfix/
> total 20
>  0 drwx------  2 postfix root        6 Oct  8 14:40 active
>  0 drwx------  2 postfix root        6 Oct  8 13:41 bounce
>  0 drwx------  2 postfix root        6 Apr  5  2006 corrupt
>  0 drwx------ 18 postfix root      134 Apr 26  2006 defer
>  0 drwx------ 18 postfix root      134 Apr 26  2006 deferred
>  0 drwx------  2 postfix root       45 Oct  1 08:27 flush
> 12 drwx------  2 postfix root     8192 Oct  8 14:42 hold
>  0 drwx------  2 postfix root       61 Oct  8 14:42 incoming
>  0 drwx-wx---  2 postfix postdrop   25 Oct  8 14:07 maildrop
>  4 drwxr-xr-x  2 root    root     4096 Sep  1  2008 pid
>  4 drwx------  2 postfix root     4096 Oct  7 20:05 private
>  0 drwx--x---  2 postfix postdrop   68 Oct  7 20:05 public
>  0 drwx------  2 postfix root        6 Apr  5  2006 saved
>  0 drwx------  2 postfix root       44 Oct  8 13:32 trace
> 
> 
> fw-1 opt # ls -la /var/spool/MailScanner/
> total 8
> drwxr-xr-x  6 postfix postfix   69 Mar  5  2009 .
> drwxr-xr-x  9 root    root      98 Mar  5  2009 ..
> drwxr-xr-x  2 postfix postfix    6 May 11  2006 bayes
> drwxr-xr-x 46 postfix postfix 4096 Oct  8 14:22 incoming
> drwxr-xr-x 34 postfix postfix 4096 Oct  8 05:23 quarantine
> drwx------  2 postfix postfix   58 Apr  7  2006 spamassassin
> 
> 
> 
> 
> Fragen? Kommen Sie jederzeit gerne auf uns zu!
> 
> Herzliche Gr??e aus Hamburg
> b&w computer
> 
> Lars Gierling
> b&w computer 
> Inh.: Michael Papenhagen
> Fangdieckstr. 64
> D-22547 Hamburg | Germany
> Tel:  +49 40 / 49 296 - 0 
> Fax: +49 40 / 49 296 - 100 
> http://www.b-w-computer.de 
> 
> 
> 
> 
> 
> Von:    Alex Broens <ms-list@alexb.ch>
> An:     MailScanner discussion <mailscanner@lists.mailscanner.info>
> Datum:  08.10.2010 14:37
> Betreff:        Re: Mailscanner does not scan mails
> Gesendet von:   mailscanner-bounces@lists.mailscanner.info
> 
> 
> 
> did you check permsisions as per docs?
> MailScanner setup may reset them after running
> 
> h2h
> Alex
> 
> On 2010-10-08 14:24, LGi@b-w-computer.de wrote:
>> I just ugraded to MailScanner-4.81.4-1
>>
>> All seems fine, but it's just not scanning messages.
>> The debug output says:
>>
>>         14:10:29 Building a message batch to scan...
>>
>> but nothing happens
>>
>> ps ax shows:
>>
>>         29532 pts/3    S+     0:38 MailScanner: waiting for messages
>>
>> The Incoming Queue Dir is configured correctly:
>>
>> Incoming Queue Dir = /var/spool/postfix/hold
>>
>> When I start the job with strace the Mailscanner processs seem to look 
>> into the queue directory every 6 seconds:
>>
>> [pid 29692] chdir("/var/spool/postfix/hold") = 0
>> [pid 29692] open(".", 
> O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000) 
>> = 9
>> [pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
>> [pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
>> [pid 29692] close(9)                    = 0
>> [pid 29692] umask(0177)                 = 077
>> [pid 29692] umask(077)                  = 0177
>> [pid 29692] time(NULL)                  = 1286540143
>> [pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
>> [pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
>> [pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
>> [pid 29692] nanosleep({6, 0}, {6, 0})   = 0
>> [pid 29692] time(NULL)                  = 1286540149
>> [pid 29692] chdir("/var/spool/postfix/hold") = 0
>> [pid 29692] open(".", 
> O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000) 
>> = 9
>> [pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
>> [pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
>> [pid 29692] close(9)                    = 0
>> [pid 29692] umask(0177)                 = 077
>> [pid 29692] umask(077)                  = 0177
>> [pid 29692] time(NULL)                  = 1286540149
>> [pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
>> [pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
>> [pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
>> [pid 29692] nanosleep({6, 0},
>>
>>
>> There are several new messages in the directory /var/spool/postfix/hold 
>> but MailScanner does not pick them.
>>
>> any idea how to get this to work?
>> Previus Version MailScanner-4.52.2 is working fine.
>>
>>
>>
>>
>>
>> best regards
>>
>>
>> Lars Gierling
>>
>>
>>
>>
>> Think before you print
>> Diese E-Mail und alle Anh?nge enthalten vertrauliche und/oder rechtlich 
>> gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder 
> 
>> diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort den 
> 
>> Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das 
> unerlaubte 
>> Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht 
> gestattet.
>> This e-mail and any attached files may contain confidential and/or 
>> privileged information. If you are not the intended recipient (or have 
>> received this e-mail by mistake) please notify the sender immediately 
> and 
>> delete this e-mail. Any unauthorised duplication, disclosure or 
>> distribution of this e-mail and content is strictly forbidden. 
>>
> 

From LGi at b-w-computer.de  Fri Oct  8 14:24:28 2010
From: LGi at b-w-computer.de (LGi@b-w-computer.de)
Date: Fri Oct  8 14:24:44 2010
Subject: Antwort: Re: Mailscanner does not scan mails
In-Reply-To: <4CAF16EE.4060005@alexb.ch>
References: <OF3CA0186D.59B8C44D-ONC12577B6.00429654-C12577B6.00442FCB@b-w-computer.de>
	<4CAF0FC7.9030508@alexb.ch>	<OF0A3F8C7A.7D7D450D-ONC12577B6.0045E193-C12577B6.0045FC22@b-w-computer.de>
	<4CAF16EE.4060005@alexb.ch>
Message-ID: <OF014FD343.4DD14DAF-ONC12577B6.004995B8-C12577B6.0049A73D@b-w-computer.de>

fixed that, but no change of behavior


Lars 





mailscanner-bounces@lists.mailscanner.info schrieb am 08.10.2010 15:04:46:

> Von: Alex Broens <ms-list@alexb.ch>
> An: MailScanner discussion <mailscanner@lists.mailscanner.info>
> Datum: 08.10.2010 15:09
> Betreff: Re: Mailscanner does not scan mails
> Gesendet von: mailscanner-bounces@lists.mailscanner.info
> 
> At the bottom of your first post:
> 
> ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf
> ERROR: is not correct, it should match X-VOSSCHEMIE-MailScanner-From
> 
> - you've configured MS clamavmodule (not recommended) but it seems you 
> also have clamd (recommended)
> 
> Alex
> 
> 
> On 2010-10-08 14:44, LGi@b-w-computer.de wrote:
> > yes, i think permissions are OK
> > 
> > fw-1 opt # ls -ls /var/spool/postfix/
> > total 20
> >  0 drwx------  2 postfix root        6 Oct  8 14:40 active
> >  0 drwx------  2 postfix root        6 Oct  8 13:41 bounce
> >  0 drwx------  2 postfix root        6 Apr  5  2006 corrupt
> >  0 drwx------ 18 postfix root      134 Apr 26  2006 defer
> >  0 drwx------ 18 postfix root      134 Apr 26  2006 deferred
> >  0 drwx------  2 postfix root       45 Oct  1 08:27 flush
> > 12 drwx------  2 postfix root     8192 Oct  8 14:42 hold
> >  0 drwx------  2 postfix root       61 Oct  8 14:42 incoming
> >  0 drwx-wx---  2 postfix postdrop   25 Oct  8 14:07 maildrop
> >  4 drwxr-xr-x  2 root    root     4096 Sep  1  2008 pid
> >  4 drwx------  2 postfix root     4096 Oct  7 20:05 private
> >  0 drwx--x---  2 postfix postdrop   68 Oct  7 20:05 public
> >  0 drwx------  2 postfix root        6 Apr  5  2006 saved
> >  0 drwx------  2 postfix root       44 Oct  8 13:32 trace
> > 
> > 
> > fw-1 opt # ls -la /var/spool/MailScanner/
> > total 8
> > drwxr-xr-x  6 postfix postfix   69 Mar  5  2009 .
> > drwxr-xr-x  9 root    root      98 Mar  5  2009 ..
> > drwxr-xr-x  2 postfix postfix    6 May 11  2006 bayes
> > drwxr-xr-x 46 postfix postfix 4096 Oct  8 14:22 incoming
> > drwxr-xr-x 34 postfix postfix 4096 Oct  8 05:23 quarantine
> > drwx------  2 postfix postfix   58 Apr  7  2006 spamassassin
> > 
> > 
> > 
> > 
> > Fragen? Kommen Sie jederzeit gerne auf uns zu!
> > 
> > Herzliche Gr??e aus Hamburg
> > b&w computer
> > 
> > Lars Gierling
> > b&w computer 
> > Inh.: Michael Papenhagen
> > Fangdieckstr. 64
> > D-22547 Hamburg | Germany
> > Tel:  +49 40 / 49 296 - 0 
> > Fax: +49 40 / 49 296 - 100 
> > http://www.b-w-computer.de 
> > 
> > 
> > 
> > 
> > 
> > Von:    Alex Broens <ms-list@alexb.ch>
> > An:     MailScanner discussion <mailscanner@lists.mailscanner.info>
> > Datum:  08.10.2010 14:37
> > Betreff:        Re: Mailscanner does not scan mails
> > Gesendet von:   mailscanner-bounces@lists.mailscanner.info
> > 
> > 
> > 
> > did you check permsisions as per docs?
> > MailScanner setup may reset them after running
> > 
> > h2h
> > Alex
> > 
> > On 2010-10-08 14:24, LGi@b-w-computer.de wrote:
> >> I just ugraded to MailScanner-4.81.4-1
> >>
> >> All seems fine, but it's just not scanning messages.
> >> The debug output says:
> >>
> >>         14:10:29 Building a message batch to scan...
> >>
> >> but nothing happens
> >>
> >> ps ax shows:
> >>
> >>         29532 pts/3    S+     0:38 MailScanner: waiting for messages
> >>
> >> The Incoming Queue Dir is configured correctly:
> >>
> >> Incoming Queue Dir = /var/spool/postfix/hold
> >>
> >> When I start the job with strace the Mailscanner processs seem to 
look 
> >> into the queue directory every 6 seconds:
> >>
> >> [pid 29692] chdir("/var/spool/postfix/hold") = 0
> >> [pid 29692] open(".", 
> > O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000) 
> >> = 9
> >> [pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
> >> [pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
> >> [pid 29692] close(9)                    = 0
> >> [pid 29692] umask(0177)                 = 077
> >> [pid 29692] umask(077)                  = 0177
> >> [pid 29692] time(NULL)                  = 1286540143
> >> [pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
> >> [pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
> >> [pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> >> [pid 29692] nanosleep({6, 0}, {6, 0})   = 0
> >> [pid 29692] time(NULL)                  = 1286540149
> >> [pid 29692] chdir("/var/spool/postfix/hold") = 0
> >> [pid 29692] open(".", 
> > O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000) 
> >> = 9
> >> [pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
> >> [pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
> >> [pid 29692] close(9)                    = 0
> >> [pid 29692] umask(0177)                 = 077
> >> [pid 29692] umask(077)                  = 0177
> >> [pid 29692] time(NULL)                  = 1286540149
> >> [pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
> >> [pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
> >> [pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> >> [pid 29692] nanosleep({6, 0},
> >>
> >>
> >> There are several new messages in the directory 
/var/spool/postfix/hold 
> >> but MailScanner does not pick them.
> >>
> >> any idea how to get this to work?
> >> Previus Version MailScanner-4.52.2 is working fine.
> >>
> >>
> >>
> >>
> >>
> >> best regards
> >>
> >>
> >> Lars Gierling
> >>
> >>
> >>
> >>
> >> Think before you print
> >> Diese E-Mail und alle Anh?nge enthalten vertrauliche und/oder 
rechtlich 
> >> gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind 
oder 
> > 
> >> diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort 
den 
> > 
> >> Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das 
> > unerlaubte 
> >> Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht 
> > gestattet.
> >> This e-mail and any attached files may contain confidential and/or 
> >> privileged information. If you are not the intended recipient (or 
have 
> >> received this e-mail by mistake) please notify the sender immediately 

> > and 
> >> delete this e-mail. Any unauthorised duplication, disclosure or 
> >> distribution of this e-mail and content is strictly forbidden. 
> >>
> > 
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 


Think before you print
Diese E-Mail und alle Anh?nge enthalten vertrauliche und/oder rechtlich 
gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder 
diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort den 
Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das unerlaubte 
Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.

This e-mail and any attached files may contain confidential and/or 
privileged information. If you are not the intended recipient (or have 
received this e-mail by mistake) please notify the sender immediately and 
delete this e-mail. Any unauthorised duplication, disclosure or 
distribution of this e-mail and content is strictly forbidden. 

-------------- next part --------------
fw-1 opt # /opt/MailScanner/bin/MailScanner --lint
Trying to setlogsock(unix)

Reading configuration file /opt/MailScanner/etc/MailScanner.conf
Reading configuration file /opt/MailScanner/etc/conf.d/README
Read 865 hostnames from the phishing whitelist
Read 5718 hostnames from the phishing blacklists

Checking version numbers...
Version number in MailScanner.conf (4.81.4) is correct.

Your envelope_sender_header in spam.assassin.prefs.conf is correct.
MailScanner setting GID to  (207)
MailScanner setting UID to  (207)

Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Connected to Processing Attempts Database
Created Processing Attempts Database successfully
There are 0 messages in the Processing Attempts Database
lock.pl sees Config  LockType =  posix
lock.pl sees have_module =  0
Using locktype = posix
MailScanner.conf says "Virus Scanners = clamd"
Debug Mode Is On
Use Threads : NO
Socket    : /var/run/clamav/clamd.sock
IP        : Using Sockets
Lock File : NOT USED
Time Out  : 300
Scan Dir  : /var/spool/MailScanner/incoming/32727/ISITINSTALLED
Clamd : Sending PING
Clamd : GOT 'PONG'
ClamD is running

Found these virus scanners installed: clamavmodule, clamd
===========================================================================
Created attachment dirs for 1 messages
Looked up unknown string nonpasswordedarchive in language translation file /opt/MailScanner/etc/vosschemie-reports/de/languages.conf at /opt/MailScanner/lib/MailScanner/Config.pm line 1372
Filename Checks: Windows/DOS Executable (1 eicar.com)
Completed checking by /usr/bin/file
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Commencing scanning by clamd...
Debug Mode Is On
Use Threads : NO
Socket    : /var/run/clamav/clamd.sock
IP        : Using Sockets
Lock File : NOT USED
Time Out  : 300
Scan Dir  : /var/spool/MailScanner/incoming/32727
Clamd : Sending PING
Clamd : GOT 'PONG'
ClamD is running

SENT : CONTSCAN /var/spool/MailScanner/incoming/32727
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
Completed scanning by clamd
Virus Scanning: Clamd found 2 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 2 viruses
===========================================================================
Virus Scanner test reports:
Clamd said "eicar.com was infected: Eicar-Test-Signature"

If any of your virus scanners (clamavmodule,clamd)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
From lhaig at haigmail.com  Fri Oct  8 14:10:54 2010
From: lhaig at haigmail.com (Lance Haig)
Date: Fri Oct  8 14:48:18 2010
Subject: example database structure for rules and configs
In-Reply-To: <AF3B610E0140EA4C9D8C9D50ECF75D9201BFD726B84B@galvatron>
References: <AF3B610E0140EA4C9D8C9D50ECF75D9201BFD726B495@galvatron>	<AF3B610E0140EA4C9D8C9D50ECF75D9201BFD72BC450@galvatron>	<4CADF094.2010909@fsl.com>
	<AF3B610E0140EA4C9D8C9D50ECF75D9201BFD726B84B@galvatron>
Message-ID: <4CAF185E.1060103@haigmail.com>

  Hi Steve,

does this apply to rules as well?


Regards

Lance


--
This message was scanned by Better Hosted and is believed to be clean.
http://www.betterhosted.com

From ms-list at alexb.ch  Fri Oct  8 15:10:33 2010
From: ms-list at alexb.ch (Alex Broens)
Date: Fri Oct  8 15:10:46 2010
Subject: Antwort: Re: Mailscanner does not scan mails
In-Reply-To: <OF014FD343.4DD14DAF-ONC12577B6.004995B8-C12577B6.0049A73D@b-w-computer.de>
References: <OF3CA0186D.59B8C44D-ONC12577B6.00429654-C12577B6.00442FCB@b-w-computer.de>	<4CAF0FC7.9030508@alexb.ch>	<OF0A3F8C7A.7D7D450D-ONC12577B6.0045E193-C12577B6.0045FC22@b-w-computer.de>	<4CAF16EE.4060005@alexb.ch>
	<OF014FD343.4DD14DAF-ONC12577B6.004995B8-C12577B6.0049A73D@b-w-computer.de>
Message-ID: <4CAF2659.4060309@alexb.ch>

shot in the dark...

if you feel MS is always trying to access the same msg, raise the time 
between scans

if not, I'm stumped..

Where's Glen Steen when we need him?



On 2010-10-08 15:24, LGi@b-w-computer.de wrote:
> fixed that, but no change of behavior
> 
> 
> Lars 
> 
> 
> 
> 
> 
> mailscanner-bounces@lists.mailscanner.info schrieb am 08.10.2010 15:04:46:
> 
>> Von: Alex Broens <ms-list@alexb.ch>
>> An: MailScanner discussion <mailscanner@lists.mailscanner.info>
>> Datum: 08.10.2010 15:09
>> Betreff: Re: Mailscanner does not scan mails
>> Gesendet von: mailscanner-bounces@lists.mailscanner.info
>>
>> At the bottom of your first post:
>>
>> ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf
>> ERROR: is not correct, it should match X-VOSSCHEMIE-MailScanner-From
>>
>> - you've configured MS clamavmodule (not recommended) but it seems you 
>> also have clamd (recommended)
>>
>> Alex
>>
>>
>> On 2010-10-08 14:44, LGi@b-w-computer.de wrote:
>>> yes, i think permissions are OK
>>>
>>> fw-1 opt # ls -ls /var/spool/postfix/
>>> total 20
>>>  0 drwx------  2 postfix root        6 Oct  8 14:40 active
>>>  0 drwx------  2 postfix root        6 Oct  8 13:41 bounce
>>>  0 drwx------  2 postfix root        6 Apr  5  2006 corrupt
>>>  0 drwx------ 18 postfix root      134 Apr 26  2006 defer
>>>  0 drwx------ 18 postfix root      134 Apr 26  2006 deferred
>>>  0 drwx------  2 postfix root       45 Oct  1 08:27 flush
>>> 12 drwx------  2 postfix root     8192 Oct  8 14:42 hold
>>>  0 drwx------  2 postfix root       61 Oct  8 14:42 incoming
>>>  0 drwx-wx---  2 postfix postdrop   25 Oct  8 14:07 maildrop
>>>  4 drwxr-xr-x  2 root    root     4096 Sep  1  2008 pid
>>>  4 drwx------  2 postfix root     4096 Oct  7 20:05 private
>>>  0 drwx--x---  2 postfix postdrop   68 Oct  7 20:05 public
>>>  0 drwx------  2 postfix root        6 Apr  5  2006 saved
>>>  0 drwx------  2 postfix root       44 Oct  8 13:32 trace
>>>
>>>
>>> fw-1 opt # ls -la /var/spool/MailScanner/
>>> total 8
>>> drwxr-xr-x  6 postfix postfix   69 Mar  5  2009 .
>>> drwxr-xr-x  9 root    root      98 Mar  5  2009 ..
>>> drwxr-xr-x  2 postfix postfix    6 May 11  2006 bayes
>>> drwxr-xr-x 46 postfix postfix 4096 Oct  8 14:22 incoming
>>> drwxr-xr-x 34 postfix postfix 4096 Oct  8 05:23 quarantine
>>> drwx------  2 postfix postfix   58 Apr  7  2006 spamassassin
>>>
>>>
>>>
>>>
>>> Fragen? Kommen Sie jederzeit gerne auf uns zu!
>>>
>>> Herzliche Gr??e aus Hamburg
>>> b&w computer
>>>
>>> Lars Gierling
>>> b&w computer 
>>> Inh.: Michael Papenhagen
>>> Fangdieckstr. 64
>>> D-22547 Hamburg | Germany
>>> Tel:  +49 40 / 49 296 - 0 
>>> Fax: +49 40 / 49 296 - 100 
>>> http://www.b-w-computer.de 
>>>
>>>
>>>
>>>
>>>
>>> Von:    Alex Broens <ms-list@alexb.ch>
>>> An:     MailScanner discussion <mailscanner@lists.mailscanner.info>
>>> Datum:  08.10.2010 14:37
>>> Betreff:        Re: Mailscanner does not scan mails
>>> Gesendet von:   mailscanner-bounces@lists.mailscanner.info
>>>
>>>
>>>
>>> did you check permsisions as per docs?
>>> MailScanner setup may reset them after running
>>>
>>> h2h
>>> Alex
>>>
>>> On 2010-10-08 14:24, LGi@b-w-computer.de wrote:
>>>> I just ugraded to MailScanner-4.81.4-1
>>>>
>>>> All seems fine, but it's just not scanning messages.
>>>> The debug output says:
>>>>
>>>>         14:10:29 Building a message batch to scan...
>>>>
>>>> but nothing happens
>>>>
>>>> ps ax shows:
>>>>
>>>>         29532 pts/3    S+     0:38 MailScanner: waiting for messages
>>>>
>>>> The Incoming Queue Dir is configured correctly:
>>>>
>>>> Incoming Queue Dir = /var/spool/postfix/hold
>>>>
>>>> When I start the job with strace the Mailscanner processs seem to 
> look 
>>>> into the queue directory every 6 seconds:
>>>>
>>>> [pid 29692] chdir("/var/spool/postfix/hold") = 0
>>>> [pid 29692] open(".", 
>>> O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000) 
>>>> = 9
>>>> [pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
>>>> [pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
>>>> [pid 29692] close(9)                    = 0
>>>> [pid 29692] umask(0177)                 = 077
>>>> [pid 29692] umask(077)                  = 0177
>>>> [pid 29692] time(NULL)                  = 1286540143
>>>> [pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
>>>> [pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
>>>> [pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
>>>> [pid 29692] nanosleep({6, 0}, {6, 0})   = 0
>>>> [pid 29692] time(NULL)                  = 1286540149
>>>> [pid 29692] chdir("/var/spool/postfix/hold") = 0
>>>> [pid 29692] open(".", 
>>> O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000) 
>>>> = 9
>>>> [pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
>>>> [pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
>>>> [pid 29692] close(9)                    = 0
>>>> [pid 29692] umask(0177)                 = 077
>>>> [pid 29692] umask(077)                  = 0177
>>>> [pid 29692] time(NULL)                  = 1286540149
>>>> [pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
>>>> [pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
>>>> [pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
>>>> [pid 29692] nanosleep({6, 0},
>>>>
>>>>
>>>> There are several new messages in the directory 
> /var/spool/postfix/hold 
>>>> but MailScanner does not pick them.
>>>>
>>>> any idea how to get this to work?
>>>> Previus Version MailScanner-4.52.2 is working fine.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> best regards
>>>>
>>>>
>>>> Lars Gierling
>>>>
>>>>
>>>>
>>>>
>>>> Think before you print
>>>> Diese E-Mail und alle Anh?nge enthalten vertrauliche und/oder 
> rechtlich 
>>>> gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind 
> oder 
>>>> diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort 
> den 
>>>> Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das 
>>> unerlaubte 
>>>> Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht 
>>> gestattet.
>>>> This e-mail and any attached files may contain confidential and/or 
>>>> privileged information. If you are not the intended recipient (or 
> have 
>>>> received this e-mail by mistake) please notify the sender immediately 
> 
>>> and 
>>>> delete this e-mail. Any unauthorised duplication, disclosure or 
>>>> distribution of this e-mail and content is strictly forbidden. 
>>>>
>> -- 
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website! 
> 
> 
> Think before you print
> Diese E-Mail und alle Anh?nge enthalten vertrauliche und/oder rechtlich 
> gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder 
> diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort den 
> Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das unerlaubte 
> Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.
> 
> This e-mail and any attached files may contain confidential and/or 
> privileged information. If you are not the intended recipient (or have 
> received this e-mail by mistake) please notify the sender immediately and 
> delete this e-mail. Any unauthorised duplication, disclosure or 
> distribution of this e-mail and content is strictly forbidden. 
> 

From LGi at b-w-computer.de  Fri Oct  8 15:22:20 2010
From: LGi at b-w-computer.de (LGi@b-w-computer.de)
Date: Fri Oct  8 15:22:29 2010
Subject: Antwort: Re: Antwort: Re: Mailscanner does not scan mails
In-Reply-To: <4CAF2659.4060309@alexb.ch>
References: <OF3CA0186D.59B8C44D-ONC12577B6.00429654-C12577B6.00442FCB@b-w-computer.de>
	<4CAF0FC7.9030508@alexb.ch>	<OF0A3F8C7A.7D7D450D-ONC12577B6.0045E193-C12577B6.0045FC22@b-w-computer.de>
	<4CAF16EE.4060005@alexb.ch>	<OF014FD343.4DD14DAF-ONC12577B6.004995B8-C12577B6.0049A73D@b-w-computer.de>
	<4CAF2659.4060309@alexb.ch>
Message-ID: <OFDEEC147E.0FE88A02-ONC12577B6.004EA0DA-C12577B6.004EF319@b-w-computer.de>

testet with 30s - no success .-(

Lars 



Von:    Alex Broens <ms-list@alexb.ch>
An:     MailScanner discussion <mailscanner@lists.mailscanner.info>
Datum:  08.10.2010 16:14
Betreff:        Re: Antwort: Re: Mailscanner does not scan mails
Gesendet von:   mailscanner-bounces@lists.mailscanner.info



shot in the dark...

if you feel MS is always trying to access the same msg, raise the time 
between scans

if not, I'm stumped..

Where's Glen Steen when we need him?



On 2010-10-08 15:24, LGi@b-w-computer.de wrote:
> fixed that, but no change of behavior
> 
> 
> Lars 
> 
> 
> 
> 
> 
> mailscanner-bounces@lists.mailscanner.info schrieb am 08.10.2010 
15:04:46:
> 
>> Von: Alex Broens <ms-list@alexb.ch>
>> An: MailScanner discussion <mailscanner@lists.mailscanner.info>
>> Datum: 08.10.2010 15:09
>> Betreff: Re: Mailscanner does not scan mails
>> Gesendet von: mailscanner-bounces@lists.mailscanner.info
>>
>> At the bottom of your first post:
>>
>> ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf
>> ERROR: is not correct, it should match X-VOSSCHEMIE-MailScanner-From
>>
>> - you've configured MS clamavmodule (not recommended) but it seems you 
>> also have clamd (recommended)
>>
>> Alex
>>
>>
>> On 2010-10-08 14:44, LGi@b-w-computer.de wrote:
>>> yes, i think permissions are OK
>>>
>>> fw-1 opt # ls -ls /var/spool/postfix/
>>> total 20
>>>  0 drwx------  2 postfix root        6 Oct  8 14:40 active
>>>  0 drwx------  2 postfix root        6 Oct  8 13:41 bounce
>>>  0 drwx------  2 postfix root        6 Apr  5  2006 corrupt
>>>  0 drwx------ 18 postfix root      134 Apr 26  2006 defer
>>>  0 drwx------ 18 postfix root      134 Apr 26  2006 deferred
>>>  0 drwx------  2 postfix root       45 Oct  1 08:27 flush
>>> 12 drwx------  2 postfix root     8192 Oct  8 14:42 hold
>>>  0 drwx------  2 postfix root       61 Oct  8 14:42 incoming
>>>  0 drwx-wx---  2 postfix postdrop   25 Oct  8 14:07 maildrop
>>>  4 drwxr-xr-x  2 root    root     4096 Sep  1  2008 pid
>>>  4 drwx------  2 postfix root     4096 Oct  7 20:05 private
>>>  0 drwx--x---  2 postfix postdrop   68 Oct  7 20:05 public
>>>  0 drwx------  2 postfix root        6 Apr  5  2006 saved
>>>  0 drwx------  2 postfix root       44 Oct  8 13:32 trace
>>>
>>>
>>> fw-1 opt # ls -la /var/spool/MailScanner/
>>> total 8
>>> drwxr-xr-x  6 postfix postfix   69 Mar  5  2009 .
>>> drwxr-xr-x  9 root    root      98 Mar  5  2009 ..
>>> drwxr-xr-x  2 postfix postfix    6 May 11  2006 bayes
>>> drwxr-xr-x 46 postfix postfix 4096 Oct  8 14:22 incoming
>>> drwxr-xr-x 34 postfix postfix 4096 Oct  8 05:23 quarantine
>>> drwx------  2 postfix postfix   58 Apr  7  2006 spamassassin
>>>
>>>
>>>
>>>
>>> Fragen? Kommen Sie jederzeit gerne auf uns zu!
>>>
>>> Herzliche Gr??e aus Hamburg
>>> b&w computer
>>>
>>> Lars Gierling
>>> b&w computer 
>>> Inh.: Michael Papenhagen
>>> Fangdieckstr. 64
>>> D-22547 Hamburg | Germany
>>> Tel:  +49 40 / 49 296 - 0 
>>> Fax: +49 40 / 49 296 - 100 
>>> http://www.b-w-computer.de 
>>>
>>>
>>>
>>>
>>>
>>> Von:    Alex Broens <ms-list@alexb.ch>
>>> An:     MailScanner discussion <mailscanner@lists.mailscanner.info>
>>> Datum:  08.10.2010 14:37
>>> Betreff:        Re: Mailscanner does not scan mails
>>> Gesendet von:   mailscanner-bounces@lists.mailscanner.info
>>>
>>>
>>>
>>> did you check permsisions as per docs?
>>> MailScanner setup may reset them after running
>>>
>>> h2h
>>> Alex
>>>
>>> On 2010-10-08 14:24, LGi@b-w-computer.de wrote:
>>>> I just ugraded to MailScanner-4.81.4-1
>>>>
>>>> All seems fine, but it's just not scanning messages.
>>>> The debug output says:
>>>>
>>>>         14:10:29 Building a message batch to scan...
>>>>
>>>> but nothing happens
>>>>
>>>> ps ax shows:
>>>>
>>>>         29532 pts/3    S+     0:38 MailScanner: waiting for messages
>>>>
>>>> The Incoming Queue Dir is configured correctly:
>>>>
>>>> Incoming Queue Dir = /var/spool/postfix/hold
>>>>
>>>> When I start the job with strace the Mailscanner processs seem to 
> look 
>>>> into the queue directory every 6 seconds:
>>>>
>>>> [pid 29692] chdir("/var/spool/postfix/hold") = 0
>>>> [pid 29692] open(".", 
>>> O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000) 
>>>> = 9
>>>> [pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
>>>> [pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
>>>> [pid 29692] close(9)                    = 0
>>>> [pid 29692] umask(0177)                 = 077
>>>> [pid 29692] umask(077)                  = 0177
>>>> [pid 29692] time(NULL)                  = 1286540143
>>>> [pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
>>>> [pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
>>>> [pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
>>>> [pid 29692] nanosleep({6, 0}, {6, 0})   = 0
>>>> [pid 29692] time(NULL)                  = 1286540149
>>>> [pid 29692] chdir("/var/spool/postfix/hold") = 0
>>>> [pid 29692] open(".", 
>>> O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000) 
>>>> = 9
>>>> [pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
>>>> [pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
>>>> [pid 29692] close(9)                    = 0
>>>> [pid 29692] umask(0177)                 = 077
>>>> [pid 29692] umask(077)                  = 0177
>>>> [pid 29692] time(NULL)                  = 1286540149
>>>> [pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
>>>> [pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
>>>> [pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
>>>> [pid 29692] nanosleep({6, 0},
>>>>
>>>>
>>>> There are several new messages in the directory 
> /var/spool/postfix/hold 
>>>> but MailScanner does not pick them.
>>>>
>>>> any idea how to get this to work?
>>>> Previus Version MailScanner-4.52.2 is working fine.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> best regards
>>>>
>>>>
>>>> Lars Gierling
>>>>
>>>>
>>>>
>>>>
>>>> Think before you print
>>>> Diese E-Mail und alle Anh?nge enthalten vertrauliche und/oder 
> rechtlich 
>>>> gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind 
> oder 
>>>> diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort 
> den 
>>>> Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das 
>>> unerlaubte 
>>>> Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht 
>>> gestattet.
>>>> This e-mail and any attached files may contain confidential and/or 
>>>> privileged information. If you are not the intended recipient (or 
> have 
>>>> received this e-mail by mistake) please notify the sender immediately 

> 
>>> and 
>>>> delete this e-mail. Any unauthorised duplication, disclosure or 
>>>> distribution of this e-mail and content is strictly forbidden. 
>>>>
>> -- 
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website! 
> 
> 
> Think before you print
> Diese E-Mail und alle Anh?nge enthalten vertrauliche und/oder rechtlich 
> gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder 

> diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort den 

> Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das 
unerlaubte 
> Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht 
gestattet.
> 
> This e-mail and any attached files may contain confidential and/or 
> privileged information. If you are not the intended recipient (or have 
> received this e-mail by mistake) please notify the sender immediately 
and 
> delete this e-mail. Any unauthorised duplication, disclosure or 
> distribution of this e-mail and content is strictly forbidden. 
> 

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 



Think before you print
Diese E-Mail und alle Anh?nge enthalten vertrauliche und/oder rechtlich 
gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder 
diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort den 
Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das unerlaubte 
Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.

This e-mail and any attached files may contain confidential and/or 
privileged information. If you are not the intended recipient (or have 
received this e-mail by mistake) please notify the sender immediately and 
delete this e-mail. Any unauthorised duplication, disclosure or 
distribution of this e-mail and content is strictly forbidden. 


From maxsec at gmail.com  Fri Oct  8 16:07:15 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Fri Oct  8 16:07:27 2010
Subject: Mailscanner does not scan mails
In-Reply-To: <OF3CA0186D.59B8C44D-ONC12577B6.00429654-C12577B6.00442FCB@b-w-computer.de>
References: <OF3CA0186D.59B8C44D-ONC12577B6.00429654-C12577B6.00442FCB@b-w-computer.de>
Message-ID: <AANLkTin0BdXWbcerHTJA4dHLkg6WFAc4PMKw5=nump7Y@mail.gmail.com>

 how did you upgrade - jump from 4.55 to 4.81 is a big one...did you check
all the settings are still correct in the merges MailScanner.conf?


-- 
Martin Hepworth
Oxford, UK


On 8 October 2010 13:24, <LGi@b-w-computer.de> wrote:

> I just ugraded to MailScanner-4.81.4-1
>
> All seems fine, but it's just not scanning messages.
> The debug output says:
>
>        14:10:29 Building a message batch to scan...
>
> but nothing happens
>
> ps ax shows:
>
>        29532 pts/3    S+     0:38 MailScanner: waiting for messages
>
> The Incoming Queue Dir is configured correctly:
>
> Incoming Queue Dir = /var/spool/postfix/hold
>
> When I start the job with strace the Mailscanner processs seem to look
> into the queue directory every 6 seconds:
>
> [pid 29692] chdir("/var/spool/postfix/hold") = 0
> [pid 29692] open(".", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000)
> = 9
> [pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
> [pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
> [pid 29692] close(9)                    = 0
> [pid 29692] umask(0177)                 = 077
> [pid 29692] umask(077)                  = 0177
> [pid 29692] time(NULL)                  = 1286540143
> [pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
> [pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
> [pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> [pid 29692] nanosleep({6, 0}, {6, 0})   = 0
> [pid 29692] time(NULL)                  = 1286540149
> [pid 29692] chdir("/var/spool/postfix/hold") = 0
> [pid 29692] open(".", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000)
> = 9
> [pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
> [pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
> [pid 29692] close(9)                    = 0
> [pid 29692] umask(0177)                 = 077
> [pid 29692] umask(077)                  = 0177
> [pid 29692] time(NULL)                  = 1286540149
> [pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
> [pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
> [pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> [pid 29692] nanosleep({6, 0},
>
>
> There are several new messages in the directory /var/spool/postfix/hold
> but MailScanner does not pick them.
>
> any idea how to get this to work?
> Previus Version MailScanner-4.52.2 is working fine.
>
>
>
>
>
> best regards
>
>
> Lars Gierling
>
>
>
>
> Think before you print
> Diese E-Mail und alle Anh?nge enthalten vertrauliche und/oder rechtlich
> gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder
> diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort den
> Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das unerlaubte
> Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.
>
> This e-mail and any attached files may contain confidential and/or
> privileged information. If you are not the intended recipient (or have
> received this e-mail by mistake) please notify the sender immediately and
> delete this e-mail. Any unauthorised duplication, disclosure or
> distribution of this e-mail and content is strictly forbidden.
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101008/464dc5cb/attachment.html
From LGi at b-w-computer.de  Fri Oct  8 16:20:58 2010
From: LGi at b-w-computer.de (LGi@b-w-computer.de)
Date: Fri Oct  8 16:21:08 2010
Subject: Mailscanner does not scan mails
In-Reply-To: <AANLkTin0BdXWbcerHTJA4dHLkg6WFAc4PMKw5=nump7Y@mail.gmail.com>
References: <OF3CA0186D.59B8C44D-ONC12577B6.00429654-C12577B6.00442FCB@b-w-computer.de>
	<AANLkTin0BdXWbcerHTJA4dHLkg6WFAc4PMKw5=nump7Y@mail.gmail.com>
Message-ID: <OF836E3E7E.69DEC618-ONC12577B6.005419C9-C12577B6.0054520B@b-w-computer.de>

I updated the new MailScanner.conf manually with the settings from the old 
one.


Fragen? Kommen Sie jederzeit gerne auf uns zu!

Herzliche Gr??e aus Hamburg
b&w computer

Lars Gierling
b&w computer 
Inh.: Michael Papenhagen
Fangdieckstr. 64
D-22547 Hamburg | Germany
Tel:  +49 40 / 49 296 - 0 
Fax: +49 40 / 49 296 - 100 
http://www.b-w-computer.de 





Von:    Martin Hepworth <maxsec@gmail.com>
An:     MailScanner discussion <mailscanner@lists.mailscanner.info>
Datum:  08.10.2010 17:13
Betreff:        Re: Mailscanner does not scan mails
Gesendet von:   mailscanner-bounces@lists.mailscanner.info



 how did you upgrade - jump from 4.55 to 4.81 is a big one...did you check 
all the settings are still correct in the merges MailScanner.conf?


-- 
Martin Hepworth
Oxford, UK


On 8 October 2010 13:24, <LGi@b-w-computer.de> wrote:
I just ugraded to MailScanner-4.81.4-1

All seems fine, but it's just not scanning messages.
The debug output says:

       14:10:29 Building a message batch to scan...

but nothing happens

ps ax shows:

       29532 pts/3    S+     0:38 MailScanner: waiting for messages

The Incoming Queue Dir is configured correctly:

Incoming Queue Dir = /var/spool/postfix/hold

When I start the job with strace the Mailscanner processs seem to look
into the queue directory every 6 seconds:

[pid 29692] chdir("/var/spool/postfix/hold") = 0
[pid 29692] open(".", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000)
= 9
[pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
[pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
[pid 29692] close(9)                    = 0
[pid 29692] umask(0177)                 = 077
[pid 29692] umask(077)                  = 0177
[pid 29692] time(NULL)                  = 1286540143
[pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
[pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
[pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 29692] nanosleep({6, 0}, {6, 0})   = 0
[pid 29692] time(NULL)                  = 1286540149
[pid 29692] chdir("/var/spool/postfix/hold") = 0
[pid 29692] open(".", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000)
= 9
[pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
[pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
[pid 29692] close(9)                    = 0
[pid 29692] umask(0177)                 = 077
[pid 29692] umask(077)                  = 0177
[pid 29692] time(NULL)                  = 1286540149
[pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
[pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
[pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 29692] nanosleep({6, 0},


There are several new messages in the directory /var/spool/postfix/hold
but MailScanner does not pick them.

any idea how to get this to work?
Previus Version MailScanner-4.52.2 is working fine.





best regards


Lars Gierling




Think before you print
Diese E-Mail und alle Anh?nge enthalten vertrauliche und/oder rechtlich
gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder
diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort den
Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das unerlaubte
Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.

This e-mail and any attached files may contain confidential and/or
privileged information. If you are not the intended recipient (or have
received this e-mail by mistake) please notify the sender immediately and
delete this e-mail. Any unauthorised duplication, disclosure or
distribution of this e-mail and content is strictly forbidden.


--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 



Think before you print
Diese E-Mail und alle Anh?nge enthalten vertrauliche und/oder rechtlich 
gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder 
diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort den 
Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das unerlaubte 
Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.

This e-mail and any attached files may contain confidential and/or 
privileged information. If you are not the intended recipient (or have 
received this e-mail by mistake) please notify the sender immediately and 
delete this e-mail. Any unauthorised duplication, disclosure or 
distribution of this e-mail and content is strictly forbidden. 


From steve.freegard at fsl.com  Sat Oct  9 11:13:44 2010
From: steve.freegard at fsl.com (Steve Freegard)
Date: Sat Oct  9 11:13:56 2010
Subject: example database structure for rules and configs
In-Reply-To: <4CAF185E.1060103@haigmail.com>
References: <AF3B610E0140EA4C9D8C9D50ECF75D9201BFD726B495@galvatron>	<AF3B610E0140EA4C9D8C9D50ECF75D9201BFD72BC450@galvatron>	<4CADF094.2010909@fsl.com>	<AF3B610E0140EA4C9D8C9D50ECF75D9201BFD726B84B@galvatron>
	<4CAF185E.1060103@haigmail.com>
Message-ID: <4CB04058.8000605@fsl.com>

On 08/10/10 14:10, Lance Haig wrote:
> Hi Steve,
>
> does this apply to rules as well?
>
>

Rules are a bit different.

You need a database table 'rulesets' in the following format:

name
num
rule

In MailScanner.conf you need to set:

SQL Ruleset = SELECT num, rule FROM rulesets WHERE name=? ORDER BY num ASC

Then for any option in the 'config' table you want to use a database 
ruleset for you set the value to 'name.customize' (e.g. foo.customize). 
  This will cause the functions to lookup the ruleset using the name 'foo'.

Note that the number ordering is critical; you want to make sure that 
you don't have any duplicates for a given rule (read: use a unique key) 
and that you order them properly.

Regards,
Steve.
From lhaig at haigmail.com  Sat Oct  9 12:30:24 2010
From: lhaig at haigmail.com (Lance Haig)
Date: Sat Oct  9 12:32:06 2010
Subject: example database structure for rules and configs
Message-ID: <fy52mmvki300emtavxersysy.1286623824728@email.android.com>

Thanks Steve 

Steve Freegard <steve.freegard@fsl.com> wrote:

>On 08/10/10 14:10, Lance Haig wrote:
>> Hi Steve,
>>
>> does this apply to rules as well?
>>
>>
>
>Rules are a bit different.
>
>You need a database table 'rulesets' in the following format:
>
>name
>num
>rule
>
>In MailScanner.conf you need to set:
>
>SQL Ruleset = SELECT num, rule FROM rulesets WHERE name=? ORDER BY num ASC
>
>Then for any option in the 'config' table you want to use a database 
>ruleset for you set the value to 'name.customize' (e.g. foo.customize). 
>  This will cause the functions to lookup the ruleset using the name 'foo'.
>
>Note that the number ordering is critical; you want to make sure that 
>you don't have any duplicates for a given rule (read: use a unique key) 
>and that you order them properly.
>
>Regards,
>Steve.
>-- 
>MailScanner mailing list
>mailscanner@lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>Before posting, read http://wiki.mailscanner.info/posting
>
>Support MailScanner development - buy the book off the website! 
>
>--
>This message was scanned by Better Hosted and is believed to be clean.
>Click here to report this message as spam. 
>http://mx1.betterhosted.com/cgi-bin/learn-msg.cgi?id=1552A9F9D6.A2735
>
>

--
This message was scanned by Better Hosted and is believed to be clean.
http://www.betterhosted.com

From glenn.steen at gmail.com  Sat Oct  9 15:15:26 2010
From: glenn.steen at gmail.com (Glenn Steen)
Date: Sat Oct  9 15:21:12 2010
Subject: Antwort: Re: Mailscanner does not scan mails
In-Reply-To: <4CAF2659.4060309@alexb.ch>
References: <OF3CA0186D.59B8C44D-ONC12577B6.00429654-C12577B6.00442FCB@b-w-computer.de>
	<4CAF0FC7.9030508@alexb.ch>
	<OF0A3F8C7A.7D7D450D-ONC12577B6.0045E193-C12577B6.0045FC22@b-w-computer.de>
	<4CAF16EE.4060005@alexb.ch>
	<OF014FD343.4DD14DAF-ONC12577B6.004995B8-C12577B6.0049A73D@b-w-computer.de>
	<4CAF2659.4060309@alexb.ch>
Message-ID: <AANLkTi=TzFhvA4G5DsN+yMWbOCPdOpVcNjZC+r3dPpGN@mail.gmail.com>

At the time, I was either on the train or at home sampling a nice pinotage...:-)

it sounds a bit like when there is some non-queue file in the hold
directory... Check that whith ls -ltr and your favorite pager... MS
will always hit the same in a case like that.

Cheers

On 08/10/2010, Alex Broens <ms-list@alexb.ch> wrote:
> shot in the dark...
>
> if you feel MS is always trying to access the same msg, raise the time
> between scans
>
> if not, I'm stumped..
>
> Where's Glen Steen when we need him?
>
>
>
> On 2010-10-08 15:24, LGi@b-w-computer.de wrote:
>> fixed that, but no change of behavior
>>
>>
>> Lars
>>
>>
>>
>>
>>
>> mailscanner-bounces@lists.mailscanner.info schrieb am 08.10.2010 15:04:46:
>>
>>> Von: Alex Broens <ms-list@alexb.ch>
>>> An: MailScanner discussion <mailscanner@lists.mailscanner.info>
>>> Datum: 08.10.2010 15:09
>>> Betreff: Re: Mailscanner does not scan mails
>>> Gesendet von: mailscanner-bounces@lists.mailscanner.info
>>>
>>> At the bottom of your first post:
>>>
>>> ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf
>>> ERROR: is not correct, it should match X-VOSSCHEMIE-MailScanner-From
>>>
>>> - you've configured MS clamavmodule (not recommended) but it seems you
>>> also have clamd (recommended)
>>>
>>> Alex
>>>
>>>
>>> On 2010-10-08 14:44, LGi@b-w-computer.de wrote:
>>>> yes, i think permissions are OK
>>>>
>>>> fw-1 opt # ls -ls /var/spool/postfix/
>>>> total 20
>>>>  0 drwx------  2 postfix root        6 Oct  8 14:40 active
>>>>  0 drwx------  2 postfix root        6 Oct  8 13:41 bounce
>>>>  0 drwx------  2 postfix root        6 Apr  5  2006 corrupt
>>>>  0 drwx------ 18 postfix root      134 Apr 26  2006 defer
>>>>  0 drwx------ 18 postfix root      134 Apr 26  2006 deferred
>>>>  0 drwx------  2 postfix root       45 Oct  1 08:27 flush
>>>> 12 drwx------  2 postfix root     8192 Oct  8 14:42 hold
>>>>  0 drwx------  2 postfix root       61 Oct  8 14:42 incoming
>>>>  0 drwx-wx---  2 postfix postdrop   25 Oct  8 14:07 maildrop
>>>>  4 drwxr-xr-x  2 root    root     4096 Sep  1  2008 pid
>>>>  4 drwx------  2 postfix root     4096 Oct  7 20:05 private
>>>>  0 drwx--x---  2 postfix postdrop   68 Oct  7 20:05 public
>>>>  0 drwx------  2 postfix root        6 Apr  5  2006 saved
>>>>  0 drwx------  2 postfix root       44 Oct  8 13:32 trace
>>>>
>>>>
>>>> fw-1 opt # ls -la /var/spool/MailScanner/
>>>> total 8
>>>> drwxr-xr-x  6 postfix postfix   69 Mar  5  2009 .
>>>> drwxr-xr-x  9 root    root      98 Mar  5  2009 ..
>>>> drwxr-xr-x  2 postfix postfix    6 May 11  2006 bayes
>>>> drwxr-xr-x 46 postfix postfix 4096 Oct  8 14:22 incoming
>>>> drwxr-xr-x 34 postfix postfix 4096 Oct  8 05:23 quarantine
>>>> drwx------  2 postfix postfix   58 Apr  7  2006 spamassassin
>>>>
>>>>
>>>>
>>>>
>>>> Fragen? Kommen Sie jederzeit gerne auf uns zu!
>>>>
>>>> Herzliche Gr??e aus Hamburg
>>>> b&w computer
>>>>
>>>> Lars Gierling
>>>> b&w computer
>>>> Inh.: Michael Papenhagen
>>>> Fangdieckstr. 64
>>>> D-22547 Hamburg | Germany
>>>> Tel:  +49 40 / 49 296 - 0
>>>> Fax: +49 40 / 49 296 - 100
>>>> http://www.b-w-computer.de
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Von:    Alex Broens <ms-list@alexb.ch>
>>>> An:     MailScanner discussion <mailscanner@lists.mailscanner.info>
>>>> Datum:  08.10.2010 14:37
>>>> Betreff:        Re: Mailscanner does not scan mails
>>>> Gesendet von:   mailscanner-bounces@lists.mailscanner.info
>>>>
>>>>
>>>>
>>>> did you check permsisions as per docs?
>>>> MailScanner setup may reset them after running
>>>>
>>>> h2h
>>>> Alex
>>>>
>>>> On 2010-10-08 14:24, LGi@b-w-computer.de wrote:
>>>>> I just ugraded to MailScanner-4.81.4-1
>>>>>
>>>>> All seems fine, but it's just not scanning messages.
>>>>> The debug output says:
>>>>>
>>>>>         14:10:29 Building a message batch to scan...
>>>>>
>>>>> but nothing happens
>>>>>
>>>>> ps ax shows:
>>>>>
>>>>>         29532 pts/3    S+     0:38 MailScanner: waiting for messages
>>>>>
>>>>> The Incoming Queue Dir is configured correctly:
>>>>>
>>>>> Incoming Queue Dir = /var/spool/postfix/hold
>>>>>
>>>>> When I start the job with strace the Mailscanner processs seem to
>> look
>>>>> into the queue directory every 6 seconds:
>>>>>
>>>>> [pid 29692] chdir("/var/spool/postfix/hold") = 0
>>>>> [pid 29692] open(".",
>>>> O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000)
>>>>> = 9
>>>>> [pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
>>>>> [pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
>>>>> [pid 29692] close(9)                    = 0
>>>>> [pid 29692] umask(0177)                 = 077
>>>>> [pid 29692] umask(077)                  = 0177
>>>>> [pid 29692] time(NULL)                  = 1286540143
>>>>> [pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
>>>>> [pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
>>>>> [pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
>>>>> [pid 29692] nanosleep({6, 0}, {6, 0})   = 0
>>>>> [pid 29692] time(NULL)                  = 1286540149
>>>>> [pid 29692] chdir("/var/spool/postfix/hold") = 0
>>>>> [pid 29692] open(".",
>>>> O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000)
>>>>> = 9
>>>>> [pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
>>>>> [pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
>>>>> [pid 29692] close(9)                    = 0
>>>>> [pid 29692] umask(0177)                 = 077
>>>>> [pid 29692] umask(077)                  = 0177
>>>>> [pid 29692] time(NULL)                  = 1286540149
>>>>> [pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
>>>>> [pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
>>>>> [pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
>>>>> [pid 29692] nanosleep({6, 0},
>>>>>
>>>>>
>>>>> There are several new messages in the directory
>> /var/spool/postfix/hold
>>>>> but MailScanner does not pick them.
>>>>>
>>>>> any idea how to get this to work?
>>>>> Previus Version MailScanner-4.52.2 is working fine.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> best regards
>>>>>
>>>>>
>>>>> Lars Gierling
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Think before you print
>>>>> Diese E-Mail und alle Anh?nge enthalten vertrauliche und/oder
>> rechtlich
>>>>> gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind
>> oder
>>>>> diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort
>> den
>>>>> Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das
>>>> unerlaubte
>>>>> Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht
>>>> gestattet.
>>>>> This e-mail and any attached files may contain confidential and/or
>>>>> privileged information. If you are not the intended recipient (or
>> have
>>>>> received this e-mail by mistake) please notify the sender immediately
>>
>>>> and
>>>>> delete this e-mail. Any unauthorised duplication, disclosure or
>>>>> distribution of this e-mail and content is strictly forbidden.
>>>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>>
>> Think before you print
>> Diese E-Mail und alle Anh?nge enthalten vertrauliche und/oder rechtlich
>> gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder
>> diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort den
>> Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das unerlaubte
>> Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.
>>
>> This e-mail and any attached files may contain confidential and/or
>> privileged information. If you are not the intended recipient (or have
>> received this e-mail by mistake) please notify the sender immediately and
>> delete this e-mail. Any unauthorised duplication, disclosure or
>> distribution of this e-mail and content is strictly forbidden.
>>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>


-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From maxsec at gmail.com  Sat Oct  9 18:23:34 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Sat Oct  9 18:23:44 2010
Subject: Mailscanner does not scan mails
In-Reply-To: <OF836E3E7E.69DEC618-ONC12577B6.005419C9-C12577B6.0054520B@b-w-computer.de>
References: <OF3CA0186D.59B8C44D-ONC12577B6.00429654-C12577B6.00442FCB@b-w-computer.de>
	<AANLkTin0BdXWbcerHTJA4dHLkg6WFAc4PMKw5=nump7Y@mail.gmail.com>
	<OF836E3E7E.69DEC618-ONC12577B6.005419C9-C12577B6.0054520B@b-w-computer.de>
Message-ID: <AANLkTikpebOgqz31W2SURHqnkT-z+pd4+Em4nCXCvr49@mail.gmail.com>

Worth using the automatic tool for this u may have missed a setting

On Friday, October 8, 2010,  <LGi@b-w-computer.de> wrote:
> I updated the new MailScanner.conf manually with the settings from the old
> one.
>
>
> Fragen? Kommen Sie jederzeit gerne auf uns zu!
>
> Herzliche Gr??e aus Hamburg
> b&w computer
>
> Lars Gierling
> b&w computer
> Inh.: Michael Papenhagen
> Fangdieckstr. 64
> D-22547 Hamburg | Germany
> Tel: ?+49 40 / 49 296 - 0
> Fax: +49 40 / 49 296 - 100
> http://www.b-w-computer.de
>
>
>
>
>
> Von: ? ?Martin Hepworth <maxsec@gmail.com>
> An: ? ? MailScanner discussion <mailscanner@lists.mailscanner.info>
> Datum: ?08.10.2010 17:13
> Betreff: ? ? ? ?Re: Mailscanner does not scan mails
> Gesendet von: ? mailscanner-bounces@lists.mailscanner.info
>
>
>
> ?how did you upgrade - jump from 4.55 to 4.81 is a big one...did you check
> all the settings are still correct in the merges MailScanner.conf?
>
>
> --
> Martin Hepworth
> Oxford, UK
>
>
> On 8 October 2010 13:24, <LGi@b-w-computer.de> wrote:
> I just ugraded to MailScanner-4.81.4-1
>
> All seems fine, but it's just not scanning messages.
> The debug output says:
>
>  ? ? ? 14:10:29 Building a message batch to scan...
>
> but nothing happens
>
> ps ax shows:
>
>  ? ? ? 29532 pts/3 ? ?S+ ? ? 0:38 MailScanner: waiting for messages
>
> The Incoming Queue Dir is configured correctly:
>
> Incoming Queue Dir = /var/spool/postfix/hold
>
> When I start the job with strace the Mailscanner processs seem to look
> into the queue directory every 6 seconds:
>
> [pid 29692] chdir("/var/spool/postfix/hold") = 0
> [pid 29692] open(".", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000)
> = 9
> [pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
> [pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
> [pid 29692] close(9) ? ? ? ? ? ? ? ? ? ?= 0
> [pid 29692] umask(0177) ? ? ? ? ? ? ? ? = 077
> [pid 29692] umask(077) ? ? ? ? ? ? ? ? ?= 0177
> [pid 29692] time(NULL) ? ? ? ? ? ? ? ? ?= 1286540143
> [pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
> [pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
> [pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> [pid 29692] nanosleep({6, 0}, {6, 0}) ? = 0
> [pid 29692] time(NULL) ? ? ? ? ? ? ? ? ?= 1286540149
> [pid 29692] chdir("/var/spool/postfix/hold") = 0
> [pid 29692] open(".", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000)
> = 9
> [pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
> [pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
> [pid 29692] close(9) ? ? ? ? ? ? ? ? ? ?= 0
> [pid 29692] umask(0177) ? ? ? ? ? ? ? ? = 077
> [pid 29692] umask(077) ? ? ? ? ? ? ? ? ?= 0177
> [pid 29692] time(NULL) ? ? ? ? ? ? ? ? ?= 1286540149
> [pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
> [pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
> [pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> [pid 29692] nanosleep({6, 0},
>
>
> There are several new messages in the directory /var/spool/postfix/hold
> but MailScanner does not pick them.
>
> any idea how to get this to work?
> Previus Version MailScanner-4.52.2 is working fine.
>
>
>
>
>
> best regards
>
>
> Lars Gierling
>
>
>
>
> Think before you print
> Diese E-Mail und alle Anh?nge enthalten vertrauliche und/oder rechtlich
> gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder
> diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort den
> Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das unerlaubte
> Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.
>
> This e-mail and any attached files may contain confidential and/or
> privileged information. If you are not the intended recipient (or have
> received this e-mail by mistake) please notify the sender immediately and
> delete this e-mail. Any unauthorised duplication, disclosure or
> distribution of this e-mail and content is strictly forbidden.
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
>
> Think before you print
> Diese E-Mail und alle Anh?nge enthalten vertrauliche und/oder rechtlich
> gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder
> diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort den
> Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das unerlaubte
> Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.
>
> This e-mail and any attached files may contain confidential and/or
> privileged information. If you are not the intended recipient (or have
> received this e-mail by mistake) please notify the sender immediately and
> delete this e-mail. Any unauthorised duplication, disclosure or
> distribution of this e-mail and content is strictly forbidden.
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

-- 
-- 
Martin Hepworth
Oxford, UK
From drolland at kdinet.com  Mon Oct 11 02:05:35 2010
From: drolland at kdinet.com (Diane Rolland)
Date: Mon Oct 11 02:07:32 2010
Subject: setting Archive directory/file permissions
In-Reply-To: <76415AED4CCF214F80FD9B0DA9A9EE45013736BE@HC-MBX01.herefordshire.gov.uk>
References: <4C8F44A4.5040807@sme-ecom.co.uk>
	<76415AED4CCF214F80FD9B0DA9A9EE45013736BE@HC-MBX01.herefordshire.gov.uk>
Message-ID: <007701cb68e0$6aa17400$3fe45c00$@com>

Hello,

I have an archive.rule set up to archive email into a certain directory
where a process runs on the emails in that directory.

The directory is created with 777, but when the archived emails (in
directories with date i.e. 20101010) that directory is owned by root and has
700 permissions.

I am running sendmail and the MailScanner.conf does not have the Run As user
set.  I had tried a couple of variations, of the Quarantine User, but it
always seems to get created with root owner and permissions.

Is there a way I can get these archive directories to have certain
permissions when MailScanner processes them?

Thanks in Advance!
Diane

From doctor at doctor.nl2k.ab.ca  Tue Oct 12 02:52:29 2010
From: doctor at doctor.nl2k.ab.ca (The Doctor)
Date: Tue Oct 12 03:54:19 2010
Subject: Exim 4.72 and MailScanner
Message-ID: <20101012015229.GA6353@doctor.nl2k.ab.ca>

All right which part of http://www.mailscanner.info/exim.html do I
pay attention to?

I wonder if I should use the default configure file as the the incoming 
queue and copy the current the current configure file to comfigure.out .

I do have some exotic extras in the Exim configuration.


-- 
Member - Liberal International	This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! 
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
Are you a real human: http://www.cuttingedge.org/news/n1334.cfm
From maxsec at gmail.com  Tue Oct 12 09:32:26 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Tue Oct 12 09:32:36 2010
Subject: Exim 4.72 and MailScanner
In-Reply-To: <20101012015229.GA6353@doctor.nl2k.ab.ca>
References: <20101012015229.GA6353@doctor.nl2k.ab.ca>
Message-ID: <AANLkTi=DXHOcj-78jgR-VX3yrPv2zrEmW-jzODmoeG25@mail.gmail.com>

At the bottom of the page there's a way to do it with one conf file..

-- 
Martin Hepworth
Oxford, UK


On 12 October 2010 02:52, The Doctor <doctor@doctor.nl2k.ab.ca> wrote:

> All right which part of http://www.mailscanner.info/exim.html do I
> pay attention to?
>
> I wonder if I should use the default configure file as the the incoming
> queue and copy the current the current configure file to comfigure.out .
>
> I do have some exotic extras in the Exim configuration.
>
>
> --
> Member - Liberal International  This is doctor@nl2k.ab.ca Ici
> doctor@nl2k.ab.ca
> God, Queen and country! Never Satan President Republic! Beware AntiChrist
> rising!
> http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
> Are you a real human: http://www.cuttingedge.org/news/n1334.cfm
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101012/e8b9446c/attachment.html
From hvdkooij at vanderkooij.org  Tue Oct 12 15:02:24 2010
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Tue Oct 12 15:02:43 2010
Subject: Valid use of Emailvision?
Message-ID: <4CB46A70.2020504@vanderkooij.org>

Hi,

Is there anyone who knows of a valid reason to accept email from emv2.net?

So far I have found their messages to be 100% pure spam.

As far as I can see I should get rid of plenty of spam by blacklisting:

route:          81.92.112.0/20
descr:          Emailvision main
mnt-lower:      MNT-EMAILVISION
origin:         AS39905
mnt-by:         MNT-EMAILVISION
source:         RIPE # Filtered


-- 
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
From john at tradoc.fr  Tue Oct 12 15:27:30 2010
From: john at tradoc.fr (John Wilcock)
Date: Tue Oct 12 15:27:47 2010
Subject: Valid use of Emailvision?
In-Reply-To: <4CB46A70.2020504@vanderkooij.org>
References: <4CB46A70.2020504@vanderkooij.org>
Message-ID: <4CB47052.8000300@tradoc.fr>

Le 12/10/2010 16:02, Hugo van der Kooij a ?crit :
> Is there anyone who knows of a valid reason to accept email from emv2.net?
>
> So far I have found their messages to be 100% pure spam.

I do see a fair bit of legit direct opt-in bulk mail from them.

Unfortunately I also see plenty of dubious stuff, though I suspect that 
at least some is semi-legit due to users failing to uncheck "accept 
e-mail from our partners"-type boxes on sign-up forms. On the plus side, 
they seem to take proper note of unsubscribe requests.

John.

-- 
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr
From hvdkooij at vanderkooij.org  Tue Oct 12 16:45:23 2010
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Tue Oct 12 16:45:33 2010
Subject: ClamNailer, wget failed
Message-ID: <4CB48293.2060409@vanderkooij.org>

Hi,

It seems the amount of wget failures seems to increase over time. Are
there plans to distribute the load over more servers?

-- 
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
From steveb_clamav at sanesecurity.com  Tue Oct 12 20:56:11 2010
From: steveb_clamav at sanesecurity.com (Steve Basford)
Date: Tue Oct 12 20:56:33 2010
Subject: ClamNailer, wget failed
In-Reply-To: <4CB48293.2060409@vanderkooij.org>
References: <4CB48293.2060409@vanderkooij.org>
Message-ID: <1c3bb7e7a12efdc77b7a736408af5124.squirrel@saturn.dataflame.net>

> Hi,
>
> It seems the amount of wget failures seems to increase over time. Are
> there plans to distribute the load over more servers?

Hi,

The scamnailer.ndb file is also distributed by the Sanesecurity mirrors,
which
is downloaded from the main db file every hour and then distributed:

http://www.sanesecurity.com/clamav/databases.htm

Download scripts here:
http://www.sanesecurity.com/clamav/download_scripts_linux.htm

Cheers,

Steve
Sanesecurity

From doctor at doctor.nl2k.ab.ca  Tue Oct 12 15:02:12 2010
From: doctor at doctor.nl2k.ab.ca (The Doctor)
Date: Wed Oct 13 00:59:28 2010
Subject: Exim 4.72 and MailScanner
In-Reply-To: <AANLkTi=DXHOcj-78jgR-VX3yrPv2zrEmW-jzODmoeG25@mail.gmail.com>
References: <20101012015229.GA6353@doctor.nl2k.ab.ca>
	<AANLkTi=DXHOcj-78jgR-VX3yrPv2zrEmW-jzODmoeG25@mail.gmail.com>
Message-ID: <20101012140211.GA27631@doctor.nl2k.ab.ca>

On Tue, Oct 12, 2010 at 09:32:26AM +0100, Martin Hepworth wrote:
> At the bottom of the page there's a way to do it with one conf file..
>

Looks as if that might not work.  I have non-local users
on both systems in question.
 
> -- 
> Martin Hepworth
> Oxford, UK
> 
> 
> On 12 October 2010 02:52, The Doctor <doctor@doctor.nl2k.ab.ca> wrote:
> 
> > All right which part of http://www.mailscanner.info/exim.html do I
> > pay attention to?
> >
> > I wonder if I should use the default configure file as the the incoming
> > queue and copy the current the current configure file to comfigure.out .
> >
> > I do have some exotic extras in the Exim configuration.
> >
> >
> > --
> > Member - Liberal International  This is doctor@nl2k.ab.ca Ici
> > doctor@nl2k.ab.ca
> > God, Queen and country! Never Satan President Republic! Beware AntiChrist
> > rising!
> > http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
> > Are you a real human: http://www.cuttingedge.org/news/n1334.cfm
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >

> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 


-- 
Member - Liberal International	This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! 
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
Are you a real human: http://www.cuttingedge.org/news/n1334.cfm
From jonas at vrt.dk  Wed Oct 13 15:03:05 2010
From: jonas at vrt.dk (Jonas)
Date: Wed Oct 13 15:03:18 2010
Subject: Exim 4.72 and MailScanner
In-Reply-To: <20101012140211.GA27631@doctor.nl2k.ab.ca>
References: <20101012015229.GA6353@doctor.nl2k.ab.ca><AANLkTi=DXHOcj-78jgR-VX3yrPv2zrEmW-jzODmoeG25@mail.gmail.com>
	<20101012140211.GA27631@doctor.nl2k.ab.ca>
Message-ID: <09F23668E315FD4597C13D73E5123ADF49A3FF@SCTSBS.sct.dk>

> 
> Looks as if that might not work.  I have non-local users on both systems in
> question.

Why would that be an issue?



Med venlig hilsen / Best regards
?
Jonas Akrouh Larsen
?
TechBiz ApS
Laplandsgade 4, 2. sal
2300 K?benhavn S
?
Office: 7020 0979
Direct: 3336 9974
Mobile: 5120 1096
Fax:??? 7020 0978
Web: www.techbiz.dk


From maxsec at gmail.com  Wed Oct 13 16:10:34 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Wed Oct 13 16:10:44 2010
Subject: Exim 4.72 and MailScanner
In-Reply-To: <20101012140211.GA27631@doctor.nl2k.ab.ca>
References: <20101012015229.GA6353@doctor.nl2k.ab.ca>
	<AANLkTi=DXHOcj-78jgR-VX3yrPv2zrEmW-jzODmoeG25@mail.gmail.com>
	<20101012140211.GA27631@doctor.nl2k.ab.ca>
Message-ID: <AANLkTima-SWN1aswWJVSbj-8DNXS5hVkhbM3UBLncAfc@mail.gmail.com>

makes no difference, first of all get the exim config running as a relay for
email (maybe add in valid recipient address checks), then do the changes so
MailScanner sits in the middle of the two Exim instances to take mail from
the 1st instance, process it and hand it off to the second instance.


-- 
Martin Hepworth
Oxford, UK


On 12 October 2010 15:02, The Doctor <doctor@doctor.nl2k.ab.ca> wrote:

> On Tue, Oct 12, 2010 at 09:32:26AM +0100, Martin Hepworth wrote:
> > At the bottom of the page there's a way to do it with one conf file..
> >
>
> Looks as if that might not work.  I have non-local users
> on both systems in question.
>
> > --
> > Martin Hepworth
> > Oxford, UK
> >
> >
> > On 12 October 2010 02:52, The Doctor <doctor@doctor.nl2k.ab.ca> wrote:
> >
> > > All right which part of http://www.mailscanner.info/exim.html do I
> > > pay attention to?
> > >
> > > I wonder if I should use the default configure file as the the incoming
> > > queue and copy the current the current configure file to comfigure.out
> .
> > >
> > > I do have some exotic extras in the Exim configuration.
> > >
> > >
> > > --
> > > Member - Liberal International  This is doctor@nl2k.ab.ca Ici
> > > doctor@nl2k.ab.ca
> > > God, Queen and country! Never Satan President Republic! Beware
> AntiChrist
> > > rising!
> > > http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
> > > Are you a real human: http://www.cuttingedge.org/news/n1334.cfm
> > > --
> > > MailScanner mailing list
> > > mailscanner@lists.mailscanner.info
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > >
> > > Support MailScanner development - buy the book off the website!
> > >
>
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
>
>
> --
> Member - Liberal International  This is doctor@nl2k.ab.ca Ici
> doctor@nl2k.ab.ca
> God, Queen and country! Never Satan President Republic! Beware AntiChrist
> rising!
> http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
> Are you a real human: http://www.cuttingedge.org/news/n1334.cfm
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101013/e3e89d49/attachment.html
From spamlists at coders.co.uk  Wed Oct 13 21:57:54 2010
From: spamlists at coders.co.uk (Matt)
Date: Wed Oct 13 21:58:06 2010
Subject: ClamNailer, wget failed
In-Reply-To: <4CB48293.2060409@vanderkooij.org>
References: <4CB48293.2060409@vanderkooij.org>
Message-ID: <4CB61D52.3000707@coders.co.uk>

On 12/10/2010 16:45, Hugo van der Kooij wrote:
> Hi,
>
> It seems the amount of wget failures seems to increase over time. Are
> there plans to distribute the load over more servers?
>
Hi Hugo

It is already on a CDN - what errors are you seeing? 

If anyone else is having issues, can you send me a traceroute (off list)
to www.mailscanner.eu so that I can see if this isolated to a single
node and then I can raise it with the provider.

matt 
From ports at raveland.org  Thu Oct 14 08:57:38 2010
From: ports at raveland.org (MailScanner)
Date: Thu Oct 14 08:57:49 2010
Subject: compatibility issue with Archive::Zip::Member v1.30?
In-Reply-To: <4CAC4598.6050409@netring.co.uk>
References: <4CAC4598.6050409@netring.co.uk>
Message-ID: <20101014075738.GA17020@coredump.raveland.priv>

On Wed, Oct 06, 2010 at 10:47:04AM +0100, Edward Prendergast wrote:
>  Hi,
> 
> I'm seeing MailScanner 4.81.4 return "MailScanner: Message attempted
> to kill MailScanner" every time it tries to process an .xlsx file
> (Microsoft Excel 2010's format). IIRC the format is a zip container
> with the actual Excel data inside it.
> 
> When I run MailScanner in debug mode and send one of these files
> through I get the error message:
> 
> Insecure dependency in chmod while running with -T switch at
> /opt/perl5/lib/site_perl/5.12.2/Archive/Zip/Member.pm line 490.
> 
> That line in Member.pm (v1.30) says:
> 
> chmod ($self->unixFileAttributes(), $name)
> 
> My guess is that $name is being passed down, hasn't been checked
> anywhere and so is causing a taint issue.
> 
> Should I just do a local rebuild of this module that does $name =~
> /.*/ to fix this issue for now and then submit it as a patch back to
> the vendor? Just modifying the code like this doesn't seem like a
> great long term solution though as it could be a security risk?
> 
> Thanks,
> Edward

Hi,

I saw this bug too. All the .docx attachments crash MailScanner.
Someone opened a bug here: http://rt.cpan.org/Public/Bug/Display.html?id=61930

To avoid the crash, i found this workaround: set Maximum Archive Depth to 0.
Like this, the .docx files are no longer scanned.

Regards,
From edward.prendergast at netring.co.uk  Thu Oct 14 09:56:15 2010
From: edward.prendergast at netring.co.uk (Edward Prendergast)
Date: Thu Oct 14 09:54:58 2010
Subject: compatibility issue with Archive::Zip::Member v1.30?
In-Reply-To: <20101014075738.GA17020@coredump.raveland.priv>
References: <4CAC4598.6050409@netring.co.uk>
	<20101014075738.GA17020@coredump.raveland.priv>
Message-ID: <4CB6C5AF.1030607@netring.co.uk>

  On 14/10/2010 08:57, MailScanner wrote:
> On Wed, Oct 06, 2010 at 10:47:04AM +0100, Edward Prendergast wrote:
>> I'm seeing MailScanner 4.81.4 return "MailScanner: Message attempted
>> to kill MailScanner" every time it tries to process an .xlsx file
>> (Microsoft Excel 2010's format). IIRC the format is a zip container
>> with the actual Excel data inside it.
>>
>> When I run MailScanner in debug mode and send one of these files
>> through I get the error message:
>>
>> Insecure dependency in chmod while running with -T switch at
>> /opt/perl5/lib/site_perl/5.12.2/Archive/Zip/Member.pm line 490.
>>
> I saw this bug too. All the .docx attachments crash MailScanner.
> Someone opened a bug here: http://rt.cpan.org/Public/Bug/Display.html?id=61930
>
> To avoid the crash, i found this workaround: set Maximum Archive Depth to 0.
> Like this, the .docx files are no longer scanned.

I opened that bug - I've ploughed some time into trying to figure out a 
fix but haven't had any luck. I realise this may be a bit OT so if 
anyone with perl experience is interested in discussing it off list 
please feel free to e-mail me off-list. I've put some detail about where 
I think the bug is occurring in the ticket: 
http://rt.cpan.org/Public/Bug/Display.html?id=61930.



************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorised. If you are not the intended recipient, any action taken or
omitted to be taken in reliance on it, any form of reproduction,
dissemination, copying, disclosure, modification, distribution and/or
publication of this E-mail message is strictly prohibited and may be
unlawful. If you have received this E-mail message in error, please notify
us immediately. Please also destroy and delete the message from your
computer.
************

From doctor at doctor.nl2k.ab.ca  Tue Oct 12 15:02:12 2010
From: doctor at doctor.nl2k.ab.ca (The Doctor)
Date: Thu Oct 14 11:09:06 2010
Subject: Exim 4.72 and MailScanner
In-Reply-To: <AANLkTi=DXHOcj-78jgR-VX3yrPv2zrEmW-jzODmoeG25@mail.gmail.com>
References: <20101012015229.GA6353@doctor.nl2k.ab.ca>
	<AANLkTi=DXHOcj-78jgR-VX3yrPv2zrEmW-jzODmoeG25@mail.gmail.com>
Message-ID: <20101012140211.GA27631@doctor.nl2k.ab.ca>

On Tue, Oct 12, 2010 at 09:32:26AM +0100, Martin Hepworth wrote:
> At the bottom of the page there's a way to do it with one conf file..
>

Looks as if that might not work.  I have non-local users
on both systems in question.
 
> -- 
> Martin Hepworth
> Oxford, UK
> 
> 
> On 12 October 2010 02:52, The Doctor <doctor@doctor.nl2k.ab.ca> wrote:
> 
> > All right which part of http://www.mailscanner.info/exim.html do I
> > pay attention to?
> >
> > I wonder if I should use the default configure file as the the incoming
> > queue and copy the current the current configure file to comfigure.out .
> >
> > I do have some exotic extras in the Exim configuration.
> >
> >
> > --
> > Member - Liberal International  This is doctor@nl2k.ab.ca Ici
> > doctor@nl2k.ab.ca
> > God, Queen and country! Never Satan President Republic! Beware AntiChrist
> > rising!
> > http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
> > Are you a real human: http://www.cuttingedge.org/news/n1334.cfm
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >

> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 


-- 
Member - Liberal International	This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! 
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
Are you a real human: http://www.cuttingedge.org/news/n1334.cfm
From campbell at cnpapers.com  Thu Oct 14 15:41:46 2010
From: campbell at cnpapers.com (Steve Campbell)
Date: Thu Oct 14 15:42:17 2010
Subject: Just my meager contribution
Message-ID: <4CB716AA.3040806@cnpapers.com>

  I don't get to contribute much, so when I can, I try and offer what I 
think is correct.

I run some older Centos 3 mail servers that were running older versions 
of MS. I began upgrading today and found a few problems, and did the 
best I could to fix them as I went. The last time I upgraded, I ran into 
problems with MimeDefang, so I upgrade only when I have time to devote 
to fixing the problems I see.

Here's what happened today. I hope it helps others who might be running 
dinosauric OSs.

I firstly upgraded Clam from rpmforge. All went well.

Next I tried upgrading MailScanner with the install.sh script. I usually 
get quite a few errors during this step, but MS will almost always 
start. This time it didn't. The problem turned out to be perl-DBI and 
perl-DBD-SQLite. The problems showed up firstly by MS not starting and 
secondly using "MailScanner --lint".

The first problem showed up by saying MS couldn't use the SpamAssassin 
cache. The quick fix was to indicate in the conf file:
Cache SpamAssassin Results = no

The second problem showed up by saying MS couldn't use the 
Processing.db. Here the quick fix was to indicate in the conf file:
Maximum Processing Attempts = 0

So now I reviewed the versions of these RPMs included in the MS 
installation package and find that rpmforge has those available. I 
installed the two RPMs using yum and turned back on the two options in 
MS and all seemed OK as far as MS goes.

Apparently, when using the vanilla (no options) install shell, these 
RPMs are removed, so "install", not "update" is needed. I seem to recall 
there are other options other than "nodeps" and "fast" for the 
install.sh that will not remove the old RPMs.

I did not upgrade SA.

Hope this helps. If anyone knows of something wrong I described here, 
I'd hope you speak up.  It's probably either common knowledge or useless 
info for most of you all, but if it helps someone......

Steve Campbell

From edward.prendergast at netring.co.uk  Thu Oct 14 16:12:52 2010
From: edward.prendergast at netring.co.uk (Edward Prendergast)
Date: Thu Oct 14 16:11:34 2010
Subject: compatibility issue with Archive::Zip::Member v1.30?
In-Reply-To: <4CB6C5AF.1030607@netring.co.uk>
References: <4CAC4598.6050409@netring.co.uk>	<20101014075738.GA17020@coredump.raveland.priv>
	<4CB6C5AF.1030607@netring.co.uk>
Message-ID: <4CB71DF4.60102@netring.co.uk>

  On 14/10/2010 09:56, Edward Prendergast wrote:
>  On 14/10/2010 08:57, MailScanner wrote:
>> On Wed, Oct 06, 2010 at 10:47:04AM +0100, Edward Prendergast wrote:
>>> I'm seeing MailScanner 4.81.4 return "MailScanner: Message attempted
>>> to kill MailScanner" every time it tries to process an .xlsx file
>>> (Microsoft Excel 2010's format). IIRC the format is a zip container
>>> with the actual Excel data inside it.
>>>
>>> When I run MailScanner in debug mode and send one of these files
>>> through I get the error message:
>>>
>>> Insecure dependency in chmod while running with -T switch at
>>> /opt/perl5/lib/site_perl/5.12.2/Archive/Zip/Member.pm line 490.
>>>
>> I saw this bug too. All the .docx attachments crash MailScanner.
>> Someone opened a bug here: 
>> http://rt.cpan.org/Public/Bug/Display.html?id=61930
>>
>> To avoid the crash, i found this workaround: set Maximum Archive 
>> Depth to 0.
>> Like this, the .docx files are no longer scanned.
>
> I opened that bug - I've ploughed some time into trying to figure out 
> a fix but haven't had any luck. I realise this may be a bit OT so if 
> anyone with perl experience is interested in discussing it off list 
> please feel free to e-mail me off-list. I've put some detail about 
> where I think the bug is occurring in the ticket: 
> http://rt.cpan.org/Public/Bug/Display.html?id=61930.

We've had a bit of a chat on irc.freenode.org#perl and come up with a 
patch which I've just submitted to the author of Archive::Zip.

************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorised. If you are not the intended recipient, any action taken or
omitted to be taken in reliance on it, any form of reproduction,
dissemination, copying, disclosure, modification, distribution and/or
publication of this E-mail message is strictly prohibited and may be
unlawful. If you have received this E-mail message in error, please notify
us immediately. Please also destroy and delete the message from your
computer.
************

From ngoc5593 at yahoo.com  Thu Oct 14 19:42:00 2010
From: ngoc5593 at yahoo.com (le minh ngoc)
Date: Thu Oct 14 19:42:10 2010
Subject: help me
Message-ID: <63314.96569.qm@web53105.mail.re2.yahoo.com>

now and forever, i would not like to receive emails from your forum



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101014/4c6f4c29/attachment.html
From maxsec at gmail.com  Thu Oct 14 20:28:48 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Thu Oct 14 20:28:58 2010
Subject: help me
In-Reply-To: <63314.96569.qm@web53105.mail.re2.yahoo.com>
References: <63314.96569.qm@web53105.mail.re2.yahoo.com>
Message-ID: <AANLkTimA2VYTS5oHJoLo2CF_uwWoMNDsoWw8NOe7_mjh@mail.gmail.com>

it's on the bottom of the mail - got to the url and unsubscribe
-- 
Martin Hepworth
Oxford, UK


On 14 October 2010 19:42, le minh ngoc <ngoc5593@yahoo.com> wrote:

> now and forever, i would not like to receive emails from your forum
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101014/2a79e081/attachment.html
From ka at pacific.net  Thu Oct 14 20:35:04 2010
From: ka at pacific.net (Ken A)
Date: Thu Oct 14 20:35:25 2010
Subject: help me
In-Reply-To: <63314.96569.qm@web53105.mail.re2.yahoo.com>
References: <63314.96569.qm@web53105.mail.re2.yahoo.com>
Message-ID: <4CB75B68.8080509@pacific.net>

On 10/14/2010 1:42 PM, le minh ngoc wrote:
> now and forever, i would not like to receive emails from your forum

heh heh.. unsubscribe by using the links in every email, and you will be 
now and forever unsubscribed.

OR, Install MailScanner, Buy the book, and filter your own email.

From alex at rtpty.com  Thu Oct 14 21:08:36 2010
From: alex at rtpty.com (Alex Neuman)
Date: Thu Oct 14 21:15:27 2010
Subject: help me
Message-ID: <1620864298-1287087255-cardhu_decombobulator_blackberry.rim.net-1334863589-@bda957.bisx.prod.on.blackberry>

This is more of an MTA-level thing ;-)
------Original Message------
From: Ken A
Sender: mailscanner-bounces@lists.mailscanner.info
To: mailscanner@lists.mailscanner.info
ReplyTo: MailScanner discussion
Subject: Re: help me
Sent: Oct 14, 2010 2:35 PM

On 10/14/2010 1:42 PM, le minh ngoc wrote:
> now and forever, i would not like to receive emails from your forum

heh heh.. unsubscribe by using the links in every email, and you will be 
now and forever unsubscribed.

OR, Install MailScanner, Buy the book, and filter your own email.

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


-- 
Alex Neuman van der Hans
Reliant Technologies
+507 6781-9505
+507 832-6725
+1-440-253-9789 (USA)

Recuerda visitar http://vidadigital.com.pa/ 

BB PIN 20EA17C5
Twitter: @AlexNeuman - @VidaDigitalTV
http://facebook.com/vidadigital
Skype: alexneuman
From kay.irmer at vpisystems.com  Thu Oct 14 21:50:29 2010
From: kay.irmer at vpisystems.com (Kay Irmer)
Date: Thu Oct 14 21:49:56 2010
Subject: help me
In-Reply-To: <4CB75B68.8080509@pacific.net>
References: <63314.96569.qm@web53105.mail.re2.yahoo.com>
	<4CB75B68.8080509@pacific.net>
Message-ID: <4065302081009288933@unknownmsgid>

Please keep me on this list!

Am 14.10.2010 um 21:37 schrieb Ken A <ka@pacific.net>:

> On 10/14/2010 1:42 PM, le minh ngoc wrote:
>> now and forever, i would not like to receive emails from your forum
>
> heh heh.. unsubscribe by using the links in every email, and you will be now and forever unsubscribed.
>
> OR, Install MailScanner, Buy the book, and filter your own email.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> This message has been scanned for viruses and dangerous content by the VPIsystems MailScanner.
>
From support-lists at petdoctors.co.uk  Fri Oct 15 09:14:09 2010
From: support-lists at petdoctors.co.uk (Nigel Kendrick)
Date: Fri Oct 15 09:16:42 2010
Subject: help me
In-Reply-To: <4065302081009288933@unknownmsgid>
References: <63314.96569.qm@web53105.mail.re2.yahoo.com>	<4CB75B68.8080509@pacific.net>
	<4065302081009288933@unknownmsgid>
Message-ID: <006b01cb6c40$f1f23440$d5d69cc0$@co.uk>

Sadly I may be going off list too. Not that I want to, but our company was bought out and the new owners find Linux 'scary stuff' and so they have decided to take our 3 main Linux mail platforms and move them to their comfort zone (MS Exchange) - I estimate that's ?16K in client licences for Exchange alone! Don't ask - I have briefed them, drawn up a cost benefit analysis and encouraged them to do a SWOT analysis on our whole, extensive, Linux infrastructure but they cannot get the Board out of the 'Microsoft or bust' mentality. 

It's a great shame as MailScanner is a great app and the List is full of great, helpful people. The only saving grace is that I am moving to a hi-tech electronics/comms company as IT Manager and they are already heavily into Linux for in-house apps and as the core of one of their products and one of my first tasks is evaluate their creaking IT infrastructure so their Exchange server is up for a fitness review!

Two weeks to go as I watch the empire around me crumble!

Keep up the good work and I'll see you all somewhere else.

Nigel Kendrick



From peter at farrows.org  Fri Oct 15 09:21:13 2010
From: peter at farrows.org (Peter Farrow)
Date: Fri Oct 15 09:21:23 2010
Subject: help me
In-Reply-To: <006b01cb6c40$f1f23440$d5d69cc0$@co.uk>
References: <63314.96569.qm@web53105.mail.re2.yahoo.com>	<4CB75B68.8080509@pacific.net>	<4065302081009288933@unknownmsgid>
	<006b01cb6c40$f1f23440$d5d69cc0$@co.uk>
Message-ID: <4CB80EF9.3050305@farrows.org>

  On 15/10/2010 09:14, Nigel Kendrick wrote:
> Sadly I may be going off list too. Not that I want to, but our company was bought out and the new owners find Linux 'scary stuff' and so they have decided to take our 3 main Linux mail platforms and move them to their comfort zone (MS Exchange) - I estimate that's ?16K in client licences for Exchange alone! Don't ask - I have briefed them, drawn up a cost benefit analysis and encouraged them to do a SWOT analysis on our whole, extensive, Linux infrastructure but they cannot get the Board out of the 'Microsoft or bust' mentality.
>
> It's a great shame as MailScanner is a great app and the List is full of great, helpful people. The only saving grace is that I am moving to a hi-tech electronics/comms company as IT Manager and they are already heavily into Linux for in-house apps and as the core of one of their products and one of my first tasks is evaluate their creaking IT infrastructure so their Exchange server is up for a fitness review!
>
> Two weeks to go as I watch the empire around me crumble!
>
> Keep up the good work and I'll see you all somewhere else.
>
> Nigel Kendrick
>
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

A more effective use of ?16,000 would be to simply burn it on November 
the 5th, at least that way you can see something for your money and have 
some fun too!

Sorry to hear the bad news, thanks for all your contributions,

Pete


From noel.butler at ausics.net  Fri Oct 15 10:19:19 2010
From: noel.butler at ausics.net (Noel Butler)
Date: Fri Oct 15 10:19:35 2010
Subject: help me
In-Reply-To: <1620864298-1287087255-cardhu_decombobulator_blackberry.rim.net-1334863589-@bda957.bisx.prod.on.blackberry>
References: <1620864298-1287087255-cardhu_decombobulator_blackberry.rim.net-1334863589-@bda957.bisx.prod.on.blackberry>
Message-ID: <1287134359.10001.2.camel@tardis>

Actually, isn't this more of a  "pebcak"  thing

On Thu, 2010-10-14 at 20:08 +0000, Alex Neuman wrote:

> This is more of an MTA-level thing ;-)


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101015/88a18fae/attachment.html
From J.Ede at birchenallhowden.co.uk  Fri Oct 15 10:58:02 2010
From: J.Ede at birchenallhowden.co.uk (Jason Ede)
Date: Fri Oct 15 10:58:20 2010
Subject: help me
In-Reply-To: <006b01cb6c40$f1f23440$d5d69cc0$@co.uk>
References: <63314.96569.qm@web53105.mail.re2.yahoo.com>
	<4CB75B68.8080509@pacific.net>	<4065302081009288933@unknownmsgid>
	<006b01cb6c40$f1f23440$d5d69cc0$@co.uk>
Message-ID: <BEB224656722D0419B9B2E0CD61E20C71BE545D0@BHLexchange.bhl.local>


> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Nigel Kendrick
> Sent: 15 October 2010 09:14
> To: 'MailScanner discussion'
> Subject: RE: help me
> 
> Sadly I may be going off list too. Not that I want to, but our company was
> bought out and the new owners find Linux 'scary stuff' and so they have
> decided to take our 3 main Linux mail platforms and move them to their
> comfort zone (MS Exchange) - I estimate that's ?16K in client licences for
> Exchange alone! Don't ask - I have briefed them, drawn up a cost benefit
> analysis and encouraged them to do a SWOT analysis on our whole,
> extensive, Linux infrastructure but they cannot get the Board out of the
> 'Microsoft or bust' mentality.

When their spam/virus levels go through the roof hopefully they'll change their tune...

 
> It's a great shame as MailScanner is a great app and the List is full of great,
> helpful people. The only saving grace is that I am moving to a hi-tech
> electronics/comms company as IT Manager and they are already heavily into
> Linux for in-house apps and as the core of one of their products and one of
> my first tasks is evaluate their creaking IT infrastructure so their Exchange
> server is up for a fitness review!
> 
> Two weeks to go as I watch the empire around me crumble!
> 
> Keep up the good work and I'll see you all somewhere else.
> 
> Nigel Kendrick
> 
> 
> 
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From maxsec at gmail.com  Fri Oct 15 11:28:18 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Fri Oct 15 11:28:31 2010
Subject: help me
In-Reply-To: <006b01cb6c40$f1f23440$d5d69cc0$@co.uk>
References: <63314.96569.qm@web53105.mail.re2.yahoo.com>
	<4CB75B68.8080509@pacific.net> <4065302081009288933@unknownmsgid>
	<006b01cb6c40$f1f23440$d5d69cc0$@co.uk>
Message-ID: <AANLkTinrgrUqQbLx-9tAkUm5fdK4ezjrUM-bEdN6gfJY@mail.gmail.com>

Nigel

so keep MS infront of the scary M$-Exchange stuff so keep all the bad stuff
off the email servers. be interesting to see how much spam/cost a commercial
version does. (hey if the want commercials there's always FSL;-)

-- 
Martin Hepworth
Oxford, UK


On 15 October 2010 09:14, Nigel Kendrick <support-lists@petdoctors.co.uk>wrote:

> Sadly I may be going off list too. Not that I want to, but our company was
> bought out and the new owners find Linux 'scary stuff' and so they have
> decided to take our 3 main Linux mail platforms and move them to their
> comfort zone (MS Exchange) - I estimate that's ?16K in client licences for
> Exchange alone! Don't ask - I have briefed them, drawn up a cost benefit
> analysis and encouraged them to do a SWOT analysis on our whole, extensive,
> Linux infrastructure but they cannot get the Board out of the 'Microsoft or
> bust' mentality.
>
> It's a great shame as MailScanner is a great app and the List is full of
> great, helpful people. The only saving grace is that I am moving to a
> hi-tech electronics/comms company as IT Manager and they are already heavily
> into Linux for in-house apps and as the core of one of their products and
> one of my first tasks is evaluate their creaking IT infrastructure so their
> Exchange server is up for a fitness review!
>
> Two weeks to go as I watch the empire around me crumble!
>
> Keep up the good work and I'll see you all somewhere else.
>
> Nigel Kendrick
>
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101015/76fe2ea6/attachment.html
From alex at rtpty.com  Fri Oct 15 14:21:47 2010
From: alex at rtpty.com (Alex Neuman)
Date: Fri Oct 15 14:27:47 2010
Subject: help me
In-Reply-To: <1287134359.10001.2.camel@tardis>
References: <1620864298-1287087255-cardhu_decombobulator_blackberry.rim.net-1334863589-@bda957.bisx.prod.on.blackberry><1287134359.10001.2.camel@tardis>
Message-ID: <833605832-1287149248-cardhu_decombobulator_blackberry.rim.net-46529761-@bda957.bisx.prod.on.blackberry>

Ah, you mean an OSI Layer 8 type thing!
-- 
Alex Neuman van der Hans
Reliant Technologies
+507 6781-9505
+507 832-6725
+1-440-253-9789 (USA)

Recuerda visitar http://vidadigital.com.pa/ 

BB PIN 20EA17C5
Twitter: @AlexNeuman - @VidaDigitalTV
http://facebook.com/vidadigital
Skype: alexneuman

-----Original Message-----
From: Noel Butler <noel.butler@ausics.net>
Sender: mailscanner-bounces@lists.mailscanner.info
Date: Fri, 15 Oct 2010 19:19:19 
To: <mailscanner@lists.mailscanner.info>
Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Subject: Re: help me

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


From alex at nanogherkin.com  Fri Oct 15 17:24:42 2010
From: alex at nanogherkin.com (Alex Crow)
Date: Fri Oct 15 17:24:47 2010
Subject: The Exchange takeover, stealth Mailscanner, SPF, and other thoughts.
 Subj was: Re: help me
In-Reply-To: <AANLkTinrgrUqQbLx-9tAkUm5fdK4ezjrUM-bEdN6gfJY@mail.gmail.com>
References: <63314.96569.qm@web53105.mail.re2.yahoo.com>	<4CB75B68.8080509@pacific.net>
	<4065302081009288933@unknownmsgid>	<006b01cb6c40$f1f23440$d5d69cc0$@co.uk>
	<AANLkTinrgrUqQbLx-9tAkUm5fdK4ezjrUM-bEdN6gfJY@mail.gmail.com>
Message-ID: <4CB8804A.3000205@nanogherkin.com>

Martin,

However that might not play out quite as well as just letting them shoot 
themselves in the foot - if you put a "stealth" MS box in front of 
Exchange, then management would just think that the Microsoft stuff did 
just as well as the old Linux software. It might be better to explain it 
should be tested with and without the Mailscanner solution as a 
comparison. However if Nigel is leaving, why not just let them fight 
their own war!

Nigel, I presumed you pointed out that in addition to the ?16k for 
exchange they would need something to stem the spam-flow, and given 
their need for "a throat to squeeze" (the usual reason) it would 
probably be commercial?

Using SPF, Greylisting and MS I think I'd guess we're blocking 99.5-ish% 
of all spam and the of the remaining .5%, a good three-quarters is 
getting 6 SA points or more. I'm almost getting confident enough to drop 
the "high-scoring SPAM" level down and also the marking threshold. Does 
anyone have any figures (rough or otherwise) or experiences about such 
adjustments (I was thinking to take high-score to 8 and marking as 
possible spam down to 5 or even 4).

BTW, after deploying SPF checks I was shocked to find at least one major 
UK and international finance house has a badly configured SPF record (ie 
not all outbound sources in the record, and a "-all" rule ending.) As a 
hint their "old" (sensible) name suggests they hail from somewhere east 
of Peterborough.

Cheers

Alex

On 15/10/10 11:28, Martin Hepworth wrote:
>
> Nigel
>
> so keep MS infront of the scary M$-Exchange stuff so keep all the bad 
> stuff off the email servers. be interesting to see how much spam/cost 
> a commercial version does. (hey if the want commercials there's always 
> FSL;-)
>
> -- 
> Martin Hepworth
> Oxford, UK
>
>
> On 15 October 2010 09:14, Nigel Kendrick 
> <support-lists@petdoctors.co.uk 
> <mailto:support-lists@petdoctors.co.uk>> wrote:
>
>     Sadly I may be going off list too. Not that I want to, but our
>     company was bought out and the new owners find Linux 'scary stuff'
>     and so they have decided to take our 3 main Linux mail platforms
>     and move them to their comfort zone (MS Exchange) - I estimate
>     that's ?16K in client licences for Exchange alone! Don't ask - I
>     have briefed them, drawn up a cost benefit analysis and encouraged
>     them to do a SWOT analysis on our whole, extensive, Linux
>     infrastructure but they cannot get the Board out of the 'Microsoft
>     or bust' mentality.
>
>     It's a great shame as MailScanner is a great app and the List is
>     full of great, helpful people. The only saving grace is that I am
>     moving to a hi-tech electronics/comms company as IT Manager and
>     they are already heavily into Linux for in-house apps and as the
>     core of one of their products and one of my first tasks is
>     evaluate their creaking IT infrastructure so their Exchange server
>     is up for a fitness review!
>
>     Two weeks to go as I watch the empire around me crumble!
>
>     Keep up the good work and I'll see you all somewhere else.
>
>     Nigel Kendrick
>
>
>
>     --
>     MailScanner mailing list
>     mailscanner@lists.mailscanner.info
>     <mailto:mailscanner@lists.mailscanner.info>
>     http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>     Before posting, read http://wiki.mailscanner.info/posting
>
>     Support MailScanner development - buy the book off the website!
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101015/bb0658a4/attachment.html
From v.matys at grumpa.net  Fri Oct 15 19:40:03 2010
From: v.matys at grumpa.net (Viktor Matys)
Date: Fri Oct 15 19:40:16 2010
Subject: milter headres leads to "Loop condition"
Message-ID: <4CB8A003.4040701@grumpa.net>

Helo,

I have problem with milters clamav and spamd. Both when adds their 
headers in checked e-mail cause an error message in mail.log:

p record handling: Loop condition found, aborting file.

I use postfix, so the queue files rest in hold queue directory. 
MailScanner tries to read it again and produces the same situation 
again. So mail.log is full of previously mentioned messages. I have to 
delete those messages by myself...

ClamAV milter causes it always. So I disabled to add headers in e-mail 
to ClamAV milter.

SpamD milter causes it ramdomly. There is impossibile to disable adding 
headers - it would lead to disfunctioning of the milter.

I have MailScanner ver.  4.74 on Debian Lenny. I found the error message 
in file Postfix.pm. This error message appears 4 times in this file. The 
mentioned one is the second appearance.

Three examples of blocking queue files you can see here:

http://host1.grumpa.net/ms-probs/

Would somebody help?

Thanks Viktor Matys

From glenn.steen at gmail.com  Fri Oct 15 20:13:34 2010
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri Oct 15 20:13:44 2010
Subject: milter headres leads to "Loop condition"
In-Reply-To: <4CB8A003.4040701@grumpa.net>
References: <4CB8A003.4040701@grumpa.net>
Message-ID: <AANLkTinrKWr-NsySq+F+1b_dU62k1=8YnUpZ4ExXfXq-@mail.gmail.com>

hi viktor

that is my code, unfortunately...:)

i'm out with the flu, so can't say when i can take a look at it.
Disable all milters for now. You can, of course, upgrade, but i'm not
sure that that would help.

On 15/10/2010, Viktor Matys <v.matys@grumpa.net> wrote:
> Helo,
>
> I have problem with milters clamav and spamd. Both when adds their
> headers in checked e-mail cause an error message in mail.log:
>
> p record handling: Loop condition found, aborting file.
>
> I use postfix, so the queue files rest in hold queue directory.
> MailScanner tries to read it again and produces the same situation
> again. So mail.log is full of previously mentioned messages. I have to
> delete those messages by myself...
>
> ClamAV milter causes it always. So I disabled to add headers in e-mail
> to ClamAV milter.
>
> SpamD milter causes it ramdomly. There is impossibile to disable adding
> headers - it would lead to disfunctioning of the milter.
>
> I have MailScanner ver.  4.74 on Debian Lenny. I found the error message
> in file Postfix.pm. This error message appears 4 times in this file. The
> mentioned one is the second appearance.
>
> Three examples of blocking queue files you can see here:
>
> http://host1.grumpa.net/ms-probs/
>
> Would somebody help?
>
> Thanks Viktor Matys
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>


-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From alex at rtpty.com  Fri Oct 15 20:23:20 2010
From: alex at rtpty.com (Alex Neuman)
Date: Fri Oct 15 20:23:36 2010
Subject: Way OT: Shameless Plug
Message-ID: <C87A4CBC-8B20-4439-8424-841D98161E0B@rtpty.com>

Hi guys,

I've been nominated for the Panama Twitter Awards - tech section - under @AlexNeuman.

I'd really appreciate it if any of you who's on Twitter might add me and visit http://panamatwitterawards.com/ to vote for me.

Thanks in advance!

Cheers,

Alex
From jacolange at gmail.com  Sat Oct 16 12:46:50 2010
From: jacolange at gmail.com (Jaco Lange)
Date: Sat Oct 16 12:47:00 2010
Subject: Maximum Message Size = %rules-dir%/max.message.size.rules ruleset
 does not work
Message-ID: <AANLkTimhNrnz-KyVWmx+nDEgOR8SnDqUgUk3VaFFE+Rp@mail.gmail.com>

Hi Everyone

I looked everywhere and could only find a post from another user that
is having the sames issue with no solution.

The problem is as follow. MailScanner ignores the Maximum Message Size
parameter, or there is some error somewhere and I am missing it.

the contents of the %rules-dir%/max.message.size.rules is a follow:


[root@mailscanner rules]# cat max.message.size.rules
To:???????????? *@receivingdomain.com?????? 1024
FromOrTo:?????? default???????????????????????? 1394606

If I sent a message to user@mydomain.com larger than 1024 bytes it get
delivered.

If I remove the ruleset and put the following in
Maximum Message Size = 1024

then also does not block the email.
I have run MailScanner in debug mode and could not see any errors

here is the log for the mail in question

Oct 16 07:38:10 mailscanner MailScanner[23746]: MailScanner E-Mail
Virus Scanner version 4.81.4 starting...
Oct 16 07:38:10 mailscanner MailScanner[23746]: Reading configuration
file /etc/MailScanner/MailScanner.conf
Oct 16 07:38:10 mailscanner MailScanner[23746]: Reading configuration
file /etc/MailScanner/conf.d/README
Oct 16 07:38:10 mailscanner MailScanner[23746]: Config: calling custom
init function MailWatchLogging
Oct 16 07:38:10 mailscanner MailScanner[23746]: Started SQL Logging child
Oct 16 07:38:10 mailscanner MailScanner[23746]: Using SpamAssassin results cache
Oct 16 07:38:10 mailscanner MailScanner[23746]: Connected to
SpamAssassin cache database
Oct 16 07:38:10 mailscanner MailScanner[23746]: Enabling SpamAssassin
auto-whitelist functionality...
Oct 16 07:38:19 mailscanner MailScanner[23746]: Connected to
Processing Attempts Database
Oct 16 07:38:19 mailscanner MailScanner[23746]: Found 0 messages in
the Processing Attempts Database
Oct 16 07:38:19 mailscanner MailScanner[23746]: lock.pl sees Config
LockType =? posix
Oct 16 07:38:19 mailscanner MailScanner[23746]: lock.pl sees have_module =? 0
Oct 16 07:38:19 mailscanner MailScanner[23746]: Using locktype = posix
Oct 16 07:38:26 mailscanner update.virus.scanners: Found clamav installed
Oct 16 07:38:26 mailscanner update.virus.scanners: Running autoupdate for clamav
Oct 16 07:38:26 mailscanner ClamAV-autoupdate[23825]: ClamAV updated
Oct 16 07:38:26 mailscanner update.virus.scanners: Found generic installed
Oct 16 07:38:26 mailscanner update.virus.scanners: Running autoupdate
for generic
Oct 16 07:38:46 mailscanner sendmail[24000]: o9G5ckDe024000:
from=<user@sedingdomain.com>, size=1878332, class=0, nrcpts=1,
msgid=<4CB95679020000AF000423E0@email.sedingdomain.net>, proto=ESMTP,
daemon=MTA, relay=email.sedingdomain.net [192.168.10.12]
Oct 16 07:38:49 mailscanner MailScanner[23746]: New Batch: Scanning 1
messages, 1878851 bytes
Oct 16 07:38:49 mailscanner MailScanner[23746]: Created attachment
dirs for 1 messages
Oct 16 07:38:49 mailscanner MailScanner[23746]: Looked up unknown
string nonpasswordedarchive in language translation file
/etc/MailScanner/reports/en/languages.conf
Oct 16 07:38:49 mailscanner MailScanner[23746]: Completed checking by
/usr/bin/file
Oct 16 07:38:49 mailscanner MailScanner[23746]: Virus and Content
Scanning: Starting
Oct 16 07:38:49 mailscanner MailScanner[23746]: Commencing scanning by clamav...
Oct 16 07:38:54 mailscanner MailScanner[23746]: Completed scanning by clamav
Oct 16 07:38:54 mailscanner MailScanner[23746]: Virus Scanning
completed at 348208 bytes per second
Oct 16 07:38:54 mailscanner MailScanner[23746]: Spam Checks: Starting
Oct 16 07:38:54 mailscanner MailScanner[23746]: Message o9G5ckDe024000
from 192.168.10.12 (user@sedingdomain.com) to receivingdomain.com is
too big for spam checks (1878851 > 500000 bytes)
Oct 16 07:38:54 mailscanner MailScanner[23746]: About to deliver 1 messages
Oct 16 07:38:54 mailscanner MailScanner[23746]: Uninfected: Delivered 1 messages
Oct 16 07:38:54 mailscanner MailScanner[23746]: Deleted 1 messages
from processing-database
Oct 16 07:38:54 mailscanner MailScanner[23746]: Batch completed at
345531 bytes per second (1878851 / 5)
Oct 16 07:38:54 mailscanner MailScanner[23746]: Batch (1 message)
processed in 5.44 seconds
Oct 16 07:38:54 mailscanner MailScanner[23746]: Logging message
o9G5ckDe024000 to SQL
Oct 16 07:38:54 mailscanner MailScanner[23746]: "Always Looked Up
Last" took 0.00 seconds
Oct 16 07:38:54 mailscanner MailScanner[23746]: Config: calling custom
end function MailWatchLogging
Oct 16 07:38:54 mailscanner MailScanner[23746]: MailScanner child
dying of old age
>From user@sedingdomain.com? Sat Oct 16 07:38:54 2010
?Subject: Fwd: Why women need flowers
? Folder: /var/mail/user??????????????????????????????????????????????? 1878863
Oct 16 07:38:54 mailscanner sendmail[24021]: o9G5ckDe024000:
to=<user@receivingdomain.com>, delay=00:00:08, xdelay=00:00:00,
mailer=local, pri=1998332, dsn=2.0.0, stat=Sent
Oct 16 07:38:54 mailscanner sendmail[24021]: o9G5ckDe024000:
o9G5csjp024021: DSN: Return receipt
Oct 16 07:38:54 mailscanner sendmail[24021]: o9G5csjp024021:
to=<user@sedingdomain.com>, delay=00:00:00, xdelay=00:00:00,
mailer=smtp, pri=30000, relay=[192.168.10.12] [192.168.10.12],
dsn=2.0.0, stat=Sent (Ok)


Other rules is working like the spam.blacklist.rules and spam.whitelist.rules


Many thanks
Jaco
From hvdkooij at vanderkooij.org  Sun Oct 17 15:52:23 2010
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Sun Oct 17 15:52:29 2010
Subject: Maximum Message Size = %rules-dir%/max.message.size.rules
 ruleset does not work
In-Reply-To: <AANLkTimhNrnz-KyVWmx+nDEgOR8SnDqUgUk3VaFFE+Rp@mail.gmail.com>
References: <AANLkTimhNrnz-KyVWmx+nDEgOR8SnDqUgUk3VaFFE+Rp@mail.gmail.com>
Message-ID: <4CBB0DA7.2020205@vanderkooij.org>

On 16/10/10 13:46, Jaco Lange wrote:
> Hi Everyone
> 
> I looked everywhere and could only find a post from another user that
> is having the sames issue with no solution.
> 
> The problem is as follow. MailScanner ignores the Maximum Message Size
> parameter, or there is some error somewhere and I am missing it.
> 
> the contents of the %rules-dir%/max.message.size.rules is a follow:
> 
> 
> [root@mailscanner rules]# cat max.message.size.rules
> To:             *@receivingdomain.com       1024
> FromOrTo:       default                         1394606
> 
> If I sent a message to user@mydomain.com larger than 1024 bytes it get
> delivered.

mydomain != receivingdomain.com

So it is handled by the default rule there.

Hugo.

-- 
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
From jacolange at gmail.com  Sun Oct 17 17:48:59 2010
From: jacolange at gmail.com (Jaco Lange)
Date: Sun Oct 17 17:54:40 2010
Subject: Maximum Message Size = %rules-dir%/max.message.size.rules
	ruleset does not work
In-Reply-To: <4CBB0DA7.2020205@vanderkooij.org>
References: <AANLkTimhNrnz-KyVWmx+nDEgOR8SnDqUgUk3VaFFE+Rp@mail.gmail.com>
	<4CBB0DA7.2020205@vanderkooij.org>
Message-ID: <3989746B-9983-4B4D-B77A-D6642C978F91@gmail.com>

Sorry I made a mistake in 1st post 

>> I sent a message to user@receivingdomain.com larger than 1024 bytes it get
>> delivered.



On Oct 17, 2010, at 4:52 PM, Hugo van der Kooij <hvdkooij@vanderkooij.org> wrote:

> On 16/10/10 13:46, Jaco Lange wrote:
>> Hi Everyone
>> 
>> I looked everywhere and could only find a post from another user that
>> is having the sames issue with no solution.
>> 
>> The problem is as follow. MailScanner ignores the Maximum Message Size
>> parameter, or there is some error somewhere and I am missing it.
>> 
>> the contents of the %rules-dir%/max.message.size.rules is a follow:
>> 
>> 
>> [root@mailscanner rules]# cat max.message.size.rules
>> To:             *@receivingdomain.com       1024
>> FromOrTo:       default                         1394606
>> 
>> If I sent a message to user@mydomain.com larger than 1024 bytes it get
>> delivered.
> 
> mydomain != receivingdomain.com
> 
> So it is handled by the default rule there.
> 
> Hugo.
> 
> -- 
> hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
From support-lists at petdoctors.co.uk  Tue Oct 19 13:43:13 2010
From: support-lists at petdoctors.co.uk (Nigel Kendrick)
Date: Tue Oct 19 13:47:21 2010
Subject: The Exchange takeover, stealth Mailscanner, SPF,
	and other thoughts. Subj was: Re: help me
In-Reply-To: <4CB8804A.3000205@nanogherkin.com>
References: <63314.96569.qm@web53105.mail.re2.yahoo.com>	<4CB75B68.8080509@pacific.net>	<4065302081009288933@unknownmsgid>	<006b01cb6c40$f1f23440$d5d69cc0$@co.uk>	<AANLkTinrgrUqQbLx-9tAkUm5fdK4ezjrUM-bEdN6gfJY@mail.gmail.com>
	<4CB8804A.3000205@nanogherkin.com>
Message-ID: <020201cb6f8b$3b16d340$b14479c0$@co.uk>

Reply below

 

From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Crow
Sent: 15 October 2010 17:25
To: mailscanner@lists.mailscanner.info
Subject: The Exchange takeover, stealth Mailscanner, SPF, and other
thoughts. Subj was: Re: help me

 

Martin,

However that might not play out quite as well as just letting them shoot
themselves in the foot - if you put a "stealth" MS box in front of Exchange,
then management would just think that the Microsoft stuff did just as well
as the old Linux software. It might be better to explain it should be tested
with and without the Mailscanner solution as a comparison. However if Nigel
is leaving, why not just let them fight their own war!



--> Yes, they can make their own plans now.

 

Nigel, I presumed you pointed out that in addition to the ?16k for exchange
they would need something to stem the spam-flow, and given their need for "a
throat to squeeze" (the usual reason) it would probably be commercial?



--> Company motto seems to be ?If there?s two comparable ways to do
something, pick the most expensive.?  As well as the email fiasco...

 

  1)  They are currently ripping out our ADSL lines/VPNs to replace them
with a BT managed ?cloud? system.  Not only are the links more expensive and
in some cases slower (we have some sites running 20Mbit/2.5Mbit LLU that are
going back to 8Mbit/883K), but they have to pay an annual support charge and
submit a request for any router config changes.

 

2) They need to ?move? a central server to from my offices to their HQ ? so
they buy a second, identical server (Dell 6850 rackmount with 4 Quad core
Pentiums, 16GB RAM and 300GB RAID 5 SAS (3 disks)) and someone is going to
do a data dump this weekend and drive it up. There would be no problems with
the downtime, but for some reason I have no inclination of questioning, they
aren?t just going to backup this server, shut it down and take it with them.


[Snip]

 

Cheers

Alex




 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101019/01d66e02/attachment.html
From peter at farrows.org  Tue Oct 19 14:00:07 2010
From: peter at farrows.org (Peter Farrow)
Date: Tue Oct 19 14:00:19 2010
Subject: The Exchange takeover, stealth Mailscanner, SPF,
 and other thoughts. Subj was: Re: help me
In-Reply-To: <020201cb6f8b$3b16d340$b14479c0$@co.uk>
References: <63314.96569.qm@web53105.mail.re2.yahoo.com>	<4CB75B68.8080509@pacific.net>	<4065302081009288933@unknownmsgid>	<006b01cb6c40$f1f23440$d5d69cc0$@co.uk>	<AANLkTinrgrUqQbLx-9tAkUm5fdK4ezjrUM-bEdN6gfJY@mail.gmail.com>	<4CB8804A.3000205@nanogherkin.com>
	<020201cb6f8b$3b16d340$b14479c0$@co.uk>
Message-ID: <4CBD9657.9040001@farrows.org>

  On 19/10/2010 13:43, Nigel Kendrick wrote:
>
> Reply below
>
> *From:* mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of 
> *Alex Crow
> *Sent:* 15 October 2010 17:25
> *To:* mailscanner@lists.mailscanner.info
> *Subject:* The Exchange takeover, stealth Mailscanner, SPF, and other 
> thoughts. Subj was: Re: help me
>
> Martin,
>
> However that might not play out quite as well as just letting them 
> shoot themselves in the foot - if you put a "stealth" MS box in front 
> of Exchange, then management would just think that the Microsoft stuff 
> did just as well as the old Linux software. It might be better to 
> explain it should be tested with and without the Mailscanner solution 
> as a comparison. However if Nigel is leaving, why not just let them 
> fight their own war!
>
> --> Yes, they can make their own plans now.
>
> Nigel, I presumed you pointed out that in addition to the ?16k for 
> exchange they would need something to stem the spam-flow, and given 
> their need for "a throat to squeeze" (the usual reason) it would 
> probably be commercial?
>
> --> Company motto seems to be "If there's two comparable ways to do 
> something, pick the most expensive."  As well as the email fiasco...
>
>   1)  They are currently ripping out our ADSL lines/VPNs to replace 
> them with a BT managed 'cloud' system.  Not only are the links more 
> expensive and in some cases slower (we have some sites running 
> 20Mbit/2.5Mbit LLU that are going back to 8Mbit/883K), but they have 
> to pay an annual support charge and submit a request for any router 
> config changes.
>
> 2) They need to 'move' a central server to from my offices to their HQ 
> -- so they buy a second, identical server (Dell 6850 rackmount with 4 
> Quad core Pentiums, 16GB RAM and 300GB RAID 5 SAS (3 disks)) and 
> someone is going to do a data dump this weekend and drive it up. There 
> would be no problems with the downtime, but for some reason I have no 
> inclination of questioning, they aren't just going to backup this 
> server, shut it down and take it with them.
>
>
> [Snip]
>
> Cheers
>
> Alex
>
>
Obviously they have cash to burn, and the BT "cloud" they are selling at 
8M/832k is based on the ANCIENT ipstream technology which forms the 
original ADSL1.0 offering in the UK 10 years ago.  Your LLU services are 
based on ADSL2+ so you are going to be taking a HUGE step backwards and 
paying handsomely for the "privilege".

I very much hope they are fluent in punjabi-english and don't want 
anything done properly or quickly, because when you need a change you'll 
be speaking to someone on the sub continent who doesn't even know where 
London is.

This is a laughable, and its usually based on some empire-building moron 
stacking up responsibility in his own office at the companies expense 
and at the expense of performance and progress....

Time to leave...  as your counterparts shovel ?50 notes on the fire to 
keep warm....

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101019/15a5bfac/attachment.html
From maxsec at gmail.com  Tue Oct 19 16:10:26 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Tue Oct 19 16:10:38 2010
Subject: The Exchange takeover, stealth Mailscanner, SPF, and other
 thoughts. Subj was: Re: help me
In-Reply-To: <4CBD9657.9040001@farrows.org>
References: <63314.96569.qm@web53105.mail.re2.yahoo.com>
	<4CB75B68.8080509@pacific.net> <4065302081009288933@unknownmsgid>
	<006b01cb6c40$f1f23440$d5d69cc0$@co.uk>
	<AANLkTinrgrUqQbLx-9tAkUm5fdK4ezjrUM-bEdN6gfJY@mail.gmail.com>
	<4CB8804A.3000205@nanogherkin.com>
	<020201cb6f8b$3b16d340$b14479c0$@co.uk>
	<4CBD9657.9040001@farrows.org>
Message-ID: <AANLkTinOarUdHMT4EDW7W4JvY3CWEMsNAuS6g_kuQTOX@mail.gmail.com>

Was in a similar position two years ago.....they are struggling along with
the similar issues, suddenly spending HUGE amounts on IT etc


-- 
Martin Hepworth
Oxford, UK


On 19 October 2010 14:00, Peter Farrow <peter@farrows.org> wrote:

>  On 19/10/2010 13:43, Nigel Kendrick wrote:
>
>  Reply below
>
>
>
> *From:* mailscanner-bounces@lists.mailscanner.info [
> mailto:mailscanner-bounces@lists.mailscanner.info<mailscanner-bounces@lists.mailscanner.info>]
> *On Behalf Of *Alex Crow
> *Sent:* 15 October 2010 17:25
> *To:* mailscanner@lists.mailscanner.info
> *Subject:* The Exchange takeover, stealth Mailscanner, SPF, and other
> thoughts. Subj was: Re: help me
>
>
>
> Martin,
>
> However that might not play out quite as well as just letting them shoot
> themselves in the foot - if you put a "stealth" MS box in front of Exchange,
> then management would just think that the Microsoft stuff did just as well
> as the old Linux software. It might be better to explain it should be tested
> with and without the Mailscanner solution as a comparison. However if Nigel
> is leaving, why not just let them fight their own war!
>
>  --> Yes, they can make their own plans now.
>
>
>
> Nigel, I presumed you pointed out that in addition to the ?16k for exchange
> they would need something to stem the spam-flow, and given their need for "a
> throat to squeeze" (the usual reason) it would probably be commercial?
>
>  --> Company motto seems to be ?If there?s two comparable ways to do
> something, pick the most expensive.?  As well as the email fiasco...
>
>
>
>   1)  They are currently ripping out our ADSL lines/VPNs to replace them
> with a BT managed ?cloud? system.  Not only are the links more expensive and
> in some cases slower (we have some sites running 20Mbit/2.5Mbit LLU that are
> going back to 8Mbit/883K), but they have to pay an annual support charge and
> submit a request for any router config changes.
>
>
>
> 2) They need to ?move? a central server to from my offices to their HQ ? so
> they buy a second, identical server (Dell 6850 rackmount with 4 Quad core
> Pentiums, 16GB RAM and 300GB RAID 5 SAS (3 disks)) and someone is going to
> do a data dump this weekend and drive it up. There would be no problems with
> the downtime, but for some reason I have no inclination of questioning, they
> aren?t just going to backup this server, shut it down and take it with them.
>
>
> [Snip]
>
>
>
> Cheers
>
> Alex
>
>
>   Obviously they have cash to burn, and the BT "cloud" they are selling at
> 8M/832k is based on the ANCIENT ipstream technology which forms the original
> ADSL1.0 offering in the UK 10 years ago.  Your LLU services are based on
> ADSL2+ so you are going to be taking a HUGE step backwards and paying
> handsomely for the "privilege".
>
> I very much hope they are fluent in punjabi-english and don't want anything
> done properly or quickly, because when you need a change you'll be speaking
> to someone on the sub continent who doesn't even know where London is.
>
> This is a laughable, and its usually based on some empire-building moron
> stacking up responsibility in his own office at the companies expense and at
> the expense of performance and progress....
>
> Time to leave...  as your counterparts shovel ?50 notes on the fire to keep
> warm....
>
>
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101019/5eb188be/attachment.html
From alex at nanogherkin.com  Tue Oct 19 17:56:09 2010
From: alex at nanogherkin.com (Alex Crow)
Date: Tue Oct 19 17:56:18 2010
Subject: (OT) Re: The Exchange takeover, stealth Mailscanner, SPF, and other
 thoughts. Subj was: Re: help me
In-Reply-To: <020201cb6f8b$3b16d340$b14479c0$@co.uk>
References: <63314.96569.qm@web53105.mail.re2.yahoo.com>	<4CB75B68.8080509@pacific.net>	<4065302081009288933@unknownmsgid>	<006b01cb6c40$f1f23440$d5d69cc0$@co.uk>	<AANLkTinrgrUqQbLx-9tAkUm5fdK4ezjrUM-bEdN6gfJY@mail.gmail.com>	<4CB8804A.3000205@nanogherkin.com>
	<020201cb6f8b$3b16d340$b14479c0$@co.uk>
Message-ID: <4CBDCDA9.9000805@nanogherkin.com>

On 19/10/10 13:43, Nigel Kendrick wrote:
>
> Reply below
>
> *From:* mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of 
> *Alex Crow
> *Sent:* 15 October 2010 17:25
> *To:* mailscanner@lists.mailscanner.info
> *Subject:* The Exchange takeover, stealth Mailscanner, SPF, and other 
> thoughts. Subj was: Re: help me
>
> Martin,
>
> However that might not play out quite as well as just letting them 
> shoot themselves in the foot - if you put a "stealth" MS box in front 
> of Exchange, then management would just think that the Microsoft stuff 
> did just as well as the old Linux software. It might be better to 
> explain it should be tested with and without the Mailscanner solution 
> as a comparison. However if Nigel is leaving, why not just let them 
> fight their own war!
>
> --> Yes, they can make their own plans now.
>
> Nigel, I presumed you pointed out that in addition to the ?16k for 
> exchange they would need something to stem the spam-flow, and given 
> their need for "a throat to squeeze" (the usual reason) it would 
> probably be commercial?
>
> --> Company motto seems to be "If there's two comparable ways to do 
> something, pick the most expensive."  As well as the email fiasco...
>

Wow - sounds like times I've been temping in the public sector. When you 
have in-house expertise and a cheaper system, don't use the former and 
ignore the latter as /obviously/ the more expensive it is, the better it 
must be.

>   1)  They are currently ripping out our ADSL lines/VPNs to replace 
> them with a BT managed 'cloud' system.  Not only are the links more 
> expensive and in some cases slower (we have some sites running 
> 20Mbit/2.5Mbit LLU that are going back to 8Mbit/883K), but they have 
> to pay an annual support charge and submit a request for any router 
> config changes.
>

Again, very similar to the public sector. I wasn't in IT at the time 
(wanted to be though) and was at the DfEE. I said how BT were 
deliberately holding back evolution of broadband to their own benefit 
(this was 1997/8) and the dept. boss at the time nearly sacked me then 
and there. Despite privatisation they still seemed to be in love with them.

It was only about a day later when one person on the team asked me to 
print and fax said boss all of his emails to his home number - I 
explained it would tie up his phone line all day (about 350 mails) - but 
I was told not to be "insubordinate". The boss guy then complained about 
his phone line being engaged all day and accused me of stupidity, both 
staffers complained to the agency and that was the end of that job. 
Really stung at the time as I needed the money despite the hellish 
environment.

> 2) They need to 'move' a central server to from my offices to their HQ 
> -- so they buy a second, identical server (Dell 6850 rackmount with 4 
> Quad core Pentiums, 16GB RAM and 300GB RAID 5 SAS (3 disks)) and 
> someone is going to do a data dump this weekend and drive it up. There 
> would be no problems with the downtime, but for some reason I have no 
> inclination of questioning, they aren't just going to backup this 
> server, shut it down and take it with them.
>
>

Ah, well. Maybe they want to keep the old one for DR purposes - although 
thinking about that they probably have no clue what DR stands for...

I imagine they will attempt to "save" by replacing you with a nice fresh 
paper-MCSE on about a quarter of your salary. They will find the true 
cost of that the next time excrement meets ventilator.

I am glad my small but thriving financial sees things a little more 
pragmatically - hire good people and give them some freedom and 
opportunity to learn and things can be a lot happier.

Good luck!

Alex



> [Snip]
>
> Cheers
>
> Alex
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101019/8fbaee80/attachment.html
From steve.freegard at fsl.com  Tue Oct 19 18:52:23 2010
From: steve.freegard at fsl.com (Steve Freegard)
Date: Tue Oct 19 18:52:41 2010
Subject: The Exchange takeover, stealth Mailscanner, SPF,
 and other thoughts. Subj was: Re: help me
In-Reply-To: <4CBD9657.9040001@farrows.org>
References: <63314.96569.qm@web53105.mail.re2.yahoo.com>	<4CB75B68.8080509@pacific.net>	<4065302081009288933@unknownmsgid>	<006b01cb6c40$f1f23440$d5d69cc0$@co.uk>	<AANLkTinrgrUqQbLx-9tAkUm5fdK4ezjrUM-bEdN6gfJY@mail.gmail.com>	<4CB8804A.3000205@nanogherkin.com>	<020201cb6f8b$3b16d340$b14479c0$@co.uk>
	<4CBD9657.9040001@farrows.org>
Message-ID: <4CBDDAD7.1090500@fsl.com>

On 19/10/10 14:00, Peter Farrow wrote:
>> 1) They are currently ripping out our ADSL lines/VPNs to replace them
>> with a BT managed ?cloud? system. Not only are the links more
>> expensive and in some cases slower (we have some sites running
>> 20Mbit/2.5Mbit LLU that are going back to 8Mbit/883K), but they have
>> to pay an annual support charge and submit a request for any router
>> config changes.

> Obviously they have cash to burn, and the BT "cloud" they are selling at
> 8M/832k is based on the ANCIENT ipstream technology which forms the
> original ADSL1.0 offering in the UK 10 years ago. Your LLU services are
> based on ADSL2+ so you are going to be taking a HUGE step backwards and
> paying handsomely for the "privilege".

Actually this sounds like BT Metro/IPClear which is a MPLS VPN solution 
that I used at my previous job.  Like you say - it's using the 'old' 
ADSL infrastructure but offers things that aren't possible using regular 
DSL lines e.g. it's a DSL line that's delivered into your own private 
MPLS cloud offering inter-office connectivity without the overhead of 
individual VPN tunnels between the offices (as this is handled by MPLS) 
along with 'centralised' internet access through a nominated central 
office.  You can also add proper QoS throughout the cloud too and add 
extra offices and DR sites easily.  So it does offer quite a bit of 
extra functionality - but it's all at significant cost and management 
overhead.

> This is a laughable, and its usually based on some empire-building moron
> stacking up responsibility in his own office at the companies expense
> and at the expense of performance and progress....

100% agree with that.

> Time to leave... as your counterparts shovel ?50 notes on the fire to
> keep warm....

Yeah; good luck with whatever you're going on to do.  I'm local to you 
(Tangmere) so if you send me your details I'll try and pass on any 
relevant work to you if I am able.

Cheers,
Steve.
From support-lists at petdoctors.co.uk  Wed Oct 20 09:10:10 2010
From: support-lists at petdoctors.co.uk (Nigel Kendrick)
Date: Wed Oct 20 09:13:11 2010
Subject: The Exchange takeover, stealth Mailscanner, SPF,
	and other thoughts. Subj was: Re: help me
In-Reply-To: <4CBDDAD7.1090500@fsl.com>
References: <63314.96569.qm@web53105.mail.re2.yahoo.com>	<4CB75B68.8080509@pacific.net>	<4065302081009288933@unknownmsgid>	<006b01cb6c40$f1f23440$d5d69cc0$@co.uk>	<AANLkTinrgrUqQbLx-9tAkUm5fdK4ezjrUM-bEdN6gfJY@mail.gmail.com>	<4CB8804A.3000205@nanogherkin.com>	<020201cb6f8b$3b16d340$b14479c0$@co.uk>	<4CBD9657.9040001@farrows.org>
	<4CBDDAD7.1090500@fsl.com>
Message-ID: <009101cb702e$3b36e150$b1a4a3f0$@co.uk>

Thanks to everyone for all the thoughts and comments. Happy to say my new
job is lined up and I start as IT Manager on 1st Nov. I'll re-subscribe to
this list from my new email address and keep lurking at least.

Steve: Thanks for the comments. I live 'just down the road' at Walberton but
my new job is as a salaried IT Manager (in Lewes, so a bit of a drive!) so
not much room for any additional work.

I'll unsubscribe from here sometime next week but all the best to everyone
for now.

Nigel Kendrick

From peter at farrows.org  Wed Oct 20 09:29:32 2010
From: peter at farrows.org (Peter Farrow)
Date: Wed Oct 20 09:29:40 2010
Subject: The Exchange takeover, stealth Mailscanner, SPF,
 and other thoughts. Subj was: Re: help me
In-Reply-To: <009101cb702e$3b36e150$b1a4a3f0$@co.uk>
References: <63314.96569.qm@web53105.mail.re2.yahoo.com>	<4CB75B68.8080509@pacific.net>	<4065302081009288933@unknownmsgid>	<006b01cb6c40$f1f23440$d5d69cc0$@co.uk>	<AANLkTinrgrUqQbLx-9tAkUm5fdK4ezjrUM-bEdN6gfJY@mail.gmail.com>	<4CB8804A.3000205@nanogherkin.com>	<020201cb6f8b$3b16d340$b14479c0$@co.uk>	<4CBD9657.9040001@farrows.org>	<4CBDDAD7.1090500@fsl.com>
	<009101cb702e$3b36e150$b1a4a3f0$@co.uk>
Message-ID: <4CBEA86C.3000703@farrows.org>

On 20/10/2010 09:10, Nigel Kendrick wrote:
> Thanks to everyone for all the thoughts and comments. Happy to say my new
> job is lined up and I start as IT Manager on 1st Nov. I'll re-subscribe to
> this list from my new email address and keep lurking at least.
>
> Steve: Thanks for the comments. I live 'just down the road' at Walberton but
> my new job is as a salaried IT Manager (in Lewes, so a bit of a drive!) so
> not much room for any additional work.
>
> I'll unsubscribe from here sometime next week but all the best to everyone
> for now.
>
> Nigel Kendrick
>
Dear Nigel,

Good luck in your new job, hope everything goes well!

Pete


From simonmjones at gmail.com  Wed Oct 20 13:49:38 2010
From: simonmjones at gmail.com (Simon Jones)
Date: Wed Oct 20 13:49:48 2010
Subject: RCVD_NUMERIC_HELO
Message-ID: <AANLkTi=cC16iXmo4Wu8cUXg6hG8ZM2ZujBn4ZdAMzd9M@mail.gmail.com>

Hello folks,

I'm generating a few false positives with this one, whats the best way
to drop the score for it?
From raubvogel at gmail.com  Wed Oct 20 14:05:14 2010
From: raubvogel at gmail.com (Mauricio Tavares)
Date: Wed Oct 20 14:00:47 2010
Subject: RCVD_NUMERIC_HELO
In-Reply-To: <AANLkTi=cC16iXmo4Wu8cUXg6hG8ZM2ZujBn4ZdAMzd9M@mail.gmail.com>
References: <AANLkTi=cC16iXmo4Wu8cUXg6hG8ZM2ZujBn4ZdAMzd9M@mail.gmail.com>
Message-ID: <4CBEE90A.10108@gmail.com>

On 10/20/2010 08:49 AM, Simon Jones wrote:
> Hello folks,
>
> I'm generating a few false positives with this one, whats the best way
> to drop the score for it?

	What I do is go to /etc/MailScanner/spam.assassin.prefs.conf and add a 
score entry there with the value you want, like

score RCVD_NUMERIC_HELO        0.900
From alex at rtpty.com  Wed Oct 20 14:01:01 2010
From: alex at rtpty.com (Alex Neuman)
Date: Wed Oct 20 14:02:06 2010
Subject: RCVD_NUMERIC_HELO
Message-ID: <1581070239-1287579712-cardhu_decombobulator_blackberry.rim.net-1630029689-@bda478.bisx.prod.on.blackberry>

Put score RULE 0 in local.cf 
------Original Message------
From: Simon Jones
Sender: mailscanner-bounces@lists.mailscanner.info
To: MailScanner discussion
ReplyTo: MailScanner discussion
Subject: RCVD_NUMERIC_HELO
Sent: Oct 20, 2010 7:49 AM

Hello folks,

I'm generating a few false positives with this one, whats the best way
to drop the score for it?
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


-- 
Alex Neuman van der Hans
Reliant Technologies
+507 6781-9505
+507 832-6725
+1-440-253-9789 (USA)

Recuerda visitar http://vidadigital.com.pa/ 

BB PIN 20EA17C5
Twitter: @AlexNeuman - @VidaDigitalTV
http://facebook.com/vidadigital
Skype: alexneuman
From alex at rtpty.com  Wed Oct 20 14:04:46 2010
From: alex at rtpty.com (Alex Neuman)
Date: Wed Oct 20 14:05:57 2010
Subject: RCVD_NUMERIC_HELO
In-Reply-To: <4CBEE90A.10108@gmail.com>
References: <AANLkTi=cC16iXmo4Wu8cUXg6hG8ZM2ZujBn4ZdAMzd9M@mail.gmail.com><4CBEE90A.10108@gmail.com>
Message-ID: <821428651-1287579939-cardhu_decombobulator_blackberry.rim.net-50295635-@bda478.bisx.prod.on.blackberry>

Using local.cf is more "kosher". 
-- 
Alex Neuman van der Hans
Reliant Technologies
+507 6781-9505
+507 832-6725
+1-440-253-9789 (USA)

Recuerda visitar http://vidadigital.com.pa/ 

BB PIN 20EA17C5
Twitter: @AlexNeuman - @VidaDigitalTV
http://facebook.com/vidadigital
Skype: alexneuman

-----Original Message-----
From: Mauricio Tavares <raubvogel@gmail.com>
Sender: mailscanner-bounces@lists.mailscanner.info
Date: Wed, 20 Oct 2010 09:05:14 
To: <mailscanner@lists.mailscanner.info>
Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Subject: Re: RCVD_NUMERIC_HELO

On 10/20/2010 08:49 AM, Simon Jones wrote:
> Hello folks,
>
> I'm generating a few false positives with this one, whats the best way
> to drop the score for it?

	What I do is go to /etc/MailScanner/spam.assassin.prefs.conf and add a 
score entry there with the value you want, like

score RCVD_NUMERIC_HELO        0.900
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From simonmjones at gmail.com  Wed Oct 20 14:25:33 2010
From: simonmjones at gmail.com (Simon Jones)
Date: Wed Oct 20 14:25:43 2010
Subject: RCVD_NUMERIC_HELO
In-Reply-To: <4CBEE90A.10108@gmail.com>
References: <AANLkTi=cC16iXmo4Wu8cUXg6hG8ZM2ZujBn4ZdAMzd9M@mail.gmail.com>
	<4CBEE90A.10108@gmail.com>
Message-ID: <AANLkTin8CyrEeq9=_rKpz+7fQ=GKaw3d0u6WFMYF1NGt@mail.gmail.com>

On 20 October 2010 14:05, Mauricio Tavares <raubvogel@gmail.com> wrote:
> On 10/20/2010 08:49 AM, Simon Jones wrote:
>>
>> Hello folks,
>>
>> I'm generating a few false positives with this one, whats the best way
>> to drop the score for it?
>
> ? ? ? ?What I do is go to /etc/MailScanner/spam.assassin.prefs.conf and add
> a score entry there with the value you want, like
>
> score RCVD_NUMERIC_HELO ? ? ? ?0.900
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

Awesome, thanks man - do i need to reboot for the change to become active?

Si
From raubvogel at gmail.com  Wed Oct 20 14:33:43 2010
From: raubvogel at gmail.com (Mauricio Tavares)
Date: Wed Oct 20 14:29:15 2010
Subject: RCVD_NUMERIC_HELO
In-Reply-To: <821428651-1287579939-cardhu_decombobulator_blackberry.rim.net-50295635-@bda478.bisx.prod.on.blackberry>
References: <AANLkTi=cC16iXmo4Wu8cUXg6hG8ZM2ZujBn4ZdAMzd9M@mail.gmail.com><4CBEE90A.10108@gmail.com>
	<821428651-1287579939-cardhu_decombobulator_blackberry.rim.net-50295635-@bda478.bisx.prod.on.blackberry>
Message-ID: <4CBEEFB7.1040301@gmail.com>

On 10/20/2010 09:04 AM, Alex Neuman wrote:
> Using local.cf is more "kosher".
>
	And the reason would be that local.cf is read by both spamassassin when 
it is being run by itself and by mailscanner?
From alex at rtpty.com  Wed Oct 20 14:33:08 2010
From: alex at rtpty.com (Alex Neuman)
Date: Wed Oct 20 14:34:17 2010
Subject: RCVD_NUMERIC_HELO
In-Reply-To: <AANLkTin8CyrEeq9=_rKpz+7fQ=GKaw3d0u6WFMYF1NGt@mail.gmail.com>
References: <AANLkTi=cC16iXmo4Wu8cUXg6hG8ZM2ZujBn4ZdAMzd9M@mail.gmail.com><4CBEE90A.10108@gmail.com><AANLkTin8CyrEeq9=_rKpz+7fQ=GKaw3d0u6WFMYF1NGt@mail.gmail.com>
Message-ID: <1565333797-1287581641-cardhu_decombobulator_blackberry.rim.net-1027658575-@bda478.bisx.prod.on.blackberry>

service MailScanner reload should do it - or wait a couple of hours. 
-- 
Alex Neuman van der Hans
Reliant Technologies
+507 6781-9505
+507 832-6725
+1-440-253-9789 (USA)

Recuerda visitar http://vidadigital.com.pa/ 

BB PIN 20EA17C5
Twitter: @AlexNeuman - @VidaDigitalTV
http://facebook.com/vidadigital
Skype: alexneuman

-----Original Message-----
From: Simon Jones <simonmjones@gmail.com>
Sender: mailscanner-bounces@lists.mailscanner.info
Date: Wed, 20 Oct 2010 14:25:33 
To: MailScanner discussion<mailscanner@lists.mailscanner.info>
Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Subject: Re: RCVD_NUMERIC_HELO

On 20 October 2010 14:05, Mauricio Tavares <raubvogel@gmail.com> wrote:
> On 10/20/2010 08:49 AM, Simon Jones wrote:
>>
>> Hello folks,
>>
>> I'm generating a few false positives with this one, whats the best way
>> to drop the score for it?
>
> ? ? ? ?What I do is go to /etc/MailScanner/spam.assassin.prefs.conf and add
> a score entry there with the value you want, like
>
> score RCVD_NUMERIC_HELO ? ? ? ?0.900
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

Awesome, thanks man - do i need to reboot for the change to become active?

Si
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
From alex at rtpty.com  Wed Oct 20 14:33:50 2010
From: alex at rtpty.com (Alex Neuman)
Date: Wed Oct 20 14:35:02 2010
Subject: RCVD_NUMERIC_HELO
In-Reply-To: <4CBEEFB7.1040301@gmail.com>
References: <AANLkTi=cC16iXmo4Wu8cUXg6hG8ZM2ZujBn4ZdAMzd9M@mail.gmail.com><4CBEE90A.10108@gmail.com><821428651-1287579939-cardhu_decombobulator_blackberry.rim.net-50295635-@bda478.bisx.prod.on.blackberry><4CBEEFB7.1040301@gmail.com>
Message-ID: <1665556837-1287581685-cardhu_decombobulator_blackberry.rim.net-937192400-@bda478.bisx.prod.on.blackberry>

And it has less of a chance of being overwritten iirc. 
-- 
Alex Neuman van der Hans
Reliant Technologies
+507 6781-9505
+507 832-6725
+1-440-253-9789 (USA)

Recuerda visitar http://vidadigital.com.pa/ 

BB PIN 20EA17C5
Twitter: @AlexNeuman - @VidaDigitalTV
http://facebook.com/vidadigital
Skype: alexneuman

-----Original Message-----
From: Mauricio Tavares <raubvogel@gmail.com>
Sender: mailscanner-bounces@lists.mailscanner.info
Date: Wed, 20 Oct 2010 09:33:43 
To: MailScanner discussion<mailscanner@lists.mailscanner.info>
Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Subject: Re: RCVD_NUMERIC_HELO

On 10/20/2010 09:04 AM, Alex Neuman wrote:
> Using local.cf is more "kosher".
>
	And the reason would be that local.cf is read by both spamassassin when 
it is being run by itself and by mailscanner?
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From simonmjones at gmail.com  Wed Oct 20 14:58:38 2010
From: simonmjones at gmail.com (Simon Jones)
Date: Wed Oct 20 14:58:48 2010
Subject: RCVD_NUMERIC_HELO
In-Reply-To: <1665556837-1287581685-cardhu_decombobulator_blackberry.rim.net-937192400-@bda478.bisx.prod.on.blackberry>
References: <AANLkTi=cC16iXmo4Wu8cUXg6hG8ZM2ZujBn4ZdAMzd9M@mail.gmail.com>
	<4CBEE90A.10108@gmail.com>
	<821428651-1287579939-cardhu_decombobulator_blackberry.rim.net-50295635-@bda478.bisx.prod.on.blackberry>
	<4CBEEFB7.1040301@gmail.com>
	<1665556837-1287581685-cardhu_decombobulator_blackberry.rim.net-937192400-@bda478.bisx.prod.on.blackberry>
Message-ID: <AANLkTikhoXoEAPqA4hdQT7S0pjAKm2SgfrTs+DS=F3Mj@mail.gmail.com>

On 20 October 2010 14:33, Alex Neuman <alex@rtpty.com> wrote:
> And it has less of a chance of being overwritten iirc.
> --
> Alex Neuman van der Hans
> Reliant Technologies
> +507 6781-9505
> +507 832-6725
> +1-440-253-9789 (USA)
>
> Recuerda visitar http://vidadigital.com.pa/
>
> BB PIN 20EA17C5
> Twitter: @AlexNeuman - @VidaDigitalTV
> http://facebook.com/vidadigital
> Skype: alexneuman
>
> -----Original Message-----
> From: Mauricio Tavares <raubvogel@gmail.com>
> Sender: mailscanner-bounces@lists.mailscanner.info
> Date: Wed, 20 Oct 2010 09:33:43
> To: MailScanner discussion<mailscanner@lists.mailscanner.info>
> Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
> Subject: Re: RCVD_NUMERIC_HELO
>
> On 10/20/2010 09:04 AM, Alex Neuman wrote:
>> Using local.cf is more "kosher".
>>
> ? ? ? ?And the reason would be that local.cf is read by both spamassassin when
> it is being run by itself and by mailscanner?
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

Thanks folks, i changed in  /etc/MailScanner/spam.assassin.prefs.conf
as I have some other custom stuff dealing with spf in there - works a
treat :)
From ngoc5593 at yahoo.com  Thu Oct 21 04:09:10 2010
From: ngoc5593 at yahoo.com (le minh ngoc)
Date: Thu Oct 21 04:09:20 2010
Subject: RCVD_NUMERIC_HELO
In-Reply-To: <1665556837-1287581685-cardhu_decombobulator_blackberry.rim.net-937192400-@bda478.bisx.prod.on.blackberry>
Message-ID: <590297.80591.qm@web53103.mail.re2.yahoo.com>

now and forever, i would not like to receive emails from your forum.

help me. please

--- On Wed, 10/20/10, Alex Neuman <alex@rtpty.com> wrote:

From: Alex Neuman <alex@rtpty.com>
Subject: Re: RCVD_NUMERIC_HELO
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Date: Wednesday, October 20, 2010, 9:33 AM

And it has less of a chance of being overwritten iirc. 
-- 
Alex Neuman van der Hans
Reliant Technologies
+507 6781-9505
+507 832-6725
+1-440-253-9789 (USA)

Recuerda visitar http://vidadigital.com.pa/ 

BB PIN 20EA17C5
Twitter: @AlexNeuman - @VidaDigitalTV
http://facebook.com/vidadigital

Skype: alexneuman

-----Original Message-----
From: Mauricio Tavares <raubvogel@gmail.com>
Sender: mailscanner-bounces@lists.mailscanner.info
Date: Wed, 20 Oct 2010 09:33:43 
To: MailScanner discussion<mailscanner@lists.mailscanner.info>
Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Subject: Re: RCVD_NUMERIC_HELO

On 10/20/2010 09:04 AM, Alex Neuman wrote:
> Using local.cf is more "kosher".
>
??? And the reason would be that local.cf is read by both spamassassin when 
it is being run by itself and by mailscanner?
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner


Before posting, read http://wiki.mailscanner.info/posting


Support MailScanner development - buy the book off the website! 

-----Inline Attachment Follows-----

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101020/964ad2be/attachment.html
From alex at rtpty.com  Thu Oct 21 04:52:55 2010
From: alex at rtpty.com (Alex Neuman)
Date: Thu Oct 21 04:54:05 2010
Subject: RCVD_NUMERIC_HELO
In-Reply-To: <590297.80591.qm@web53103.mail.re2.yahoo.com>
References: <1665556837-1287581685-cardhu_decombobulator_blackberry.rim.net-937192400-@bda478.bisx.prod.on.blackberry><590297.80591.qm@web53103.mail.re2.yahoo.com>
Message-ID: <1189194276-1287633226-cardhu_decombobulator_blackberry.rim.net-1413281392-@bda478.bisx.prod.on.blackberry>

Unsubscribe yourself. 
-- 
Alex Neuman van der Hans
Reliant Technologies
+507 6781-9505
+507 832-6725
+1-440-253-9789 (USA)

Recuerda visitar http://vidadigital.com.pa/ 

BB PIN 20EA17C5
Twitter: @AlexNeuman - @VidaDigitalTV
http://facebook.com/vidadigital
Skype: alexneuman

-----Original Message-----
From: le minh ngoc <ngoc5593@yahoo.com>
Sender: mailscanner-bounces@lists.mailscanner.info
Date: Wed, 20 Oct 2010 20:09:10 
To: MailScanner discussion<mailscanner@lists.mailscanner.info>
Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Subject: Re: RCVD_NUMERIC_HELO

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


From peter at farrows.org  Thu Oct 21 08:44:21 2010
From: peter at farrows.org (Peter Farrow)
Date: Thu Oct 21 08:44:33 2010
Subject: RCVD_NUMERIC_HELO
In-Reply-To: <590297.80591.qm@web53103.mail.re2.yahoo.com>
References: <590297.80591.qm@web53103.mail.re2.yahoo.com>
Message-ID: <4CBFEF55.8000303@farrows.org>

unsubscribe, this is not hard....


On 21/10/2010 04:09, le minh ngoc wrote:
> now and forever, i would not like to receive emails from your forum.
>
> help me. please
>
> --- On *Wed, 10/20/10, Alex Neuman /<alex@rtpty.com>/* wrote:
>
>
>     From: Alex Neuman <alex@rtpty.com>
>     Subject: Re: RCVD_NUMERIC_HELO
>     To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
>     Date: Wednesday, October 20, 2010, 9:33 AM
>
>     And it has less of a chance of being overwritten iirc.
>     -- 
>     Alex Neuman van der Hans
>     Reliant Technologies
>     +507 6781-9505
>     +507 832-6725
>     +1-440-253-9789 (USA)
>
>     Recuerda visitar http://vidadigital.com.pa/
>
>     BB PIN 20EA17C5
>     Twitter: @AlexNeuman - @VidaDigitalTV
>     http://facebook.com/vidadigital <http://facebook.com/vidadigital>
>     Skype: alexneuman
>
>     -----Original Message-----
>     From: Mauricio Tavares <raubvogel@gmail.com
>     </mc/compose?to=raubvogel@gmail.com>>
>     Sender: mailscanner-bounces@lists.mailscanner.info
>     </mc/compose?to=mailscanner-bounces@lists.mailscanner.info>
>     Date: Wed, 20 Oct 2010 09:33:43
>     To: MailScanner discussion<mailscanner@lists.mailscanner.info
>     </mc/compose?to=mailscanner@lists.mailscanner.info>>
>     Reply-To: MailScanner discussion
>     <mailscanner@lists.mailscanner.info
>     </mc/compose?to=mailscanner@lists.mailscanner.info>>
>     Subject: Re: RCVD_NUMERIC_HELO
>
>     On 10/20/2010 09:04 AM, Alex Neuman wrote:
>     > Using local.cf is more "kosher".
>     >
>         And the reason would be that local.cf is read by both
>     spamassassin when
>     it is being run by itself and by mailscanner?
>     -- 
>     MailScanner mailing list
>     mailscanner@lists.mailscanner.info
>     </mc/compose?to=mailscanner@lists.mailscanner.info>
>     http://lists.mailscanner.info/mailman/listinfo/mailscanner
>     <http://lists.mailscanner.info/mailman/listinfo/mailscanner>
>
>     Before posting, read http://wiki.mailscanner.info/posting
>     <http://wiki.mailscanner.info/posting>
>
>     Support MailScanner development - buy the book off the website!
>
>     -----Inline Attachment Follows-----
>
>     -- 
>     MailScanner mailing list
>     mailscanner@lists.mailscanner.info
>     </mc/compose?to=mailscanner@lists.mailscanner.info>
>     http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>     Before posting, read http://wiki.mailscanner.info/posting
>
>     Support MailScanner development - buy the book off the website!
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101021/7286934f/attachment.html
From carola at dicyt.umss.edu.bo  Thu Oct 21 14:24:57 2010
From: carola at dicyt.umss.edu.bo (carola@dicyt.umss.edu.bo)
Date: Thu Oct 21 14:40:22 2010
Subject: .zip files
Message-ID: <4522.192.168.1.164.1287667497.squirrel@www.dicyt.umss.edu.bo>

My MailScanner did not allow pass .zip files in the attachments. I read in
the forum that the solution was to change in MailScanner.conf the

Maximum Archive Depth to 0

That is what I did and now is working perfectly. I am worried, though, for
the security item; does this imply many risks? Am I allowing bad files to
pass? Please, if anybody could give some guidance in this, I would
appreciate it.


Carola


From mwen at f-i-ts.net  Thu Oct 21 15:06:29 2010
From: mwen at f-i-ts.net (Markus Wennrich)
Date: Thu Oct 21 15:06:40 2010
Subject: Virus attachments not replaced with warning text
In-Reply-To: <1532629299.1283351933919.JavaMail.trustmail@fits-stmail1.isp.fits>
References: <4C5BEB05.5050408@ecs.soton.ac.uk>	<AANLkTinoX=hWGyVqENOB_TbPjXATu6AXkRCaPcqd=7e1@mail.gmail.com>	<EMEW3|43fcaa3bd44a7a0d6143f77d7d2bc68fm75BxN0bMailScanner|ecs.soton.ac.uk|4C5BEB05.5050408@ecs.soton.ac.uk>	<AANLkTi=2TFvnRvYFNvPwzWh=PDKsDKQTuU=5iU4gL=7=@mail.gmail.com>
	<1532629299.1283351933919.JavaMail.trustmail@fits-stmail1.isp.fits>
Message-ID: <4CC048E5.9010103@f-i-ts.net>

On 01.09.2010 16:38, Steve wrote:
> On 26 August 2010 15:24, Steve <stratos.td@gmail.com> wrote:
>
> Maybe not...
>
> The Eicar test ZIP file gets replaced with warning message just fine,
> but I've just received a spam with a ZIP that was flagged with
> {Virus?} but attachment was included.

I've got the same problem. eicar-virus get's removed correctly, all
other viruses are tagged as {VirusInfected} but are still beeing delivered.

My current ugly workaround: declare every virus as non-forging:

    Non-Forging Viruses = ./ e/ a/ i/ o/ u/ -/ r/ s/ t

Now all viruses do get removed ...

> Are there any known issues with 4.79.11 that would cause this?

The problem still exists in 4.81.4 ..

Markus

From edward.prendergast at netring.co.uk  Thu Oct 21 16:04:17 2010
From: edward.prendergast at netring.co.uk (Edward Prendergast)
Date: Thu Oct 21 16:02:58 2010
Subject: .zip files
In-Reply-To: <4522.192.168.1.164.1287667497.squirrel@www.dicyt.umss.edu.bo>
References: <4522.192.168.1.164.1287667497.squirrel@www.dicyt.umss.edu.bo>
Message-ID: <4CC05671.4050002@netring.co.uk>

On 21/10/2010 14:24, carola@dicyt.umss.edu.bo wrote:
> My MailScanner did not allow pass .zip files in the attachments. I read in
> the forum that the solution was to change in MailScanner.conf the
>
> Maximum Archive Depth to 0

If this is the same problem we've had reported recently it's probably 
down to a bug in Zip::Archive::Member, see:

https://rt.cpan.org/Public/Bug/Display.html?id=61930

If you are confident to do so and have a setup where you can build perl 
modules (i.e. you use cpan) you can download the latest source from here:

http://search.cpan.org/CPAN/authors/id/A/AD/ADAMK/Archive-Zip-1.30.tar.gz

Then apply the patch in the bug report above, run perl MakeFile.PL && 
make && make install, but do so at your own risk and be aware of using 
cpan in an environment not setup for it (for example RHEL out of the box).

Edward

************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorised. If you are not the intended recipient, any action taken or
omitted to be taken in reliance on it, any form of reproduction,
dissemination, copying, disclosure, modification, distribution and/or
publication of this E-mail message is strictly prohibited and may be
unlawful. If you have received this E-mail message in error, please notify
us immediately. Please also destroy and delete the message from your
computer.
************

From carola at dicyt.umss.edu.bo  Thu Oct 21 16:20:55 2010
From: carola at dicyt.umss.edu.bo (carola@dicyt.umss.edu.bo)
Date: Thu Oct 21 16:37:14 2010
Subject: .zip files
In-Reply-To: <4CC05671.4050002@netring.co.uk>
References: <4522.192.168.1.164.1287667497.squirrel@www.dicyt.umss.edu.bo>
	<4CC05671.4050002@netring.co.uk>
Message-ID: <1082.192.168.1.164.1287674455.squirrel@www.dicyt.umss.edu.bo>

Big thanks Edward for your answer! But I got a little confused, honestly.
I am new here in the list (I subscribed yesterday)so I am not really
familiar yet. You told me that the solution for myself would be to use a
patch...Are we talking about the same thing? ?Cause my inquiry is about
compressed files that are sent as an attach with .zip extension, which
were not allowed to pass for the MailScanner. I already got the solution
but I am worried that this solution could bring me other problems, such as
letting dangerous attachs to pass...


Regards

Carola

> On 21/10/2010 14:24, carola@dicyt.umss.edu.bo wrote:
>> My MailScanner did not allow pass .zip files in the attachments. I read
>> in
>> the forum that the solution was to change in MailScanner.conf the
>>
>> Maximum Archive Depth to 0
>
> If this is the same problem we've had reported recently it's probably
> down to a bug in Zip::Archive::Member, see:
>
> https://rt.cpan.org/Public/Bug/Display.html?id=61930
>
> If you are confident to do so and have a setup where you can build perl
> modules (i.e. you use cpan) you can download the latest source from here:
>
> http://search.cpan.org/CPAN/authors/id/A/AD/ADAMK/Archive-Zip-1.30.tar.gz
>
> Then apply the patch in the bug report above, run perl MakeFile.PL &&
> make && make install, but do so at your own risk and be aware of using
> cpan in an environment not setup for it (for example RHEL out of the box).
>
> Edward
>
> ************
> The information in this email is confidential and may be legally
> privileged.
> It is intended solely for the addressee. Access to this email by anyone
> else
> is unauthorised. If you are not the intended recipient, any action taken
> or
> omitted to be taken in reliance on it, any form of reproduction,
> dissemination, copying, disclosure, modification, distribution and/or
> publication of this E-mail message is strictly prohibited and may be
> unlawful. If you have received this E-mail message in error, please notify
> us immediately. Please also destroy and delete the message from your
> computer.
> ************
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>


From maxsec at gmail.com  Thu Oct 21 17:23:01 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Thu Oct 21 17:23:14 2010
Subject: Virus attachments not replaced with warning text
In-Reply-To: <4CC048E5.9010103@f-i-ts.net>
References: <4C5BEB05.5050408@ecs.soton.ac.uk>
	<AANLkTinoX=hWGyVqENOB_TbPjXATu6AXkRCaPcqd=7e1@mail.gmail.com>
	<EMEW3|43fcaa3bd44a7a0d6143f77d7d2bc68fm75BxN0bMailScanner|ecs.soton.ac.uk|4C5BEB05.5050408@ecs.soton.ac.uk>
	<AANLkTi=2TFvnRvYFNvPwzWh=PDKsDKQTuU=5iU4gL=7=@mail.gmail.com>
	<1532629299.1283351933919.JavaMail.trustmail@fits-stmail1.isp.fits>
	<4CC048E5.9010103@f-i-ts.net>
Message-ID: <AANLkTimNE3G+f2vcaMiwmJL1=Mph+OagZF7Ju_zaN_Rn@mail.gmail.com>

Markus

problem with Steve back in August was an issue with spool dir permissions.

-- 
Martin Hepworth
Oxford, UK


On 21 October 2010 15:06, Markus Wennrich <mwen@f-i-ts.net> wrote:

> On 01.09.2010 16:38, Steve wrote:
> > On 26 August 2010 15:24, Steve <stratos.td@gmail.com> wrote:
> >
> > Maybe not...
> >
> > The Eicar test ZIP file gets replaced with warning message just fine,
> > but I've just received a spam with a ZIP that was flagged with
> > {Virus?} but attachment was included.
>
> I've got the same problem. eicar-virus get's removed correctly, all
> other viruses are tagged as {VirusInfected} but are still beeing delivered.
>
> My current ugly workaround: declare every virus as non-forging:
>
>    Non-Forging Viruses = ./ e/ a/ i/ o/ u/ -/ r/ s/ t
>
> Now all viruses do get removed ...
>
> > Are there any known issues with 4.79.11 that would cause this?
>
> The problem still exists in 4.81.4 ..
>
> Markus
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101021/62debe69/attachment.html
From brose at med.wayne.edu  Thu Oct 21 17:42:52 2010
From: brose at med.wayne.edu (Rose, Bobby)
Date: Thu Oct 21 17:43:09 2010
Subject: OT MailWatch XML-RPC issue
Message-ID: <45E96EDD1EEED14CAB5707E1D978D6FF1BFAA3D0B6@MED-CORE05.med.wayne.edu>

Is Mailwatch development dead?  I recently upgraded one of my Centos 5.5 mailscanner servers (I have a pair) and now I seem to have a mailwatch issue with the quarantine release or viewmail when the message isn't quarantined locally.

The message on the mailwatch page is XML-RPC Error: Parameter type NULL mismatch expected type.  I'm guessing something changed with the php-xmlrpc that isn't backward compatible.

php-xmlrpc version is 5.1.6-27
php is 5.1.6
mailwatch is 1.04

I know that back in 2008 there was a v2 of mailwatch being worked on but never heard anything more on it past its initial alpha 1 release.

Has anyone else have a distributed setup and run into this error?  If you are running Mailwatch , then what version of php/php-xmlrpc are you successfully running at?

Thanks
Bobby Rose
Sr Systems Administrator, MSIS Network Operations
Wayne State University School of Medicine<http://www.med.wayne.edu/>
brose@med.wayne.edu<mailto:brose@med.wayne.edu>




________________________________
This document may include proprietary and confidential information of Wayne State University Physician Group and may only be read by those person(s) to whom it is addressed. If you have received this e-mail message in error, please notify us immediately. This document may not be reproduced, copied, distributed, published, modified or furnished to third parties, without prior written consent of Wayne State University Physician Group. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101021/09d2ad91/attachment.html
From ssilva at sgvwater.com  Thu Oct 21 17:46:50 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Oct 21 17:47:14 2010
Subject: .zip files
In-Reply-To: <1082.192.168.1.164.1287674455.squirrel@www.dicyt.umss.edu.bo>
References: <4522.192.168.1.164.1287667497.squirrel@www.dicyt.umss.edu.bo>	<4CC05671.4050002@netring.co.uk>
	<1082.192.168.1.164.1287674455.squirrel@www.dicyt.umss.edu.bo>
Message-ID: <i9pqpq$tfv$1@dough.gmane.org>

on 10-21-2010 8:20 AM carola@dicyt.umss.edu.bo spake the following:
> Big thanks Edward for your answer! But I got a little confused, honestly.
> I am new here in the list (I subscribed yesterday)so I am not really
> familiar yet. You told me that the solution for myself would be to use a
> patch...Are we talking about the same thing? ?Cause my inquiry is about
> compressed files that are sent as an attach with .zip extension, which
> were not allowed to pass for the MailScanner. I already got the solution
> but I am worried that this solution could bring me other problems, such as
> letting dangerous attachs to pass...
> 
> 
You should check if your virus scanner can scan the archives natively. ClamAV
can, and will still check the .zip files for viruses.

From alex at rtpty.com  Thu Oct 21 19:26:31 2010
From: alex at rtpty.com (Alex Neuman)
Date: Thu Oct 21 19:26:40 2010
Subject: OT MailWatch XML-RPC issue
In-Reply-To: <45E96EDD1EEED14CAB5707E1D978D6FF1BFAA3D0B6@MED-CORE05.med.wayne.edu>
References: <45E96EDD1EEED14CAB5707E1D978D6FF1BFAA3D0B6@MED-CORE05.med.wayne.edu>
Message-ID: <AANLkTi=z7ETgwabcKmBkhb3AgEnT_Go8OHKLaOOqDCXf@mail.gmail.com>

Have you tried 1.05?

On Thu, Oct 21, 2010 at 11:42 AM, Rose, Bobby <brose@med.wayne.edu> wrote:
> Is Mailwatch development dead?? I recently upgraded one of my Centos 5.5
> mailscanner servers (I have a pair) and now I seem to have a mailwatch issue
> with the quarantine release or viewmail when the message isn?t quarantined
> locally.
>
>
>
> The message on the mailwatch page is XML-RPC Error: Parameter type NULL
> mismatch expected type.? I?m guessing something changed with the php-xmlrpc
> that isn?t backward compatible.
>
>
>
> php-xmlrpc version is 5.1.6-27
>
> php is 5.1.6
>
> mailwatch is 1.04
>
>
>
> I know that back in 2008 there was a v2 of mailwatch being worked on but
> never heard anything more on it past its initial alpha 1 release.
>
>
>
> Has anyone else have a distributed setup and run into this error?? If you
> are running Mailwatch , then what version of php/php-xmlrpc are you
> successfully running at?
>
>
>
> Thanks
>
> Bobby Rose
>
> Sr Systems Administrator, MSIS Network Operations
> Wayne State University School of Medicine
> brose@med.wayne.edu
>
>
>
>
>
>
>
> ________________________________
> This document may include proprietary and confidential information of Wayne
> State University Physician Group and may only be read by those person(s) to
> whom it is addressed. If you have received this e-mail message in error,
> please notify us immediately. This document may not be reproduced, copied,
> distributed, published, modified or furnished to third parties, without
> prior written consent of Wayne State University Physician Group. Thank you.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>



-- 
--

Alex Neuman van der Hans
Reliant Technologies
+507 6781-9505
+507 202-1525
BB Pin: 20EA17C5
alex@rtpty.com
Skype: alexneuman
From brose at med.wayne.edu  Thu Oct 21 19:30:30 2010
From: brose at med.wayne.edu (Rose, Bobby)
Date: Thu Oct 21 19:30:45 2010
Subject: OT MailWatch XML-RPC issue
In-Reply-To: <45E96EDD1EEED14CAB5707E1D978D6FF1BFAA3D0B6@MED-CORE05.med.wayne.edu>
References: <45E96EDD1EEED14CAB5707E1D978D6FF1BFAA3D0B6@MED-CORE05.med.wayne.edu>
Message-ID: <45E96EDD1EEED14CAB5707E1D978D6FF1BFAA3D0C1@MED-CORE05.med.wayne.edu>

Ok I found the issue. Mailwatch doesn't like the distro'd php-xmlrpc and wants to use its localized copy.  Uninstalling the distroed copy resolves it.

But is the mailwatch development halted though?
Thanks
-=B


From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rose, Bobby
Sent: Thursday, October 21, 2010 12:43 PM
To: mailscanner@lists.mailscanner.info
Subject: OT MailWatch XML-RPC issue

Is Mailwatch development dead?  I recently upgraded one of my Centos 5.5 mailscanner servers (I have a pair) and now I seem to have a mailwatch issue with the quarantine release or viewmail when the message isn't quarantined locally.

The message on the mailwatch page is XML-RPC Error: Parameter type NULL mismatch expected type.  I'm guessing something changed with the php-xmlrpc that isn't backward compatible.

php-xmlrpc version is 5.1.6-27
php is 5.1.6
mailwatch is 1.04

I know that back in 2008 there was a v2 of mailwatch being worked on but never heard anything more on it past its initial alpha 1 release.

Has anyone else have a distributed setup and run into this error?  If you are running Mailwatch , then what version of php/php-xmlrpc are you successfully running at?

Thanks
Bobby Rose
Sr Systems Administrator, MSIS Network Operations
Wayne State University School of Medicine<http://www.med.wayne.edu/>
brose@med.wayne.edu<mailto:brose@med.wayne.edu>




________________________________
This document may include proprietary and confidential information of Wayne State University Physician Group and may only be read by those person(s) to whom it is addressed. If you have received this e-mail message in error, please notify us immediately. This document may not be reproduced, copied, distributed, published, modified or furnished to third parties, without prior written consent of Wayne State University Physician Group. Thank you.

________________________________
This document may include proprietary and confidential information of Wayne State University Physician Group and may only be read by those person(s) to whom it is addressed. If you have received this e-mail message in error, please notify us immediately. This document may not be reproduced, copied, distributed, published, modified or furnished to third parties, without prior written consent of Wayne State University Physician Group. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101021/4680abea/attachment.html
From carola at dicyt.umss.edu.bo  Thu Oct 21 19:16:00 2010
From: carola at dicyt.umss.edu.bo (carola@dicyt.umss.edu.bo)
Date: Thu Oct 21 19:31:40 2010
Subject: .zip files
In-Reply-To: <i9pqpq$tfv$1@dough.gmane.org>
References: <4522.192.168.1.164.1287667497.squirrel@www.dicyt.umss.edu.bo>
	<4CC05671.4050002@netring.co.uk>
	<1082.192.168.1.164.1287674455.squirrel@www.dicyt.umss.edu.bo>
	<i9pqpq$tfv$1@dough.gmane.org>
Message-ID: <1293.192.168.1.164.1287684960.squirrel@www.dicyt.umss.edu.bo>

Thanks again.

Carola

> on 10-21-2010 8:20 AM carola@dicyt.umss.edu.bo spake the following:
>> Big thanks Edward for your answer! But I got a little confused,
>> honestly.
>> I am new here in the list (I subscribed yesterday)so I am not really
>> familiar yet. You told me that the solution for myself would be to use a
>> patch...Are we talking about the same thing? ?Cause my inquiry is about
>> compressed files that are sent as an attach with .zip extension, which
>> were not allowed to pass for the MailScanner. I already got the solution
>> but I am worried that this solution could bring me other problems, such
>> as
>> letting dangerous attachs to pass...
>>
>>
> You should check if your virus scanner can scan the archives natively.
> ClamAV
> can, and will still check the .zip files for viruses.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>


From ssilva at sgvwater.com  Thu Oct 21 20:03:00 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Oct 21 20:03:29 2010
Subject: OT MailWatch XML-RPC issue
In-Reply-To: <45E96EDD1EEED14CAB5707E1D978D6FF1BFAA3D0C1@MED-CORE05.med.wayne.edu>
References: <45E96EDD1EEED14CAB5707E1D978D6FF1BFAA3D0B6@MED-CORE05.med.wayne.edu>
	<45E96EDD1EEED14CAB5707E1D978D6FF1BFAA3D0C1@MED-CORE05.med.wayne.edu>
Message-ID: <i9q2p4$66g$1@dough.gmane.org>

on 10-21-2010 11:30 AM Rose, Bobby spake the following:
> Ok I found the issue. Mailwatch doesn?t like the distro?d php-xmlrpc and wants
> to use its localized copy.  Uninstalling the distroed copy resolves it.
> 
>  
> 
> But is the mailwatch development halted though?
> 
> Thanks
> 
I thought that was in the docs to not have any xmlrpc installed from the
distro...

There is some work on a newer version, but it is sort of a fork... The
original maintainer has evolved into a commercial product, and the work of
backporting the free parts was beyond what time he has available. Search the
list for version 1.05

From derek at csolve.net  Thu Oct 21 21:02:15 2010
From: derek at csolve.net (Derek Buttineau)
Date: Thu Oct 21 21:58:12 2010
Subject: Password Protected Archives
Message-ID: <5047D959-F513-418C-BDCB-8A07301EC4BE@csolve.net>

Was something changed in the logic behind the "Allow Password-Protected Archives" setting? This only used to be triggered if Virus Scanning was enabled for a recipient, however since upgrading to 4.81.4-1 this appears to be triggered regardless of Virus Scanning setting providing that "Scan Messages = yes".

This has caused some messages to be stopped that shouldn't have been.  I'm going to step into the code to see if I can figure out what's causing it, but hoping someone can provide some insight.

Thanks,

Derek
From ssilva at sgvwater.com  Thu Oct 21 23:37:43 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Oct 21 23:38:03 2010
Subject: Password Protected Archives
In-Reply-To: <5047D959-F513-418C-BDCB-8A07301EC4BE@csolve.net>
References: <5047D959-F513-418C-BDCB-8A07301EC4BE@csolve.net>
Message-ID: <i9qfbn$1gk$1@dough.gmane.org>

on 10-21-2010 1:02 PM Derek Buttineau spake the following:
> Was something changed in the logic behind the "Allow Password-Protected Archives" setting? This only used to be triggered if Virus Scanning was enabled for a recipient, however since upgrading to 4.81.4-1 this appears to be triggered regardless of Virus Scanning setting providing that "Scan Messages = yes".
> 
> This has caused some messages to be stopped that shouldn't have been.  I'm going to step into the code to see if I can figure out what's causing it, but hoping someone can provide some insight.
> 
> Thanks,
> 
I believe it was always supposed to work this way... Maybe it was broken
before. It wouldn't have any bearing on virus scanning because a virus scanner
can't scan inside them anyway, and never could.

From ssilva at sgvwater.com  Thu Oct 21 23:49:03 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Oct 21 23:49:29 2010
Subject: Password Protected Archives
In-Reply-To: <i9qfbn$1gk$1@dough.gmane.org>
References: <5047D959-F513-418C-BDCB-8A07301EC4BE@csolve.net>
	<i9qfbn$1gk$1@dough.gmane.org>
Message-ID: <i9qg0v$4rl$1@dough.gmane.org>

on 10-21-2010 3:37 PM Scott Silva spake the following:
> on 10-21-2010 1:02 PM Derek Buttineau spake the following:
>> Was something changed in the logic behind the "Allow Password-Protected Archives" setting? This only used to be triggered if Virus Scanning was enabled for a recipient, however since upgrading to 4.81.4-1 this appears to be triggered regardless of Virus Scanning setting providing that "Scan Messages = yes".
>>
>> This has caused some messages to be stopped that shouldn't have been.  I'm going to step into the code to see if I can figure out what's causing it, but hoping someone can provide some insight.
>>
>> Thanks,
>>
> I believe it was always supposed to work this way... Maybe it was broken
> before. It wouldn't have any bearing on virus scanning because a virus scanner
> can't scan inside them anyway, and never could.
> 
NVM... Did you mean that it still catches them if you have
"scan messages = no" ???

From hvdkooij at vanderkooij.org  Fri Oct 22 06:18:31 2010
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Fri Oct 22 06:18:41 2010
Subject: OT MailWatch XML-RPC issue
In-Reply-To: <45E96EDD1EEED14CAB5707E1D978D6FF1BFAA3D0C1@MED-CORE05.med.wayne.edu>
References: <45E96EDD1EEED14CAB5707E1D978D6FF1BFAA3D0B6@MED-CORE05.med.wayne.edu>
	<45E96EDD1EEED14CAB5707E1D978D6FF1BFAA3D0C1@MED-CORE05.med.wayne.edu>
Message-ID: <4CC11EA7.10708@vanderkooij.org>

On 21/10/10 20:30, Rose, Bobby wrote:

> But is the mailwatch development halted though?

Please read the MailWatch mailinglist to keep up.

Hugo.

-- 
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
From mwen at f-i-ts.net  Fri Oct 22 08:26:03 2010
From: mwen at f-i-ts.net (Markus Wennrich)
Date: Fri Oct 22 08:26:13 2010
Subject: Virus attachments not replaced with warning text
In-Reply-To: <2135884557.1287678341502.JavaMail.trustmail@fits-stmail1.isp.fits>
References: <4C5BEB05.5050408@ecs.soton.ac.uk>	<AANLkTinoX=hWGyVqENOB_TbPjXATu6AXkRCaPcqd=7e1@mail.gmail.com>	<EMEW3|43fcaa3bd44a7a0d6143f77d7d2bc68fm75BxN0bMailScanner|ecs.soton.ac.uk|4C5BEB05.5050408@ecs.soton.ac.uk>	<AANLkTi=2TFvnRvYFNvPwzWh=PDKsDKQTuU=5iU4gL=7=@mail.gmail.com>	<1532629299.1283351933919.JavaMail.trustmail@fits-stmail1.isp.fits>	<4CC048E5.9010103@f-i-ts.net>
	<2135884557.1287678341502.JavaMail.trustmail@fits-stmail1.isp.fits>
Message-ID: <4CC13C8B.3010400@f-i-ts.net>

Hi Martin,

eh, no :-)

On 01.09.2010 16:38, Steve replied to himself:
> On 26 August 2010 15:24, Steve <stratos.td@gmail.com> wrote:
>> A classic case of PEBKAC error ...
>>
>> I found that one of the spool directories did not have correct permissions set - it all seems to work fine now.
> Maybe not...
>
> The Eicar test ZIP file gets replaced with warning message just fine,
> but I've just received a spam with a ZIP that was flagged with

I just recently ran in the same problem again for another customer.

With the workaround mentioned below, everythings works for me ... so I
just wanted to let the list know, that the problem still exists in 4.81.4

Markus


On 21.10.2010 18:23, Martin Hepworth wrote:
> Markus
>
> problem with Steve back in August was an issue with spool dir permissions.
>
> -- 
> Martin Hepworth
> Oxford, UK
>
>
> On 21 October 2010 15:06, Markus Wennrich <mwen@f-i-ts.net
> <mailto:mwen@f-i-ts.net>> wrote:
>
>     On 01.09.2010 16:38, Steve wrote:
>     > On 26 August 2010 15:24, Steve <stratos.td
>     <http://stratos.td>@gmail.com <http://gmail.com>> wrote:
>     >
>     > Maybe not...
>     >
>     > The Eicar test ZIP file gets replaced with warning message just
>     fine,
>     > but I've just received a spam with a ZIP that was flagged with
>     > {Virus?} but attachment was included.
>
>     I've got the same problem. eicar-virus get's removed correctly, all
>     other viruses are tagged as {VirusInfected} but are still beeing
>     delivered.
>
>     My current ugly workaround: declare every virus as non-forging:
>
>        Non-Forging Viruses = ./ e/ a/ i/ o/ u/ -/ r/ s/ t
>
>     Now all viruses do get removed ...
>
>     > Are there any known issues with 4.79.11 that would cause this?
>
>     The problem still exists in 4.81.4 ..
>
>     Markus
>
>     --
>     MailScanner mailing list
>     mailscanner@lists.mailscanner.info
>     <mailto:mailscanner@lists.mailscanner.info>
>     http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>     Before posting, read http://wiki.mailscanner.info/posting
>
>     Support MailScanner development - buy the book off the website!
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101022/60b18dc1/attachment.html
From LGi at b-w-computer.de  Fri Oct 22 08:40:59 2010
From: LGi at b-w-computer.de (LGi@b-w-computer.de)
Date: Fri Oct 22 08:41:11 2010
Subject: Antwort: Re: Mailscanner does not scan mails
In-Reply-To: <AANLkTikpebOgqz31W2SURHqnkT-z+pd4+Em4nCXCvr49@mail.gmail.com>
References: <OF3CA0186D.59B8C44D-ONC12577B6.00429654-C12577B6.00442FCB@b-w-computer.de>
	<AANLkTin0BdXWbcerHTJA4dHLkg6WFAc4PMKw5=nump7Y@mail.gmail.com>	<OF836E3E7E.69DEC618-ONC12577B6.005419C9-C12577B6.0054520B@b-w-computer.de>
	<AANLkTikpebOgqz31W2SURHqnkT-z+pd4+Em4nCXCvr49@mail.gmail.com>
Message-ID: <OFBFE76B78.3BD0D951-ONC12577C4.002A23E5-C12577C4.002A34B2@b-w-computer.de>

just an short update:
I used the automatic tool for merging the config ans mailscanner works 
now.
Thanks for all.


Fragen? Kommen Sie jederzeit gerne auf uns zu!

Herzliche Gr??e aus Hamburg
b&w computer

Lars Gierling
b&w computer 
Inh.: Michael Papenhagen
Fangdieckstr. 64
D-22547 Hamburg | Germany
Tel:  +49 40 / 49 296 - 0 
Fax: +49 40 / 49 296 - 100 
http://www.b-w-computer.de 





Von:    Martin Hepworth <maxsec@gmail.com>
An:     MailScanner discussion <mailscanner@lists.mailscanner.info>
Datum:  09.10.2010 19:31
Betreff:        Re: Mailscanner does not scan mails
Gesendet von:   mailscanner-bounces@lists.mailscanner.info



Worth using the automatic tool for this u may have missed a setting

On Friday, October 8, 2010,  <LGi@b-w-computer.de> wrote:
> I updated the new MailScanner.conf manually with the settings from the 
old
> one.
>
>
> Fragen? Kommen Sie jederzeit gerne auf uns zu!
>
> Herzliche Gr??e aus Hamburg
> b&w computer
>
> Lars Gierling
> b&w computer
> Inh.: Michael Papenhagen
> Fangdieckstr. 64
> D-22547 Hamburg | Germany
> Tel:  +49 40 / 49 296 - 0
> Fax: +49 40 / 49 296 - 100
> http://www.b-w-computer.de
>
>
>
>
>
> Von:    Martin Hepworth <maxsec@gmail.com>
> An:     MailScanner discussion <mailscanner@lists.mailscanner.info>
> Datum:  08.10.2010 17:13
> Betreff:        Re: Mailscanner does not scan mails
> Gesendet von:   mailscanner-bounces@lists.mailscanner.info
>
>
>
>  how did you upgrade - jump from 4.55 to 4.81 is a big one...did you 
check
> all the settings are still correct in the merges MailScanner.conf?
>
>
> --
> Martin Hepworth
> Oxford, UK
>
>
> On 8 October 2010 13:24, <LGi@b-w-computer.de> wrote:
> I just ugraded to MailScanner-4.81.4-1
>
> All seems fine, but it's just not scanning messages.
> The debug output says:
>
>        14:10:29 Building a message batch to scan...
>
> but nothing happens
>
> ps ax shows:
>
>        29532 pts/3    S+     0:38 MailScanner: waiting for messages
>
> The Incoming Queue Dir is configured correctly:
>
> Incoming Queue Dir = /var/spool/postfix/hold
>
> When I start the job with strace the Mailscanner processs seem to look
> into the queue directory every 6 seconds:
>
> [pid 29692] chdir("/var/spool/postfix/hold") = 0
> [pid 29692] open(".", 
O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000)
> = 9
> [pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
> [pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
> [pid 29692] close(9)                    = 0
> [pid 29692] umask(0177)                 = 077
> [pid 29692] umask(077)                  = 0177
> [pid 29692] time(NULL)                  = 1286540143
> [pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
> [pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
> [pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> [pid 29692] nanosleep({6, 0}, {6, 0})   = 0
> [pid 29692] time(NULL)                  = 1286540149
> [pid 29692] chdir("/var/spool/postfix/hold") = 0
> [pid 29692] open(".", 
O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000)
> = 9
> [pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
> [pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
> [pid 29692] close(9)                    = 0
> [pid 29692] umask(0177)                 = 077
> [pid 29692] umask(077)                  = 0177
> [pid 29692] time(NULL)                  = 1286540149
> [pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
> [pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
> [pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> [pid 29692] nanosleep({6, 0},
>
>
> There are several new messages in the directory /var/spool/postfix/hold
> but MailScanner does not pick them.
>
> any idea how to get this to work?
> Previus Version MailScanner-4.52.2 is working fine.
>
>
>
>
>
> best regards
>
>
> Lars Gierling
>
>
>
>
> Think before you print
> Diese E-Mail und alle Anh?nge enthalten vertrauliche und/oder rechtlich
> gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder
> diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort den
> Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das 
unerlaubte
> Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht 
gestattet.
>
> This e-mail and any attached files may contain confidential and/or
> privileged information. If you are not the intended recipient (or have
> received this e-mail by mistake) please notify the sender immediately 
and
> delete this e-mail. Any unauthorised duplication, disclosure or
> distribution of this e-mail and content is strictly forbidden.
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
>
> Think before you print
> Diese E-Mail und alle Anh?nge enthalten vertrauliche und/oder rechtlich
> gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder
> diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort den
> Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das 
unerlaubte
> Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht 
gestattet.
>
> This e-mail and any attached files may contain confidential and/or
> privileged information. If you are not the intended recipient (or have
> received this e-mail by mistake) please notify the sender immediately 
and
> delete this e-mail. Any unauthorised duplication, disclosure or
> distribution of this e-mail and content is strictly forbidden.
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

-- 
-- 
Martin Hepworth
Oxford, UK
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 



Think before you print
Diese E-Mail und alle Anh?nge enthalten vertrauliche und/oder rechtlich 
gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder 
diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort den 
Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das unerlaubte 
Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.

This e-mail and any attached files may contain confidential and/or 
privileged information. If you are not the intended recipient (or have 
received this e-mail by mistake) please notify the sender immediately and 
delete this e-mail. Any unauthorised duplication, disclosure or 
distribution of this e-mail and content is strictly forbidden. 


From derek at csolve.net  Fri Oct 22 12:42:03 2010
From: derek at csolve.net (Derek Buttineau)
Date: Fri Oct 22 12:42:14 2010
Subject: Password Protected Archives
In-Reply-To: <i9qfbn$1gk$1@dough.gmane.org>
References: <5047D959-F513-418C-BDCB-8A07301EC4BE@csolve.net>
	<i9qfbn$1gk$1@dough.gmane.org>
Message-ID: <6B7C29F5-3E53-463A-8504-5DA99EED9307@csolve.net>

I used to be attached to Virus Scanning = yes/no for this particular reason, if you weren't scanning for viruses, it didn't really matter if there was a password protected archive or not.

With this latest updated, even if Virus Scanning = no it'll still stop password protected zips if Allow Password-Protected Archives = no.

I can work around that with a rule set, but it's definitely been changed.

Derek

On 2010-10-21, at 6:37 PM, Scott Silva wrote:

> I believe it was always supposed to work this way... Maybe it was broken
> before. It wouldn't have any bearing on virus scanning because a virus scanner
> can't scan inside them anyway, and never could.

From derek at csolve.net  Fri Oct 22 14:12:27 2010
From: derek at csolve.net (Derek Buttineau)
Date: Fri Oct 22 14:12:37 2010
Subject: Password Protected Archives
In-Reply-To: <6B7C29F5-3E53-463A-8504-5DA99EED9307@csolve.net>
References: <5047D959-F513-418C-BDCB-8A07301EC4BE@csolve.net>
	<i9qfbn$1gk$1@dough.gmane.org>
	<6B7C29F5-3E53-463A-8504-5DA99EED9307@csolve.net>
Message-ID: <64CECEA5-3E33-4B89-B24F-E11AEF073C05@csolve.net>

I worked around the PPA change in config (basically disallowed them if virus scanning is enabled but allowed them if vice versa), however I've uncovered another change/issue.

It appears that as long as there is a virus scanner defined, the message is being scanned for viruses regardless of the setting of Virus Scanning, though when Virus Scanning is set to no there is no action taken, but the message is still passed through the virus engine.  This doesn't seem right.

For example, here are logs from the same message split into individual queue messages by recipient:

Virus Scanning on (correct behaviour):

Oct 22 08:48:18 minasithil mailguard_splitter[1163]: Split 1P9H2f-000Bfy-9I S=Test 2010-10-22 Text File Eicar Test #5 NO VScan from <lock@csolve.net> into 1P9H2g-0000Il-97 H=mail.csolve.net[207.164.80.200] => derek@csolve.net
Oct 22 08:48:19 minasithil MailScanner[39911]: Clamd::INFECTED:: Eicar-Test-Signature :: ./1P9H2g-0000Il-97/eicar.txt 
Oct 22 08:48:19 minasithil MailScanner[39911]: Infected message 1P9H2g-0000Il-97 came from 207.164.80.200 
Oct 22 08:48:19 minasithil MailScanner[39911]: Saved entire message to /var/spool/MailScanner/quarantine/20101022/1P9H2g-0000Il-97 
Oct 22 08:48:19 minasithil MailScanner[39911]: Saved infected "eicar.txt" to /var/spool/MailScanner/quarantine/20101022/1P9H2g-0000Il-97 

Virus Scanning off (weird behaviour):

Oct 22 08:48:18 minasithil mailguard_splitter[1163]: Split 1P9H2f-000Bfy-9I S=Test 2010-10-22 Text File Eicar Test #5 NO VScan from <lock@csolve.net> into 1P9H2g-0000Il-96 H=mail.csolve.net[207.164.80.200] => test@csolve.net 
Oct 22 08:48:19 minasithil MailScanner[39911]: Clamd::INFECTED:: Eicar-Test-Signature :: ./1P9H2g-0000Il-96/eicar.txt 
Oct 22 08:48:20 minasithil MailScanner[39911]: Message 1P9H2g-0000Il-96 from 207.164.80.200 (lock@csolve.net) to csolve.net is not spam, SpamAssassin (not cached, score=-3.01, required 0, autolearn=disabled, ALL_TRUSTED -4.00, NO_REAL_NAME 1.00, T_RP_MATCHES_RCVD -0.01) 
Oct 22 08:48:20 minasithil exim.out[44903]: 1P9H2g-0000Il-96 => test@csolve.net R=mailertable_router T=remote_smtp H=mail.csolve.net [207.164.80.200]
Oct 22 08:48:20 minasithil exim.out[44903]: 1P9H2g-0000Il-96 Completed

Message still comes through fine, but it shouldn't have been passed to ClamD.  Will see if I can figure out what's causing that.

Derek

On 2010-10-22, at 7:42 AM, Derek Buttineau wrote:

> I used to be attached to Virus Scanning = yes/no for this particular reason, if you weren't scanning for viruses, it didn't really matter if there was a password protected archive or not.
> 
> With this latest updated, even if Virus Scanning = no it'll still stop password protected zips if Allow Password-Protected Archives = no.
> 
> I can work around that with a rule set, but it's definitely been changed.
> 
> Derek
> 
> On 2010-10-21, at 6:37 PM, Scott Silva wrote:
> 
>> I believe it was always supposed to work this way... Maybe it was broken
>> before. It wouldn't have any bearing on virus scanning because a virus scanner
>> can't scan inside them anyway, and never could.
> 
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!

From NWL002 at shsu.edu  Fri Oct 22 23:04:34 2010
From: NWL002 at shsu.edu (Laskie, Norman)
Date: Fri Oct 22 23:08:26 2010
Subject: Sender Priorities
Message-ID: <8FAC1E47484E43469AA28DBF35C955E4BDF5E78CB2@EXMBX.SHSU.EDU>

Does anyone know if it's possible to have messages from specific senders bumped to the top of the processing queue in MailScanner or even have it bypass MailScanner completely (it is already configured not to scan these messages)?  Our emergency notification system sends through the same edge boxes as all of our other external mail.  This is not a good thing and we would rather send from internally, but the powers that be decided to outsource emergency notifications vs. something we could easily do.

Thanks,
Norman


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101022/1f15468c/attachment.html
From alex at rtpty.com  Sat Oct 23 18:59:45 2010
From: alex at rtpty.com (Alex Neuman)
Date: Sat Oct 23 19:00:00 2010
Subject: Sender Priorities
In-Reply-To: <8FAC1E47484E43469AA28DBF35C955E4BDF5E78CB2@EXMBX.SHSU.EDU>
References: <8FAC1E47484E43469AA28DBF35C955E4BDF5E78CB2@EXMBX.SHSU.EDU>
Message-ID: <F5B2F4AA-37CF-41A8-AAE0-58C0135C676A@rtpty.com>

Scan Messages = %rules-dir%/whattoscan.rules

/etc/MailScanner/rules/whattoscan.rules
FromOrTo:	default		yes
From:	reallyreallysnappyemergencynotification@sillydomain.com	no


On Oct 22, 2010, at 5:04 PM, Laskie, Norman wrote:

> Does anyone know if it?s possible to have messages from specific senders bumped to the top of the processing queue in MailScanner or even have it bypass MailScanner completely (it is already configured not to scan these messages)?  Our emergency notification system sends through the same edge boxes as all of our other external mail.  This is not a good thing and we would rather send from internally, but the powers that be decided to outsource emergency notifications vs. something we could easily do.   
>  
> Thanks,
> Norman
>  
>  
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

From mark at msapiro.net  Sun Oct 24 16:19:19 2010
From: mark at msapiro.net (Mark Sapiro)
Date: Sun Oct 24 16:19:20 2010
Subject: Sender Priorities
In-Reply-To: <F5B2F4AA-37CF-41A8-AAE0-58C0135C676A@rtpty.com>
References: <8FAC1E47484E43469AA28DBF35C955E4BDF5E78CB2@EXMBX.SHSU.EDU>
	<F5B2F4AA-37CF-41A8-AAE0-58C0135C676A@rtpty.com>
Message-ID: <4CC44E77.2000305@msapiro.net>

On Oct 23 at 11:59 AM, Alex Neuman wrote:
> Scan Messages = %rules-dir%/whattoscan.rules
> 
> /etc/MailScanner/rules/whattoscan.rules
> FromOrTo:	default		yes
> From:	reallyreallysnappyemergencynotification@sillydomain.com	no


I think the OP wants to skip MailScanner completely rather than just
telling MailScanner to not scan the message. Thus, this would have to be
done in the MTA and how to do it would depend on the MTA.


> On Oct 22, 2010, at 5:04 PM, Laskie, Norman wrote:
> 
>> Does anyone know if it?s possible to have messages from specific senders bumped to the top of the processing queue in MailScanner or even have it bypass MailScanner completely (it is already configured not to scan these messages)?  Our emergency notification system sends through the same edge boxes as all of our other external mail.  This is not a good thing and we would rather send from internally, but the powers that be decided to outsource emergency notifications vs. something we could easily do.   
>>  
>> Thanks,
>> Norman



-- 
Mark Sapiro <mark@msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From hvdkooij at vanderkooij.org  Sun Oct 24 21:54:54 2010
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Sun Oct 24 21:55:04 2010
Subject: Sender Priorities
In-Reply-To: <8FAC1E47484E43469AA28DBF35C955E4BDF5E78CB2@EXMBX.SHSU.EDU>
References: <8FAC1E47484E43469AA28DBF35C955E4BDF5E78CB2@EXMBX.SHSU.EDU>
Message-ID: <4CC49D1E.6070803@vanderkooij.org>

On 23/10/10 00:04, Laskie, Norman wrote:
> Does anyone know if it?s possible to have messages from specific senders
> bumped to the top of the processing queue in MailScanner or even have it
> bypass MailScanner completely (it is already configured not to scan
> these messages)?  Our emergency notification system sends through the
> same edge boxes as all of our other external mail.  This is not a good
> thing and we would rather send from internally, but the powers that be
> decided to outsource emergency notifications vs. something we could
> easily do.   

Just in case you run MailScanner + postfix. This is how I did something
similar:
http://hugo.vanderkooij.org/email/mailscanner.htm?lang=en#HOLD

Hugo.

-- 
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
From norbert at schmueller.de  Sun Oct 24 22:45:00 2010
From: norbert at schmueller.de (Norbert Schmidt)
Date: Sun Oct 24 22:45:31 2010
Subject: Sender Priorities
In-Reply-To: <F5B2F4AA-37CF-41A8-AAE0-58C0135C676A@rtpty.com>
References: <8FAC1E47484E43469AA28DBF35C955E4BDF5E78CB2@EXMBX.SHSU.EDU>
	<F5B2F4AA-37CF-41A8-AAE0-58C0135C676A@rtpty.com>
Message-ID: <4CC4A8DC.8070502@schmueller.de>

  Hi Alex,

I've solved this within Postfix. I've got a script, that moves the 
important mails from the hold to the incoming queue. I do not know of a 
way within Mailscanner yet.

Best Regards

Norbert Schmidt
Am 20:59, schrieb Alex Neuman:
> Scan Messages = %rules-dir%/whattoscan.rules
>
> /etc/MailScanner/rules/whattoscan.rules
> FromOrTo:	default		yes
> From:	reallyreallysnappyemergencynotification@sillydomain.com	no
>
>
> On Oct 22, 2010, at 5:04 PM, Laskie, Norman wrote:
>
>> Does anyone know if it?s possible to have messages from specific senders bumped to the top of the processing queue in MailScanner or even have it bypass MailScanner completely (it is already configured not to scan these messages)?  Our emergency notification system sends through the same edge boxes as all of our other external mail.  This is not a good thing and we would rather send from internally, but the powers that be decided to outsource emergency notifications vs. something we could easily do.
>>
>> Thanks,
>> Norman
>>
>>
>> -- 
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From lists at macscr.com  Mon Oct 25 08:07:15 2010
From: lists at macscr.com (Mark Chaney)
Date: Mon Oct 25 08:07:27 2010
Subject: 4.8.x and ubuntu?
Message-ID: <4CC52CA3.4040800@macscr.com>

Im running Ubuntu 10.4 and mailscanner 4.79 right now. Recommended 
method for upgrading to 4.8.x? I really would love to stick with deb's, 
but it seems the adoption rate for 4.8.x with ubuntu/debian is quite low 
compared to freebsd/centos/suse, etc (practically everyone). Is there a 
reason why?

Thanks,
Mark
From bonivart at opencsw.org  Mon Oct 25 08:27:05 2010
From: bonivart at opencsw.org (Peter Bonivart)
Date: Mon Oct 25 08:28:10 2010
Subject: 4.8.x and ubuntu?
In-Reply-To: <4CC52CA3.4040800@macscr.com>
References: <4CC52CA3.4040800@macscr.com>
Message-ID: <AANLkTinNB_OicqDUz9aSafhZyBgdc-Be7OMQC7Feoao=@mail.gmail.com>

On Mon, Oct 25, 2010 at 9:07 AM, Mark Chaney <lists@macscr.com> wrote:
> Im running Ubuntu 10.4 and mailscanner 4.79 right now. Recommended method
> for upgrading to 4.8.x? I really would love to stick with deb's, but it
> seems the adoption rate for 4.8.x with ubuntu/debian is quite low compared
> to freebsd/centos/suse, etc (practically everyone). Is there a reason why?

You could always go with the tar dist of MailScanner.

/peter
From noel.butler at ausics.net  Mon Oct 25 08:48:18 2010
From: noel.butler at ausics.net (Noel Butler)
Date: Mon Oct 25 08:48:33 2010
Subject: spamassassin detection error
Message-ID: <1287992898.9670.5.camel@tardis>

Jules,
after a slackware upgrade on one mail server, I get this error

 
Checking for SpamAssassin errors (if you use it)...
You want to use SpamAssassin but have not installed it.
at /opt/MailScanner/lib/MailScanner/SA.pm line 177
Please download
http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz and unpack it and run ./install.sh to install it, then restart MailScanner. at /opt/MailScanner/lib/MailScanner/SA.pm line 178
I will run without SpamAssassin for now, you will not detect much spam
until you install SpamAssassin.
at /opt/MailScanner/lib/MailScanner/SA.pm line 179


......However it is already installed....

# cpan -i Mail::SpamAssassin
\CPAN: Storable loaded ok (v2.20)
Going to read '/root/.cpan/Metadata'
  Database was generated on Mon, 25 Oct 2010 06:29:12 GMT
Mail::SpamAssassin is up to date (3.003001).



    
      unshift @INC, "$val/lib/perl5/site_perl/$perl_vers";
    
seems to be the problem, its only looking in 5.10.1, not 5.10.0 where
perl seems to look as well.

Cheers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101025/49c1621a/attachment.html
From markus at markusoft.se  Mon Oct 25 10:27:46 2010
From: markus at markusoft.se (Markus Nilsson)
Date: Mon Oct 25 10:27:59 2010
Subject: Phishing warning
In-Reply-To: <16556490.47.1287998561456.JavaMail.markus@cronlabworkstation0>
Message-ID: <15121425.58.1287998863669.JavaMail.markus@cronlabworkstation0>

Hi, 

The phishing filter seems to warn for a link with the name "www.domain.com)", when pointing to "www.domain.com". 

I understand that it is not easy to create a bullet-proof phishing detection, but maybe ignoring the "()[]{}" etc from the check could remove a few more FP's? 

I am running MailScanner (Debian) version 4.74.16-1~bpo50+1 


BR 
Markus 




 
--
This message has been scanned for viruses and dangerous content by IT Staden, and is believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101025/ddb25f33/attachment.html
From maxsec at gmail.com  Mon Oct 25 11:18:13 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Mon Oct 25 11:18:22 2010
Subject: Phishing warning
In-Reply-To: <15121425.58.1287998863669.JavaMail.markus@cronlabworkstation0>
References: <16556490.47.1287998561456.JavaMail.markus@cronlabworkstation0>
	<15121425.58.1287998863669.JavaMail.markus@cronlabworkstation0>
Message-ID: <AANLkTim2nrtJyMOJuP3BEBf6D+6GQGqBKkwXi-AhhB5j@mail.gmail.com>

Hi

that's quite an old version of MailScanner, try upgrading and see if the
issue still persists.

-- 
Martin Hepworth
Oxford, UK


On 25 October 2010 10:27, Markus Nilsson <markus@markusoft.se> wrote:

> Hi,
>
> The phishing filter seems to warn for a link with the name "www.domain.com)",
> when pointing to "www.domain.com".
>
> I understand that it is not easy to create a bullet-proof phishing
> detection, but maybe ignoring the "()[]{}" etc from the check could remove a
> few more FP's?
>
> I am running MailScanner (Debian) version 4.74.16-1~bpo50+1
>
>
> BR
> Markus
>
>
>
>
>
> This message has been scanned for viruses and dangerous content by IT Stade
> n and is believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101025/40deb635/attachment.html
From markus at markusoft.se  Mon Oct 25 12:00:46 2010
From: markus at markusoft.se (Markus Nilsson)
Date: Mon Oct 25 12:01:02 2010
Subject: Phishing warning
In-Reply-To: <AANLkTim2nrtJyMOJuP3BEBf6D+6GQGqBKkwXi-AhhB5j@mail.gmail.com>
Message-ID: <3593626.65.1288004445008.JavaMail.markus@cronlabworkstation0>

Sure it is a little bit outdated, but since I have a couple of servers running with the same configuration, I try to minimize the number of updates. 

Anyone with a recent version willing to do a simple test? 

This link will warn: www.domain.com) 

/Markus 


From: "Martin Hepworth" <maxsec@gmail.com> 
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info> 
Sent: m?ndag, 25 okt 2010 12:18:13 
Subject: Re: Phishing warning 

Hi 


that's quite an old version of MailScanner, try upgrading and see if the issue still persists. 

-- 
Martin Hepworth 
Oxford, UK 



On 25 October 2010 10:27, Markus Nilsson < markus@markusoft.se > wrote: 




Hi, 

The phishing filter seems to warn for a link with the name " www.domain.com )", when pointing to " www.domain.com ". 

I understand that it is not easy to create a bullet-proof phishing detection, but maybe ignoring the "()[]{}" etc from the check could remove a few more FP's? 

I am running MailScanner (Debian) version 4.74.16-1~bpo50+1 


BR 
Markus 

-- 
MailScanner mailing list 
mailscanner@lists.mailscanner.info 
http://lists.mailscanner.info/mailman/listinfo/mailscanner 

Before posting, read http://wiki.mailscanner.info/posting 

Support MailScanner development - buy the book off the website! 




 
--
This message has been scanned for viruses and dangerous content by IT Staden, and is believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101025/05558a49/attachment.html
From Denis.Beauchemin at USherbrooke.ca  Mon Oct 25 13:53:24 2010
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Mon Oct 25 13:53:45 2010
Subject: Phishing warning
In-Reply-To: <3593626.65.1288004445008.JavaMail.markus@cronlabworkstation0>
References: <3593626.65.1288004445008.JavaMail.markus@cronlabworkstation0>
Message-ID: <4CC57DC4.4050407@USherbrooke.ca>

The bug seems to be present in mailscanner-4.81.3-1

Denis

Le 2010-10-25 07:00, Markus Nilsson a ?crit :
> Sure it is a little bit outdated, but since I have a couple of servers 
> running with the same configuration, I try to minimize the number of 
> updates.
>
> Anyone with a recent version willing to do a simple test?
>
> This link will warn: *Le Service des Technologies de l'Information de 
> l'UdeS veut vous mettre en garde contre "www.domain.com" qui semble 
> ?tre une tentative de fraude envers* *CronLab has detected a possible 
> fraud attempt from "www.domain.com" claiming to be* www.domain.com) 
> <http://www.domain.com>
>
> /Markus
>
> ------------------------------------------------------------------------
> *From: *"Martin Hepworth" <maxsec@gmail.com>
> *To: *"MailScanner discussion" <mailscanner@lists.mailscanner.info>
> *Sent: *m?ndag, 25 okt 2010 12:18:13
> *Subject: *Re: Phishing warning
>
> Hi
>
> that's quite an old version of MailScanner, try upgrading and see if 
> the issue still persists.
>
> -- 
> Martin Hepworth
> Oxford, UK
>
>
> On 25 October 2010 10:27, Markus Nilsson <markus@markusoft.se 
> <mailto:markus@markusoft.se>> wrote:
>
>     Hi,
>
>     The phishing filter seems to warn for a link with the name
>     "www.domain.com <http://www.domain.com>)", when pointing to
>     "www.domain.com <http://www.domain.com>".
>
>     I understand that it is not easy to create a bullet-proof phishing
>     detection, but maybe ignoring the "()[]{}" etc from the check
>     could remove a few more FP's?
>
>     I am running MailScanner (Debian) version 4.74.16-1~bpo50+1
>
>
>     BR
>     Markus
>
>     --
>     MailScanner mailing list
>     mailscanner@lists.mailscanner.info
>     <mailto:mailscanner@lists.mailscanner.info>
>     http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>     Before posting, read http://wiki.mailscanner.info/posting
>
>     Support MailScanner development - buy the book off the website!
>
>
>
>
>
>
> This message has been scanned for viruses and dangerous content by IT 
> Staden and is believed to be clean.
>

-- 
Denis Beauchemin, analyste
Universit? de Sherbrooke, S.T.I.
T: 819.821.8000x62252 F: 819.821.8045

From NWL002 at shsu.edu  Mon Oct 25 14:57:31 2010
From: NWL002 at shsu.edu (Laskie, Norman)
Date: Mon Oct 25 14:57:42 2010
Subject: Sender Priorities
Message-ID: <8FAC1E47484E43469AA28DBF35C955E4BDF5C292CD@EXMBX.SHSU.EDU>

We are using sendmail as our mta. I do have some scripts that we may be able to manually move the messages with. I was hoping for something we could do via sendmail automatically.

Thanks,
Norman



-----Original Message-----
From: Mark Sapiro [mark@msapiro.net]
Received: Sunday, 24 Oct 2010, 10:34
To: MailScanner discussion [mailscanner@lists.mailscanner.info]
Subject: Re: Sender Priorities

On Oct 23 at 11:59 AM, Alex Neuman wrote:
> Scan Messages = %rules-dir%/whattoscan.rules
>
> /etc/MailScanner/rules/whattoscan.rules
> FromOrTo:     default         yes
> From: reallyreallysnappyemergencynotification@sillydomain.com no


I think the OP wants to skip MailScanner completely rather than just
telling MailScanner to not scan the message. Thus, this would have to be
done in the MTA and how to do it would depend on the MTA.


> On Oct 22, 2010, at 5:04 PM, Laskie, Norman wrote:
>
>> Does anyone know if it?s possible to have messages from specific senders bumped to the top of the processing queue in MailScanner or even have it bypass MailScanner completely (it is already configured not to scan these messages)?  Our emergency notification system sends through the same edge boxes as all of our other external mail.  This is not a good thing and we would rather send from internally, but the powers that be decided to outsource emergency notifications vs. something we could easily do.
>>
>> Thanks,
>> Norman



--
Mark Sapiro <mark@msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
From ssilva at sgvwater.com  Mon Oct 25 16:09:45 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Oct 25 16:10:03 2010
Subject: 4.8.x and ubuntu?
In-Reply-To: <4CC52CA3.4040800@macscr.com>
References: <4CC52CA3.4040800@macscr.com>
Message-ID: <ia46jp$1ad$1@dough.gmane.org>

on 10-25-2010 12:07 AM Mark Chaney spake the following:
> Im running Ubuntu 10.4 and mailscanner 4.79 right now. Recommended method for
> upgrading to 4.8.x? I really would love to stick with deb's, but it seems the
> adoption rate for 4.8.x with ubuntu/debian is quite low compared to
> freebsd/centos/suse, etc (practically everyone). Is there a reason why?
Because all things Debian related have stayed with the Older is more stable
philosophy... Even if someone keeps the deb's current, it is very hard to get
them accepted into the mainstream repositories.

From drew.marshall at trunknetworks.com  Mon Oct 25 18:47:04 2010
From: drew.marshall at trunknetworks.com (Drew Marshall)
Date: Mon Oct 25 18:47:28 2010
Subject: The Exchange takeover, stealth Mailscanner, SPF,
	and other thoughts. Subj was: Re: help me
In-Reply-To: <009101cb702e$3b36e150$b1a4a3f0$@co.uk>
References: <63314.96569.qm@web53105.mail.re2.yahoo.com>	<4CB75B68.8080509@pacific.net>	<4065302081009288933@unknownmsgid>	<006b01cb6c40$f1f23440$d5d69cc0$@co.uk>	<AANLkTinrgrUqQbLx-9tAkUm5fdK4ezjrUM-bEdN6gfJY@mail.gmail.com>	<4CB8804A.3000205@nanogherkin.com>	<020201cb6f8b$3b16d340$b14479c0$@co.uk>	<4CBD9657.9040001@farrows.org>
	<4CBDDAD7.1090500@fsl.com> <009101cb702e$3b36e150$b1a4a3f0$@co.uk>
Message-ID: <EB35ADD9-952D-4A1F-BF0B-F84D119BBFB2@trunknetworks.com>


On 20 Oct 2010, at 09:10, Nigel Kendrick wrote:

> Thanks to everyone for all the thoughts and comments. Happy to say  
> my new
> job is lined up and I start as IT Manager on 1st Nov. I'll re- 
> subscribe to
> this list from my new email address and keep lurking at least
>
> Steve: Thanks for the comments. I live 'just down the road' at  
> Walberton but
> my new job is as a salaried IT Manager (in Lewes, so a bit of a  
> drive!) so
> not much room for any additional work.

Good luck with the new role. Keep your eyes out for Bills in Cliffe  
High Street (They have a fruit and veg shop out front). They do the  
best breakfast in the Town!

I love Lewes (Used to work there when I was employed 2 years ago and  
have my own customers in the area now), the smell of the Harvey's  
brewing is quite compelling!

Drew

-- 
In line with our policy, this message has been scanned for viruses and dangerous content.
Our email policy can be found at www.trunknetworks.com/policy

Trunk Networks Limited is registered in Scotland with registration number: SC351063
Registered Office 55-57 West High Street Inverurie AB51 3QQ

From drew.marshall at trunknetworks.com  Mon Oct 25 18:49:44 2010
From: drew.marshall at trunknetworks.com (Drew Marshall)
Date: Mon Oct 25 18:50:13 2010
Subject: The Exchange takeover, stealth Mailscanner, SPF,
	and other thoughts. Subj was: Re: help me
In-Reply-To: <4CBDDAD7.1090500@fsl.com>
References: <63314.96569.qm@web53105.mail.re2.yahoo.com>	<4CB75B68.8080509@pacific.net>	<4065302081009288933@unknownmsgid>	<006b01cb6c40$f1f23440$d5d69cc0$@co.uk>	<AANLkTinrgrUqQbLx-9tAkUm5fdK4ezjrUM-bEdN6gfJY@mail.gmail.com>	<4CB8804A.3000205@nanogherkin.com>	<020201cb6f8b$3b16d340$b14479c0$@co.uk>
	<4CBD9657.9040001@farrows.org> <4CBDDAD7.1090500@fsl.com>
Message-ID: <D7ABED27-CB0A-4B05-AA7E-C4675A147DA7@trunknetworks.com>


On 19 Oct 2010, at 18:52, Steve Freegard wrote:

> On 19/10/10 14:00, Peter Farrow wrote:
>>> 1) They are currently ripping out our ADSL lines/VPNs to replace  
>>> them
>>> with a BT managed ?cloud? system. Not only are the links more
>>> expensive and in some cases slower (we have some sites running
>>> 20Mbit/2.5Mbit LLU that are going back to 8Mbit/883K), but they have
>>> to pay an annual support charge and submit a request for any router
>>> config changes.
>
>> Obviously they have cash to burn, and the BT "cloud" they are  
>> selling at
>> 8M/832k is based on the ANCIENT ipstream technology which forms the
>> original ADSL1.0 offering in the UK 10 years ago. Your LLU services  
>> are
>> based on ADSL2+ so you are going to be taking a HUGE step backwards  
>> and
>> paying handsomely for the "privilege".
>
> Actually this sounds like BT Metro/IPClear which is a MPLS VPN  
> solution that I used at my previous job.  Like you say - it's using  
> the 'old' ADSL infrastructure but offers things that aren't possible  
> using regular DSL lines e.g. it's a DSL line that's delivered into  
> your own private MPLS cloud offering inter-office connectivity  
> without the overhead of individual VPN tunnels between the offices  
> (as this is handled by MPLS) along with 'centralised' internet  
> access through a nominated central office.  You can also add proper  
> QoS throughout the cloud too and add extra offices and DR sites  
> easily.  So it does offer quite a bit of extra functionality - but  
> it's all at significant cost and management overhead.

Well that depends. They are just 'regular' ADSL tails but handed off  
into a managed MPLS cloud. It's hugely expensive and unless you are  
connecting round the world not usually the most cost effective  
solution to make a private network. We make these for customers using  
DSL based closed user groups, which we can link in to MPLS once it  
comes out of the L2TP tunnel.

>
>> This is a laughable, and its usually based on some empire-building  
>> moron
>> stacking up responsibility in his own office at the companies expense
>> and at the expense of performance and progress....
>
> 100% agree with that.

Yeah but (s)he gets to go on nice BT corporate entertainment events,  
if he buys enough!

Must remove the cynical hat at some point soon!

Drew



-- 
In line with our policy, this message has been scanned for viruses and dangerous content.
Our email policy can be found at www.trunknetworks.com/policy

Trunk Networks Limited is registered in Scotland with registration number: SC351063
Registered Office 55-57 West High Street Inverurie AB51 3QQ

From pparsons at techeez.com  Mon Oct 25 20:15:10 2010
From: pparsons at techeez.com (Philip Parsons)
Date: Mon Oct 25 20:16:57 2010
Subject: Add allow for double extension
Message-ID: <11D8E491D9562549A61FD3186F3634207F91BDD6@exchange.techeez.com>

I am getting a lot of deny filetypes for the below double extension it looks like adobe is creating the double extension automatically now. How can I allow this ?

.xls.pdf


Thank you.
Philip Parsons
IT and Telecommunication Specialist
Techeez IT Consulting
250-818-2879
www.techeez.com "Making IT easy"

IMPORTANT NOTICE
This e-mail is confidential, may be legally privileged, and is for the intended recipient only. Access, disclosure, copying and distribution or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and e-mail confirmation to the sender.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101025/a0ad1379/attachment.html
From alex at rtpty.com  Mon Oct 25 20:23:37 2010
From: alex at rtpty.com (Alex Neuman)
Date: Mon Oct 25 20:24:28 2010
Subject: Add allow for double extension
In-Reply-To: <11D8E491D9562549A61FD3186F3634207F91BDD6@exchange.techeez.com>
References: <11D8E491D9562549A61FD3186F3634207F91BDD6@exchange.techeez.com>
Message-ID: <1495757275-1288034654-cardhu_decombobulator_blackberry.rim.net-1485669440-@bda478.bisx.prod.on.blackberry>

Follow the instructions at the end of the filetypes config file and either add the exceptions or comment out the rule. 
-- 
Alex Neuman van der Hans
Reliant Technologies
+507 6781-9505
+507 832-6725
+1-440-253-9789 (USA)

Recuerda visitar http://vidadigital.com.pa/ 

BB PIN 20EA17C5
Twitter: @AlexNeuman - @VidaDigitalTV
http://facebook.com/vidadigital
Skype: alexneuman

-----Original Message-----
From: Philip Parsons <pparsons@techeez.com>
Sender: mailscanner-bounces@lists.mailscanner.info
Date: Mon, 25 Oct 2010 19:15:10 
To: 'mailscanner@lists.mailscanner.info'<mailscanner@lists.mailscanner.info>
Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Subject: Add allow for double extension

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


From painethom at gmail.com  Mon Oct 25 20:28:01 2010
From: painethom at gmail.com (Thomas Paine)
Date: Mon Oct 25 20:28:11 2010
Subject: Add allow for double extension
In-Reply-To: <1495757275-1288034654-cardhu_decombobulator_blackberry.rim.net-1485669440-@bda478.bisx.prod.on.blackberry>
References: <11D8E491D9562549A61FD3186F3634207F91BDD6@exchange.techeez.com>
	<1495757275-1288034654-cardhu_decombobulator_blackberry.rim.net-1485669440-@bda478.bisx.prod.on.blackberry>
Message-ID: <AANLkTikeSdJmYtdbtk8jagbroGi9nahOdxiTobjMg_Gy@mail.gmail.com>

I have this issue now cropping up as well. We are getting Entrust
encrypted emails, that is adding on .enp to the existing file name.

I tried to write a rule, but I'm not sure if it is working right.

allow   \.xls.enp$ - -

Is this going to let the encrypted file name through?

Thanks.

-- 
-=/>Thom
From pparsons at techeez.com  Mon Oct 25 21:00:04 2010
From: pparsons at techeez.com (Philip Parsons)
Date: Mon Oct 25 21:01:51 2010
Subject: Add allow for double extension
In-Reply-To: <11D8E491D9562549A61FD3186F3634207F91BDD6@exchange.techeez.com>
References: <11D8E491D9562549A61FD3186F3634207F91BDD6@exchange.techeez.com>
Message-ID: <11D8E491D9562549A61FD3186F3634207F929FB1@exchange.techeez.com>

OK I just figured it out

allow   \.doc.pdf$

in  filename.rules.conf allows it through remember the tab spaces though.


From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Philip Parsons
Sent: October-25-10 12:15 PM
To: 'mailscanner@lists.mailscanner.info'
Subject: Add allow for double extension

I am getting a lot of deny filetypes for the below double extension it looks like adobe is creating the double extension automatically now. How can I allow this ?

.xls.pdf


Thank you.
Philip Parsons
IT and Telecommunication Specialist
Techeez IT Consulting
250-818-2879
www.techeez.com<http://www.techeez.com> "Making IT easy"

IMPORTANT NOTICE
This e-mail is confidential, may be legally privileged, and is for the intended recipient only. Access, disclosure, copying and distribution or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and e-mail confirmation to the sender.


--
This message has been scanned for viruses and
dangerous content by Techeez<http://www.techeez.com/>, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101025/6d4596a9/attachment.html
From allan.soares at funai.gov.br  Tue Oct 26 13:00:38 2010
From: allan.soares at funai.gov.br (Allan Nagem Soares)
Date: Tue Oct 26 13:01:54 2010
Subject: Top Recipient by Quantity question ...
Message-ID: <E7E8061D0EF83F4785EC2F73DB18A5A20670FFAE@boquira.funai.gov.br>

Hi all,

        Can anyone tell me if in the report "Top Recipient by Quantity" of MailScanner are considered in the count only the Non-Spam messages or all the messages including those SPAMs that were blocked ?

          Thanks in advance .

Allan Soares

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101026/57291dc1/attachment.html
From hvdkooij at vanderkooij.org  Tue Oct 26 13:10:01 2010
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Tue Oct 26 13:16:31 2010
Subject: Top Recipient by Quantity question ...
In-Reply-To: <E7E8061D0EF83F4785EC2F73DB18A5A20670FFAE@boquira.funai.gov.br>
References: <E7E8061D0EF83F4785EC2F73DB18A5A20670FFAE@boquira.funai.gov.br>
Message-ID: <05afb67ecad8aaaec829f6363d4f3a97@vps517.directvps.nl>

 On Tue, 26 Oct 2010 10:00:38 -0200, "Allan Nagem Soares"  wrote:

>  Can anyone tell me if in the report "Top Recipient by Quantity" of
> MailScanner are considered in the count only the Non-Spam messages or 
> all
> the messages including those SPAMs that were blocked ?

 Sounds like a MailWatch question. Perhaps you would do betetr by 
 posting the question on the MailWatch mailinglist.

 Hugo.

-- 
 hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/
 PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
From mikael at syska.dk  Tue Oct 26 13:21:59 2010
From: mikael at syska.dk (Mikael Syska)
Date: Tue Oct 26 13:22:12 2010
Subject: Top Recipient by Quantity question ...
In-Reply-To: <E7E8061D0EF83F4785EC2F73DB18A5A20670FFAE@boquira.funai.gov.br>
References: <E7E8061D0EF83F4785EC2F73DB18A5A20670FFAE@boquira.funai.gov.br>
Message-ID: <AANLkTim4-0NDT3oJVM3rDUq2C77nuf2pXuv-GjR3vvEb@mail.gmail.com>

Hi,

On Tue, Oct 26, 2010 at 2:00 PM, Allan Nagem Soares
<allan.soares@funai.gov.br> wrote:
> Hi all,
>
> ??????? Can anyone tell me if in the report "Top Recipient by Quantity" of
> MailScanner are considered in the count only the Non-Spam messages or all
> the messages including those SPAMs that were blocked ?

It uses the filters that you set, before making the report.

However this does sound more like a MailWatch question.

>
> ????????? Thanks in advance .
>
> Allan Soares
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>

mvh
From brent.addis at nsp.co.nz  Wed Oct 27 00:55:13 2010
From: brent.addis at nsp.co.nz (Brent Addis)
Date: Wed Oct 27 00:55:36 2010
Subject: Baruwa
Message-ID: <71EE5816EB7C4D4C9DEA1003EB79470F0C84D9EE@nspexch01.nsp.local>

Skipped content of type multipart/alternative-------------- next part --------------
A non-text attachment was scrubbed...
Name: image240a29.GIF
Type: image/gif
Size: 1099 bytes
Desc: image240a29.GIF
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101026/a60fa823/image240a29.gif
From hvdkooij at vanderkooij.org  Wed Oct 27 11:11:40 2010
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Wed Oct 27 11:18:12 2010
Subject: Baruwa
In-Reply-To: <71EE5816EB7C4D4C9DEA1003EB79470F0C84D9EE@nspexch01.nsp.local>
References: <71EE5816EB7C4D4C9DEA1003EB79470F0C84D9EE@nspexch01.nsp.local>
Message-ID: <63d14ff14fdf703075a02c12db120fda@vps517.directvps.nl>

 On Tue, 26 Oct 2010 23:55:13 +0000, Brent Addis  wrote:

> Just got this today. Seems to pretty much cover all the features I 
> found
> lacking with the last version that was released.

 Too bad the dependencies do not resolve on Centos 5:

 Error: Missing Dependency: python-uuid is needed by package 
 baruwa-1.0.0-1.noarch (/baruwa-1.0.0-1.noarch)
 Error: Missing Dependency: python-IPy is needed by package 
 baruwa-1.0.0-1.noarch (/baruwa-1.0.0-1.noarch)
 Error: Missing Dependency: dojo is needed by package 
 baruwa-1.0.0-1.noarch (/baruwa-1.0.0-1.noarch)
 Error: Missing Dependency: Django >= 1.1.1 is needed by package 
 baruwa-1.0.0-1.noarch (/baruwa-1.0.0-1.noarch)

 Hugo.

-- 
 hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/
 PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
 

From lists at macscr.com  Wed Oct 27 11:44:19 2010
From: lists at macscr.com (Mark Chaney)
Date: Wed Oct 27 11:44:33 2010
Subject: Baruwa
In-Reply-To: <63d14ff14fdf703075a02c12db120fda@vps517.directvps.nl>
References: <71EE5816EB7C4D4C9DEA1003EB79470F0C84D9EE@nspexch01.nsp.local>
	<63d14ff14fdf703075a02c12db120fda@vps517.directvps.nl>
Message-ID: <4CC80283.2060308@macscr.com>

Good thing is that the main developer is getting rid of djanjo as a 
requirement in the near future. This conversation is though a bit off 
topic and more for the baruwa mailing list.

-Mark

On 10/27/2010 05:11 AM, Hugo van der Kooij wrote:
> On Tue, 26 Oct 2010 23:55:13 +0000, Brent Addis  wrote:
>
>> Just got this today. Seems to pretty much cover all the features I found
>> lacking with the last version that was released.
>
> Too bad the dependencies do not resolve on Centos 5:
>
> Error: Missing Dependency: python-uuid is needed by package 
> baruwa-1.0.0-1.noarch (/baruwa-1.0.0-1.noarch)
> Error: Missing Dependency: python-IPy is needed by package 
> baruwa-1.0.0-1.noarch (/baruwa-1.0.0-1.noarch)
> Error: Missing Dependency: dojo is needed by package 
> baruwa-1.0.0-1.noarch (/baruwa-1.0.0-1.noarch)
> Error: Missing Dependency: Django >= 1.1.1 is needed by package 
> baruwa-1.0.0-1.noarch (/baruwa-1.0.0-1.noarch)
>
> Hugo.
>
From andrew.colin at gmail.com  Thu Oct 28 07:05:18 2010
From: andrew.colin at gmail.com (andrew colin)
Date: Thu Oct 28 07:05:26 2010
Subject: Baruwa
In-Reply-To: <63d14ff14fdf703075a02c12db120fda@vps517.directvps.nl>
References: <71EE5816EB7C4D4C9DEA1003EB79470F0C84D9EE@nspexch01.nsp.local>
	<63d14ff14fdf703075a02c12db120fda@vps517.directvps.nl>
Message-ID: <AANLkTim=hrH1JdgEFtcC8Cr-xM-Ng7oWxqvhDc4pgnZE@mail.gmail.com>

> Too bad the dependencies do not resolve on Centos 5:
>
> Error: Missing Dependency: python-uuid is needed by package
> baruwa-1.0.0-1.noarch (/baruwa-1.0.0-1.noarch)
> Error: Missing Dependency: python-IPy is needed by package
> baruwa-1.0.0-1.noarch (/baruwa-1.0.0-1.noarch)
> Error: Missing Dependency: dojo is needed by package baruwa-1.0.0-1.noarch
> (/baruwa-1.0.0-1.noarch)
> Error: Missing Dependency: Django >= 1.1.1 is needed by package
> baruwa-1.0.0-1.noarch (/baruwa-1.0.0-1.noarch)

If you looked at the doc's you would notice that those packages are provided
in EPEL you need to enable that repo to use the rpm package.

http://www.baruwa.org/install_centos.html


>
> --
> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/
> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!



-- 
"Dru"
To follow the path, look to the master, follow the master, walk with
the master, see through the master, become the master. (zen)
http://www.topdog.za.net/
http://www.baruwa.org/
From prandal at herefordshire.gov.uk  Thu Oct 28 10:43:55 2010
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Thu Oct 28 10:44:22 2010
Subject: Baruwa
In-Reply-To: <AANLkTim=hrH1JdgEFtcC8Cr-xM-Ng7oWxqvhDc4pgnZE@mail.gmail.com>
References: <71EE5816EB7C4D4C9DEA1003EB79470F0C84D9EE@nspexch01.nsp.local><63d14ff14fdf703075a02c12db120fda@vps517.directvps.nl>
	<AANLkTim=hrH1JdgEFtcC8Cr-xM-Ng7oWxqvhDc4pgnZE@mail.gmail.com>
Message-ID: <76415AED4CCF214F80FD9B0DA9A9EE4501A67120@HC-MBX01.herefordshire.gov.uk>

I tried on a test CentOS 5.5 box last night without success.

Unfortunately I know nothing of Django and python, and even less of debugging Apache crashes...

Phil

-- 
Phil Randal | Infrastructure Engineer 
NHS Herefordshire & Herefordshire Council? | Deputy Chief Executive's Office | I.C.T. Services Division 
Thorn Office Centre, Rotherwas, Hereford, HR2 6JT 
Tel: 01432 260160

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of andrew colin
Sent: 28 October 2010 07:05
To: MailScanner discussion
Subject: Re: Baruwa

> Too bad the dependencies do not resolve on Centos 5:
>
> Error: Missing Dependency: python-uuid is needed by package 
> baruwa-1.0.0-1.noarch (/baruwa-1.0.0-1.noarch)
> Error: Missing Dependency: python-IPy is needed by package 
> baruwa-1.0.0-1.noarch (/baruwa-1.0.0-1.noarch)
> Error: Missing Dependency: dojo is needed by package 
> baruwa-1.0.0-1.noarch
> (/baruwa-1.0.0-1.noarch)
> Error: Missing Dependency: Django >= 1.1.1 is needed by package 
> baruwa-1.0.0-1.noarch (/baruwa-1.0.0-1.noarch)

If you looked at the doc's you would notice that those packages are provided in EPEL you need to enable that repo to use the rpm package.

http://www.baruwa.org/install_centos.html


>
> --
> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: 
> http://hugo.vanderkooij.org/0x58F19981.asc
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!



--
"Dru"
To follow the path, look to the master, follow the master, walk with the master, see through the master, become the master. (zen) http://www.topdog.za.net/ http://www.baruwa.org/
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From btj at havleik.no  Thu Oct 28 12:18:52 2010
From: btj at havleik.no (=?ISO-8859-1?Q?Bj=F8rn?= T Johansen)
Date: Thu Oct 28 12:19:01 2010
Subject: MailScanner has detected a possible fraud attempt from
 "x.x.x.x:8082" claiming to be View Online
Message-ID: <20101028131852.11922877@btj-tux.asp-as.no>

I am trying to white list x.x.x.x by putting the ip address in the file phishing.safe.sites.conf but it doesn't seem to work... What am I missing?
Do I need to add the port 8082 or?


Regards,

BTJ

-- 
-----------------------------------------------------------------------------------------------
Bj?rn T Johansen

btj@havleik.no
-----------------------------------------------------------------------------------------------
Someone wrote:
"I understand that if you play a Windows CD backwards you hear strange Satanic messages"
To which someone replied:
"It's even worse than that; play it forwards and it installs Windows"
-----------------------------------------------------------------------------------------------
From markus at markusoft.se  Thu Oct 28 12:33:42 2010
From: markus at markusoft.se (Markus Nilsson)
Date: Thu Oct 28 12:33:57 2010
Subject: MailScanner has detected a possible fraud attempt from
 "x.x.x.x:8082" claiming to be View Online
In-Reply-To: <20101028131852.11922877@btj-tux.asp-as.no>
Message-ID: <14436122.160.1288265619955.JavaMail.markus@cronlabworkstation0>

You should add the domain name and not the ip address to the safelist!

/M

----- Original Message -----
From: "Bj?rn T Johansen" <btj@havleik.no>
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Sent: torsdag, 28 okt 2010 13:18:52
Subject: MailScanner has detected a possible fraud attempt from "x.x.x.x:8082" claiming to be View Online

I am trying to white list x.x.x.x by putting the ip address in the file phishing.safe.sites.conf but it doesn't seem to work... What am I missing?
Do I need to add the port 8082 or?


Regards,

BTJ

-- 
-----------------------------------------------------------------------------------------------
Bj?rn T Johansen

btj@havleik.no
-----------------------------------------------------------------------------------------------
Someone wrote:
"I understand that if you play a Windows CD backwards you hear strange Satanic messages"
To which someone replied:
"It's even worse than that; play it forwards and it installs Windows"
-----------------------------------------------------------------------------------------------
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

 

 

--

 

CronLab scanned this message. We don't think it was spam. If it was,

please report by copying this link into your browser: http://london.cronlab.com/mail/index.php?id=0BAFC572078.66B55-&learn=spam&host=212.91.140.41




 
 
--
This message has been scanned for viruses and dangerous content by CronLab
(www.cronlab.com), and is believed to be clean.

From btj at havleik.no  Thu Oct 28 13:01:19 2010
From: btj at havleik.no (=?ISO-8859-1?Q?Bj=F8rn?= T Johansen)
Date: Thu Oct 28 13:01:29 2010
Subject: MailScanner has detected a possible fraud attempt from
 "x.x.x.x:8082" claiming to be View Online
In-Reply-To: <14436122.160.1288265619955.JavaMail.markus@cronlabworkstation0>
References: <20101028131852.11922877@btj-tux.asp-as.no>
	<14436122.160.1288265619955.JavaMail.markus@cronlabworkstation0>
Message-ID: <20101028140119.37c62ccf@btj-tux.asp-as.no>

On Thu, 28 Oct 2010 13:33:42 +0200 (CEST)
Markus Nilsson <markus@markusoft.se> wrote:

> You should add the domain name and not the ip address to the safelist!
> 
> /M
> 
> ----- Original Message -----
> From: "Bj?rn T Johansen" <btj@havleik.no>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: torsdag, 28 okt 2010 13:18:52
> Subject: MailScanner has detected a possible fraud attempt from "x.x.x.x:8082" claiming to be View Online
> 
> I am trying to white list x.x.x.x by putting the ip address in the file phishing.safe.sites.conf but it doesn't seem to work... What am I missing?
> Do I need to add the port 8082 or?
> 

That server doesn't have any domain name... And as far as I can tell from the safelist, adding ip address is supported....?


BTJ
From btj at havleik.no  Thu Oct 28 14:00:07 2010
From: btj at havleik.no (=?ISO-8859-1?Q?Bj=F8rn?= T Johansen)
Date: Thu Oct 28 14:00:18 2010
Subject: MailScanner has detected a possible fraud attempt from
 "x.x.x.x:8082" claiming to be View Online
In-Reply-To: <20177412.178.1288268391062.JavaMail.markus@cronlabworkstation0>
References: <20101028140119.37c62ccf@btj-tux.asp-as.no>
	<20177412.178.1288268391062.JavaMail.markus@cronlabworkstation0>
Message-ID: <20101028150007.68d22f10@btj-tux.asp-as.no>

On Thu, 28 Oct 2010 14:19:52 +0200 (CEST)
Markus Nilsson <markus@markusoft.se> wrote:

> ----- Original Message -----
> > From: "Bj?rn T Johansen" <btj@havleik.no>
> > To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> > Cc: markus@markusoft.se
> > Sent: torsdag, 28 okt 2010 14:01:19
> > Subject: Re: MailScanner has detected a possible fraud attempt from "x.x.x.x:8082" claiming to be View Online
> > On Thu, 28 Oct 2010 13:33:42 +0200 (CEST)
> > Markus Nilsson <markus@markusoft.se> wrote:
> > 
> > > You should add the domain name and not the ip address to the
> > > safelist!
> > >
> > > /M
> > >
> > > ----- Original Message -----
> > > From: "Bj?rn T Johansen" <btj@havleik.no>
> > > To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> > > Sent: torsdag, 28 okt 2010 13:18:52
> > > Subject: MailScanner has detected a possible fraud attempt from
> > > "x.x.x.x:8082" claiming to be View Online
> > >
> > > I am trying to white list x.x.x.x by putting the ip address in the
> > > file phishing.safe.sites.conf but it doesn't seem to work... What am
> > > I missing?
> > > Do I need to add the port 8082 or?
> > >
> > 
> > That server doesn't have any domain name... And as far as I can tell
> > from the safelist, adding ip address is supported....?
> > 
> > 
> > BTJ
> > 
> >
> 
> Sorry :)
> I made a quick test here with the port specified, and it seems to work!
> 
> I added testdomain.com:85 to the safelist, and it did not warn after the addition
> 
> /M
> 
>  

Yes, adding the port made it work... Thx... :)

BTJ
From rcooper at dwford.com  Thu Oct 28 18:38:32 2010
From: rcooper at dwford.com (Rick Cooper)
Date: Thu Oct 28 18:38:46 2010
Subject: Baruwa
In-Reply-To: <AANLkTim=hrH1JdgEFtcC8Cr-xM-Ng7oWxqvhDc4pgnZE@mail.gmail.com>
References: <71EE5816EB7C4D4C9DEA1003EB79470F0C84D9EE@nspexch01.nsp.local><63d14ff14fdf703075a02c12db120fda@vps517.directvps.nl>
	<AANLkTim=hrH1JdgEFtcC8Cr-xM-Ng7oWxqvhDc4pgnZE@mail.gmail.com>
Message-ID: <805F66BB662B4E868D5BA8EE570DDCAE@SAHOMELT>

andrew colin wrote:
>> Too bad the dependencies do not resolve on Centos 5:
>> 
>> Error: Missing Dependency: python-uuid is needed by package
>> baruwa-1.0.0-1.noarch (/baruwa-1.0.0-1.noarch)
>> Error: Missing Dependency: python-IPy is needed by package
>> baruwa-1.0.0-1.noarch (/baruwa-1.0.0-1.noarch)
>> Error: Missing Dependency: dojo is needed by package
>> baruwa-1.0.0-1.noarch (/baruwa-1.0.0-1.noarch) Error: Missing
>> Dependency: Django >= 1.1.1 is needed by package
>> baruwa-1.0.0-1.noarch (/baruwa-1.0.0-1.noarch) 
> 
> If you looked at the doc's you would notice that those packages are
> provided in EPEL you need to enable that repo to use the rpm package.
> 
> http://www.baruwa.org/install_centos.html
> 
> 

Actually that doc states that Django is available via epel, that
mysql-python must be installed from source, python-reportlab from
topdog-software and makes no mention of dojo (which is not available from
epel or normal repos). Of course dojo can just be sourced directly or
downloaded and sourced locally afaict

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


From andrew.colin at gmail.com  Thu Oct 28 19:21:43 2010
From: andrew.colin at gmail.com (andrew colin)
Date: Thu Oct 28 19:21:52 2010
Subject: Baruwa
In-Reply-To: <805F66BB662B4E868D5BA8EE570DDCAE@SAHOMELT>
References: <71EE5816EB7C4D4C9DEA1003EB79470F0C84D9EE@nspexch01.nsp.local>
	<63d14ff14fdf703075a02c12db120fda@vps517.directvps.nl>
	<AANLkTim=hrH1JdgEFtcC8Cr-xM-Ng7oWxqvhDc4pgnZE@mail.gmail.com>
	<805F66BB662B4E868D5BA8EE570DDCAE@SAHOMELT>
Message-ID: <AANLkTin8L5+=Zgw7kpe5F3VzVHgsNYaWJXCTKMfq3QSp@mail.gmail.com>

> epel or normal repos). Of course dojo can just be sourced directly or
> downloaded and sourced locally afaict
>
> Rick
>

Docs typo the dojo rpm is available http://topdog-software.com/oss/dojo/
From sjohnson at edina.k12.mn.us  Thu Oct 28 19:40:33 2010
From: sjohnson at edina.k12.mn.us (Johnson, SE)
Date: Thu Oct 28 19:40:44 2010
Subject: MailScanner not invoking spamassassin
Message-ID: <20AFEB2670F2FA428EA57E2F9986FB7C01ABB9BF@eccemail.ISD273.ORG>

Well, not invoking may be the wrong term here but...

I have a current mail server (postfix/amavisd/MailScanner/ClamAV) that I
installed about 4 years ago that I'm moving to a new box and dropping
amavisd out of the mix as it appears to be redundant.

The install is Fedora Core 13 along with the clam, postfix, MailScanner,
and Spamassassin RPMS. THe configuration is set up to except, scan and
forward the email through to my mail server.  This is tested and all
works.  Use Spamassassin is turned on in the MailScanner.conf file.

So I decided to test the filtering to make sure that was working.

To test, I telnetted to port 25 and in the data field I type the name of
the tiny blue pill "v****a" three times then sent the message on.  

I was expecting this message to get denied but to my amazement it was
forwarded through to my internal mail server.

In checking the logs I didn't see any reference to Spamassassin.

I turned on the debug logging in MailScanner and tried the same test
again.  This time I did see one message
"SpamAssassin cache hit for message ..." which I assume it was because
the two messages were identical.

I went through the spam.assassin.prefs.conf file and made sure all the
directories referenced did exist and had the expected files in them.

I assume that since I saw that line that at least part of spamassassin
is being called.  Question is, why is it not checking content?  Oh.  In
amavisd, the spamassassin tests that were applied to an incoming message
were logged in the maillog; I do not see any log entries of this type so
I'm thinking that the content checks are not being run.

Any ideas on what I can check or how I can troubleshoot this further?

Thanks
  Scott


From alex at rtpty.com  Thu Oct 28 19:59:35 2010
From: alex at rtpty.com (Alex Neuman)
Date: Thu Oct 28 20:00:21 2010
Subject: MailScanner not invoking spamassassin
In-Reply-To: <20AFEB2670F2FA428EA57E2F9986FB7C01ABB9BF@eccemail.ISD273.ORG>
References: <20AFEB2670F2FA428EA57E2F9986FB7C01ABB9BF@eccemail.ISD273.ORG>
Message-ID: <603365676-1288292409-cardhu_decombobulator_blackberry.rim.net-573025430-@bda478.bisx.prod.on.blackberry>

Just typing the name three times doesn't mean it'll block it right away. Have you looked at how spamassassin uses scores? How does the message itself score? You need to read up a bit more on how SA works to tell. 
-- 
Alex Neuman van der Hans
Reliant Technologies
+507 6781-9505
+507 832-6725
+1-440-253-9789 (USA)

Recuerda visitar http://vidadigital.com.pa/ 

BB PIN 20EA17C5
Twitter: @AlexNeuman - @VidaDigitalTV
http://facebook.com/vidadigital
Skype: alexneuman

-----Original Message-----
From: "Johnson, SE" <sjohnson@edina.k12.mn.us>
Sender: mailscanner-bounces@lists.mailscanner.info
Date: Thu, 28 Oct 2010 13:40:33 
To: <mailscanner@lists.mailscanner.info>
Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Subject: MailScanner not invoking spamassassin

Well, not invoking may be the wrong term here but...

I have a current mail server (postfix/amavisd/MailScanner/ClamAV) that I
installed about 4 years ago that I'm moving to a new box and dropping
amavisd out of the mix as it appears to be redundant.

The install is Fedora Core 13 along with the clam, postfix, MailScanner,
and Spamassassin RPMS. THe configuration is set up to except, scan and
forward the email through to my mail server.  This is tested and all
works.  Use Spamassassin is turned on in the MailScanner.conf file.

So I decided to test the filtering to make sure that was working.

To test, I telnetted to port 25 and in the data field I type the name of
the tiny blue pill "v****a" three times then sent the message on.  

I was expecting this message to get denied but to my amazement it was
forwarded through to my internal mail server.

In checking the logs I didn't see any reference to Spamassassin.

I turned on the debug logging in MailScanner and tried the same test
again.  This time I did see one message
"SpamAssassin cache hit for message ..." which I assume it was because
the two messages were identical.

I went through the spam.assassin.prefs.conf file and made sure all the
directories referenced did exist and had the expected files in them.

I assume that since I saw that line that at least part of spamassassin
is being called.  Question is, why is it not checking content?  Oh.  In
amavisd, the spamassassin tests that were applied to an incoming message
were logged in the maillog; I do not see any log entries of this type so
I'm thinking that the content checks are not being run.

Any ideas on what I can check or how I can troubleshoot this further?

Thanks
  Scott


--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
From maxsec at gmail.com  Thu Oct 28 20:13:28 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Thu Oct 28 20:13:37 2010
Subject: MailScanner not invoking spamassassin
In-Reply-To: <20AFEB2670F2FA428EA57E2F9986FB7C01ABB9BF@eccemail.ISD273.ORG>
References: <20AFEB2670F2FA428EA57E2F9986FB7C01ABB9BF@eccemail.ISD273.ORG>
Message-ID: <AANLkTin6_Jw2os5tV_zEro4uTiLhtS8RuL6G5qm4Ju1A@mail.gmail.com>

to make sure Mailscanner is verbose in the mail headers make sure the
following config lines in MailScanner.conf are as follows.


Spam Score Number Format = %5.2f

Detailed Spam Report = yes

Include Scores In SpamAssassin Report = yes

Always Include SpamAssassin Report = yes

Spam Score Number Format = %5.2f


Mailscanner will also log quite a bit to maillog so also check there, and I
presume you'll lint checked mailScanner and also run it in debug mode and
checked for any errors?

http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mailscanner

http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:performance&s=lint



-- 
Martin Hepworth
Oxford, UK


On 28 October 2010 19:40, Johnson, SE <sjohnson@edina.k12.mn.us> wrote:

> Well, not invoking may be the wrong term here but...
>
> I have a current mail server (postfix/amavisd/MailScanner/ClamAV) that I
> installed about 4 years ago that I'm moving to a new box and dropping
> amavisd out of the mix as it appears to be redundant.
>
> The install is Fedora Core 13 along with the clam, postfix, MailScanner,
> and Spamassassin RPMS. THe configuration is set up to except, scan and
> forward the email through to my mail server.  This is tested and all
> works.  Use Spamassassin is turned on in the MailScanner.conf file.
>
> So I decided to test the filtering to make sure that was working.
>
> To test, I telnetted to port 25 and in the data field I type the name of
> the tiny blue pill "v****a" three times then sent the message on.
>
> I was expecting this message to get denied but to my amazement it was
> forwarded through to my internal mail server.
>
> In checking the logs I didn't see any reference to Spamassassin.
>
> I turned on the debug logging in MailScanner and tried the same test
> again.  This time I did see one message
> "SpamAssassin cache hit for message ..." which I assume it was because
> the two messages were identical.
>
> I went through the spam.assassin.prefs.conf file and made sure all the
> directories referenced did exist and had the expected files in them.
>
> I assume that since I saw that line that at least part of spamassassin
> is being called.  Question is, why is it not checking content?  Oh.  In
> amavisd, the spamassassin tests that were applied to an incoming message
> were logged in the maillog; I do not see any log entries of this type so
> I'm thinking that the content checks are not being run.
>
> Any ideas on what I can check or how I can troubleshoot this further?
>
> Thanks
>  Scott
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101028/c5df0bed/attachment.html
From guenther at palousecom.com  Fri Oct 29 22:04:16 2010
From: guenther at palousecom.com (Dean Guenther)
Date: Fri Oct 29 22:04:26 2010
Subject: getting to the text part of a "From:"
Message-ID: <54ea77ac0070e1406695d1d96279d491.squirrel@palousecom.com>

I'm interested in using spam.blacklist.rules for marking as spam mail that
has the text part of a From statement that meets criteria. I've poked
around the FAQ and trying other searches but I can't find the info I'm
looking for.

So far, everything in the spam.blacklist.rules works, but it only filters
out on username@domain addresses. More specifically if I have

     From: "Credit Check" <info@letticriyadh.info>

Whatever I have in spam.blacklist.rules only is applied to
"info@letticriyadh.info". What I tried in my spam.blacklist.rules is:

     From: /Credit.*?Check/  yes

But that gets ignored. Or even simply

     From: /Credit/  yes

is ignored. Is it possible to coax spam.blacklist.rules to scan the whole
line? If not, how else can I get to check the rest of the From statement?

thanks -- Dean Guenther

From maillists at conactive.com  Sat Oct 30 15:31:15 2010
From: maillists at conactive.com (Kai Schaetzl)
Date: Sat Oct 30 15:31:29 2010
Subject: getting to the text part of a "From:"
In-Reply-To: <54ea77ac0070e1406695d1d96279d491.squirrel@palousecom.com>
References: <54ea77ac0070e1406695d1d96279d491.squirrel@palousecom.com>
Message-ID: <VA.00003b58.48234da3@news.conactive.com>

Dean Guenther wrote on Fri, 29 Oct 2010 14:04:16 -0700 (PDT):

> Is it possible to coax spam.blacklist.rules to scan the whole
> line?

MailScanner works on the envelope from. You want to work on the message 
header from.

> If not, how else can I get to check the rest of the From statement?

A typical job for SA.

Kai

-- 
Get your web at Conactive Internet Services: http://www.conactive.com