From neil at dcdata.co.za Tue Feb 1 07:49:41 2011 From: neil at dcdata.co.za (Neil Wilson) Date: Tue Feb 1 08:22:59 2011 Subject: Blocking Fake Banking Emails Message-ID: <4D47BB15.9050102@dcdata.co.za> Hi guys, In South Africa we get tons of banking spam emails phishing for users account information. I don't want to send a sample to the list, but the problem is that the emails look almost like the real bank emails. Are there any methods of blocking the fake ones, is this just a big problem in S.A. or is everyone around the globe subjected to these? I'm running the latest spam assassin, with updated rules, and MailScanner and most of the emails don't get hit by any of the spam assassin rules, so it's not just a matter of bumping up scores. Any help will be appreciated. Thanks. Regards. Neil This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html From maxsec at gmail.com Tue Feb 1 13:49:14 2011 From: maxsec at gmail.com (Martin Hepworth) Date: Tue Feb 1 13:49:24 2011 Subject: Blocking Fake Banking Emails In-Reply-To: <4D47BB15.9050102@dcdata.co.za> References: <4D47BB15.9050102@dcdata.co.za> Message-ID: Ensure the RBL and URIRBL lookupss are working in SpamAssassin Also make sure you've not got the phishing checks in mailScanner turned off or overly whitelisted. when you say latest I presume you mean SA at 3.3.1, Also you can see what rules are hit in SA etc buy enabling the following settings in MailScanner.conf, so you see if there's anything causing SA to miss the emails (like whitelisting overly done) Spam Score Number Format = %5.2f Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = yes Spam Score Number Format = %5.2f -- Martin Hepworth Oxford, UK On 1 February 2011 07:49, Neil Wilson wrote: > Hi guys, > > In South Africa we get tons of banking spam emails phishing for users > account information. > > I don't want to send a sample to the list, but the problem is that the > emails look almost like the real bank emails. > > Are there any methods of blocking the fake ones, is this just a big problem > in S.A. or is everyone around the globe subjected to these? > > I'm running the latest spam assassin, with updated rules, and MailScanner > and most of the emails don't get hit by any of the spam assassin rules, so > it's not just a matter of bumping up scores. > > Any help will be appreciated. > > Thanks. > > Regards. > > Neil > > > > > > > > > > > > > > This email and all contents are subject to the following disclaimer: > http://www.dcdata.co.za/emaildisclaimer.html > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110201/af92b143/attachment.html From amoore at dekalbmemorial.com Tue Feb 1 14:02:36 2011 From: amoore at dekalbmemorial.com (Aaron K. Moore) Date: Tue Feb 1 14:02:50 2011 Subject: Blocking Fake Banking Emails In-Reply-To: References: <4D47BB15.9050102@dcdata.co.za> Message-ID: <60D398EB2DB948409CA1F50D8AF12257084FEDEB@exch1.dekalbmemorial.local> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 3683 bytes Desc: Logo_Mission_final.gif Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110201/7ba4a08b/attachment.gif From richard at fastnet.co.uk Tue Feb 1 14:13:34 2011 From: richard at fastnet.co.uk (Richard Mealing) Date: Tue Feb 1 14:13:53 2011 Subject: Blocking Fake Banking Emails In-Reply-To: <60D398EB2DB948409CA1F50D8AF12257084FEDEB@exch1.dekalbmemorial.local> References: <4D47BB15.9050102@dcdata.co.za> <60D398EB2DB948409CA1F50D8AF12257084FEDEB@exch1.dekalbmemorial.local> Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 3683 bytes Desc: image001.gif Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110201/c0f7a3ce/image001.gif From gregory.durham at gmail.com Tue Feb 1 22:17:47 2011 From: gregory.durham at gmail.com (Gregory Durham) Date: Tue Feb 1 22:19:43 2011 Subject: Proper installation Message-ID: Hello All, I am needing to install mailscanner on several machines of the same hardware/os/etc. Is it possible to build all of the packages on a dev environment and then use the resulting packages on all of the other boxes. We do not want to have the build done on production boxes. Is this indeed possible? If so are these in the RPMS/{i386,noarch,...} directories? Thanks, Greg From glenn.steen at gmail.com Tue Feb 1 22:27:04 2011 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 1 22:27:14 2011 Subject: Fedora 12 MailScanner 477.10 RBL checks Not working In-Reply-To: References: Message-ID: You REALLY shouldn't use that many BLs in mailscanner itself, since it is inefficient. One or two is ok, complemented by one or more that you really trust for rejecting in the MTA. The rest you should use in spamassassin, which will do the lookups in parallell, not serialised as in MS. If one email sender would trigger two BLs, with the current config, all that would happen is that your lowscoring spam action would trigger... Mail from suspect sources would still be accepted (MS cannot reject, since it isn't an MTA)... I'd recommend lowering the hits needed to be highscoring spam, so that that action get triggered instead... While you have a think on what BL to use where. Cheers -- -- Glenn Den 31 jan 2011 20.18, "Adam Laye" skrev: Fedora 12 MailScanner 4.77.10 SpamAssassin 3.2.5 Postfix 2.6.2 I have scoured Google and Mailing list archives but cannot pin point the issue. I believe MailScanner Should be checking RBLs but can find not refference to them in my Log files. Additionally Server clearly listed are able to send to my servers. MailScanner config %etc-dir% = /etc/MailScanner %report-dir% = /etc/MailScanner/reports/en %rules-dir% = /etc/MailScanner/rules Spam List Definitions =%etc-dir%/spam.lists.conf ( I have also tried using the direct path) Virus Scanner Definitions = %etc-dir%/virus.scanners.conf Spam Checks = yes Spam List = SORBS-DNSBL SORBS-HTTP SORBS-SOCKS SORBS-MISC SORBS-SMTP SORBS-WEB SORBS-SPAM SORBS-BLOCK SORBS-ZOMBIE SORBS-DUL SORBS-RHSBL Spam Domain List = SORBS-BADCONF SORBS-NOMAIL Spam Lists To Be Spam = 1 Spam Lists To Reach High Score = 3 Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules Is Definitely Spam = %rules-dir%/spam.blacklist.rules Read IP Address From Received Header = 2 MailScanner rocks! Thank you for any assitance you can offer, Please let me know if additional info should be posted. Adam -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110201/0e191393/attachment.html From ben at electricembers.net Tue Feb 1 23:54:20 2011 From: ben at electricembers.net (Ben) Date: Tue Feb 1 23:54:49 2011 Subject: Virus attachments not replaced with warning text References: <4C5BEB05.5050408@ecs.soton.ac.uk> Message-ID: Any word on this? Will the old functionality -- to still send the message body, replacing only the infected attachment with the warning text -- ever come back? From noel.butler at ausics.net Wed Feb 2 03:28:06 2011 From: noel.butler at ausics.net (Noel Butler) Date: Wed Feb 2 03:28:20 2011 Subject: Process did not exit cleanly. In-Reply-To: <4D1ADA82.9070002@tartan.co.za> References: <4D1ADA82.9070002@tartan.co.za> Message-ID: <1296617286.10885.11.camel@tardis> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110202/83dde59c/attachment.bin From glenn.steen at gmail.com Wed Feb 2 08:32:06 2011 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 2 08:32:17 2011 Subject: Process did not exit cleanly. In-Reply-To: <1296617286.10885.11.camel@tardis> References: <4D1ADA82.9070002@tartan.co.za> <1296617286.10885.11.camel@tardis> Message-ID: On 2 February 2011 04:28, Noel Butler wrote: > This is a just a caution to anyone updating their OS's or more precisely, > versions of perl. > > This is a bug as best I can tell to do with mailscanners handling of > spamassassin, if SA is disabled, MS appears to work fine, else it constantly > bails as below, leaving copies of mail and all in work dirs, mail is however > still delivered, so appears nothing is lost. > Must have missed this/been busy elsewhere. I suppose doing a debug run (debug-sa, as well) would give some better pinpoint than just "SA as called from MS is broken on 5.10.1"...?:-) Pinpointing this type of thing can be a real PITA:-). > It's down to modern versions of perl, perl modules, but it seems not enough > of us use? 5.10.1 or greater (no issue with 5.10.0), so no other people see > it for it to be given any real urgency at present. (we stopped using > mailscanner, will use it again once this bug is fixed) Julian was made aware > of two months or more ago, but is unable to reproduce it. > Modern versions of perl or modern versions of supporting modules? > Since most of you use antiquated CentOS and Debian versions, you likely wont > be stung for some years yet :) > But anyone using current Gentoo, Slackware and report of Archlinux as well, > be forewarned. > If this is all true, then at least Ubuntu 10.10 and Mandriva 2010.2 would be affected as well... I'll know more shortly. You mentioned having a testcase of a few hundred byte that was sure to trigger it... Could you share it with me? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From john at tradoc.fr Wed Feb 2 08:58:08 2011 From: john at tradoc.fr (John Wilcock) Date: Wed Feb 2 08:58:26 2011 Subject: Process did not exit cleanly. In-Reply-To: References: <4D1ADA82.9070002@tartan.co.za> <1296617286.10885.11.camel@tardis> Message-ID: <4D491CA0.60503@tradoc.fr> Le 02/02/2011 09:32, Glenn Steen a ?crit : >> It's down to modern versions of perl, perl modules, but it seems not enough >> > of us use 5.10.1 or greater (no issue with 5.10.0), so no other people see >> > it for it to be given any real urgency at present. (we stopped using >> > mailscanner, will use it again once this bug is fixed) Julian was made aware >> > of two months or more ago, but is unable to reproduce it. >> > > Modern versions of perl or modern versions of supporting modules? > There's at least one known bug in Archive::Zip 1.30 that causes some zip attachments (and other zip-container formats such as docx) to kill MailScanner under perl 5.12 (and maybe 5.10.x) - see https://rt.cpan.org/Public/Bug/Display.html?id=61930 for a description and a fix. John. -- -- Over 4000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From sandrews at andrewscompanies.com Wed Feb 2 18:56:14 2011 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Wed Feb 2 18:56:25 2011 Subject: RBL list Message-ID: Can anyone comment on what would be appropriate list to use for RBLs? Currently using: SBL+XBL spamhaus-ZEN spamcop.net But it's not enough, gonna stick on NJABL as well. Any thoughts? Steve From jwithrow at matech.net Wed Feb 2 18:57:21 2011 From: jwithrow at matech.net (Joshua F. Withrow) Date: Wed Feb 2 18:58:56 2011 Subject: RBL list In-Reply-To: References: Message-ID: I use Barracuda and ZEN. Does the job for me. Josh Withrow Software Developer Office: 410-548-1627 x154 Email: jwithrow@matech.net -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews Sent: Wednesday, February 02, 2011 1:56 PM To: mailscanner@lists.mailscanner.info Subject: RBL list Can anyone comment on what would be appropriate list to use for RBLs? Currently using: SBL+XBL spamhaus-ZEN spamcop.net But it's not enough, gonna stick on NJABL as well. Any thoughts? Steve -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This message is the property of Machining Technologies, Inc (MaTech) and the Information contained herein may be/is subject to the Code of Federal Regulations Chapter 22 International Traffic in Arms Regulations (ITAR). This data may not be resold, diverted, transferred, transshipped, made available to a foreign national within the United States, or otherwise disposed of in any other country outside of its intended destination, either in original form or after being incorporated through an intermediate process into other data without the prior written approval of the US Department of State. The information in this e-mail and subsequent attachments may contain legally privileged, proprietary and/or confidential information that is intended only for the use of the addressee(s). No addressee should forward, print, copy or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as the recipient. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, retention or use of the contents of this e-mail information is prohibited. If you have received this communication in error, please immediately notify the sender by telephone or return e-mail and delete this e-mail. Thank You. From jakari at bithose.com Wed Feb 2 19:04:06 2011 From: jakari at bithose.com (Jameel Akari) Date: Wed Feb 2 19:04:44 2011 Subject: RBL list In-Reply-To: References: Message-ID: On Wed, 2 Feb 2011, Steven Andrews wrote: > Can anyone comment on what would be appropriate list to use for RBLs? > > Currently using: SBL+XBL spamhaus-ZEN spamcop.net If you have ZEN, you don't need SBL+XBL as well. I've put Barracuda's BRBL in front of ZEN, and that generally works very well for us at work. -- Jameel Akari From steve at fsl.com Wed Feb 2 19:24:41 2011 From: steve at fsl.com (Stephen Swaney) Date: Wed Feb 2 19:24:53 2011 Subject: RBL list In-Reply-To: References: Message-ID: Steve, You need to be aware of the permitted "Terms of Use? which are different for each of the different RBLs. What is free to use and what is NOT free to use is fairly complex. I put together a white paper, "RBL use and configuration with MailScanner and SpamAssassin" a while back that covers using some of the most effective and popular RBL?s. It can be downloaded from our web site www.fsl.com. http://www.fsl.com/images/docs/readme_rbl_use_ms_sa.pdf I can?t promise it?s still 100% accurate but it?s pretty close. Best regards, Steve -- Steve Swaney steve@fsl.com 202 595-7760 ext: 601 www.fsl.com The most accurate and cost effective anti-spam solutions available On Feb 2, 2011, at 2:56 PM, Steven Andrews wrote: > Can anyone comment on what would be appropriate list to use for RBLs? > > Currently using: SBL+XBL spamhaus-ZEN spamcop.net > > But it's not enough, gonna stick on NJABL as well. > > Any thoughts? > > Steve > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From sonidhaval at gmail.com Wed Feb 2 19:26:44 2011 From: sonidhaval at gmail.com (sonidhaval@gmail.com) Date: Wed Feb 2 19:26:54 2011 Subject: RBL list In-Reply-To: References: Message-ID: Hello, I will prefer spamhaus-ZEN, spamcop.net and CBL. I have seen many false positive using Barracuda RBL. Thanks, -- Kind regards, Dhaval Soni ( RHCA ) Cell: +91 - 966.20.29.620 Active Contributor of *LinuxArticles.org* On Thu, Feb 3, 2011 at 12:27 AM, Joshua F. Withrow wrote: > I use Barracuda and ZEN. Does the job for me. > > > Josh Withrow > Software Developer > Office: 410-548-1627 x154 > Email: jwithrow@matech.net > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto: > mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews > Sent: Wednesday, February 02, 2011 1:56 PM > To: mailscanner@lists.mailscanner.info > Subject: RBL list > > Can anyone comment on what would be appropriate list to use for RBLs? > > Currently using: SBL+XBL spamhaus-ZEN spamcop.net > > But it's not enough, gonna stick on NJABL as well. > > Any thoughts? > > Steve > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > This message is the property of Machining Technologies, Inc (MaTech) and > the Information contained herein may be/is subject to the Code of Federal > Regulations Chapter 22 International Traffic in Arms Regulations (ITAR). > This data may not be resold, diverted, transferred, transshipped, made > available to a foreign national within the United States, or otherwise > disposed of in any other country outside of its intended destination, either > in original form or after being incorporated through an intermediate process > into other data without the prior written approval of the US Department of > State. The information in this e-mail and subsequent attachments may > contain legally privileged, proprietary and/or confidential information > that is intended only for the use of the addressee(s). > No addressee should forward, print, copy or otherwise reproduce this > message in any manner that would allow it to be viewed by any > individual not originally listed as the recipient. If you are not the > intended recipient, you are hereby notified that any disclosure, copying, > distribution, retention or use of the contents of this e-mail information is > prohibited. If you have received this communication in error, please > immediately notify the sender by telephone or return e-mail and delete this > e-mail. Thank You. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110203/65f0052a/attachment.html From peter.ong at hypermediasystems.com Wed Feb 2 19:45:21 2011 From: peter.ong at hypermediasystems.com (Peter Ong) Date: Wed Feb 2 19:45:32 2011 Subject: RBL list In-Reply-To: Message-ID: <676512604.2108.1296675921491.JavaMail.root@mail021.dti> reject_rbl_client zen.spamhaus.org reject_rbl_client multi.uribl.com reject_rbl_client dnsbl.njabl.org reject_rbl_client cbl.abuseat.org reject_rbl_client bl.spamcop.net # reject_rbl_client dnsbl.sorbs.net reject_rbl_client combined.rbl.msrbl.net # reject_rbl_client b.barracudacentral.org From steve.freegard at fsl.com Wed Feb 2 21:22:13 2011 From: steve.freegard at fsl.com (Steve Freegard) Date: Wed Feb 2 21:22:57 2011 Subject: RBL list In-Reply-To: <676512604.2108.1296675921491.JavaMail.root@mail021.dti> References: <676512604.2108.1296675921491.JavaMail.root@mail021.dti> Message-ID: <4D49CB05.5090804@fsl.com> On 02/02/11 19:45, Peter Ong wrote: > reject_rbl_client zen.spamhaus.org > reject_rbl_client cbl.abuseat.org Zen includes the CBL data in the Spamhaus XBL dataset included in Zen, so querying both is a waste of resources. Regards, Steve. From noel.butler at ausics.net Thu Feb 3 01:38:23 2011 From: noel.butler at ausics.net (Noel Butler) Date: Thu Feb 3 01:38:37 2011 Subject: Process did not exit cleanly. In-Reply-To: References: <4D1ADA82.9070002@tartan.co.za> <1296617286.10885.11.camel@tardis> Message-ID: <1296697103.5882.14.camel@tardis> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110203/e543cd7c/attachment.bin From noel.butler at ausics.net Thu Feb 3 01:40:27 2011 From: noel.butler at ausics.net (Noel Butler) Date: Thu Feb 3 01:40:39 2011 Subject: Process did not exit cleanly. In-Reply-To: <4D491CA0.60503@tradoc.fr> References: <4D1ADA82.9070002@tartan.co.za> <1296617286.10885.11.camel@tardis> <4D491CA0.60503@tradoc.fr> Message-ID: <1296697227.5882.16.camel@tardis> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110203/6490eb29/attachment.bin From sonidhaval at gmail.com Thu Feb 3 07:55:36 2011 From: sonidhaval at gmail.com (sonidhaval@gmail.com) Date: Thu Feb 3 07:55:45 2011 Subject: RBL list In-Reply-To: <4D49CB05.5090804@fsl.com> References: <676512604.2108.1296675921491.JavaMail.root@mail021.dti> <4D49CB05.5090804@fsl.com> Message-ID: Hello, Can we not use *The Domain Block List* (DBL) from spamhaus with MailScanner ? If yes, how we can do that? Thanks, -- Kind regards, Dhaval Soni ( RHCA ) Active Contributor of *www.LinuxArticles.org* On Thu, Feb 3, 2011 at 2:52 AM, Steve Freegard wrote: > On 02/02/11 19:45, Peter Ong wrote: > >> reject_rbl_client zen.spamhaus.org >> reject_rbl_client cbl.abuseat.org >> > > Zen includes the CBL data in the Spamhaus XBL dataset included in Zen, so > querying both is a waste of resources. > > Regards, > Steve. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110203/1a3da172/attachment.html From glenn.steen at gmail.com Thu Feb 3 10:19:12 2011 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 3 10:19:22 2011 Subject: Process did not exit cleanly. In-Reply-To: <1296697103.5882.14.camel@tardis> References: <4D1ADA82.9070002@tartan.co.za> <1296617286.10885.11.camel@tardis> <1296697103.5882.14.camel@tardis> Message-ID: On 3 February 2011 02:38, Noel Butler wrote: > Glenn, > > This was an advisory only, some months ago, Julian got all that information, > including specific perl modules used etc and couldnt reproduce it he said. > No obvious errors appeared in any debugs.? I don't have the time to bother > any further without a suggestion on a certain direction, and as Julian > couldn't offer any........ > Ok. Well, I did miss this the first time around, and as I've dabbled a bit in the Postfix part of the code... I tend to get ... "nervous"... when there are problem reports like this mentioning PF et al:-). Expecially newer versions than the ones I use...:) I might still have a window of a few days to work on MailScanner, before the paying job madness descends on me again, so I will try to mimic your setup (well, not volume-wise:-) and see how it goes. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From hvdkooij at vanderkooij.org Thu Feb 3 11:53:34 2011 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Feb 3 11:53:55 2011 Subject: Proper installation In-Reply-To: References: Message-ID: <4dde32518093d6721fefc3bd548c9736@vps517.directvps.nl> On Tue, 1 Feb 2011 14:17:47 -0800, Gregory Durham wrote: > Hello All, > I am needing to install mailscanner on several machines of the same > hardware/os/etc. Is it possible to build all of the packages on a dev > environment and then use the resulting packages on all of the other > boxes. We do not want to have the build done on production boxes. Is > this indeed possible? If so are these in the RPMS/{i386,noarch,...} > directories? Well. I would say that this is rather why packages were invented in the first place. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc From peter.ong at hypermediasystems.com Thu Feb 3 15:10:50 2011 From: peter.ong at hypermediasystems.com (Peter Ong) Date: Thu Feb 3 15:11:01 2011 Subject: Proper installation In-Reply-To: <206567691.3368.1296745730618.JavaMail.root@mail021.dti> Message-ID: <1974234383.3372.1296745850474.JavaMail.root@mail021.dti> > I am needing to install mailscanner on several machines of the same > hardware/os/etc. Is it possible to build all of the packages on a dev > environment and then use the resulting packages on all of the other Maybe you can build just one box and clone them? Clonezilla? That might be even faster. p From peter.ong at hypermediasystems.com Thu Feb 3 15:15:16 2011 From: peter.ong at hypermediasystems.com (Peter Ong) Date: Thu Feb 3 15:15:25 2011 Subject: RBL list In-Reply-To: Message-ID: <1934627272.3392.1296746116884.JavaMail.root@mail021.dti> > Can we not use The Domain Block List (DBL) from spamhaus with > MailScanner ? If yes, how we can do that? Hmm... I wonder if this is what you're looking for... /etc/MailScanner/MailScanner.conf, fields, "Spam List" and "Spam Domain List" From peter at farrows.org Thu Feb 3 15:18:57 2011 From: peter at farrows.org (Peter Farrow) Date: Thu Feb 3 15:19:06 2011 Subject: Proper installation In-Reply-To: <1974234383.3372.1296745850474.JavaMail.root@mail021.dti> References: <1974234383.3372.1296745850474.JavaMail.root@mail021.dti> Message-ID: <4D4AC761.2080209@farrows.org> On 03/02/2011 15:10, Peter Ong wrote: >> I am needing to install mailscanner on several machines of the same >> hardware/os/etc. Is it possible to build all of the packages on a dev >> environment and then use the resulting packages on all of the other > Maybe you can build just one box and clone them? Clonezilla? That might be even faster. > > p Or, make it a virtual machine using VMware and copy the image around.... P. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110203/9cd5acb9/attachment.html From Amelein at dantumadiel.eu Thu Feb 3 15:42:20 2011 From: Amelein at dantumadiel.eu (Arjan Melein) Date: Thu Feb 3 15:42:44 2011 Subject: Message attempted to kill mailscanner (still) Message-ID: <4D4ADAEC0200008E00017F26@10.1.0.206> I keep having a problem with a low volume (50-ish mails daily, yay greylisting:)) where when there has not been any e-mail for a while and the MS processes have 'expired' that it will kill each running process with 'dying of old age' when a new mail arrives and thus triggering the crash protection. The problem is that most of the time it keeps doing it on CRON generated e-mails that I'd actually like to get. Is there any way to get around this other then turning up the expire time a lot and just auto restarting MS with a cron job ? This problem does not show on higher volume mail servers because those get enough e-mail to keep the MS processes from expiring all at the same time. - Arjan From sonidhaval at gmail.com Thu Feb 3 16:06:21 2011 From: sonidhaval at gmail.com (sonidhaval@gmail.com) Date: Thu Feb 3 16:06:30 2011 Subject: RBL list In-Reply-To: <1934627272.3392.1296746116884.JavaMail.root@mail021.dti> References: <1934627272.3392.1296746116884.JavaMail.root@mail021.dti> Message-ID: Hello, I have used below entry in* spam.lists.conf.* DBL dbl.spamhaus.org. In *MailScanner.conf,* Spam Domain List = DBL I have also restarted MailScanner, but seems like not working. Any clue on it? Thanks, -- Kind regards, Dhaval Soni ( RHCA ) Cell: +91 - 966.20.29.620 Active Contributor of *LinuxArticles.org* On Thu, Feb 3, 2011 at 8:45 PM, Peter Ong wrote: > > > Can we not use The Domain Block List (DBL) from spamhaus with > > MailScanner ? If yes, how we can do that? > > Hmm... I wonder if this is what you're looking for... > > /etc/MailScanner/MailScanner.conf, fields, "Spam List" and "Spam Domain > List" > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110203/0955b809/attachment.html From Dstraka at caspercollege.edu Thu Feb 3 17:00:07 2011 From: Dstraka at caspercollege.edu (Daniel Straka) Date: Thu Feb 3 17:00:57 2011 Subject: PDF Virus getting past MailScanner with Sophos Message-ID: <4D4A7CA7020000000010EC1A@gw.caspercollege.edu> Yesterday, we had a user receive an attached pdf containing the virus Mal/PDFEx-J. Sophos at the desktop caught it but MailScanner/Sophos did not detect it. By default, does MS allow pdf's to bypass virus scanning? Dan Straka Systems Coordinator Casper College 307.268.2399 http://www.caspercollege.edu From MailScanner at ecs.soton.ac.uk Thu Feb 3 17:10:40 2011 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 3 17:10:58 2011 Subject: PDF Virus getting past MailScanner with Sophos In-Reply-To: <4D4A7CA7020000000010EC1A@gw.caspercollege.edu> References: <4D4A7CA7020000000010EC1A@gw.caspercollege.edu> <4D4AE190.8070805@ecs.soton.ac.uk> Message-ID: Most definitely not! Unless you've *really* configured your scanning to not scan some mail. It normally scans everything. On 03/02/2011 17:00, Daniel Straka wrote: > Yesterday, we had a user receive an attached pdf containing the virus Mal/PDFEx-J. Sophos at the desktop caught it but MailScanner/Sophos did not detect it. By default, does MS allow pdf's to bypass virus scanning? > > Dan Straka > Systems Coordinator > Casper College > 307.268.2399 > http://www.caspercollege.edu > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Dstraka at caspercollege.edu Thu Feb 3 17:13:58 2011 From: Dstraka at caspercollege.edu (Daniel Straka) Date: Thu Feb 3 17:14:36 2011 Subject: PDF Virus getting past MailScanner with Sophos In-Reply-To: References: <4D4A7CA7020000000010EC1A@gw.caspercollege.edu> <4D4AE190.8070805@ecs.soton.ac.uk> Message-ID: <4D4A7FE6020000000010EC25@gw.caspercollege.edu> Thanks Julian...I'll investigate. >>> Julian Field 2/3/2011 10:10 AM >>> Most definitely not! Unless you've *really* configured your scanning to not scan some mail. It normally scans everything. On 03/02/2011 17:00, Daniel Straka wrote: > Yesterday, we had a user receive an attached pdf containing the virus Mal/PDFEx-J. Sophos at the desktop caught it but MailScanner/Sophos did not detect it. By default, does MS allow pdf's to bypass virus scanning? > > Dan Straka > Systems Coordinator > Casper College > 307.268.2399 > http://www.caspercollege.edu > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From gregory.durham at gmail.com Thu Feb 3 19:28:04 2011 From: gregory.durham at gmail.com (Gregory Durham) Date: Thu Feb 3 19:28:14 2011 Subject: Proper installation In-Reply-To: <4D4AC761.2080209@farrows.org> References: <1974234383.3372.1296745850474.JavaMail.root@mail021.dti> <4D4AC761.2080209@farrows.org> Message-ID: Hello, Thank you for your answers. I wanted to make sure that there were no other modifications made that I did not see in the install.sh script. Therefore, i will take all of the rpms created by the install.sh script and the mailscanner rpm and install them that way in the production environment. Thanks again! -Greg On Thu, Feb 3, 2011 at 7:18 AM, Peter Farrow wrote: > On 03/02/2011 15:10, Peter Ong wrote: > > I am needing to install mailscanner on several machines of the same > hardware/os/etc. Is it possible to build all of the packages on a dev > environment and then use the resulting packages on all of the other > > Maybe you can build just one box and clone them? Clonezilla? That might be > even faster. > > p > > Or, make it a virtual machine using VMware and copy the image around.... > > P. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From danielbrunos at gmail.com Thu Feb 3 20:04:16 2011 From: danielbrunos at gmail.com (Daniel Bruno) Date: Thu Feb 3 20:04:27 2011 Subject: Filter by sender Message-ID: Hello guys, Someone knows the best way to make a filter by sender? Example: I want that the server only send messages from domainexample.com I'm using MailScanner 4.79.11 + Sendmail 8.13.8 Thanks, -- Daniel Bruno http://danielbruno.eti.br -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110203/85cb56a5/attachment.html From steve at fsl.com Thu Feb 3 20:43:21 2011 From: steve at fsl.com (Stephen Swaney) Date: Thu Feb 3 20:43:31 2011 Subject: Filter by sender In-Reply-To: References: Message-ID: Daniel, Probably better to use your sendmail to only allow relaying from domainexample.com. This would be controlled in your /etc/mail/access file. Best regards, Steve -- Steve Swaney steve@fsl.com 202 595-7760 ext: 601 www.fsl.com The most accurate and cost effective anti-spam solutions available On Feb 3, 2011, at 4:04 PM, Daniel Bruno wrote: > Hello guys, > > Someone knows the best way to make a filter by sender? > > Example: > > I want that the server only send messages from domainexample.com > > > I'm using MailScanner 4.79.11 + Sendmail 8.13.8 > > > > Thanks, > > -- > Daniel Bruno > http://danielbruno.eti.br > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110203/212a8561/attachment.html From davidj at bytesinteractive.com Thu Feb 3 21:27:41 2011 From: davidj at bytesinteractive.com (David Jourard) Date: Thu Feb 3 21:27:55 2011 Subject: Question about rejecting email Message-ID: <64D278206EBE40D487C7DA8203399985@bytes> Hi, I have mailscanner running for a while and haven't work with it for awhile. Today a customer asked me to reject email for his email address coming from email that ends in somename@somedomain.xx where xx is a particular county he is getting a lot of spam. Could someone guide me on how to create a ruleset for this request. Thank-you David J. From noel.butler at ausics.net Thu Feb 3 22:11:14 2011 From: noel.butler at ausics.net (Noel Butler) Date: Thu Feb 3 22:11:39 2011 Subject: Process did not exit cleanly. In-Reply-To: <1296697227.5882.16.camel@tardis> References: <4D1ADA82.9070002@tartan.co.za> <1296617286.10885.11.camel@tardis> <4D491CA0.60503@tradoc.fr> <1296697227.5882.16.camel@tardis> Message-ID: <1296771074.5308.1.camel@tardis> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110204/14e0a291/attachment.bin From steve.freegard at fsl.com Thu Feb 3 23:11:11 2011 From: steve.freegard at fsl.com (Steve Freegard) Date: Thu Feb 3 23:11:22 2011 Subject: Process did not exit cleanly. In-Reply-To: <1296771074.5308.1.camel@tardis> References: <4D1ADA82.9070002@tartan.co.za> <1296617286.10885.11.camel@tardis> <4D491CA0.60503@tradoc.fr> <1296697227.5882.16.camel@tardis> <1296771074.5308.1.camel@tardis> Message-ID: <4D4B360F.2@fsl.com> On 03/02/11 22:11, Noel Butler wrote: >> >> This error occurs without attachments. >> > Archive::Zip patch was applied, problem remains in 5.10.1 > If you have a message that exhibits this behavior; then put it in the incoming queue with MailScanner stopped and then run: strace MailScanner --debug &> strace.log Then pastebin the last 50 lines of strace.log; this might at least give us some sort of idea as to where things are breaking. Regards, Steve. From noel.butler at ausics.net Thu Feb 3 23:43:59 2011 From: noel.butler at ausics.net (Noel Butler) Date: Thu Feb 3 23:44:12 2011 Subject: Process did not exit cleanly. In-Reply-To: <4D4B360F.2@fsl.com> References: <4D1ADA82.9070002@tartan.co.za> <1296617286.10885.11.camel@tardis> <4D491CA0.60503@tradoc.fr> <1296697227.5882.16.camel@tardis> <1296771074.5308.1.camel@tardis> <4D4B360F.2@fsl.com> Message-ID: <1296776639.5308.9.camel@tardis> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110204/4feebb6c/attachment.bin From ssilva at sgvwater.com Fri Feb 4 00:02:05 2011 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Feb 4 00:02:28 2011 Subject: Process did not exit cleanly. In-Reply-To: <1296776639.5308.9.camel@tardis> References: <4D1ADA82.9070002@tartan.co.za> <1296617286.10885.11.camel@tardis> <4D491CA0.60503@tradoc.fr> <1296697227.5882.16.camel@tardis> <1296771074.5308.1.camel@tardis> <4D4B360F.2@fsl.com> <1296776639.5308.9.camel@tardis> Message-ID: on 2/3/2011 3:43 PM Noel Butler spake the following: > On Thu, 2011-02-03 at 23:11 +0000, Steve Freegard wrote: >> On 03/02/11 22:11, Noel Butler wrote: >> >> >> >> This error occurs without attachments. >> >> >> > Archive::Zip patch was applied, problem remains in 5.10.1 >> > >> >> If you have a message that exhibits this behavior; then put it in the >> incoming queue with MailScanner stopped and then run: >> >> strace MailScanner --debug &> strace.log >> >> Then pastebin the last 50 lines of strace.log; this might at least give >> us some sort of idea as to where things are breaking. >> > > I had already done that a long time ago, nothing appears wrong, though in > downgrading/upgrading modules in tracking this down, I should also warn > against using MIME-tools-5.500, there were changes in that, youll end up with > > Can't locate object method "config" via package "MIME::ToolUtils" (perhaps you > forgot to load "MIME::ToolUtils"?) at /opt/MailScanner/bin/MailScanner line 1471. > > So that might bite soon as well. > > I'm pretty sure that i remember Julian develops mailscanner on redhat or centos. So making the code work on the newest perl, and still work on their backported version might be a big challenge. From neil at dcdata.co.za Fri Feb 4 06:12:28 2011 From: neil at dcdata.co.za (Neil Wilson) Date: Fri Feb 4 06:12:44 2011 Subject: Blocking Fake Banking Emails In-Reply-To: <4D47BB15.9050102@dcdata.co.za> References: <4D47BB15.9050102@dcdata.co.za> Message-ID: <4D4B98CC.8090001@dcdata.co.za> Thanks to all those who replied to my email, I've changed to using the SaneSecurity signatures and these seem to be working well so far. Much appreciated. Regards. Neil Wilson. This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html From markus at markusoft.se Fri Feb 4 07:39:13 2011 From: markus at markusoft.se (Markus Nilsson) Date: Fri Feb 4 07:39:29 2011 Subject: Question about rejecting email In-Reply-To: <64D278206EBE40D487C7DA8203399985@bytes> Message-ID: <1064680.226.1296805152974.JavaMail.markus@cronlabworkstation0> Hi David, If you are using postfix, a rule with something like: smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/check_sender_access ... Where /etc/postfix/check_sender_access contains .XX 5NN We do not accept mails from the tld .XX default OK I have not tested this, but I guess something along this could achieve what you want! (If you really want it ...) Just because the sender address has some tld does not mean the mail originates from that country! BR Markus ----- Original Message ----- From: "David Jourard" To: mailscanner@lists.mailscanner.info Sent: torsdag, 3 feb 2011 22:27:41 Subject: Question about rejecting email Hi, I have mailscanner running for a while and haven't work with it for awhile. Today a customer asked me to reject email for his email address coming from email that ends in somename@somedomain.xx where xx is a particular county he is getting a lot of spam. Could someone guide me on how to create a ruleset for this request. Thank-you David J. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- CronLab scanned this message. We don't think it was spam. If it was, please report by copying this link into your browser: https://swe02.antispam.cronlab.com/mail/index.php?id=CB4784D78057.15452-&learn=spam&host=94.246.111.42 -- This message has been scanned for viruses and dangerous content by CronLab (www.cronlab.com), and is believed to be clean. From maxsec at gmail.com Fri Feb 4 10:48:04 2011 From: maxsec at gmail.com (Martin Hepworth) Date: Fri Feb 4 10:48:13 2011 Subject: Question about rejecting email In-Reply-To: <64D278206EBE40D487C7DA8203399985@bytes> References: <64D278206EBE40D487C7DA8203399985@bytes> Message-ID: Depends on the MTA for a reject.. you can create a rule in MailScanner.conf against "Is Definitely spam" so emails get discarded if to customer and from badperson - you can also overload these rules quite nicely (search on the wiki for overload) -- Martin Hepworth Oxford, UK On 3 February 2011 21:27, David Jourard wrote: > Hi, > > I have mailscanner running for a while and haven't work with it for awhile. > > Today a customer asked me to reject email for his email address coming from > email that ends in somename@somedomain.xx where xx is a particular county > he is getting a lot of spam. > > Could someone guide me on how to create a ruleset for this request. > > Thank-you > David J. > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110204/a60db391/attachment.html From ricardo at wenn.com Fri Feb 4 13:13:11 2011 From: ricardo at wenn.com (Ricardo Branco) Date: Fri Feb 4 13:13:47 2011 Subject: Signature Rule Files Message-ID: <4D4BFB67.4030502@wenn.com> Is it possible to instead of using static rule files, pass out to external scripts which return the sig file to use? We require to have different sig files for our users that are in different offices. Currently I can see that we have to make a script that creates the rule files. -- World Entertainment News Network (WENN) name, design and related marks are trademarks of World Entertainment News Network Ltd. (c)2009 All Rights Reserved. Registered No: 02792342 Place of Registration: United Kingdom Registered Office: 35 Kings Exchange, Tileyard Road, London, N7 9AH, England www.wenn.com This email is confidential and intended for the exclusive use of the addressee/s only. You should not disclose it's contents to any other person. If you are not the intended recipient please notify the sender immediately. The contents of this email are not for publication unless specifically stated. WENN does not accept liability for viruses introduced by this e-mail or attachments. From markus at markusoft.se Fri Feb 4 13:55:12 2011 From: markus at markusoft.se (Markus Nilsson) Date: Fri Feb 4 13:55:28 2011 Subject: Signature Rule Files In-Reply-To: <4D4BFB67.4030502@wenn.com> Message-ID: <21576742.288.1296827712209.JavaMail.markus@cronlabworkstation0> Creating a CustomFunction returning the sig file is one way: Here is a blog on CustomFunctions: http://blog.fupps.com/2007/03/29/mailscanner-custom-functions-a-small-tutorial/ Set the rule in the configuration file to something like: Inline HTML Signature = &TheSigFunction BR Markus ----- Original Message ----- From: "Ricardo Branco" To: mailscanner@lists.mailscanner.info Sent: fredag, 4 feb 2011 14:13:11 Subject: Signature Rule Files Is it possible to instead of using static rule files, pass out to external scripts which return the sig file to use? We require to have different sig files for our users that are in different offices. Currently I can see that we have to make a script that creates the rule files. -- World Entertainment News Network (WENN) name, design and related marks are trademarks of World Entertainment News Network Ltd. (c)2009 All Rights Reserved. Registered No: 02792342 Place of Registration: United Kingdom Registered Office: 35 Kings Exchange, Tileyard Road, London, N7 9AH, England www.wenn.com This email is confidential and intended for the exclusive use of the addressee/s only. You should not disclose it's contents to any other person. If you are not the intended recipient please notify the sender immediately. The contents of this email are not for publication unless specifically stated. WENN does not accept liability for viruses introduced by this e-mail or attachments. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- CronLab scanned this message. We don't think it was spam. If it was, please report by copying this link into your browser: https://swe02.antispam.cronlab.com/mail/index.php?id=BCF764D78041.057D2-&learn=spam&host=94.246.111.42 -- This message has been scanned for viruses and dangerous content by CronLab (www.cronlab.com), and is believed to be clean. From steve at fsl.com Fri Feb 4 14:14:45 2011 From: steve at fsl.com (Stephen Swaney) Date: Fri Feb 4 14:14:55 2011 Subject: Signature Rule Files In-Reply-To: <21576742.288.1296827712209.JavaMail.markus@cronlabworkstation0> References: <21576742.288.1296827712209.JavaMail.markus@cronlabworkstation0> Message-ID: <4D4B93B3-EFA6-4723-BA62-D4ED0BB1A13E@fsl.com> Simpler way. Search for ?signatures? in the MailScanner wiki to find: 4. Use different signatures for different domains Or follow this link: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=signature The wiki and searching the Mailscanner list archives can often save you a lot of time :) Best regards, Steve -- Steve Swaney steve@fsl.com www.fsl.com The most accurate and cost effective anti-spam solutions available On Feb 4, 2011, at 9:55 AM, Markus Nilsson wrote: > Creating a CustomFunction returning the sig file is one way: > > Here is a blog on CustomFunctions: > http://blog.fupps.com/2007/03/29/mailscanner-custom-functions-a-small-tutorial/ > > Set the rule in the configuration file to something like: > Inline HTML Signature = &TheSigFunction > > BR > Markus > > > ----- Original Message ----- > From: "Ricardo Branco" > To: mailscanner@lists.mailscanner.info > Sent: fredag, 4 feb 2011 14:13:11 > Subject: Signature Rule Files > > Is it possible to instead of using static rule files, pass out to external scripts which return the sig file to use? > > We require to have different sig files for our users that are in different offices. Currently I can see that we have to > make a script that creates the rule files. > > -- > World Entertainment News Network (WENN) name, design and related marks are trademarks of > World Entertainment News Network Ltd. (c)2009 All Rights Reserved. > > Registered No: 02792342 Place of Registration: United Kingdom > Registered Office: 35 Kings Exchange, Tileyard Road, London, N7 9AH, England > > www.wenn.com > > This email is confidential and intended for the exclusive use of the addressee/s only. > You should not disclose it's contents to any other person. If you are not the > intended recipient please notify the sender immediately. The contents of this email are > not for publication unless specifically stated. WENN does not accept liability for > viruses introduced by this e-mail or attachments. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > -- > > CronLab scanned this message. We don't think it was spam. If it was, > please report by copying this link into your browser: https://swe02.antispam.cronlab.com/mail/index.php?id=BCF764D78041.057D2-&learn=spam&host=94.246.111.42 > > > > > > -- > This message has been scanned for viruses and dangerous content by CronLab > (www.cronlab.com), and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From markus at markusoft.se Fri Feb 4 14:24:34 2011 From: markus at markusoft.se (Markus Nilsson) Date: Fri Feb 4 14:24:49 2011 Subject: Signature Rule Files In-Reply-To: <4D4B93B3-EFA6-4723-BA62-D4ED0BB1A13E@fsl.com> Message-ID: <17209993.292.1296829472307.JavaMail.markus@cronlabworkstation0> Simpler but static :) (which he didn't want) /M > > Is it possible to instead of using static rule files, pass out to > > external scripts which return the sig file to use? ----- Original Message ----- > From: "Stephen Swaney" > To: "MailScanner discussion" > Sent: fredag, 4 feb 2011 15:14:45 > Subject: Re: Signature Rule Files > Simpler way. Search for ?signatures? in the MailScanner wiki to find: > > 4. Use different signatures for different domains > > Or follow this link: > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=signature > > The wiki and searching the Mailscanner list archives can often save > you a lot of time :) > > Best regards, > > Steve > -- > Steve Swaney > steve@fsl.com > www.fsl.com > The most accurate and cost effective anti-spam solutions available > > > On Feb 4, 2011, at 9:55 AM, Markus Nilsson wrote: > > > Creating a CustomFunction returning the sig file is one way: > > > > Here is a blog on CustomFunctions: > > http://blog.fupps.com/2007/03/29/mailscanner-custom-functions-a-small-tutorial/ > > > > Set the rule in the configuration file to something like: > > Inline HTML Signature = &TheSigFunction > > > > BR > > Markus > > > > > > ----- Original Message ----- > > From: "Ricardo Branco" > > To: mailscanner@lists.mailscanner.info > > Sent: fredag, 4 feb 2011 14:13:11 > > Subject: Signature Rule Files > > > > Is it possible to instead of using static rule files, pass out to > > external scripts which return the sig file to use? > > > > We require to have different sig files for our users that are in > > different offices. Currently I can see that we have to > > make a script that creates the rule files. > > > > -- > > World Entertainment News Network (WENN) name, design and related > > marks are trademarks of > > World Entertainment News Network Ltd. (c)2009 All Rights Reserved. > > > > Registered No: 02792342 Place of Registration: United Kingdom > > Registered Office: 35 Kings Exchange, Tileyard Road, London, N7 9AH, > > England > > > > www.wenn.com > > > > This email is confidential and intended for the exclusive use of the > > addressee/s only. > > You should not disclose it's contents to any other person. If you > > are not the > > intended recipient please notify the sender immediately. The > > contents of this email are > > not for publication unless specifically stated. WENN does not accept > > liability for > > viruses introduced by this e-mail or attachments. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > > > -- > > > > CronLab scanned this message. We don't think it was spam. If it was, > > please report by copying this link into your browser: > > https://swe02.antispam.cronlab.com/mail/index.php?id=BCF764D78041.057D2-&learn=spam&host=94.246.111.42 > > > > > > > > > > > > -- > > This message has been scanned for viruses and dangerous content by > > CronLab > > (www.cronlab.com), and is believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > -- > > CronLab scanned this message. We don't think it was spam. If it was, > please report by copying this link into your browser: > https://swe02.antispam.cronlab.com/mail/index.php?id=2EAC94D78055.9E1C7-&learn=spam&host=94.246.111.42 -- This message has been scanned for viruses and dangerous content by CronLab (www.cronlab.com), and is believed to be clean. From ricardo at wenn.com Fri Feb 4 17:14:10 2011 From: ricardo at wenn.com (Ricardo Branco) Date: Fri Feb 4 17:14:54 2011 Subject: Signature Rule Files In-Reply-To: <17209993.292.1296829472307.JavaMail.markus@cronlabworkstation0> References: <17209993.292.1296829472307.JavaMail.markus@cronlabworkstation0> Message-ID: <4D4C33E2.1070502@wenn.com> thanks Markus, thats what i was looking for, guess i just `return /pathtofile` then it uses it Markus Nilsson wrote, On 04/02/2011 14:24: > Simpler but static :) > > (which he didn't want) > > /M > >>> Is it possible to instead of using static rule files, pass out to >>> external scripts which return the sig file to use? > > ----- Original Message ----- >> From: "Stephen Swaney" >> To: "MailScanner discussion" >> Sent: fredag, 4 feb 2011 15:14:45 >> Subject: Re: Signature Rule Files >> Simpler way. Search for ?signatures? in the MailScanner wiki to find: >> >> 4. Use different signatures for different domains >> >> Or follow this link: >> >> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=signature >> >> The wiki and searching the Mailscanner list archives can often save >> you a lot of time :) >> >> Best regards, >> >> Steve >> -- >> Steve Swaney >> steve@fsl.com >> www.fsl.com >> The most accurate and cost effective anti-spam solutions available >> >> >> On Feb 4, 2011, at 9:55 AM, Markus Nilsson wrote: >> >>> Creating a CustomFunction returning the sig file is one way: >>> >>> Here is a blog on CustomFunctions: >>> http://blog.fupps.com/2007/03/29/mailscanner-custom-functions-a-small-tutorial/ >>> >>> Set the rule in the configuration file to something like: >>> Inline HTML Signature =&TheSigFunction >>> >>> BR >>> Markus >>> >>> >>> ----- Original Message ----- >>> From: "Ricardo Branco" >>> To: mailscanner@lists.mailscanner.info >>> Sent: fredag, 4 feb 2011 14:13:11 >>> Subject: Signature Rule Files >>> >>> Is it possible to instead of using static rule files, pass out to >>> external scripts which return the sig file to use? >>> >>> We require to have different sig files for our users that are in >>> different offices. Currently I can see that we have to >>> make a script that creates the rule files. >>> >>> -- >>> World Entertainment News Network (WENN) name, design and related >>> marks are trademarks of >>> World Entertainment News Network Ltd. (c)2009 All Rights Reserved. >>> >>> Registered No: 02792342 Place of Registration: United Kingdom >>> Registered Office: 35 Kings Exchange, Tileyard Road, London, N7 9AH, >>> England >>> >>> www.wenn.com >>> >>> This email is confidential and intended for the exclusive use of the >>> addressee/s only. >>> You should not disclose it's contents to any other person. If you >>> are not the >>> intended recipient please notify the sender immediately. The >>> contents of this email are >>> not for publication unless specifically stated. WENN does not accept >>> liability for >>> viruses introduced by this e-mail or attachments. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> -- >>> >>> CronLab scanned this message. We don't think it was spam. If it was, >>> please report by copying this link into your browser: >>> https://swe02.antispam.cronlab.com/mail/index.php?id=BCF764D78041.057D2-&learn=spam&host=94.246.111.42 >>> >>> >>> >>> >>> >>> -- >>> This message has been scanned for viruses and dangerous content by >>> CronLab >>> (www.cronlab.com), and is believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> -- >> >> CronLab scanned this message. We don't think it was spam. If it was, >> please report by copying this link into your browser: >> https://swe02.antispam.cronlab.com/mail/index.php?id=2EAC94D78055.9E1C7-&learn=spam&host=94.246.111.42 > > > -- > This message has been scanned for viruses and dangerous content by CronLab > (www.cronlab.com), and is believed to be clean. > From sandrews at andrewscompanies.com Mon Feb 7 15:46:24 2011 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Mon Feb 7 15:46:37 2011 Subject: change rule score Message-ID: My URIBL_RHS_DOB rule only scores .28 on hits for this. Although I find it in 72_active.cf, I don't see where the score is added. I'm probably going at this the wrong way, so I thought I'd ask. I'd like the score for this to be much higher, but I'm unsure where or how to adjust. Thanks, Steve From Denis.Beauchemin at usherbrooke.ca Mon Feb 7 16:00:19 2011 From: Denis.Beauchemin at usherbrooke.ca (Beauchemin, Denis) Date: Mon Feb 7 16:02:18 2011 Subject: change rule score In-Reply-To: References: Message-ID: <1C7E4902EA98DE4487AA66F401F237F00142C60E@EPSILONX.spa.usherbrooke.ca> Steve, Look into: /var/lib/spamassassin/3.003001/updates_spamassassin_org/50_scores.cf:score URIBL_RHS_DOB 0 0.276 0 1.514 # n=0 n=2 Or the version of SA you are running. Denis Denis Beauchemin, architecte technologique Universit? de Sherbrooke, S.T.I. T: 819.821.8000 x 62252 > -----Message d'origine----- > De?: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] De la part de Steven Andrews > Envoy??: 7 f?vrier 2011 10:46 > ??: mailscanner@lists.mailscanner.info > Objet?: change rule score > > My URIBL_RHS_DOB rule only scores .28 on hits for this. Although I find it in > 72_active.cf, I don't see where the score is added. > > I'm probably going at this the wrong way, so I thought I'd ask. I'd like the > score for this to be much higher, but I'm unsure where or how to adjust. > > Thanks, > > Steve > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Feb 7 16:14:53 2011 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 7 16:15:18 2011 Subject: change rule score In-Reply-To: <1C7E4902EA98DE4487AA66F401F237F00142C60E@EPSILONX.spa.usherbrooke.ca> References: <1C7E4902EA98DE4487AA66F401F237F00142C60E@EPSILONX.spa.usherbrooke.ca> <4D501A7D.8040507@ecs.soton.ac.uk> Message-ID: You can just override the score in /etc/MailScanner/spam.assassin.prefs.conf, and then restart MailScanner. On 07/02/2011 16:00, Beauchemin, Denis wrote: > Steve, > > Look into: > /var/lib/spamassassin/3.003001/updates_spamassassin_org/50_scores.cf:score URIBL_RHS_DOB 0 0.276 0 1.514 # n=0 n=2 > > Or the version of SA you are running. > > Denis > > Denis Beauchemin, architecte technologique > Universit? de Sherbrooke, S.T.I. > T: 819.821.8000 x 62252 > > >> -----Message d'origine----- >> De : mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] De la part de Steven Andrews >> Envoy? : 7 f?vrier 2011 10:46 >> ? : mailscanner@lists.mailscanner.info >> Objet : change rule score >> >> My URIBL_RHS_DOB rule only scores .28 on hits for this. Although I find it in >> 72_active.cf, I don't see where the score is added. >> >> I'm probably going at this the wrong way, so I thought I'd ask. I'd like the >> score for this to be much higher, but I'm unsure where or how to adjust. >> >> Thanks, >> >> Steve >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From stephencoxmail at gmail.com Mon Feb 7 16:22:36 2011 From: stephencoxmail at gmail.com (Stephen Cox) Date: Mon Feb 7 16:22:47 2011 Subject: change rule score In-Reply-To: References: <4D501A7D.8040507@ecs.soton.ac.uk> <1C7E4902EA98DE4487AA66F401F237F00142C60E@EPSILONX.spa.usherbrooke.ca> Message-ID: Steven, Just like Julian said. In spam.assassin.prefs.conf add a line for a score of 2: URIBL_RHS_DOB 2 Stephen On Mon, Feb 7, 2011 at 6:14 PM, Julian Field wrote: > You can just override the score in > /etc/MailScanner/spam.assassin.prefs.conf, and then restart MailScanner. > > On 07/02/2011 16:00, Beauchemin, Denis wrote: >> >> Steve, >> >> Look into: >> /var/lib/spamassassin/3.003001/updates_spamassassin_org/50_scores.cf:score >> URIBL_RHS_DOB 0 0.276 0 1.514 # n=0 n=2 >> >> Or the version of SA you are running. >> >> Denis >> >> Denis Beauchemin, architecte technologique >> Universit? de Sherbrooke, S.T.I. >> T: 819.821.8000 x 62252 >> >> >>> -----Message d'origine----- >>> De : mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] De la part de Steven Andrews >>> Envoy? : 7 f?vrier 2011 10:46 >>> ? : mailscanner@lists.mailscanner.info >>> Objet : change rule score >>> >>> My URIBL_RHS_DOB rule only scores .28 on hits for this. ?Although I find >>> it in >>> 72_active.cf, I don't see where the score is added. >>> >>> I'm probably going at this the wrong way, so I thought I'd ask. ?I'd like >>> the >>> score for this to be much higher, but I'm unsure where or how to adjust. >>> >>> Thanks, >>> >>> Steve >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > Need help customising MailScanner? Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM > > 'All programs have a desire to be useful' - Tron, 1982 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Stephen Cox From bonivart at opencsw.org Mon Feb 7 16:05:41 2011 From: bonivart at opencsw.org (Peter Bonivart) Date: Mon Feb 7 16:44:03 2011 Subject: change rule score In-Reply-To: References: Message-ID: On Mon, Feb 7, 2011 at 4:46 PM, Steven Andrews wrote: > My URIBL_RHS_DOB rule only scores .28 on hits for this. ?Although I find it in 72_active.cf, I don't see where the score is added. All scores are set in 50_scores.cf: 50_scores.cf:score URIBL_RHS_DOB 0 0.276 0 1.514 # n=0 n=2 But you should not adjust anything since it will be overwritten anyway. Use a .cf-file in /etc/mail/spamassassin instead, either a new one or, e.g., local.cf or mailscanner.cf. /peter From sandrews at andrewscompanies.com Mon Feb 7 17:03:51 2011 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Mon Feb 7 17:04:02 2011 Subject: change rule score In-Reply-To: References: <4D501A7D.8040507@ecs.soton.ac.uk> <1C7E4902EA98DE4487AA66F401F237F00142C60E@EPSILONX.spa.usherbrooke.ca> Message-ID: Gracias for showing me where it's actually scored at and the correct way to override. Steve -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Stephen Cox Sent: Monday, February 07, 2011 11:23 AM To: MailScanner discussion Subject: Re: change rule score Steven, Just like Julian said. In spam.assassin.prefs.conf add a line for a score of 2: URIBL_RHS_DOB 2 Stephen On Mon, Feb 7, 2011 at 6:14 PM, Julian Field wrote: > You can just override the score in > /etc/MailScanner/spam.assassin.prefs.conf, and then restart MailScanner. > > On 07/02/2011 16:00, Beauchemin, Denis wrote: >> >> Steve, >> >> Look into: >> /var/lib/spamassassin/3.003001/updates_spamassassin_org/50_scores.cf: >> score URIBL_RHS_DOB 0 0.276 0 1.514 # n=0 n=2 >> >> Or the version of SA you are running. >> >> Denis >> >> Denis Beauchemin, architecte technologique Universit? de Sherbrooke, >> S.T.I. >> T: 819.821.8000 x 62252 >> >> >>> -----Message d'origine----- >>> De : mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] De la part de Steven Andrews Envoy? >>> : 7 f?vrier 2011 10:46 ? : mailscanner@lists.mailscanner.info >>> Objet : change rule score >>> >>> My URIBL_RHS_DOB rule only scores .28 on hits for this. Although I >>> find it in 72_active.cf, I don't see where the score is added. >>> >>> I'm probably going at this the wrong way, so I thought I'd ask. I'd >>> like the score for this to be much higher, but I'm unsure where or >>> how to adjust. >>> >>> Thanks, >>> >>> Steve >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store Need help > customising MailScanner? Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM > > 'All programs have a desire to be useful' - Tron, 1982 > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Stephen Cox -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From bbecken at aafp.org Mon Feb 7 17:07:01 2011 From: bbecken at aafp.org (Brad Beckenhauer) Date: Mon Feb 7 17:07:24 2011 Subject: Kaspersky 8.0.0 for File Servers Message-ID: Has anyone implemented version 8.0.0 or newer on Linux / MailScanner and care to share the -wrapper for it. file: kav4fs-8.0.0-136.i386.rpm Kaspersky's new version is *very* different and it is not a simple drop in replacement of the Kaspersky 5.5 and earlier versions. Example command to scan the /tmp directory: ./kav4fs-control --action Skip --scan-file /tmp Objects scanned: 65 Threats found: 0 Riskware found: 0 Infected: 0 Suspicious: 0 Cured: 0 Moved to quarantine: 0 Removed: 0 Not cured: 0 Scan errors: 0 Password protected: 0 Corrupted: 0 thanks Brad From mejaz at cyberia.net.sa Mon Feb 7 19:12:21 2011 From: mejaz at cyberia.net.sa (Ejaz) Date: Mon Feb 7 19:15:01 2011 Subject: please help Message-ID: <9DAFF6BAA1BE48349529029EBEA154FE@EJAZ> _____ From: Ejaz [mailto:mejaz@cyberia.net.sa] Sent: Monday, February 07, 2011 10:12 PM To: 'mailscanner@lists.mailscanner.info' Subject: please help Hello, Lately I configured postfix and mailscanner, just to test I am trying to send test emails message but didn't go through, any one please look into this . Thanks in advance. .. I found below entries in my /var/log/maillog Feb 7 22:04:11 mbxcyb12 MailScanner[14799]: Expanding TNEF archive at /var/spool/MailScanner/incoming/14799/CF55D322807A.A1FD1/winmail.dat Feb 7 22:04:11 mbxcyb12 MailScanner[14799]: Message CF55D322807A.A1FD1 has had TNEF winmail.dat removed Regards, __________________ Mohammed Ejaz Sr,Systems Administrator Middle East Internet Company (CYBERIA) Riyadh, Saudi Arabia Phone: +966-1-4647114 Ext: 140 Mobile +966-562311787 Fax: +966-1-4654735 E-mail: mejaz@cyberia.net.sa -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110207/5c7e58f6/attachment.html From peter at farrows.org Mon Feb 7 19:20:09 2011 From: peter at farrows.org (Peter Farrow) Date: Mon Feb 7 19:20:22 2011 Subject: please help In-Reply-To: <9DAFF6BAA1BE48349529029EBEA154FE@EJAZ> References: <9DAFF6BAA1BE48349529029EBEA154FE@EJAZ> Message-ID: <4D5045E9.3020407@farrows.org> On 07/02/2011 19:12, Ejaz wrote: > > ------------------------------------------------------------------------ > > *From:*Ejaz [mailto:mejaz@cyberia.net.sa] > *Sent:* Monday, February 07, 2011 10:12 PM > *To:* 'mailscanner@lists.mailscanner.info' > *Subject:* please help > > Hello, > > Lately I configured postfix and mailscanner, just to test I am trying > to send test emails message but didn't go through, any one please > look into this . Thanks in advance. .. > > I found below entries in my /var/log/maillog > > Feb 7 22:04:11 mbxcyb12 MailScanner[14799]: Expanding TNEF archive at > /var/spool/MailScanner/incoming/14799/CF55D322807A.A1FD1/winmail.dat > > Feb 7 22:04:11 mbxcyb12 MailScanner[14799]: Message > CF55D322807A.A1FD1 has had TNEF winmail.dat removed > > Regards, > __________________ > Mohammed Ejaz > Sr,Systems Administrator > Middle East Internet Company (CYBERIA) > Riyadh, Saudi Arabia > Phone: +966-1-4647114 Ext: 140 > Mobile +966-562311787 > Fax: +966-1-4654735 > E-mail: mejaz@cyberia.net.sa > > Winmail.dat is the Outlook virus by any other name and should be removed in all circumstances.... no really... it should. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110207/f6cee67d/attachment.html From nsnidanko at harperpowerproducts.com Mon Feb 7 19:26:29 2011 From: nsnidanko at harperpowerproducts.com (Naz Snidanko) Date: Mon Feb 7 19:26:41 2011 Subject: please help References: <9DAFF6BAA1BE48349529029EBEA154FE@EJAZ> Message-ID: <5C4A6241B56FDB48A0AC6AC13CA9FB05010AE167@tor_nt01.harperdda.com> Hi Ejaz, Please set the following in MailScanner.conf Expand TNEF = no and don't forget to restart mailscanner. Regards, Naz Snidanko Desktop & Network Support Harper Power Products Inc. (p) 416 201- 7506 nsnidanko@harperpowerproducts.com _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ejaz Sent: February 7, 2011 2:12 PM To: 'Ejaz'; mailscanner@lists.mailscanner.info Subject: RE: please help _____ From: Ejaz [mailto:mejaz@cyberia.net.sa] Sent: Monday, February 07, 2011 10:12 PM To: 'mailscanner@lists.mailscanner.info' Subject: please help Hello, Lately I configured postfix and mailscanner, just to test I am trying to send test emails message but didn't go through, any one please look into this . Thanks in advance. .. I found below entries in my /var/log/maillog Feb 7 22:04:11 mbxcyb12 MailScanner[14799]: Expanding TNEF archive at /var/spool/MailScanner/incoming/14799/CF55D322807A.A1FD1/winmail.dat Feb 7 22:04:11 mbxcyb12 MailScanner[14799]: Message CF55D322807A.A1FD1 has had TNEF winmail.dat removed Regards, __________________ Mohammed Ejaz Sr,Systems Administrator Middle East Internet Company (CYBERIA) Riyadh, Saudi Arabia Phone: +966-1-4647114 Ext: 140 Mobile +966-562311787 Fax: +966-1-4654735 E-mail: mejaz@cyberia.net.sa -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110207/b012d41a/attachment.html From alex at rtpty.com Mon Feb 7 19:37:52 2011 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Mon Feb 7 19:40:14 2011 Subject: please help In-Reply-To: <5C4A6241B56FDB48A0AC6AC13CA9FB05010AE167@tor_nt01.harperdda.com> References: <9DAFF6BAA1BE48349529029EBEA154FE@EJAZ><5C4A6241B56FDB48A0AC6AC13CA9FB05010AE167@tor_nt01.harperdda.com> Message-ID: <20859906-1297107602-cardhu_decombobulator_blackberry.rim.net-76042215-@bda953.bisx.prod.on.blackberry> On a similar note, he might as well set "scan messages" to no! ;-) -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 +1-440-253-9789 (USA) Recuerda visitar http://vidadigital.com.pa/ BB PIN 20EA17C5 Twitter: @AlexNeuman - @VidaDigitalTV http://facebook.com/vidadigital Skype: alexneuman -----Original Message----- From: "Naz Snidanko" Sender: mailscanner-bounces@lists.mailscanner.info Date: Mon, 7 Feb 2011 14:26:29 To: MailScanner discussion Reply-To: MailScanner discussion Subject: RE: please help -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mejaz at cyberia.net.sa Mon Feb 7 19:54:55 2011 From: mejaz at cyberia.net.sa (Ejaz) Date: Mon Feb 7 19:57:36 2011 Subject: please help In-Reply-To: <20859906-1297107602-cardhu_decombobulator_blackberry.rim.net-76042215-@bda953.bisx.prod.on.blackberry> References: <9DAFF6BAA1BE48349529029EBEA154FE@EJAZ><5C4A6241B56FDB48A0AC6AC13CA9FB05010AE167@tor_nt01.harperdda.com> <20859906-1297107602-cardhu_decombobulator_blackberry.rim.net-76042215-@bda953.bisx.prod.on.blackberry> Message-ID: Thanks for the quick reply, Many thanks for your help, I followed as suggested but still the same message didn't process Here are the logs snippets Feb 7 22:49:15 mbxcyb12 postfix/smtpd[15665]: connect from unknown[212.119.65.13] Feb 7 22:49:15 mbxcyb12 postfix/smtpd[15665]: 1E3D6322807B: client=unknown[212.119.65.13] Feb 7 22:49:15 mbxcyb12 postfix/cleanup[15670]: 1E3D6322807B: hold: header Received: from EJAZ (unknown [212.119.65.13])??by mbxcyb12.localdomain (Postfix) with ESMTP id 1E3D6322807B??for ; Mon, 7 Feb 2011 22:49:15 +0300 (AST) from unknown[212.119.65.13]; from= to= proto=ESMTP helo= Feb 7 22:49:15 mbxcyb12 postfix/cleanup[15670]: 1E3D6322807B: message-id=<33B3E6C0D26B4BD28E6A8DF4F3BED557@EJAZ> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans Sent: Monday, February 07, 2011 10:38 PM To: MailScanner discussion Subject: Re: please help On a similar note, he might as well set "scan messages" to no! ;-) -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 +1-440-253-9789 (USA) Recuerda visitar http://vidadigital.com.pa/ BB PIN 20EA17C5 Twitter: @AlexNeuman - @VidaDigitalTV http://facebook.com/vidadigital Skype: alexneuman -----Original Message----- From: "Naz Snidanko" Sender: mailscanner-bounces@lists.mailscanner.info Date: Mon, 7 Feb 2011 14:26:29 To: MailScanner discussion Reply-To: MailScanner discussion Subject: RE: please help -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110207/3aeb41d1/attachment.html From prandal at herefordshire.gov.uk Mon Feb 7 22:43:18 2011 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Feb 7 22:43:37 2011 Subject: FW: [Clamav-announce] announcing ClamAV 0.97 Message-ID: <7CA580B59C1ABD45B4614ED90D4C7B852CF10352@HC-EXMBX02.herefordshire.gov.uk> Dear ClamAV users, ClamAV 0.97 brings many improvements, including complete Windows support (all major components compile out-of-box under Visual Studio), support for signatures based on SHA1 and SHA256, better error detection, as well as speed and memory optimizations. The complete list of changes is available in the ChangeLog file. For upgrade notes and tips please see: https://wiki.clamav.net/Main/UpgradeNotes097 Download : http://downloads.sourceforge.net/clamav/clamav-0.97.tar.gz PGP sig : http://downloads.sourceforge.net/clamav/clamav-0.97.tar.gz.sig Bugfixes : http://www.clamav.net/release-info/bugs/0.97 ChangeLog: http://www.clamav.net/release-info/changelog/0.97 With Sourcefire, Inc. acquisition of Immunet Corp., ClamAV for Windows 3.0 has been renamed Immunet 3.0, powered by ClamAV. This release contains the fully integrated LibClamAV 0.97 engine for offline, OnDemand, and OnAccess scanning. Immunet 3.0 users can now utilize the full power of the LibClamAV engine, all the ClamAV signatures, and creation of custom signatures on any platform running Immunet 3.0, powered by ClamAV. If you run Windows systems in your environment and need an AV solution to protect them, give Immunet 3.0, powered by ClamAV a try; you can download it from http://www.clamav.net/about/win32 -- The ClamAV team (http://www.clamav.net/team) -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. You should be aware that Herefordshire Council monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From katek at rheel.co.nz Mon Feb 7 23:10:05 2011 From: katek at rheel.co.nz (katek@rheel.co.nz) Date: Mon Feb 7 23:28:07 2011 Subject: DATA command query Message-ID: <0CC337FC1B9244FCA1B1CC5ECAB9F9CA.MAI@rheelweb.co.nz> Hi all, The problem I have is that we are running MailEnable but using MailScanner/postfix/spamassassin as our mail gateway. This is for use with MAPI When MailEnable sends through the MailScanner machine it issues a DATA XSAVETOSENT command which (when telnetted in) results in a 401 4.5.4 Syntax:DATA error I have looked at the postfix configuration variables and haven't found anything that I can see will allow the XSAVETOSENT command through. Does anyone have any idea how I could get the XSAVETOSENT command to accepted? Thanks Kate From peter.ong at hypermediasystems.com Mon Feb 7 23:44:50 2011 From: peter.ong at hypermediasystems.com (Peter Ong) Date: Mon Feb 7 23:45:01 2011 Subject: DATA command query In-Reply-To: <0CC337FC1B9244FCA1B1CC5ECAB9F9CA.MAI@rheelweb.co.nz> Message-ID: <2131432006.8302.1297122290738.JavaMail.root@mail021.dti> Have no idea what xsavetosent is, and at the time I googled this, there was nothing on it but this http://www.mailenable.com/enterprise-releasenotes.txt IMP: SMTP provides new XSAVETOSENT verb so that MAPI clients have fewer problems with intermediary SMTP proxies. This will require the V1.35 MAPI client in order to function Not even postfix's website had anything on this "verb". Is there a way to tell MailEnable to treat postfix just like a regular SMTP server, no xsavetosent etc? From katek at rheel.co.nz Tue Feb 8 01:20:50 2011 From: katek at rheel.co.nz (katek@rheel.co.nz) Date: Tue Feb 8 01:30:38 2011 Subject: DATA command query Message-ID: <050741DDCAA841FA849916A5E1B6FC07.MAI@rheelweb.co.nz> XSAVETOSENT is some special verb that mailenable sends to allow the syncing of the sent items in outlook to the web interface (via the MAPI client) If we don't use MAPI then mail enable won't use the XSAVETOSENT verb, but we do need to use MAPI. I really need postfix to accept the XSAVETOSENT in the data command so that MailEnable can sync correctly. Thanks for your assistance. Kate From davidj at bytesinteractive.com Tue Feb 8 03:19:48 2011 From: davidj at bytesinteractive.com (David Jourard) Date: Tue Feb 8 04:19:49 2011 Subject: Question about rejecting email In-Reply-To: References: <64D278206EBE40D487C7DA8203399985@bytes> Message-ID: <478A58F3EA314EA895ADF98E9AAB531B@bytes> Hi, Thanks for your help. I created a file called spam.blacklist.rules I added a rule like so just to test it out From: exampleemail98234@gmail.com and To: *@myemailaddress.com yes I updated the MailScanner.conf file setting the Is Definitely Spam = %rules-dir%/spam.blacklist.rules I then sent an email from my gmail account to a specific address which is mine to see if it would indicate that it was spam. It came in and not marked. The thing is I actually want it to reject it or delete it but when I set delete as the value in the rules file I get an error message from MailScanner. Syntax error in line 1 of ruleset file /etc/MailScanner/rules/spam.blacklist.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2444 Thanks for any help. BTW the MTA is postfix Thanks David j. _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: February 4, 2011 5:48 AM To: MailScanner discussion Subject: Re: Question about rejecting email Depends on the MTA for a reject.. you can create a rule in MailScanner.conf against "Is Definitely spam" so emails get discarded if to customer and from badperson - you can also overload these rules quite nicely (search on the wiki for overload) -- Martin Hepworth Oxford, UK On 3 February 2011 21:27, David Jourard wrote: Hi, I have mailscanner running for a while and haven't work with it for awhile. Today a customer asked me to reject email for his email address coming from email that ends in somename@somedomain.xx where xx is a particular county he is getting a lot of spam. Could someone guide me on how to create a ruleset for this request. Thank-you David J. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110207/2eb90be4/attachment-0001.html From maxsec at gmail.com Tue Feb 8 06:37:09 2011 From: maxsec at gmail.com (Martin Hepworth) Date: Tue Feb 8 06:37:19 2011 Subject: DATA command query In-Reply-To: <050741DDCAA841FA849916A5E1B6FC07.MAI@rheelweb.co.nz> References: <050741DDCAA841FA849916A5E1B6FC07.MAI@rheelweb.co.nz> Message-ID: This hasn't anything to do with mailscanner but is to do with postfix. The guys you need are on the postfix list.... Ask there Martin On Tuesday, 8 February 2011, wrote: > XSAVETOSENT is some special verb that mailenable sends to allow the syncing of the sent items in outlook to the web interface (via the MAPI client) > If we don't use MAPI then mail enable won't use the XSAVETOSENT verb, but we do need to use MAPI. > I really need postfix to accept the XSAVETOSENT in the data command so that MailEnable can sync correctly. > > Thanks for your assistance. > Kate > > -- -- Martin Hepworth Oxford, UK From glenn.steen at gmail.com Tue Feb 8 15:57:05 2011 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 8 15:57:16 2011 Subject: DATA command query In-Reply-To: <050741DDCAA841FA849916A5E1B6FC07.MAI@rheelweb.co.nz> References: <050741DDCAA841FA849916A5E1B6FC07.MAI@rheelweb.co.nz> Message-ID: Sounds like postfix/mailscanner sit between your outlook clients and your mailstore... The verb would only be meaningful to your mailstore, afaics, and likely will not survive through any relays (like your postfix bastion). Dimply don't do that;-) Cheers -- -- Glenn Den 8 feb 2011 02.36, skrev: XSAVETOSENT is some special verb that mailenable sends to allow the syncing of the sent items in outlook to the web interface (via the MAPI client) If we don't use MAPI then mail enable won't use the XSAVETOSENT verb, but we do need to use MAPI. I really need postfix to accept the XSAVETOSENT in the data command so that MailEnable can sync correctly. Thanks for your assistance. Kate -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110208/0decbf37/attachment.html From glenn.steen at gmail.com Tue Feb 8 16:38:10 2011 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 8 16:38:21 2011 Subject: DATA command query In-Reply-To: References: <050741DDCAA841FA849916A5E1B6FC07.MAI@rheelweb.co.nz> Message-ID: Typo galore... Simply don't do that is what it should have said:-) Btw, Martin is right, this is not relevant to mailscanner other than in the most tangential of ways. -- -- Glenn Den 8 feb 2011 16.57, "Glenn Steen" skrev: Sounds like postfix/mailscanner sit between your outlook clients and your mailstore... The verb would only be meaningful to your mailstore, afaics, and likely will not survive through any relays (like your postfix bastion). Dimply don't do that;-) Cheers -- -- Glenn Den 8 feb 2011 02.36, skrev: > > XSAVETOSENT is some special verb that mailenable sends to allow the syncing of the sent items i... -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mai... -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110208/712aa663/attachment.html From glenn.steen at gmail.com Tue Feb 8 16:42:59 2011 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 8 16:43:08 2011 Subject: please help In-Reply-To: References: <9DAFF6BAA1BE48349529029EBEA154FE@EJAZ> <5C4A6241B56FDB48A0AC6AC13CA9FB05010AE167@tor_nt01.harperdda.com> <20859906-1297107602-cardhu_decombobulator_blackberry.rim.net-76042215-@bda953.bisx.prod.on.blackberry> Message-ID: Where are the msilscanner logs? Have you even run a basic lint or debug run? Den 7 feb 2011 21.01, "Ejaz" skrev: Thanks for the quick reply, Many thanks for your help, I followed as suggested but still the same message didn't process Here are the logs snippets Feb 7 22:49:15 mbxcyb12 postfix/smtpd[15665]: connect from unknown[212.119.65.13] Feb 7 22:49:15 mbxcyb12 postfix/smtpd[15665]: 1E3D6322807B: client=unknown[212.119.65.13] Feb 7 22:49:15 mbxcyb12 postfix/cleanup[15670]: 1E3D6322807B: hold: header Received: from EJAZ (unknown [212.119.65.13])??by mbxcyb12.localdomain (Postfix) with ESMTP id 1E3D6322807B??for ; Mon, 7 Feb 2011 22:49:15 +0300 (AST) from unknown[212.119.65.13]; from=< mejaz@cyberia.net.sa> to= proto=ESMTP helo= Feb 7 22:49:15 mbxcyb12 postfix/cleanup[15670]: 1E3D6322807B: message-id=<33B3E6C0D26B4BD28E6A8DF4F3BED557@EJAZ> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscan... -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110208/293d8091/attachment.html From steve.freegard at fsl.com Tue Feb 8 18:51:59 2011 From: steve.freegard at fsl.com (Steve Freegard) Date: Tue Feb 8 18:52:12 2011 Subject: Greylisting whitepaper Message-ID: <4D5190CF.7010701@fsl.com> Hi all, I already posted this to the SA list; but thought it might be interesting to those here that don't subscribe to the SA list. I recently did some investigation on the continued effectiveness of greylisting some 8 years after it was first suggested. Here is the result: http://www.fsl.com/index.php/resources/whitepapers/99 Kind regards, Steve. From katek at rheel.co.nz Tue Feb 8 19:13:38 2011 From: katek at rheel.co.nz (katek@rheel.co.nz) Date: Tue Feb 8 19:13:27 2011 Subject: DATA command query Message-ID: <4CE13342422548888859156CB2137FF7.MAI@rheelweb.co.nz> Hi all, Thanks for your assistance. I realise it is more a postfix issue and I did try getting on the list but couldn't get it to accept my list request so I was hoping someone on the MailScanner list would also be using postfix as part of their MailScanner installation like I am. Yes the postfix/mailscanner sits between the outlook client and the mailstore as it is our smtp server and the mail store (running mailenable) uses it to send through as well. When you say simply don't do it - do you mean don't pass the verb through or don't use the MailScanner machine as the smtp? Thanks Kate From glenn.steen at gmail.com Tue Feb 8 21:03:26 2011 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 8 21:03:37 2011 Subject: DATA command query In-Reply-To: <4CE13342422548888859156CB2137FF7.MAI@rheelweb.co.nz> References: <4CE13342422548888859156CB2137FF7.MAI@rheelweb.co.nz> Message-ID: I would do either... Either don't pass the verb to postfix (and then accept that the sent mail isn't saved in the sent items folder on the mailstore), or see to it that the outlook clients talk directly with the mailstore (which understand the verb). In the latter case, see to it that the mailstore passes outgoing messages through mailscanner, for av if nothing else, and set up some other method of av-scanning the mailstore (or rely on clientside av). Hope that clears up any confusion:-) Cheers -- -- Glenn Den 8 feb 2011 20.17, skrev: Hi all, Thanks for your assistance. I realise it is more a postfix issue and I did try getting on the list but couldn't get it to accept my list request so I was hoping someone on the MailScanner list would also be using postfix as part of their MailScanner installation like I am. Yes the postfix/mailscanner sits between the outlook client and the mailstore as it is our smtp server and the mail store (running mailenable) uses it to send through as well. When you say simply don't do it - do you mean don't pass the verb through or don't use the MailScanner machine as the smtp? Thanks Kate -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110208/a0d57457/attachment.html From maxsec at gmail.com Tue Feb 8 21:03:30 2011 From: maxsec at gmail.com (Martin Hepworth) Date: Tue Feb 8 21:03:39 2011 Subject: DATA command query In-Reply-To: <4CE13342422548888859156CB2137FF7.MAI@rheelweb.co.nz> References: <4CE13342422548888859156CB2137FF7.MAI@rheelweb.co.nz> Message-ID: Depends on how your data flows - but perceived wisdom today is not for mail clients (MUAs) to access mailservers via SMTP on port25 but another port such as 587, This way you can separate and apply different controls for MUA to MTA's very easily. eg MUA must authenticate and talk SSL. Also perhaps MUA traffic isn't scanned for spam but still viruses. Also if your outlook and mailserver are on the internal network and Mailscanner isn't on the mailserver machine why not just have the outlook clients talk directly to the mailserver? -- Martin Hepworth Oxford, UK On 8 February 2011 19:13, wrote: > Hi all, > > Thanks for your assistance. I realise it is more a postfix issue and I did > try getting on the list but couldn't get it to accept my list request so I > was hoping someone on the MailScanner list would also be using postfix as > part of their MailScanner installation like I am. Yes the > postfix/mailscanner sits between the outlook client and the mailstore as it > is our smtp server and the mail store (running mailenable) uses it to send > through as well. > When you say simply don't do it - do you mean don't pass the verb through > or don't use the MailScanner machine as the smtp? > > Thanks > Kate > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110208/ec5d78dd/attachment.html From peter.ong at hypermediasystems.com Tue Feb 8 21:17:39 2011 From: peter.ong at hypermediasystems.com (Peter Ong) Date: Tue Feb 8 21:17:49 2011 Subject: DATA command query In-Reply-To: <4CE13342422548888859156CB2137FF7.MAI@rheelweb.co.nz> Message-ID: <261266703.310.1297199858996.JavaMail.root@mail021.dti> > Thanks for your assistance. I realise it is more a postfix issue and I > did try getting on the list but couldn't get it to accept my list > request so I was hoping someone on the MailScanner list would also be > using postfix as part of their MailScanner installation like I am. Yes > the postfix/mailscanner sits between the outlook client and the > mailstore as it is our smtp server and the mail store (running > mailenable) uses it to send through as well. > When you say simply don't do it - do you mean don't pass the verb > through or don't use the MailScanner machine as the smtp? You have to figure that if postfix is crying about this, wouldn't other MTAs do the same? I'm thinking postfix is your smartrelay, but the other threads suggest otherwise. I now realize this is impossible to fix over email. Please send me a plane ticket and I will happily fly to New Zealand to help you with your email server issues. p From glenn.steen at gmail.com Tue Feb 8 21:43:36 2011 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 8 21:43:45 2011 Subject: Greylisting whitepaper In-Reply-To: <4D5190CF.7010701@fsl.com> References: <4D5190CF.7010701@fsl.com> Message-ID: Great stuff Steve! There are a small number of punctuation errors ... and perhaps some places where you start one sentence and then kind of end with another... But apart from those very minor flaws... Very nice indeed;-) Thank you. -- -- Glenn Den 8 feb 2011 19.57, "Steve Freegard" skrev: Hi all, I already posted this to the SA list; but thought it might be interesting to those here that don't subscribe to the SA list. I recently did some investigation on the continued effectiveness of greylisting some 8 years after it was first suggested. Here is the result: http://www.fsl.com/index.php/resources/whitepapers/99 Kind regards, Steve. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110208/fb3167d2/attachment.html From glenn.steen at gmail.com Tue Feb 8 21:47:05 2011 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 8 21:47:15 2011 Subject: DATA command query In-Reply-To: <261266703.310.1297199858996.JavaMail.root@mail021.dti> References: <4CE13342422548888859156CB2137FF7.MAI@rheelweb.co.nz> <261266703.310.1297199858996.JavaMail.root@mail021.dti> Message-ID: Can i has plane ticket too?:-) Den 8 feb 2011 22.20, "Peter Ong" skrev: > Thanks for your assistance. I realise it is more a postfix issue and I > did try getting on the li... You have to figure that if postfix is crying about this, wouldn't other MTAs do the same? I'm thinking postfix is your smartrelay, but the other threads suggest otherwise. I now realize this is impossible to fix over email. Please send me a plane ticket and I will happily fly to New Zealand to help you with your email server issues. p -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/li... -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110208/bab97bd0/attachment.html From maillists at conactive.com Wed Feb 9 10:31:17 2011 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Feb 9 10:31:32 2011 Subject: New beta release In-Reply-To: References: <4D455ECB.3060407@ecs.soton.ac.uk> Message-ID: Jules Field wrote on Sun, 30 Jan 2011 12:51:23 +0000: > I have just released 4.82.4 beta, which contains a few more bug-fixes > and 1 or 2 minor feature improvements. Jules, I installed it yesterday on CentOS 5 and so far everything is fine, the update was a complete non-issue. (update was from the latest release in the changelog before this one.) All the best to you and take care of your health! Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From richard at fastnet.co.uk Wed Feb 9 14:13:42 2011 From: richard at fastnet.co.uk (Richard Mealing) Date: Wed Feb 9 14:14:20 2011 Subject: SA OT, sorry! Message-ID: Hi Everyone, Sorry this is OT, but does anyone know why all of BT's IP address are coming up with this in SA? RCVD_ILLEGAL_IP 3.40 IP for BT is: 62.239.224.234 or one of them. I've seen this with so many BT IP addresses now. Does anyone else see this? Thanks, Richard Mealing -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110209/e81a8124/attachment.html From ka at pacific.net Wed Feb 9 14:37:56 2011 From: ka at pacific.net (Ken A) Date: Wed Feb 9 14:38:08 2011 Subject: SA OT, sorry! In-Reply-To: References: Message-ID: <4D52A6C4.7040009@pacific.net> It checks all received headers, so look for things like 223/8, although that was allocated recently. I set score "RCVD_ILLEGAL_IP 0" a long time ago, since some networks have previously used these unallocated or reserved IPs internally, instead of rfc 1918 space. Ken On 2/9/2011 8:13 AM, Richard Mealing wrote: > Hi Everyone, > > Sorry this is OT, but does anyone know why all of BT's IP address are coming up with this in SA? > > RCVD_ILLEGAL_IP 3.40 > > IP for BT is: 62.239.224.234 or one of them. I've seen this with so many BT IP addresses now. Does anyone else see this? > > Thanks, > > Richard Mealing > > -- Ken Anderson Pacific Internet - http://www.pacific.net From Dominique.Marant at univ-lille1.fr Thu Feb 10 08:48:42 2011 From: Dominique.Marant at univ-lille1.fr (Dominique Marant) Date: Thu Feb 10 08:48:58 2011 Subject: Install / Compress-Zlib error Message-ID: <4D53A66A.20100@univ-lille1.fr> Hi, Install mailscanner : After installed successfully Compress-Raw-Zlib-2.027 I get an error with install of Compress-Zlib-1.41 # make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/01version.....ok t/02zlib........FAILED tests 35-37, 43-45, 51-53, 60, 62, 64 Failed 12/239 tests, 94.98% okay t/03examples....FAILED test 6 Failed 1/16 tests, 93.75% okay t/04encoding....ok t/05gzsetp......ok t/06gzdopen.....ok Failed Test Stat Wstat Total Fail List of Failed ------------------------------------------------------------------------------- t/02zlib.t 239 12 35-37 43-45 51-53 60 62 64 t/03examples.t 16 1 6 Failed 2/6 test scripts. 13/305 subtests failed. Files=6, Tests=305, 0 wallclock secs ( 0.37 cusr + 0.04 csys = 0.41 CPU) Failed 2/6 test programs. 13/305 subtests failed. make: *** [test_dynamic] Erreur 255 Thanks for your help From MailScanner at ecs.soton.ac.uk Fri Feb 11 13:56:53 2011 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 11 13:57:15 2011 Subject: Install / Compress-Zlib error In-Reply-To: <4D53A66A.20100@univ-lille1.fr> References: <4D53A66A.20100@univ-lille1.fr> <4D554025.8050109@ecs.soton.ac.uk> Message-ID: You need the "zlib" library installed first. On 10/02/2011 08:48, Dominique Marant wrote: > Hi, > > Install mailscanner : > > After installed successfully Compress-Raw-Zlib-2.027 > > I get an error with install of Compress-Zlib-1.41 > > # make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/01version.....ok > t/02zlib........FAILED tests 35-37, 43-45, 51-53, 60, 62, 64 > Failed 12/239 tests, 94.98% okay > t/03examples....FAILED test 6 > Failed 1/16 tests, 93.75% okay > t/04encoding....ok > t/05gzsetp......ok > t/06gzdopen.....ok > Failed Test Stat Wstat Total Fail List of Failed > ------------------------------------------------------------------------------- > > t/02zlib.t 239 12 35-37 43-45 51-53 60 62 64 > t/03examples.t 16 1 6 > Failed 2/6 test scripts. 13/305 subtests failed. > Files=6, Tests=305, 0 wallclock secs ( 0.37 cusr + 0.04 csys = 0.41 > CPU) > Failed 2/6 test programs. 13/305 subtests failed. > make: *** [test_dynamic] Erreur 255 > > Thanks for your help > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Feb 11 13:58:21 2011 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 11 13:58:45 2011 Subject: New beta release In-Reply-To: References: <4D455ECB.3060407@ecs.soton.ac.uk> <4D55407D.50303@ecs.soton.ac.uk> Message-ID: On 09/02/2011 10:31, Kai Schaetzl wrote: > Jules Field wrote on Sun, 30 Jan 2011 12:51:23 +0000: > >> I have just released 4.82.4 beta, which contains a few more bug-fixes >> and 1 or 2 minor feature improvements. > Jules, I installed it yesterday on CentOS 5 and so far everything is fine, > the update was a complete non-issue. (update was from the latest release > in the changelog before this one.) Thanks for that. Stable release coming up after these important messages... > All the best to you and take care of your health! Thanks! Weight is right down at the moment (118 pounds) but I'm starting trying to fix that. Not too good at this whole "eating" thing. :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Feb 11 14:27:36 2011 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 11 14:27:58 2011 Subject: MailScanner ANNOUNCE: 4.82 stable released References: <4D554758.1070605@ecs.soton.ac.uk> Message-ID: Folks, I have just released a new stable edition of MailScanner, version 4.82.6. This is identical to the recent beta version 4.82.5. The main new feature is in filename.rules.conf and filetype.rules.conf configuration files. As well as the previous "allow", "deny" and "deny+delete" instructions in a rule, you can now automatically rename attachment filenames using the "rename" and "rename to" instructions instead of just allowing or denying them. When using the new "rename" instruction in a rule, any matching file will be automatically renamed using the new "Rename Pattern" setting in MailScanner.conf. This allows you to add a prefix or a suffix to any filename. When using the new "rename to" instruction in a rule, any matching file will be automatically renamed so that the portion of the filename that matches the pattern string is replaced with new text. So for example, you can rename all *.pps files to *.ppt with the rule rename to .ppt \.pps$ Renamed pps to ppt Renamed file If you want to be even cleverer, you can use parenthesised sections of the match pattern within the replacement text. I'm not quite sure who this will be useful to, but I'm sure you will find some clever uses (you folks always do!). As a random example, rename to Dangerous_$1_$2 ^(.*)\.(exe|com|scr)$ Renamed dangerous exes Renamed file That will rename any file such as "PleaseRunMe.exe" to "Dangerous_PleaseRunMe_exe" and rename "DodgyScreensaver.scr" to "Dangerous_DodgyScreensaver_scr" which means the user cannot run it without renaming it first. Cool huh? Anyway, you can get it as usual from http://www.mailscanner.info ========================== The full Changelog is: * New Features and Improvements * 1 In filename.rules.conf and filetype.rules.conf files, as well as the previous "allow", "deny", "deny+delete", and email-address types of rule, there are now "rename" rules as well. If a filename or filetype matches a "rename" rule, the original attachment is left in the message but is renamed according to the "Rename Pattern" setting in MailScanner.conf. This allows for any prefixes or suffixes you may want to add to the attachment's filename. 2 Improved "rename" rules so you can now also specify "rename to new-text". If the rule matched an attachment's filename, the text matching the pattern for that rule will be replaced with the "new-text" string supplied. The "to" is optional, but makes it easier to read. 4 Rules files will be assumed in the MailScanner.conf if the filename now ends in ".Rules" as well as ".rules". 4 Allow deployments with the 'split mail per recipient' setup where mail is re-injected from 127.0.0.1 to still whitelist 127.0.0.1 for releasing of quarantined messages, while still scanning re-injected mail. * Fixes * 1 AVG scanner command-line arguments typo fixed. 2 Fixed problem where HTML messages scanned for Phishing would be truncated at the start of the first tag if it was never closed properly. 3 Fixed bug stopping things like "$1" working in the replacement text of a "rename to" filename.rules.conf rule. 4 Fixed permissions of ClamAV temp files to use workperms instead of 0600. Thanks to Rick Cooper for this fix! 4 Fixed problem caused by invalid "Spam List" or "Spam Domain List" values appearing in the conf file. Thanks to Steve Freegard for this! 5 Fixed issue where messages quarantined for being a DoS attack did not have their headers quarantined correctly. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From stephencoxmail at gmail.com Fri Feb 11 16:02:14 2011 From: stephencoxmail at gmail.com (Stephen Cox) Date: Fri Feb 11 16:02:25 2011 Subject: MailScanner ANNOUNCE: 4.82 stable released In-Reply-To: References: <4D554758.1070605@ecs.soton.ac.uk> Message-ID: Thank you! On 2/11/11, Julian Field wrote: > Folks, > > I have just released a new stable edition of MailScanner, version 4.82.6. > > This is identical to the recent beta version 4.82.5. > > The main new feature is in filename.rules.conf and filetype.rules.conf > configuration files. As well as the previous "allow", "deny" and > "deny+delete" instructions in a rule, you can now automatically rename > attachment filenames using the "rename" and "rename to" instructions > instead of just allowing or denying them. > > When using the new "rename" instruction in a rule, any matching file > will be automatically renamed using the new "Rename Pattern" setting in > MailScanner.conf. This allows you to add a prefix or a suffix to any > filename. > > When using the new "rename to" instruction in a rule, any matching file > will be automatically renamed so that the portion of the filename that > matches the pattern string is replaced with new text. So for example, > you can rename all *.pps files to *.ppt with the rule > > rename to .ppt \.pps$ Renamed pps to ppt Renamed file > > If you want to be even cleverer, you can use parenthesised sections of > the match pattern within the replacement text. I'm not quite sure who > this will be useful to, but I'm sure you will find some clever uses (you > folks always do!). As a random example, > > rename to Dangerous_$1_$2 ^(.*)\.(exe|com|scr)$ Renamed dangerous > exes Renamed file > > That will rename any file such as "PleaseRunMe.exe" to > "Dangerous_PleaseRunMe_exe" and rename "DodgyScreensaver.scr" to > "Dangerous_DodgyScreensaver_scr" which means the user cannot run it > without renaming it first. > > Cool huh? > > Anyway, you can get it as usual from > > http://www.mailscanner.info > > ========================== > The full Changelog is: > * New Features and Improvements * > 1 In filename.rules.conf and filetype.rules.conf files, as well as the > previous "allow", "deny", "deny+delete", and email-address types of rule, > there are now "rename" rules as well. If a filename or filetype matches > a "rename" rule, the original attachment is left in the message but is > renamed according to the "Rename Pattern" setting in MailScanner.conf. > This allows for any prefixes or suffixes you may want to add to the > attachment's filename. > 2 Improved "rename" rules so you can now also specify "rename to new-text". > If the rule matched an attachment's filename, the text matching the > pattern > for that rule will be replaced with the "new-text" string supplied. > The "to" is optional, but makes it easier to read. > 4 Rules files will be assumed in the MailScanner.conf if the filename now > ends in ".Rules" as well as ".rules". > 4 Allow deployments with the 'split mail per recipient' setup where mail > is re-injected from 127.0.0.1 to still whitelist 127.0.0.1 for releasing > of quarantined messages, while still scanning re-injected mail. > > * Fixes * > 1 AVG scanner command-line arguments typo fixed. > 2 Fixed problem where HTML messages scanned for Phishing would be truncated > at the start of the first tag if it was never closed properly. > 3 Fixed bug stopping things like "$1" working in the replacement text of a > "rename to" filename.rules.conf rule. > 4 Fixed permissions of ClamAV temp files to use workperms instead of 0600. > Thanks to Rick Cooper for this fix! > 4 Fixed problem caused by invalid "Spam List" or "Spam Domain List" values > appearing in the conf file. Thanks to Steve Freegard for this! > 5 Fixed issue where messages quarantined for being a DoS attack did not > have their headers quarantined correctly. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > Need help customising MailScanner? Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM > > 'All programs have a desire to be useful' - Tron, 1982 > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Stephen Cox From asim.mcp at gmail.com Sun Feb 13 19:09:48 2011 From: asim.mcp at gmail.com (asim hafeez) Date: Sun Feb 13 19:10:18 2011 Subject: attachment issue Message-ID: Hi, I can send a new email with attachment without any issue. When i forward that email from sent folder, I don't get the attachment and it converts into the text code. Any help please?? -- Best Regards Asim -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110214/d713964a/attachment.html From alex at vidadigital.com.pa Sun Feb 13 20:42:46 2011 From: alex at vidadigital.com.pa (Alex Neuman van der Hans) Date: Sun Feb 13 20:43:02 2011 Subject: attachment issue In-Reply-To: References: Message-ID: <4D584246.3000703@vidadigital.com.pa> You need to provide more information on how to reproduce the problem. Use pastebin if you need to provide examples, don't send attachments to the list. On 2/13/2011 2:09 PM, asim hafeez wrote: > Hi, > > I can send a new email with attachment without any issue. When i > forward that email from sent folder, I don't get the attachment and it > converts into the text code. > Any help please?? > > -- > Best Regards > Asim -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507 6781-9505 +507 832-6725 Follow @AlexNeuman on Twitter Facebook.com/vidadigital From stephencoxmail at gmail.com Mon Feb 14 09:52:29 2011 From: stephencoxmail at gmail.com (Stephen Cox) Date: Mon Feb 14 09:52:38 2011 Subject: Sanesecurity help Message-ID: I recently added Sanesecurity signatures to my clamd, the problem is that infected files just go through MailScanner. The message has an header entry of "...SpamVirus-Report: Sanesecurity.TestSig_Type4_Hdr.2.UNOFFICIAL", but it still delivers. MailScanner version is 4.79.11. What am I missing? -- Stephen Cox -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110214/23fb02a6/attachment.html From richard at fastnet.co.uk Mon Feb 14 10:04:09 2011 From: richard at fastnet.co.uk (Richard Mealing) Date: Mon Feb 14 10:04:59 2011 Subject: [FastNet PRO Probable Spam] Sanesecurity help In-Reply-To: References: Message-ID: Hi Stephen, Have you added this? Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/* ScamNailer.Phish* winnow.malware* winnow.botnet.ff.trojans* winnow.botnets* Email.Phishing* CRDF.* Depending on what you are using... Then you need to add the rules into spamassassin, like - #Sanesecurity Signature (jurlbl.ndb) header SPAMVIRUSJurlblAuto X-YOURORGNAME-MailScanner-SpamVirus-Report =~ /Sanesecurity.Jurlbl.Auto/i score SPAMVIRUSJurlblAuto 4.0 I can send them all if you like. Richard From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Stephen Cox Sent: 14 February 2011 09:52 To: MailScanner discussion Subject: [FastNet PRO Probable Spam] Sanesecurity help I recently added Sanesecurity signatures to my clamd, the problem is that infected files just go through MailScanner. The message has an header entry of "...SpamVirus-Report: Sanesecurity.TestSig_Type4_Hdr.2.UNOFFICIAL", but it still delivers. MailScanner version is 4.79.11. What am I missing? -- Stephen Cox -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110214/028a7a4d/attachment.html From stephencoxmail at gmail.com Mon Feb 14 11:19:38 2011 From: stephencoxmail at gmail.com (Stephen Cox) Date: Mon Feb 14 11:19:48 2011 Subject: [FastNet PRO Probable Spam] Sanesecurity help In-Reply-To: References: Message-ID: I found the problem. At the bottom of spam.assassin.prefs.conf the entry "header MS_FOUND_SPAMVIRUS exists:X-MailScanner-SpamVirus-Report" did not match the header I attached. I changed it to "header MS_FOUND_SPAMVIRUS exists:X-mycompanyname-MailScanner-SpamVirus-Report" On Mon, Feb 14, 2011 at 12:04 PM, Richard Mealing wrote: > Hi Stephen, > > > > Have you added this? > > > > Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/* ScamNailer.Phish* > winnow.malware* winnow.botnet.ff.trojans* winnow.botnets* Email.Phishing* > CRDF.* > > > > Depending on what you are using? > > > > Then you need to add the rules into spamassassin, like ? > > > > #Sanesecurity Signature (jurlbl.ndb) > > header SPAMVIRUSJurlblAuto X-YOURORGNAME-MailScanner-SpamVirus-Report =~ > /Sanesecurity.Jurlbl.Auto/i > > score SPAMVIRUSJurlblAuto 4.0 > > > > I can send them all if you like. > > > > Richard > > > > *From:* mailscanner-bounces@lists.mailscanner.info [mailto: > mailscanner-bounces@lists.mailscanner.info] *On Behalf Of *Stephen Cox > *Sent:* 14 February 2011 09:52 > *To:* MailScanner discussion > *Subject:* [FastNet PRO Probable Spam] Sanesecurity help > > > > I recently added Sanesecurity signatures to my clamd, the problem is that > infected files just go through MailScanner. > > > > The message has an header entry of "...SpamVirus-Report: > Sanesecurity.TestSig_Type4_Hdr.2.UNOFFICIAL", but it still delivers. > > > > MailScanner version is 4.79.11. > > > > What am I missing? > > > -- > Stephen Cox > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Stephen Cox -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110214/7226d9e3/attachment.html From AHKAPLAN at PARTNERS.ORG Mon Feb 14 19:07:27 2011 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Mon Feb 14 19:07:37 2011 Subject: Problem starting MailScanner due to missing pm module Message-ID: Hi there -- I recently upgraded MailScanner via the installation package that includes the ClamAV and SpamAssassin applications. The package version is install-Clam-0.96.5-SA-3.3.1 that includes version 4.82.6 of the MailScanner program. The operating system environment is the Fedora Core 7 distribution. The installation appeared to go by without issue, but whenever I try to start MailScanner via the /etc/init.d/MailScanner script, the following output appears on-screen: Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: Can't locate MailScanner/MessageBatch.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread-multi /usr/lib/perl5/5.8.8 /usr/lib/MailScanner) at /usr/sbin/MailScanner line 103. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 103. While the Sendmail application starts, the same cannot be said for the MailScanner application. I did a search for a perl module with the name MessageBatch.pm, but I did not find one with that name. Is there another module of which MessageBatch is a part of, or is there something else that I need to do in order to get MailScanner to work? Thanks. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110214/5f506674/attachment.html From maillists at conactive.com Mon Feb 14 19:31:21 2011 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Feb 14 19:31:35 2011 Subject: MailScanner ANNOUNCE: 4.82 stable released In-Reply-To: References: <4D554758.1070605@ecs.soton.ac.uk> Message-ID: Applied and working fine. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From mikael at syska.dk Mon Feb 14 19:48:49 2011 From: mikael at syska.dk (Mikael Syska) Date: Mon Feb 14 19:49:02 2011 Subject: Problem starting MailScanner due to missing pm module In-Reply-To: References: Message-ID: Hi, MessageBatch.pm is part of MailScanner so something must have gone wrong with the installtion. I would try and install MailScanner one more time ... or look in the package for that file. mvh On Mon, Feb 14, 2011 at 8:07 PM, Kaplan, Andrew H. wrote: > Hi there -- > > I recently upgraded MailScanner via the installation package that includes > the ClamAV and SpamAssassin applications. > The package version is install-Clam-0.96.5-SA-3.3.1 that includes version > 4.82.6 of the MailScanner program. The operating > > system environment is the Fedora Core 7 distribution. > > The installation appeared to go by without issue, but whenever I try to > start MailScanner via the /etc/init.d/MailScanner > > script, the following output appears on-screen: > > Starting MailScanner daemons: > ???????? incoming sendmail:??????????????????????????????? [? OK? ] > ???????? outgoing sendmail:??????????????????????????????? [? OK? ] > ???????? MailScanner:?????? Can't locate MailScanner/MessageBatch.pm in @INC > (@INC contains: /usr/lib/MailScanner > /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 > /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 > /usr/lib/perl5/site_perl > /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 > /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 > /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread-multi > /usr/lib/perl5/5.8.8 /usr/lib/MailScanner) at /usr/sbin/MailScanner line > 103. > > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 103. > > While the Sendmail application starts, the same cannot be said for the > MailScanner application. I did a search for > a perl module with the name MessageBatch.pm, but I did not find one with > that name. Is there another module of > which MessageBatch is a part of, or is there something else that I need to > do in order to get MailScanner to work? > > Thanks. > > The information in this e-mail is intended only for the person to whom it is > addressed. If you believe this e-mail was sent to you in error and the > e-mail > contains patient information, please contact the Partners Compliance > HelpLine at > http://www.partners.org/complianceline . If the e-mail was sent to you in > error > but does not contain patient information, please contact the sender and > properly > dispose of the e-mail. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From maxsec at gmail.com Mon Feb 14 20:34:50 2011 From: maxsec at gmail.com (Martin Hepworth) Date: Mon Feb 14 20:35:04 2011 Subject: Problem starting MailScanner due to missing pm module In-Reply-To: References: Message-ID: I'd check the install, I was under the impression the two installers were separate On Monday, 14 February 2011, Mikael Syska wrote: > Hi, > > MessageBatch.pm is part of MailScanner so something must have gone > wrong with the installtion. > > I would try and install MailScanner one more time ... or look in the > package for that file. > > mvh > > On Mon, Feb 14, 2011 at 8:07 PM, Kaplan, Andrew H. > wrote: >> Hi there -- >> >> I recently upgraded MailScanner via the installation package that includes >> the ClamAV and SpamAssassin applications. >> The package version is install-Clam-0.96.5-SA-3.3.1 that includes version >> 4.82.6 of the MailScanner program. The operating >> >> system environment is the Fedora Core 7 distribution. >> >> The installation appeared to go by without issue, but whenever I try to >> start MailScanner via the /etc/init.d/MailScanner >> >> script, the following output appears on-screen: >> >> Starting MailScanner daemons: >> ???????? incoming sendmail:??????????????????????????????? [? OK? ] >> ???????? outgoing sendmail:??????????????????????????????? [? OK? ] >> ???????? MailScanner:?????? Can't locate MailScanner/MessageBatch.pm in @INC >> (@INC contains: /usr/lib/MailScanner >> /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 >> /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 >> /usr/lib/perl5/site_perl >> /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 >> /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 >> /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/5.8.8 /usr/lib/MailScanner) at /usr/sbin/MailScanner line >> 103. >> >> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 103. >> >> While the Sendmail application starts, the same cannot be said for the >> MailScanner application. I did a search for >> a perl module with the name MessageBatch.pm, but I did not find one with >> that name. Is there another module of >> which MessageBatch is a part of, or is there something else that I need to >> do in order to get MailScanner to work? >> >> Thanks. >> >> The information in this e-mail is intended only for the person to whom it is >> addressed. If you believe this e-mail was sent to you in error and the >> e-mail >> contains patient information, please contact the Partners Compliance >> HelpLine at >> http://www.partners.org/complianceline . If the e-mail was sent to you in >> error >> but does not contain patient information, please contact the sender and >> properly >> dispose of the e-mail. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Martin Hepworth Oxford, UK From AHKAPLAN at PARTNERS.ORG Mon Feb 14 21:05:47 2011 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Mon Feb 14 21:05:59 2011 Subject: Problem starting MailScanner due to missing pm module In-Reply-To: References: Message-ID: Hi there -- I ran the installation again, and as before, there were no apparent error messages. When I tried starting MailScanner, the same error message appeared on-screen. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: Monday, February 14, 2011 3:35 PM To: MailScanner discussion Subject: Re: Problem starting MailScanner due to missing pm module I'd check the install, I was under the impression the two installers were separate On Monday, 14 February 2011, Mikael Syska wrote: > Hi, > > MessageBatch.pm is part of MailScanner so something must have gone > wrong with the installtion. > > I would try and install MailScanner one more time ... or look in the > package for that file. > > mvh > > On Mon, Feb 14, 2011 at 8:07 PM, Kaplan, Andrew H. > wrote: >> Hi there -- >> >> I recently upgraded MailScanner via the installation package that includes >> the ClamAV and SpamAssassin applications. >> The package version is install-Clam-0.96.5-SA-3.3.1 that includes version >> 4.82.6 of the MailScanner program. The operating >> >> system environment is the Fedora Core 7 distribution. >> >> The installation appeared to go by without issue, but whenever I try to >> start MailScanner via the /etc/init.d/MailScanner >> >> script, the following output appears on-screen: >> >> Starting MailScanner daemons: >> ???????? incoming sendmail:??????????????????????????????? [? OK? ] >> ???????? outgoing sendmail:??????????????????????????????? [? OK? ] >> ???????? MailScanner:?????? Can't locate MailScanner/MessageBatch.pm in @INC >> (@INC contains: /usr/lib/MailScanner >> /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 >> /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 >> /usr/lib/perl5/site_perl >> /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 >> /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 >> /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/5.8.8 /usr/lib/MailScanner) at /usr/sbin/MailScanner line >> 103. >> >> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 103. >> >> While the Sendmail application starts, the same cannot be said for the >> MailScanner application. I did a search for >> a perl module with the name MessageBatch.pm, but I did not find one with >> that name. Is there another module of >> which MessageBatch is a part of, or is there something else that I need to >> do in order to get MailScanner to work? >> >> Thanks. >> >> The information in this e-mail is intended only for the person to whom it is >> addressed. If you believe this e-mail was sent to you in error and the >> e-mail >> contains patient information, please contact the Partners Compliance >> HelpLine at >> http://www.partners.org/complianceline . If the e-mail was sent to you in >> error >> but does not contain patient information, please contact the sender and >> properly >> dispose of the e-mail. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Martin Hepworth Oxford, UK -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Mon Feb 14 21:58:05 2011 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 14 21:58:27 2011 Subject: Problem starting MailScanner due to missing pm module In-Reply-To: References: Message-ID: on 2/14/2011 11:07 AM Kaplan, Andrew H. spake the following: > Hi there -- > > I recently upgraded MailScanner via the installation package that includes the > ClamAV and SpamAssassin applications. > The package version is install-Clam-0.96.5-SA-3.3.1 that includes version > 4.82.6 of the MailScanner program. The operating > > system environment is the Fedora Core 7 distribution. I wasn't aware that there was a single package with mailscanner AND the clam/spamassassin.... Where did you find it? From AHKAPLAN at PARTNERS.ORG Mon Feb 14 22:25:58 2011 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Mon Feb 14 22:26:07 2011 Subject: Problem starting MailScanner due to missing pm module In-Reply-To: References: Message-ID: There isn't one...they are two separate packages. My mistake was I was using an existing MailScanner package, when I should have installed the newest one. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: Monday, February 14, 2011 4:58 PM To: mailscanner@lists.mailscanner.info Subject: Re: Problem starting MailScanner due to missing pm module on 2/14/2011 11:07 AM Kaplan, Andrew H. spake the following: > Hi there -- > > I recently upgraded MailScanner via the installation package that includes the > ClamAV and SpamAssassin applications. > The package version is install-Clam-0.96.5-SA-3.3.1 that includes version > 4.82.6 of the MailScanner program. The operating > > system environment is the Fedora Core 7 distribution. I wasn't aware that there was a single package with mailscanner AND the clam/spamassassin.... Where did you find it? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. From AHKAPLAN at PARTNERS.ORG Tue Feb 15 14:00:08 2011 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Tue Feb 15 14:01:52 2011 Subject: Problem starting MailScanner due to missing pm module In-Reply-To: References: Message-ID: Hi there -- It turns out what I needed to do was remove the existing MailScanner package, and then download and install the newest version along with the easy install package of clamav and spamassassin. Thanks to all for the feedback on that. As a followup: I went to the MailScanner.conf file, located in the /etc/MailScanner directory, to verify that it is using spamassassin. Previously there was a line within the file that had the syntax: "use spamassassin = yes" However, when I look now, there is no line with that syntax in the file. Is this by design, or do I need to add a line with that syntax to the file, and subsequently restart MailScanner? Thanks. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: Monday, February 14, 2011 3:35 PM To: MailScanner discussion Subject: Re: Problem starting MailScanner due to missing pm module I'd check the install, I was under the impression the two installers were separate On Monday, 14 February 2011, Mikael Syska wrote: > Hi, > > MessageBatch.pm is part of MailScanner so something must have gone > wrong with the installtion. > > I would try and install MailScanner one more time ... or look in the > package for that file. > > mvh > > On Mon, Feb 14, 2011 at 8:07 PM, Kaplan, Andrew H. > wrote: >> Hi there -- >> >> I recently upgraded MailScanner via the installation package that includes >> the ClamAV and SpamAssassin applications. >> The package version is install-Clam-0.96.5-SA-3.3.1 that includes version >> 4.82.6 of the MailScanner program. The operating >> >> system environment is the Fedora Core 7 distribution. >> >> The installation appeared to go by without issue, but whenever I try to >> start MailScanner via the /etc/init.d/MailScanner >> >> script, the following output appears on-screen: >> >> Starting MailScanner daemons: >> ???????? incoming sendmail:??????????????????????????????? [? OK? ] >> ???????? outgoing sendmail:??????????????????????????????? [? OK? ] >> ???????? MailScanner:?????? Can't locate MailScanner/MessageBatch.pm in @INC >> (@INC contains: /usr/lib/MailScanner >> /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 >> /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 >> /usr/lib/perl5/site_perl >> /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 >> /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 >> /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/5.8.8 /usr/lib/MailScanner) at /usr/sbin/MailScanner line >> 103. >> >> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 103. >> >> While the Sendmail application starts, the same cannot be said for the >> MailScanner application. I did a search for >> a perl module with the name MessageBatch.pm, but I did not find one with >> that name. Is there another module of >> which MessageBatch is a part of, or is there something else that I need to >> do in order to get MailScanner to work? >> >> Thanks. >> >> The information in this e-mail is intended only for the person to whom it is >> addressed. If you believe this e-mail was sent to you in error and the >> e-mail >> contains patient information, please contact the Partners Compliance >> HelpLine at >> http://www.partners.org/complianceline . If the e-mail was sent to you in >> error >> but does not contain patient information, please contact the sender and >> properly >> dispose of the e-mail. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Martin Hepworth Oxford, UK -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mrm at medicine.wisc.edu Tue Feb 15 15:01:25 2011 From: mrm at medicine.wisc.edu (Michael Masse) Date: Tue Feb 15 15:01:48 2011 Subject: Base64 encoded html Message-ID: <4D5A40E50200003E0000614C@gwmail.medicine.wisc.edu> Does the "Strip HTML" option work for Base64 encoded html? I'm trying to get Mailscanner to strip all html from email coming from a specific sender, but it's not working. Looking at the source of the email, even the html portion is encoded in base64. The attachments are in base64 as well, but that's what I would normally expect. -Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110215/bd3be79b/attachment.html From MailScanner at ecs.soton.ac.uk Tue Feb 15 15:19:21 2011 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 15 15:19:34 2011 Subject: Base64 encoded html In-Reply-To: <4D5A40E50200003E0000614C@gwmail.medicine.wisc.edu> References: <4D5A40E50200003E0000614C@gwmail.medicine.wisc.edu> <4D5A9979.2000601@ecs.soton.ac.uk> Message-ID: It should do, yes. All decoding is done before I start looking at the message content. On 15/02/2011 15:01, Michael Masse wrote: > Does the "Strip HTML" option work for Base64 encoded html? I'm > trying to get Mailscanner to strip all html from email coming from a > specific sender, but it's not working. Looking at the source of the > email, even the html portion is encoded in base64. The attachments > are in base64 as well, but that's what I would normally expect. > -Mike Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Tue Feb 15 16:24:02 2011 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Feb 15 16:24:28 2011 Subject: Problem starting MailScanner due to missing pm module In-Reply-To: References: Message-ID: <7CA580B59C1ABD45B4614ED90D4C7B852FA22190@HC-EXMBX01.herefordshire.gov.uk> Have you run upgrade_MailScanner_conf and followed the intructions therei? Phil -- Phil Randal | Infrastructure Engineer NHS Herefordshire & Herefordshire Council? | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kaplan, Andrew H. Sent: 15 February 2011 14:00 To: MailScanner discussion Subject: RE: Problem starting MailScanner due to missing pm module Hi there -- It turns out what I needed to do was remove the existing MailScanner package, and then download and install the newest version along with the easy install package of clamav and spamassassin. Thanks to all for the feedback on that. As a followup: I went to the MailScanner.conf file, located in the /etc/MailScanner directory, to verify that it is using spamassassin. Previously there was a line within the file that had the syntax: "use spamassassin = yes" However, when I look now, there is no line with that syntax in the file. Is this by design, or do I need to add a line with that syntax to the file, and subsequently restart MailScanner? Thanks. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: Monday, February 14, 2011 3:35 PM To: MailScanner discussion Subject: Re: Problem starting MailScanner due to missing pm module I'd check the install, I was under the impression the two installers were separate On Monday, 14 February 2011, Mikael Syska wrote: > Hi, > > MessageBatch.pm is part of MailScanner so something must have gone > wrong with the installtion. > > I would try and install MailScanner one more time ... or look in the > package for that file. > > mvh > > On Mon, Feb 14, 2011 at 8:07 PM, Kaplan, Andrew H. > wrote: >> Hi there -- >> >> I recently upgraded MailScanner via the installation package that >> includes the ClamAV and SpamAssassin applications. >> The package version is install-Clam-0.96.5-SA-3.3.1 that includes >> version >> 4.82.6 of the MailScanner program. The operating >> >> system environment is the Fedora Core 7 distribution. >> >> The installation appeared to go by without issue, but whenever I try >> to start MailScanner via the /etc/init.d/MailScanner >> >> script, the following output appears on-screen: >> >> Starting MailScanner daemons: >> ???????? incoming sendmail:??????????????????????????????? [? OK? ] >> ???????? outgoing sendmail:??????????????????????????????? [? OK? ] >> ???????? MailScanner:?????? Can't locate MailScanner/MessageBatch.pm >> in @INC (@INC contains: /usr/lib/MailScanner >> /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 >> /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 >> /usr/lib/perl5/site_perl >> /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 >> /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 >> /usr/lib/perl5/vendor_perl >> /usr/lib/perl5/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/5.8.8 /usr/lib/MailScanner) at /usr/sbin/MailScanner >> line 103. >> >> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 103. >> >> While the Sendmail application starts, the same cannot be said for >> the MailScanner application. I did a search for a perl module with >> the name MessageBatch.pm, but I did not find one with that name. Is >> there another module of which MessageBatch is a part of, or is there >> something else that I need to do in order to get MailScanner to work? >> >> Thanks. >> >> The information in this e-mail is intended only for the person to >> whom it is addressed. If you believe this e-mail was sent to you in >> error and the e-mail contains patient information, please contact the >> Partners Compliance HelpLine at >> http://www.partners.org/complianceline . If the e-mail was sent to >> you in error but does not contain patient information, please contact >> the sender and properly dispose of the e-mail. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Martin Hepworth Oxford, UK -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From AHKAPLAN at PARTNERS.ORG Tue Feb 15 16:48:42 2011 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Tue Feb 15 16:48:53 2011 Subject: Problem starting MailScanner due to missing pm module In-Reply-To: <7CA580B59C1ABD45B4614ED90D4C7B852FA22190@HC-EXMBX01.herefordshire.gov.uk> References: <7CA580B59C1ABD45B4614ED90D4C7B852FA22190@HC-EXMBX01.herefordshire.gov.uk> Message-ID: Hi there -- I checked out the script in question, and the syntax to be used here would be the tar file. The problem is that while I have the MailScanner.conf file, I do not have the .new file. I did a search of the root directory, and there is no instance of the MailScanner.new file anywhere. The absense of the file would seem to prevent my running the script using that syntax. I do have the rpmnew file, but I am not sure if that would work with this version of the application. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: Tuesday, February 15, 2011 11:24 AM To: MailScanner discussion Subject: RE: Problem starting MailScanner due to missing pm module Have you run upgrade_MailScanner_conf and followed the intructions therei? Phil -- Phil Randal | Infrastructure Engineer NHS Herefordshire & Herefordshire Council? | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kaplan, Andrew H. Sent: 15 February 2011 14:00 To: MailScanner discussion Subject: RE: Problem starting MailScanner due to missing pm module Hi there -- It turns out what I needed to do was remove the existing MailScanner package, and then download and install the newest version along with the easy install package of clamav and spamassassin. Thanks to all for the feedback on that. As a followup: I went to the MailScanner.conf file, located in the /etc/MailScanner directory, to verify that it is using spamassassin. Previously there was a line within the file that had the syntax: "use spamassassin = yes" However, when I look now, there is no line with that syntax in the file. Is this by design, or do I need to add a line with that syntax to the file, and subsequently restart MailScanner? Thanks. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: Monday, February 14, 2011 3:35 PM To: MailScanner discussion Subject: Re: Problem starting MailScanner due to missing pm module I'd check the install, I was under the impression the two installers were separate On Monday, 14 February 2011, Mikael Syska wrote: > Hi, > > MessageBatch.pm is part of MailScanner so something must have gone > wrong with the installtion. > > I would try and install MailScanner one more time ... or look in the > package for that file. > > mvh > > On Mon, Feb 14, 2011 at 8:07 PM, Kaplan, Andrew H. > wrote: >> Hi there -- >> >> I recently upgraded MailScanner via the installation package that >> includes the ClamAV and SpamAssassin applications. >> The package version is install-Clam-0.96.5-SA-3.3.1 that includes >> version >> 4.82.6 of the MailScanner program. The operating >> >> system environment is the Fedora Core 7 distribution. >> >> The installation appeared to go by without issue, but whenever I try >> to start MailScanner via the /etc/init.d/MailScanner >> >> script, the following output appears on-screen: >> >> Starting MailScanner daemons: >> ???????? incoming sendmail:??????????????????????????????? [? OK? ] >> ???????? outgoing sendmail:??????????????????????????????? [? OK? ] >> ???????? MailScanner:?????? Can't locate MailScanner/MessageBatch.pm >> in @INC (@INC contains: /usr/lib/MailScanner >> /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 >> /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 >> /usr/lib/perl5/site_perl >> /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 >> /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 >> /usr/lib/perl5/vendor_perl >> /usr/lib/perl5/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/5.8.8 /usr/lib/MailScanner) at /usr/sbin/MailScanner >> line 103. >> >> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 103. >> >> While the Sendmail application starts, the same cannot be said for >> the MailScanner application. I did a search for a perl module with >> the name MessageBatch.pm, but I did not find one with that name. Is >> there another module of which MessageBatch is a part of, or is there >> something else that I need to do in order to get MailScanner to work? >> >> Thanks. >> >> The information in this e-mail is intended only for the person to >> whom it is addressed. If you believe this e-mail was sent to you in >> error and the e-mail contains patient information, please contact the >> Partners Compliance HelpLine at >> http://www.partners.org/complianceline . If the e-mail was sent to >> you in error but does not contain patient information, please contact >> the sender and properly dispose of the e-mail. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Martin Hepworth Oxford, UK -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From prandal at herefordshire.gov.uk Tue Feb 15 17:21:55 2011 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Feb 15 17:22:16 2011 Subject: Problem starting MailScanner due to missing pm module In-Reply-To: References: <7CA580B59C1ABD45B4614ED90D4C7B852FA22190@HC-EXMBX01.herefordshire.gov.uk> Message-ID: <7CA580B59C1ABD45B4614ED90D4C7B852FA2262F@HC-EXMBX01.herefordshire.gov.uk> There's a default MailScanner.conf in the tarball. Compare that with the one you have in /etc/MailScanner Also try MailScanner --changed It'll tell you where your config differs from the default. And try MailScanner --lint Taking note of any warnings.. Cheers, Phil -- Phil Randal | Infrastructure Engineer NHS Herefordshire & Herefordshire Council? | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kaplan, Andrew H. Sent: 15 February 2011 16:49 To: MailScanner discussion Subject: RE: Problem starting MailScanner due to missing pm module Hi there -- I checked out the script in question, and the syntax to be used here would be the tar file. The problem is that while I have the MailScanner.conf file, I do not have the .new file. I did a search of the root directory, and there is no instance of the MailScanner.new file anywhere. The absense of the file would seem to prevent my running the script using that syntax. I do have the rpmnew file, but I am not sure if that would work with this version of the application. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: Tuesday, February 15, 2011 11:24 AM To: MailScanner discussion Subject: RE: Problem starting MailScanner due to missing pm module Have you run upgrade_MailScanner_conf and followed the intructions therei? Phil -- Phil Randal | Infrastructure Engineer NHS Herefordshire & Herefordshire Council? | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kaplan, Andrew H. Sent: 15 February 2011 14:00 To: MailScanner discussion Subject: RE: Problem starting MailScanner due to missing pm module Hi there -- It turns out what I needed to do was remove the existing MailScanner package, and then download and install the newest version along with the easy install package of clamav and spamassassin. Thanks to all for the feedback on that. As a followup: I went to the MailScanner.conf file, located in the /etc/MailScanner directory, to verify that it is using spamassassin. Previously there was a line within the file that had the syntax: "use spamassassin = yes" However, when I look now, there is no line with that syntax in the file. Is this by design, or do I need to add a line with that syntax to the file, and subsequently restart MailScanner? Thanks. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: Monday, February 14, 2011 3:35 PM To: MailScanner discussion Subject: Re: Problem starting MailScanner due to missing pm module I'd check the install, I was under the impression the two installers were separate On Monday, 14 February 2011, Mikael Syska wrote: > Hi, > > MessageBatch.pm is part of MailScanner so something must have gone > wrong with the installtion. > > I would try and install MailScanner one more time ... or look in the > package for that file. > > mvh > > On Mon, Feb 14, 2011 at 8:07 PM, Kaplan, Andrew H. > wrote: >> Hi there -- >> >> I recently upgraded MailScanner via the installation package that >> includes the ClamAV and SpamAssassin applications. >> The package version is install-Clam-0.96.5-SA-3.3.1 that includes >> version >> 4.82.6 of the MailScanner program. The operating >> >> system environment is the Fedora Core 7 distribution. >> >> The installation appeared to go by without issue, but whenever I try >> to start MailScanner via the /etc/init.d/MailScanner >> >> script, the following output appears on-screen: >> >> Starting MailScanner daemons: >> ???????? incoming sendmail:??????????????????????????????? [? OK? ] >> ???????? outgoing sendmail:??????????????????????????????? [? OK? ] >> ???????? MailScanner:?????? Can't locate MailScanner/MessageBatch.pm >> in @INC (@INC contains: /usr/lib/MailScanner >> /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 >> /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 >> /usr/lib/perl5/site_perl >> /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 >> /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 >> /usr/lib/perl5/vendor_perl >> /usr/lib/perl5/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/5.8.8 /usr/lib/MailScanner) at /usr/sbin/MailScanner >> line 103. >> >> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 103. >> >> While the Sendmail application starts, the same cannot be said for >> the MailScanner application. I did a search for a perl module with >> the name MessageBatch.pm, but I did not find one with that name. Is >> there another module of which MessageBatch is a part of, or is there >> something else that I need to do in order to get MailScanner to work? >> >> Thanks. >> >> The information in this e-mail is intended only for the person to >> whom it is addressed. If you believe this e-mail was sent to you in >> error and the e-mail contains patient information, please contact the >> Partners Compliance HelpLine at >> http://www.partners.org/complianceline . If the e-mail was sent to >> you in error but does not contain patient information, please contact >> the sender and properly dispose of the e-mail. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Martin Hepworth Oxford, UK -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From AHKAPLAN at PARTNERS.ORG Tue Feb 15 18:46:35 2011 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Tue Feb 15 18:46:46 2011 Subject: Problem starting MailScanner due to missing pm module In-Reply-To: <7CA580B59C1ABD45B4614ED90D4C7B852FA2262F@HC-EXMBX01.herefordshire.gov.uk> References: <7CA580B59C1ABD45B4614ED90D4C7B852FA22190@HC-EXMBX01.herefordshire.gov.uk> <7CA580B59C1ABD45B4614ED90D4C7B852FA2262F@HC-EXMBX01.herefordshire.gov.uk> Message-ID: Hi there -- I did the comparison of the two MailScanner.conf files, and neither one had a "use spamassassi" line in them. The two commands that were listed did not list any warnings that were apparent show stoppers. I started MailScanner, and the messages did make mention of MailScanner "referencing" the SpamAssassin application. Additionally, the "strongly recommended" cronjobs ran at least once. The only other question I have is, is there a way to confirm or test that MailScanner is utilizing both SpamAssassin and ClamAV applications? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: Tuesday, February 15, 2011 12:22 PM To: MailScanner discussion Subject: RE: Problem starting MailScanner due to missing pm module There's a default MailScanner.conf in the tarball. Compare that with the one you have in /etc/MailScanner Also try MailScanner --changed It'll tell you where your config differs from the default. And try MailScanner --lint Taking note of any warnings.. Cheers, Phil -- Phil Randal | Infrastructure Engineer NHS Herefordshire & Herefordshire Council? | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kaplan, Andrew H. Sent: 15 February 2011 16:49 To: MailScanner discussion Subject: RE: Problem starting MailScanner due to missing pm module Hi there -- I checked out the script in question, and the syntax to be used here would be the tar file. The problem is that while I have the MailScanner.conf file, I do not have the .new file. I did a search of the root directory, and there is no instance of the MailScanner.new file anywhere. The absense of the file would seem to prevent my running the script using that syntax. I do have the rpmnew file, but I am not sure if that would work with this version of the application. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: Tuesday, February 15, 2011 11:24 AM To: MailScanner discussion Subject: RE: Problem starting MailScanner due to missing pm module Have you run upgrade_MailScanner_conf and followed the intructions therei? Phil -- Phil Randal | Infrastructure Engineer NHS Herefordshire & Herefordshire Council? | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kaplan, Andrew H. Sent: 15 February 2011 14:00 To: MailScanner discussion Subject: RE: Problem starting MailScanner due to missing pm module Hi there -- It turns out what I needed to do was remove the existing MailScanner package, and then download and install the newest version along with the easy install package of clamav and spamassassin. Thanks to all for the feedback on that. As a followup: I went to the MailScanner.conf file, located in the /etc/MailScanner directory, to verify that it is using spamassassin. Previously there was a line within the file that had the syntax: "use spamassassin = yes" However, when I look now, there is no line with that syntax in the file. Is this by design, or do I need to add a line with that syntax to the file, and subsequently restart MailScanner? Thanks. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: Monday, February 14, 2011 3:35 PM To: MailScanner discussion Subject: Re: Problem starting MailScanner due to missing pm module I'd check the install, I was under the impression the two installers were separate On Monday, 14 February 2011, Mikael Syska wrote: > Hi, > > MessageBatch.pm is part of MailScanner so something must have gone > wrong with the installtion. > > I would try and install MailScanner one more time ... or look in the > package for that file. > > mvh > > On Mon, Feb 14, 2011 at 8:07 PM, Kaplan, Andrew H. > wrote: >> Hi there -- >> >> I recently upgraded MailScanner via the installation package that >> includes the ClamAV and SpamAssassin applications. >> The package version is install-Clam-0.96.5-SA-3.3.1 that includes >> version >> 4.82.6 of the MailScanner program. The operating >> >> system environment is the Fedora Core 7 distribution. >> >> The installation appeared to go by without issue, but whenever I try >> to start MailScanner via the /etc/init.d/MailScanner >> >> script, the following output appears on-screen: >> >> Starting MailScanner daemons: >> ???????? incoming sendmail:??????????????????????????????? [? OK? ] >> ???????? outgoing sendmail:??????????????????????????????? [? OK? ] >> ???????? MailScanner:?????? Can't locate MailScanner/MessageBatch.pm >> in @INC (@INC contains: /usr/lib/MailScanner >> /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 >> /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 >> /usr/lib/perl5/site_perl >> /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 >> /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 >> /usr/lib/perl5/vendor_perl >> /usr/lib/perl5/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/5.8.8 /usr/lib/MailScanner) at /usr/sbin/MailScanner >> line 103. >> >> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 103. >> >> While the Sendmail application starts, the same cannot be said for >> the MailScanner application. I did a search for a perl module with >> the name MessageBatch.pm, but I did not find one with that name. Is >> there another module of which MessageBatch is a part of, or is there >> something else that I need to do in order to get MailScanner to work? >> >> Thanks. >> >> The information in this e-mail is intended only for the person to >> whom it is addressed. If you believe this e-mail was sent to you in >> error and the e-mail contains patient information, please contact the >> Partners Compliance HelpLine at >> http://www.partners.org/complianceline . If the e-mail was sent to >> you in error but does not contain patient information, please contact >> the sender and properly dispose of the e-mail. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Martin Hepworth Oxford, UK -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From nsnidanko at harperpowerproducts.com Tue Feb 15 19:06:19 2011 From: nsnidanko at harperpowerproducts.com (Naz Snidanko) Date: Tue Feb 15 19:06:33 2011 Subject: Problem starting MailScanner due to missing pm module References: <7CA580B59C1ABD45B4614ED90D4C7B852FA22190@HC-EXMBX01.herefordshire.gov.uk><7CA580B59C1ABD45B4614ED90D4C7B852FA2262F@HC-EXMBX01.herefordshire.gov.uk> Message-ID: <5C4A6241B56FDB48A0AC6AC13CA9FB05011ECBC6@tor_nt01.harperdda.com> Hi Andrew, First check if your spamassassin is working properly. To do so run this command and check for any errors: echo "test" | spamassassin -D 2>&1 | more If you confirm it please test mailscanner: MailScanner --lint and look for the following lines: Your envelope_sender_header in spam.assassin.prefs.conf is correct. MailScanner setting GID to (115) MailScanner setting UID to (106) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. This will tell you that spamassassin is working with mailscanner. On top of that you can check your mail.log for something like this: Feb 15 14:02:28 ares MailScanner[11142]: Message 531176112C.A09E0 from 209.**2.**.6 (n****@wa***.com) to harperpowerproducts.com is not spam, SpamAssassin (not cached, score=-2.599, required 5, autolearn=not spam, BAYES_00 -2.60, HTML_MESSAGE 0.00, SPF_PASS -0.00) ---------------------------------------------------------------- ./1/eicar.com: Eicar-Test-Signature FOUND Virus Scanning: ClamAV found 1 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 1 viruses Shows that antivirus is working (in my case clamav) Please note that spamassassin bayes database will work after you feed it 200 "spam" and 200 "ham" emails. Hope it helps, Naz Snidanko Desktop & Network Support Harper Power Products Inc. (p) 416 201- 7506 nsnidanko@harperpowerproducts.com -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kaplan, Andrew H. Sent: February 15, 2011 1:47 PM To: MailScanner discussion Subject: RE: Problem starting MailScanner due to missing pm module Hi there -- I did the comparison of the two MailScanner.conf files, and neither one had a "use spamassassi" line in them. The two commands that were listed did not list any warnings that were apparent show stoppers. I started MailScanner, and the messages did make mention of MailScanner "referencing" the SpamAssassin application. Additionally, the "strongly recommended" cronjobs ran at least once. The only other question I have is, is there a way to confirm or test that MailScanner is utilizing both SpamAssassin and ClamAV applications? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: Tuesday, February 15, 2011 12:22 PM To: MailScanner discussion Subject: RE: Problem starting MailScanner due to missing pm module There's a default MailScanner.conf in the tarball. Compare that with the one you have in /etc/MailScanner Also try MailScanner --changed It'll tell you where your config differs from the default. And try MailScanner --lint Taking note of any warnings.. Cheers, Phil -- Phil Randal | Infrastructure Engineer NHS Herefordshire & Herefordshire Council? | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kaplan, Andrew H. Sent: 15 February 2011 16:49 To: MailScanner discussion Subject: RE: Problem starting MailScanner due to missing pm module Hi there -- I checked out the script in question, and the syntax to be used here would be the tar file. The problem is that while I have the MailScanner.conf file, I do not have the .new file. I did a search of the root directory, and there is no instance of the MailScanner.new file anywhere. The absense of the file would seem to prevent my running the script using that syntax. I do have the rpmnew file, but I am not sure if that would work with this version of the application. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: Tuesday, February 15, 2011 11:24 AM To: MailScanner discussion Subject: RE: Problem starting MailScanner due to missing pm module Have you run upgrade_MailScanner_conf and followed the intructions therei? Phil -- Phil Randal | Infrastructure Engineer NHS Herefordshire & Herefordshire Council? | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kaplan, Andrew H. Sent: 15 February 2011 14:00 To: MailScanner discussion Subject: RE: Problem starting MailScanner due to missing pm module Hi there -- It turns out what I needed to do was remove the existing MailScanner package, and then download and install the newest version along with the easy install package of clamav and spamassassin. Thanks to all for the feedback on that. As a followup: I went to the MailScanner.conf file, located in the /etc/MailScanner directory, to verify that it is using spamassassin. Previously there was a line within the file that had the syntax: "use spamassassin = yes" However, when I look now, there is no line with that syntax in the file. Is this by design, or do I need to add a line with that syntax to the file, and subsequently restart MailScanner? Thanks. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: Monday, February 14, 2011 3:35 PM To: MailScanner discussion Subject: Re: Problem starting MailScanner due to missing pm module I'd check the install, I was under the impression the two installers were separate On Monday, 14 February 2011, Mikael Syska wrote: > Hi, > > MessageBatch.pm is part of MailScanner so something must have gone > wrong with the installtion. > > I would try and install MailScanner one more time ... or look in the > package for that file. > > mvh > > On Mon, Feb 14, 2011 at 8:07 PM, Kaplan, Andrew H. > wrote: >> Hi there -- >> >> I recently upgraded MailScanner via the installation package that >> includes the ClamAV and SpamAssassin applications. >> The package version is install-Clam-0.96.5-SA-3.3.1 that includes >> version >> 4.82.6 of the MailScanner program. The operating >> >> system environment is the Fedora Core 7 distribution. >> >> The installation appeared to go by without issue, but whenever I try >> to start MailScanner via the /etc/init.d/MailScanner >> >> script, the following output appears on-screen: >> >> Starting MailScanner daemons: >> ???????? incoming sendmail:??????????????????????????????? [? OK? ] >> ???????? outgoing sendmail:??????????????????????????????? [? OK? ] >> ???????? MailScanner:?????? Can't locate MailScanner/MessageBatch.pm >> in @INC (@INC contains: /usr/lib/MailScanner >> /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 >> /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 >> /usr/lib/perl5/site_perl >> /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 >> /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 >> /usr/lib/perl5/vendor_perl >> /usr/lib/perl5/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/5.8.8 /usr/lib/MailScanner) at /usr/sbin/MailScanner >> line 103. >> >> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 103. >> >> While the Sendmail application starts, the same cannot be said for >> the MailScanner application. I did a search for a perl module with >> the name MessageBatch.pm, but I did not find one with that name. Is >> there another module of which MessageBatch is a part of, or is there >> something else that I need to do in order to get MailScanner to work? >> >> Thanks. >> >> The information in this e-mail is intended only for the person to >> whom it is addressed. If you believe this e-mail was sent to you in >> error and the e-mail contains patient information, please contact the >> Partners Compliance HelpLine at >> http://www.partners.org/complianceline . If the e-mail was sent to >> you in error but does not contain patient information, please contact >> the sender and properly dispose of the e-mail. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Martin Hepworth Oxford, UK -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From AHKAPLAN at PARTNERS.ORG Tue Feb 15 20:22:02 2011 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Tue Feb 15 20:22:13 2011 Subject: Problem starting MailScanner due to missing pm module In-Reply-To: <5C4A6241B56FDB48A0AC6AC13CA9FB05011ECBC6@tor_nt01.harperdda.com> References: <7CA580B59C1ABD45B4614ED90D4C7B852FA22190@HC-EXMBX01.herefordshire.gov.uk><7CA580B59C1ABD45B4614ED90D4C7B852FA2262F@HC-EXMBX01.herefordshire.gov.uk> <5C4A6241B56FDB48A0AC6AC13CA9FB05011ECBC6@tor_nt01.harperdda.com> Message-ID: Hi there -- I ran the checks you suggested, and everything appears to be working properly. Thanks for the feedback. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Naz Snidanko Sent: Tuesday, February 15, 2011 2:06 PM To: MailScanner discussion Subject: RE: Problem starting MailScanner due to missing pm module Hi Andrew, First check if your spamassassin is working properly. To do so run this command and check for any errors: echo "test" | spamassassin -D 2>&1 | more If you confirm it please test mailscanner: MailScanner --lint and look for the following lines: Your envelope_sender_header in spam.assassin.prefs.conf is correct. MailScanner setting GID to (115) MailScanner setting UID to (106) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. This will tell you that spamassassin is working with mailscanner. On top of that you can check your mail.log for something like this: Feb 15 14:02:28 ares MailScanner[11142]: Message 531176112C.A09E0 from 209.**2.**.6 (n****@wa***.com) to harperpowerproducts.com is not spam, SpamAssassin (not cached, score=-2.599, required 5, autolearn=not spam, BAYES_00 -2.60, HTML_MESSAGE 0.00, SPF_PASS -0.00) ---------------------------------------------------------------- ./1/eicar.com: Eicar-Test-Signature FOUND Virus Scanning: ClamAV found 1 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 1 viruses Shows that antivirus is working (in my case clamav) Please note that spamassassin bayes database will work after you feed it 200 "spam" and 200 "ham" emails. Hope it helps, Naz Snidanko Desktop & Network Support Harper Power Products Inc. (p) 416 201- 7506 nsnidanko@harperpowerproducts.com -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kaplan, Andrew H. Sent: February 15, 2011 1:47 PM To: MailScanner discussion Subject: RE: Problem starting MailScanner due to missing pm module Hi there -- I did the comparison of the two MailScanner.conf files, and neither one had a "use spamassassi" line in them. The two commands that were listed did not list any warnings that were apparent show stoppers. I started MailScanner, and the messages did make mention of MailScanner "referencing" the SpamAssassin application. Additionally, the "strongly recommended" cronjobs ran at least once. The only other question I have is, is there a way to confirm or test that MailScanner is utilizing both SpamAssassin and ClamAV applications? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: Tuesday, February 15, 2011 12:22 PM To: MailScanner discussion Subject: RE: Problem starting MailScanner due to missing pm module There's a default MailScanner.conf in the tarball. Compare that with the one you have in /etc/MailScanner Also try MailScanner --changed It'll tell you where your config differs from the default. And try MailScanner --lint Taking note of any warnings.. Cheers, Phil -- Phil Randal | Infrastructure Engineer NHS Herefordshire & Herefordshire Council? | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kaplan, Andrew H. Sent: 15 February 2011 16:49 To: MailScanner discussion Subject: RE: Problem starting MailScanner due to missing pm module Hi there -- I checked out the script in question, and the syntax to be used here would be the tar file. The problem is that while I have the MailScanner.conf file, I do not have the .new file. I did a search of the root directory, and there is no instance of the MailScanner.new file anywhere. The absense of the file would seem to prevent my running the script using that syntax. I do have the rpmnew file, but I am not sure if that would work with this version of the application. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: Tuesday, February 15, 2011 11:24 AM To: MailScanner discussion Subject: RE: Problem starting MailScanner due to missing pm module Have you run upgrade_MailScanner_conf and followed the intructions therei? Phil -- Phil Randal | Infrastructure Engineer NHS Herefordshire & Herefordshire Council? | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kaplan, Andrew H. Sent: 15 February 2011 14:00 To: MailScanner discussion Subject: RE: Problem starting MailScanner due to missing pm module Hi there -- It turns out what I needed to do was remove the existing MailScanner package, and then download and install the newest version along with the easy install package of clamav and spamassassin. Thanks to all for the feedback on that. As a followup: I went to the MailScanner.conf file, located in the /etc/MailScanner directory, to verify that it is using spamassassin. Previously there was a line within the file that had the syntax: "use spamassassin = yes" However, when I look now, there is no line with that syntax in the file. Is this by design, or do I need to add a line with that syntax to the file, and subsequently restart MailScanner? Thanks. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: Monday, February 14, 2011 3:35 PM To: MailScanner discussion Subject: Re: Problem starting MailScanner due to missing pm module I'd check the install, I was under the impression the two installers were separate On Monday, 14 February 2011, Mikael Syska wrote: > Hi, > > MessageBatch.pm is part of MailScanner so something must have gone > wrong with the installtion. > > I would try and install MailScanner one more time ... or look in the > package for that file. > > mvh > > On Mon, Feb 14, 2011 at 8:07 PM, Kaplan, Andrew H. > wrote: >> Hi there -- >> >> I recently upgraded MailScanner via the installation package that >> includes the ClamAV and SpamAssassin applications. >> The package version is install-Clam-0.96.5-SA-3.3.1 that includes >> version >> 4.82.6 of the MailScanner program. The operating >> >> system environment is the Fedora Core 7 distribution. >> >> The installation appeared to go by without issue, but whenever I try >> to start MailScanner via the /etc/init.d/MailScanner >> >> script, the following output appears on-screen: >> >> Starting MailScanner daemons: >> ???????? incoming sendmail:??????????????????????????????? [? OK? ] >> ???????? outgoing sendmail:??????????????????????????????? [? OK? ] >> ???????? MailScanner:?????? Can't locate MailScanner/MessageBatch.pm >> in @INC (@INC contains: /usr/lib/MailScanner >> /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 >> /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 >> /usr/lib/perl5/site_perl >> /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 >> /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 >> /usr/lib/perl5/vendor_perl >> /usr/lib/perl5/5.8.8/i386-linux-thread-multi >> /usr/lib/perl5/5.8.8 /usr/lib/MailScanner) at /usr/sbin/MailScanner >> line 103. >> >> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 103. >> >> While the Sendmail application starts, the same cannot be said for >> the MailScanner application. I did a search for a perl module with >> the name MessageBatch.pm, but I did not find one with that name. Is >> there another module of which MessageBatch is a part of, or is there >> something else that I need to do in order to get MailScanner to work? >> >> Thanks. >> >> The information in this e-mail is intended only for the person to >> whom it is addressed. If you believe this e-mail was sent to you in >> error and the e-mail contains patient information, please contact the >> Partners Compliance HelpLine at >> http://www.partners.org/complianceline . If the e-mail was sent to >> you in error but does not contain patient information, please contact >> the sender and properly dispose of the e-mail. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Martin Hepworth Oxford, UK -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From stef at aoc-uk.com Wed Feb 16 12:30:58 2011 From: stef at aoc-uk.com (Stef Morrell) Date: Wed Feb 16 12:31:05 2011 Subject: Rulesets for file size Message-ID: <201102161231.p1GCUvCO028090@safir.blacknight.ie> Hello, Can someone advise on the creation of a ruleset for filesize checking on the following two MailScanner.conf parameters: # The maximum size, in bytes, of any attachment in a message. # If this is set to zero, effectively no attachments are allowed. # If this is set less than zero, then no size checking is done. # This can also be the filename of a ruleset, so you can have different # settings for different users. You might want to set this quite small for # large mailing lists so they don't get deluged by large attachments. # This can also be the filename of a ruleset. Maximum Attachment Size = -1 # The minimum size, in bytes, of any attachment in a message. # If this is set less than or equal to zero, then no size checking is done. # It is very useful to set this to 1 as it removes any zero-length # attachments which may be created by broken viruses. # This can also be the filename of a ruleset. Minimum Attachment Size = 1 The ruleset EXAMPLE file doesn't really cover those. I'm guessing it will be something like (or exactly like) From: eg max size rules (completely arbitrary numbers btw) FromOrTo: stef@aoc-uk.com -1 From: notstef@aoc-uk.com And To: someone@somewhere.com 1048576 FromOrTo: default 2000000 Is that correct syntax? Thanks Stef -- This email has been scanned by the Alpha Omega Computers MailCrusader for viruses, spam and dangerous content. For more information please visit http://www.aoc-uk.com From chris at nobletech.net Wed Feb 16 13:25:46 2011 From: chris at nobletech.net (Chris Strzelczyk) Date: Wed Feb 16 13:25:55 2011 Subject: Blacklist HELP Message-ID: Good morning, I have a domain that was used in the phishing scam. Unfortunately my hosting provider allows all users on the shared host to have their domain accessed through ~$HOME links. Thus the bad folk can setup an account on the shared host and use www.mydomain/~their_directory/ to point to bad files in the phishing scam. So now that my domain is blacklisted, I have several friends that have been getting mailscanner alerts when I send them email. My question is what is the best way to get off of mailscanner blacklists? What is a best way to clean a wrongly poisoned domain name? Any help would be GREATLY appreciated. The domain name is: kampier.com Thank You, Chris Noble Technology Group LLC tel: 1 (586) 275-7755 fax: 1 (800) 339-9101 www: http://www.nobletech.net *"Beautiful Websites, Beautiful Prices"* -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110216/96df8ae5/attachment.html From alex at vidadigital.com.pa Wed Feb 16 13:42:23 2011 From: alex at vidadigital.com.pa (Alex Neuman) Date: Wed Feb 16 13:42:34 2011 Subject: Blacklist HELP In-Reply-To: References: Message-ID: We can't help you using the domain name alone. You're not providing what the "mailscanner alerts" say. Without that, it's not even clear from the wording that it's related to MailScanner. If you provide the exact "mailscanner alerts" you mention there might be a possibility someone here could help. The best - and only - way to clean a "wrongly poisoned domain name" is to go to each list and follow their specific instructions for removal. Each list is different. None of these lists are maintained by MailScanner, MailScanner checks these lists but doesn't directly influence them. On Wed, Feb 16, 2011 at 8:25 AM, Chris Strzelczyk wrote: > Good morning, > > I have a domain that was used in the phishing scam.? Unfortunately my > hosting provider allows all users on the shared host to have their domain > accessed through ~$HOME links.? Thus the bad folk can setup an account on > the shared host and use www.mydomain/~their_directory/ to point to bad files > in the phishing scam.? So now that my domain is blacklisted, I have several > friends that have been getting mailscanner alerts when I send them email. > > My question is what is the best way to get off of mailscanner blacklists? > What is a best way to clean a wrongly poisoned domain name?? Any help would > be GREATLY appreciated. > > The domain name is: kampier.com > > Thank You, > > Chris > Noble Technology Group LLC > tel: 1 (586) 275-7755 > fax: 1 (800) 339-9101 > www: http://www.nobletech.net > > "Beautiful Websites, Beautiful Prices" > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From chris at nobletech.net Wed Feb 16 13:52:25 2011 From: chris at nobletech.net (Chris Strzelczyk) Date: Wed Feb 16 13:52:33 2011 Subject: Blacklist HELP In-Reply-To: References: Message-ID: Thanks for the reply Alex, I suspected that I would have to go to the individual lists. Does mailscanner publish which lists it uses? Here is the exact MailScanner message in the e-mails: *MailScanner has detected definite fraud in the website at "www.kampier.com". Do not trust this website: www.kampier.com * Chris Strzelczyk Noble Technology Group LLC tel: 1 (586) 275-7755 fax: 1 (800) 339-9101 www: http://www.nobletech.net *"Beautiful Websites, Beautiful Prices"* On Wed, Feb 16, 2011 at 8:42 AM, Alex Neuman wrote: > We can't help you using the domain name alone. > > You're not providing what the "mailscanner alerts" say. Without that, > it's not even clear from the wording that it's related to MailScanner. > If you provide the exact "mailscanner alerts" you mention there might > be a possibility someone here could help. > > The best - and only - way to clean a "wrongly poisoned domain name" is > to go to each list and follow their specific instructions for removal. > Each list is different. None of these lists are maintained by > MailScanner, MailScanner checks these lists but doesn't directly > influence them. > > On Wed, Feb 16, 2011 at 8:25 AM, Chris Strzelczyk > wrote: > > Good morning, > > > > I have a domain that was used in the phishing scam. Unfortunately my > > hosting provider allows all users on the shared host to have their domain > > accessed through ~$HOME links. Thus the bad folk can setup an account on > > the shared host and use www.mydomain/~their_directory/ to point to bad > files > > in the phishing scam. So now that my domain is blacklisted, I have > several > > friends that have been getting mailscanner alerts when I send them email. > > > > My question is what is the best way to get off of mailscanner blacklists? > > What is a best way to clean a wrongly poisoned domain name? Any help > would > > be GREATLY appreciated. > > > > The domain name is: kampier.com > > > > Thank You, > > > > Chris > > Noble Technology Group LLC > > tel: 1 (586) 275-7755 > > fax: 1 (800) 339-9101 > > www: http://www.nobletech.net > > > > "Beautiful Websites, Beautiful Prices" > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110216/abc07f6f/attachment.html From alex at vidadigital.com.pa Wed Feb 16 14:53:50 2011 From: alex at vidadigital.com.pa (Alex Neuman) Date: Wed Feb 16 14:54:00 2011 Subject: Blacklist HELP In-Reply-To: References: Message-ID: That's not a blacklist. That means your HTML is flawed. MailScanner uses the blacklists *you* choose to use. If you fix the HTML code the fraud message can be avoided. On Wed, Feb 16, 2011 at 8:52 AM, Chris Strzelczyk wrote: > Thanks for the reply Alex, I suspected that I would have to go to the > individual lists.? Does mailscanner publish which lists it uses? > > Here is the exact MailScanner message in the e-mails: > > MailScanner has detected definite fraud in the website at "www.kampier.com". > Do not trust this website: www.kampier.com > > > > Chris Strzelczyk > Noble Technology Group LLC > tel: 1 (586) 275-7755 > fax: 1 (800) 339-9101 > www: http://www.nobletech.net > > "Beautiful Websites, Beautiful Prices" > > > > On Wed, Feb 16, 2011 at 8:42 AM, Alex Neuman > wrote: >> >> We can't help you using the domain name alone. >> >> You're not providing what the "mailscanner alerts" say. Without that, >> it's not even clear from the wording that it's related to MailScanner. >> If you provide the exact "mailscanner alerts" you mention there might >> be a possibility someone here could help. >> >> The best - and only - way to clean a "wrongly poisoned domain name" is >> to go to each list and follow their specific instructions for removal. >> Each list is different. None of these lists are maintained by >> MailScanner, MailScanner checks these lists but doesn't directly >> influence them. >> >> On Wed, Feb 16, 2011 at 8:25 AM, Chris Strzelczyk >> wrote: >> > Good morning, >> > >> > I have a domain that was used in the phishing scam.? Unfortunately my >> > hosting provider allows all users on the shared host to have their >> > domain >> > accessed through ~$HOME links.? Thus the bad folk can setup an account >> > on >> > the shared host and use www.mydomain/~their_directory/ to point to bad >> > files >> > in the phishing scam.? So now that my domain is blacklisted, I have >> > several >> > friends that have been getting mailscanner alerts when I send them >> > email. >> > >> > My question is what is the best way to get off of mailscanner >> > blacklists? >> > What is a best way to clean a wrongly poisoned domain name?? Any help >> > would >> > be GREATLY appreciated. >> > >> > The domain name is: kampier.com >> > >> > Thank You, >> > >> > Chris >> > Noble Technology Group LLC >> > tel: 1 (586) 275-7755 >> > fax: 1 (800) 339-9101 >> > www: http://www.nobletech.net >> > >> > "Beautiful Websites, Beautiful Prices" >> > >> > >> > -- >> > MailScanner mailing list >> > mailscanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> > >> > >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > From john at tradoc.fr Wed Feb 16 15:09:04 2011 From: john at tradoc.fr (John Wilcock) Date: Wed Feb 16 15:09:23 2011 Subject: Blacklist HELP In-Reply-To: References: Message-ID: <4D5BE890.1020103@tradoc.fr> Le 16/02/2011 15:53, Alex Neuman a ?crit : > > MailScanner has detected definite fraud in the website at "www.kampier.com". > > Do not trust this website:www.kampier.com > > That's not a blacklist. That means your HTML is flawed. MailScanner > uses the blacklists*you* choose to use. The *definite fraud* message is from the /etc/MailScanner/phishing.bad.sites.conf blacklist that is downloaded at regular intervals. I'm not sure whether Julian has ever publicly said where the data for this comes from nor how to get delisted. John. -- -- Over 4000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From postal.janitor at gmail.com Wed Feb 16 15:13:23 2011 From: postal.janitor at gmail.com (Adam Laye) Date: Wed Feb 16 15:13:33 2011 Subject: Fedora 12 MailScanner 477.10 RBL checks Not working: Resolved Message-ID: Reviewed Email headers going back a few weeks. RBL's were being checked however nothing was being logged in MailScanner. Mofied /etc/MailScanner/MailScanner.conf changed "Spam Lists To Be Spam = 3" to "Spam Lists To Be Spam = 1" BAM!!! Good by bad guys!! Thank you for the assist! Fedora 12 MailScanner 4.77.10 SpamAssassin 3.2.5 Postfix 2.6.2 I have scoured Google and Mailing list archives but cannot pin point the issue. I believe MailScanner Should be checking RBLs but can find not refference to them in my Log files. Additionally Server clearly listed are able to send to my servers. MailScanner config %etc-dir% = /etc/MailScanner %report-dir% = /etc/MailScanner/reports/en %rules-dir% = /etc/MailScanner/rules Spam List Definitions =%etc-dir%/spam.lists.conf ( I have also tried using the direct path) Virus Scanner Definitions = %etc-dir%/virus.scanners.conf Spam Checks = yes Spam List = SORBS-DNSBL SORBS-HTTP SORBS-SOCKS SORBS-MISC SORBS-SMTP SORBS-WEB SORBS-SPAM SORBS-BLOCK SORBS-ZOMBIE SORBS-DUL SORBS-RHSBL Spam Domain List = SORBS-BADCONF SORBS-NOMAIL Spam Lists To Be Spam = 1 Spam Lists To Reach High Score = 3 Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules Is Definitely Spam = %rules-dir%/spam.blacklist.rules Read IP Address From Received Header = 2 MailScanner rocks! Thank you for any assitance you can offer, Please let me know if additional info should be posted. Adam -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110216/3a2e73a4/attachment.html From chris at nobletech.net Wed Feb 16 15:16:53 2011 From: chris at nobletech.net (Chris Strzelczyk) Date: Wed Feb 16 15:17:02 2011 Subject: Blacklist HELP In-Reply-To: <4D5BE890.1020103@tradoc.fr> References: <4D5BE890.1020103@tradoc.fr> Message-ID: Thanks for all the information guys! If anyone has any idea of how the blacklist gets compiled that would be wonderful. In the mean time I have been trying to tackle the problem at the source by lobbing to have my hosting provider change their policies (so Phishing is not as easy) and using blacklist checkers such as debouncer.com. Debouncer checks 195 sources. If anyone has another free blacklist checker that checks more I would be all ears :) Again I appreciate you help much! -cs On Wed, Feb 16, 2011 at 10:09 AM, John Wilcock wrote: > Le 16/02/2011 15:53, Alex Neuman a ?crit : > >> > MailScanner has detected definite fraud in the website at " >> www.kampier.com". >> > Do not trust this website:www.kampier.com >> >> That's not a blacklist. That means your HTML is flawed. MailScanner >> uses the blacklists*you* choose to use. >> > > The *definite fraud* message is from the > /etc/MailScanner/phishing.bad.sites.conf blacklist that is downloaded at > regular intervals. > > I'm not sure whether Julian has ever publicly said where the data for this > comes from nor how to get delisted. > > John. > > -- > -- Over 4000 webcams from ski resorts around the world - www.snoweye.com > -- Translate your technical documents and web pages - www.tradoc.fr > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110216/13d562cc/attachment.html From postal.janitor at gmail.com Wed Feb 16 15:42:36 2011 From: postal.janitor at gmail.com (Adam Laye) Date: Wed Feb 16 15:42:46 2011 Subject: Fedora 12 MailScanner 4.77.10 Postfix 2.6.2 Whitelist issues Message-ID: Fedora 12 MailScanner 4.77.10 SpamAssassin 3.2.5 Postfix 2.6.2 Resumes@example.com contactus@example.com These two addresses were removed from my spam.whitelist.conf weeks ago. I have restarted MailScanner rebooted the machine, disabled auto-whitelist in both SpamAssassin and the MailScanner.conf and yet Email to these addresses still show up. I have greped the entire MailScanner directory to verify there were no rouge instances of these names and yet I still get the following when Email arrives to these addresses. X-mail03bigcenter-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, score=31.453, required 3.5, autolearn=disabled, FILL_THIS_FORM 0.00, I am at a loss... any idea's would be appreciated. [root@mail]# egrep -r -i '(resume|contactus)' /etc/MailScanner/ /etc/MailScanner/MailScanner.conf.rpmnew:# If the value contains 'foobar.customi[zs]e' then the value is presumed to /etc/MailScanner/phishing.bad.sites.conf.old:www.howtowriteresume.info /etc/MailScanner/phishing.bad.sites.conf:www.howtowriteresume.info /etc/MailScanner/phishing.bad.sites.conf.rpmnew:25resumes.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110216/102cca21/attachment.html From MailScanner at ecs.soton.ac.uk Wed Feb 16 15:42:33 2011 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Feb 16 15:42:52 2011 Subject: Problem starting MailScanner due to missing pm module In-Reply-To: References: <7CA580B59C1ABD45B4614ED90D4C7B852FA22190@HC-EXMBX01.herefordshire.gov.uk> <7CA580B59C1ABD45B4614ED90D4C7B852FA2262F@HC-EXMBX01.herefordshire.gov.uk> <4D5BF069.70907@ecs.soton.ac.uk> Message-ID: The line you are looking for is Use SpamAssassin = yes There is nothing wrong with the MailScanner distributions, I can assure you of that. Instead of looking for MailScanner.new, may I suggest you look for the correct file MailScanner.conf.rpmnew. However, if the MailScanner.conf file did not change between your previous version of MailScanner.conf and the current one, there will not be a MailScanner.conf.rpmnew. It only creates it if it needs to. Jules. On 15/02/2011 18:46, Kaplan, Andrew H. wrote: > Hi there -- > > I did the comparison of the two MailScanner.conf files, and neither one had a > "use spamassassi" line > in them. The two commands that were listed did not list any warnings that were > apparent show stoppers. > > I started MailScanner, and the messages did make mention of MailScanner > "referencing" the SpamAssassin > application. Additionally, the "strongly recommended" cronjobs ran at least > once. > > The only other question I have is, is there a way to confirm or test that > MailScanner is utilizing both > SpamAssassin and ClamAV applications? > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil > Sent: Tuesday, February 15, 2011 12:22 PM > To: MailScanner discussion > Subject: RE: Problem starting MailScanner due to missing pm module > > There's a default MailScanner.conf in the tarball. Compare that with the one > you have in /etc/MailScanner > > Also try > > MailScanner --changed > > It'll tell you where your config differs from the default. > > And try > > MailScanner --lint > > Taking note of any warnings.. > > Cheers, > > Phil > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Feb 16 15:43:47 2011 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Feb 16 15:44:06 2011 Subject: Rulesets for file size In-Reply-To: <201102161231.p1GCUvCO028090@safir.blacknight.ie> References: <201102161231.p1GCUvCO028090@safir.blacknight.ie> <4D5BF0B3.3000800@ecs.soton.ac.uk> Message-ID: Yes, that's quite right. All a ruleset is, is a "From" or "To" or "FromOrTo" test, a list address or pattern to check against, and a value to return if that test matches. That's all there is to it, it's very simple (but powerful). Jules. On 16/02/2011 12:30, Stef Morrell wrote: > Hello, > > Can someone advise on the creation of a ruleset for filesize checking on > the following two > MailScanner.conf parameters: > > # The maximum size, in bytes, of any attachment in a message. > # If this is set to zero, effectively no attachments are allowed. > # If this is set less than zero, then no size checking is done. > # This can also be the filename of a ruleset, so you can have different > # settings for different users. You might want to set this quite small > for > # large mailing lists so they don't get deluged by large attachments. > # This can also be the filename of a ruleset. > Maximum Attachment Size = -1 > > # The minimum size, in bytes, of any attachment in a message. > # If this is set less than or equal to zero, then no size checking is > done. > # It is very useful to set this to 1 as it removes any zero-length > # attachments which may be created by broken viruses. > # This can also be the filename of a ruleset. > Minimum Attachment Size = 1 > > The ruleset EXAMPLE file doesn't really cover those. I'm guessing it > will be something like (or exactly like) > > From: > > eg max size rules (completely arbitrary numbers btw) > > FromOrTo: stef@aoc-uk.com -1 > From: notstef@aoc-uk.com And To: someone@somewhere.com 1048576 > FromOrTo: default 2000000 > > Is that correct syntax? > > Thanks > > Stef > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Feb 16 15:45:05 2011 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Feb 16 15:45:25 2011 Subject: Blacklist HELP In-Reply-To: <4D5BE890.1020103@tradoc.fr> References: <4D5BE890.1020103@tradoc.fr> <4D5BF101.5020601@ecs.soton.ac.uk> Message-ID: On 16/02/2011 15:09, John Wilcock wrote: > Le 16/02/2011 15:53, Alex Neuman a ?crit : >> > MailScanner has detected definite fraud in the website at >> "www.kampier.com". >> > Do not trust this website:www.kampier.com >> >> That's not a blacklist. That means your HTML is flawed. MailScanner >> uses the blacklists*you* choose to use. > > The *definite fraud* message is from the > /etc/MailScanner/phishing.bad.sites.conf blacklist that is downloaded > at regular intervals. > > I'm not sure whether Julian has ever publicly said where the data for > this comes from nor how to get delisted. I am under a strict Non-Disclosure Agreement so I cannot where that data comes from. You get delisted by asking me very nicely. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Feb 16 15:47:23 2011 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Feb 16 15:47:45 2011 Subject: Blacklist HELP In-Reply-To: <4D5BE890.1020103@tradoc.fr> References: <4D5BE890.1020103@tradoc.fr> <4D5BF18B.4000600@ecs.soton.ac.uk> Message-ID: The blacklisting was due to a page under http://www.kampier.com/~kava I have whitelisted www.kampier.com so that other users' (malicious) actions won't affect you. This will circulate around the world in the next 24 hours. Jules. On 16/02/2011 15:09, John Wilcock wrote: > Le 16/02/2011 15:53, Alex Neuman a ?crit : >> > MailScanner has detected definite fraud in the website at >> "www.kampier.com". >> > Do not trust this website:www.kampier.com >> >> That's not a blacklist. That means your HTML is flawed. MailScanner >> uses the blacklists*you* choose to use. > > The *definite fraud* message is from the > /etc/MailScanner/phishing.bad.sites.conf blacklist that is downloaded > at regular intervals. > > I'm not sure whether Julian has ever publicly said where the data for > this comes from nor how to get delisted. > > John. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From chris at nobletech.net Wed Feb 16 16:03:51 2011 From: chris at nobletech.net (Chris Strzelczyk) Date: Wed Feb 16 16:04:01 2011 Subject: Blacklist HELP In-Reply-To: References: <4D5BF101.5020601@ecs.soton.ac.uk> <4D5BE890.1020103@tradoc.fr> Message-ID: Jules this would be a my very nice request :) I'm not sure if it's by domain or IP. The domain's (if listed) are nobletech.net, kampier.com, spherai.com, rockthenite.com and the polishwedding.com. The shared IP is 69.175.61.114. Thanks! -cs On Wed, Feb 16, 2011 at 10:45 AM, Jules Field wrote: > > > On 16/02/2011 15:09, John Wilcock wrote: > >> Le 16/02/2011 15:53, Alex Neuman a ?crit : >> >>> > MailScanner has detected definite fraud in the website at " >>> www.kampier.com". >>> > Do not trust this website:www.kampier.com >>> >>> That's not a blacklist. That means your HTML is flawed. MailScanner >>> uses the blacklists*you* choose to use. >>> >> >> The *definite fraud* message is from the >> /etc/MailScanner/phishing.bad.sites.conf blacklist that is downloaded at >> regular intervals. >> >> I'm not sure whether Julian has ever publicly said where the data for this >> comes from nor how to get delisted. >> > I am under a strict Non-Disclosure Agreement so I cannot where that data > comes from. > You get delisted by asking me very nicely. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > Need help customising MailScanner? Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM > > 'All programs have a desire to be useful' - Tron, 1982 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110216/17b54d01/attachment.html From alvaro at hostalia.com Wed Feb 16 19:11:21 2011 From: alvaro at hostalia.com (Alvaro Marin) Date: Wed Feb 16 19:11:30 2011 Subject: MailScanner ANNOUNCE: 4.82 stable released In-Reply-To: References: <4D554758.1070605@ecs.soton.ac.uk> Message-ID: <4D5C2159.6050507@hostalia.com> Hi, I was using MS 4.79.11-1 with Debian Lenny (Perl 5.10.0) and I've upgraded to Debian Squeeze with Perl 5.10.1 and now I've this error: # /opt/MailScanner/bin/MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 7 messages. Can't call method "CombineReports" on unblessed reference at /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 736. Any idea? :S # /opt/MailScanner/bin/MailScanner -V Running on Linux main0260 2.6.32-5-686-bigmem #1 SMP Wed Jan 12 04:40:25 UTC 2011 i686 GNU/Linux This is Perl version 5.010001 (5.10.1) This is MailScanner version 4.82.6 Module versions are: 1.00 AnyDBM_File 1.30 Archive::Zip 0.23 bignum 1.11 Carp 2.024 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.125 Data::Dumper 2.27 Date::Parse 1.03 DirHandle 1.06 Fcntl 2.77 File::Basename 2.14 File::Copy 2.02 FileHandle 2.07_03 File::Path 0.22 File::Temp 0.92 Filesys::Df 3.64 HTML::Entities 3.64 HTML::Parser 3.57 HTML::TokeParser 1.25 IO 1.14 IO::File 1.13 IO::Pipe 2.04 Mail::Header 1.89 Math::BigInt 0.22 Math::BigRat 3.08 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.08 MIME::QuotedPrint 5.427 MIME::Tools 0.14 Net::CIDR 1.25 Net::IP 0.19 OLE::Storage_Lite 1.04 Pod::Escapes 3.07 Pod::Simple 1.17 POSIX 1.23 Scalar::Util 1.82 Socket 2.20 Storable 1.4 Sys::Hostname::Long 0.27 Sys::Syslog 1.26 Test::Pod 0.92 Test::Simple 1.9719 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.52 Archive::Tar 0.23 bignum missing Business::ISBN missing Business::ISBN::Data missing Data::Dump 1.82 DB_File 1.29 DBD::SQLite 1.607 DBI 1.16 Digest 1.01 Digest::HMAC 2.39 Digest::MD5 2.12 Digest::SHA1 1.01 Encode::Detect 0.17016 Error 0.2602 ExtUtils::CBuilder 2.2002 ExtUtils::ParseXS 2.38 Getopt::Long missing Inline missing IO::String 1.10 IO::Zlib 2.27 IP::Country missing Mail::ClamAV 3.003001 Mail::SpamAssassin v2.007 Mail::SPF 1.999001 Mail::SPF::Query 0.340201 Module::Build 0.20 Net::CIDR::Lite 0.66 Net::DNS v0.003 Net::DNS::Resolver::Programmable 0.40 Net::LDAP 4.027 NetAddr::IP missing Parse::RecDescent missing SAVI 3.17 Test::Harness missing Test::Manifest 2.0.0 Text::Balanced 1.53 URI 0.77 version 0.72 YAML Thanks! El 11/02/11 17:02, Stephen Cox escribi?: > Thank you! > > On 2/11/11, Julian Field wrote: >> Folks, >> >> I have just released a new stable edition of MailScanner, version 4.82.6. >> >> This is identical to the recent beta version 4.82.5. >> >> The main new feature is in filename.rules.conf and filetype.rules.conf >> configuration files. As well as the previous "allow", "deny" and >> "deny+delete" instructions in a rule, you can now automatically rename >> attachment filenames using the "rename" and "rename to" instructions >> instead of just allowing or denying them. >> >> When using the new "rename" instruction in a rule, any matching file >> will be automatically renamed using the new "Rename Pattern" setting in >> MailScanner.conf. This allows you to add a prefix or a suffix to any >> filename. >> >> When using the new "rename to" instruction in a rule, any matching file >> will be automatically renamed so that the portion of the filename that >> matches the pattern string is replaced with new text. So for example, >> you can rename all *.pps files to *.ppt with the rule >> >> rename to .ppt \.pps$ Renamed pps to ppt Renamed file >> >> If you want to be even cleverer, you can use parenthesised sections of >> the match pattern within the replacement text. I'm not quite sure who >> this will be useful to, but I'm sure you will find some clever uses (you >> folks always do!). As a random example, >> >> rename to Dangerous_$1_$2 ^(.*)\.(exe|com|scr)$ Renamed dangerous >> exes Renamed file >> >> That will rename any file such as "PleaseRunMe.exe" to >> "Dangerous_PleaseRunMe_exe" and rename "DodgyScreensaver.scr" to >> "Dangerous_DodgyScreensaver_scr" which means the user cannot run it >> without renaming it first. >> >> Cool huh? >> >> Anyway, you can get it as usual from >> >> http://www.mailscanner.info >> >> ========================== >> The full Changelog is: >> * New Features and Improvements * >> 1 In filename.rules.conf and filetype.rules.conf files, as well as the >> previous "allow", "deny", "deny+delete", and email-address types of rule, >> there are now "rename" rules as well. If a filename or filetype matches >> a "rename" rule, the original attachment is left in the message but is >> renamed according to the "Rename Pattern" setting in MailScanner.conf. >> This allows for any prefixes or suffixes you may want to add to the >> attachment's filename. >> 2 Improved "rename" rules so you can now also specify "rename to new-text". >> If the rule matched an attachment's filename, the text matching the >> pattern >> for that rule will be replaced with the "new-text" string supplied. >> The "to" is optional, but makes it easier to read. >> 4 Rules files will be assumed in the MailScanner.conf if the filename now >> ends in ".Rules" as well as ".rules". >> 4 Allow deployments with the 'split mail per recipient' setup where mail >> is re-injected from 127.0.0.1 to still whitelist 127.0.0.1 for releasing >> of quarantined messages, while still scanning re-injected mail. >> >> * Fixes * >> 1 AVG scanner command-line arguments typo fixed. >> 2 Fixed problem where HTML messages scanned for Phishing would be truncated >> at the start of the first tag if it was never closed properly. >> 3 Fixed bug stopping things like "$1" working in the replacement text of a >> "rename to" filename.rules.conf rule. >> 4 Fixed permissions of ClamAV temp files to use workperms instead of 0600. >> Thanks to Rick Cooper for this fix! >> 4 Fixed problem caused by invalid "Spam List" or "Spam Domain List" values >> appearing in the conf file. Thanks to Steve Freegard for this! >> 5 Fixed issue where messages quarantined for being a DoS attack did not >> have their headers quarantined correctly. >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> >> Buy the MailScanner book at www.MailScanner.info/store >> Need help customising MailScanner? Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM >> >> 'All programs have a desire to be useful' - Tron, 1982 >> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From alex at vidadigital.com.pa Wed Feb 16 19:28:39 2011 From: alex at vidadigital.com.pa (Alex Neuman) Date: Wed Feb 16 19:29:01 2011 Subject: MailScanner ANNOUNCE: 4.82 stable released In-Reply-To: <4D5C2159.6050507@hostalia.com> References: <4D554758.1070605@ecs.soton.ac.uk> <4D5C2159.6050507@hostalia.com> Message-ID: <1D78C3BB-21A8-4C0F-BED4-8116F0F7AC5E@vidadigital.com.pa> Please do not hijack threads. Start a new one. Thanks! From MailScanner at ecs.soton.ac.uk Wed Feb 16 19:33:11 2011 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Feb 16 19:33:34 2011 Subject: MailScanner ANNOUNCE: 4.82 stable released In-Reply-To: <4D5C2159.6050507@hostalia.com> References: <4D554758.1070605@ecs.soton.ac.uk> <4D5C2159.6050507@hostalia.com> <4D5C2677.2040101@ecs.soton.ac.uk> Message-ID: What MTA are you using, and if you can reproduce this error reliably, I would like a copy of your incoming mail queue as well. That error should never happen. Is it happening for anyone else? The only way that can happen is if the "sub new" isn't getting called or is bailing out early, before the "bless" happens to set the type. None of the "sub new" functions can exit early, so they must be not being called. But in CreateBatch, when they are called, they are always called before the message is added to the batch. Some bug in Perl 5.10.1 or a change of behaviour in Perl I don't know about? It's clearly a change between Perl 5.10.0 and 5.10.1. Does the ChangeLog for Perl 5.10.1 say anything about it? On 16/02/2011 19:11, Alvaro Marin wrote: > Hi, > > I was using MS 4.79.11-1 with Debian Lenny (Perl 5.10.0) and I've > upgraded to Debian Squeeze with Perl 5.10.1 and now I've this error: > > > # /opt/MailScanner/bin/MailScanner --debug > > > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > Have a batch of 7 messages. > Can't call method "CombineReports" on unblessed reference at > /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 736. > > Any idea? :S > > # /opt/MailScanner/bin/MailScanner -V > Running on > Linux main0260 2.6.32-5-686-bigmem #1 SMP Wed Jan 12 04:40:25 UTC 2011 > i686 GNU/Linux > This is Perl version 5.010001 (5.10.1) > > This is MailScanner version 4.82.6 > Module versions are: > 1.00 AnyDBM_File > 1.30 Archive::Zip > 0.23 bignum > 1.11 Carp > 2.024 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.125 Data::Dumper > 2.27 Date::Parse > 1.03 DirHandle > 1.06 Fcntl > 2.77 File::Basename > 2.14 File::Copy > 2.02 FileHandle > 2.07_03 File::Path > 0.22 File::Temp > 0.92 Filesys::Df > 3.64 HTML::Entities > 3.64 HTML::Parser > 3.57 HTML::TokeParser > 1.25 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.04 Mail::Header > 1.89 Math::BigInt > 0.22 Math::BigRat > 3.08 MIME::Base64 > 5.427 MIME::Decoder > 5.427 MIME::Decoder::UU > 5.427 MIME::Head > 5.427 MIME::Parser > 3.08 MIME::QuotedPrint > 5.427 MIME::Tools > 0.14 Net::CIDR > 1.25 Net::IP > 0.19 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.07 Pod::Simple > 1.17 POSIX > 1.23 Scalar::Util > 1.82 Socket > 2.20 Storable > 1.4 Sys::Hostname::Long > 0.27 Sys::Syslog > 1.26 Test::Pod > 0.92 Test::Simple > 1.9719 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.52 Archive::Tar > 0.23 bignum > missing Business::ISBN > missing Business::ISBN::Data > missing Data::Dump > 1.82 DB_File > 1.29 DBD::SQLite > 1.607 DBI > 1.16 Digest > 1.01 Digest::HMAC > 2.39 Digest::MD5 > 2.12 Digest::SHA1 > 1.01 Encode::Detect > 0.17016 Error > 0.2602 ExtUtils::CBuilder > 2.2002 ExtUtils::ParseXS > 2.38 Getopt::Long > missing Inline > missing IO::String > 1.10 IO::Zlib > 2.27 IP::Country > missing Mail::ClamAV > 3.003001 Mail::SpamAssassin > v2.007 Mail::SPF > 1.999001 Mail::SPF::Query > 0.340201 Module::Build > 0.20 Net::CIDR::Lite > 0.66 Net::DNS > v0.003 Net::DNS::Resolver::Programmable > 0.40 Net::LDAP > 4.027 NetAddr::IP > missing Parse::RecDescent > missing SAVI > 3.17 Test::Harness > missing Test::Manifest > 2.0.0 Text::Balanced > 1.53 URI > 0.77 version > 0.72 YAML > > > Thanks! > > El 11/02/11 17:02, Stephen Cox escribi?: >> Thank you! >> >> On 2/11/11, Julian Field wrote: >>> Folks, >>> >>> I have just released a new stable edition of MailScanner, version >>> 4.82.6. >>> >>> This is identical to the recent beta version 4.82.5. >>> >>> The main new feature is in filename.rules.conf and filetype.rules.conf >>> configuration files. As well as the previous "allow", "deny" and >>> "deny+delete" instructions in a rule, you can now automatically rename >>> attachment filenames using the "rename" and "rename to" instructions >>> instead of just allowing or denying them. >>> >>> When using the new "rename" instruction in a rule, any matching file >>> will be automatically renamed using the new "Rename Pattern" setting in >>> MailScanner.conf. This allows you to add a prefix or a suffix to any >>> filename. >>> >>> When using the new "rename to" instruction in a rule, any matching file >>> will be automatically renamed so that the portion of the filename that >>> matches the pattern string is replaced with new text. So for example, >>> you can rename all *.pps files to *.ppt with the rule >>> >>> rename to .ppt \.pps$ Renamed pps to ppt Renamed file >>> >>> If you want to be even cleverer, you can use parenthesised sections of >>> the match pattern within the replacement text. I'm not quite sure who >>> this will be useful to, but I'm sure you will find some clever uses >>> (you >>> folks always do!). As a random example, >>> >>> rename to Dangerous_$1_$2 ^(.*)\.(exe|com|scr)$ Renamed dangerous >>> exes Renamed file >>> >>> That will rename any file such as "PleaseRunMe.exe" to >>> "Dangerous_PleaseRunMe_exe" and rename "DodgyScreensaver.scr" to >>> "Dangerous_DodgyScreensaver_scr" which means the user cannot run it >>> without renaming it first. >>> >>> Cool huh? >>> >>> Anyway, you can get it as usual from >>> >>> http://www.mailscanner.info >>> >>> ========================== >>> The full Changelog is: >>> * New Features and Improvements * >>> 1 In filename.rules.conf and filetype.rules.conf files, as well as the >>> previous "allow", "deny", "deny+delete", and email-address types >>> of rule, >>> there are now "rename" rules as well. If a filename or filetype >>> matches >>> a "rename" rule, the original attachment is left in the message >>> but is >>> renamed according to the "Rename Pattern" setting in >>> MailScanner.conf. >>> This allows for any prefixes or suffixes you may want to add to the >>> attachment's filename. >>> 2 Improved "rename" rules so you can now also specify "rename to >>> new-text". >>> If the rule matched an attachment's filename, the text matching the >>> pattern >>> for that rule will be replaced with the "new-text" string supplied. >>> The "to" is optional, but makes it easier to read. >>> 4 Rules files will be assumed in the MailScanner.conf if the >>> filename now >>> ends in ".Rules" as well as ".rules". >>> 4 Allow deployments with the 'split mail per recipient' setup where >>> mail >>> is re-injected from 127.0.0.1 to still whitelist 127.0.0.1 for >>> releasing >>> of quarantined messages, while still scanning re-injected mail. >>> >>> * Fixes * >>> 1 AVG scanner command-line arguments typo fixed. >>> 2 Fixed problem where HTML messages scanned for Phishing would be >>> truncated >>> at the start of the first tag if it was never closed properly. >>> 3 Fixed bug stopping things like "$1" working in the replacement >>> text of a >>> "rename to" filename.rules.conf rule. >>> 4 Fixed permissions of ClamAV temp files to use workperms instead of >>> 0600. >>> Thanks to Rick Cooper for this fix! >>> 4 Fixed problem caused by invalid "Spam List" or "Spam Domain List" >>> values >>> appearing in the conf file. Thanks to Steve Freegard for this! >>> 5 Fixed issue where messages quarantined for being a DoS attack did not >>> have their headers quarantined correctly. >>> >>> Jules >>> >>> -- >>> Julian Field MEng CITP CEng >>> www.MailScanner.info >>> >>> Buy the MailScanner book at www.MailScanner.info/store >>> Need help customising MailScanner? Contact me! >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> Follow me at twitter.com/JulesFM >>> >>> 'All programs have a desire to be useful' - Tron, 1982 >>> >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alvaro at hostalia.com Wed Feb 16 19:53:56 2011 From: alvaro at hostalia.com (Alvaro Marin) Date: Wed Feb 16 19:54:04 2011 Subject: MailScanner ANNOUNCE: 4.82 stable released In-Reply-To: References: <4D554758.1070605@ecs.soton.ac.uk> <4D5C2159.6050507@hostalia.com> <4D5C2677.2040101@ecs.soton.ac.uk> Message-ID: <4D5C2B54.1090800@hostalia.com> Hi Jules, I'm using Debian Squeeze's Postfix 2.7.1-1. I've changed MessageBatch.pm's code to show with what ID happens and: # /opt/MailScanner/bin/MailScanner --debug ... ID: C055D2A0015.00000 CombineReports OK ID: C055D2A0015.00000 ID: 3CE502A004D.00000 CombineReports OK ID: 3CE502A004D.00000 ID: C39622A000A.00000.message Can't call method "CombineReports" on unblessed reference at /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 737. The difference is that ".message" attached to the ID. Then, in /var/spool/MailScanner/incoming I do: # find . | grep C39622A000A.00000 ./26092/C39622A000A.00000.header ./26092/C39622A000A.00000 ./26092/C39622A000A.00000/nmsg-26092-36.txt ./26092/C39622A000A.00000/nmsg-26092-37.html ./26092/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf ./26092/C39622A000A.00000.message ./26540/C39622A000A.00000.header ./26540/C39622A000A.00000 ./26540/C39622A000A.00000/nmsg-26540-36.txt ./26540/C39622A000A.00000/nmsg-26540-37.html ./26540/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf ./26540/C39622A000A.00000.message ./26779/C39622A000A.00000.header ./26779/C39622A000A.00000 ./26779/C39622A000A.00000/nmsg-26779-37.html ./26779/C39622A000A.00000/nmsg-26779-36.txt ./26779/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf ./26779/C39622A000A.00000.message ./26803/C39622A000A.00000.header ... The message from that incoming directory, can be downloaded here: http://postmaster.hostalia.com/MSerror.tar.gz Thank you! El 16/02/11 20:33, Jules Field escribi?: > What MTA are you using, and if you can reproduce this error reliably, I > would like a copy of your incoming mail queue as well. That error should > never happen. > > Is it happening for anyone else? > > The only way that can happen is if the "sub new" isn't getting called or > is bailing out early, before the "bless" happens to set the type. None > of the "sub new" functions can exit early, so they must be not being > called. But in CreateBatch, when they are called, they are always called > before the message is added to the batch. > > Some bug in Perl 5.10.1 or a change of behaviour in Perl I don't know > about? > It's clearly a change between Perl 5.10.0 and 5.10.1. Does the ChangeLog > for Perl 5.10.1 say anything about it? > > On 16/02/2011 19:11, Alvaro Marin wrote: >> Hi, >> >> I was using MS 4.79.11-1 with Debian Lenny (Perl 5.10.0) and I've >> upgraded to Debian Squeeze with Perl 5.10.1 and now I've this error: >> >> >> # /opt/MailScanner/bin/MailScanner --debug >> >> >> In Debugging mode, not forking... >> Trying to setlogsock(unix) >> Building a message batch to scan... >> Have a batch of 7 messages. >> Can't call method "CombineReports" on unblessed reference at >> /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 736. >> >> Any idea? :S >> >> # /opt/MailScanner/bin/MailScanner -V >> Running on >> Linux main0260 2.6.32-5-686-bigmem #1 SMP Wed Jan 12 04:40:25 UTC 2011 >> i686 GNU/Linux >> This is Perl version 5.010001 (5.10.1) >> >> This is MailScanner version 4.82.6 >> Module versions are: >> 1.00 AnyDBM_File >> 1.30 Archive::Zip >> 0.23 bignum >> 1.11 Carp >> 2.024 Compress::Zlib >> 1.119 Convert::BinHex >> 0.17 Convert::TNEF >> 2.125 Data::Dumper >> 2.27 Date::Parse >> 1.03 DirHandle >> 1.06 Fcntl >> 2.77 File::Basename >> 2.14 File::Copy >> 2.02 FileHandle >> 2.07_03 File::Path >> 0.22 File::Temp >> 0.92 Filesys::Df >> 3.64 HTML::Entities >> 3.64 HTML::Parser >> 3.57 HTML::TokeParser >> 1.25 IO >> 1.14 IO::File >> 1.13 IO::Pipe >> 2.04 Mail::Header >> 1.89 Math::BigInt >> 0.22 Math::BigRat >> 3.08 MIME::Base64 >> 5.427 MIME::Decoder >> 5.427 MIME::Decoder::UU >> 5.427 MIME::Head >> 5.427 MIME::Parser >> 3.08 MIME::QuotedPrint >> 5.427 MIME::Tools >> 0.14 Net::CIDR >> 1.25 Net::IP >> 0.19 OLE::Storage_Lite >> 1.04 Pod::Escapes >> 3.07 Pod::Simple >> 1.17 POSIX >> 1.23 Scalar::Util >> 1.82 Socket >> 2.20 Storable >> 1.4 Sys::Hostname::Long >> 0.27 Sys::Syslog >> 1.26 Test::Pod >> 0.92 Test::Simple >> 1.9719 Time::HiRes >> 1.02 Time::localtime >> >> Optional module versions are: >> 1.52 Archive::Tar >> 0.23 bignum >> missing Business::ISBN >> missing Business::ISBN::Data >> missing Data::Dump >> 1.82 DB_File >> 1.29 DBD::SQLite >> 1.607 DBI >> 1.16 Digest >> 1.01 Digest::HMAC >> 2.39 Digest::MD5 >> 2.12 Digest::SHA1 >> 1.01 Encode::Detect >> 0.17016 Error >> 0.2602 ExtUtils::CBuilder >> 2.2002 ExtUtils::ParseXS >> 2.38 Getopt::Long >> missing Inline >> missing IO::String >> 1.10 IO::Zlib >> 2.27 IP::Country >> missing Mail::ClamAV >> 3.003001 Mail::SpamAssassin >> v2.007 Mail::SPF >> 1.999001 Mail::SPF::Query >> 0.340201 Module::Build >> 0.20 Net::CIDR::Lite >> 0.66 Net::DNS >> v0.003 Net::DNS::Resolver::Programmable >> 0.40 Net::LDAP >> 4.027 NetAddr::IP >> missing Parse::RecDescent >> missing SAVI >> 3.17 Test::Harness >> missing Test::Manifest >> 2.0.0 Text::Balanced >> 1.53 URI >> 0.77 version >> 0.72 YAML >> >> >> Thanks! >> >> El 11/02/11 17:02, Stephen Cox escribi?: >>> Thank you! >>> >>> On 2/11/11, Julian Field wrote: >>>> Folks, >>>> >>>> I have just released a new stable edition of MailScanner, version >>>> 4.82.6. >>>> >>>> This is identical to the recent beta version 4.82.5. >>>> >>>> The main new feature is in filename.rules.conf and filetype.rules.conf >>>> configuration files. As well as the previous "allow", "deny" and >>>> "deny+delete" instructions in a rule, you can now automatically rename >>>> attachment filenames using the "rename" and "rename to" instructions >>>> instead of just allowing or denying them. >>>> >>>> When using the new "rename" instruction in a rule, any matching file >>>> will be automatically renamed using the new "Rename Pattern" setting in >>>> MailScanner.conf. This allows you to add a prefix or a suffix to any >>>> filename. >>>> >>>> When using the new "rename to" instruction in a rule, any matching file >>>> will be automatically renamed so that the portion of the filename that >>>> matches the pattern string is replaced with new text. So for example, >>>> you can rename all *.pps files to *.ppt with the rule >>>> >>>> rename to .ppt \.pps$ Renamed pps to ppt Renamed file >>>> >>>> If you want to be even cleverer, you can use parenthesised sections of >>>> the match pattern within the replacement text. I'm not quite sure who >>>> this will be useful to, but I'm sure you will find some clever uses >>>> (you >>>> folks always do!). As a random example, >>>> >>>> rename to Dangerous_$1_$2 ^(.*)\.(exe|com|scr)$ Renamed dangerous >>>> exes Renamed file >>>> >>>> That will rename any file such as "PleaseRunMe.exe" to >>>> "Dangerous_PleaseRunMe_exe" and rename "DodgyScreensaver.scr" to >>>> "Dangerous_DodgyScreensaver_scr" which means the user cannot run it >>>> without renaming it first. >>>> >>>> Cool huh? >>>> >>>> Anyway, you can get it as usual from >>>> >>>> http://www.mailscanner.info >>>> >>>> ========================== >>>> The full Changelog is: >>>> * New Features and Improvements * >>>> 1 In filename.rules.conf and filetype.rules.conf files, as well as the >>>> previous "allow", "deny", "deny+delete", and email-address types of >>>> rule, >>>> there are now "rename" rules as well. If a filename or filetype matches >>>> a "rename" rule, the original attachment is left in the message but is >>>> renamed according to the "Rename Pattern" setting in MailScanner.conf. >>>> This allows for any prefixes or suffixes you may want to add to the >>>> attachment's filename. >>>> 2 Improved "rename" rules so you can now also specify "rename to >>>> new-text". >>>> If the rule matched an attachment's filename, the text matching the >>>> pattern >>>> for that rule will be replaced with the "new-text" string supplied. >>>> The "to" is optional, but makes it easier to read. >>>> 4 Rules files will be assumed in the MailScanner.conf if the >>>> filename now >>>> ends in ".Rules" as well as ".rules". >>>> 4 Allow deployments with the 'split mail per recipient' setup where >>>> mail >>>> is re-injected from 127.0.0.1 to still whitelist 127.0.0.1 for >>>> releasing >>>> of quarantined messages, while still scanning re-injected mail. >>>> >>>> * Fixes * >>>> 1 AVG scanner command-line arguments typo fixed. >>>> 2 Fixed problem where HTML messages scanned for Phishing would be >>>> truncated >>>> at the start of the first tag if it was never closed properly. >>>> 3 Fixed bug stopping things like "$1" working in the replacement >>>> text of a >>>> "rename to" filename.rules.conf rule. >>>> 4 Fixed permissions of ClamAV temp files to use workperms instead of >>>> 0600. >>>> Thanks to Rick Cooper for this fix! >>>> 4 Fixed problem caused by invalid "Spam List" or "Spam Domain List" >>>> values >>>> appearing in the conf file. Thanks to Steve Freegard for this! >>>> 5 Fixed issue where messages quarantined for being a DoS attack did not >>>> have their headers quarantined correctly. >>>> >>>> Jules >>>> >>>> -- >>>> Julian Field MEng CITP CEng >>>> www.MailScanner.info >>>> >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> Need help customising MailScanner? Contact me! >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> Follow me at twitter.com/JulesFM >>>> >>>> 'All programs have a desire to be useful' - Tron, 1982 >>>> >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> >> >> > > Jules > -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From MailScanner at ecs.soton.ac.uk Wed Feb 16 21:54:10 2011 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Feb 16 21:54:29 2011 Subject: MailScanner ANNOUNCE: 4.82 stable released In-Reply-To: <4D5C2B54.1090800@hostalia.com> References: <4D554758.1070605@ecs.soton.ac.uk> <4D5C2159.6050507@hostalia.com> <4D5C2677.2040101@ecs.soton.ac.uk> <4D5C2B54.1090800@hostalia.com> <4D5C4782.7070605@ecs.soton.ac.uk> Message-ID: Something has gone very badly wrong. They shouldn't be ".00000" on the end of the directory names, that means it has failed to read the message files altogether. The ".00000" should be a hash of the first few bytes of the message body file. Also the locking has totally failed as the same message ID is showing up in several different MailScanner child processes (the first sub-directory name is the child process PID). This is a real mess. I don't know what you've done, but you've broken it all very badly. Have you messed with the queue hashing depth in Postfix or anything like that? How do I build a Debian box running the same version of Perl and Postfix as you? I've never used Debian. For now, I would try a different version of Perl, a different MTA, or a different Linux distribution that isn't so broken. No-one using the mainstream Linux distros appears to have these problems. Jules. On 16/02/2011 19:53, Alvaro Marin wrote: > Hi Jules, > > I'm using Debian Squeeze's Postfix 2.7.1-1. > > I've changed MessageBatch.pm's code to show with what ID happens and: > > # /opt/MailScanner/bin/MailScanner --debug > ... > ID: C055D2A0015.00000 > CombineReports OK ID: C055D2A0015.00000 > ID: 3CE502A004D.00000 > CombineReports OK ID: 3CE502A004D.00000 > ID: C39622A000A.00000.message > Can't call method "CombineReports" on unblessed reference at > /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 737. > > The difference is that ".message" attached to the ID. > Then, in /var/spool/MailScanner/incoming I do: > > # find . | grep C39622A000A.00000 > ./26092/C39622A000A.00000.header > ./26092/C39622A000A.00000 > ./26092/C39622A000A.00000/nmsg-26092-36.txt > ./26092/C39622A000A.00000/nmsg-26092-37.html > ./26092/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf > ./26092/C39622A000A.00000.message > ./26540/C39622A000A.00000.header > ./26540/C39622A000A.00000 > ./26540/C39622A000A.00000/nmsg-26540-36.txt > ./26540/C39622A000A.00000/nmsg-26540-37.html > ./26540/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf > ./26540/C39622A000A.00000.message > ./26779/C39622A000A.00000.header > ./26779/C39622A000A.00000 > ./26779/C39622A000A.00000/nmsg-26779-37.html > ./26779/C39622A000A.00000/nmsg-26779-36.txt > ./26779/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf > ./26779/C39622A000A.00000.message > ./26803/C39622A000A.00000.header > ... > > The message from that incoming directory, can be downloaded here: > > http://postmaster.hostalia.com/MSerror.tar.gz > > Thank you! > > > El 16/02/11 20:33, Jules Field escribi?: >> What MTA are you using, and if you can reproduce this error reliably, I >> would like a copy of your incoming mail queue as well. That error should >> never happen. >> >> Is it happening for anyone else? >> >> The only way that can happen is if the "sub new" isn't getting called or >> is bailing out early, before the "bless" happens to set the type. None >> of the "sub new" functions can exit early, so they must be not being >> called. But in CreateBatch, when they are called, they are always called >> before the message is added to the batch. >> >> Some bug in Perl 5.10.1 or a change of behaviour in Perl I don't know >> about? >> It's clearly a change between Perl 5.10.0 and 5.10.1. Does the ChangeLog >> for Perl 5.10.1 say anything about it? >> >> On 16/02/2011 19:11, Alvaro Marin wrote: >>> Hi, >>> >>> I was using MS 4.79.11-1 with Debian Lenny (Perl 5.10.0) and I've >>> upgraded to Debian Squeeze with Perl 5.10.1 and now I've this error: >>> >>> >>> # /opt/MailScanner/bin/MailScanner --debug >>> >>> >>> In Debugging mode, not forking... >>> Trying to setlogsock(unix) >>> Building a message batch to scan... >>> Have a batch of 7 messages. >>> Can't call method "CombineReports" on unblessed reference at >>> /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 736. >>> >>> Any idea? :S >>> >>> # /opt/MailScanner/bin/MailScanner -V >>> Running on >>> Linux main0260 2.6.32-5-686-bigmem #1 SMP Wed Jan 12 04:40:25 UTC 2011 >>> i686 GNU/Linux >>> This is Perl version 5.010001 (5.10.1) >>> >>> This is MailScanner version 4.82.6 >>> Module versions are: >>> 1.00 AnyDBM_File >>> 1.30 Archive::Zip >>> 0.23 bignum >>> 1.11 Carp >>> 2.024 Compress::Zlib >>> 1.119 Convert::BinHex >>> 0.17 Convert::TNEF >>> 2.125 Data::Dumper >>> 2.27 Date::Parse >>> 1.03 DirHandle >>> 1.06 Fcntl >>> 2.77 File::Basename >>> 2.14 File::Copy >>> 2.02 FileHandle >>> 2.07_03 File::Path >>> 0.22 File::Temp >>> 0.92 Filesys::Df >>> 3.64 HTML::Entities >>> 3.64 HTML::Parser >>> 3.57 HTML::TokeParser >>> 1.25 IO >>> 1.14 IO::File >>> 1.13 IO::Pipe >>> 2.04 Mail::Header >>> 1.89 Math::BigInt >>> 0.22 Math::BigRat >>> 3.08 MIME::Base64 >>> 5.427 MIME::Decoder >>> 5.427 MIME::Decoder::UU >>> 5.427 MIME::Head >>> 5.427 MIME::Parser >>> 3.08 MIME::QuotedPrint >>> 5.427 MIME::Tools >>> 0.14 Net::CIDR >>> 1.25 Net::IP >>> 0.19 OLE::Storage_Lite >>> 1.04 Pod::Escapes >>> 3.07 Pod::Simple >>> 1.17 POSIX >>> 1.23 Scalar::Util >>> 1.82 Socket >>> 2.20 Storable >>> 1.4 Sys::Hostname::Long >>> 0.27 Sys::Syslog >>> 1.26 Test::Pod >>> 0.92 Test::Simple >>> 1.9719 Time::HiRes >>> 1.02 Time::localtime >>> >>> Optional module versions are: >>> 1.52 Archive::Tar >>> 0.23 bignum >>> missing Business::ISBN >>> missing Business::ISBN::Data >>> missing Data::Dump >>> 1.82 DB_File >>> 1.29 DBD::SQLite >>> 1.607 DBI >>> 1.16 Digest >>> 1.01 Digest::HMAC >>> 2.39 Digest::MD5 >>> 2.12 Digest::SHA1 >>> 1.01 Encode::Detect >>> 0.17016 Error >>> 0.2602 ExtUtils::CBuilder >>> 2.2002 ExtUtils::ParseXS >>> 2.38 Getopt::Long >>> missing Inline >>> missing IO::String >>> 1.10 IO::Zlib >>> 2.27 IP::Country >>> missing Mail::ClamAV >>> 3.003001 Mail::SpamAssassin >>> v2.007 Mail::SPF >>> 1.999001 Mail::SPF::Query >>> 0.340201 Module::Build >>> 0.20 Net::CIDR::Lite >>> 0.66 Net::DNS >>> v0.003 Net::DNS::Resolver::Programmable >>> 0.40 Net::LDAP >>> 4.027 NetAddr::IP >>> missing Parse::RecDescent >>> missing SAVI >>> 3.17 Test::Harness >>> missing Test::Manifest >>> 2.0.0 Text::Balanced >>> 1.53 URI >>> 0.77 version >>> 0.72 YAML >>> >>> >>> Thanks! >>> >>> El 11/02/11 17:02, Stephen Cox escribi?: >>>> Thank you! >>>> >>>> On 2/11/11, Julian Field wrote: >>>>> Folks, >>>>> >>>>> I have just released a new stable edition of MailScanner, version >>>>> 4.82.6. >>>>> >>>>> This is identical to the recent beta version 4.82.5. >>>>> >>>>> The main new feature is in filename.rules.conf and >>>>> filetype.rules.conf >>>>> configuration files. As well as the previous "allow", "deny" and >>>>> "deny+delete" instructions in a rule, you can now automatically >>>>> rename >>>>> attachment filenames using the "rename" and "rename to" instructions >>>>> instead of just allowing or denying them. >>>>> >>>>> When using the new "rename" instruction in a rule, any matching file >>>>> will be automatically renamed using the new "Rename Pattern" >>>>> setting in >>>>> MailScanner.conf. This allows you to add a prefix or a suffix to any >>>>> filename. >>>>> >>>>> When using the new "rename to" instruction in a rule, any matching >>>>> file >>>>> will be automatically renamed so that the portion of the filename >>>>> that >>>>> matches the pattern string is replaced with new text. So for example, >>>>> you can rename all *.pps files to *.ppt with the rule >>>>> >>>>> rename to .ppt \.pps$ Renamed pps to ppt Renamed file >>>>> >>>>> If you want to be even cleverer, you can use parenthesised >>>>> sections of >>>>> the match pattern within the replacement text. I'm not quite sure who >>>>> this will be useful to, but I'm sure you will find some clever uses >>>>> (you >>>>> folks always do!). As a random example, >>>>> >>>>> rename to Dangerous_$1_$2 ^(.*)\.(exe|com|scr)$ Renamed dangerous >>>>> exes Renamed file >>>>> >>>>> That will rename any file such as "PleaseRunMe.exe" to >>>>> "Dangerous_PleaseRunMe_exe" and rename "DodgyScreensaver.scr" to >>>>> "Dangerous_DodgyScreensaver_scr" which means the user cannot run it >>>>> without renaming it first. >>>>> >>>>> Cool huh? >>>>> >>>>> Anyway, you can get it as usual from >>>>> >>>>> http://www.mailscanner.info >>>>> >>>>> ========================== >>>>> The full Changelog is: >>>>> * New Features and Improvements * >>>>> 1 In filename.rules.conf and filetype.rules.conf files, as well as >>>>> the >>>>> previous "allow", "deny", "deny+delete", and email-address types of >>>>> rule, >>>>> there are now "rename" rules as well. If a filename or filetype >>>>> matches >>>>> a "rename" rule, the original attachment is left in the message >>>>> but is >>>>> renamed according to the "Rename Pattern" setting in >>>>> MailScanner.conf. >>>>> This allows for any prefixes or suffixes you may want to add to the >>>>> attachment's filename. >>>>> 2 Improved "rename" rules so you can now also specify "rename to >>>>> new-text". >>>>> If the rule matched an attachment's filename, the text matching the >>>>> pattern >>>>> for that rule will be replaced with the "new-text" string supplied. >>>>> The "to" is optional, but makes it easier to read. >>>>> 4 Rules files will be assumed in the MailScanner.conf if the >>>>> filename now >>>>> ends in ".Rules" as well as ".rules". >>>>> 4 Allow deployments with the 'split mail per recipient' setup where >>>>> mail >>>>> is re-injected from 127.0.0.1 to still whitelist 127.0.0.1 for >>>>> releasing >>>>> of quarantined messages, while still scanning re-injected mail. >>>>> >>>>> * Fixes * >>>>> 1 AVG scanner command-line arguments typo fixed. >>>>> 2 Fixed problem where HTML messages scanned for Phishing would be >>>>> truncated >>>>> at the start of the first tag if it was never closed properly. >>>>> 3 Fixed bug stopping things like "$1" working in the replacement >>>>> text of a >>>>> "rename to" filename.rules.conf rule. >>>>> 4 Fixed permissions of ClamAV temp files to use workperms instead of >>>>> 0600. >>>>> Thanks to Rick Cooper for this fix! >>>>> 4 Fixed problem caused by invalid "Spam List" or "Spam Domain List" >>>>> values >>>>> appearing in the conf file. Thanks to Steve Freegard for this! >>>>> 5 Fixed issue where messages quarantined for being a DoS attack >>>>> did not >>>>> have their headers quarantined correctly. >>>>> >>>>> Jules >>>>> >>>>> -- >>>>> Julian Field MEng CITP CEng >>>>> www.MailScanner.info >>>>> >>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>> Need help customising MailScanner? Contact me! >>>>> >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> Follow me at twitter.com/JulesFM >>>>> >>>>> 'All programs have a desire to be useful' - Tron, 1982 >>>>> >>>>> >>>>> >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> >>>> >>> >>> >> >> Jules >> > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alvaro at hostalia.com Wed Feb 16 22:26:13 2011 From: alvaro at hostalia.com (=?ISO-8859-1?Q?Alvaro_Mar=EDn?=) Date: Wed Feb 16 22:26:23 2011 Subject: MailScanner ANNOUNCE: 4.82 stable released In-Reply-To: References: <4D554758.1070605@ecs.soton.ac.uk> <4D5C2159.6050507@hostalia.com> <4D5C2677.2040101@ecs.soton.ac.uk> <4D5C2B54.1090800@hostalia.com> <4D5C4782.7070605@ecs.soton.ac.uk> Message-ID: <4D5C4F05.2000604@hostalia.com> Hi, yes, I've changed Postfix's default queue depth to "2": hash_queue_depth = 2 hash_queue_names = incoming, active, deferred, bounce, defer, flush, hold, trace so messages, for example on the hold queue, are stored as: /var/spool/postfix/hold/A/F/AFDD42A0009 Debugging the code of Postfix.pm, I've seen that PostfixKey function always returns here: seek($fh, 0, 0) or return '00000'; and the value of $fname is just "0E43549800C", the ID, not the complete path to the file. I've deleted from the queue those messages with that .rtf attached and it seems that is running fine now. Tomorrow, with more traffic, we'll how it runs. If you install Debian's latest stable version, Squeeze, you'll have Perl 5.10.1 and Postfix 2.7. I've installed MS from .tar.gz. Thank you Jules, Regards. El 16/02/11 22:54, Jules Field escribi?: > Something has gone very badly wrong. They shouldn't be ".00000" on the > end of the directory names, that means it has failed to read the message > files altogether. The ".00000" should be a hash of the first few bytes > of the message body file. > > Also the locking has totally failed as the same message ID is showing up > in several different MailScanner child processes (the first > sub-directory name is the child process PID). > > This is a real mess. I don't know what you've done, but you've broken it > all very badly. > > Have you messed with the queue hashing depth in Postfix or anything like > that? > > How do I build a Debian box running the same version of Perl and Postfix > as you? I've never used Debian. > > For now, I would try a different version of Perl, a different MTA, or a > different Linux distribution that isn't so broken. No-one using the > mainstream Linux distros appears to have these problems. > > Jules. > > On 16/02/2011 19:53, Alvaro Marin wrote: >> Hi Jules, >> >> I'm using Debian Squeeze's Postfix 2.7.1-1. >> >> I've changed MessageBatch.pm's code to show with what ID happens and: >> >> # /opt/MailScanner/bin/MailScanner --debug >> ... >> ID: C055D2A0015.00000 >> CombineReports OK ID: C055D2A0015.00000 >> ID: 3CE502A004D.00000 >> CombineReports OK ID: 3CE502A004D.00000 >> ID: C39622A000A.00000.message >> Can't call method "CombineReports" on unblessed reference at >> /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 737. >> >> The difference is that ".message" attached to the ID. >> Then, in /var/spool/MailScanner/incoming I do: >> >> # find . | grep C39622A000A.00000 >> ./26092/C39622A000A.00000.header >> ./26092/C39622A000A.00000 >> ./26092/C39622A000A.00000/nmsg-26092-36.txt >> ./26092/C39622A000A.00000/nmsg-26092-37.html >> ./26092/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf >> ./26092/C39622A000A.00000.message >> ./26540/C39622A000A.00000.header >> ./26540/C39622A000A.00000 >> ./26540/C39622A000A.00000/nmsg-26540-36.txt >> ./26540/C39622A000A.00000/nmsg-26540-37.html >> ./26540/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf >> ./26540/C39622A000A.00000.message >> ./26779/C39622A000A.00000.header >> ./26779/C39622A000A.00000 >> ./26779/C39622A000A.00000/nmsg-26779-37.html >> ./26779/C39622A000A.00000/nmsg-26779-36.txt >> ./26779/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf >> ./26779/C39622A000A.00000.message >> ./26803/C39622A000A.00000.header >> ... >> >> The message from that incoming directory, can be downloaded here: >> >> http://postmaster.hostalia.com/MSerror.tar.gz >> >> Thank you! >> >> >> El 16/02/11 20:33, Jules Field escribi?: >>> What MTA are you using, and if you can reproduce this error reliably, I >>> would like a copy of your incoming mail queue as well. That error should >>> never happen. >>> >>> Is it happening for anyone else? >>> >>> The only way that can happen is if the "sub new" isn't getting called or >>> is bailing out early, before the "bless" happens to set the type. None >>> of the "sub new" functions can exit early, so they must be not being >>> called. But in CreateBatch, when they are called, they are always called >>> before the message is added to the batch. >>> >>> Some bug in Perl 5.10.1 or a change of behaviour in Perl I don't know >>> about? >>> It's clearly a change between Perl 5.10.0 and 5.10.1. Does the ChangeLog >>> for Perl 5.10.1 say anything about it? >>> >>> On 16/02/2011 19:11, Alvaro Marin wrote: >>>> Hi, >>>> >>>> I was using MS 4.79.11-1 with Debian Lenny (Perl 5.10.0) and I've >>>> upgraded to Debian Squeeze with Perl 5.10.1 and now I've this error: >>>> >>>> >>>> # /opt/MailScanner/bin/MailScanner --debug >>>> >>>> >>>> In Debugging mode, not forking... >>>> Trying to setlogsock(unix) >>>> Building a message batch to scan... >>>> Have a batch of 7 messages. >>>> Can't call method "CombineReports" on unblessed reference at >>>> /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 736. >>>> >>>> Any idea? :S >>>> >>>> # /opt/MailScanner/bin/MailScanner -V >>>> Running on >>>> Linux main0260 2.6.32-5-686-bigmem #1 SMP Wed Jan 12 04:40:25 UTC 2011 >>>> i686 GNU/Linux >>>> This is Perl version 5.010001 (5.10.1) >>>> >>>> This is MailScanner version 4.82.6 >>>> Module versions are: >>>> 1.00 AnyDBM_File >>>> 1.30 Archive::Zip >>>> 0.23 bignum >>>> 1.11 Carp >>>> 2.024 Compress::Zlib >>>> 1.119 Convert::BinHex >>>> 0.17 Convert::TNEF >>>> 2.125 Data::Dumper >>>> 2.27 Date::Parse >>>> 1.03 DirHandle >>>> 1.06 Fcntl >>>> 2.77 File::Basename >>>> 2.14 File::Copy >>>> 2.02 FileHandle >>>> 2.07_03 File::Path >>>> 0.22 File::Temp >>>> 0.92 Filesys::Df >>>> 3.64 HTML::Entities >>>> 3.64 HTML::Parser >>>> 3.57 HTML::TokeParser >>>> 1.25 IO >>>> 1.14 IO::File >>>> 1.13 IO::Pipe >>>> 2.04 Mail::Header >>>> 1.89 Math::BigInt >>>> 0.22 Math::BigRat >>>> 3.08 MIME::Base64 >>>> 5.427 MIME::Decoder >>>> 5.427 MIME::Decoder::UU >>>> 5.427 MIME::Head >>>> 5.427 MIME::Parser >>>> 3.08 MIME::QuotedPrint >>>> 5.427 MIME::Tools >>>> 0.14 Net::CIDR >>>> 1.25 Net::IP >>>> 0.19 OLE::Storage_Lite >>>> 1.04 Pod::Escapes >>>> 3.07 Pod::Simple >>>> 1.17 POSIX >>>> 1.23 Scalar::Util >>>> 1.82 Socket >>>> 2.20 Storable >>>> 1.4 Sys::Hostname::Long >>>> 0.27 Sys::Syslog >>>> 1.26 Test::Pod >>>> 0.92 Test::Simple >>>> 1.9719 Time::HiRes >>>> 1.02 Time::localtime >>>> >>>> Optional module versions are: >>>> 1.52 Archive::Tar >>>> 0.23 bignum >>>> missing Business::ISBN >>>> missing Business::ISBN::Data >>>> missing Data::Dump >>>> 1.82 DB_File >>>> 1.29 DBD::SQLite >>>> 1.607 DBI >>>> 1.16 Digest >>>> 1.01 Digest::HMAC >>>> 2.39 Digest::MD5 >>>> 2.12 Digest::SHA1 >>>> 1.01 Encode::Detect >>>> 0.17016 Error >>>> 0.2602 ExtUtils::CBuilder >>>> 2.2002 ExtUtils::ParseXS >>>> 2.38 Getopt::Long >>>> missing Inline >>>> missing IO::String >>>> 1.10 IO::Zlib >>>> 2.27 IP::Country >>>> missing Mail::ClamAV >>>> 3.003001 Mail::SpamAssassin >>>> v2.007 Mail::SPF >>>> 1.999001 Mail::SPF::Query >>>> 0.340201 Module::Build >>>> 0.20 Net::CIDR::Lite >>>> 0.66 Net::DNS >>>> v0.003 Net::DNS::Resolver::Programmable >>>> 0.40 Net::LDAP >>>> 4.027 NetAddr::IP >>>> missing Parse::RecDescent >>>> missing SAVI >>>> 3.17 Test::Harness >>>> missing Test::Manifest >>>> 2.0.0 Text::Balanced >>>> 1.53 URI >>>> 0.77 version >>>> 0.72 YAML >>>> >>>> >>>> Thanks! >>>> >>>> El 11/02/11 17:02, Stephen Cox escribi?: >>>>> Thank you! >>>>> >>>>> On 2/11/11, Julian Field wrote: >>>>>> Folks, >>>>>> >>>>>> I have just released a new stable edition of MailScanner, version >>>>>> 4.82.6. >>>>>> >>>>>> This is identical to the recent beta version 4.82.5. >>>>>> >>>>>> The main new feature is in filename.rules.conf and >>>>>> filetype.rules.conf >>>>>> configuration files. As well as the previous "allow", "deny" and >>>>>> "deny+delete" instructions in a rule, you can now automatically >>>>>> rename >>>>>> attachment filenames using the "rename" and "rename to" instructions >>>>>> instead of just allowing or denying them. >>>>>> >>>>>> When using the new "rename" instruction in a rule, any matching file >>>>>> will be automatically renamed using the new "Rename Pattern" >>>>>> setting in >>>>>> MailScanner.conf. This allows you to add a prefix or a suffix to any >>>>>> filename. >>>>>> >>>>>> When using the new "rename to" instruction in a rule, any matching >>>>>> file >>>>>> will be automatically renamed so that the portion of the filename >>>>>> that >>>>>> matches the pattern string is replaced with new text. So for example, >>>>>> you can rename all *.pps files to *.ppt with the rule >>>>>> >>>>>> rename to .ppt \.pps$ Renamed pps to ppt Renamed file >>>>>> >>>>>> If you want to be even cleverer, you can use parenthesised >>>>>> sections of >>>>>> the match pattern within the replacement text. I'm not quite sure who >>>>>> this will be useful to, but I'm sure you will find some clever uses >>>>>> (you >>>>>> folks always do!). As a random example, >>>>>> >>>>>> rename to Dangerous_$1_$2 ^(.*)\.(exe|com|scr)$ Renamed dangerous >>>>>> exes Renamed file >>>>>> >>>>>> That will rename any file such as "PleaseRunMe.exe" to >>>>>> "Dangerous_PleaseRunMe_exe" and rename "DodgyScreensaver.scr" to >>>>>> "Dangerous_DodgyScreensaver_scr" which means the user cannot run it >>>>>> without renaming it first. >>>>>> >>>>>> Cool huh? >>>>>> >>>>>> Anyway, you can get it as usual from >>>>>> >>>>>> http://www.mailscanner.info >>>>>> >>>>>> ========================== >>>>>> The full Changelog is: >>>>>> * New Features and Improvements * >>>>>> 1 In filename.rules.conf and filetype.rules.conf files, as well as >>>>>> the >>>>>> previous "allow", "deny", "deny+delete", and email-address types of >>>>>> rule, >>>>>> there are now "rename" rules as well. If a filename or filetype >>>>>> matches >>>>>> a "rename" rule, the original attachment is left in the message >>>>>> but is >>>>>> renamed according to the "Rename Pattern" setting in >>>>>> MailScanner.conf. >>>>>> This allows for any prefixes or suffixes you may want to add to the >>>>>> attachment's filename. >>>>>> 2 Improved "rename" rules so you can now also specify "rename to >>>>>> new-text". >>>>>> If the rule matched an attachment's filename, the text matching the >>>>>> pattern >>>>>> for that rule will be replaced with the "new-text" string supplied. >>>>>> The "to" is optional, but makes it easier to read. >>>>>> 4 Rules files will be assumed in the MailScanner.conf if the >>>>>> filename now >>>>>> ends in ".Rules" as well as ".rules". >>>>>> 4 Allow deployments with the 'split mail per recipient' setup where >>>>>> mail >>>>>> is re-injected from 127.0.0.1 to still whitelist 127.0.0.1 for >>>>>> releasing >>>>>> of quarantined messages, while still scanning re-injected mail. >>>>>> >>>>>> * Fixes * >>>>>> 1 AVG scanner command-line arguments typo fixed. >>>>>> 2 Fixed problem where HTML messages scanned for Phishing would be >>>>>> truncated >>>>>> at the start of the first tag if it was never closed properly. >>>>>> 3 Fixed bug stopping things like "$1" working in the replacement >>>>>> text of a >>>>>> "rename to" filename.rules.conf rule. >>>>>> 4 Fixed permissions of ClamAV temp files to use workperms instead of >>>>>> 0600. >>>>>> Thanks to Rick Cooper for this fix! >>>>>> 4 Fixed problem caused by invalid "Spam List" or "Spam Domain List" >>>>>> values >>>>>> appearing in the conf file. Thanks to Steve Freegard for this! >>>>>> 5 Fixed issue where messages quarantined for being a DoS attack >>>>>> did not >>>>>> have their headers quarantined correctly. >>>>>> >>>>>> Jules >>>>>> >>>>>> -- >>>>>> Julian Field MEng CITP CEng >>>>>> www.MailScanner.info >>>>>> >>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>> Need help customising MailScanner? Contact me! >>>>>> >>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>> Follow me at twitter.com/JulesFM >>>>>> >>>>>> 'All programs have a desire to be useful' - Tron, 1982 >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> This message has been scanned for viruses and >>>>>> dangerous content by MailScanner, and is >>>>>> believed to be clean. >>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>> >>>>> >>>> >>>> >>> >>> Jules >>> >> >> > > Jules > -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From alvaro at hostalia.com Wed Feb 16 22:41:39 2011 From: alvaro at hostalia.com (=?ISO-8859-1?Q?Alvaro_Mar=EDn?=) Date: Wed Feb 16 22:41:48 2011 Subject: MailScanner ANNOUNCE: 4.82 stable released In-Reply-To: <4D5C4F05.2000604@hostalia.com> References: <4D554758.1070605@ecs.soton.ac.uk> <4D5C2159.6050507@hostalia.com> <4D5C2677.2040101@ecs.soton.ac.uk> <4D5C2B54.1090800@hostalia.com> <4D5C4782.7070605@ecs.soton.ac.uk> <4D5C4F05.2000604@hostalia.com> Message-ID: <4D5C52A3.3020303@hostalia.com> Hi again, I forgot to mention this thread with the same error some months ago: http://comments.gmane.org/gmane.mail.virus.mailscanner/75443 El 16/02/11 23:26, Alvaro Mar?n escribi?: > Hi, > > yes, I've changed Postfix's default queue depth to "2": > > hash_queue_depth = 2 > hash_queue_names = incoming, active, deferred, bounce, defer, flush, > hold, trace > > so messages, for example on the hold queue, are stored as: > > /var/spool/postfix/hold/A/F/AFDD42A0009 > > Debugging the code of Postfix.pm, I've seen that PostfixKey function > always returns here: > > seek($fh, 0, 0) or return '00000'; > > and the value of $fname is just "0E43549800C", the ID, not the complete > path to the file. > > I've deleted from the queue those messages with that .rtf attached and > it seems that is running fine now. Tomorrow, with more traffic, we'll > how it runs. > > If you install Debian's latest stable version, Squeeze, you'll have Perl > 5.10.1 and Postfix 2.7. > I've installed MS from .tar.gz. > > Thank you Jules, > Regards. > > El 16/02/11 22:54, Jules Field escribi?: >> Something has gone very badly wrong. They shouldn't be ".00000" on the >> end of the directory names, that means it has failed to read the message >> files altogether. The ".00000" should be a hash of the first few bytes >> of the message body file. >> >> Also the locking has totally failed as the same message ID is showing up >> in several different MailScanner child processes (the first >> sub-directory name is the child process PID). >> >> This is a real mess. I don't know what you've done, but you've broken it >> all very badly. >> >> Have you messed with the queue hashing depth in Postfix or anything like >> that? >> >> How do I build a Debian box running the same version of Perl and Postfix >> as you? I've never used Debian. >> >> For now, I would try a different version of Perl, a different MTA, or a >> different Linux distribution that isn't so broken. No-one using the >> mainstream Linux distros appears to have these problems. >> >> Jules. >> >> On 16/02/2011 19:53, Alvaro Marin wrote: >>> Hi Jules, >>> >>> I'm using Debian Squeeze's Postfix 2.7.1-1. >>> >>> I've changed MessageBatch.pm's code to show with what ID happens and: >>> >>> # /opt/MailScanner/bin/MailScanner --debug >>> ... >>> ID: C055D2A0015.00000 >>> CombineReports OK ID: C055D2A0015.00000 >>> ID: 3CE502A004D.00000 >>> CombineReports OK ID: 3CE502A004D.00000 >>> ID: C39622A000A.00000.message >>> Can't call method "CombineReports" on unblessed reference at >>> /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 737. >>> >>> The difference is that ".message" attached to the ID. >>> Then, in /var/spool/MailScanner/incoming I do: >>> >>> # find . | grep C39622A000A.00000 >>> ./26092/C39622A000A.00000.header >>> ./26092/C39622A000A.00000 >>> ./26092/C39622A000A.00000/nmsg-26092-36.txt >>> ./26092/C39622A000A.00000/nmsg-26092-37.html >>> ./26092/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf >>> ./26092/C39622A000A.00000.message >>> ./26540/C39622A000A.00000.header >>> ./26540/C39622A000A.00000 >>> ./26540/C39622A000A.00000/nmsg-26540-36.txt >>> ./26540/C39622A000A.00000/nmsg-26540-37.html >>> ./26540/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf >>> ./26540/C39622A000A.00000.message >>> ./26779/C39622A000A.00000.header >>> ./26779/C39622A000A.00000 >>> ./26779/C39622A000A.00000/nmsg-26779-37.html >>> ./26779/C39622A000A.00000/nmsg-26779-36.txt >>> ./26779/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf >>> ./26779/C39622A000A.00000.message >>> ./26803/C39622A000A.00000.header >>> ... >>> >>> The message from that incoming directory, can be downloaded here: >>> >>> http://postmaster.hostalia.com/MSerror.tar.gz >>> >>> Thank you! >>> >>> >>> El 16/02/11 20:33, Jules Field escribi?: >>>> What MTA are you using, and if you can reproduce this error reliably, I >>>> would like a copy of your incoming mail queue as well. That error >>>> should >>>> never happen. >>>> >>>> Is it happening for anyone else? >>>> >>>> The only way that can happen is if the "sub new" isn't getting >>>> called or >>>> is bailing out early, before the "bless" happens to set the type. None >>>> of the "sub new" functions can exit early, so they must be not being >>>> called. But in CreateBatch, when they are called, they are always >>>> called >>>> before the message is added to the batch. >>>> >>>> Some bug in Perl 5.10.1 or a change of behaviour in Perl I don't know >>>> about? >>>> It's clearly a change between Perl 5.10.0 and 5.10.1. Does the >>>> ChangeLog >>>> for Perl 5.10.1 say anything about it? >>>> >>>> On 16/02/2011 19:11, Alvaro Marin wrote: >>>>> Hi, >>>>> >>>>> I was using MS 4.79.11-1 with Debian Lenny (Perl 5.10.0) and I've >>>>> upgraded to Debian Squeeze with Perl 5.10.1 and now I've this error: >>>>> >>>>> >>>>> # /opt/MailScanner/bin/MailScanner --debug >>>>> >>>>> >>>>> In Debugging mode, not forking... >>>>> Trying to setlogsock(unix) >>>>> Building a message batch to scan... >>>>> Have a batch of 7 messages. >>>>> Can't call method "CombineReports" on unblessed reference at >>>>> /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 736. >>>>> >>>>> Any idea? :S >>>>> >>>>> # /opt/MailScanner/bin/MailScanner -V >>>>> Running on >>>>> Linux main0260 2.6.32-5-686-bigmem #1 SMP Wed Jan 12 04:40:25 UTC 2011 >>>>> i686 GNU/Linux >>>>> This is Perl version 5.010001 (5.10.1) >>>>> >>>>> This is MailScanner version 4.82.6 >>>>> Module versions are: >>>>> 1.00 AnyDBM_File >>>>> 1.30 Archive::Zip >>>>> 0.23 bignum >>>>> 1.11 Carp >>>>> 2.024 Compress::Zlib >>>>> 1.119 Convert::BinHex >>>>> 0.17 Convert::TNEF >>>>> 2.125 Data::Dumper >>>>> 2.27 Date::Parse >>>>> 1.03 DirHandle >>>>> 1.06 Fcntl >>>>> 2.77 File::Basename >>>>> 2.14 File::Copy >>>>> 2.02 FileHandle >>>>> 2.07_03 File::Path >>>>> 0.22 File::Temp >>>>> 0.92 Filesys::Df >>>>> 3.64 HTML::Entities >>>>> 3.64 HTML::Parser >>>>> 3.57 HTML::TokeParser >>>>> 1.25 IO >>>>> 1.14 IO::File >>>>> 1.13 IO::Pipe >>>>> 2.04 Mail::Header >>>>> 1.89 Math::BigInt >>>>> 0.22 Math::BigRat >>>>> 3.08 MIME::Base64 >>>>> 5.427 MIME::Decoder >>>>> 5.427 MIME::Decoder::UU >>>>> 5.427 MIME::Head >>>>> 5.427 MIME::Parser >>>>> 3.08 MIME::QuotedPrint >>>>> 5.427 MIME::Tools >>>>> 0.14 Net::CIDR >>>>> 1.25 Net::IP >>>>> 0.19 OLE::Storage_Lite >>>>> 1.04 Pod::Escapes >>>>> 3.07 Pod::Simple >>>>> 1.17 POSIX >>>>> 1.23 Scalar::Util >>>>> 1.82 Socket >>>>> 2.20 Storable >>>>> 1.4 Sys::Hostname::Long >>>>> 0.27 Sys::Syslog >>>>> 1.26 Test::Pod >>>>> 0.92 Test::Simple >>>>> 1.9719 Time::HiRes >>>>> 1.02 Time::localtime >>>>> >>>>> Optional module versions are: >>>>> 1.52 Archive::Tar >>>>> 0.23 bignum >>>>> missing Business::ISBN >>>>> missing Business::ISBN::Data >>>>> missing Data::Dump >>>>> 1.82 DB_File >>>>> 1.29 DBD::SQLite >>>>> 1.607 DBI >>>>> 1.16 Digest >>>>> 1.01 Digest::HMAC >>>>> 2.39 Digest::MD5 >>>>> 2.12 Digest::SHA1 >>>>> 1.01 Encode::Detect >>>>> 0.17016 Error >>>>> 0.2602 ExtUtils::CBuilder >>>>> 2.2002 ExtUtils::ParseXS >>>>> 2.38 Getopt::Long >>>>> missing Inline >>>>> missing IO::String >>>>> 1.10 IO::Zlib >>>>> 2.27 IP::Country >>>>> missing Mail::ClamAV >>>>> 3.003001 Mail::SpamAssassin >>>>> v2.007 Mail::SPF >>>>> 1.999001 Mail::SPF::Query >>>>> 0.340201 Module::Build >>>>> 0.20 Net::CIDR::Lite >>>>> 0.66 Net::DNS >>>>> v0.003 Net::DNS::Resolver::Programmable >>>>> 0.40 Net::LDAP >>>>> 4.027 NetAddr::IP >>>>> missing Parse::RecDescent >>>>> missing SAVI >>>>> 3.17 Test::Harness >>>>> missing Test::Manifest >>>>> 2.0.0 Text::Balanced >>>>> 1.53 URI >>>>> 0.77 version >>>>> 0.72 YAML >>>>> >>>>> >>>>> Thanks! >>>>> >>>>> El 11/02/11 17:02, Stephen Cox escribi?: >>>>>> Thank you! >>>>>> >>>>>> On 2/11/11, Julian Field wrote: >>>>>>> Folks, >>>>>>> >>>>>>> I have just released a new stable edition of MailScanner, version >>>>>>> 4.82.6. >>>>>>> >>>>>>> This is identical to the recent beta version 4.82.5. >>>>>>> >>>>>>> The main new feature is in filename.rules.conf and >>>>>>> filetype.rules.conf >>>>>>> configuration files. As well as the previous "allow", "deny" and >>>>>>> "deny+delete" instructions in a rule, you can now automatically >>>>>>> rename >>>>>>> attachment filenames using the "rename" and "rename to" instructions >>>>>>> instead of just allowing or denying them. >>>>>>> >>>>>>> When using the new "rename" instruction in a rule, any matching file >>>>>>> will be automatically renamed using the new "Rename Pattern" >>>>>>> setting in >>>>>>> MailScanner.conf. This allows you to add a prefix or a suffix to any >>>>>>> filename. >>>>>>> >>>>>>> When using the new "rename to" instruction in a rule, any matching >>>>>>> file >>>>>>> will be automatically renamed so that the portion of the filename >>>>>>> that >>>>>>> matches the pattern string is replaced with new text. So for >>>>>>> example, >>>>>>> you can rename all *.pps files to *.ppt with the rule >>>>>>> >>>>>>> rename to .ppt \.pps$ Renamed pps to ppt Renamed file >>>>>>> >>>>>>> If you want to be even cleverer, you can use parenthesised >>>>>>> sections of >>>>>>> the match pattern within the replacement text. I'm not quite sure >>>>>>> who >>>>>>> this will be useful to, but I'm sure you will find some clever uses >>>>>>> (you >>>>>>> folks always do!). As a random example, >>>>>>> >>>>>>> rename to Dangerous_$1_$2 ^(.*)\.(exe|com|scr)$ Renamed dangerous >>>>>>> exes Renamed file >>>>>>> >>>>>>> That will rename any file such as "PleaseRunMe.exe" to >>>>>>> "Dangerous_PleaseRunMe_exe" and rename "DodgyScreensaver.scr" to >>>>>>> "Dangerous_DodgyScreensaver_scr" which means the user cannot run it >>>>>>> without renaming it first. >>>>>>> >>>>>>> Cool huh? >>>>>>> >>>>>>> Anyway, you can get it as usual from >>>>>>> >>>>>>> http://www.mailscanner.info >>>>>>> >>>>>>> ========================== >>>>>>> The full Changelog is: >>>>>>> * New Features and Improvements * >>>>>>> 1 In filename.rules.conf and filetype.rules.conf files, as well as >>>>>>> the >>>>>>> previous "allow", "deny", "deny+delete", and email-address types of >>>>>>> rule, >>>>>>> there are now "rename" rules as well. If a filename or filetype >>>>>>> matches >>>>>>> a "rename" rule, the original attachment is left in the message >>>>>>> but is >>>>>>> renamed according to the "Rename Pattern" setting in >>>>>>> MailScanner.conf. >>>>>>> This allows for any prefixes or suffixes you may want to add to the >>>>>>> attachment's filename. >>>>>>> 2 Improved "rename" rules so you can now also specify "rename to >>>>>>> new-text". >>>>>>> If the rule matched an attachment's filename, the text matching the >>>>>>> pattern >>>>>>> for that rule will be replaced with the "new-text" string supplied. >>>>>>> The "to" is optional, but makes it easier to read. >>>>>>> 4 Rules files will be assumed in the MailScanner.conf if the >>>>>>> filename now >>>>>>> ends in ".Rules" as well as ".rules". >>>>>>> 4 Allow deployments with the 'split mail per recipient' setup where >>>>>>> mail >>>>>>> is re-injected from 127.0.0.1 to still whitelist 127.0.0.1 for >>>>>>> releasing >>>>>>> of quarantined messages, while still scanning re-injected mail. >>>>>>> >>>>>>> * Fixes * >>>>>>> 1 AVG scanner command-line arguments typo fixed. >>>>>>> 2 Fixed problem where HTML messages scanned for Phishing would be >>>>>>> truncated >>>>>>> at the start of the first tag if it was never closed properly. >>>>>>> 3 Fixed bug stopping things like "$1" working in the replacement >>>>>>> text of a >>>>>>> "rename to" filename.rules.conf rule. >>>>>>> 4 Fixed permissions of ClamAV temp files to use workperms instead of >>>>>>> 0600. >>>>>>> Thanks to Rick Cooper for this fix! >>>>>>> 4 Fixed problem caused by invalid "Spam List" or "Spam Domain List" >>>>>>> values >>>>>>> appearing in the conf file. Thanks to Steve Freegard for this! >>>>>>> 5 Fixed issue where messages quarantined for being a DoS attack >>>>>>> did not >>>>>>> have their headers quarantined correctly. >>>>>>> >>>>>>> Jules >>>>>>> >>>>>>> -- >>>>>>> Julian Field MEng CITP CEng >>>>>>> www.MailScanner.info >>>>>>> >>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>> Need help customising MailScanner? Contact me! >>>>>>> >>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>>> Follow me at twitter.com/JulesFM >>>>>>> >>>>>>> 'All programs have a desire to be useful' - Tron, 1982 >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> This message has been scanned for viruses and >>>>>>> dangerous content by MailScanner, and is >>>>>>> believed to be clean. >>>>>>> >>>>>>> -- >>>>>>> MailScanner mailing list >>>>>>> mailscanner@lists.mailscanner.info >>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>> >>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>> >>>> Jules >>>> >>> >>> >> >> Jules >> > > -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From MailScanner at ecs.soton.ac.uk Thu Feb 17 10:31:53 2011 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 17 10:32:13 2011 Subject: MailScanner ANNOUNCE: 4.82 stable released In-Reply-To: <4D5C52A3.3020303@hostalia.com> References: <4D554758.1070605@ecs.soton.ac.uk> <4D5C2159.6050507@hostalia.com> <4D5C2677.2040101@ecs.soton.ac.uk> <4D5C2B54.1090800@hostalia.com> <4D5C4782.7070605@ecs.soton.ac.uk> <4D5C4F05.2000604@hostalia.com> <4D5C52A3.3020303@hostalia.com> <4D5CF919.8080407@ecs.soton.ac.uk> Message-ID: I have found the bug, and a proposed fix is attached to this message. It's a tiny patch for /usr/share/MailScanner/MailScanner/Postfix.pm (on Debian) or /usr/lib/MailScanner/MailScanner/Postfix.pm (everywhere else). cd /usr/lib/MailScanner/MailScanner gunzip Postfix.pm.patch.gz patch -p0 < Postfix.pm.patch Or else look at it and apply it by hand (it's only 2 lines). Sorry about that! Jules. On 16/02/2011 22:41, Alvaro Mar?n wrote: > Hi again, > > I forgot to mention this thread with the same error some months ago: > > http://comments.gmane.org/gmane.mail.virus.mailscanner/75443 > > El 16/02/11 23:26, Alvaro Mar?n escribi?: >> Hi, >> >> yes, I've changed Postfix's default queue depth to "2": >> >> hash_queue_depth = 2 >> hash_queue_names = incoming, active, deferred, bounce, defer, flush, >> hold, trace >> >> so messages, for example on the hold queue, are stored as: >> >> /var/spool/postfix/hold/A/F/AFDD42A0009 >> >> Debugging the code of Postfix.pm, I've seen that PostfixKey function >> always returns here: >> >> seek($fh, 0, 0) or return '00000'; >> >> and the value of $fname is just "0E43549800C", the ID, not the complete >> path to the file. >> >> I've deleted from the queue those messages with that .rtf attached and >> it seems that is running fine now. Tomorrow, with more traffic, we'll >> how it runs. >> >> If you install Debian's latest stable version, Squeeze, you'll have Perl >> 5.10.1 and Postfix 2.7. >> I've installed MS from .tar.gz. >> >> Thank you Jules, >> Regards. >> >> El 16/02/11 22:54, Jules Field escribi?: >>> Something has gone very badly wrong. They shouldn't be ".00000" on the >>> end of the directory names, that means it has failed to read the >>> message >>> files altogether. The ".00000" should be a hash of the first few bytes >>> of the message body file. >>> >>> Also the locking has totally failed as the same message ID is >>> showing up >>> in several different MailScanner child processes (the first >>> sub-directory name is the child process PID). >>> >>> This is a real mess. I don't know what you've done, but you've >>> broken it >>> all very badly. >>> >>> Have you messed with the queue hashing depth in Postfix or anything >>> like >>> that? >>> >>> How do I build a Debian box running the same version of Perl and >>> Postfix >>> as you? I've never used Debian. >>> >>> For now, I would try a different version of Perl, a different MTA, or a >>> different Linux distribution that isn't so broken. No-one using the >>> mainstream Linux distros appears to have these problems. >>> >>> Jules. >>> >>> On 16/02/2011 19:53, Alvaro Marin wrote: >>>> Hi Jules, >>>> >>>> I'm using Debian Squeeze's Postfix 2.7.1-1. >>>> >>>> I've changed MessageBatch.pm's code to show with what ID happens and: >>>> >>>> # /opt/MailScanner/bin/MailScanner --debug >>>> ... >>>> ID: C055D2A0015.00000 >>>> CombineReports OK ID: C055D2A0015.00000 >>>> ID: 3CE502A004D.00000 >>>> CombineReports OK ID: 3CE502A004D.00000 >>>> ID: C39622A000A.00000.message >>>> Can't call method "CombineReports" on unblessed reference at >>>> /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 737. >>>> >>>> The difference is that ".message" attached to the ID. >>>> Then, in /var/spool/MailScanner/incoming I do: >>>> >>>> # find . | grep C39622A000A.00000 >>>> ./26092/C39622A000A.00000.header >>>> ./26092/C39622A000A.00000 >>>> ./26092/C39622A000A.00000/nmsg-26092-36.txt >>>> ./26092/C39622A000A.00000/nmsg-26092-37.html >>>> ./26092/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf >>>> ./26092/C39622A000A.00000.message >>>> ./26540/C39622A000A.00000.header >>>> ./26540/C39622A000A.00000 >>>> ./26540/C39622A000A.00000/nmsg-26540-36.txt >>>> ./26540/C39622A000A.00000/nmsg-26540-37.html >>>> ./26540/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf >>>> ./26540/C39622A000A.00000.message >>>> ./26779/C39622A000A.00000.header >>>> ./26779/C39622A000A.00000 >>>> ./26779/C39622A000A.00000/nmsg-26779-37.html >>>> ./26779/C39622A000A.00000/nmsg-26779-36.txt >>>> ./26779/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf >>>> ./26779/C39622A000A.00000.message >>>> ./26803/C39622A000A.00000.header >>>> ... >>>> >>>> The message from that incoming directory, can be downloaded here: >>>> >>>> http://postmaster.hostalia.com/MSerror.tar.gz >>>> >>>> Thank you! >>>> >>>> >>>> El 16/02/11 20:33, Jules Field escribi?: >>>>> What MTA are you using, and if you can reproduce this error >>>>> reliably, I >>>>> would like a copy of your incoming mail queue as well. That error >>>>> should >>>>> never happen. >>>>> >>>>> Is it happening for anyone else? >>>>> >>>>> The only way that can happen is if the "sub new" isn't getting >>>>> called or >>>>> is bailing out early, before the "bless" happens to set the type. >>>>> None >>>>> of the "sub new" functions can exit early, so they must be not being >>>>> called. But in CreateBatch, when they are called, they are always >>>>> called >>>>> before the message is added to the batch. >>>>> >>>>> Some bug in Perl 5.10.1 or a change of behaviour in Perl I don't know >>>>> about? >>>>> It's clearly a change between Perl 5.10.0 and 5.10.1. Does the >>>>> ChangeLog >>>>> for Perl 5.10.1 say anything about it? >>>>> >>>>> On 16/02/2011 19:11, Alvaro Marin wrote: >>>>>> Hi, >>>>>> >>>>>> I was using MS 4.79.11-1 with Debian Lenny (Perl 5.10.0) and I've >>>>>> upgraded to Debian Squeeze with Perl 5.10.1 and now I've this error: >>>>>> >>>>>> >>>>>> # /opt/MailScanner/bin/MailScanner --debug >>>>>> >>>>>> >>>>>> In Debugging mode, not forking... >>>>>> Trying to setlogsock(unix) >>>>>> Building a message batch to scan... >>>>>> Have a batch of 7 messages. >>>>>> Can't call method "CombineReports" on unblessed reference at >>>>>> /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 736. >>>>>> >>>>>> Any idea? :S >>>>>> >>>>>> # /opt/MailScanner/bin/MailScanner -V >>>>>> Running on >>>>>> Linux main0260 2.6.32-5-686-bigmem #1 SMP Wed Jan 12 04:40:25 UTC >>>>>> 2011 >>>>>> i686 GNU/Linux >>>>>> This is Perl version 5.010001 (5.10.1) >>>>>> >>>>>> This is MailScanner version 4.82.6 >>>>>> Module versions are: >>>>>> 1.00 AnyDBM_File >>>>>> 1.30 Archive::Zip >>>>>> 0.23 bignum >>>>>> 1.11 Carp >>>>>> 2.024 Compress::Zlib >>>>>> 1.119 Convert::BinHex >>>>>> 0.17 Convert::TNEF >>>>>> 2.125 Data::Dumper >>>>>> 2.27 Date::Parse >>>>>> 1.03 DirHandle >>>>>> 1.06 Fcntl >>>>>> 2.77 File::Basename >>>>>> 2.14 File::Copy >>>>>> 2.02 FileHandle >>>>>> 2.07_03 File::Path >>>>>> 0.22 File::Temp >>>>>> 0.92 Filesys::Df >>>>>> 3.64 HTML::Entities >>>>>> 3.64 HTML::Parser >>>>>> 3.57 HTML::TokeParser >>>>>> 1.25 IO >>>>>> 1.14 IO::File >>>>>> 1.13 IO::Pipe >>>>>> 2.04 Mail::Header >>>>>> 1.89 Math::BigInt >>>>>> 0.22 Math::BigRat >>>>>> 3.08 MIME::Base64 >>>>>> 5.427 MIME::Decoder >>>>>> 5.427 MIME::Decoder::UU >>>>>> 5.427 MIME::Head >>>>>> 5.427 MIME::Parser >>>>>> 3.08 MIME::QuotedPrint >>>>>> 5.427 MIME::Tools >>>>>> 0.14 Net::CIDR >>>>>> 1.25 Net::IP >>>>>> 0.19 OLE::Storage_Lite >>>>>> 1.04 Pod::Escapes >>>>>> 3.07 Pod::Simple >>>>>> 1.17 POSIX >>>>>> 1.23 Scalar::Util >>>>>> 1.82 Socket >>>>>> 2.20 Storable >>>>>> 1.4 Sys::Hostname::Long >>>>>> 0.27 Sys::Syslog >>>>>> 1.26 Test::Pod >>>>>> 0.92 Test::Simple >>>>>> 1.9719 Time::HiRes >>>>>> 1.02 Time::localtime >>>>>> >>>>>> Optional module versions are: >>>>>> 1.52 Archive::Tar >>>>>> 0.23 bignum >>>>>> missing Business::ISBN >>>>>> missing Business::ISBN::Data >>>>>> missing Data::Dump >>>>>> 1.82 DB_File >>>>>> 1.29 DBD::SQLite >>>>>> 1.607 DBI >>>>>> 1.16 Digest >>>>>> 1.01 Digest::HMAC >>>>>> 2.39 Digest::MD5 >>>>>> 2.12 Digest::SHA1 >>>>>> 1.01 Encode::Detect >>>>>> 0.17016 Error >>>>>> 0.2602 ExtUtils::CBuilder >>>>>> 2.2002 ExtUtils::ParseXS >>>>>> 2.38 Getopt::Long >>>>>> missing Inline >>>>>> missing IO::String >>>>>> 1.10 IO::Zlib >>>>>> 2.27 IP::Country >>>>>> missing Mail::ClamAV >>>>>> 3.003001 Mail::SpamAssassin >>>>>> v2.007 Mail::SPF >>>>>> 1.999001 Mail::SPF::Query >>>>>> 0.340201 Module::Build >>>>>> 0.20 Net::CIDR::Lite >>>>>> 0.66 Net::DNS >>>>>> v0.003 Net::DNS::Resolver::Programmable >>>>>> 0.40 Net::LDAP >>>>>> 4.027 NetAddr::IP >>>>>> missing Parse::RecDescent >>>>>> missing SAVI >>>>>> 3.17 Test::Harness >>>>>> missing Test::Manifest >>>>>> 2.0.0 Text::Balanced >>>>>> 1.53 URI >>>>>> 0.77 version >>>>>> 0.72 YAML >>>>>> >>>>>> >>>>>> Thanks! >>>>>> >>>>>> El 11/02/11 17:02, Stephen Cox escribi?: >>>>>>> Thank you! >>>>>>> >>>>>>> On 2/11/11, Julian Field wrote: >>>>>>>> Folks, >>>>>>>> >>>>>>>> I have just released a new stable edition of MailScanner, version >>>>>>>> 4.82.6. >>>>>>>> >>>>>>>> This is identical to the recent beta version 4.82.5. >>>>>>>> >>>>>>>> The main new feature is in filename.rules.conf and >>>>>>>> filetype.rules.conf >>>>>>>> configuration files. As well as the previous "allow", "deny" and >>>>>>>> "deny+delete" instructions in a rule, you can now automatically >>>>>>>> rename >>>>>>>> attachment filenames using the "rename" and "rename to" >>>>>>>> instructions >>>>>>>> instead of just allowing or denying them. >>>>>>>> >>>>>>>> When using the new "rename" instruction in a rule, any matching >>>>>>>> file >>>>>>>> will be automatically renamed using the new "Rename Pattern" >>>>>>>> setting in >>>>>>>> MailScanner.conf. This allows you to add a prefix or a suffix >>>>>>>> to any >>>>>>>> filename. >>>>>>>> >>>>>>>> When using the new "rename to" instruction in a rule, any matching >>>>>>>> file >>>>>>>> will be automatically renamed so that the portion of the filename >>>>>>>> that >>>>>>>> matches the pattern string is replaced with new text. So for >>>>>>>> example, >>>>>>>> you can rename all *.pps files to *.ppt with the rule >>>>>>>> >>>>>>>> rename to .ppt \.pps$ Renamed pps to ppt Renamed file >>>>>>>> >>>>>>>> If you want to be even cleverer, you can use parenthesised >>>>>>>> sections of >>>>>>>> the match pattern within the replacement text. I'm not quite sure >>>>>>>> who >>>>>>>> this will be useful to, but I'm sure you will find some clever >>>>>>>> uses >>>>>>>> (you >>>>>>>> folks always do!). As a random example, >>>>>>>> >>>>>>>> rename to Dangerous_$1_$2 ^(.*)\.(exe|com|scr)$ Renamed dangerous >>>>>>>> exes Renamed file >>>>>>>> >>>>>>>> That will rename any file such as "PleaseRunMe.exe" to >>>>>>>> "Dangerous_PleaseRunMe_exe" and rename "DodgyScreensaver.scr" to >>>>>>>> "Dangerous_DodgyScreensaver_scr" which means the user cannot >>>>>>>> run it >>>>>>>> without renaming it first. >>>>>>>> >>>>>>>> Cool huh? >>>>>>>> >>>>>>>> Anyway, you can get it as usual from >>>>>>>> >>>>>>>> http://www.mailscanner.info >>>>>>>> >>>>>>>> ========================== >>>>>>>> The full Changelog is: >>>>>>>> * New Features and Improvements * >>>>>>>> 1 In filename.rules.conf and filetype.rules.conf files, as well as >>>>>>>> the >>>>>>>> previous "allow", "deny", "deny+delete", and email-address >>>>>>>> types of >>>>>>>> rule, >>>>>>>> there are now "rename" rules as well. If a filename or filetype >>>>>>>> matches >>>>>>>> a "rename" rule, the original attachment is left in the message >>>>>>>> but is >>>>>>>> renamed according to the "Rename Pattern" setting in >>>>>>>> MailScanner.conf. >>>>>>>> This allows for any prefixes or suffixes you may want to add to >>>>>>>> the >>>>>>>> attachment's filename. >>>>>>>> 2 Improved "rename" rules so you can now also specify "rename to >>>>>>>> new-text". >>>>>>>> If the rule matched an attachment's filename, the text matching >>>>>>>> the >>>>>>>> pattern >>>>>>>> for that rule will be replaced with the "new-text" string >>>>>>>> supplied. >>>>>>>> The "to" is optional, but makes it easier to read. >>>>>>>> 4 Rules files will be assumed in the MailScanner.conf if the >>>>>>>> filename now >>>>>>>> ends in ".Rules" as well as ".rules". >>>>>>>> 4 Allow deployments with the 'split mail per recipient' setup >>>>>>>> where >>>>>>>> mail >>>>>>>> is re-injected from 127.0.0.1 to still whitelist 127.0.0.1 for >>>>>>>> releasing >>>>>>>> of quarantined messages, while still scanning re-injected mail. >>>>>>>> >>>>>>>> * Fixes * >>>>>>>> 1 AVG scanner command-line arguments typo fixed. >>>>>>>> 2 Fixed problem where HTML messages scanned for Phishing would be >>>>>>>> truncated >>>>>>>> at the start of the first tag if it was never closed properly. >>>>>>>> 3 Fixed bug stopping things like "$1" working in the replacement >>>>>>>> text of a >>>>>>>> "rename to" filename.rules.conf rule. >>>>>>>> 4 Fixed permissions of ClamAV temp files to use workperms >>>>>>>> instead of >>>>>>>> 0600. >>>>>>>> Thanks to Rick Cooper for this fix! >>>>>>>> 4 Fixed problem caused by invalid "Spam List" or "Spam Domain >>>>>>>> List" >>>>>>>> values >>>>>>>> appearing in the conf file. Thanks to Steve Freegard for this! >>>>>>>> 5 Fixed issue where messages quarantined for being a DoS attack >>>>>>>> did not >>>>>>>> have their headers quarantined correctly. >>>>>>>> >>>>>>>> Jules >>>>>>>> >>>>>>>> -- >>>>>>>> Julian Field MEng CITP CEng >>>>>>>> www.MailScanner.info >>>>>>>> >>>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>>> Need help customising MailScanner? Contact me! >>>>>>>> >>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>>>> Follow me at twitter.com/JulesFM >>>>>>>> >>>>>>>> 'All programs have a desire to be useful' - Tron, 1982 >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> This message has been scanned for viruses and >>>>>>>> dangerous content by MailScanner, and is >>>>>>>> believed to be clean. >>>>>>>> >>>>>>>> -- >>>>>>>> MailScanner mailing list >>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>> >>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>> >>>>> Jules >>>>> >>>> >>>> >>> >>> Jules >>> >> >> > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: Postfix.pm.patch.gz Type: application/x-gzip Size: 502 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110217/0cf3132d/Postfix.pm.patch.gz From alvaro at hostalia.com Thu Feb 17 10:35:55 2011 From: alvaro at hostalia.com (Alvaro Marin) Date: Thu Feb 17 10:36:02 2011 Subject: MailScanner ANNOUNCE: 4.82 stable released In-Reply-To: <4D5C4F05.2000604@hostalia.com> References: <4D554758.1070605@ecs.soton.ac.uk> <4D5C2159.6050507@hostalia.com> <4D5C2677.2040101@ecs.soton.ac.uk> <4D5C2B54.1090800@hostalia.com> <4D5C4782.7070605@ecs.soton.ac.uk> <4D5C4F05.2000604@hostalia.com> Message-ID: <4D5CFA0B.8070206@hostalia.com> Hi again, with the default Postfix's configuration: hash_queue_depth = 1 the hash of the first bytes is correctly generated and attached to the ID. It can be fixed to use "2" as queue depth? Thanks! El 16/02/11 23:26, Alvaro Mar?n escribi?: > Hi, > > yes, I've changed Postfix's default queue depth to "2": > > hash_queue_depth = 2 > hash_queue_names = incoming, active, deferred, bounce, defer, flush, > hold, trace > > so messages, for example on the hold queue, are stored as: > > /var/spool/postfix/hold/A/F/AFDD42A0009 > > Debugging the code of Postfix.pm, I've seen that PostfixKey function > always returns here: > > seek($fh, 0, 0) or return '00000'; > > and the value of $fname is just "0E43549800C", the ID, not the complete > path to the file. > > I've deleted from the queue those messages with that .rtf attached and > it seems that is running fine now. Tomorrow, with more traffic, we'll > how it runs. > > If you install Debian's latest stable version, Squeeze, you'll have Perl > 5.10.1 and Postfix 2.7. > I've installed MS from .tar.gz. > > Thank you Jules, > Regards. > > El 16/02/11 22:54, Jules Field escribi?: >> Something has gone very badly wrong. They shouldn't be ".00000" on the >> end of the directory names, that means it has failed to read the message >> files altogether. The ".00000" should be a hash of the first few bytes >> of the message body file. >> >> Also the locking has totally failed as the same message ID is showing up >> in several different MailScanner child processes (the first >> sub-directory name is the child process PID). >> >> This is a real mess. I don't know what you've done, but you've broken it >> all very badly. >> >> Have you messed with the queue hashing depth in Postfix or anything like >> that? >> >> How do I build a Debian box running the same version of Perl and Postfix >> as you? I've never used Debian. >> >> For now, I would try a different version of Perl, a different MTA, or a >> different Linux distribution that isn't so broken. No-one using the >> mainstream Linux distros appears to have these problems. >> >> Jules. >> >> On 16/02/2011 19:53, Alvaro Marin wrote: >>> Hi Jules, >>> >>> I'm using Debian Squeeze's Postfix 2.7.1-1. >>> >>> I've changed MessageBatch.pm's code to show with what ID happens and: >>> >>> # /opt/MailScanner/bin/MailScanner --debug >>> ... >>> ID: C055D2A0015.00000 >>> CombineReports OK ID: C055D2A0015.00000 >>> ID: 3CE502A004D.00000 >>> CombineReports OK ID: 3CE502A004D.00000 >>> ID: C39622A000A.00000.message >>> Can't call method "CombineReports" on unblessed reference at >>> /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 737. >>> >>> The difference is that ".message" attached to the ID. >>> Then, in /var/spool/MailScanner/incoming I do: >>> >>> # find . | grep C39622A000A.00000 >>> ./26092/C39622A000A.00000.header >>> ./26092/C39622A000A.00000 >>> ./26092/C39622A000A.00000/nmsg-26092-36.txt >>> ./26092/C39622A000A.00000/nmsg-26092-37.html >>> ./26092/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf >>> ./26092/C39622A000A.00000.message >>> ./26540/C39622A000A.00000.header >>> ./26540/C39622A000A.00000 >>> ./26540/C39622A000A.00000/nmsg-26540-36.txt >>> ./26540/C39622A000A.00000/nmsg-26540-37.html >>> ./26540/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf >>> ./26540/C39622A000A.00000.message >>> ./26779/C39622A000A.00000.header >>> ./26779/C39622A000A.00000 >>> ./26779/C39622A000A.00000/nmsg-26779-37.html >>> ./26779/C39622A000A.00000/nmsg-26779-36.txt >>> ./26779/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf >>> ./26779/C39622A000A.00000.message >>> ./26803/C39622A000A.00000.header >>> ... >>> >>> The message from that incoming directory, can be downloaded here: >>> >>> http://postmaster.hostalia.com/MSerror.tar.gz >>> >>> Thank you! >>> >>> >>> El 16/02/11 20:33, Jules Field escribi?: >>>> What MTA are you using, and if you can reproduce this error reliably, I >>>> would like a copy of your incoming mail queue as well. That error >>>> should >>>> never happen. >>>> >>>> Is it happening for anyone else? >>>> >>>> The only way that can happen is if the "sub new" isn't getting >>>> called or >>>> is bailing out early, before the "bless" happens to set the type. None >>>> of the "sub new" functions can exit early, so they must be not being >>>> called. But in CreateBatch, when they are called, they are always >>>> called >>>> before the message is added to the batch. >>>> >>>> Some bug in Perl 5.10.1 or a change of behaviour in Perl I don't know >>>> about? >>>> It's clearly a change between Perl 5.10.0 and 5.10.1. Does the >>>> ChangeLog >>>> for Perl 5.10.1 say anything about it? >>>> >>>> On 16/02/2011 19:11, Alvaro Marin wrote: >>>>> Hi, >>>>> >>>>> I was using MS 4.79.11-1 with Debian Lenny (Perl 5.10.0) and I've >>>>> upgraded to Debian Squeeze with Perl 5.10.1 and now I've this error: >>>>> >>>>> >>>>> # /opt/MailScanner/bin/MailScanner --debug >>>>> >>>>> >>>>> In Debugging mode, not forking... >>>>> Trying to setlogsock(unix) >>>>> Building a message batch to scan... >>>>> Have a batch of 7 messages. >>>>> Can't call method "CombineReports" on unblessed reference at >>>>> /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 736. >>>>> >>>>> Any idea? :S >>>>> >>>>> # /opt/MailScanner/bin/MailScanner -V >>>>> Running on >>>>> Linux main0260 2.6.32-5-686-bigmem #1 SMP Wed Jan 12 04:40:25 UTC 2011 >>>>> i686 GNU/Linux >>>>> This is Perl version 5.010001 (5.10.1) >>>>> >>>>> This is MailScanner version 4.82.6 >>>>> Module versions are: >>>>> 1.00 AnyDBM_File >>>>> 1.30 Archive::Zip >>>>> 0.23 bignum >>>>> 1.11 Carp >>>>> 2.024 Compress::Zlib >>>>> 1.119 Convert::BinHex >>>>> 0.17 Convert::TNEF >>>>> 2.125 Data::Dumper >>>>> 2.27 Date::Parse >>>>> 1.03 DirHandle >>>>> 1.06 Fcntl >>>>> 2.77 File::Basename >>>>> 2.14 File::Copy >>>>> 2.02 FileHandle >>>>> 2.07_03 File::Path >>>>> 0.22 File::Temp >>>>> 0.92 Filesys::Df >>>>> 3.64 HTML::Entities >>>>> 3.64 HTML::Parser >>>>> 3.57 HTML::TokeParser >>>>> 1.25 IO >>>>> 1.14 IO::File >>>>> 1.13 IO::Pipe >>>>> 2.04 Mail::Header >>>>> 1.89 Math::BigInt >>>>> 0.22 Math::BigRat >>>>> 3.08 MIME::Base64 >>>>> 5.427 MIME::Decoder >>>>> 5.427 MIME::Decoder::UU >>>>> 5.427 MIME::Head >>>>> 5.427 MIME::Parser >>>>> 3.08 MIME::QuotedPrint >>>>> 5.427 MIME::Tools >>>>> 0.14 Net::CIDR >>>>> 1.25 Net::IP >>>>> 0.19 OLE::Storage_Lite >>>>> 1.04 Pod::Escapes >>>>> 3.07 Pod::Simple >>>>> 1.17 POSIX >>>>> 1.23 Scalar::Util >>>>> 1.82 Socket >>>>> 2.20 Storable >>>>> 1.4 Sys::Hostname::Long >>>>> 0.27 Sys::Syslog >>>>> 1.26 Test::Pod >>>>> 0.92 Test::Simple >>>>> 1.9719 Time::HiRes >>>>> 1.02 Time::localtime >>>>> >>>>> Optional module versions are: >>>>> 1.52 Archive::Tar >>>>> 0.23 bignum >>>>> missing Business::ISBN >>>>> missing Business::ISBN::Data >>>>> missing Data::Dump >>>>> 1.82 DB_File >>>>> 1.29 DBD::SQLite >>>>> 1.607 DBI >>>>> 1.16 Digest >>>>> 1.01 Digest::HMAC >>>>> 2.39 Digest::MD5 >>>>> 2.12 Digest::SHA1 >>>>> 1.01 Encode::Detect >>>>> 0.17016 Error >>>>> 0.2602 ExtUtils::CBuilder >>>>> 2.2002 ExtUtils::ParseXS >>>>> 2.38 Getopt::Long >>>>> missing Inline >>>>> missing IO::String >>>>> 1.10 IO::Zlib >>>>> 2.27 IP::Country >>>>> missing Mail::ClamAV >>>>> 3.003001 Mail::SpamAssassin >>>>> v2.007 Mail::SPF >>>>> 1.999001 Mail::SPF::Query >>>>> 0.340201 Module::Build >>>>> 0.20 Net::CIDR::Lite >>>>> 0.66 Net::DNS >>>>> v0.003 Net::DNS::Resolver::Programmable >>>>> 0.40 Net::LDAP >>>>> 4.027 NetAddr::IP >>>>> missing Parse::RecDescent >>>>> missing SAVI >>>>> 3.17 Test::Harness >>>>> missing Test::Manifest >>>>> 2.0.0 Text::Balanced >>>>> 1.53 URI >>>>> 0.77 version >>>>> 0.72 YAML >>>>> >>>>> >>>>> Thanks! >>>>> >>>>> El 11/02/11 17:02, Stephen Cox escribi?: >>>>>> Thank you! >>>>>> >>>>>> On 2/11/11, Julian Field wrote: >>>>>>> Folks, >>>>>>> >>>>>>> I have just released a new stable edition of MailScanner, version >>>>>>> 4.82.6. >>>>>>> >>>>>>> This is identical to the recent beta version 4.82.5. >>>>>>> >>>>>>> The main new feature is in filename.rules.conf and >>>>>>> filetype.rules.conf >>>>>>> configuration files. As well as the previous "allow", "deny" and >>>>>>> "deny+delete" instructions in a rule, you can now automatically >>>>>>> rename >>>>>>> attachment filenames using the "rename" and "rename to" instructions >>>>>>> instead of just allowing or denying them. >>>>>>> >>>>>>> When using the new "rename" instruction in a rule, any matching file >>>>>>> will be automatically renamed using the new "Rename Pattern" >>>>>>> setting in >>>>>>> MailScanner.conf. This allows you to add a prefix or a suffix to any >>>>>>> filename. >>>>>>> >>>>>>> When using the new "rename to" instruction in a rule, any matching >>>>>>> file >>>>>>> will be automatically renamed so that the portion of the filename >>>>>>> that >>>>>>> matches the pattern string is replaced with new text. So for >>>>>>> example, >>>>>>> you can rename all *.pps files to *.ppt with the rule >>>>>>> >>>>>>> rename to .ppt \.pps$ Renamed pps to ppt Renamed file >>>>>>> >>>>>>> If you want to be even cleverer, you can use parenthesised >>>>>>> sections of >>>>>>> the match pattern within the replacement text. I'm not quite sure >>>>>>> who >>>>>>> this will be useful to, but I'm sure you will find some clever uses >>>>>>> (you >>>>>>> folks always do!). As a random example, >>>>>>> >>>>>>> rename to Dangerous_$1_$2 ^(.*)\.(exe|com|scr)$ Renamed dangerous >>>>>>> exes Renamed file >>>>>>> >>>>>>> That will rename any file such as "PleaseRunMe.exe" to >>>>>>> "Dangerous_PleaseRunMe_exe" and rename "DodgyScreensaver.scr" to >>>>>>> "Dangerous_DodgyScreensaver_scr" which means the user cannot run it >>>>>>> without renaming it first. >>>>>>> >>>>>>> Cool huh? >>>>>>> >>>>>>> Anyway, you can get it as usual from >>>>>>> >>>>>>> http://www.mailscanner.info >>>>>>> >>>>>>> ========================== >>>>>>> The full Changelog is: >>>>>>> * New Features and Improvements * >>>>>>> 1 In filename.rules.conf and filetype.rules.conf files, as well as >>>>>>> the >>>>>>> previous "allow", "deny", "deny+delete", and email-address types of >>>>>>> rule, >>>>>>> there are now "rename" rules as well. If a filename or filetype >>>>>>> matches >>>>>>> a "rename" rule, the original attachment is left in the message >>>>>>> but is >>>>>>> renamed according to the "Rename Pattern" setting in >>>>>>> MailScanner.conf. >>>>>>> This allows for any prefixes or suffixes you may want to add to the >>>>>>> attachment's filename. >>>>>>> 2 Improved "rename" rules so you can now also specify "rename to >>>>>>> new-text". >>>>>>> If the rule matched an attachment's filename, the text matching the >>>>>>> pattern >>>>>>> for that rule will be replaced with the "new-text" string supplied. >>>>>>> The "to" is optional, but makes it easier to read. >>>>>>> 4 Rules files will be assumed in the MailScanner.conf if the >>>>>>> filename now >>>>>>> ends in ".Rules" as well as ".rules". >>>>>>> 4 Allow deployments with the 'split mail per recipient' setup where >>>>>>> mail >>>>>>> is re-injected from 127.0.0.1 to still whitelist 127.0.0.1 for >>>>>>> releasing >>>>>>> of quarantined messages, while still scanning re-injected mail. >>>>>>> >>>>>>> * Fixes * >>>>>>> 1 AVG scanner command-line arguments typo fixed. >>>>>>> 2 Fixed problem where HTML messages scanned for Phishing would be >>>>>>> truncated >>>>>>> at the start of the first tag if it was never closed properly. >>>>>>> 3 Fixed bug stopping things like "$1" working in the replacement >>>>>>> text of a >>>>>>> "rename to" filename.rules.conf rule. >>>>>>> 4 Fixed permissions of ClamAV temp files to use workperms instead of >>>>>>> 0600. >>>>>>> Thanks to Rick Cooper for this fix! >>>>>>> 4 Fixed problem caused by invalid "Spam List" or "Spam Domain List" >>>>>>> values >>>>>>> appearing in the conf file. Thanks to Steve Freegard for this! >>>>>>> 5 Fixed issue where messages quarantined for being a DoS attack >>>>>>> did not >>>>>>> have their headers quarantined correctly. >>>>>>> >>>>>>> Jules >>>>>>> >>>>>>> -- >>>>>>> Julian Field MEng CITP CEng >>>>>>> www.MailScanner.info >>>>>>> >>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>> Need help customising MailScanner? Contact me! >>>>>>> >>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>>> Follow me at twitter.com/JulesFM >>>>>>> >>>>>>> 'All programs have a desire to be useful' - Tron, 1982 >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> This message has been scanned for viruses and >>>>>>> dangerous content by MailScanner, and is >>>>>>> believed to be clean. >>>>>>> >>>>>>> -- >>>>>>> MailScanner mailing list >>>>>>> mailscanner@lists.mailscanner.info >>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>> >>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>> >>>> Jules >>>> >>> >>> >> >> Jules >> > > -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From alvaro at hostalia.com Thu Feb 17 10:45:51 2011 From: alvaro at hostalia.com (Alvaro Marin) Date: Thu Feb 17 10:45:58 2011 Subject: MailScanner ANNOUNCE: 4.82 stable released In-Reply-To: References: <4D554758.1070605@ecs.soton.ac.uk> <4D5C2159.6050507@hostalia.com> <4D5C2677.2040101@ecs.soton.ac.uk> <4D5C2B54.1090800@hostalia.com> <4D5C4782.7070605@ecs.soton.ac.uk> <4D5C4F05.2000604@hostalia.com> <4D5C52A3.3020303@hostalia.com> <4D5CF919.8080407@ecs.soton.ac.uk> Message-ID: <4D5CFC5F.3000903@hostalia.com> Hi, I've applied the patch and now the IDs are generated ok: 1C9385EA8B7.A8402 703D55EA8B5.A923E ... thank you very much! El 17/02/11 11:31, Julian Field escribi?: > I have found the bug, and a proposed fix is attached to this message. > It's a tiny patch for /usr/share/MailScanner/MailScanner/Postfix.pm (on > Debian) or /usr/lib/MailScanner/MailScanner/Postfix.pm (everywhere else). > > cd /usr/lib/MailScanner/MailScanner > gunzip Postfix.pm.patch.gz > patch -p0 < Postfix.pm.patch > > Or else look at it and apply it by hand (it's only 2 lines). > > Sorry about that! > Jules. > > On 16/02/2011 22:41, Alvaro Mar?n wrote: >> Hi again, >> >> I forgot to mention this thread with the same error some months ago: >> >> http://comments.gmane.org/gmane.mail.virus.mailscanner/75443 >> >> El 16/02/11 23:26, Alvaro Mar?n escribi?: >>> Hi, >>> >>> yes, I've changed Postfix's default queue depth to "2": >>> >>> hash_queue_depth = 2 >>> hash_queue_names = incoming, active, deferred, bounce, defer, flush, >>> hold, trace >>> >>> so messages, for example on the hold queue, are stored as: >>> >>> /var/spool/postfix/hold/A/F/AFDD42A0009 >>> >>> Debugging the code of Postfix.pm, I've seen that PostfixKey function >>> always returns here: >>> >>> seek($fh, 0, 0) or return '00000'; >>> >>> and the value of $fname is just "0E43549800C", the ID, not the complete >>> path to the file. >>> >>> I've deleted from the queue those messages with that .rtf attached and >>> it seems that is running fine now. Tomorrow, with more traffic, we'll >>> how it runs. >>> >>> If you install Debian's latest stable version, Squeeze, you'll have Perl >>> 5.10.1 and Postfix 2.7. >>> I've installed MS from .tar.gz. >>> >>> Thank you Jules, >>> Regards. >>> >>> El 16/02/11 22:54, Jules Field escribi?: >>>> Something has gone very badly wrong. They shouldn't be ".00000" on the >>>> end of the directory names, that means it has failed to read the >>>> message >>>> files altogether. The ".00000" should be a hash of the first few bytes >>>> of the message body file. >>>> >>>> Also the locking has totally failed as the same message ID is >>>> showing up >>>> in several different MailScanner child processes (the first >>>> sub-directory name is the child process PID). >>>> >>>> This is a real mess. I don't know what you've done, but you've >>>> broken it >>>> all very badly. >>>> >>>> Have you messed with the queue hashing depth in Postfix or anything >>>> like >>>> that? >>>> >>>> How do I build a Debian box running the same version of Perl and >>>> Postfix >>>> as you? I've never used Debian. >>>> >>>> For now, I would try a different version of Perl, a different MTA, or a >>>> different Linux distribution that isn't so broken. No-one using the >>>> mainstream Linux distros appears to have these problems. >>>> >>>> Jules. >>>> >>>> On 16/02/2011 19:53, Alvaro Marin wrote: >>>>> Hi Jules, >>>>> >>>>> I'm using Debian Squeeze's Postfix 2.7.1-1. >>>>> >>>>> I've changed MessageBatch.pm's code to show with what ID happens and: >>>>> >>>>> # /opt/MailScanner/bin/MailScanner --debug >>>>> ... >>>>> ID: C055D2A0015.00000 >>>>> CombineReports OK ID: C055D2A0015.00000 >>>>> ID: 3CE502A004D.00000 >>>>> CombineReports OK ID: 3CE502A004D.00000 >>>>> ID: C39622A000A.00000.message >>>>> Can't call method "CombineReports" on unblessed reference at >>>>> /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 737. >>>>> >>>>> The difference is that ".message" attached to the ID. >>>>> Then, in /var/spool/MailScanner/incoming I do: >>>>> >>>>> # find . | grep C39622A000A.00000 >>>>> ./26092/C39622A000A.00000.header >>>>> ./26092/C39622A000A.00000 >>>>> ./26092/C39622A000A.00000/nmsg-26092-36.txt >>>>> ./26092/C39622A000A.00000/nmsg-26092-37.html >>>>> ./26092/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf >>>>> ./26092/C39622A000A.00000.message >>>>> ./26540/C39622A000A.00000.header >>>>> ./26540/C39622A000A.00000 >>>>> ./26540/C39622A000A.00000/nmsg-26540-36.txt >>>>> ./26540/C39622A000A.00000/nmsg-26540-37.html >>>>> ./26540/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf >>>>> ./26540/C39622A000A.00000.message >>>>> ./26779/C39622A000A.00000.header >>>>> ./26779/C39622A000A.00000 >>>>> ./26779/C39622A000A.00000/nmsg-26779-37.html >>>>> ./26779/C39622A000A.00000/nmsg-26779-36.txt >>>>> ./26779/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf >>>>> ./26779/C39622A000A.00000.message >>>>> ./26803/C39622A000A.00000.header >>>>> ... >>>>> >>>>> The message from that incoming directory, can be downloaded here: >>>>> >>>>> http://postmaster.hostalia.com/MSerror.tar.gz >>>>> >>>>> Thank you! >>>>> >>>>> >>>>> El 16/02/11 20:33, Jules Field escribi?: >>>>>> What MTA are you using, and if you can reproduce this error >>>>>> reliably, I >>>>>> would like a copy of your incoming mail queue as well. That error >>>>>> should >>>>>> never happen. >>>>>> >>>>>> Is it happening for anyone else? >>>>>> >>>>>> The only way that can happen is if the "sub new" isn't getting >>>>>> called or >>>>>> is bailing out early, before the "bless" happens to set the type. >>>>>> None >>>>>> of the "sub new" functions can exit early, so they must be not being >>>>>> called. But in CreateBatch, when they are called, they are always >>>>>> called >>>>>> before the message is added to the batch. >>>>>> >>>>>> Some bug in Perl 5.10.1 or a change of behaviour in Perl I don't know >>>>>> about? >>>>>> It's clearly a change between Perl 5.10.0 and 5.10.1. Does the >>>>>> ChangeLog >>>>>> for Perl 5.10.1 say anything about it? >>>>>> >>>>>> On 16/02/2011 19:11, Alvaro Marin wrote: >>>>>>> Hi, >>>>>>> >>>>>>> I was using MS 4.79.11-1 with Debian Lenny (Perl 5.10.0) and I've >>>>>>> upgraded to Debian Squeeze with Perl 5.10.1 and now I've this error: >>>>>>> >>>>>>> >>>>>>> # /opt/MailScanner/bin/MailScanner --debug >>>>>>> >>>>>>> >>>>>>> In Debugging mode, not forking... >>>>>>> Trying to setlogsock(unix) >>>>>>> Building a message batch to scan... >>>>>>> Have a batch of 7 messages. >>>>>>> Can't call method "CombineReports" on unblessed reference at >>>>>>> /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 736. >>>>>>> >>>>>>> Any idea? :S >>>>>>> >>>>>>> # /opt/MailScanner/bin/MailScanner -V >>>>>>> Running on >>>>>>> Linux main0260 2.6.32-5-686-bigmem #1 SMP Wed Jan 12 04:40:25 UTC >>>>>>> 2011 >>>>>>> i686 GNU/Linux >>>>>>> This is Perl version 5.010001 (5.10.1) >>>>>>> >>>>>>> This is MailScanner version 4.82.6 >>>>>>> Module versions are: >>>>>>> 1.00 AnyDBM_File >>>>>>> 1.30 Archive::Zip >>>>>>> 0.23 bignum >>>>>>> 1.11 Carp >>>>>>> 2.024 Compress::Zlib >>>>>>> 1.119 Convert::BinHex >>>>>>> 0.17 Convert::TNEF >>>>>>> 2.125 Data::Dumper >>>>>>> 2.27 Date::Parse >>>>>>> 1.03 DirHandle >>>>>>> 1.06 Fcntl >>>>>>> 2.77 File::Basename >>>>>>> 2.14 File::Copy >>>>>>> 2.02 FileHandle >>>>>>> 2.07_03 File::Path >>>>>>> 0.22 File::Temp >>>>>>> 0.92 Filesys::Df >>>>>>> 3.64 HTML::Entities >>>>>>> 3.64 HTML::Parser >>>>>>> 3.57 HTML::TokeParser >>>>>>> 1.25 IO >>>>>>> 1.14 IO::File >>>>>>> 1.13 IO::Pipe >>>>>>> 2.04 Mail::Header >>>>>>> 1.89 Math::BigInt >>>>>>> 0.22 Math::BigRat >>>>>>> 3.08 MIME::Base64 >>>>>>> 5.427 MIME::Decoder >>>>>>> 5.427 MIME::Decoder::UU >>>>>>> 5.427 MIME::Head >>>>>>> 5.427 MIME::Parser >>>>>>> 3.08 MIME::QuotedPrint >>>>>>> 5.427 MIME::Tools >>>>>>> 0.14 Net::CIDR >>>>>>> 1.25 Net::IP >>>>>>> 0.19 OLE::Storage_Lite >>>>>>> 1.04 Pod::Escapes >>>>>>> 3.07 Pod::Simple >>>>>>> 1.17 POSIX >>>>>>> 1.23 Scalar::Util >>>>>>> 1.82 Socket >>>>>>> 2.20 Storable >>>>>>> 1.4 Sys::Hostname::Long >>>>>>> 0.27 Sys::Syslog >>>>>>> 1.26 Test::Pod >>>>>>> 0.92 Test::Simple >>>>>>> 1.9719 Time::HiRes >>>>>>> 1.02 Time::localtime >>>>>>> >>>>>>> Optional module versions are: >>>>>>> 1.52 Archive::Tar >>>>>>> 0.23 bignum >>>>>>> missing Business::ISBN >>>>>>> missing Business::ISBN::Data >>>>>>> missing Data::Dump >>>>>>> 1.82 DB_File >>>>>>> 1.29 DBD::SQLite >>>>>>> 1.607 DBI >>>>>>> 1.16 Digest >>>>>>> 1.01 Digest::HMAC >>>>>>> 2.39 Digest::MD5 >>>>>>> 2.12 Digest::SHA1 >>>>>>> 1.01 Encode::Detect >>>>>>> 0.17016 Error >>>>>>> 0.2602 ExtUtils::CBuilder >>>>>>> 2.2002 ExtUtils::ParseXS >>>>>>> 2.38 Getopt::Long >>>>>>> missing Inline >>>>>>> missing IO::String >>>>>>> 1.10 IO::Zlib >>>>>>> 2.27 IP::Country >>>>>>> missing Mail::ClamAV >>>>>>> 3.003001 Mail::SpamAssassin >>>>>>> v2.007 Mail::SPF >>>>>>> 1.999001 Mail::SPF::Query >>>>>>> 0.340201 Module::Build >>>>>>> 0.20 Net::CIDR::Lite >>>>>>> 0.66 Net::DNS >>>>>>> v0.003 Net::DNS::Resolver::Programmable >>>>>>> 0.40 Net::LDAP >>>>>>> 4.027 NetAddr::IP >>>>>>> missing Parse::RecDescent >>>>>>> missing SAVI >>>>>>> 3.17 Test::Harness >>>>>>> missing Test::Manifest >>>>>>> 2.0.0 Text::Balanced >>>>>>> 1.53 URI >>>>>>> 0.77 version >>>>>>> 0.72 YAML >>>>>>> >>>>>>> >>>>>>> Thanks! >>>>>>> >>>>>>> El 11/02/11 17:02, Stephen Cox escribi?: >>>>>>>> Thank you! >>>>>>>> >>>>>>>> On 2/11/11, Julian Field wrote: >>>>>>>>> Folks, >>>>>>>>> >>>>>>>>> I have just released a new stable edition of MailScanner, version >>>>>>>>> 4.82.6. >>>>>>>>> >>>>>>>>> This is identical to the recent beta version 4.82.5. >>>>>>>>> >>>>>>>>> The main new feature is in filename.rules.conf and >>>>>>>>> filetype.rules.conf >>>>>>>>> configuration files. As well as the previous "allow", "deny" and >>>>>>>>> "deny+delete" instructions in a rule, you can now automatically >>>>>>>>> rename >>>>>>>>> attachment filenames using the "rename" and "rename to" >>>>>>>>> instructions >>>>>>>>> instead of just allowing or denying them. >>>>>>>>> >>>>>>>>> When using the new "rename" instruction in a rule, any matching >>>>>>>>> file >>>>>>>>> will be automatically renamed using the new "Rename Pattern" >>>>>>>>> setting in >>>>>>>>> MailScanner.conf. This allows you to add a prefix or a suffix >>>>>>>>> to any >>>>>>>>> filename. >>>>>>>>> >>>>>>>>> When using the new "rename to" instruction in a rule, any matching >>>>>>>>> file >>>>>>>>> will be automatically renamed so that the portion of the filename >>>>>>>>> that >>>>>>>>> matches the pattern string is replaced with new text. So for >>>>>>>>> example, >>>>>>>>> you can rename all *.pps files to *.ppt with the rule >>>>>>>>> >>>>>>>>> rename to .ppt \.pps$ Renamed pps to ppt Renamed file >>>>>>>>> >>>>>>>>> If you want to be even cleverer, you can use parenthesised >>>>>>>>> sections of >>>>>>>>> the match pattern within the replacement text. I'm not quite sure >>>>>>>>> who >>>>>>>>> this will be useful to, but I'm sure you will find some clever >>>>>>>>> uses >>>>>>>>> (you >>>>>>>>> folks always do!). As a random example, >>>>>>>>> >>>>>>>>> rename to Dangerous_$1_$2 ^(.*)\.(exe|com|scr)$ Renamed dangerous >>>>>>>>> exes Renamed file >>>>>>>>> >>>>>>>>> That will rename any file such as "PleaseRunMe.exe" to >>>>>>>>> "Dangerous_PleaseRunMe_exe" and rename "DodgyScreensaver.scr" to >>>>>>>>> "Dangerous_DodgyScreensaver_scr" which means the user cannot >>>>>>>>> run it >>>>>>>>> without renaming it first. >>>>>>>>> >>>>>>>>> Cool huh? >>>>>>>>> >>>>>>>>> Anyway, you can get it as usual from >>>>>>>>> >>>>>>>>> http://www.mailscanner.info >>>>>>>>> >>>>>>>>> ========================== >>>>>>>>> The full Changelog is: >>>>>>>>> * New Features and Improvements * >>>>>>>>> 1 In filename.rules.conf and filetype.rules.conf files, as well as >>>>>>>>> the >>>>>>>>> previous "allow", "deny", "deny+delete", and email-address >>>>>>>>> types of >>>>>>>>> rule, >>>>>>>>> there are now "rename" rules as well. If a filename or filetype >>>>>>>>> matches >>>>>>>>> a "rename" rule, the original attachment is left in the message >>>>>>>>> but is >>>>>>>>> renamed according to the "Rename Pattern" setting in >>>>>>>>> MailScanner.conf. >>>>>>>>> This allows for any prefixes or suffixes you may want to add to >>>>>>>>> the >>>>>>>>> attachment's filename. >>>>>>>>> 2 Improved "rename" rules so you can now also specify "rename to >>>>>>>>> new-text". >>>>>>>>> If the rule matched an attachment's filename, the text matching >>>>>>>>> the >>>>>>>>> pattern >>>>>>>>> for that rule will be replaced with the "new-text" string >>>>>>>>> supplied. >>>>>>>>> The "to" is optional, but makes it easier to read. >>>>>>>>> 4 Rules files will be assumed in the MailScanner.conf if the >>>>>>>>> filename now >>>>>>>>> ends in ".Rules" as well as ".rules". >>>>>>>>> 4 Allow deployments with the 'split mail per recipient' setup >>>>>>>>> where >>>>>>>>> mail >>>>>>>>> is re-injected from 127.0.0.1 to still whitelist 127.0.0.1 for >>>>>>>>> releasing >>>>>>>>> of quarantined messages, while still scanning re-injected mail. >>>>>>>>> >>>>>>>>> * Fixes * >>>>>>>>> 1 AVG scanner command-line arguments typo fixed. >>>>>>>>> 2 Fixed problem where HTML messages scanned for Phishing would be >>>>>>>>> truncated >>>>>>>>> at the start of the first tag if it was never closed properly. >>>>>>>>> 3 Fixed bug stopping things like "$1" working in the replacement >>>>>>>>> text of a >>>>>>>>> "rename to" filename.rules.conf rule. >>>>>>>>> 4 Fixed permissions of ClamAV temp files to use workperms >>>>>>>>> instead of >>>>>>>>> 0600. >>>>>>>>> Thanks to Rick Cooper for this fix! >>>>>>>>> 4 Fixed problem caused by invalid "Spam List" or "Spam Domain >>>>>>>>> List" >>>>>>>>> values >>>>>>>>> appearing in the conf file. Thanks to Steve Freegard for this! >>>>>>>>> 5 Fixed issue where messages quarantined for being a DoS attack >>>>>>>>> did not >>>>>>>>> have their headers quarantined correctly. >>>>>>>>> >>>>>>>>> Jules >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Julian Field MEng CITP CEng >>>>>>>>> www.MailScanner.info >>>>>>>>> >>>>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>>>> Need help customising MailScanner? Contact me! >>>>>>>>> >>>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>>>>> Follow me at twitter.com/JulesFM >>>>>>>>> >>>>>>>>> 'All programs have a desire to be useful' - Tron, 1982 >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> This message has been scanned for viruses and >>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>> believed to be clean. >>>>>>>>> >>>>>>>>> -- >>>>>>>>> MailScanner mailing list >>>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>>> >>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>>> >>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> Jules >>>>>> >>>>> >>>>> >>>> >>>> Jules >>>> >>> >>> >> >> > > Jules > -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From markus at markusoft.se Thu Feb 17 10:52:03 2011 From: markus at markusoft.se (Markus Nilsson) Date: Thu Feb 17 10:52:21 2011 Subject: Maybe one more Postfix.pm fix...? Message-ID: <29810484.450.1297939921776.JavaMail.markus@cronlabworkstation0> Hi Jules! Thanks for the patch! While you are digging in the Postfix.pm; any chance that you might want to revisit an old suggestion? :) The Postfix.pm code does not update the size field in the queue file, when the size has been changed for some reason (e.g., removal of an attachment). For us this gives us problems when removing large attachments on outgoing mails, because the receiving mail server will block it due to the reported size being too big; even though the mail itself actually is smaller. I have added the following code to the sub PreDataString (The $message->{rewriteCHeader} is set by my custom function that strips attachments, the size field is also set by the attachment stripper.) foreach (@{$message->{metadata}}) { /^(.)(.*)$/; ($type, $data) = ($1, $2); $TimestampFound++ if $type eq 'T'; # Must only ever have 1 timestamp ############################################################################################## #Added Code # ############################################################################################## if($type eq 'C' and $message->{rewriteCHeader} eq 'y') { if ($data =~ m/(\D+)\d+(\D+\d+\D+\d+\D+\d+\D+)\d+/) { $data = "" . $1 . $message->{size} . $2 . $message->{size}; } } ############################################################################################## Best Regards Markus Nilsson -- This message has been scanned for viruses and dangerous content by CronLab (www.cronlab.com), and is believed to be clean. From prandal at herefordshire.gov.uk Thu Feb 17 11:36:04 2011 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Feb 17 11:36:22 2011 Subject: ScamNailer no longer updating Message-ID: <7CA580B59C1ABD45B4614ED90D4C7B852FA36AD2@HC-EXMBX01.herefordshire.gov.uk> Hi folks, We can no longer resolve www.mailscanner.tv here and so ScamNailer updates are failing. Anyone else seeing the same problem? Cheers, Phil -- Phil Randal | Infrastructure Engineer NHS Herefordshire & Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110217/2f3bdaaa/attachment.html From lmachite at dir.iai.int Thu Feb 17 12:03:32 2011 From: lmachite at dir.iai.int (Luis Marcelo Achite) Date: Thu Feb 17 12:04:01 2011 Subject: email folder is getting corrupted after Mailscan check Message-ID: <4D5D0E94.70804@dir.iai.int> Hi, Something strange is happening here. An email folder from one of my users is getting corrupted after a mailscanner scan. I can see from the sendmail log the following: ############## Feb 16 20:25:29 iaibr1 sm-mta-mailscanner[19563]: from= Feb 16 20:25:31 iaibr1 MailScanner[12968]: Message p1GMPRnR019563 from 208.42.190.242 (info114@service.govdelivery.com) to dir.iai.int is not spam Feb 16 20:25:31 iaibr1 MailScanner[12968]: Spam Checks completed at 9156 bytes per second Feb 16 20:25:31 iaibr1 MailScanner[12968]: Content Checks: Detected and have disarmed web bug tags in HTML message in p1GMPRnR019563 from info114@service.govdelivery.com Feb 16 20:25:31 iaibr1 sendmail[19575]: to=, stat=Sent ############## Exactly after the disarming process, the folder gets corrupted. This problem is happening once a day for the same user and the corruption happens with different email senders. When looking on the user folder, I see that the message is incomplete and looks like Mailscanner didnt close that message. I need to delete the corrupted message from the user folder to have the service backing work. Can someone inform me why this is happening. Thanks in advance. Regards. Marcelo ############################################################### Luis Marcelo Achite, MSc Information Technology Manager Inter-American Institute for Global Change Research - IAI Avenida dos Astronautas, 1758, Jardim da Granja 12227-010 Sao Jose dos Campos - Sao Paulo - Brazil Phone: (55-12) 3208-6868 Fax: (55-12) 3941-4410 e-mail : lmachite@dir.iai.int Skype: lmachite Twitter: @lmachite Facebook: http://www.facebook.com/lmachite ############################################################### -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 17 12:12:04 2011 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 17 12:12:28 2011 Subject: email folder is getting corrupted after Mailscan check In-Reply-To: <4D5D0E94.70804@dir.iai.int> References: <4D5D0E94.70804@dir.iai.int> <4D5D1094.9080004@ecs.soton.ac.uk> Message-ID: For starters, what version of MailScanner are you using, what OS and distro, what MTA and so on? On 17/02/2011 12:03, Luis Marcelo Achite wrote: > Hi, > > Something strange is happening here. An email folder from one of my > users is getting corrupted after a mailscanner scan. I can see from > the sendmail log the following: > > ############## > Feb 16 20:25:29 iaibr1 sm-mta-mailscanner[19563]: > from= > > Feb 16 20:25:31 iaibr1 MailScanner[12968]: Message p1GMPRnR019563 from > 208.42.190.242 (info114@service.govdelivery.com) to dir.iai.int is not > spam > > Feb 16 20:25:31 iaibr1 MailScanner[12968]: Spam Checks completed at > 9156 bytes per second > > Feb 16 20:25:31 iaibr1 MailScanner[12968]: Content Checks: Detected > and have disarmed web bug tags in HTML message in p1GMPRnR019563 from > info114@service.govdelivery.com > > Feb 16 20:25:31 iaibr1 sendmail[19575]: > to=, stat=Sent > ############## > > Exactly after the disarming process, the folder gets corrupted. This > problem is happening once a day for the same user and the corruption > happens with different email senders. When looking on the user folder, > I see that the message is incomplete and looks like Mailscanner didnt > close that message. I need to delete the corrupted message from the > user folder to have the service backing work. > > Can someone inform me why this is happening. > > Thanks in advance. > > Regards. > > Marcelo > > ############################################################### > Luis Marcelo Achite, MSc > Information Technology Manager > Inter-American Institute for Global Change Research - IAI > Avenida dos Astronautas, 1758, Jardim da Granja > 12227-010 Sao Jose dos Campos - Sao Paulo - Brazil > Phone: (55-12) 3208-6868 Fax: (55-12) 3941-4410 > e-mail : lmachite@dir.iai.int > Skype: lmachite > Twitter: @lmachite > Facebook: http://www.facebook.com/lmachite > ############################################################### > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martelm at quark.vsc.edu Thu Feb 17 12:15:34 2011 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Thu Feb 17 12:16:13 2011 Subject: email folder is getting corrupted after Mailscan check In-Reply-To: <4D5D0E94.70804@dir.iai.int> References: <4D5D0E94.70804@dir.iai.int> Message-ID: --On February 17, 2011 10:03:32 AM -0200 Luis Marcelo Achite wrote: > Something strange is happening here. An email folder from one of my users > is getting corrupted after a mailscanner scan. I can see from the > sendmail log the following: I'm no expert, but my gut tells me it's not mailscanner, but your local delivery agent. Are you or this user using procmail to filter mail in to folders ? If so, is the rule for that folder correct and using locking ? If you're not using procmail for delivery then you can ignore this. Though it might be helpfull to know what version of *nix you're running and what version of MailScanner (MailScanner -v should give a good bit of info). hope this helps somewhat! Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From lmachite at dir.iai.int Thu Feb 17 12:22:31 2011 From: lmachite at dir.iai.int (Luis Marcelo Achite) Date: Thu Feb 17 12:22:58 2011 Subject: email folder is getting corrupted after Mailscan check In-Reply-To: References: <4D5D0E94.70804@dir.iai.int> <4D5D1094.9080004@ecs.soton.ac.uk> Message-ID: <4D5D1307.8000402@dir.iai.int> Em 17/02/2011 10:12, Julian Field escreveu: > For starters, what version of MailScanner are you using, what OS and > distro, what MTA and so on? > MailScanner-4.81.4-1 Redhat Enterprise Linux 3.0 kernel 2.4.21-63.EL Sendmail.8.14.4 SpamAssassin 3.3.0 As I told before, the problem is happening with ONLY one user and this is the most strange part. Thanks for any info you can get. Regards. Marcelo ############################################################### Luis Marcelo Achite, MSc Information Technology Manager Inter-American Institute for Global Change Research - IAI Avenida dos Astronautas, 1758, Jardim da Granja 12227-010 Sao Jose dos Campos - Sao Paulo - Brazil Phone: (55-12) 3208-6868 Fax: (55-12) 3941-4410 e-mail : lmachite@dir.iai.int Skype: lmachite Twitter: @lmachite Facebook: http://www.facebook.com/lmachite ############################################################### -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ecasarero at gmail.com Thu Feb 17 13:06:26 2011 From: ecasarero at gmail.com (Eduardo Casarero) Date: Thu Feb 17 13:07:03 2011 Subject: ScamNailer no longer updating In-Reply-To: <7CA580B59C1ABD45B4614ED90D4C7B852FA36AD2@HC-EXMBX01.herefordshire.gov.uk> References: <7CA580B59C1ABD45B4614ED90D4C7B852FA36AD2@HC-EXMBX01.herefordshire.gov.uk> Message-ID: 2011/2/17 Randal, Phil > Hi folks, > > > > We can no longer resolve www.mailscanner.tv here and so ScamNailer updates > are failing. > > > > Anyone else seeing the same problem? > > > > Cheers, > > > > Phil > I've just checked and my servers are resolving www.mailscanner.tv without problems. > -- > Phil Randal | Infrastructure Engineer > NHS Herefordshire & Herefordshire Council | Deputy Chief Executive's > Office | I.C.T. Services Division > Thorn Office Centre, Rotherwas, Hereford, HR2 6JT > Tel: 01432 260160 > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110217/ea9dfad7/attachment.html From lmachite at dir.iai.int Thu Feb 17 13:13:06 2011 From: lmachite at dir.iai.int (Luis Marcelo Achite) Date: Thu Feb 17 13:13:39 2011 Subject: email folder is getting corrupted after Mailscan check In-Reply-To: References: <4D5D0E94.70804@dir.iai.int> Message-ID: <4D5D1EE2.5070101@dir.iai.int> Em 17/02/2011 10:15, Michael H. Martel escreveu: > I'm no expert, but my gut tells me it's not mailscanner, but your local > delivery agent. Are you or this user using procmail to filter mail in to > folders ? If so, is the rule for that folder correct and using locking ? > Hi Michael, Good comment on the issue. Yes, I?m using procmail, but there is no specific rule for that user folder. From the procmail logs, I can see that the locking/unlocking is working well and the message is being delivered to that user. Regards. Marcelo ############################################################### Luis Marcelo Achite, MSc Information Technology Manager Inter-American Institute for Global Change Research - IAI Avenida dos Astronautas, 1758, Jardim da Granja 12227-010 Sao Jose dos Campos - Sao Paulo - Brazil Phone: (55-12) 3208-6868 Fax: (55-12) 3941-4410 e-mail : lmachite@dir.iai.int Skype: lmachite Twitter: @lmachite Facebook: http://www.facebook.com/lmachite ############################################################### -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From nsnidanko at harperpowerproducts.com Thu Feb 17 13:42:13 2011 From: nsnidanko at harperpowerproducts.com (Naz Snidanko) Date: Thu Feb 17 13:42:26 2011 Subject: ScamNailer no longer updating References: <7CA580B59C1ABD45B4614ED90D4C7B852FA36AD2@HC-EXMBX01.herefordshire.gov.uk> Message-ID: <5C4A6241B56FDB48A0AC6AC13CA9FB05010AE1A3@tor_nt01.harperdda.com> We are having the same problem here in Toronto, Canada on Telus and Bell DNS. Tried resolving in Oregon, USA and same problem Phil, Are you sure it is not "cached" on your local DNS? Regards, Naz Snidanko Desktop & Network Support Harper Power Products Inc. (p) 416 201- 7506 nsnidanko@harperpowerproducts.com _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eduardo Casarero Sent: February 17, 2011 8:06 AM To: MailScanner discussion Subject: Re: ScamNailer no longer updating 2011/2/17 Randal, Phil Hi folks, We can no longer resolve www.mailscanner.tv here and so ScamNailer updates are failing. Anyone else seeing the same problem? Cheers, Phil I've just checked and my servers are resolving www.mailscanner.tv without problems. -- Phil Randal | Infrastructure Engineer NHS Herefordshire & Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110217/2b3c49a6/attachment.html From prandal at herefordshire.gov.uk Thu Feb 17 13:52:21 2011 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Feb 17 13:52:41 2011 Subject: ScamNailer no longer updating In-Reply-To: <5C4A6241B56FDB48A0AC6AC13CA9FB05010AE1A3@tor_nt01.harperdda.com> References: <7CA580B59C1ABD45B4614ED90D4C7B852FA36AD2@HC-EXMBX01.herefordshire.gov.uk> <5C4A6241B56FDB48A0AC6AC13CA9FB05010AE1A3@tor_nt01.harperdda.com> Message-ID: <7CA580B59C1ABD45B4614ED90D4C7B852FA39BF6@HC-EXMBX01.herefordshire.gov.uk> Flushing DNS caches was the first thing I tried. Cheers, Phil -- Phil Randal | Infrastructure Engineer NHS Herefordshire & Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Naz Snidanko Sent: 17 February 2011 13:42 To: MailScanner discussion Subject: RE: ScamNailer no longer updating We are having the same problem here in Toronto, Canada on Telus and Bell DNS. Tried resolving in Oregon, USA and same problem Phil, Are you sure it is not "cached" on your local DNS? Regards, Naz Snidanko Desktop & Network Support Harper Power Products Inc. (p) 416 201- 7506 nsnidanko@harperpowerproducts.com ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eduardo Casarero Sent: February 17, 2011 8:06 AM To: MailScanner discussion Subject: Re: ScamNailer no longer updating 2011/2/17 Randal, Phil > Hi folks, We can no longer resolve www.mailscanner.tv here and so ScamNailer updates are failing. Anyone else seeing the same problem? Cheers, Phil I've just checked and my servers are resolving www.mailscanner.tv without problems. -- Phil Randal | Infrastructure Engineer NHS Herefordshire & Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110217/61767e1f/attachment.html From ecasarero at gmail.com Thu Feb 17 13:52:25 2011 From: ecasarero at gmail.com (Eduardo Casarero) Date: Thu Feb 17 13:52:57 2011 Subject: ScamNailer no longer updating In-Reply-To: <5C4A6241B56FDB48A0AC6AC13CA9FB05010AE1A3@tor_nt01.harperdda.com> References: <7CA580B59C1ABD45B4614ED90D4C7B852FA36AD2@HC-EXMBX01.herefordshire.gov.uk> <5C4A6241B56FDB48A0AC6AC13CA9FB05010AE1A3@tor_nt01.harperdda.com> Message-ID: 2011/2/17 Naz Snidanko > We are having the same problem here in Toronto, Canada on Telus and Bell > DNS. Tried resolving in Oregon, USA and same problem > > > > Phil, > > > > Are you sure it is not ?cached? on your local DNS? > i did some testing asking directly to authoritative servers and i get correct answers. dig +short www.mailscanner.tv A @ns1.blacknight.com wwwmailscannertv.bastionnetworksl.netdna-cdn.com. dig +short www.mailscanner.tv A @ns2.blacknight.com wwwmailscannertv.bastionnetworksl.netdna-cdn.com. dig +short wwwmailscannertv.bastionnetworksl.netdna-cdn.com A @ ns1.netdna-cdn.com. 67.201.31.160 dig +short wwwmailscannertv.bastionnetworksl.netdna-cdn.com A @ ns2.netdna-cdn.com. 67.201.31.160 > > > Regards, > > *Naz Snidanko* > > *Desktop & Network Support* > > *Harper Power Products Inc.* > > *(p) 416 201- 7506* > > nsnidanko@harperpowerproducts.com > ------------------------------ > > *From:* mailscanner-bounces@lists.mailscanner.info [mailto: > mailscanner-bounces@lists.mailscanner.info] *On Behalf Of *Eduardo > Casarero > *Sent:* February 17, 2011 8:06 AM > *To:* MailScanner discussion > > *Subject:* Re: ScamNailer no longer updating > > > > > > 2011/2/17 Randal, Phil > > Hi folks, > > > > We can no longer resolve www.mailscanner.tv here and so ScamNailer updates > are failing. > > > > Anyone else seeing the same problem? > > > > Cheers, > > > > Phil > > > > I've just checked and my servers are resolving www.mailscanner.tv without > problems. > > > > > > -- > Phil Randal | Infrastructure Engineer > NHS Herefordshire & Herefordshire Council | Deputy Chief Executive's > Office | I.C.T. Services Division > Thorn Office Centre, Rotherwas, Hereford, HR2 6JT > Tel: 01432 260160 > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110217/38268281/attachment.html From steveb_clamav at sanesecurity.com Thu Feb 17 14:08:28 2011 From: steveb_clamav at sanesecurity.com (Steve Basford) Date: Thu Feb 17 14:08:45 2011 Subject: ScamNailer no longer updating In-Reply-To: <7CA580B59C1ABD45B4614ED90D4C7B852FA39BF6@HC-EXMBX01.herefordshire.gov.uk> References: <7CA580B59C1ABD45B4614ED90D4C7B852FA36AD2@HC-EXMBX01.herefordshire.gov.uk> <5C4A6241B56FDB48A0AC6AC13CA9FB05010AE1A3@tor_nt01.harperdda.com> <7CA580B59C1ABD45B4614ED90D4C7B852FA39BF6@HC-EXMBX01.herefordshire.gov.uk> Message-ID: <435731811f7957c05b1fb6232a302349.squirrel@saturn.dataflame.net> > Flushing DNS caches was the first thing I tried. Just to add, I use this site a lot when sites seem to fail: eg: http://just-ping.com/index.php?vh=www.mailscanner.tv&c=&s=ping Cheers, Steve Sanesecurity From Denis.Beauchemin at usherbrooke.ca Thu Feb 17 14:13:29 2011 From: Denis.Beauchemin at usherbrooke.ca (Beauchemin, Denis) Date: Thu Feb 17 14:16:12 2011 Subject: ScamNailer no longer updating In-Reply-To: <435731811f7957c05b1fb6232a302349.squirrel@saturn.dataflame.net> References: <7CA580B59C1ABD45B4614ED90D4C7B852FA36AD2@HC-EXMBX01.herefordshire.gov.uk><5C4A6241B56FDB48A0AC6AC13CA9FB05010AE1A3@tor_nt01.harperdda.com><7CA580B59C1ABD45B4614ED90D4C7B852FA39BF6@HC-EXMBX01.herefordshire.gov.uk> <435731811f7957c05b1fb6232a302349.squirrel@saturn.dataflame.net> Message-ID: <1C7E4902EA98DE4487AA66F401F237F001541898@EPSILONX.spa.usherbrooke.ca> Google's own DNS doesn't know it either: host www.scamnailer.tv 8.8.8.8 Using domain server: Name: 8.8.8.8 Address: 8.8.8.8#53 Aliases: Host www.scamnailer.tv not found: 3(NXDOMAIN) Denis Denis Beauchemin, architecte technologique Universit? de Sherbrooke, S.T.I. T: 819.821.8000 x 62252 > -----Message d'origine----- > De?: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] De la part de Steve Basford > Envoy??: 17 f?vrier 2011 09:08 > ??: MailScanner discussion > Objet?: RE: ScamNailer no longer updating > > > Flushing DNS caches was the first thing I tried. > > Just to add, I use this site a lot when sites seem to fail: > > eg: > > http://just-ping.com/index.php?vh=www.mailscanner.tv&c=&s=ping > > Cheers, > > Steve > Sanesecurity > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From ms-list at alexb.ch Thu Feb 17 14:22:22 2011 From: ms-list at alexb.ch (Alex Broens) Date: Thu Feb 17 14:22:38 2011 Subject: ScamNailer no longer updating In-Reply-To: <1C7E4902EA98DE4487AA66F401F237F001541898@EPSILONX.spa.usherbrooke.ca> References: <7CA580B59C1ABD45B4614ED90D4C7B852FA36AD2@HC-EXMBX01.herefordshire.gov.uk><5C4A6241B56FDB48A0AC6AC13CA9FB05010AE1A3@tor_nt01.harperdda.com><7CA580B59C1ABD45B4614ED90D4C7B852FA39BF6@HC-EXMBX01.herefordshire.gov.uk> <435731811f7957c05b1fb6232a302349.squirrel@saturn.dataflame.net> <1C7E4902EA98DE4487AA66F401F237F001541898@EPSILONX.spa.usherbrooke.ca> Message-ID: <4D5D2F1E.604@alexb.ch> whois scamnailer.tv Whois Server Version 1.0 Domain names can now be registered with many different competing registrars. Go to http://registrar.verisign-grs.com/whois/ for detailed information. No match for "SCAMNAILER.TV". >>> Last update of whois database: Thu, 17 Feb 2011 08:01:01 EST <<< On 2011-02-17 15:13, Beauchemin, Denis wrote: > Google's own DNS doesn't know it either: > host www.scamnailer.tv 8.8.8.8 > Using domain server: > Name: 8.8.8.8 > Address: 8.8.8.8#53 > Aliases: > > Host www.scamnailer.tv not found: 3(NXDOMAIN) > > Denis > > Denis Beauchemin, architecte technologique > Universit? de Sherbrooke, S.T.I. > T: 819.821.8000 x 62252 > >> -----Message d'origine----- >> De : mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] De la part de Steve Basford >> Envoy? : 17 f?vrier 2011 09:08 >> ? : MailScanner discussion >> Objet : RE: ScamNailer no longer updating >> >>> Flushing DNS caches was the first thing I tried. >> >> Just to add, I use this site a lot when sites seem to fail: >> >> eg: >> >> http://just-ping.com/index.php?vh=www.mailscanner.tv&c=&s=ping >> >> Cheers, >> >> Steve >> Sanesecurity >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! From peter at farrows.org Thu Feb 17 14:28:16 2011 From: peter at farrows.org (Peter Farrow) Date: Thu Feb 17 14:28:26 2011 Subject: ScamNailer no longer updating In-Reply-To: References: <7CA580B59C1ABD45B4614ED90D4C7B852FA36AD2@HC-EXMBX01.herefordshire.gov.uk> <5C4A6241B56FDB48A0AC6AC13CA9FB05010AE1A3@tor_nt01.harperdda.com> Message-ID: <4D5D3080.2070607@farrows.org> On 17/02/2011 13:52, Eduardo Casarero wrote: > > > 2011/2/17 Naz Snidanko > > > We are having the same problem here in Toronto, Canada on Telus > and Bell DNS. Tried resolving in Oregon, USA and same problem > > Phil, > > Are you sure it is not ?cached? on your local DNS? > > > i did some testing asking directly to authoritative servers and i get > correct answers. > > dig +short www.mailscanner.tv A > @ns1.blacknight.com > wwwmailscannertv.bastionnetworksl.netdna-cdn.com > . > dig +short www.mailscanner.tv A > @ns2.blacknight.com > wwwmailscannertv.bastionnetworksl.netdna-cdn.com > . > dig +short wwwmailscannertv.bastionnetworksl.netdna-cdn.com > A > @ns1.netdna-cdn.com . > 67.201.31.160 > dig +short wwwmailscannertv.bastionnetworksl.netdna-cdn.com > A > @ns2.netdna-cdn.com . > 67.201.31.160 > > > > Regards, > > *Naz Snidanko* > > *Desktop & Network Support* > > *Harper Power Products Inc.* > > *(p) 416 201- 7506* > > nsnidanko@harperpowerproducts.com > > > ------------------------------------------------------------------------ > > *From:*mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info > ] *On Behalf Of > *Eduardo Casarero > *Sent:* February 17, 2011 8:06 AM > *To:* MailScanner discussion > > > *Subject:* Re: ScamNailer no longer updating > > 2011/2/17 Randal, Phil > > > Hi folks, > > We can no longer resolve www.mailscanner.tv > here and so ScamNailer updates are > failing. > > Anyone else seeing the same problem? > > Cheers, > > Phil > > I've just checked and my servers are resolving www.mailscanner.tv > without problems. > > -- > Phil Randal | Infrastructure Engineer > NHS Herefordshire & Herefordshire Council |Deputy Chief > Executive's Office | I.C.T. Services Division > Thorn Office Centre, Rotherwas, Hereford, HR2 6JT > Tel: 01432 260160 > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > It works ok here.... and it works on my mailscanner box at Equinix in Chicago, and its not cached... P. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110217/248d1c0c/attachment-0001.html From jase at sensis.com Thu Feb 17 14:47:18 2011 From: jase at sensis.com (Desai, Jason) Date: Thu Feb 17 14:49:10 2011 Subject: ScamNailer no longer updating In-Reply-To: <4D5D2F1E.604@alexb.ch> References: <7CA580B59C1ABD45B4614ED90D4C7B852FA36AD2@HC-EXMBX01.herefordshire.gov.uk><5C4A6241B56FDB48A0AC6AC13CA9FB05010AE1A3@tor_nt01.harperdda.com><7CA580B59C1ABD45B4614ED90D4C7B852FA39BF6@HC-EXMBX01.herefordshire.gov.uk> <435731811f7957c05b1fb6232a302349.squirrel@saturn.dataflame.net><1C7E4902EA98DE4487AA66F401F237F001541898@EPSILONX.spa.usherbrooke.ca> <4D5D2F1E.604@alexb.ch> Message-ID: Doesn't seem to work here: # dig +trace scamnailer.tv ; <<>> DiG 9.6-ESV-R3 <<>> +trace scamnailer.tv ;; global options: +cmd . 314062 IN NS e.root-servers.net. . 314062 IN NS c.root-servers.net. . 314062 IN NS h.root-servers.net. . 314062 IN NS d.root-servers.net. . 314062 IN NS k.root-servers.net. . 314062 IN NS a.root-servers.net. . 314062 IN NS i.root-servers.net. . 314062 IN NS f.root-servers.net. . 314062 IN NS j.root-servers.net. . 314062 IN NS l.root-servers.net. . 314062 IN NS b.root-servers.net. . 314062 IN NS g.root-servers.net. . 314062 IN NS m.root-servers.net. ;; Received 272 bytes from 127.0.0.1#53(127.0.0.1) in 2 ms tv. 172800 IN NS a5.nstld.com. tv. 172800 IN NS l5.nstld.com. tv. 172800 IN NS c5.nstld.com. tv. 172800 IN NS f5.nstld.com. tv. 172800 IN NS h5.nstld.com. tv. 172800 IN NS g5.nstld.com. tv. 172800 IN NS d5.nstld.com. ;; Received 271 bytes from 192.112.36.4#53(g.root-servers.net) in 136 ms tv. 86400 IN SOA a5.nstld.com. info.verisign-grs.com. 1297953825 1800 900 604800 86400 ;; Received 97 bytes from 192.41.162.34#53(l5.nstld.com) in 24 ms > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Alex Broens > Sent: Thursday, February 17, 2011 9:22 AM > To: MailScanner discussion > Subject: Re: ScamNailer no longer updating > > whois scamnailer.tv > > Whois Server Version 1.0 > > Domain names can now be registered with many different competing registrars. > Go to http://registrar.verisign-grs.com/whois/ for detailed information. > > No match for "SCAMNAILER.TV". > > >>> Last update of whois database: Thu, 17 Feb 2011 08:01:01 EST <<< > > > > On 2011-02-17 15:13, Beauchemin, Denis wrote: > > Google's own DNS doesn't know it either: > > host www.scamnailer.tv 8.8.8.8 > > Using domain server: > > Name: 8.8.8.8 > > Address: 8.8.8.8#53 > > Aliases: > > > > Host www.scamnailer.tv not found: 3(NXDOMAIN) > > > > Denis > > > > Denis Beauchemin, architecte technologique > > Universit? de Sherbrooke, S.T.I. > > T: 819.821.8000 x 62252 > > > >> -----Message d'origine----- > >> De : mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] De la part de Steve Basford > >> Envoy? : 17 f?vrier 2011 09:08 > >> ? : MailScanner discussion > >> Objet : RE: ScamNailer no longer updating > >> > >>> Flushing DNS caches was the first thing I tried. > >> > >> Just to add, I use this site a lot when sites seem to fail: > >> > >> eg: > >> > >> http://just-ping.com/index.php?vh=www.mailscanner.tv&c=&s=ping > >> > >> Cheers, > >> > >> Steve > >> Sanesecurity > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - This message is intended only for the addressee and may contain information that is company confidential or privileged. Any technical data in this message may be exported only in accordance with the U.S. International Traffic in Arms Regulations (22 CFR Parts 120-130) or the Export Administration Regulations (15 CFR Parts 730-774). Unauthorized use is strictly prohibited and may be unlawful. If you are not the intended recipient, or the person responsible for delivering to the intended recipient, you should not read, copy, disclose or otherwise use this message. If you have received this email in error, please delete it, and advise the sender immediately. - From peter at farrows.org Thu Feb 17 15:17:05 2011 From: peter at farrows.org (Peter Farrow) Date: Thu Feb 17 15:17:16 2011 Subject: ScamNailer no longer updating In-Reply-To: References: <7CA580B59C1ABD45B4614ED90D4C7B852FA36AD2@HC-EXMBX01.herefordshire.gov.uk><5C4A6241B56FDB48A0AC6AC13CA9FB05010AE1A3@tor_nt01.harperdda.com><7CA580B59C1ABD45B4614ED90D4C7B852FA39BF6@HC-EXMBX01.herefordshire.gov.uk> <435731811f7957c05b1fb6232a302349.squirrel@saturn.dataflame.net><1C7E4902EA98DE4487AA66F401F237F001541898@EPSILONX.spa.usherbrooke.ca> <4D5D2F1E.604@alexb.ch> Message-ID: <4D5D3BF1.4040708@farrows.org> On 17/02/2011 14:47, Desai, Jason wrote: > Doesn't seem to work here: > > # dig +trace scamnailer.tv > > ;<<>> DiG 9.6-ESV-R3<<>> +trace scamnailer.tv > ;; global options: +cmd > . 314062 IN NS e.root-servers.net. > . 314062 IN NS c.root-servers.net. > . 314062 IN NS h.root-servers.net. > . 314062 IN NS d.root-servers.net. > . 314062 IN NS k.root-servers.net. > . 314062 IN NS a.root-servers.net. > . 314062 IN NS i.root-servers.net. > . 314062 IN NS f.root-servers.net. > . 314062 IN NS j.root-servers.net. > . 314062 IN NS l.root-servers.net. > . 314062 IN NS b.root-servers.net. > . 314062 IN NS g.root-servers.net. > . 314062 IN NS m.root-servers.net. > ;; Received 272 bytes from 127.0.0.1#53(127.0.0.1) in 2 ms > > tv. 172800 IN NS a5.nstld.com. > tv. 172800 IN NS l5.nstld.com. > tv. 172800 IN NS c5.nstld.com. > tv. 172800 IN NS f5.nstld.com. > tv. 172800 IN NS h5.nstld.com. > tv. 172800 IN NS g5.nstld.com. > tv. 172800 IN NS d5.nstld.com. > ;; Received 271 bytes from 192.112.36.4#53(g.root-servers.net) in 136 ms > > tv. 86400 IN SOA a5.nstld.com. info.verisign-grs.com. 1297953825 1800 900 604800 86400 > ;; Received 97 bytes from 192.41.162.34#53(l5.nstld.com) in 24 ms > > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Alex Broens >> Sent: Thursday, February 17, 2011 9:22 AM >> To: MailScanner discussion >> Subject: Re: ScamNailer no longer updating >> >> whois scamnailer.tv >> >> Whois Server Version 1.0 >> >> Domain names can now be registered with many different competing registrars. >> Go to http://registrar.verisign-grs.com/whois/ for detailed information. >> >> No match for "SCAMNAILER.TV". >> >> >>> Last update of whois database: Thu, 17 Feb 2011 08:01:01 EST<<< >> >> >> >> On 2011-02-17 15:13, Beauchemin, Denis wrote: >>> Google's own DNS doesn't know it either: >>> host www.scamnailer.tv 8.8.8.8 >>> Using domain server: >>> Name: 8.8.8.8 >>> Address: 8.8.8.8#53 >>> Aliases: >>> >>> Host www.scamnailer.tv not found: 3(NXDOMAIN) >>> >>> Denis >>> >>> Denis Beauchemin, architecte technologique >>> Universit? de Sherbrooke, S.T.I. >>> T: 819.821.8000 x 62252 >>> >>>> -----Message d'origine----- >>>> De : mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>>> bounces@lists.mailscanner.info] De la part de Steve Basford >>>> Envoy? : 17 f?vrier 2011 09:08 >>>> ? : MailScanner discussion >>>> Objet : RE: ScamNailer no longer updating >>>> >>>>> Flushing DNS caches was the first thing I tried. >>>> Just to add, I use this site a lot when sites seem to fail: >>>> >>>> eg: >>>> >>>> http://just-ping.com/index.php?vh=www.mailscanner.tv&c=&s=ping >>>> >>>> Cheers, >>>> >>>> Steve >>>> Sanesecurity >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > - > This message is intended only for the addressee and may contain information that is company confidential or privileged. Any technical data in this message may be exported only in accordance with the U.S. International Traffic in Arms Regulations (22 CFR Parts 120-130) or the Export Administration Regulations (15 CFR Parts 730-774). Unauthorized use is strictly prohibited and may be unlawful. If you are not the intended recipient, or the person responsible for delivering to the intended recipient, you should not read, copy, disclose or otherwise use this message. If you have received this email in error, please delete it, and advise the sender immediately. > - > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Thats because is MailScanner.tv and not scamnailer.tv From prandal at herefordshire.gov.uk Thu Feb 17 15:42:59 2011 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Feb 17 15:43:18 2011 Subject: ScamNailer no longer updating In-Reply-To: <7CA580B59C1ABD45B4614ED90D4C7B852FA39BF6@HC-EXMBX01.herefordshire.gov.uk> References: <7CA580B59C1ABD45B4614ED90D4C7B852FA36AD2@HC-EXMBX01.herefordshire.gov.uk> <5C4A6241B56FDB48A0AC6AC13CA9FB05010AE1A3@tor_nt01.harperdda.com> <7CA580B59C1ABD45B4614ED90D4C7B852FA39BF6@HC-EXMBX01.herefordshire.gov.uk> Message-ID: <7CA580B59C1ABD45B4614ED90D4C7B852FA3A856@HC-EXMBX01.herefordshire.gov.uk> My last successful ScamNailer update was 16 Feb at 02:01 GMT. Still no joy. Phil -- Phil Randal | Infrastructure Engineer NHS Herefordshire & Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: 17 February 2011 13:52 To: MailScanner discussion Subject: RE: ScamNailer no longer updating Flushing DNS caches was the first thing I tried. Cheers, Phil -- Phil Randal | Infrastructure Engineer NHS Herefordshire & Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Naz Snidanko Sent: 17 February 2011 13:42 To: MailScanner discussion Subject: RE: ScamNailer no longer updating We are having the same problem here in Toronto, Canada on Telus and Bell DNS. Tried resolving in Oregon, USA and same problem Phil, Are you sure it is not "cached" on your local DNS? Regards, Naz Snidanko Desktop & Network Support Harper Power Products Inc. (p) 416 201- 7506 nsnidanko@harperpowerproducts.com ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eduardo Casarero Sent: February 17, 2011 8:06 AM To: MailScanner discussion Subject: Re: ScamNailer no longer updating 2011/2/17 Randal, Phil > Hi folks, We can no longer resolve www.mailscanner.tv here and so ScamNailer updates are failing. Anyone else seeing the same problem? Cheers, Phil I've just checked and my servers are resolving www.mailscanner.tv without problems. -- Phil Randal | Infrastructure Engineer NHS Herefordshire & Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. You should be aware that Herefordshire Council monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110217/44d31d6e/attachment.html From peter at farrows.org Thu Feb 17 16:24:28 2011 From: peter at farrows.org (Peter Farrow) Date: Thu Feb 17 16:24:39 2011 Subject: ScamNailer no longer updating In-Reply-To: <7CA580B59C1ABD45B4614ED90D4C7B852FA3A856@HC-EXMBX01.herefordshire.gov.uk> References: <7CA580B59C1ABD45B4614ED90D4C7B852FA36AD2@HC-EXMBX01.herefordshire.gov.uk> <5C4A6241B56FDB48A0AC6AC13CA9FB05010AE1A3@tor_nt01.harperdda.com> <7CA580B59C1ABD45B4614ED90D4C7B852FA39BF6@HC-EXMBX01.herefordshire.gov.uk> <7CA580B59C1ABD45B4614ED90D4C7B852FA3A856@HC-EXMBX01.herefordshire.gov.uk> Message-ID: <4D5D4BBC.4070407@farrows.org> Are you checking scamnailer.tv or mailscanner.tv the former isn't registered, while the latter works fine.... Some people seem to be getting this confused... The 2.09 Scamnailer script only calls www.mailscanner.tv , I am not sure where the scamnailer.tv crept in but I have not seen that before this discussion, and that doesn't work as the domain is not registered. Line 140: my $urlbase = "http://www.mailscanner.tv/emails."; P. On 17/02/2011 15:42, Randal, Phil wrote: > > My last successful ScamNailer update was 16 Feb at 02:01 GMT. > > Still no joy. > > Phil > > -- > Phil Randal | Infrastructure Engineer > NHS Herefordshire & Herefordshire Council |Deputy Chief Executive's > Office | I.C.T. Services Division > Thorn Office Centre, Rotherwas, Hereford, HR2 6JT > Tel: 01432 260160 > > *From:*mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Randal, Phil > *Sent:* 17 February 2011 13:52 > *To:* MailScanner discussion > *Subject:* RE: ScamNailer no longer updating > > Flushing DNS caches was the first thing I tried. > > Cheers, > > Phil > > -- > Phil Randal | Infrastructure Engineer > NHS Herefordshire & Herefordshire Council |Deputy Chief Executive's > Office | I.C.T. Services Division > Thorn Office Centre, Rotherwas, Hereford, HR2 6JT > Tel: 01432 260160 > > *From:*mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of *Naz > Snidanko > *Sent:* 17 February 2011 13:42 > *To:* MailScanner discussion > *Subject:* RE: ScamNailer no longer updating > > We are having the same problem here in Toronto, Canada on Telus and > Bell DNS. Tried resolving in Oregon, USA and same problem > > Phil, > > Are you sure it is not "cached" on your local DNS? > > Regards, > > *Naz Snidanko* > > *Desktop & Network Support* > > *Harper Power Products Inc.* > > *(p) 416 201- 7506* > > nsnidanko@harperpowerproducts.com > > > ------------------------------------------------------------------------ > > *From:*mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Eduardo Casarero > *Sent:* February 17, 2011 8:06 AM > *To:* MailScanner discussion > *Subject:* Re: ScamNailer no longer updating > > 2011/2/17 Randal, Phil > > > Hi folks, > > We can no longer resolve www.mailscanner.tv > here and so ScamNailer updates are failing. > > Anyone else seeing the same problem? > > Cheers, > > Phil > > I've just checked and my servers are resolving www.mailscanner.tv > without problems. > > -- > Phil Randal | Infrastructure Engineer > NHS Herefordshire & Herefordshire Council | Deputy Chief > Executive's Office | I.C.T. Services Division > Thorn Office Centre, Rotherwas, Hereford, HR2 6JT > Tel: 01432 260160 > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Any opinion expressed in this e-mail or any attached files are those > of the individual and not necessarily those of Herefordshire Council. > You should be aware that Herefordshire Council monitors its email service. > This e-mail and any attached files are confidential and intended > solely for the use of the addressee. This communication may contain > material protected by law from being passed on. If you are not the > intended recipient and have received this e-mail in error, you are > advised that any use, dissemination, forwarding, printing or copying > of this e-mail is strictly prohibited. If you have received this > e-mail in error please contact the sender immediately and destroy all > copies of it. > -- > This message has been scanned for viruses and > dangerous content by the *Togethia MailScanner* > , and is > believed to be clean. > Scanner:local -- horizontal ruler Peter Farrow avatar ______________________ Home: 01249 654183 Fax: 01249 461 548 Mobile: 07799605617 Skype: peter_farrow Web: www.peterfarrow.com -------------- next part -------------- Skipped content of type multipart/related From alex at vidadigital.com.pa Thu Feb 17 16:34:38 2011 From: alex at vidadigital.com.pa (Alex Neuman) Date: Thu Feb 17 16:35:15 2011 Subject: ScamNailer no longer updating In-Reply-To: <5C4A6241B56FDB48A0AC6AC13CA9FB05010AE1A3@tor_nt01.harperdda.com> References: <7CA580B59C1ABD45B4614ED90D4C7B852FA36AD2@HC-EXMBX01.herefordshire.gov.uk> <5C4A6241B56FDB48A0AC6AC13CA9FB05010AE1A3@tor_nt01.harperdda.com> Message-ID: Negatively cached, that is... On Feb 17, 2011, at 8:42 AM, Naz Snidanko wrote: > Are you sure it is not ?cached? on your local DNS? > -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 +1-440-253-9789 (USA) Recuerda visitar http://vidadigital.com.pa/ BB PIN 20EA17C5 Twitter: @AlexNeuman - @VidaDigitalTV http://facebook.com/vidadigital Skype: alexneuman From alex at vidadigital.com.pa Thu Feb 17 16:35:07 2011 From: alex at vidadigital.com.pa (Alex Neuman) Date: Thu Feb 17 16:35:32 2011 Subject: ScamNailer no longer updating In-Reply-To: References: <7CA580B59C1ABD45B4614ED90D4C7B852FA36AD2@HC-EXMBX01.herefordshire.gov.uk> <5C4A6241B56FDB48A0AC6AC13CA9FB05010AE1A3@tor_nt01.harperdda.com> Message-ID: <5ED30460-0201-4412-B977-65811847FC40@vidadigital.com.pa> Have you tried other DNS services like Google or OpenDNS? On Feb 17, 2011, at 8:52 AM, Eduardo Casarero wrote: > > > 2011/2/17 Naz Snidanko > We are having the same problem here in Toronto, Canada on Telus and Bell DNS. Tried resolving in Oregon, USA and same problem > > > Phil, > > > Are you sure it is not ?cached? on your local DNS? > > > i did some testing asking directly to authoritative servers and i get correct answers. > > dig +short www.mailscanner.tv A @ns1.blacknight.com > wwwmailscannertv.bastionnetworksl.netdna-cdn.com. > dig +short www.mailscanner.tv A @ns2.blacknight.com > wwwmailscannertv.bastionnetworksl.netdna-cdn.com. > dig +short wwwmailscannertv.bastionnetworksl.netdna-cdn.com A @ns1.netdna-cdn.com. > 67.201.31.160 > dig +short wwwmailscannertv.bastionnetworksl.netdna-cdn.com A @ns2.netdna-cdn.com. > 67.201.31.160 > > > > > > Regards, > > Naz Snidanko > > Desktop & Network Support > > Harper Power Products Inc. > > (p) 416 201- 7506 > > nsnidanko@harperpowerproducts.com > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eduardo Casarero > Sent: February 17, 2011 8:06 AM > To: MailScanner discussion > > > Subject: Re: ScamNailer no longer updating > > > > 2011/2/17 Randal, Phil > > Hi folks, > > > We can no longer resolve www.mailscanner.tv here and so ScamNailer updates are failing. > > > Anyone else seeing the same problem? > > > Cheers, > > > Phil > > > I've just checked and my servers are resolving www.mailscanner.tv without problems. > > > > -- > Phil Randal | Infrastructure Engineer > NHS Herefordshire & Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division > Thorn Office Centre, Rotherwas, Hereford, HR2 6JT > Tel: 01432 260160 > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 +1-440-253-9789 (USA) Recuerda visitar http://vidadigital.com.pa/ BB PIN 20EA17C5 Twitter: @AlexNeuman - @VidaDigitalTV http://facebook.com/vidadigital Skype: alexneuman From prandal at herefordshire.gov.uk Thu Feb 17 16:42:09 2011 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Feb 17 16:42:29 2011 Subject: ScamNailer no longer updating In-Reply-To: <4D5D4BBC.4070407@farrows.org> References: <7CA580B59C1ABD45B4614ED90D4C7B852FA36AD2@HC-EXMBX01.herefordshire.gov.uk> <5C4A6241B56FDB48A0AC6AC13CA9FB05010AE1A3@tor_nt01.harperdda.com> <7CA580B59C1ABD45B4614ED90D4C7B852FA39BF6@HC-EXMBX01.herefordshire.gov.uk> <7CA580B59C1ABD45B4614ED90D4C7B852FA3A856@HC-EXMBX01.herefordshire.gov.uk> <4D5D4BBC.4070407@farrows.org> Message-ID: <7CA580B59C1ABD45B4614ED90D4C7B852FA3AE0A@HC-EXMBX01.herefordshire.gov.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 57 bytes Desc: image001.gif Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110217/998ca76f/image001-0001.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.gif Type: image/gif Size: 8198 bytes Desc: image002.gif Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110217/998ca76f/image002-0001.gif From maillists at conactive.com Thu Feb 17 17:09:57 2011 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Feb 17 17:10:09 2011 Subject: ScamNailer no longer updating In-Reply-To: <7CA580B59C1ABD45B4614ED90D4C7B852FA3AE0A@HC-EXMBX01.herefordshire.gov.uk> References: <7CA580B59C1ABD45B4614ED90D4C7B852FA36AD2@HC-EXMBX01.herefordshire.gov.uk> <5C4A6241B56FDB48A0AC6AC13CA9FB05010AE1A3@tor_nt01.harperdda.com> <7CA580B59C1ABD45B4614ED90D4C7B852FA39BF6@HC-EXMBX01.herefordshire.gov.uk> <7CA580B59C1ABD45B4614ED90D4C7B852FA3A856@HC-EXMBX01.herefordshire.gov.uk> <4D5D4BBC.4070407@farrows.org> <7CA580B59C1ABD45B4614ED90D4C7B852FA3AE0A@HC-EXMBX01.herefordshire.gov.uk> Message-ID: Use dig and go up the chain of nameservers. There's also a dig variant that does it for you, but I don't remember the name. Maybe something wrong with CNAME resolution in your environment or higher up? (www.mailscanner.tv is a CNAME) Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From uxbod at splatnix.net Thu Feb 17 20:14:37 2011 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Feb 17 20:15:27 2011 Subject: ScamNailer no longer updating In-Reply-To: Message-ID: <9989f39f-5c7f-4648-9789-8248f18272ee@office.splatnix.net> ----- Original Message ----- > Use dig and go up the chain of nameservers. There's also a dig > variant > that does it for you, but I don't remember the name. > Maybe something wrong with CNAME resolution in your environment or > higher > up? (www.mailscanner.tv is a CNAME) > > Kai > > -- > Get your web at Conactive Internet Services: http://www.conactive.com > > > I have always used www.mailscanner.eu which is resolving fine. From maillists at conactive.com Thu Feb 17 21:31:38 2011 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Feb 17 21:31:48 2011 Subject: ScamNailer no longer updating In-Reply-To: <9989f39f-5c7f-4648-9789-8248f18272ee@office.splatnix.net> References: <9989f39f-5c7f-4648-9789-8248f18272ee@office.splatnix.net> Message-ID: tv is resolving fine, too, just not for some ;-) Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From glenn.steen at gmail.com Thu Feb 17 22:08:22 2011 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 17 22:08:32 2011 Subject: Fedora 12 MailScanner 4.77.10 Postfix 2.6.2 Whitelist issues In-Reply-To: References: Message-ID: On 16 February 2011 16:42, Adam Laye wrote: > Fedora 12 > MailScanner 4.77.10 > SpamAssassin 3.2.5 > Postfix 2.6.2 > > Resumes@example.com > contactus@example.com > > These two addresses?were removed from my?spam.whitelist.conf weeks ago. I > have restarted MailScanner rebooted the machine, disabled auto-whitelist in > both SpamAssassin and the MailScanner.conf? and yet Email to these addresses > still show up.? I have greped the entire MailScanner directory to verify > there were no rouge instances of these names and yet I still get the > following when Email arrives to these addresses. > > X-mail03bigcenter-MailScanner-SpamCheck: not spam (whitelisted), > ?SpamAssassin (not cached, score=31.453, required 3.5, > ?autolearn=disabled, FILL_THIS_FORM 0.00, > > I am at a loss... any idea's would be appreciated. > > > [root@mail]# egrep -r -i '(resume|contactus)' /etc/MailScanner/ > /etc/MailScanner/MailScanner.conf.rpmnew:# If the value contains > 'foobar.customi[zs]e' then the value is presumed to > /etc/MailScanner/phishing.bad.sites.conf.old:www.howtowriteresume.info > /etc/MailScanner/phishing.bad.sites.conf:www.howtowriteresume.info > /etc/MailScanner/phishing.bad.sites.conf.rpmnew:25resumes.com > Perhaps you whitelist the sending servers IP? Or you might have some easily spoofed envelope sender addresses/domains, that isn't mentioned in the actual email headers (very common)? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From prandal at herefordshire.gov.uk Fri Feb 18 00:18:31 2011 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Feb 18 00:18:48 2011 Subject: ScamNailer no longer updating In-Reply-To: <9989f39f-5c7f-4648-9789-8248f18272ee@office.splatnix.net> References: <9989f39f-5c7f-4648-9789-8248f18272ee@office.splatnix.net> Message-ID: <7CA580B59C1ABD45B4614ED90D4C7B852FA3C517@HC-EXMBX01.herefordshire.gov.uk> Good workaround! Thanks for the suggestion. Cheers, Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of --[ UxBoD ]-- Sent: 17 February 2011 20:15 To: MailScanner discussion Subject: Re: ScamNailer no longer updating ----- Original Message ----- > Use dig and go up the chain of nameservers. There's also a dig > variant > that does it for you, but I don't remember the name. > Maybe something wrong with CNAME resolution in your environment or > higher > up? (www.mailscanner.tv is a CNAME) > > Kai > > -- > Get your web at Conactive Internet Services: http://www.conactive.com > > > I have always used www.mailscanner.eu which is resolving fine. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From list1 at gir.me.uk Fri Feb 18 11:21:13 2011 From: list1 at gir.me.uk (George B.) Date: Fri Feb 18 11:21:44 2011 Subject: Mailscanner + Exim >= 4.73 Message-ID: <4D5E5629.2070806@gir.me.uk> Hello, This is really an Exim question so feel free to tell me to ask elsewhere... ;-) It is related to my MailScanner configuration though. Apparently Exim 4.73 will not allow any "-D" options by default and eventually the functionality will be removed. From mailing list post: http://lists.exim.org/lurker/message/20101215.161702.fcdb3f77.gl.html --- +# By contrast, you might be maintaining a system which relies upon the ability +# to override values with -D and assumes that these will be passed through to +# the delivery processes. As of Exim 4.73, this is no longer the case by +# default. Going forward, we strongly recommend that you use a shim Exim +# configuration file owned by root stored under TRUSTED_CONFIG_PREFIX_LIST. +# That shim can set macros before .include'ing your main configuration file. +# +# As a strictly transient measure to ease migration to 4.73, the +# WHITELIST_D_MACROS value definies a colon-separated list of macro-names +# which are permitted to be overriden from the command-line which will be +# honoured by the Exim user. So these are macros that can persist to delivery +# time. +# Examples might be -DTLS or -DSPOOL=/some/dir. The values on the +# command-line are filtered to only permit: [A-Za-z0-9_/.-]* +# +# This option is highly likely to be removed in a future release. It exists +# only to make 4.73 as easy as possible to migrate to. If you use it, we +# encourage you to schedule time to rework your configuration to not depend +# upon it. Most people should not need to use this. --- I think I am already seeing symptoms of this on my Debian Squeeze box which relies (as per documentation of the rather old Debian MailScanner package) on the "-DOUTGING" option for the split pool configuration: --- scruffy:~# exim4 -bP -DOUTGOING spool_directory macros_trusted overriden to true by whitelisting spool_directory = /var/spool/exim4 vs scruffy:~# exim4 -bP spool_directory spool_directory = /var/spool/exim4_incoming --- I have only just noticed this an I am looking for some advice on how to "future-proof" my Mailscanner + Exim4 implementation. The message above talks about a "shim configuration file" but I don't really understand what they are talking about there and how to use it for split pool configuration. :-( Any pointers would be greatly appreciated. Thanks, George. From maxsec at gmail.com Fri Feb 18 11:34:50 2011 From: maxsec at gmail.com (Martin Hepworth) Date: Fri Feb 18 11:34:59 2011 Subject: Mailscanner + Exim >= 4.73 In-Reply-To: <4D5E5629.2070806@gir.me.uk> References: <4D5E5629.2070806@gir.me.uk> Message-ID: I used two different config files (-c) to do a similar job, a bit of a pain in that you have to main two files but do-able as changes tend to be one of other file (pre or post exim). http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:exim:installation -- Martin Hepworth Oxford, UK On 18 February 2011 11:21, George B. wrote: > Hello, > > This is really an Exim question so feel free to tell me to ask elsewhere... > ;-) It is related to my MailScanner configuration though. > > Apparently Exim 4.73 will not allow any "-D" options by default and > eventually the functionality will be removed. From mailing list post: > > http://lists.exim.org/lurker/message/20101215.161702.fcdb3f77.gl.html > --- > +# By contrast, you might be maintaining a system which relies upon the > ability > +# to override values with -D and assumes that these will be passed through > to > +# the delivery processes. As of Exim 4.73, this is no longer the case by > +# default. Going forward, we strongly recommend that you use a shim Exim > +# configuration file owned by root stored under > TRUSTED_CONFIG_PREFIX_LIST. > +# That shim can set macros before .include'ing your main configuration > file. > +# > +# As a strictly transient measure to ease migration to 4.73, the > +# WHITELIST_D_MACROS value definies a colon-separated list of macro-names > +# which are permitted to be overriden from the command-line which will be > +# honoured by the Exim user. So these are macros that can persist to > delivery > +# time. > +# Examples might be -DTLS or -DSPOOL=/some/dir. The values on the > +# command-line are filtered to only permit: [A-Za-z0-9_/.-]* > +# > +# This option is highly likely to be removed in a future release. It > exists > +# only to make 4.73 as easy as possible to migrate to. If you use it, we > +# encourage you to schedule time to rework your configuration to not > depend > +# upon it. Most people should not need to use this. > --- > > I think I am already seeing symptoms of this on my Debian Squeeze box which > relies (as per documentation of the rather old Debian MailScanner package) > on the "-DOUTGING" option for the split pool configuration: > --- > scruffy:~# exim4 -bP -DOUTGOING spool_directory > macros_trusted overriden to true by whitelisting > spool_directory = /var/spool/exim4 > > vs > > scruffy:~# exim4 -bP spool_directory > spool_directory = /var/spool/exim4_incoming > --- > > I have only just noticed this an I am looking for some advice on how to > "future-proof" my Mailscanner + Exim4 implementation. > > The message above talks about a "shim configuration file" but I don't > really understand what they are talking about there and how to use it for > split pool configuration. :-( > > Any pointers would be greatly appreciated. > > > Thanks, > > George. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110218/4fef76a0/attachment.html From jonas at vrt.dk Fri Feb 18 12:30:31 2011 From: jonas at vrt.dk (Jonas) Date: Fri Feb 18 12:30:45 2011 Subject: Mailscanner + Exim >= 4.73 In-Reply-To: <4D5E5629.2070806@gir.me.uk> References: <4D5E5629.2070806@gir.me.uk> Message-ID: <09F23668E315FD4597C13D73E5123ADF56B36B@SCTSBS.sct.dk> Hi George > This is really an Exim question so feel free to tell me to ask elsewhere... ;-) It is > related to my MailScanner configuration though. > > Apparently Exim 4.73 will not allow any "-D" options by default and eventually > the functionality will be removed. From mailing list post: > > http://lists.exim.org/lurker/message/20101215.161702.fcdb3f77.gl.html > --- > +# By contrast, you might be maintaining a system which relies upon the > ability > +# to override values with -D and assumes that these will be passed > through to > +# the delivery processes. As of Exim 4.73, this is no longer the case > +by # default. Going forward, we strongly recommend that you use a shim > +Exim # configuration file owned by root stored under > TRUSTED_CONFIG_PREFIX_LIST. > +# That shim can set macros before .include'ing your main configuration > file. > +# > +# As a strictly transient measure to ease migration to 4.73, the # > +WHITELIST_D_MACROS value definies a colon-separated list of macro-names > +# which are permitted to be overriden from the command-line which will > +be # honoured by the Exim user. So these are macros that can persist > +to > delivery > +# time. > +# Examples might be -DTLS or -DSPOOL=/some/dir. The values on the # > +command-line are filtered to only permit: [A-Za-z0-9_/.-]* # # This > +option is highly likely to be removed in a future release. It > exists > +# only to make 4.73 as easy as possible to migrate to. If you use it, > +we # encourage you to schedule time to rework your configuration to not > +depend # upon it. Most people should not need to use this. > --- > > I think I am already seeing symptoms of this on my Debian Squeeze box which > relies (as per documentation of the rather old Debian MailScanner > package) on the "-DOUTGING" option for the split pool configuration: > --- > scruffy:~# exim4 -bP -DOUTGOING spool_directory macros_trusted overriden > to true by whitelisting spool_directory = /var/spool/exim4 > > vs > > scruffy:~# exim4 -bP spool_directory > spool_directory = /var/spool/exim4_incoming > --- > > I have only just noticed this an I am looking for some advice on how to "future- > proof" my Mailscanner + Exim4 implementation. > > The message above talks about a "shim configuration file" but I don't really > understand what they are talking about there and how to use it for split pool > configuration. :-( > > Any pointers would be greatly appreciated. > I'm not sure I have any pointers yet, I'm still on Debian Lenny and its patched exim 4.69. I will face the same issues your describing soon so I'm also interested in what might be the smoothest solution. I think Martin is right that the 2 different config file setup is one way to do it, think that have always been an option as far as I know. But I think most people would prefer a 1 file solution, as we both run with currently. So question is if anybody is going to come up with a fancy way to do that. If not I guess you can always fall back on the 2 file solution. Hoping to hear more about this soon. Med venlig hilsen / Best regards ? Jonas Akrouh Larsen ? TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S ? Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax:??? 7020 0978 Web: www.techbiz.dk From list1 at gir.me.uk Fri Feb 18 13:39:14 2011 From: list1 at gir.me.uk (George B.) Date: Fri Feb 18 13:39:41 2011 Subject: Mailscanner + Exim >= 4.73 In-Reply-To: References: <4D5E5629.2070806@gir.me.uk> Message-ID: <4D5E7682.7060203@gir.me.uk> On 18/02/11 11:34, Martin Hepworth wrote: > I used two different config files (-c) to do a similar job, a bit of a > pain in that you have to main two files but do-able as changes tend to > be one of other file (pre or post exim). > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:exim:installation Thanks Martin - I will look into this. George. From list1 at gir.me.uk Fri Feb 18 13:43:58 2011 From: list1 at gir.me.uk (George B.) Date: Fri Feb 18 13:44:29 2011 Subject: Mailscanner + Exim >= 4.73 In-Reply-To: <09F23668E315FD4597C13D73E5123ADF56B36B@SCTSBS.sct.dk> References: <4D5E5629.2070806@gir.me.uk> <09F23668E315FD4597C13D73E5123ADF56B36B@SCTSBS.sct.dk> Message-ID: <4D5E779E.4050203@gir.me.uk> On 18/02/11 12:30, Jonas wrote: > I'm not sure I have any pointers yet, I'm still on Debian Lenny and its patched exim 4.69. > > I will face the same issues your describing soon so I'm also interested in what might be the smoothest solution. Hi Jonas, I think moving from Lenny to Squeeze is OK - my split queue system still continues to work (I only saw the error because my patched /etc/cron.daily/exim4-base script mails it to me every day). Looking at the docs it seems Debian package managers took good care of us yet again and specifically whitelisted "OUTGOING". From /usr/share/doc/exim4-daemon-light/NEWS.Debian.gz --- If exim is invoked with the -C or -D option the daemon will not regain root privileges though re-execution. This is usually necessary for local delivery, though. Therefore it is generally not possible anymore to run an exim daemon with -D or -C options. However this version of exim has been built with TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. TRUSTED_CONFIG_LIST defines a list of configuration files which are trusted; if a config file is owned by root and matches a pathname in the list, then it may be invoked by the Exim build-time user without Exim relinquishing root privileges. As a hotfix to not break existing installations of mailscanner we have also set WHITELIST_D_MACROS=OUTGOING. i.e. it is still possible to start exim with -DOUTGOING while being able to do local deliveries. If you previously were using -D switches you will need to change your setup to use a separate configuration file. The ".include" mechanism makes this easy. --- Best regards, George. From jase at sensis.com Fri Feb 18 13:47:19 2011 From: jase at sensis.com (Desai, Jason) Date: Fri Feb 18 13:48:40 2011 Subject: Mailscanner + Exim >= 4.73 In-Reply-To: <09F23668E315FD4597C13D73E5123ADF56B36B@SCTSBS.sct.dk> References: <4D5E5629.2070806@gir.me.uk> <09F23668E315FD4597C13D73E5123ADF56B36B@SCTSBS.sct.dk> Message-ID: > > This is really an Exim question so feel free to tell me to ask elsewhere... > ;-) It is > > related to my MailScanner configuration though. > > > > Apparently Exim 4.73 will not allow any "-D" options by default and > eventually > > the functionality will be removed. From mailing list post: > > > > http://lists.exim.org/lurker/message/20101215.161702.fcdb3f77.gl.html > > --- > > +# By contrast, you might be maintaining a system which relies upon the > > ability > > +# to override values with -D and assumes that these will be passed > > through to > > +# the delivery processes. As of Exim 4.73, this is no longer the case > > +by # default. Going forward, we strongly recommend that you use a shim > > +Exim # configuration file owned by root stored under > > TRUSTED_CONFIG_PREFIX_LIST. > > +# That shim can set macros before .include'ing your main configuration > > file. > > +# > > +# As a strictly transient measure to ease migration to 4.73, the # > > +WHITELIST_D_MACROS value definies a colon-separated list of macro-names > > +# which are permitted to be overriden from the command-line which will > > +be # honoured by the Exim user. So these are macros that can persist > > +to > > delivery > > +# time. > > +# Examples might be -DTLS or -DSPOOL=/some/dir. The values on the # > > +command-line are filtered to only permit: [A-Za-z0-9_/.-]* # # This > > +option is highly likely to be removed in a future release. It > > exists > > +# only to make 4.73 as easy as possible to migrate to. If you use it, > > +we # encourage you to schedule time to rework your configuration to not > > +depend # upon it. Most people should not need to use this. > > --- > > > > I think I am already seeing symptoms of this on my Debian Squeeze box which > > relies (as per documentation of the rather old Debian MailScanner > > package) on the "-DOUTGING" option for the split pool configuration: > > --- > > scruffy:~# exim4 -bP -DOUTGOING spool_directory macros_trusted overriden > > to true by whitelisting spool_directory = /var/spool/exim4 > > > > vs > > > > scruffy:~# exim4 -bP spool_directory > > spool_directory = /var/spool/exim4_incoming > > --- > > > > I have only just noticed this an I am looking for some advice on how to > "future- > > proof" my Mailscanner + Exim4 implementation. > > > > The message above talks about a "shim configuration file" but I don't really > > understand what they are talking about there and how to use it for split > pool > > configuration. :-( > > > > Any pointers would be greatly appreciated. > > > > I'm not sure I have any pointers yet, I'm still on Debian Lenny and its > patched exim 4.69. As I understand it, the idea is to use a "shim" exim config file that sets your macro, and then includes the main exim config file. So, in you MailScanner.conf file, instead of having: Sendmail2 = /usr/sbin/exim4 -DOUTGOING You can have something like this: Sendmail2 = /usr/sbin/exim4 -c /etc/exim4/exim.outgoing.conf Then, you have to add this new "shim" configuration file into your exim trusted_configs file. # cat /etc/exim4/trusted_configs /etc/exim4/exim.outgoing.conf And finally, in your exim4.outgoing.conf file, you should define your macro and then include the standard exim config file. For Debian, it might look something like this: # cat /etc/exim4/exim.outgoing.conf OUTGOING = 1 .include /var/lib/exim4/config.autogenerated This way, you're still only modifying the one main exim4 configuration file for all of your needs. I've done it this way (I even use a different macro name), and it works with the patched exim4 in Lenny. And I expect it to work as is in Squeeze. Jase - This message is intended only for the addressee and may contain information that is company confidential or privileged. Any technical data in this message may be exported only in accordance with the U.S. International Traffic in Arms Regulations (22 CFR Parts 120-130) or the Export Administration Regulations (15 CFR Parts 730-774). Unauthorized use is strictly prohibited and may be unlawful. If you are not the intended recipient, or the person responsible for delivering to the intended recipient, you should not read, copy, disclose or otherwise use this message. If you have received this email in error, please delete it, and advise the sender immediately. - From list1 at gir.me.uk Fri Feb 18 14:21:31 2011 From: list1 at gir.me.uk (George B.) Date: Fri Feb 18 14:21:53 2011 Subject: Mailscanner + Exim >= 4.73 In-Reply-To: References: <4D5E5629.2070806@gir.me.uk> <09F23668E315FD4597C13D73E5123ADF56B36B@SCTSBS.sct.dk> Message-ID: <4D5E806B.8000705@gir.me.uk> On 18/02/11 13:47, Desai, Jason wrote: > As I understand it, the idea is to use a "shim" exim config file that > sets your macro, and then includes the main exim config file. Thanks for the detailed explanation! :-) George. From jonas at vrt.dk Fri Feb 18 17:33:56 2011 From: jonas at vrt.dk (Jonas) Date: Fri Feb 18 17:34:12 2011 Subject: Mailscanner + Exim >= 4.73 In-Reply-To: References: <4D5E5629.2070806@gir.me.uk><09F23668E315FD4597C13D73E5123ADF56B36B@SCTSBS.sct.dk> Message-ID: <09F23668E315FD4597C13D73E5123ADF56B37D@SCTSBS.sct.dk> > As I understand it, the idea is to use a "shim" exim config file that sets your > macro, and then includes the main exim config file. > > So, in you MailScanner.conf file, instead of having: > Sendmail2 = /usr/sbin/exim4 -DOUTGOING > > You can have something like this: > Sendmail2 = /usr/sbin/exim4 -c /etc/exim4/exim.outgoing.conf > > Then, you have to add this new "shim" configuration file into your exim > trusted_configs file. > > # cat /etc/exim4/trusted_configs > /etc/exim4/exim.outgoing.conf > > And finally, in your exim4.outgoing.conf file, you should define your macro and > then include the standard exim config file. For Debian, it might look something > like this: > > # cat /etc/exim4/exim.outgoing.conf > OUTGOING = 1 > .include /var/lib/exim4/config.autogenerated > > This way, you're still only modifying the one main exim4 configuration file for > all of your needs. I've done it this way (I even use a different macro name), > and it works with the patched exim4 in Lenny. > And I expect it to work as is in Squeeze. > > Jase Hey Jasse That sounds like a pretty straight forward description to test. I will be upgrading my 2 mailscanners to squeeze within the next couple of weeks and will try to change to the new method you describe at the same time. I'll be sure to report back if it works or not. Also once a couple of us have their systems working this way, and its confirmed it works issue free, somebody should update the wiki. Thanks so far for your insight :-) Med venlig hilsen / Best regards ? Jonas Akrouh Larsen ? TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S ? Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax:??? 7020 0978 Web: www.techbiz.dk From glenn.steen at gmail.com Fri Feb 18 18:55:07 2011 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 18 18:55:16 2011 Subject: Mailscanner + Exim >= 4.73 In-Reply-To: <09F23668E315FD4597C13D73E5123ADF56B37D@SCTSBS.sct.dk> References: <4D5E5629.2070806@gir.me.uk> <09F23668E315FD4597C13D73E5123ADF56B36B@SCTSBS.sct.dk> <09F23668E315FD4597C13D73E5123ADF56B37D@SCTSBS.sct.dk> Message-ID: Could one of you Exim uusers get that into the wiki, if not there already? Always nice with documented variants/choices:-). Cheers On 18 February 2011 18:33, Jonas wrote: >> As I understand it, the idea is to use a "shim" exim config file that sets your >> macro, and then includes the main exim config file. >> >> So, in you MailScanner.conf file, instead of having: >> Sendmail2 = /usr/sbin/exim4 -DOUTGOING >> >> You can have something like this: >> Sendmail2 = /usr/sbin/exim4 -c /etc/exim4/exim.outgoing.conf >> >> Then, you have to add this new "shim" configuration file into your exim >> trusted_configs file. >> >> # cat /etc/exim4/trusted_configs >> /etc/exim4/exim.outgoing.conf >> >> And finally, in your exim4.outgoing.conf file, you should define your macro and >> then include the standard exim config file. ?For Debian, it might look something >> like this: >> >> # cat /etc/exim4/exim.outgoing.conf >> OUTGOING = 1 >> .include /var/lib/exim4/config.autogenerated >> >> This way, you're still only modifying the one main exim4 configuration file for >> all of your needs. ?I've done it this way (I even use a different macro name), >> and it works with the patched exim4 in Lenny. >> And I expect it to work as is in Squeeze. >> >> Jase > > Hey Jasse > > That sounds like a pretty straight forward description to test. > > I will be upgrading my 2 mailscanners to squeeze within the next couple of weeks and will try to change to the new method you describe at the same time. > > I'll be sure to report back if it works or not. > > Also once a couple of us have their systems working this way, and its confirmed it works issue free, somebody should update the wiki. > > Thanks so far for your insight :-) > > > Med venlig hilsen / Best regards > > Jonas Akrouh Larsen > > TechBiz ApS > Laplandsgade 4, 2. sal > 2300 K?benhavn S > > Office: 7020 0979 > Direct: 3336 9974 > Mobile: 5120 1096 > Fax:??? 7020 0978 > Web: www.techbiz.dk > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mejaz at cyberia.net.sa Fri Feb 18 19:44:24 2011 From: mejaz at cyberia.net.sa (Ejaz) Date: Fri Feb 18 19:46:41 2011 Subject: dictionary attack Message-ID: Hello, Now days there is lots of dictionary attacks towards my domain, find the below one of the example, would any one please help me how can I prevent such attacks, In my Linux machine, I have postfix, MailScanner, Spamassasin and clamav, xulmymyzfjkaf@boutiquesearchfirm.com nkanta@cyberia.net.sa nm2001@cyberia.net.sa nmj@cyberia.net.sa nmj_textile@cyberia.net.sa nmjnn@cyberia.net.sa nnasmac@cyberia.net.sa nnasmacb@cyberia.net.sa nnasmacd@cyberia.net.sa nnasmacdd@cyberia.net.sa nnasr@cyberia.net.sa nnsisco@cyberia.net.sa noda@cyberia.net.sa nomer1@cyberia.net.sa nospam@cyberia.net.sa notify@cyberia.net.sa nour@cyberia.net.sa noura@cyberia.net.sa nozhamed@cyberia.net.sa nplumbly@cyberia.net.sa ns@cyberia.net.sa nsaf-riyadh@cyberia.net.sa nsaurabia@cyberia.net.sa Regards, __________________ Ejaz Sr,Systems Administrator Middle East Internet Company (CYBERIA) Riyadh, Saudi Arabia Phone: +966-1-4647114 Ext: 140 Mobile +966-562311787 Fax: +966-1-4654735 E-mail: mejaz@cyberia.net.sa -- This message has been scanned for viruses and dangerous content by cyberia MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110218/b681a821/attachment.html From mikael at syska.dk Fri Feb 18 20:08:52 2011 From: mikael at syska.dk (Mikael Syska) Date: Fri Feb 18 20:09:06 2011 Subject: dictionary attack In-Reply-To: References: Message-ID: Hi, Go offline ... then they can't attack your domain. What seems to be the problem? Since you can't really make them stop ... there arent much you can do other than deny delivery for unknown users in your system ... and then scan the rest. Still ... I can't see the problem. mvh Mikael Syska On Fri, Feb 18, 2011 at 8:44 PM, Ejaz wrote: > Hello, > > > > Now days there is lots of dictionary attacks towards my domain, find the > below one of the example, would any one please help me how can I prevent > such attacks, > > > > In my Linux machine, I have postfix, MailScanner, Spamassasin and clamav, > > > > > > > > > > ?xulmymyzfjkaf@boutiquesearchfirm.com > > ???????????????????????????????????????? nkanta@cyberia.net.sa > > ???????????????????????????????????????? nm2001@cyberia.net.sa > > ???????????????????????????????????????? nmj@cyberia.net.sa > > ???????????????????????????????????????? nmj_textile@cyberia.net.sa > > ???????????????????????????????????????? nmjnn@cyberia.net.sa > > ???????????????????????????????????????? nnasmac@cyberia.net.sa > > ? ???????????????????????????????????????nnasmacb@cyberia.net.sa > > ???????????????????????????????????????? nnasmacd@cyberia.net.sa > > ???????????????????????????????????????? nnasmacdd@cyberia.net.sa > > ???????????????????????????????????????? nnasr@cyberia.net.sa > > ???????????????????????????????????????? nnsisco@cyberia.net.sa > > ???????????????????????????????????????? noda@cyberia.net.sa > > ???????????????????????????????????????? nomer1@cyberia.net.sa > > ???????????????????????????????????????? nospam@cyberia.net.sa > > ???? ????????????????????????????????????notify@cyberia.net.sa > > ???????????????????????????????????????? nour@cyberia.net.sa > > ???????????????????????????????????????? noura@cyberia.net.sa > > ???????????????????????????????????????? nozhamed@cyberia.net.sa > > ????????? ???????????????????????????????nplumbly@cyberia.net.sa > > ???????????????????????????????????????? ns@cyberia.net.sa > > ???????????????????????????????????????? nsaf-riyadh@cyberia.net.sa > > ???????????????????????????????????????? nsaurabia@cyberia.net.sa > > > > > > > > Regards, > __________________ > Ejaz > Sr,Systems Administrator > Middle East Internet Company (CYBERIA) > Riyadh, Saudi Arabia > Phone: +966-1-4647114? Ext: 140 > Mobile +966-562311787 > Fax: +966-1-4654735 > E-mail: mejaz@cyberia.net.sa > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From nsnidanko at harperpowerproducts.com Fri Feb 18 20:17:52 2011 From: nsnidanko at harperpowerproducts.com (Naz Snidanko) Date: Fri Feb 18 20:18:18 2011 Subject: dictionary attack References: Message-ID: <5C4A6241B56FDB48A0AC6AC13CA9FB05011ECBCC@tor_nt01.harperdda.com> >From what I understand he is not using recipient table and accepting email for anything @cyberia.net.sa. Are you using MailScanner server in gateway mode, or is this server is the final destination for your email? Naz Snidanko Desktop & Network Support Harper Power Products Inc. (p) 416 201- 7506 nsnidanko@harperpowerproducts.com -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mikael Syska Sent: February 18, 2011 3:09 PM To: MailScanner discussion Subject: Re: dictionary attack Hi, Go offline ... then they can't attack your domain. What seems to be the problem? Since you can't really make them stop ... there arent much you can do other than deny delivery for unknown users in your system ... and then scan the rest. Still ... I can't see the problem. mvh Mikael Syska On Fri, Feb 18, 2011 at 8:44 PM, Ejaz wrote: > Hello, > > > > Now days there is lots of dictionary attacks towards my domain, find the > below one of the example, would any one please help me how can I prevent > such attacks, > > > > In my Linux machine, I have postfix, MailScanner, Spamassasin and clamav, > > > > > > > > > > ?xulmymyzfjkaf@boutiquesearchfirm.com > > ???????????????????????????????????????? nkanta@cyberia.net.sa > > ???????????????????????????????????????? nm2001@cyberia.net.sa > > ???????????????????????????????????????? nmj@cyberia.net.sa > > ???????????????????????????????????????? nmj_textile@cyberia.net.sa > > ???????????????????????????????????????? nmjnn@cyberia.net.sa > > ???????????????????????????????????????? nnasmac@cyberia.net.sa > > ? ???????????????????????????????????????nnasmacb@cyberia.net.sa > > ???????????????????????????????????????? nnasmacd@cyberia.net.sa > > ???????????????????????????????????????? nnasmacdd@cyberia.net.sa > > ???????????????????????????????????????? nnasr@cyberia.net.sa > > ???????????????????????????????????????? nnsisco@cyberia.net.sa > > ???????????????????????????????????????? noda@cyberia.net.sa > > ???????????????????????????????????????? nomer1@cyberia.net.sa > > ???????????????????????????????????????? nospam@cyberia.net.sa > > ???? ????????????????????????????????????notify@cyberia.net.sa > > ???????????????????????????????????????? nour@cyberia.net.sa > > ???????????????????????????????????????? noura@cyberia.net.sa > > ???????????????????????????????????????? nozhamed@cyberia.net.sa > > ????????? ???????????????????????????????nplumbly@cyberia.net.sa > > ???????????????????????????????????????? ns@cyberia.net.sa > > ???????????????????????????????????????? nsaf-riyadh@cyberia.net.sa > > ???????????????????????????????????????? nsaurabia@cyberia.net.sa > > > > > > > > Regards, > __________________ > Ejaz > Sr,Systems Administrator > Middle East Internet Company (CYBERIA) > Riyadh, Saudi Arabia > Phone: +966-1-4647114? Ext: 140 > Mobile +966-562311787 > Fax: +966-1-4654735 > E-mail: mejaz@cyberia.net.sa > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From jakari at bithose.com Fri Feb 18 20:22:40 2011 From: jakari at bithose.com (Jameel Akari) Date: Fri Feb 18 20:23:16 2011 Subject: dictionary attack In-Reply-To: References: Message-ID: On Fri, 18 Feb 2011, Ejaz wrote: > Now days there is lots of dictionary attacks towards my domain, find the > below one of the example, would any one please help me how can I prevent > such attacks, Well, make sure you reject the invalid users up front, in the MTA. No point in scanning it, and then having it rejected downstream. I don't know how you configure this in Postfix specifically, but that's the first thing to check. If you're already doing this, then you don't have much of a problem anyway. Going further... are you running any RBLs in Postfix? Any source that keeps hammering away like this is likely to be in somebody's blacklist already. Rejecting on RBLs isn't for everyone though. If you're looking for a fun exercise and want to try to stop them entirely, you could consider logging the rejections and parsing out the sender's IP address(es) - feed those into your firewalls, your own RBLs, your MTA's access table, etc. But this way lies madness. ;) -- Jameel Akari From maxsec at gmail.com Fri Feb 18 20:32:01 2011 From: maxsec at gmail.com (Martin Hepworth) Date: Fri Feb 18 20:32:10 2011 Subject: dictionary attack In-Reply-To: References: Message-ID: Reject on the incoming NRA for invalid recipients.... See the wiki for some examples in the config mta section On Friday, 18 February 2011, Ejaz wrote: > > > > > > > > > > > > > > > > > > > Hello, > > > > Now days there is lots of dictionary attacks towards my > domain, find the below one of the example, would any one please help me how can > I prevent such attacks, > > > > In my Linux machine, I have postfix, MailScanner, Spamassasin > and clamav, > > > > > > > > > > ?xulmymyzfjkaf@boutiquesearchfirm.com > > > nkanta@cyberia.net.sa > > > nm2001@cyberia.net.sa > > > nmj@cyberia.net.sa > > > nmj_textile@cyberia.net.sa > > > nmjnn@cyberia.net.sa > > > nnasmac@cyberia.net.sa > > ? ???????????????????????????????????????nnasmacb@cyberia.net.sa > > > nnasmacd@cyberia.net.sa > > > nnasmacdd@cyberia.net.sa > > > nnasr@cyberia.net.sa > > > nnsisco@cyberia.net.sa > > > noda@cyberia.net.sa > > > nomer1@cyberia.net.sa > > > nospam@cyberia.net.sa > > ???? ????????????????????????????????????notify@cyberia.net.sa > > > nour@cyberia.net.sa > > > noura@cyberia.net.sa > > > nozhamed@cyberia.net.sa > > ????????? ???????????????????????????????nplumbly@cyberia.net.sa > > > ns@cyberia.net.sa > > > nsaf-riyadh@cyberia.net.sa > > > nsaurabia@cyberia.net.sa > > > > > > > > Regards, > __________________ > Ejaz > Sr,Systems Administrator > Middle East Internet Company (CYBERIA) > Riyadh, Saudi Arabia > Phone: +966-1-4647114? Ext: 140 > Mobile +966-562311787 > Fax: +966-1-4654735 > E-mail: mejaz@cyberia.net.sa > > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by > MailScanner, and is > > believed to be clean. > > > > -- -- Martin Hepworth Oxford, UK From alex at vidadigital.com.pa Fri Feb 18 20:34:04 2011 From: alex at vidadigital.com.pa (Alex Neuman van der Hans) Date: Fri Feb 18 20:34:29 2011 Subject: dictionary attack In-Reply-To: References: Message-ID: <4D5ED7BC.2060604@vidadigital.com.pa> Try fail2ban or vispan. On 2/18/2011 3:08 PM, Mikael Syska wrote: > Hi, > > > Go offline ... then they can't attack your domain. > > > What seems to be the problem? Since you can't really make them stop > ... there arent much you can do other than deny delivery for unknown > users in your system ... and then scan the rest. > > Still ... I can't see the problem. > > mvh > Mikael Syska > > On Fri, Feb 18, 2011 at 8:44 PM, Ejaz wrote: >> Hello, >> >> >> >> Now days there is lots of dictionary attacks towards my domain, find the >> below one of the example, would any one please help me how can I prevent >> such attacks, >> >> >> >> In my Linux machine, I have postfix, MailScanner, Spamassasin and clamav, >> >> >> >> >> >> >> >> >> >> xulmymyzfjkaf@boutiquesearchfirm.com >> >> nkanta@cyberia.net.sa >> >> nm2001@cyberia.net.sa >> >> nmj@cyberia.net.sa >> >> nmj_textile@cyberia.net.sa >> >> nmjnn@cyberia.net.sa >> >> nnasmac@cyberia.net.sa >> >> nnasmacb@cyberia.net.sa >> >> nnasmacd@cyberia.net.sa >> >> nnasmacdd@cyberia.net.sa >> >> nnasr@cyberia.net.sa >> >> nnsisco@cyberia.net.sa >> >> noda@cyberia.net.sa >> >> nomer1@cyberia.net.sa >> >> nospam@cyberia.net.sa >> >> notify@cyberia.net.sa >> >> nour@cyberia.net.sa >> >> noura@cyberia.net.sa >> >> nozhamed@cyberia.net.sa >> >> nplumbly@cyberia.net.sa >> >> ns@cyberia.net.sa >> >> nsaf-riyadh@cyberia.net.sa >> >> nsaurabia@cyberia.net.sa >> >> >> >> >> >> >> >> Regards, >> __________________ >> Ejaz >> Sr,Systems Administrator >> Middle East Internet Company (CYBERIA) >> Riyadh, Saudi Arabia >> Phone: +966-1-4647114 Ext: 140 >> Mobile +966-562311787 >> Fax: +966-1-4654735 >> E-mail: mejaz@cyberia.net.sa >> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507 6781-9505 +507 832-6725 Follow @AlexNeuman on Twitter http://facebook.com/vidadigital From postal.janitor at gmail.com Fri Feb 18 20:47:43 2011 From: postal.janitor at gmail.com (Adam Laye) Date: Fri Feb 18 20:47:51 2011 Subject: Fedora 12 MailScanner 4.77.10 Postfix 2.6.2 Whitelist issues RESOLVED!! Woot! Message-ID: Looks like it was pilot error. After reviewing all of the mail I noticed the majority had a from:(insert spoofed name here)@aol.com in the address field. The irony is I didn't realise this until I actually got some spam from AOL. None the less after searching my white list I discovered that *@aol.com had been added (put on the dunce cap) deleted the record from the white list and all is well. Thanks for the assistance guys some time it just take a little input from someone else >=-). Adam -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110218/8082e90e/attachment.html From stephencoxmail at gmail.com Sat Feb 19 06:40:14 2011 From: stephencoxmail at gmail.com (Stephen Cox) Date: Sat Feb 19 06:40:24 2011 Subject: dictionary attack In-Reply-To: <4D5ED7BC.2060604@vidadigital.com.pa> References: <4D5ED7BC.2060604@vidadigital.com.pa> Message-ID: +1 for fail2ban. I am using it for a month now and it works like an charm. On Fri, Feb 18, 2011 at 10:34 PM, Alex Neuman van der Hans < alex@vidadigital.com.pa> wrote: > Try fail2ban or vispan. > > > On 2/18/2011 3:08 PM, Mikael Syska wrote: > >> Hi, >> >> >> Go offline ... then they can't attack your domain. >> >> >> What seems to be the problem? Since you can't really make them stop >> ... there arent much you can do other than deny delivery for unknown >> users in your system ... and then scan the rest. >> >> Still ... I can't see the problem. >> >> mvh >> Mikael Syska >> >> On Fri, Feb 18, 2011 at 8:44 PM, Ejaz wrote: >> >>> Hello, >>> >>> >>> >>> Now days there is lots of dictionary attacks towards my domain, find the >>> below one of the example, would any one please help me how can I prevent >>> such attacks, >>> >>> >>> >>> In my Linux machine, I have postfix, MailScanner, Spamassasin and clamav, >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> xulmymyzfjkaf@boutiquesearchfirm.com >>> >>> nkanta@cyberia.net.sa >>> >>> nm2001@cyberia.net.sa >>> >>> nmj@cyberia.net.sa >>> >>> nmj_textile@cyberia.net.sa >>> >>> nmjnn@cyberia.net.sa >>> >>> nnasmac@cyberia.net.sa >>> >>> nnasmacb@cyberia.net.sa >>> >>> nnasmacd@cyberia.net.sa >>> >>> nnasmacdd@cyberia.net.sa >>> >>> nnasr@cyberia.net.sa >>> >>> nnsisco@cyberia.net.sa >>> >>> noda@cyberia.net.sa >>> >>> nomer1@cyberia.net.sa >>> >>> nospam@cyberia.net.sa >>> >>> notify@cyberia.net.sa >>> >>> nour@cyberia.net.sa >>> >>> noura@cyberia.net.sa >>> >>> nozhamed@cyberia.net.sa >>> >>> nplumbly@cyberia.net.sa >>> >>> ns@cyberia.net.sa >>> >>> nsaf-riyadh@cyberia.net.sa >>> >>> nsaurabia@cyberia.net.sa >>> >>> >>> >>> >>> >>> >>> >>> Regards, >>> __________________ >>> Ejaz >>> Sr,Systems Administrator >>> Middle East Internet Company (CYBERIA) >>> Riyadh, Saudi Arabia >>> Phone: +966-1-4647114 Ext: 140 >>> Mobile +966-562311787 >>> Fax: +966-1-4654735 >>> E-mail: mejaz@cyberia.net.sa >>> >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> > -- > -- > > Alex Neuman van der Hans > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > +507 6781-9505 > +507 832-6725 > > Follow @AlexNeuman on Twitter > http://facebook.com/vidadigital > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Stephen Cox -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110219/849ec32f/attachment.html From mejaz at cyberia.net.sa Sat Feb 19 06:50:38 2011 From: mejaz at cyberia.net.sa (Ejaz) Date: Sat Feb 19 06:54:13 2011 Subject: dictionary attack In-Reply-To: <5C4A6241B56FDB48A0AC6AC13CA9FB05011ECBCC@tor_nt01.harperdda.com> References: <5C4A6241B56FDB48A0AC6AC13CA9FB05011ECBCC@tor_nt01.harperdda.com> Message-ID: <83E6750671D841B4BEA881F7090A8975@EJAZ> All, Yes it's true we are accepting emails from anywhere and anyone there is no recipient table exist on the server (function of this server is to filter incoming mails ) and then redirecting them as per the transport file Ejaz -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Naz Snidanko Sent: Friday, February 18, 2011 11:18 PM To: MailScanner discussion Subject: RE: dictionary attack >From what I understand he is not using recipient table and accepting email for anything @cyberia.net.sa. Are you using MailScanner server in gateway mode, or is this server is the final destination for your email? Naz Snidanko Desktop & Network Support Harper Power Products Inc. (p) 416 201- 7506 nsnidanko@harperpowerproducts.com -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mikael Syska Sent: February 18, 2011 3:09 PM To: MailScanner discussion Subject: Re: dictionary attack Hi, Go offline ... then they can't attack your domain. What seems to be the problem? Since you can't really make them stop ... there arent much you can do other than deny delivery for unknown users in your system ... and then scan the rest. Still ... I can't see the problem. mvh Mikael Syska On Fri, Feb 18, 2011 at 8:44 PM, Ejaz wrote: > Hello, > > > > Now days there is lots of dictionary attacks towards my domain, find the > below one of the example, would any one please help me how can I prevent > such attacks, > > > > In my Linux machine, I have postfix, MailScanner, Spamassasin and clamav, > > > > > > > > > > xulmymyzfjkaf@boutiquesearchfirm.com > > nkanta@cyberia.net.sa > > nm2001@cyberia.net.sa > > nmj@cyberia.net.sa > > nmj_textile@cyberia.net.sa > > nmjnn@cyberia.net.sa > > nnasmac@cyberia.net.sa > > nnasmacb@cyberia.net.sa > > nnasmacd@cyberia.net.sa > > nnasmacdd@cyberia.net.sa > > nnasr@cyberia.net.sa > > nnsisco@cyberia.net.sa > > noda@cyberia.net.sa > > nomer1@cyberia.net.sa > > nospam@cyberia.net.sa > > notify@cyberia.net.sa > > nour@cyberia.net.sa > > noura@cyberia.net.sa > > nozhamed@cyberia.net.sa > > nplumbly@cyberia.net.sa > > ns@cyberia.net.sa > > nsaf-riyadh@cyberia.net.sa > > nsaurabia@cyberia.net.sa > > > > > > > > Regards, > __________________ > Ejaz > Sr,Systems Administrator > Middle East Internet Company (CYBERIA) > Riyadh, Saudi Arabia > Phone: +966-1-4647114 Ext: 140 > Mobile +966-562311787 > Fax: +966-1-4654735 > E-mail: mejaz@cyberia.net.sa > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by cyberia MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by cyberia MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110219/6686a961/attachment-0001.html From steve.freegard at fsl.com Sat Feb 19 07:43:40 2011 From: steve.freegard at fsl.com (Steve Freegard) Date: Sat Feb 19 07:43:57 2011 Subject: dictionary attack In-Reply-To: <83E6750671D841B4BEA881F7090A8975@EJAZ> References: <5C4A6241B56FDB48A0AC6AC13CA9FB05011ECBCC@tor_nt01.harperdda.com> <83E6750671D841B4BEA881F7090A8975@EJAZ> Message-ID: <4D5F74AC.9010101@fsl.com> On 19/02/11 06:50, Ejaz wrote: > All, > > Yes it?s true we are accepting emails from anywhere and anyone there is > no recipient table exist on the server (function of this server is to > filter incoming mails ) and then redirecting them as per the transport file > See http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:reject_non_existent_users#using_smtp_recipient_verification Or - if the destination can't reject invalid users at SMTP time; then you'll need to build a recipient table to reject the invalid ones (covered on the same page). Regards, Steve. From alex at vidadigital.com.pa Sat Feb 19 12:04:50 2011 From: alex at vidadigital.com.pa (Alex Neuman) Date: Sat Feb 19 12:05:04 2011 Subject: dictionary attack In-Reply-To: <83E6750671D841B4BEA881F7090A8975@EJAZ> References: <5C4A6241B56FDB48A0AC6AC13CA9FB05011ECBCC@tor_nt01.harperdda.com> <83E6750671D841B4BEA881F7090A8975@EJAZ> Message-ID: <4F6A9E00-249B-4D1E-9C9F-05133EB7E26B@vidadigital.com.pa> You should really look into fixing that. On Feb 19, 2011, at 1:50 AM, Ejaz wrote: > Yes it?s true we are accepting emails from anywhere and anyone there is no recipient table exist on the server (function of this server is to filter incoming mails ) and then redirecting them as per the transport file > -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 +1-440-253-9789 (USA) Recuerda visitar http://vidadigital.com.pa/ BB PIN 20EA17C5 Twitter: @AlexNeuman - @VidaDigitalTV http://facebook.com/vidadigital Skype: alexneuman From alex at vidadigital.com.pa Sat Feb 19 21:36:43 2011 From: alex at vidadigital.com.pa (Alex Neuman van der Hans) Date: Sat Feb 19 21:37:07 2011 Subject: Feature (?) Request Message-ID: <4D6037EB.5070301@vidadigital.com.pa> Julian, I was wondering if it would be useful for others to insert variables in inline.sig.txt and inline.sig.html - specifically, something like the Message-ID. Sometimes users aren't savvy enough to know how to extract headers, and having that info might save some time looking for the message in MailWatch or other similar tools. What do you think? -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507 6781-9505 +507 832-6725 Follow @AlexNeuman on Twitter http://facebook.com/vidadigital From jonas at vrt.dk Sun Feb 20 21:14:11 2011 From: jonas at vrt.dk (Jonas) Date: Sun Feb 20 21:14:21 2011 Subject: Dead links Message-ID: <09F23668E315FD4597C13D73E5123ADF56B385@SCTSBS.sct.dk> Hi Julian (or anybody else who can edit the MailScanner webpage) I'm in the process of trying to get my MailScanner working after updating spamassassin and a bunch of modules, MIME-tools is causing issues. Is there still no way to use the new versions? Anyway I'm trying to use the patched one u provide on http://www.mailscanner.info/perl.html , which I'm not having much luck with either (it fails one of the tests in make test, and I'm not sure if its spamd related as u note in your comments) Anyway I wanted to look at the individual patches and they are all dead. Meaning: http://www.mailscanner.info/mime-tools-patch.txt http://www.mailscanner.info/mime-tools-patch2.txt etc. Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110220/1a07fb2e/attachment.html From Robert.Meurlin at se.fujitsu.com Mon Feb 21 12:35:14 2011 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Mon Feb 21 12:36:33 2011 Subject: spamassassin install failure Message-ID: Hi, Have problem with installing the Clam and SA package I get this error message: ---------------------- Setting a soft-link from spam.assassin.prefs.conf into the SpamAssassin site rules directory. spam.assassin.prefs.conf is read directly by the SpamAssassin startup code, so make sure you have a link from the site_rules directory to this file in your MailScanner/etc directory. Perl could not find your SpamAssassin installation. Strange, I just installed it. You should fix this! Making backup of pre files to /tmp/backup.pre.28193.tar tar: *pre: Cannot stat: No such file or directory tar: Exiting with failure status due to previous errors Now go and find your v310.pre and v320.pre files, echo which may well be in the /etc/mail/spamassassin directory. You need to save a copy of your old v330.pre file and rename the v330.pre file to v320.pre. Lot of this error in installation log: Use of "goto" to jump into a construct is deprecated at ../blib/lib/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of "goto" to jump into a construct is deprecated at ../blib/lib/Mail/SpamAssassin/Plugin/Check.pm line 409. --------------------- You want to use SpamAssassin but have not installed it. at /usr/lib/MailScanner/MailScanner/SA.pm line 177 Please download http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz and unpack it and run ./install.sh to install it, then restart MailScanner. at /usr/lib/MailScanner/MailScanner/SA.pm line 178 --------------------- Spamassassin Clam version trying to install: install-Clam-0.96.5-SA-3.3.1 Perl Version: 5.12.1-2.3.1 Open suse version 11.3 Found this bug report but its over 1 year old almost: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6392 It has nothing to do with this problem: http://isborken.blogspot.com/2008/01/mystery-of-borken-server-solved.html Does anyone have a tip? Rob -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110221/a2eed2d3/attachment.html From paul.simpkin at tdguk.com Mon Feb 21 19:13:20 2011 From: paul.simpkin at tdguk.com (Paul Simpkin) Date: Mon Feb 21 19:23:26 2011 Subject: Slow outgoing mail queue. Message-ID: Hi, I really need some help with Mailscanner or sendmail not sure what one is making my mail queue very slow. From the logs I can see that all the normal scans are done then the mail just sits in the outgoing queue. Here is where the log file just stops for well over 10mins. I have changed the startup script for sendmail and added -q1m but still does not help. Feb 21 19:05:55 mx1 MailScanner[29289]: Spam Checks completed at 9620 bytes per second Feb 21 19:05:55 mx1 MailScanner[29289]: Uninfected: Delivered 1 messages Feb 21 19:05:55 mx1 MailScanner[29289]: Virus Processing completed at 612801 bytes per second Feb 21 19:05:55 mx1 MailScanner[29289]: Deleted 1 messages from processing-database Feb 21 19:05:55 mx1 MailScanner[29289]: Batch completed at 8773 bytes per second (8616 / 0) Feb 21 19:05:55 mx1 MailScanner[29289]: Batch (1 message) processed in 0.98 seconds Feb 21 19:05:55 mx1 MailScanner[29289]: Logging message p1LJ5sAc029339 to SQL Feb 21 19:05:55 mx1 MailScanner[29289]: "Always Looked Up Last" took 0.00 seconds Here is a my version etc: Linux mx1.tdguk.com 2.6.18-194.17.1.el5.centos.plus #1 SMP Thu Sep 30 19:27:35 EDT 2010 i686 i686 i386 GNU/Linux This is CentOS release 5.5 (Final) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.81.4 Hope someone can help. Regards, Paul Simpkin -- This message has been scanned for viruses and dangerous content by TDG UK, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110221/141dde33/attachment.html From maxsec at gmail.com Mon Feb 21 19:40:14 2011 From: maxsec at gmail.com (Martin Hepworth) Date: Mon Feb 21 19:40:24 2011 Subject: Slow outgoing mail queue. In-Reply-To: References: Message-ID: Been ok and suddenly not working or a new install or an upgrade? IE has something changed? is this a pure relay machine or does the email get stored on the local machine? Effects all email or just to a certain domain? Martin On Monday, 21 February 2011, Paul Simpkin wrote: > Hi,?I really need some help with Mailscanner or sendmail not sure what one is making my mail queue very slow. From the logs I can see that all the normal scans are done then the mail just sits in the outgoing queue.?Here is where the log file just stops for well over 10mins. I have changed the startup script for sendmail and added ?q1m but still does not help.?Feb 21 19:05:55 mx1 MailScanner[29289]: Spam Checks completed at 9620 bytes per secondFeb 21 19:05:55 mx1 MailScanner[29289]: Uninfected: Delivered 1 messagesFeb 21 19:05:55 mx1 MailScanner[29289]: Virus Processing completed at 612801 bytes per secondFeb 21 19:05:55 mx1 MailScanner[29289]: Deleted 1 messages from processing-databaseFeb 21 19:05:55 mx1 MailScanner[29289]: Batch completed at 8773 bytes per second (8616 / 0)Feb 21 19:05:55 mx1 MailScanner[29289]: Batch (1 message) processed in 0.98 secondsFeb 21 19:05:55 mx1 MailScanner[29289]: Logging message p1LJ5sAc029339 to SQLFeb 21 19:05:55 mx1 MailScanner[29289]: "Always Looked Up Last" took 0.00 seconds????Here is a my version etc:?Linux mx1.tdguk.com 2.6.18-194.17.1.el5.centos.plus #1 SMP Thu Sep 30 19:27:35 EDT 2010 i686 i686 i386 GNU/LinuxThis is CentOS release 5.5 (Final)This is Perl version 5.008008 (5.8.8)?This is MailScanner version 4.81.4??Hope someone can help.??Regards,?Paul Simpkin > -- -- Martin Hepworth Oxford, UK From igueths at lava-net.com Mon Feb 21 19:47:50 2011 From: igueths at lava-net.com (Igor Gueths) Date: Mon Feb 21 19:48:32 2011 Subject: Slow outgoing mail queue. In-Reply-To: References: Message-ID: <20110221194750.GA25186@lava-net.com> Hi Paul. On Mon, Feb 21, 2011 at 07:13:20PM -0000, Paul Simpkin wrote: > Hi, > > > > I really need some help with Mailscanner or sendmail not sure what one > is making my mail queue very slow. From the logs I can see that all the > normal scans are done then the mail just sits in the outgoing queue. > > > > Here is where the log file just stops for well over 10mins. I have > changed the startup script for sendmail and added -q1m but still does > not help. > While I don't use Sendmail myself, I noticed that all the log messages you pasted were MailScanner related, with the possible exception of the one that writes data out to MySQL. Do you not get any Sendmail log messages at all during that time period? Have you tried increasing Sendmail's verbosity temporarily to see if anything may be amiss on the Sendmail side of things? > > > Feb 21 19:05:55 mx1 MailScanner[29289]: Spam Checks completed at 9620 > bytes per second > > Feb 21 19:05:55 mx1 MailScanner[29289]: Uninfected: Delivered 1 messages > > Feb 21 19:05:55 mx1 MailScanner[29289]: Virus Processing completed at > 612801 bytes per second > > Feb 21 19:05:55 mx1 MailScanner[29289]: Deleted 1 messages from > processing-database > > Feb 21 19:05:55 mx1 MailScanner[29289]: Batch completed at 8773 bytes > per second (8616 / 0) > > Feb 21 19:05:55 mx1 MailScanner[29289]: Batch (1 message) processed in > 0.98 seconds > > Feb 21 19:05:55 mx1 MailScanner[29289]: Logging message p1LJ5sAc029339 > to SQL > > Feb 21 19:05:55 mx1 MailScanner[29289]: "Always Looked Up Last" took > 0.00 seconds > > > > > > > > > > Here is a my version etc: > > > > Linux mx1.tdguk.com 2.6.18-194.17.1.el5.centos.plus #1 SMP Thu Sep 30 > 19:27:35 EDT 2010 i686 i686 i386 GNU/Linux > > This is CentOS release 5.5 (Final) > > This is Perl version 5.008008 (5.8.8) > > > > This is MailScanner version 4.81.4 > > > > > > Hope someone can help. > > > > > > Regards, > > > > Paul Simpkin > > > > > > > -- > This message has been scanned for viruses and > dangerous content by TDG UK, and is > believed to be clean. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Igor -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110221/555fe472/attachment.bin From alex at vidadigital.com.pa Mon Feb 21 19:52:24 2011 From: alex at vidadigital.com.pa (Alex Neuman van der Hans) Date: Mon Feb 21 19:52:52 2011 Subject: Slow outgoing mail queue. In-Reply-To: References: Message-ID: <4D62C278.4000601@vidadigital.com.pa> Ahem... "affects"... :-) On 2/21/2011 2:40 PM, Martin Hepworth wrote: > > Effects all email or just to a certain domain? > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507 6781-9505 +507 832-6725 Follow @AlexNeuman on Twitter http://facebook.com/vidadigital From steve at fsl.com Mon Feb 21 19:57:34 2011 From: steve at fsl.com (Stephen Swaney) Date: Mon Feb 21 19:57:46 2011 Subject: Slow outgoing mail queue. In-Reply-To: References: Message-ID: <2E2B9899-5DE7-472D-8EB2-BE1B802C822D@fsl.com> Paul, Mail sitting in the outbound mail queue is not usually a MailScanner problem. When MailScanner finishes scanning, it passes the message back to sendmail for delivery. Only if sendmail can?t deliver the message immediately does sendmail place the message in the outbound retry mail queue. You can see what?s in the outbound deferred mail queue by running: mailq That should show output similar to: /var/spool/mqueue (1 request) -----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient----------- p1IF3cOE000800 5124 Fri Feb 18 10:03 MAILER-DAEMON (Deferred: Connection timed out with mail.xxxxsupport.com) There should be a line for each message that shows the reason why the message delivery has been deferred. Best regards, Steve -- Steve Swaney steve@fsl.com www.fsl.com The most accurate and cost effective anti-spam solutions available On Feb 21, 2011, at 3:13 PM, Paul Simpkin wrote: > Hi, > > I really need some help with Mailscanner or sendmail not sure what one is making my mail queue very slow. From the logs I can see that all the normal scans are done then the mail just sits in the outgoing queue. > > Here is where the log file just stops for well over 10mins. I have changed the startup script for sendmail and added ?q1m but still does not help. > > Feb 21 19:05:55 mx1 MailScanner[29289]: Spam Checks completed at 9620 bytes per second > Feb 21 19:05:55 mx1 MailScanner[29289]: Uninfected: Delivered 1 messages > Feb 21 19:05:55 mx1 MailScanner[29289]: Virus Processing completed at 612801 bytes per second > Feb 21 19:05:55 mx1 MailScanner[29289]: Deleted 1 messages from processing-database > Feb 21 19:05:55 mx1 MailScanner[29289]: Batch completed at 8773 bytes per second (8616 / 0) > Feb 21 19:05:55 mx1 MailScanner[29289]: Batch (1 message) processed in 0.98 seconds > Feb 21 19:05:55 mx1 MailScanner[29289]: Logging message p1LJ5sAc029339 to SQL > Feb 21 19:05:55 mx1 MailScanner[29289]: "Always Looked Up Last" took 0.00 seconds > > > > > Here is a my version etc: > > Linux mx1.tdguk.com 2.6.18-194.17.1.el5.centos.plus #1 SMP Thu Sep 30 19:27:35 EDT 2010 i686 i686 i386 GNU/Linux > This is CentOS release 5.5 (Final) > This is Perl version 5.008008 (5.8.8) > > This is MailScanner version 4.81.4 > > > Hope someone can help. > > > Regards, > > Paul Simpkin > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110221/881f2964/attachment.html From paul.simpkin at tdguk.com Tue Feb 22 09:00:56 2011 From: paul.simpkin at tdguk.com (Paul Simpkin) Date: Tue Feb 22 09:19:31 2011 Subject: Slow outgoing mail queue. In-Reply-To: <2E2B9899-5DE7-472D-8EB2-BE1B802C822D@fsl.com> References: <2E2B9899-5DE7-472D-8EB2-BE1B802C822D@fsl.com> Message-ID: Thank you all so much for the pointers. Yes I can see Mailscanner is not the problem here. Mailscanner takes the email, washes the mail then pop's it in the outgoing queue. Then Sendmail (for all domains) just sits there for well over 7mins before trying to send the queue. Sometimes there can be upto 60+ emails waiting. One thing I can see is that only 3 sendmail's are running, 2 of them are stuck trying to deliver mail to domain with no DNS. IE dead mail etc. Again thanks for all your help so far! Regards, Paul Simpin From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Stephen Swaney Sent: 21 February 2011 19:58 To: MailScanner discussion Subject: Re: Slow outgoing mail queue. Paul, Mail sitting in the outbound mail queue is not usually a MailScanner problem. When MailScanner finishes scanning, it passes the message back to sendmail for delivery. Only if sendmail can't deliver the message immediately does sendmail place the message in the outbound retry mail queue. You can see what's in the outbound deferred mail queue by running: mailq That should show output similar to: /var/spool/mqueue (1 request) -----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient----------- p1IF3cOE000800 5124 Fri Feb 18 10:03 MAILER-DAEMON (Deferred: Connection timed out with mail.xxxxsupport.com) There should be a line for each message that shows the reason why the message delivery has been deferred. Best regards, Steve -- Steve Swaney steve@fsl.com www.fsl.com The most accurate and cost effective anti-spam solutions available On Feb 21, 2011, at 3:13 PM, Paul Simpkin wrote: Hi, I really need some help with Mailscanner or sendmail not sure what one is making my mail queue very slow. From the logs I can see that all the normal scans are done then the mail just sits in the outgoing queue. Here is where the log file just stops for well over 10mins. I have changed the startup script for sendmail and added -q1m but still does not help. Feb 21 19:05:55 mx1 MailScanner[29289]: Spam Checks completed at 9620 bytes per second Feb 21 19:05:55 mx1 MailScanner[29289]: Uninfected: Delivered 1 messages Feb 21 19:05:55 mx1 MailScanner[29289]: Virus Processing completed at 612801 bytes per second Feb 21 19:05:55 mx1 MailScanner[29289]: Deleted 1 messages from processing-database Feb 21 19:05:55 mx1 MailScanner[29289]: Batch completed at 8773 bytes per second (8616 / 0) Feb 21 19:05:55 mx1 MailScanner[29289]: Batch (1 message) processed in 0.98 seconds Feb 21 19:05:55 mx1 MailScanner[29289]: Logging message p1LJ5sAc029339 to SQL Feb 21 19:05:55 mx1 MailScanner[29289]: "Always Looked Up Last" took 0.00 seconds Here is a my version etc: Linux mx1.tdguk.com 2.6.18-194.17.1.el5.centos.plus #1 SMP Thu Sep 30 19:27:35 EDT 2010 i686 i686 i386 GNU/Linux This is CentOS release 5.5 (Final) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.81.4 Hope someone can help. Regards, Paul Simpkin -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by TDG UK, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110222/352043a3/attachment.html From steve at fsl.com Tue Feb 22 10:10:49 2011 From: steve at fsl.com (Steve Swaney) Date: Tue Feb 22 10:11:00 2011 Subject: Slow outgoing mail queue. Message-ID: <3cxjg92idwf7dqjfgdp0ycu5.1298368615363@email.android.com> Paul, What does the output of 'mailq' show? Best regards Steve -- Steve Swaney steve@swaney.com Fort Systems Ltd www.fsl.com Paul Simpkin wrote: >Thank you all so much for the pointers. > > > >Yes I can see Mailscanner is not the problem here. Mailscanner takes the >email, washes the mail then pop's it in the outgoing queue. > > > >Then Sendmail (for all domains) just sits there for well over 7mins >before trying to send the queue. Sometimes there can be upto 60+ emails >waiting. > > > >One thing I can see is that only 3 sendmail's are running, 2 of them are >stuck trying to deliver mail to domain with no DNS. IE dead mail etc. > > > > > >Again thanks for all your help so far! > > > >Regards, > > > >Paul Simpin > > > >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Stephen >Swaney >Sent: 21 February 2011 19:58 >To: MailScanner discussion >Subject: Re: Slow outgoing mail queue. > > > >Paul, > > > >Mail sitting in the outbound mail queue is not usually a MailScanner >problem. > > > >When MailScanner finishes scanning, it passes the message back to >sendmail for delivery. Only if sendmail can't deliver the message >immediately does sendmail place the message in the outbound retry mail >queue. > > > >You can see what's in the outbound deferred mail queue by running: > > > > mailq > > > >That should show output similar to: > > > > /var/spool/mqueue (1 request) > >-----Q-ID----- --Size-- -----Q-Time----- >------------Sender/Recipient----------- > >p1IF3cOE000800 5124 Fri Feb 18 10:03 MAILER-DAEMON > > (Deferred: Connection timed out with >mail.xxxxsupport.com) > > > > > > >There should be a line for each message that shows the reason why the >message delivery has been deferred. > > > >Best regards, > >Steve >-- >Steve Swaney >steve@fsl.com >www.fsl.com >The most accurate and cost effective anti-spam solutions available > > > > > >On Feb 21, 2011, at 3:13 PM, Paul Simpkin wrote: > > > > > >Hi, > > > >I really need some help with Mailscanner or sendmail not sure what one >is making my mail queue very slow. From the logs I can see that all the >normal scans are done then the mail just sits in the outgoing queue. > > > >Here is where the log file just stops for well over 10mins. I have >changed the startup script for sendmail and added -q1m but still does >not help. > > > >Feb 21 19:05:55 mx1 MailScanner[29289]: Spam Checks completed at 9620 >bytes per second > >Feb 21 19:05:55 mx1 MailScanner[29289]: Uninfected: Delivered 1 messages > >Feb 21 19:05:55 mx1 MailScanner[29289]: Virus Processing completed at >612801 bytes per second > >Feb 21 19:05:55 mx1 MailScanner[29289]: Deleted 1 messages from >processing-database > >Feb 21 19:05:55 mx1 MailScanner[29289]: Batch completed at 8773 bytes >per second (8616 / 0) > >Feb 21 19:05:55 mx1 MailScanner[29289]: Batch (1 message) processed in >0.98 seconds > >Feb 21 19:05:55 mx1 MailScanner[29289]: Logging message p1LJ5sAc029339 >to SQL > >Feb 21 19:05:55 mx1 MailScanner[29289]: "Always Looked Up Last" took >0.00 seconds > > > > > > > > > >Here is a my version etc: > > > >Linux mx1.tdguk.com 2.6.18-194.17.1.el5.centos.plus #1 SMP Thu Sep 30 >19:27:35 EDT 2010 i686 i686 i386 GNU/Linux > >This is CentOS release 5.5 (Final) > >This is Perl version 5.008008 (5.8.8) > > > >This is MailScanner version 4.81.4 > > > > > >Hope someone can help. > > > > > >Regards, > > > >Paul Simpkin > > > > > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > > > > >-- >This message has been scanned for viruses and >dangerous content by TDG UK, and is >believed to be clean. > > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Feb 22 12:24:05 2011 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 22 12:24:27 2011 Subject: Slow outgoing mail queue. In-Reply-To: References: <2E2B9899-5DE7-472D-8EB2-BE1B802C822D@fsl.com> <4D63AAE5.1020205@ecs.soton.ac.uk> Message-ID: What is "Delivery Method" set to in MailScanner.conf? It should be "batch", certainly not "queue" which would give you the symptoms you're seeing. Jules. On 22/02/2011 09:00, Paul Simpkin wrote: > > Thank you all so much for the pointers. > > Yes I can see Mailscanner is not the problem here. Mailscanner takes > the email, washes the mail then pop?s it in the outgoing queue. > > Then Sendmail (for all domains) just sits there for well over 7mins > before trying to send the queue. Sometimes there can be upto 60+ > emails waiting. > > One thing I can see is that only 3 sendmail?s are running, 2 of them > are stuck trying to deliver mail to domain with no DNS. IE dead mail etc. > > Again thanks for all your help so far! > > Regards, > > Paul Simpin > > *From:*mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Stephen Swaney > *Sent:* 21 February 2011 19:58 > *To:* MailScanner discussion > *Subject:* Re: Slow outgoing mail queue. > > Paul, > > Mail sitting in the outbound mail queue is not usually a MailScanner > problem. > > When MailScanner finishes scanning, it passes the message back to > sendmail for delivery. Only if sendmail can?t deliver the message > immediately does sendmail place the message in the outbound retry mail > queue. > > You can see what?s in the outbound deferred mail queue by running: > > mailq > > That should show output similar to: > > /var/spool/mqueue (1 request) > > -----Q-ID----- --Size-- -----Q-Time----- > ------------Sender/Recipient----------- > > p1IF3cOE000800 5124 Fri Feb 18 10:03 MAILER-DAEMON > > (Deferred: Connection timed out with mail.xxxxsupport.com > ) > > > > > There should be a line for each message that shows the reason why the > message delivery has been deferred. > > Best regards, > > Steve > -- > Steve Swaney > steve@fsl.com > www.fsl.com > The most accurate and cost effective anti-spam solutions available > > On Feb 21, 2011, at 3:13 PM, Paul Simpkin wrote: > > > > Hi, > > I really need some help with Mailscanner or sendmail not sure what one > is making my mail queue very slow. From the logs I can see that all > the normal scans are done then the mail just sits in the outgoing queue. > > Here is where the log file just stops for well over 10mins. I have > changed the startup script for sendmail and added ?q1m but still does > not help. > > Feb 21 19:05:55 mx1 MailScanner[29289]: Spam Checks completed at 9620 > bytes per second > > Feb 21 19:05:55 mx1 MailScanner[29289]: Uninfected: Delivered 1 messages > > Feb 21 19:05:55 mx1 MailScanner[29289]: Virus Processing completed at > 612801 bytes per second > > Feb 21 19:05:55 mx1 MailScanner[29289]: Deleted 1 messages from > processing-database > > Feb 21 19:05:55 mx1 MailScanner[29289]: Batch completed at 8773 bytes > per second (8616 / 0) > > Feb 21 19:05:55 mx1 MailScanner[29289]: Batch (1 message) processed in > 0.98 seconds > > Feb 21 19:05:55 mx1 MailScanner[29289]: Logging message p1LJ5sAc029339 > to SQL > > Feb 21 19:05:55 mx1 MailScanner[29289]: "Always Looked Up Last" took > 0.00 seconds > > Here is a my version etc: > > Linuxmx1.tdguk.com > 2.6.18-194.17.1.el5.centos.plus #1 SMP Thu Sep > 30 19:27:35 EDT 2010 i686 i686 i386 GNU/Linux > > This is CentOS release 5.5 (Final) > > This is Perl version 5.008008 (5.8.8) > > This is MailScanner version 4.81.4 > > Hope someone can help. > > Regards, > > Paul Simpkin > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, readhttp://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Dstraka at caspercollege.edu Tue Feb 22 18:26:04 2011 From: Dstraka at caspercollege.edu (Daniel Straka) Date: Tue Feb 22 18:26:38 2011 Subject: Messages with Multiple Bcc Recipients Message-ID: <4D639D4C02000000001106BE@gw.caspercollege.edu> MailScanner Gurus... Can MS be configured to drop messages coming in with multiple Bcc recipients? If so, how would I set that up? Thanks, Dan Straka Systems Coordinator Casper College 307.268.2399 http://www.caspercollege.edu From glenn.steen at gmail.com Tue Feb 22 21:49:16 2011 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 22 21:49:27 2011 Subject: Messages with Multiple Bcc Recipients In-Reply-To: <4D639D4C02000000001106BE@gw.caspercollege.edu> References: <4D639D4C02000000001106BE@gw.caspercollege.edu> Message-ID: Mailscanner as such only see the envelope recipients ( the smtp rcpt to from the actual smtp conversation), where things like To:, Cc: and Bcc: lack meaning. What you need look at is spamassassin rules and perhaps rule hit actions, but... Be warned that determining which envelope recipients are Bcc'd might be a bit tricky and need sone form of perl hacking... Cheers Den 22 feb 2011 19.32, "Daniel Straka" skrev: MailScanner Gurus... Can MS be configured to drop messages coming in with multiple Bcc recipients? If so, how would I set that up? Thanks, Dan Straka Systems Coordinator Casper College 307.268.2399 http://www.caspercollege.edu -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110222/2704dcea/attachment.html From paul.simpkin at tdguk.com Wed Feb 23 00:18:57 2011 From: paul.simpkin at tdguk.com (Paul Simpkin) Date: Wed Feb 23 00:19:18 2011 Subject: Slow outgoing mail queue. In-Reply-To: References: <2E2B9899-5DE7-472D-8EB2-BE1B802C822D@fsl.com><4D63AAE5.1020205@ecs.soton.ac.uk> Message-ID: Opps, Sooo sorry! This option has fix my queue problems. Thank you sooo much! Kind Regards, Paul -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 22 February 2011 12:24 To: MailScanner discussion Subject: Re: Slow outgoing mail queue. What is "Delivery Method" set to in MailScanner.conf? It should be "batch", certainly not "queue" which would give you the symptoms you're seeing. Jules. On 22/02/2011 09:00, Paul Simpkin wrote: > > Thank you all so much for the pointers. > > Yes I can see Mailscanner is not the problem here. Mailscanner takes > the email, washes the mail then pop's it in the outgoing queue. > > Then Sendmail (for all domains) just sits there for well over 7mins > before trying to send the queue. Sometimes there can be upto 60+ > emails waiting. > > One thing I can see is that only 3 sendmail's are running, 2 of them > are stuck trying to deliver mail to domain with no DNS. IE dead mail etc. > > Again thanks for all your help so far! > > Regards, > > Paul Simpin > > *From:*mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Stephen Swaney > *Sent:* 21 February 2011 19:58 > *To:* MailScanner discussion > *Subject:* Re: Slow outgoing mail queue. > > Paul, > > Mail sitting in the outbound mail queue is not usually a MailScanner > problem. > > When MailScanner finishes scanning, it passes the message back to > sendmail for delivery. Only if sendmail can't deliver the message > immediately does sendmail place the message in the outbound retry mail > queue. > > You can see what's in the outbound deferred mail queue by running: > > mailq > > That should show output similar to: > > /var/spool/mqueue (1 request) > > -----Q-ID----- --Size-- -----Q-Time----- > ------------Sender/Recipient----------- > > p1IF3cOE000800 5124 Fri Feb 18 10:03 MAILER-DAEMON > > (Deferred: Connection timed out with mail.xxxxsupport.com > ) > > > > > There should be a line for each message that shows the reason why the > message delivery has been deferred. > > Best regards, > > Steve > -- > Steve Swaney > steve@fsl.com > www.fsl.com > The most accurate and cost effective anti-spam solutions available > > On Feb 21, 2011, at 3:13 PM, Paul Simpkin wrote: > > > > Hi, > > I really need some help with Mailscanner or sendmail not sure what one > is making my mail queue very slow. From the logs I can see that all > the normal scans are done then the mail just sits in the outgoing queue. > > Here is where the log file just stops for well over 10mins. I have > changed the startup script for sendmail and added -q1m but still does > not help. > > Feb 21 19:05:55 mx1 MailScanner[29289]: Spam Checks completed at 9620 > bytes per second > > Feb 21 19:05:55 mx1 MailScanner[29289]: Uninfected: Delivered 1 > messages > > Feb 21 19:05:55 mx1 MailScanner[29289]: Virus Processing completed at > 612801 bytes per second > > Feb 21 19:05:55 mx1 MailScanner[29289]: Deleted 1 messages from > processing-database > > Feb 21 19:05:55 mx1 MailScanner[29289]: Batch completed at 8773 bytes > per second (8616 / 0) > > Feb 21 19:05:55 mx1 MailScanner[29289]: Batch (1 message) processed in > 0.98 seconds > > Feb 21 19:05:55 mx1 MailScanner[29289]: Logging message p1LJ5sAc029339 > to SQL > > Feb 21 19:05:55 mx1 MailScanner[29289]: "Always Looked Up Last" took > 0.00 seconds > > Here is a my version etc: > > Linuxmx1.tdguk.com > 2.6.18-194.17.1.el5.centos.plus #1 SMP Thu Sep > 30 19:27:35 EDT 2010 i686 i686 i386 GNU/Linux > > This is CentOS release 5.5 (Final) > > This is Perl version 5.008008 (5.8.8) > > This is MailScanner version 4.81.4 > > Hope someone can help. > > Regards, > > Paul Simpkin > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, readhttp://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by TDG UK, and is believed to be clean. From rvdmerwe at mhg.co.za Wed Feb 23 12:18:46 2011 From: rvdmerwe at mhg.co.za (Rabie Van der Merwe) Date: Wed Feb 23 12:19:20 2011 Subject: MailScanner --lint and pyzor Message-ID: <6d947db0-3f45-11e0-8094-0004e2e@rocketseed.mhg.co.za> Hi, Any idea why 'MailScanner --lint' returns the following error, but running 'spamassassin --lint' does not return an error? MailScanner --lint: Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database pyzor: check failed: internal error, python traceback seen in response SpamAssassin reported no errors. spamassassin --lint Feb 23 13:56:19.723 [19795] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC Feb 23 13:56:19.729 [19795] dbg: pyzor: local tests only, disabling Pyzor ********************************************************************** --------- NOTICE --------- This message (including attachments) contains privileged and confidential information intended only for the person or entity to which it is addressed. Any review, retransmission, dissemination, copy or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is prohibited. If you received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and thereafter delete the material from any computer. Metropolitan Health Group, its subsidiaries or associates, does not accept liability for any personal views expressed in this message. Metropolitan Health Group PO Box 4313 Cape Town 8000 Tel: (021) 480 4511 Fax: (021) 480 4535 www.mhg.co.za ********************************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110223/017cf3a3/attachment.html From andrew at topdog.za.net Wed Feb 23 12:33:54 2011 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Wed Feb 23 12:34:09 2011 Subject: MailScanner --lint and pyzor In-Reply-To: <6d947db0-3f45-11e0-8094-0004e2e@rocketseed.mhg.co.za> References: <6d947db0-3f45-11e0-8094-0004e2e@rocketseed.mhg.co.za> Message-ID: <04E7EA38-711C-48E0-9EFF-0E4A9ACBC3C5@topdog.za.net> On 23 Feb 2011, at 2:18 PM, Rabie Van der Merwe wrote: > Feb 23 13:56:19.729 [19795] dbg: pyzor: local tests only, disabling > Pyzor Because the spamassasin lint is not calling pyzor -- Baruwa - www.baruwa.org From mejaz at cyberia.net.sa Wed Feb 23 12:58:12 2011 From: mejaz at cyberia.net.sa (Ejaz) Date: Wed Feb 23 12:58:14 2011 Subject: please help Message-ID: <519050BAF63D4C15BC71956BE6381C86@EJAZ> Hello, Lately I configured postfix and mailscanner, just to test I am trying to send test emails message but didn't go through, any one please look into this . Thanks in advance. .. I found below entries in my /var/log/maillog Feb 7 22:04:11 mbxcyb12 MailScanner[14799]: Expanding TNEF archive at /var/spool/MailScanner/incoming/14799/CF55D322807A.A1FD1/winmail.dat Feb 7 22:04:11 mbxcyb12 MailScanner[14799]: Message CF55D322807A.A1FD1 has had TNEF winmail.dat removed Regards, __________________ Mohammed Ejaz Sr,Systems Administrator Middle East Internet Company (CYBERIA) Riyadh, Saudi Arabia Phone: +966-1-4647114 Ext: 140 Mobile +966-562311787 Fax: +966-1-4654735 E-mail: mejaz@cyberia.net.sa -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110223/9904373b/attachment.html From lyndonl at mexcom.co.za Wed Feb 23 13:04:34 2011 From: lyndonl at mexcom.co.za (Lyndon Labuschagne) Date: Wed Feb 23 13:05:08 2011 Subject: please help In-Reply-To: <519050BAF63D4C15BC71956BE6381C86@EJAZ> References: <519050BAF63D4C15BC71956BE6381C86@EJAZ> Message-ID: <435FD09A-A83D-4FA7-8D33-978315912ADB@mexcom.co.za> On 07 Feb 2011, at 9:11 PM, Ejaz wrote: > Hello, > > Lately I configured postfix and mailscanner, just to test I am trying to send test emails message but didn?t go through, any one please look into this . Thanks in advance. .. > > > I found below entries in my /var/log/maillog > > Feb 7 22:04:11 mbxcyb12 MailScanner[14799]: Expanding TNEF archive at /var/spool/MailScanner/incoming/14799/CF55D322807A.A1FD1/winmail.dat > Feb 7 22:04:11 mbxcyb12 MailScanner[14799]: Message CF55D322807A.A1FD1 has had TNEF winmail.dat removed > Hi What happens if you less or cat your mail logs for the message ID. i.e. cat /var/log/maillog | grep CF55D322807A.A1FD -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110223/0311dc1d/attachment.html From rvdmerwe at mhg.co.za Wed Feb 23 14:38:33 2011 From: rvdmerwe at mhg.co.za (Rabie Van der Merwe) Date: Wed Feb 23 14:38:56 2011 Subject: MailScanner --lint and pyzor In-Reply-To: <04E7EA38-711C-48E0-9EFF-0E4A9ACBC3C5@topdog.za.net> References: <6d947db0-3f45-11e0-8094-0004e2e@rocketseed.mhg.co.za> <04E7EA38-711C-48E0-9EFF-0E4A9ACBC3C5@topdog.za.net> Message-ID: That is fair, but how do I find out what is wrong with pyzor (which if called by hand seems to work, well discovery and ping) and MailScanner. R -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Andrew Colin Kissa Sent: 23 February 2011 14:34 To: MailScanner discussion Subject: Re: MailScanner --lint and pyzor On 23 Feb 2011, at 2:18 PM, Rabie Van der Merwe wrote: > Feb 23 13:56:19.729 [19795] dbg: pyzor: local tests only, disabling > Pyzor Because the spamassasin lint is not calling pyzor -- Baruwa - www.baruwa.org -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ********************************************************************** --------- NOTICE --------- This message (including attachments) contains privileged and confidential information intended only for the person or entity to which it is addressed. Any review, retransmission, dissemination, copy or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is prohibited. If you received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and thereafter delete the material from any computer. Metropolitan Health Group, its subsidiaries or associates, does not accept liability for any personal views expressed in this message. Metropolitan Health Group PO Box 4313 Cape Town 8000 Tel: (021) 480 4511 Fax: (021) 480 4535 www.mhg.co.za ********************************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110223/c46a7411/attachment.html From cplists at princeinternet.com Wed Feb 23 14:43:41 2011 From: cplists at princeinternet.com (Cameron B. Prince) Date: Wed Feb 23 14:43:53 2011 Subject: Source IP Address Ruleset / Allowing Mail From Specific Source Only Message-ID: Hello fellow MailScanner users, I've been using MailScanner for over 6 years now and it continues to provide a good service for my clients. I now have a few clients that want to pay for what they hope is even better spam filtering services provided by external, third-party filtering companies. This is okay with me because these domains get an extremely high volume of spam and really tax the servers. We have configured one client's MX record to route all the mail for their domain to one of these companies. There the mail is filtered and then clean mail is routed back to our server to be stored in the client's mailboxes. This is working well, but we have spammers with cached MX records making an end-run around the new filter by continuing to send mail directly to our server. To solve this, I'm hoping it would it be possible to set up something like a ruleset such as: To: domain.com xxx.xxx.xxx.xxx The idea being that the source address of the MX connection is checked and compared with the ruleset. Then if the IP address matches mail is allowed and if not, it's blocked. I'm certainly open to other suggestions, but this seems like an elegant solution and a nice feature for MailScanner. There have been suggestions of using IP tables but since our mail servers receive mail for many different domains, we can't simply block everything except the filtering company. I look forward to your thoughts and ideas. Thanks, Cameron From markus at markusoft.se Wed Feb 23 15:03:46 2011 From: markus at markusoft.se (Markus Nilsson) Date: Wed Feb 23 15:04:02 2011 Subject: Source IP Address Ruleset / Allowing Mail From Specific Source Only In-Reply-To: Message-ID: <4221046.202.1298473422878.JavaMail.markus@cronlabworkstation0> > From: "Cameron B. Prince" > > This is working well, but we have spammers with cached MX records > making an > end-run around the new filter by continuing to send mail directly to > our > server. > > To solve this, I'm hoping it would it be possible to set up something > like a > ruleset such as: > > To: domain.com xxx.xxx.xxx.xxx > > The idea being that the source address of the MX connection is checked > and > compared with the ruleset. Then if the IP address matches mail is > allowed > and if not, it's blocked. > > I'm certainly open to other suggestions, but this seems like an > elegant > solution and a nice feature for MailScanner. > > There have been suggestions of using IP tables but since our mail > servers > receive mail for many different domains, we can't simply block > everything > except the filtering company. > > I look forward to your thoughts and ideas. > > Thanks, > Cameron > > Sounds like a job for SpamAssassin! (something like the below) header __TO To =~ /^address@domain$/ header __FROM Received =~ /\[1.2.3.4\]/ meta RULE (__TO - __FROM) >= 1 score RULE 10 describe RULE Mail coming from wrong IP /Markus -- This message has been scanned for viruses and dangerous content by CronLab (www.cronlab.com), and is believed to be clean. From andrew at topdog.za.net Wed Feb 23 15:10:01 2011 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Wed Feb 23 15:10:16 2011 Subject: MailScanner --lint and pyzor In-Reply-To: References: <6d947db0-3f45-11e0-8094-0004e2e@rocketseed.mhg.co.za> <04E7EA38-711C-48E0-9EFF-0E4A9ACBC3C5@topdog.za.net> Message-ID: <47CD6421-B1D0-47A2-A028-EEB3012D3DDF@topdog.za.net> On 23 Feb 2011, at 4:38 PM, Rabie Van der Merwe wrote: > > That is fair, but how do I find out what is wrong with pyzor (which if > called by hand seems to work, well discovery and ping) > and MailScanner. spamassassin -t -D < /dev/null -- Baruwa - www.baruwa.org From john at tradoc.fr Wed Feb 23 15:14:19 2011 From: john at tradoc.fr (John Wilcock) Date: Wed Feb 23 15:14:35 2011 Subject: Source IP Address Ruleset / Allowing Mail From Specific Source Only In-Reply-To: References: Message-ID: <4D65244B.8000207@tradoc.fr> Le 23/02/2011 15:43, Cameron B. Prince a ?crit : > I'm certainly open to other suggestions, but this seems like an elegant > solution and a nice feature for MailScanner. > > There have been suggestions of using IP tables but since our mail servers > receive mail for many different domains, we can't simply block everything > except the filtering company. You ought to be able to achieve this in your MTA. In postfix I think you can do what you want simply with an appropriate smtpd_client_restrictions check_client_access lookup; if not it could definitely be achieved by abusing the restriction classes feature http://www.postfix.org/RESTRICTION_CLASS_README.html John. -- -- Over 4000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From john at tradoc.fr Wed Feb 23 15:33:17 2011 From: john at tradoc.fr (John Wilcock) Date: Wed Feb 23 15:33:33 2011 Subject: Source IP Address Ruleset / Allowing Mail From Specific Source Only In-Reply-To: <4D65244B.8000207@tradoc.fr> References: <4D65244B.8000207@tradoc.fr> Message-ID: <4D6528BD.5090506@tradoc.fr> Le 23/02/2011 16:14, John Wilcock a ?crit : > if not it could definitely be achieved by abusing the restriction > classes feature http://www.postfix.org/RESTRICTION_CLASS_README.html ... as explained in http://vanginderachter.be/2008/sender-en-receiver-specific-restrictions-in-postfix/ John. -- -- Over 4000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From MailScanner at ecs.soton.ac.uk Thu Feb 24 15:38:02 2011 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 24 15:38:23 2011 Subject: Source IP Address Ruleset / Allowing Mail From Specific Source Only In-Reply-To: <4221046.202.1298473422878.JavaMail.markus@cronlabworkstation0> References: <4221046.202.1298473422878.JavaMail.markus@cronlabworkstation0> <4D667B5A.8010301@ecs.soton.ac.uk> Message-ID: On 23/02/2011 15:03, Markus Nilsson wrote: >> From: "Cameron B. Prince" >> This is working well, but we have spammers with cached MX records >> making an >> end-run around the new filter by continuing to send mail directly to >> our >> server. >> >> To solve this, I'm hoping it would it be possible to set up something >> like a >> ruleset such as: >> >> To: domain.com xxx.xxx.xxx.xxx >> >> The idea being that the source address of the MX connection is checked >> and >> compared with the ruleset. Then if the IP address matches mail is >> allowed >> and if not, it's blocked. >> >> I'm certainly open to other suggestions, but this seems like an >> elegant >> solution and a nice feature for MailScanner. >> >> There have been suggestions of using IP tables but since our mail >> servers >> receive mail for many different domains, we can't simply block >> everything >> except the filtering company. >> >> I look forward to your thoughts and ideas. >> >> Thanks, >> Cameron >> >> > Sounds like a job for SpamAssassin! (something like the below) > > header __TO To =~ /^address@domain$/ > header __FROM Received =~ /\[1.2.3.4\]/ > meta RULE (__TO - __FROM)>= 1 > score RULE 10 > describe RULE Mail coming from wrong IP Don't use the data in the headers! That is totally irrelevant to the destination and sender of the mail. Only ever use the recipient stated in the envelope, never use the headers. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ms.fin11 at gmail.com Fri Feb 25 08:05:25 2011 From: ms.fin11 at gmail.com (ms fin) Date: Fri Feb 25 08:05:33 2011 Subject: Any Help ?MailScanner quarantines message in wrong format In-Reply-To: References: Message-ID: Hi, I Have CentOS 5.5 with Postfix MailScanner-4.81.4-1 and mailwatch-1.0.5 installed. Everything is working fine except: When MailScanner quarantines a message, for example /var/spool/MailScanner/quarantine/20110224/95876A78057.AFA98/ -rw-rw---- 1 postfix www 38400 Feb 24 13:06 message -rw-rw---- 1 postfix www 27648 Feb 24 13:06 testi.txt.doc filetype on "message" file is: ASCII mail text ( checked with file command ) My MailScanner.conf are here: Quarantine Dir = /var/spool/MailScanner/quarantine Quarantine User = root Quarantine Group = www Quarantine Permissions = 0770 Quarantine Infections = yes Quarantine Modified Body = no Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = no To be able to release message it should be format: message/rfc822 --- I Have a older production server and in that quarantined message-files are in correct file format. I have triple checked all my config files and I do not find any reason why.... Could someone help ? Rgds, Roger -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110225/3205f5ed/attachment.html From maxsec at gmail.com Fri Feb 25 09:34:37 2011 From: maxsec at gmail.com (Martin Hepworth) Date: Fri Feb 25 09:34:47 2011 Subject: Any Help ?MailScanner quarantines message in wrong format In-Reply-To: References: Message-ID: So what does 'message' actually look like? rfc822 is very text like, perhaps the 'file' command is throwing an incorrect result. What happens if you copy the file to the old server and run 'file' and what happens with the output of 'file' if you copy a file from the old server to the new? -- Martin Hepworth Oxford, UK On 25 February 2011 08:05, ms fin wrote: > Hi, > > I Have CentOS 5.5 with Postfix > MailScanner-4.81.4-1 and mailwatch-1.0.5 > installed. Everything is working fine except: > > When MailScanner quarantines a message, for example > > /var/spool/MailScanner/quarantine/20110224/95876A78057.AFA98/ > > -rw-rw---- 1 postfix www 38400 Feb 24 13:06 message > -rw-rw---- 1 postfix www 27648 Feb 24 13:06 testi.txt.doc > > filetype on "message" file is: ASCII mail text ( checked with file > command ) > > My MailScanner.conf are here: > > Quarantine Dir = /var/spool/MailScanner/quarantine > Quarantine User = root > Quarantine Group = www > Quarantine Permissions = 0770 > Quarantine Infections = yes > Quarantine Modified Body = no > Quarantine Whole Message = yes > Quarantine Whole Messages As Queue Files = no > > To be able to release message it should be format: message/rfc822 > > --- > > I Have a older production server and in that quarantined message-files are > in correct file format. > I have triple checked all my config files and I do not find any reason > why.... > > Could someone help ? > > Rgds, Roger > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110225/6f462cea/attachment.html From ms.fin11 at gmail.com Fri Feb 25 11:08:35 2011 From: ms.fin11 at gmail.com (ms fin) Date: Fri Feb 25 11:08:44 2011 Subject: Any Help ?MailScanner quarantines message in wrong format In-Reply-To: References: Message-ID: Hi, Now I Found the Root cause for problem: - We are adding DNSWL header to mails for classifying senders server header is added like this ( head of message file ) X-Organisation-Whitelist: No Received: from [ip.add.re.ss] (unknown [ip.add.re.ss]) by host (Postfix) with ESMTP id 95876A78057 Because message file starts with string other than "received" it is assumed as ASCII file, then MailWatch handles it differently... Header should be added somewhere else in headers - if possible, or MailWatch release script changed... 2011/2/25 Martin Hepworth > So what does 'message' actually look like? > > rfc822 is very text like, perhaps the 'file' command is throwing an > incorrect result. What happens if you copy the file to the old server and > run 'file' and what happens with the output of 'file' if you copy a file > from the old server to the new? > > > -- > Martin Hepworth > Oxford, UK > > > On 25 February 2011 08:05, ms fin wrote: > >> Hi, >> >> I Have CentOS 5.5 with Postfix >> MailScanner-4.81.4-1 and mailwatch-1.0.5 >> installed. Everything is working fine except: >> >> When MailScanner quarantines a message, for example >> >> /var/spool/MailScanner/quarantine/20110224/95876A78057.AFA98/ >> >> -rw-rw---- 1 postfix www 38400 Feb 24 13:06 message >> -rw-rw---- 1 postfix www 27648 Feb 24 13:06 testi.txt.doc >> >> filetype on "message" file is: ASCII mail text ( checked with file >> command ) >> >> My MailScanner.conf are here: >> >> Quarantine Dir = /var/spool/MailScanner/quarantine >> Quarantine User = root >> Quarantine Group = www >> Quarantine Permissions = 0770 >> Quarantine Infections = yes >> Quarantine Modified Body = no >> Quarantine Whole Message = yes >> Quarantine Whole Messages As Queue Files = no >> >> To be able to release message it should be format: message/rfc822 >> >> --- >> >> I Have a older production server and in that quarantined message-files are >> in correct file format. >> I have triple checked all my config files and I do not find any reason >> why.... >> >> Could someone help ? >> >> Rgds, Roger >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110225/c678339e/attachment.html From kkobb at skylinecorp.com Fri Feb 25 13:52:04 2011 From: kkobb at skylinecorp.com (Kevin Kobb) Date: Fri Feb 25 13:52:21 2011 Subject: Archive Mail _HOUR_ string in MailScanner.conf Message-ID: <4D67B404.2080900@skylinecorp.com> Hi All, Recently turned on the archive mail option in MailScanner, and it is working fine. The only question I have is that in the MailScanner.conf comments, it says that _HOUR_ will be replaced with a two digit hour, using padded "0" if needed. However, on my test box with a setting like: Archive Mail = /var/spool/MailScanner/archive/_DATE___HOUR_.mbox I get filenames like 20110225_3.mbox, 20110225_4.mbox, etc. Not a big deal deal or anything, just wondered if I am doing something wrong or if this is a bug? I am using MailScanner-4.82.6, with perl 5.10 on FreeBSD 7.4. From Robert.Meurlin at se.fujitsu.com Sun Feb 27 20:38:49 2011 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Sun Feb 27 20:39:51 2011 Subject: SV: spamassassin install failure In-Reply-To: References: Message-ID: No one has experience this problem? R ________________________________ Fr?n: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] f?r Meurlin Robert [Robert.Meurlin@se.fujitsu.com] Skickat: den 21 februari 2011 13:35 Till: mailscanner@lists.mailscanner.info ?mne: spamassassin install failure Hi, Have problem with installing the Clam and SA package I get this error message: ---------------------- Setting a soft-link from spam.assassin.prefs.conf into the SpamAssassin site rules directory. spam.assassin.prefs.conf is read directly by the SpamAssassin startup code, so make sure you have a link from the site_rules directory to this file in your MailScanner/etc directory. Perl could not find your SpamAssassin installation. Strange, I just installed it. You should fix this! Making backup of pre files to /tmp/backup.pre.28193.tar tar: *pre: Cannot stat: No such file or directory tar: Exiting with failure status due to previous errors Now go and find your v310.pre and v320.pre files, echo which may well be in the /etc/mail/spamassassin directory. You need to save a copy of your old v330.pre file and rename the v330.pre file to v320.pre. Lot of this error in installation log: Use of "goto" to jump into a construct is deprecated at ../blib/lib/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of "goto" to jump into a construct is deprecated at ../blib/lib/Mail/SpamAssassin/Plugin/Check.pm line 409. --------------------- You want to use SpamAssassin but have not installed it. at /usr/lib/MailScanner/MailScanner/SA.pm line 177 Please download http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz and unpack it and run ./install.sh to install it, then restart MailScanner. at /usr/lib/MailScanner/MailScanner/SA.pm line 178 --------------------- Spamassassin Clam version trying to install: install-Clam-0.96.5-SA-3.3.1 Perl Version: 5.12.1-2.3.1 Open suse version 11.3 Found this bug report but its over 1 year old almost: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6392 It has nothing to do with this problem: http://isborken.blogspot.com/2008/01/mystery-of-borken-server-solved.html Does anyone have a tip? Rob -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110227/cc6ccfc5/attachment.html From glenn.steen at gmail.com Mon Feb 28 16:11:01 2011 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 28 16:11:11 2011 Subject: spamassassin install failure In-Reply-To: References: Message-ID: Tjena Robert, No, I haven't seen that particular error. I'm not sure the "goto is deprecated" lines will prevent the SA install to go through, so look if you can find something else. Base problem seem to be that the installation of SA just don't happen. Doublecheck that all prerequisites for SA is fulfilled, and if the Easyinstall package don't have/handle them all, please do report back what is missing. Cheers -- -- Glenn On 27 February 2011 21:38, Meurlin Robert wrote: > No one has experience this problem? > > R > > ________________________________ > Fr?n: mailscanner-bounces@lists.mailscanner.info > [mailscanner-bounces@lists.mailscanner.info] f?r Meurlin Robert > [Robert.Meurlin@se.fujitsu.com] > Skickat: den 21 februari 2011 13:35 > Till: mailscanner@lists.mailscanner.info > ?mne: spamassassin install failure > > Hi, > > Have problem with installing the Clam and SA package I get this error > message: > > ---------------------- > > Setting a soft-link from spam.assassin.prefs.conf into the SpamAssassin > > site rules directory. > > spam.assassin.prefs.conf is read directly by the SpamAssassin startup > > code, so make sure you have a link from the site_rules directory to > > this file in your MailScanner/etc directory. > > Perl could not find your SpamAssassin installation. > > Strange, I just installed it. > > You should fix this! > > > > Making backup of pre files to /tmp/backup.pre.28193.tar > > tar: *pre: Cannot stat: No such file or directory > > tar: Exiting with failure status due to previous errors > > Now go and find your v310.pre and v320.pre files, > > ??? echo which may well be in the /etc/mail/spamassassin directory. > > You need to save a copy of your old v330.pre file and rename > > the v330.pre file to v320.pre. > > > > Lot of this error in installation log: > > > > Use of "goto" to jump into a construct is deprecated at > > ../blib/lib/Mail/SpamAssassin/Plugin/Check.pm line 409. > > Use of "goto" to jump into a construct is deprecated at > > ../blib/lib/Mail/SpamAssassin/Plugin/Check.pm line 409. > > > > --------------------- > > > > You want to use SpamAssassin but have not installed it. at > /usr/lib/MailScanner/MailScanner/SA.pm line 177 > > Please download > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > and unpack it and run ./install.sh to install it, then restart MailScanner. > at /usr/lib/MailScanner/MailScanner/SA.pm line 178 > > > > --------------------- > > > > Spamassassin Clam version trying to install: > > install-Clam-0.96.5-SA-3.3.1 > > > > Perl ?Version: > > 5.12.1-2.3.1 > > > > Open suse version 11.3 > > > > Found this bug report but its over 1 year old almost: > > https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6392 > > > > It has nothing to do with this problem: > > http://isborken.blogspot.com/2008/01/mystery-of-borken-server-solved.html > > > > Does anyone have a tip? > > > > Rob > > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se