MailScanner ANNOUNCE: 4.82 stable released
Alvaro Marín
alvaro at hostalia.com
Wed Feb 16 22:26:13 GMT 2011
Hi,
yes, I've changed Postfix's default queue depth to "2":
hash_queue_depth = 2
hash_queue_names = incoming, active, deferred, bounce, defer, flush,
hold, trace
so messages, for example on the hold queue, are stored as:
/var/spool/postfix/hold/A/F/AFDD42A0009
Debugging the code of Postfix.pm, I've seen that PostfixKey function
always returns here:
seek($fh, 0, 0) or return '00000';
and the value of $fname is just "0E43549800C", the ID, not the complete
path to the file.
I've deleted from the queue those messages with that .rtf attached and
it seems that is running fine now. Tomorrow, with more traffic, we'll
how it runs.
If you install Debian's latest stable version, Squeeze, you'll have Perl
5.10.1 and Postfix 2.7.
I've installed MS from .tar.gz.
Thank you Jules,
Regards.
El 16/02/11 22:54, Jules Field escribió:
> Something has gone very badly wrong. They shouldn't be ".00000" on the
> end of the directory names, that means it has failed to read the message
> files altogether. The ".00000" should be a hash of the first few bytes
> of the message body file.
>
> Also the locking has totally failed as the same message ID is showing up
> in several different MailScanner child processes (the first
> sub-directory name is the child process PID).
>
> This is a real mess. I don't know what you've done, but you've broken it
> all very badly.
>
> Have you messed with the queue hashing depth in Postfix or anything like
> that?
>
> How do I build a Debian box running the same version of Perl and Postfix
> as you? I've never used Debian.
>
> For now, I would try a different version of Perl, a different MTA, or a
> different Linux distribution that isn't so broken. No-one using the
> mainstream Linux distros appears to have these problems.
>
> Jules.
>
> On 16/02/2011 19:53, Alvaro Marin wrote:
>> Hi Jules,
>>
>> I'm using Debian Squeeze's Postfix 2.7.1-1.
>>
>> I've changed MessageBatch.pm's code to show with what ID happens and:
>>
>> # /opt/MailScanner/bin/MailScanner --debug
>> ...
>> ID: C055D2A0015.00000
>> CombineReports OK ID: C055D2A0015.00000
>> ID: 3CE502A004D.00000
>> CombineReports OK ID: 3CE502A004D.00000
>> ID: C39622A000A.00000.message
>> Can't call method "CombineReports" on unblessed reference at
>> /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 737.
>>
>> The difference is that ".message" attached to the ID.
>> Then, in /var/spool/MailScanner/incoming I do:
>>
>> # find . | grep C39622A000A.00000
>> ./26092/C39622A000A.00000.header
>> ./26092/C39622A000A.00000
>> ./26092/C39622A000A.00000/nmsg-26092-36.txt
>> ./26092/C39622A000A.00000/nmsg-26092-37.html
>> ./26092/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf
>> ./26092/C39622A000A.00000.message
>> ./26540/C39622A000A.00000.header
>> ./26540/C39622A000A.00000
>> ./26540/C39622A000A.00000/nmsg-26540-36.txt
>> ./26540/C39622A000A.00000/nmsg-26540-37.html
>> ./26540/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf
>> ./26540/C39622A000A.00000.message
>> ./26779/C39622A000A.00000.header
>> ./26779/C39622A000A.00000
>> ./26779/C39622A000A.00000/nmsg-26779-37.html
>> ./26779/C39622A000A.00000/nmsg-26779-36.txt
>> ./26779/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf
>> ./26779/C39622A000A.00000.message
>> ./26803/C39622A000A.00000.header
>> ...
>>
>> The message from that incoming directory, can be downloaded here:
>>
>> http://postmaster.hostalia.com/MSerror.tar.gz
>>
>> Thank you!
>>
>>
>> El 16/02/11 20:33, Jules Field escribió:
>>> What MTA are you using, and if you can reproduce this error reliably, I
>>> would like a copy of your incoming mail queue as well. That error should
>>> never happen.
>>>
>>> Is it happening for anyone else?
>>>
>>> The only way that can happen is if the "sub new" isn't getting called or
>>> is bailing out early, before the "bless" happens to set the type. None
>>> of the "sub new" functions can exit early, so they must be not being
>>> called. But in CreateBatch, when they are called, they are always called
>>> before the message is added to the batch.
>>>
>>> Some bug in Perl 5.10.1 or a change of behaviour in Perl I don't know
>>> about?
>>> It's clearly a change between Perl 5.10.0 and 5.10.1. Does the ChangeLog
>>> for Perl 5.10.1 say anything about it?
>>>
>>> On 16/02/2011 19:11, Alvaro Marin wrote:
>>>> Hi,
>>>>
>>>> I was using MS 4.79.11-1 with Debian Lenny (Perl 5.10.0) and I've
>>>> upgraded to Debian Squeeze with Perl 5.10.1 and now I've this error:
>>>>
>>>>
>>>> # /opt/MailScanner/bin/MailScanner --debug
>>>>
>>>>
>>>> In Debugging mode, not forking...
>>>> Trying to setlogsock(unix)
>>>> Building a message batch to scan...
>>>> Have a batch of 7 messages.
>>>> Can't call method "CombineReports" on unblessed reference at
>>>> /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 736.
>>>>
>>>> Any idea? :S
>>>>
>>>> # /opt/MailScanner/bin/MailScanner -V
>>>> Running on
>>>> Linux main0260 2.6.32-5-686-bigmem #1 SMP Wed Jan 12 04:40:25 UTC 2011
>>>> i686 GNU/Linux
>>>> This is Perl version 5.010001 (5.10.1)
>>>>
>>>> This is MailScanner version 4.82.6
>>>> Module versions are:
>>>> 1.00 AnyDBM_File
>>>> 1.30 Archive::Zip
>>>> 0.23 bignum
>>>> 1.11 Carp
>>>> 2.024 Compress::Zlib
>>>> 1.119 Convert::BinHex
>>>> 0.17 Convert::TNEF
>>>> 2.125 Data::Dumper
>>>> 2.27 Date::Parse
>>>> 1.03 DirHandle
>>>> 1.06 Fcntl
>>>> 2.77 File::Basename
>>>> 2.14 File::Copy
>>>> 2.02 FileHandle
>>>> 2.07_03 File::Path
>>>> 0.22 File::Temp
>>>> 0.92 Filesys::Df
>>>> 3.64 HTML::Entities
>>>> 3.64 HTML::Parser
>>>> 3.57 HTML::TokeParser
>>>> 1.25 IO
>>>> 1.14 IO::File
>>>> 1.13 IO::Pipe
>>>> 2.04 Mail::Header
>>>> 1.89 Math::BigInt
>>>> 0.22 Math::BigRat
>>>> 3.08 MIME::Base64
>>>> 5.427 MIME::Decoder
>>>> 5.427 MIME::Decoder::UU
>>>> 5.427 MIME::Head
>>>> 5.427 MIME::Parser
>>>> 3.08 MIME::QuotedPrint
>>>> 5.427 MIME::Tools
>>>> 0.14 Net::CIDR
>>>> 1.25 Net::IP
>>>> 0.19 OLE::Storage_Lite
>>>> 1.04 Pod::Escapes
>>>> 3.07 Pod::Simple
>>>> 1.17 POSIX
>>>> 1.23 Scalar::Util
>>>> 1.82 Socket
>>>> 2.20 Storable
>>>> 1.4 Sys::Hostname::Long
>>>> 0.27 Sys::Syslog
>>>> 1.26 Test::Pod
>>>> 0.92 Test::Simple
>>>> 1.9719 Time::HiRes
>>>> 1.02 Time::localtime
>>>>
>>>> Optional module versions are:
>>>> 1.52 Archive::Tar
>>>> 0.23 bignum
>>>> missing Business::ISBN
>>>> missing Business::ISBN::Data
>>>> missing Data::Dump
>>>> 1.82 DB_File
>>>> 1.29 DBD::SQLite
>>>> 1.607 DBI
>>>> 1.16 Digest
>>>> 1.01 Digest::HMAC
>>>> 2.39 Digest::MD5
>>>> 2.12 Digest::SHA1
>>>> 1.01 Encode::Detect
>>>> 0.17016 Error
>>>> 0.2602 ExtUtils::CBuilder
>>>> 2.2002 ExtUtils::ParseXS
>>>> 2.38 Getopt::Long
>>>> missing Inline
>>>> missing IO::String
>>>> 1.10 IO::Zlib
>>>> 2.27 IP::Country
>>>> missing Mail::ClamAV
>>>> 3.003001 Mail::SpamAssassin
>>>> v2.007 Mail::SPF
>>>> 1.999001 Mail::SPF::Query
>>>> 0.340201 Module::Build
>>>> 0.20 Net::CIDR::Lite
>>>> 0.66 Net::DNS
>>>> v0.003 Net::DNS::Resolver::Programmable
>>>> 0.40 Net::LDAP
>>>> 4.027 NetAddr::IP
>>>> missing Parse::RecDescent
>>>> missing SAVI
>>>> 3.17 Test::Harness
>>>> missing Test::Manifest
>>>> 2.0.0 Text::Balanced
>>>> 1.53 URI
>>>> 0.77 version
>>>> 0.72 YAML
>>>>
>>>>
>>>> Thanks!
>>>>
>>>> El 11/02/11 17:02, Stephen Cox escribió:
>>>>> Thank you!
>>>>>
>>>>> On 2/11/11, Julian Field<MailScanner at ecs.soton.ac.uk> wrote:
>>>>>> Folks,
>>>>>>
>>>>>> I have just released a new stable edition of MailScanner, version
>>>>>> 4.82.6.
>>>>>>
>>>>>> This is identical to the recent beta version 4.82.5.
>>>>>>
>>>>>> The main new feature is in filename.rules.conf and
>>>>>> filetype.rules.conf
>>>>>> configuration files. As well as the previous "allow", "deny" and
>>>>>> "deny+delete" instructions in a rule, you can now automatically
>>>>>> rename
>>>>>> attachment filenames using the "rename" and "rename to" instructions
>>>>>> instead of just allowing or denying them.
>>>>>>
>>>>>> When using the new "rename" instruction in a rule, any matching file
>>>>>> will be automatically renamed using the new "Rename Pattern"
>>>>>> setting in
>>>>>> MailScanner.conf. This allows you to add a prefix or a suffix to any
>>>>>> filename.
>>>>>>
>>>>>> When using the new "rename to" instruction in a rule, any matching
>>>>>> file
>>>>>> will be automatically renamed so that the portion of the filename
>>>>>> that
>>>>>> matches the pattern string is replaced with new text. So for example,
>>>>>> you can rename all *.pps files to *.ppt with the rule
>>>>>>
>>>>>> rename to .ppt \.pps$ Renamed pps to ppt Renamed file
>>>>>>
>>>>>> If you want to be even cleverer, you can use parenthesised
>>>>>> sections of
>>>>>> the match pattern within the replacement text. I'm not quite sure who
>>>>>> this will be useful to, but I'm sure you will find some clever uses
>>>>>> (you
>>>>>> folks always do!). As a random example,
>>>>>>
>>>>>> rename to Dangerous_$1_$2 ^(.*)\.(exe|com|scr)$ Renamed dangerous
>>>>>> exes Renamed file
>>>>>>
>>>>>> That will rename any file such as "PleaseRunMe.exe" to
>>>>>> "Dangerous_PleaseRunMe_exe" and rename "DodgyScreensaver.scr" to
>>>>>> "Dangerous_DodgyScreensaver_scr" which means the user cannot run it
>>>>>> without renaming it first.
>>>>>>
>>>>>> Cool huh?
>>>>>>
>>>>>> Anyway, you can get it as usual from
>>>>>>
>>>>>> http://www.mailscanner.info
>>>>>>
>>>>>> ==========================
>>>>>> The full Changelog is:
>>>>>> * New Features and Improvements *
>>>>>> 1 In filename.rules.conf and filetype.rules.conf files, as well as
>>>>>> the
>>>>>> previous "allow", "deny", "deny+delete", and email-address types of
>>>>>> rule,
>>>>>> there are now "rename" rules as well. If a filename or filetype
>>>>>> matches
>>>>>> a "rename" rule, the original attachment is left in the message
>>>>>> but is
>>>>>> renamed according to the "Rename Pattern" setting in
>>>>>> MailScanner.conf.
>>>>>> This allows for any prefixes or suffixes you may want to add to the
>>>>>> attachment's filename.
>>>>>> 2 Improved "rename" rules so you can now also specify "rename to
>>>>>> new-text".
>>>>>> If the rule matched an attachment's filename, the text matching the
>>>>>> pattern
>>>>>> for that rule will be replaced with the "new-text" string supplied.
>>>>>> The "to" is optional, but makes it easier to read.
>>>>>> 4 Rules files will be assumed in the MailScanner.conf if the
>>>>>> filename now
>>>>>> ends in ".Rules" as well as ".rules".
>>>>>> 4 Allow deployments with the 'split mail per recipient' setup where
>>>>>> mail
>>>>>> is re-injected from 127.0.0.1 to still whitelist 127.0.0.1 for
>>>>>> releasing
>>>>>> of quarantined messages, while still scanning re-injected mail.
>>>>>>
>>>>>> * Fixes *
>>>>>> 1 AVG scanner command-line arguments typo fixed.
>>>>>> 2 Fixed problem where HTML messages scanned for Phishing would be
>>>>>> truncated
>>>>>> at the start of the first<a> tag if it was never closed properly.
>>>>>> 3 Fixed bug stopping things like "$1" working in the replacement
>>>>>> text of a
>>>>>> "rename to" filename.rules.conf rule.
>>>>>> 4 Fixed permissions of ClamAV temp files to use workperms instead of
>>>>>> 0600.
>>>>>> Thanks to Rick Cooper for this fix!
>>>>>> 4 Fixed problem caused by invalid "Spam List" or "Spam Domain List"
>>>>>> values
>>>>>> appearing in the conf file. Thanks to Steve Freegard for this!
>>>>>> 5 Fixed issue where messages quarantined for being a DoS attack
>>>>>> did not
>>>>>> have their headers quarantined correctly.
>>>>>>
>>>>>> Jules
>>>>>>
>>>>>> --
>>>>>> Julian Field MEng CITP CEng
>>>>>> www.MailScanner.info
>>>>>>
>>>>>> Buy the MailScanner book at www.MailScanner.info/store
>>>>>> Need help customising MailScanner? Contact me!
>>>>>>
>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>>>> Follow me at twitter.com/JulesFM
>>>>>>
>>>>>> 'All programs have a desire to be useful' - Tron, 1982
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> This message has been scanned for viruses and
>>>>>> dangerous content by MailScanner, and is
>>>>>> believed to be clean.
>>>>>>
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> mailscanner at lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>> Jules
>>>
>>
>>
>
> Jules
>
--
Alvaro Marín Illera
Hostalia Internet
www.hostalia.com
More information about the MailScanner
mailing list