From roland.de.lepper at cvis.nl Mon May 2 09:11:53 2011 From: roland.de.lepper at cvis.nl (Roland de Lepper) Date: Mon May 2 09:12:04 2011 Subject: bayes SQL database remote server Message-ID: Hi, I'm trying to get the bayes to be stored on a remote MySQL server. My mailscanner server is mta1.host.com My MySQL database server is sql.host.com in spam.assassin.prefs.conf i've added: bayes_store_module Mail::SpamAssassin::BayesStore::SQL bayes_sql_dsn DBI:mysql:sa_bayes;sql.host.com bayes_sql_username root bayes_sql_password xxxx bayes_sql_override_username root on sql.host.com i've created a mysql database called: sa_bayes For some reason it keeps looking at localhost when i'm executing: spamassassin 2>&1 -x -D -p /path/to/spam.assassin.prefs.conf --lint | grep bayes May 2 11:00:00.625 [13939] dbg: config: fixed relative path: /var/lib/spamassassin/3.003001/saupdates_openprotect_com/ 70_sare_bayes_poison_nxm.cf May 2 11:00:00.625 [13939] dbg: config: using "/var/lib/spamassassin/3.003001/saupdates_openprotect_com/ 70_sare_bayes_poison_nxm.cf" for included file May 2 11:00:00.626 [13939] dbg: config: read file /var/lib/spamassassin/3.003001/saupdates_openprotect_com/ 70_sare_bayes_poison_nxm.cf May 2 11:00:01.015 [13939] dbg: config: fixed relative path: /var/lib/spamassassin/3.003001/updates_spamassassin_org/23_bayes.cf May 2 11:00:01.015 [13939] dbg: config: using "/var/lib/spamassassin/3.003001/updates_spamassassin_org/23_bayes.cf" for included file May 2 11:00:01.015 [13939] dbg: config: read file /var/lib/spamassassin/3.003001/updates_spamassassin_org/23_bayes.cf May 2 11:00:01.690 [13939] dbg: bayes: learner_new self=Mail::SpamAssassin::Plugin::Bayes=HASH(0xc8d37a0), bayes_store_module=Mail::SpamAssassin::BayesStore::SQL May 2 11:00:01.698 [13939] dbg: bayes: using username: root May 2 11:00:01.698 [13939] dbg: bayes: learner_new: got store=Mail::SpamAssassin::BayesStore::SQL=HASH(0xcd185d0) May 2 11:00:01.795 [13939] dbg: bayes: unable to connect to database: Access denied for user 'root'@'mta1.host.com' (using password: YES) May 2 11:00:01.852 [13939] dbg: bayes: unable to connect to database: Access denied for user 'root'@'mta1.host.com' (using password: YES) Why it keeps looking at the MailScanner host, even if I say "bayes_sql_dsn DBI:mysql:sa_bayes;sql.host.com ?? Thanks in advanced for any help. Kind regards, Roland -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110502/b833ae52/attachment.html From maillists at conactive.com Mon May 2 12:31:19 2011 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 2 12:31:35 2011 Subject: bayes SQL database remote server In-Reply-To: References: Message-ID: Roland de Lepper wrote on Mon, 2 May 2011 10:11:53 +0200: > Why it keeps looking at the MailScanner host where do you see that it does? I just see that authentication fails. I'm sure that you haven't set correct permissions for 'root'@'mta1.host.com' on the remote host. And you should not *ever* use root for that! Maybe read a bit up about how MySQL authentication and security works. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From roland.de.lepper at cvis.nl Mon May 2 13:30:11 2011 From: roland.de.lepper at cvis.nl (Roland de Lepper) Date: Mon May 2 13:30:22 2011 Subject: bayes SQL database remote server In-Reply-To: References: Message-ID: Hi Kai, MySQL is not my strongest point. However...I managed to get is working. Thanks, Kind regards, Roland On Mon, May 2, 2011 at 1:31 PM, Kai Schaetzl wrote: > Roland de Lepper wrote on Mon, 2 May 2011 10:11:53 +0200: > > > Why it keeps looking at the MailScanner host > > where do you see that it does? I just see that authentication fails. > I'm sure that you haven't set correct permissions for > 'root'@'mta1.host.com' on the remote host. And you should not *ever* use > root for that! Maybe read a bit up about how MySQL authentication and > security works. > > Kai > > -- > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110502/03942ffe/attachment.html From gelgin at yahoo.com Mon May 2 17:26:18 2011 From: gelgin at yahoo.com (George Elgin) Date: Mon May 2 17:26:29 2011 Subject: bayes SQL database remote server (Roland de Lepper) In-Reply-To: <201105021101.p42B0NH9014652@safir.blacknight.ie> Message-ID: <980174.35680.qm@web30606.mail.mud.yahoo.com> your error message indicates a root mysql login issue. access rights on the DB you created ?. have you checked to make sure it's not something like port 3306 not open on the remote host ? let me add i am not clear on the advantage of putting `bayes` into mysql. by default spamassassin uses flat files and when i wanted to retain all my sa-learn stuff from an amavisd install i copied these files over /var/spool/amavisd/.spamassassin to ??? /etc/MailScanner/bayes/ what is this bayes_path /etc/MailScanner/bayes/bayes set to in .conf ? George http://nomenware.net/Admin.htm ?? --- On Mon, 5/2/11, mailscanner-request@lists.mailscanner.info wrote: From: mailscanner-request@lists.mailscanner.info Subject: MailScanner Digest, Vol 65, Issue 2 To: mailscanner@lists.mailscanner.info Date: Monday, May 2, 2011, 7:01 AM Send MailScanner mailing list submissions to ??? mailscanner@lists.mailscanner.info To subscribe or unsubscribe via the World Wide Web, visit ??? http://lists.mailscanner.info/mailman/listinfo/mailscanner or, via email, send a message with subject or body 'help' to ??? mailscanner-request@lists.mailscanner.info You can reach the person managing the list at ??? mailscanner-owner@lists.mailscanner.info When replying, please edit your Subject line so it is more specific than "Re: Contents of MailScanner digest..." Today's Topics: ???1. bayes SQL database remote server (Roland de Lepper) ---------------------------------------------------------------------- Message: 1 Date: Mon, 2 May 2011 10:11:53 +0200 From: Roland de Lepper Subject: bayes SQL database remote server To: mailscanner@lists.mailscanner.info Message-ID: Content-Type: text/plain; charset="iso-8859-1" Hi, I'm trying to get the bayes to be stored on a remote MySQL server. My mailscanner server is mta1.host.com My MySQL database server is sql.host.com in spam.assassin.prefs.conf i've added: bayes_store_module? ? ? ? ???Mail::SpamAssassin::BayesStore::SQL bayes_sql_dsn? ? ? ? ? ? ? ? DBI:mysql:sa_bayes;sql.host.com bayes_sql_username? ? ? ? ???root bayes_sql_password? ? ? ? ???xxxx bayes_sql_override_username? root on sql.host.com i've created a mysql database called: sa_bayes For some reason it keeps looking at localhost when i'm executing: spamassassin 2>&1 -x -D -p /path/to/spam.assassin.prefs.conf --lint | grep bayes May? 2 11:00:00.625 [13939] dbg: config: fixed relative path: /var/lib/spamassassin/3.003001/saupdates_openprotect_com/ 70_sare_bayes_poison_nxm.cf May? 2 11:00:00.625 [13939] dbg: config: using "/var/lib/spamassassin/3.003001/saupdates_openprotect_com/ 70_sare_bayes_poison_nxm.cf" for included file May? 2 11:00:00.626 [13939] dbg: config: read file /var/lib/spamassassin/3.003001/saupdates_openprotect_com/ 70_sare_bayes_poison_nxm.cf May? 2 11:00:01.015 [13939] dbg: config: fixed relative path: /var/lib/spamassassin/3.003001/updates_spamassassin_org/23_bayes.cf May? 2 11:00:01.015 [13939] dbg: config: using "/var/lib/spamassassin/3.003001/updates_spamassassin_org/23_bayes.cf" for included file May? 2 11:00:01.015 [13939] dbg: config: read file /var/lib/spamassassin/3.003001/updates_spamassassin_org/23_bayes.cf May? 2 11:00:01.690 [13939] dbg: bayes: learner_new self=Mail::SpamAssassin::Plugin::Bayes=HASH(0xc8d37a0), bayes_store_module=Mail::SpamAssassin::BayesStore::SQL May? 2 11:00:01.698 [13939] dbg: bayes: using username: root May? 2 11:00:01.698 [13939] dbg: bayes: learner_new: got store=Mail::SpamAssassin::BayesStore::SQL=HASH(0xcd185d0) May? 2 11:00:01.795 [13939] dbg: bayes: unable to connect to database: Access denied for user 'root'@'mta1.host.com' (using password: YES) May? 2 11:00:01.852 [13939] dbg: bayes: unable to connect to database: Access denied for user 'root'@'mta1.host.com' (using password: YES) Why it keeps looking at the MailScanner host, even if I say "bayes_sql_dsn DBI:mysql:sa_bayes;sql.host.com ?? Thanks in advanced for any help. Kind regards, Roland -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110502/b833ae52/attachment-0001.html ------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read the Wiki (http://wiki.mailscanner.info/). Support MailScanner development - buy the book off the website! End of MailScanner Digest, Vol 65, Issue 2 ****************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110502/d324616d/attachment.html From markus at markusoft.se Tue May 3 16:23:19 2011 From: markus at markusoft.se (Markus Nilsson) Date: Tue May 3 16:23:33 2011 Subject: Bug in phishing net In-Reply-To: Message-ID: Hi! I believe I have found a bug in the phishing net regarding links with :80 in them. A link to www.site.com:80/folder with the text www.site.com/folder will fail due to a missing $2, which will match www.site.com against www.site.comfolder. The matching of the squashed link does it correctly: $squashedtext =~ s/^(http:\/\/[^:]+):80(\D|$)/$1$2/i; # Remove http:...:80 but later the substitution for the linkurl is not correct: $linkurl =~ s/^(https?:\/\/[^:]+):80($|\D)/$1/i; # Remove http://....:80 Here is a diff with the small correction: --- Message.pm 2011-05-03 17:13:54.000000000 +0200 +++ Message.pm.NEW 2011-05-03 17:16:20.000000000 +0200 @@ -7574,21 +7577,21 @@ $linkurl =~ s/^\[\d*\]//; # Remove leading [numbers] $linkurl =~ s/^blocked[:\/]+//i; # Remove "blocked::" labels $linkurl =~ s/^blocked[:\/]+//i; # And again, in case there are 2 $linkurl =~ s/^blocked[:\/]+//i; # And again, in case there are 3 $linkurl =~ s/^blocked[:\/]+//i; # And again, in case there are 4 $linkurl =~ s/^outbind:\/\/\d+\//http:\/\//i; # Remove "outbind://22/" type labels #$linkurl =~ s/^.*\<((https?|ftp|mailto):[^>]+)\>.*$/$1/i; # Turn blah-blah blah-blah into "http://link.here" $linkurl = $DisarmBaseURL . '/' . $linkurl if $linkurl ne "" && $DisarmBaseURL ne "" && $linkurl !~ /^(https?|ftp|mailto):/i; - $linkurl =~ s/^(https?:\/\/[^:]+):80($|\D)/$1/i; # Remove http://....:80 + $linkurl =~ s/^(https?:\/\/[^:]+):80($|\D)/$1$2/i; # Remove http://....:80 $linkurl =~ s/^(https?|ftp)[:;]\/\///i; return ("",0) if $linkurl =~ /^ma[il]+to[:;]/i; #$linkurl = "" if $linkurl =~ /^ma[il]+to[:;]/i; $linkurl =~ s/[?\/].*$//; # Only compare up to the first '/' or '?' $linkurl =~ s/(\<\/?(br|p|ul)\>)*$//ig; # Remove trailing br, p, ul tags return ("",0) if $linkurl =~ /^file:/i; # Ignore file: URLs completely #$linkurl = "" if $linkurl =~ /^file:/i; # Ignore file: URLs completely return ("",0) if $linkurl =~ /^#/; # Ignore internal links completely #$linkurl = "" if $linkurl =~ /^#/; # Ignore internal links completely $linkurl =~ s/\/$//; # LinkURL is trimmed -- note I am also hoping that my previous correction (which fixes the problem with multiple signature images being attached, even though configured not to!) will find it's way into the source at some point :) Both corrections are in the diff below! --- Message.pm 2011-05-03 17:13:54.000000000 +0200 +++ Message.pm.NEWNEW 2011-05-03 17:18:22.000000000 +0200 @@ -6859,39 +6859,42 @@ default_h => [ sub { print @_; }, "text"], ) ->parse_file($oldname) or MailScanner::Log::WarnLog("HTML disarming, can't open file %s: %s", $oldname, $!); } # Dump the contents of %DisarmDoneSomething down the pipe foreach my $ddskey (keys %DisarmDoneSomething) { print $pipe "$ddskey\n"; } + #Add SignatureImageIsFound Magic text if the sig is found + print $pipe "SignatureImageIsFound\n" if ($SigImageFound == 1); print $pipe "ENDENDEND\n"; $pipe->close; $pipe = undef; exit 0; # The child will never get here. } # In the parent. my @DisarmDoneSomething; eval { $pipe->reader(); local $SIG{ALRM} = sub { die "Command Timed Out" }; alarm MailScanner::Config::Value('spamassassintimeout'); # Read the contents of %DisarmDoneSomething from the pipe my($pipedata); while (defined($pipedata = <$pipe>)) { last if $pipedata eq "ENDENDEND\n"; chomp $pipedata; - push @DisarmDoneSomething, $pipedata; + $SigImageFound = 1 if($pipedata eq "SignatureImageIsFound"); + push @DisarmDoneSomething, $pipedata unless ($pipedata eq "SignatureImageIsFound"); #print STDERR "DisarmDoneSomething $pipedata\n"; } waitpid $pid, 0; $pipe->close; $PipeReturn = $?; alarm 0; $pid = 0; }; alarm 0; # Workaround for bug in perl shipped with Solaris 9, @@ -7574,21 +7577,21 @@ $linkurl =~ s/^\[\d*\]//; # Remove leading [numbers] $linkurl =~ s/^blocked[:\/]+//i; # Remove "blocked::" labels $linkurl =~ s/^blocked[:\/]+//i; # And again, in case there are 2 $linkurl =~ s/^blocked[:\/]+//i; # And again, in case there are 3 $linkurl =~ s/^blocked[:\/]+//i; # And again, in case there are 4 $linkurl =~ s/^outbind:\/\/\d+\//http:\/\//i; # Remove "outbind://22/" type labels #$linkurl =~ s/^.*\<((https?|ftp|mailto):[^>]+)\>.*$/$1/i; # Turn blah-blah blah-blah into "http://link.here" $linkurl = $DisarmBaseURL . '/' . $linkurl if $linkurl ne "" && $DisarmBaseURL ne "" && $linkurl !~ /^(https?|ftp|mailto):/i; - $linkurl =~ s/^(https?:\/\/[^:]+):80($|\D)/$1/i; # Remove http://....:80 + $linkurl =~ s/^(https?:\/\/[^:]+):80($|\D)/$1$2/i; # Remove http://....:80 $linkurl =~ s/^(https?|ftp)[:;]\/\///i; return ("",0) if $linkurl =~ /^ma[il]+to[:;]/i; #$linkurl = "" if $linkurl =~ /^ma[il]+to[:;]/i; $linkurl =~ s/[?\/].*$//; # Only compare up to the first '/' or '?' $linkurl =~ s/(\<\/?(br|p|ul)\>)*$//ig; # Remove trailing br, p, ul tags return ("",0) if $linkurl =~ /^file:/i; # Ignore file: URLs completely #$linkurl = "" if $linkurl =~ /^file:/i; # Ignore file: URLs completely return ("",0) if $linkurl =~ /^#/; # Ignore internal links completely #$linkurl = "" if $linkurl =~ /^#/; # Ignore internal links completely $linkurl =~ s/\/$//; # LinkURL is trimmed -- note BR/ Markus -- This message has been scanned for viruses and dangerous content by CronLab (www.cronlab.com), and is believed to be clean. From dm.gouveia at gmail.com Wed May 4 20:27:07 2011 From: dm.gouveia at gmail.com (Danilo Marques de Gouveia) Date: Wed May 4 20:27:18 2011 Subject: MS in loop Message-ID: Hi Guys, Anyone already had an error with MS that it keeps in loop and freeze all the emails that are incoming? I'm running the debug right now and I'm getting: In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Insecure dependency in open while running with -T switch at /usr/share/MailScanner//MailScanner/Lock.pm line 358. [fail] I've an ubuntu 10.10 box running with the same configs and everything works perfect so I think that it's a permission problem but I'm not finding it. Thanks in advance -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110504/c8bc1bbf/attachment.html From maxsec at gmail.com Wed May 4 21:18:39 2011 From: maxsec at gmail.com (Martin Hepworth) Date: Wed May 4 21:18:48 2011 Subject: MS in loop In-Reply-To: References: Message-ID: Looks like a conmon recent issue with some taint options Have a look in the archives over the last month or so for sone similar issues On Wednesday, 4 May 2011, Danilo Marques de Gouveia wrote: > Hi Guys, > > Anyone already had an error with MS that it keeps in loop and freeze all the emails that are incoming? > I'm running the debug right now and I'm getting: > > In Debugging mode, not forking...Trying to setlogsock(unix)Building a message batch to scan...Insecure dependency in open while running with -T switch at /usr/share/MailScanner//MailScanner/Lock.pm line 358. > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?[fail] > I've an ubuntu 10.10 box running with the same configs and everything works perfect so I think that it's a permission problem but I'm not finding it. > > Thanks in advance > -- -- Martin Hepworth Oxford, UK From kunal.gurukul at gmail.com Thu May 5 07:16:45 2011 From: kunal.gurukul at gmail.com (kunal verma) Date: Thu May 5 07:16:55 2011 Subject: Blocking Attachment on User Basis Message-ID: Dear Sir, I want to configure MailScanner to block attachment on *User basis*. All users may be able to send attachment in their mail for *local domain*. Only a list of few Users may be allowed send attachment to *local domain* as well as *outside domain,* rest all users are blocked from sending attachment to *outside domain*. How this can be achieved? Please let me know if it is possible. Kunal Verma -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110504/f8fb2d70/attachment.html From maxsec at gmail.com Thu May 5 10:17:38 2011 From: maxsec at gmail.com (Martin Hepworth) Date: Thu May 5 10:17:47 2011 Subject: Blocking Attachment on User Basis In-Reply-To: References: Message-ID: ruleset on MaxAttachmentSize should do it http://www.mailscanner.info/MailScanner.conf.index.html#Maximum%20Attachment%20Size is MailScanner isn't on the same host as the mailserver or a separate gateway machine and if on gateway I presume it scans email on the way out as well as on the way in? -- Martin Hepworth Oxford, UK On 5 May 2011 07:16, kunal verma wrote: > Dear Sir, > > I want to configure MailScanner to block attachment on *User basis*. > All users may be able to send attachment in their mail for *local domain* > . > Only a list of few Users may be allowed send attachment to *local domain*as well as > *outside domain,* > rest all users are blocked from sending attachment to *outside domain*. > > How this can be achieved? Please let me know if it is possible. > > > Kunal Verma > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110505/df0cd3af/attachment.html From victor.engmark at terreactive.ch Thu May 5 10:35:53 2011 From: victor.engmark at terreactive.ch (Victor Engmark) Date: Thu May 5 10:36:10 2011 Subject: DESTDIR equivalent? Message-ID: <4DC26F79.1030009@terreactive.ch> Hello all, Is there some way to make sure all of the Perl modules and MailScanner itself are installed relative to some directory, without modifying the install*.sh scripts? I'm installing from source since the system in question has a homebrew packaging system, and I'm creating a package for that with MailScanner and some other email tools. Cheers, Victor -- terreActive AG Kasinostrasse 30 CH-5001 Aarau Tel: +41 62 834 00 55 Fax: +41 62 823 93 56 www.terreactive.ch Wir sichern Ihren Erfolg - seit 15 Jahren From kunal.gurukul at gmail.com Thu May 5 10:41:40 2011 From: kunal.gurukul at gmail.com (kunal verma) Date: Thu May 5 10:41:49 2011 Subject: Blocking Attachment on User Basis In-Reply-To: References: Message-ID: MailScanner is on the same host as the mailserver. I m using sendmail8.13.8 as MTA. I send the mails destined to *outside domain* using UUCP to to *mail gateway *. the mail gateway then relays the mails destined to *outside domain*. Please give me an example configuration to block attachments on user basis for outside domains. Kunal Verma On Thu, May 5, 2011 at 2:17 AM, Martin Hepworth wrote: > ruleset on MaxAttachmentSize should do it > > > http://www.mailscanner.info/MailScanner.conf.index.html#Maximum%20Attachment%20Size > > is MailScanner isn't on the same host as the mailserver or a separate > gateway machine and if on gateway I presume it scans email on the way out as > well as on the way in? > > -- > Martin Hepworth > Oxford, UK > > > On 5 May 2011 07:16, kunal verma wrote: > >> Dear Sir, >> >> I want to configure MailScanner to block attachment on *User basis*. >> All users may be able to send attachment in their mail for *local domain* >> . >> Only a list of few Users may be allowed send attachment to *local domain*as well as >> *outside domain,* >> rest all users are blocked from sending attachment to *outside domain*. >> >> How this can be achieved? Please let me know if it is possible. >> >> >> Kunal Verma >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110505/79aed94a/attachment.html From maxsec at gmail.com Thu May 5 10:55:51 2011 From: maxsec at gmail.com (Martin Hepworth) Date: Thu May 5 10:56:00 2011 Subject: DESTDIR equivalent? In-Reply-To: <4DC26F79.1030009@terreactive.ch> References: <4DC26F79.1030009@terreactive.ch> Message-ID: the default installer puts everything in /opt/MailScanner and when run expects to find things in /opt/MailScanner. Not sure how well it reacts when put in other places even if you alter the config in lib config files. -- Martin Hepworth Oxford, UK On 5 May 2011 10:35, Victor Engmark wrote: > Hello all, > > Is there some way to make sure all of the Perl modules and MailScanner > itself are installed relative to some directory, without modifying the > install*.sh scripts? > > I'm installing from source since the system in question has a homebrew > packaging system, and I'm creating a package for that with MailScanner > and some other email tools. > > Cheers, > Victor > -- > terreActive AG > Kasinostrasse 30 > CH-5001 Aarau > Tel: +41 62 834 00 55 > Fax: +41 62 823 93 56 > www.terreactive.ch > > Wir sichern Ihren Erfolg - seit 15 Jahren > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110505/688e9be1/attachment.html From maxsec at gmail.com Thu May 5 10:57:03 2011 From: maxsec at gmail.com (Martin Hepworth) Date: Thu May 5 10:57:12 2011 Subject: Blocking Attachment on User Basis In-Reply-To: References: Message-ID: read up using rulesets in the wiki and examples/doc directories. It's quite easy. -- Martin Hepworth Oxford, UK On 5 May 2011 10:41, kunal verma wrote: > MailScanner is on the same host as the mailserver. I m using sendmail8.13.8 > as MTA. I send the mails destined to *outside domain* using UUCP to to *mail > gateway *. the mail gateway then relays the mails destined to *outside > domain*. > Please give me an example configuration to block attachments on user basis > for outside domains. > > Kunal Verma > > > On Thu, May 5, 2011 at 2:17 AM, Martin Hepworth wrote: > >> ruleset on MaxAttachmentSize should do it >> >> >> http://www.mailscanner.info/MailScanner.conf.index.html#Maximum%20Attachment%20Size >> >> is MailScanner isn't on the same host as the mailserver or a separate >> gateway machine and if on gateway I presume it scans email on the way out as >> well as on the way in? >> >> -- >> Martin Hepworth >> Oxford, UK >> >> >> On 5 May 2011 07:16, kunal verma wrote: >> >>> Dear Sir, >>> >>> I want to configure MailScanner to block attachment on *User basis*. >>> All users may be able to send attachment in their mail for *local domain >>> *. >>> Only a list of few Users may be allowed send attachment to *local domain >>> * as well as *outside domain,* >>> rest all users are blocked from sending attachment to *outside domain*. >>> >>> How this can be achieved? Please let me know if it is possible. >>> >>> >>> Kunal Verma >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110505/2d8d36c0/attachment.html From victor.engmark at terreactive.ch Thu May 5 11:18:19 2011 From: victor.engmark at terreactive.ch (Victor Engmark) Date: Thu May 5 11:18:34 2011 Subject: DESTDIR equivalent? In-Reply-To: <11759399.25581.1304589639694.JavaMail.trustmail@mail1.terreactive.ch> References: <4DC26F79.1030009@terreactive.ch> <11759399.25581.1304589639694.JavaMail.trustmail@mail1.terreactive.ch> Message-ID: <4DC2796B.1030208@terreactive.ch> On 05/05/2011 11:55 AM, Martin Hepworth wrote: > the default installer puts everything in /opt/MailScanner The problem is rather that not everything is put in /opt/MailScanner: * A bunch of Perl modules are installed in /usr/opt/perl58/lib/site_perl/5.8.9, and will have to be extricated somehow. The easiest way is if a DESTDIR variable can be passed to `perl Makefile.PL`, since all of them respect that. This doesn't work as expected since there are dependencies between the modules, so they won't build unless I install them both locally and with DESTDIR. * /var/spool/MailScanner and subdirectories seem to be created by the installation. > and when run expects to find things in /opt/MailScanner. Not sure how > well it reacts when put in other places even if you alter the config > in lib config files. In the final installation everything will be put back to /, so that shouldn't be a problem at runtime. Cheers, Victor -- terreActive AG Kasinostrasse 30 CH-5001 Aarau Tel: +41 62 834 00 55 Fax: +41 62 823 93 56 www.terreactive.ch Wir sichern Ihren Erfolg - seit 15 Jahren From alex at skynet-srl.com Thu May 5 17:37:14 2011 From: alex at skynet-srl.com (Alessandro Bianchi) Date: Thu May 5 17:38:01 2011 Subject: Taint problems In-Reply-To: References: <201104191100.p3JB02LK010305@safir.blacknight.ie> <4DAEB9FC.8060004@skynet-srl.com> Message-ID: <23f3403d-178a-482e-a12a-a410080846cc@email.android.com> Danilo Marques de Gouveia ha scritto: WOW !!! That worked !!! Thanks for the help man, let me ask you somthing, I do have another server that doesn't show up this error, I'm wondering if we are getting this error because we got any perl updates or even a new version of anything else. Thanks in advance On Thu, May 5, 2011 at 12:58 PM, Alessandro Bianchi wrote: Danilo Marques de Gouveia ha scritto: Hi Alessandro, I'm getting the same issue that you got, when I run the mailscanner in debug mode I got the error: In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Insecure dependency in open while running with -T switch at /usr/share/MailScanner//MailScanner/Lock.pm line 358. [fail] root@mx:/var/spool/postfix/active# In the list you wrote that you changed the /usr/sbin/MailScanner and added the -U option ... I didn't get this part, which change you did? If you could help me with this issue I would be very pleased since I'm fighting agains my MS server for two days :( On Wed, Apr 20, 2011 at 7:48 AM, Alessandro Bianchi wrote: Hi folks I discovered that the problems that forced me to run MS as root were originated by taint mode errors. Something has happened on my Fedora 14 Systems so that MS spits a load of taint errors and dies. Here there are some of them: /usr/lib/MailScanner/MailScanner/Lock.pm line 358 /usr/lib/MailScanner/MailScanner/Message.pm line 538 Insecure dependency in chown while running with -T switch at /usr/lib/MailScanner/MailScanner/Message.pm line 1381. /usr/lib/MailScanner/MailScanner/Message.pm line 2418 /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 173 /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 176. /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 379 /usr/lib/MailScanner/MailScanner/Quarantine.pm line 189 Can't call method "print" on an undefined value at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 752. Can't call method "CombineReports" on unblessed reference at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 736. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in mkdir while running with -T switch at /usr/lib/MailScanner/MailScanner/TNEF.pm line 233. Insecure dependency in mkdir while running with -T switch at /usr/lib/MailScanner/MailScanner/TNEF.pm line 236. Insecure dependency in open while running with -T switch at /usr/share/perl5/File/Copy.pm line 246. The synptom is MS starting and restarting over and over again in the logs. I begun to follow the errors using the --debug switch, and fixed some of them, until I came to errors in files that appear to be System libraries (p.e. /usr/share/perl5/File/Copy.pm ). Furthermore running as root prevented Postfix from picking up files from the incoming directory and that leaded me to a non functional mail system: so I had to go back to running MS as postfix user and avoinding fatal taint errors. Till now, after several hours, the only way I found to run MS , is adding the -U switch in the showbang line in /usr/sbin/MailScanner. This switch, to my understanding, turns fatal taint errors in warning, but I'm still looking for a definitive fix. Hope to save some night work hours to someone else with this info. Best regards Alessandro Bianchi -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da SkyNet SRL, ed e' risultato non infetto. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Danilo Marques de Gouveia -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da SkyNet Srl, ed e' risultato non infetto. Just edit your MS executable ( should be something like /sbin/MailScanner but I'm out of office right now) and at the end of the first line add "-U" (without quotes). This should do the trick. Tell me if it is Ok. Best regards -- Skynet srl - Via Maggiate 67/a - Borgomanero (NO) Tel +39 0322 836487 - Fax +39 0322 836608 www.skynet-srl.com Inviato dal mio tablet Android -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da SkyNet Srl, ed e' risultato non infetto. -- Danilo Marques de Gouveia -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da SkyNet Srl, ed e' risultato non infetto. Happy it did! It seems to be related to perl update. Which distro are you running? -- Skynet srl - Via Maggiate 67/a - Borgomanero (NO) Tel +39 0322 836487 - Fax +39 0322 836608 www.skynet-srl.com Inviato dal mio tablet Android -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da SkyNet SRL, ed e' risultato non infetto. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110505/473f6736/attachment.html From alex at skynet-srl.com Thu May 5 19:34:44 2011 From: alex at skynet-srl.com (Alessandro Bianchi) Date: Thu May 5 19:35:30 2011 Subject: Taint problems In-Reply-To: References: <201104191100.p3JB02LK010305@safir.blacknight.ie> <4DAEB9FC.8060004@skynet-srl.com> <23f3403d-178a-482e-a12a-a410080846cc@email.android.com> Message-ID: <776b76ef-134b-4d09-b700-f6a4dd8a34c7@email.android.com> Danilo Marques de Gouveia ha scritto: Running on ubuntu 10.10 Perl This is perl, v5.10.1 (*) built for i686-linux-gnu-thread-multi There is something that doesn't fit, I do have another machine with the same kernel / mailscanner and perl version and I didn't got this error so far ... Maybe because the uptime is in 30 days and didn't get a reboot after the updates ... anyway, I will reboot this server soon, lets see if I'll have the same issue. On Thu, May 5, 2011 at 1:37 PM, Alessandro Bianchi wrote: Danilo Marques de Gouveia ha scritto: WOW !!! That worked !!! Thanks for the help man, let me ask you somthing, I do have another server that doesn't show up this error, I'm wondering if we are getting this error because we got any perl updates or even a new version of anything else. Thanks in advance On Thu, May 5, 2011 at 12:58 PM, Alessandro Bianchi wrote: Danilo Marques de Gouveia ha scritto: Hi Alessandro, I'm getting the same issue that you got, when I run the mailscanner in debug mode I got the error: In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Insecure dependency in open while running with -T switch at /usr/share/MailScanner//MailScanner/Lock.pm line 358. [fail] root@mx:/var/spool/postfix/active# In the list you wrote that you changed the /usr/sbin/MailScanner and added the -U option ... I didn't get this part, which change you did? If you could help me with this issue I would be very pleased since I'm fighting agains my MS server for two days :( On Wed, Apr 20, 2011 at 7:48 AM, Alessandro Bianchi wrote: Hi folks I discovered that the problems that forced me to run MS as root were originated by taint mode errors. Something has happened on my Fedora 14 Systems so that MS spits a load of taint errors and dies. Here there are some of them: /usr/lib/MailScanner/MailScanner/Lock.pm line 358 /usr/lib/MailScanner/MailScanner/Message.pm line 538 Insecure dependency in chown while running with -T switch at /usr/lib/MailScanner/MailScanner/Message.pm line 1381. /usr/lib/MailScanner/MailScanner/Message.pm line 2418 /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 173 /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 176. /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 379 /usr/lib/MailScanner/MailScanner/Quarantine.pm line 189 Can't call method "print" on an undefined value at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 752. Can't call method "CombineReports" on unblessed reference at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 736. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in mkdir while running with -T switch at /usr/lib/MailScanner/MailScanner/TNEF.pm line 233. Insecure dependency in mkdir while running with -T switch at /usr/lib/MailScanner/MailScanner/TNEF.pm line 236. Insecure dependency in open while running with -T switch at /usr/share/perl5/File/Copy.pm line 246. The synptom is MS starting and restarting over and over again in the logs. I begun to follow the errors using the --debug switch, and fixed some of them, until I came to errors in files that appear to be System libraries (p.e. /usr/share/perl5/File/Copy.pm ). Furthermore running as root prevented Postfix from picking up files from the incoming directory and that leaded me to a non functional mail system: so I had to go back to running MS as postfix user and avoinding fatal taint errors. Till now, after several hours, the only way I found to run MS , is adding the -U switch in the showbang line in /usr/sbin/MailScanner. This switch, to my understanding, turns fatal taint errors in warning, but I'm still looking for a definitive fix. Hope to save some night work hours to someone else with this info. Best regards Alessandro Bianchi -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da SkyNet SRL, ed e' risultato non infetto. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Danilo Marques de Gouveia -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da SkyNet Srl, ed e' risultato non infetto. Just edit your MS executable ( should be something like /sbin/MailScanner but I'm out of office right now) and at the end of the first line add "-U" (without quotes). This should do the trick. Tell me if it is Ok. Best regards -- Skynet srl - Via Maggiate 67/a - Borgomanero (NO) Tel +39 0322 836487 - Fax +39 0322 836608 www.skynet-srl.com Inviato dal mio tablet Android -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da SkyNet Srl, ed e' risultato non infetto. -- Danilo Marques de Gouveia -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da SkyNet Srl, ed e' risultato non infetto. Happy it did! It seems to be related to perl update. Which distro are you running? -- Skynet srl - Via Maggiate 67/a - Borgomanero (NO) Tel +39 0322 836487 - Fax +39 0322 836608 www.skynet-srl.com Inviato dal mio tablet Android -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da SkyNet Srl, ed e' risultato non infetto. -- Danilo Marques de Gouveia -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da SkyNet Srl, ed e' risultato non infetto. I suspect this is somehow related to libraries. Tomorrow morning I'll check my perl version even if I'm on a 64 bit platform -- Skynet srl - Via Maggiate 67/a - Borgomanero (NO) Tel +39 0322 836487 - Fax +39 0322 836608 www.skynet-srl.com Inviato dal mio tablet Android -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110505/c09825bb/attachment.html From kunal.gurukul at gmail.com Fri May 6 07:05:33 2011 From: kunal.gurukul at gmail.com (kunal verma) Date: Fri May 6 07:05:43 2011 Subject: Blocking Attachment on User Basis In-Reply-To: References: Message-ID: can we put the user lists in a file so that i have to update file each time i add/remove a user??/ On Thu, May 5, 2011 at 2:57 AM, Martin Hepworth wrote: > read up using rulesets in the wiki and examples/doc directories. It's quite > easy. > > -- > Martin Hepworth > Oxford, UK > > > > On 5 May 2011 10:41, kunal verma wrote: > >> MailScanner is on the same host as the mailserver. I m using >> sendmail8.13.8 as MTA. I send the mails destined to *outside domain*using UUCP to to >> *mail gateway *. the mail gateway then relays the mails destined to *outside >> domain*. >> Please give me an example configuration to block attachments on user basis >> for outside domains. >> >> Kunal Verma >> >> >> On Thu, May 5, 2011 at 2:17 AM, Martin Hepworth wrote: >> >>> ruleset on MaxAttachmentSize should do it >>> >>> >>> http://www.mailscanner.info/MailScanner.conf.index.html#Maximum%20Attachment%20Size >>> >>> is MailScanner isn't on the same host as the mailserver or a separate >>> gateway machine and if on gateway I presume it scans email on the way out as >>> well as on the way in? >>> >>> -- >>> Martin Hepworth >>> Oxford, UK >>> >>> >>> On 5 May 2011 07:16, kunal verma wrote: >>> >>>> Dear Sir, >>>> >>>> I want to configure MailScanner to block attachment on *User basis*. >>>> All users may be able to send attachment in their mail for *local >>>> domain*. >>>> Only a list of few Users may be allowed send attachment to *local >>>> domain* as well as *outside domain,* >>>> rest all users are blocked from sending attachment to *outside domain*. >>>> >>>> How this can be achieved? Please let me know if it is possible. >>>> >>>> >>>> Kunal Verma >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110505/bccb31a6/attachment.html From alex at vidadigital.com.pa Fri May 6 13:39:20 2011 From: alex at vidadigital.com.pa (Alex Neuman) Date: Fri May 6 13:39:31 2011 Subject: Blocking Attachment on User Basis In-Reply-To: References: Message-ID: That's the only way. Read about rulesets. On Fri, May 6, 2011 at 1:05 AM, kunal verma wrote: > can we put the user lists in a file so that i have to update file each time > i add/remove a user??/ > > On Thu, May 5, 2011 at 2:57 AM, Martin Hepworth wrote: > >> read up using rulesets in the wiki and examples/doc directories. It's >> quite easy. >> >> -- >> Martin Hepworth >> Oxford, UK >> >> >> >> On 5 May 2011 10:41, kunal verma wrote: >> >>> MailScanner is on the same host as the mailserver. I m using >>> sendmail8.13.8 as MTA. I send the mails destined to *outside domain*using UUCP to to >>> *mail gateway *. the mail gateway then relays the mails destined to *outside >>> domain*. >>> Please give me an example configuration to block attachments on user >>> basis for outside domains. >>> >>> Kunal Verma >>> >>> >>> On Thu, May 5, 2011 at 2:17 AM, Martin Hepworth wrote: >>> >>>> ruleset on MaxAttachmentSize should do it >>>> >>>> >>>> http://www.mailscanner.info/MailScanner.conf.index.html#Maximum%20Attachment%20Size >>>> >>>> is MailScanner isn't on the same host as the mailserver or a separate >>>> gateway machine and if on gateway I presume it scans email on the way out as >>>> well as on the way in? >>>> >>>> -- >>>> Martin Hepworth >>>> Oxford, UK >>>> >>>> >>>> On 5 May 2011 07:16, kunal verma wrote: >>>> >>>>> Dear Sir, >>>>> >>>>> I want to configure MailScanner to block attachment on *User basis*. >>>>> All users may be able to send attachment in their mail for *local >>>>> domain*. >>>>> Only a list of few Users may be allowed send attachment to *local >>>>> domain* as well as *outside domain,* >>>>> rest all users are blocked from sending attachment to *outside domain* >>>>> . >>>>> >>>>> How this can be achieved? Please let me know if it is possible. >>>>> >>>>> >>>>> Kunal Verma >>>>> >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110506/38aa538b/attachment.html From kunal.gurukul at gmail.com Fri May 6 13:48:08 2011 From: kunal.gurukul at gmail.com (kunal verma) Date: Fri May 6 13:48:17 2011 Subject: Blocking Attachment on User Basis In-Reply-To: References: Message-ID: Thanks for your help. I m able to block with configuration files and rule sets. add a line for each user to create rule. Is is possible to create groups of users and implement the same i.e. for each group of user create a different file and place a line of rule for each group. Kunal Verma On Fri, May 6, 2011 at 5:39 AM, Alex Neuman wrote: > That's the only way. Read about rulesets. > > > On Fri, May 6, 2011 at 1:05 AM, kunal verma wrote: > >> can we put the user lists in a file so that i have to update file each >> time i add/remove a user??/ >> >> On Thu, May 5, 2011 at 2:57 AM, Martin Hepworth wrote: >> >>> read up using rulesets in the wiki and examples/doc directories. It's >>> quite easy. >>> >>> -- >>> Martin Hepworth >>> Oxford, UK >>> >>> >>> >>> On 5 May 2011 10:41, kunal verma wrote: >>> >>>> MailScanner is on the same host as the mailserver. I m using >>>> sendmail8.13.8 as MTA. I send the mails destined to *outside domain*using UUCP to to >>>> *mail gateway *. the mail gateway then relays the mails destined to *outside >>>> domain*. >>>> Please give me an example configuration to block attachments on user >>>> basis for outside domains. >>>> >>>> Kunal Verma >>>> >>>> >>>> On Thu, May 5, 2011 at 2:17 AM, Martin Hepworth wrote: >>>> >>>>> ruleset on MaxAttachmentSize should do it >>>>> >>>>> >>>>> http://www.mailscanner.info/MailScanner.conf.index.html#Maximum%20Attachment%20Size >>>>> >>>>> is MailScanner isn't on the same host as the mailserver or a separate >>>>> gateway machine and if on gateway I presume it scans email on the way out as >>>>> well as on the way in? >>>>> >>>>> -- >>>>> Martin Hepworth >>>>> Oxford, UK >>>>> >>>>> >>>>> On 5 May 2011 07:16, kunal verma wrote: >>>>> >>>>>> Dear Sir, >>>>>> >>>>>> I want to configure MailScanner to block attachment on *User basis*. >>>>>> All users may be able to send attachment in their mail for *local >>>>>> domain*. >>>>>> Only a list of few Users may be allowed send attachment to *local >>>>>> domain* as well as *outside domain,* >>>>>> rest all users are blocked from sending attachment to *outside domain >>>>>> *. >>>>>> >>>>>> How this can be achieved? Please let me know if it is possible. >>>>>> >>>>>> >>>>>> Kunal Verma >>>>>> >>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > -- > > -- > > Alex Neuman van der Hans > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > +507-6781-9505 > +507-832-6725 > +1-440-253-9789 (USA) > > Follow @AlexNeuman on Twitter > http://facebook.com/vidadigital > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110506/272f9dfe/attachment.html From maxsec at gmail.com Fri May 6 14:44:36 2011 From: maxsec at gmail.com (Martin Hepworth) Date: Fri May 6 14:44:44 2011 Subject: Blocking Attachment on User Basis In-Reply-To: References: Message-ID: yes, look for "overloading" in the mailscanner wiki -- Martin Hepworth Oxford, UK On 6 May 2011 13:48, kunal verma wrote: > Thanks for your help. I m able to block with configuration files and rule > sets. > add a line for each user to create rule. > Is is possible to create groups of users and implement the same i.e. for > each group of user create a different file and > place a line of rule for each group. > > Kunal Verma > > > > On Fri, May 6, 2011 at 5:39 AM, Alex Neuman wrote: > >> That's the only way. Read about rulesets. >> >> >> On Fri, May 6, 2011 at 1:05 AM, kunal verma wrote: >> >>> can we put the user lists in a file so that i have to update file each >>> time i add/remove a user??/ >>> >>> On Thu, May 5, 2011 at 2:57 AM, Martin Hepworth wrote: >>> >>>> read up using rulesets in the wiki and examples/doc directories. It's >>>> quite easy. >>>> >>>> -- >>>> Martin Hepworth >>>> Oxford, UK >>>> >>>> >>>> >>>> On 5 May 2011 10:41, kunal verma wrote: >>>> >>>>> MailScanner is on the same host as the mailserver. I m using >>>>> sendmail8.13.8 as MTA. I send the mails destined to *outside domain*using UUCP to to >>>>> *mail gateway *. the mail gateway then relays the mails destined to *outside >>>>> domain*. >>>>> Please give me an example configuration to block attachments on user >>>>> basis for outside domains. >>>>> >>>>> Kunal Verma >>>>> >>>>> >>>>> On Thu, May 5, 2011 at 2:17 AM, Martin Hepworth wrote: >>>>> >>>>>> ruleset on MaxAttachmentSize should do it >>>>>> >>>>>> >>>>>> http://www.mailscanner.info/MailScanner.conf.index.html#Maximum%20Attachment%20Size >>>>>> >>>>>> is MailScanner isn't on the same host as the mailserver or a separate >>>>>> gateway machine and if on gateway I presume it scans email on the way out as >>>>>> well as on the way in? >>>>>> >>>>>> -- >>>>>> Martin Hepworth >>>>>> Oxford, UK >>>>>> >>>>>> >>>>>> On 5 May 2011 07:16, kunal verma wrote: >>>>>> >>>>>>> Dear Sir, >>>>>>> >>>>>>> I want to configure MailScanner to block attachment on *User basis* >>>>>>> . >>>>>>> All users may be able to send attachment in their mail for *local >>>>>>> domain*. >>>>>>> Only a list of few Users may be allowed send attachment to *local >>>>>>> domain* as well as *outside domain,* >>>>>>> rest all users are blocked from sending attachment to *outside >>>>>>> domain*. >>>>>>> >>>>>>> How this can be achieved? Please let me know if it is possible. >>>>>>> >>>>>>> >>>>>>> Kunal Verma >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> MailScanner mailing list >>>>>>> mailscanner@lists.mailscanner.info >>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>> >>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>>> >>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> >> -- >> >> -- >> >> Alex Neuman van der Hans >> Reliant Technologies / Vida Digital >> http://vidadigital.com.pa/ >> >> +507-6781-9505 >> +507-832-6725 >> +1-440-253-9789 (USA) >> >> Follow @AlexNeuman on Twitter >> http://facebook.com/vidadigital >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110506/a7cdee7f/attachment.html From john at tradoc.fr Mon May 9 17:20:56 2011 From: john at tradoc.fr (John Wilcock) Date: Mon May 9 17:21:13 2011 Subject: Taint problems In-Reply-To: <61E6D7A087BF46D48F0657F307D34932@SAHOMELT> References: <20110421175625.GA9692@symphytum.spacehopper.org> <61E6D7A087BF46D48F0657F307D34932@SAHOMELT> Message-ID: <4DC81468.9090200@tradoc.fr> Le 21/04/2011 20:25, Rick Cooper a ?crit : > This might be something Julian wants to revisit with so many people > using perl 5.10+ I've just been hit by this after upgrading perl from 5.12.2 to 5.12.3 on a gentoo box, only solved by adding -U in /usr/sbin/MailScanner. Julian, any chance of taking a look at all these taint errors? Insecure dependency in open while running with -T switch at /usr/lib/MailScanner/MailScanner/Lock.pm line 358. Insecure dependency in chown while running with -T switch at /usr/lib/MailScanner/MailScanner/Message.pm line 538. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/5.12.2/x86_64-linux/IO/File.pm line 185, <$fh> line 6. Insecure dependency in chdir while running with -T switch at /usr/lib/MailScanner/MailScanner/Message.pm line 2415. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/5.12.2/x86_64-linux/IO/File.pm line 185. Insecure dependency in chown while running with -T switch at /usr/lib/MailScanner/MailScanner/Message.pm line 1377. Insecure dependency in open while running with -T switch at /usr/lib/MailScanner/MailScanner/Lock.pm line 358. Insecure dependency in chmod while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 379. Insecure dependency in utime while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 412. Insecure dependency in rename while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 413. Insecure dependency in unlink while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 173. John. -- -- Over 4000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From dm.gouveia at gmail.com Mon May 9 18:54:22 2011 From: dm.gouveia at gmail.com (Danilo Marques de Gouveia) Date: Mon May 9 18:54:32 2011 Subject: Taint problems In-Reply-To: <4DC81468.9090200@tradoc.fr> References: <20110421175625.GA9692@symphytum.spacehopper.org> <61E6D7A087BF46D48F0657F307D34932@SAHOMELT> <4DC81468.9090200@tradoc.fr> Message-ID: I don't think that it's just something related to perl version. I'm running the MS with perl v5.10.1 and I'm getting the same problem, what I realized is that with the kernel version 2.6.35 I got this error and with the kernel version 2.6.32 I was running it without problems ... On Mon, May 9, 2011 at 1:20 PM, John Wilcock wrote: > Le 21/04/2011 20:25, Rick Cooper a ?crit : > > This might be something Julian wants to revisit with so many people >> using perl 5.10+ >> > > I've just been hit by this after upgrading perl from 5.12.2 to 5.12.3 on a > gentoo box, only solved by adding -U in /usr/sbin/MailScanner. > > Julian, any chance of taking a look at all these taint errors? > > Insecure dependency in open while running with -T switch at > /usr/lib/MailScanner/MailScanner/Lock.pm line 358. > Insecure dependency in chown while running with -T switch at > /usr/lib/MailScanner/MailScanner/Message.pm line 538. > Insecure dependency in open while running with -T switch at > /usr/lib64/perl5/vendor_perl/5.12.2/x86_64-linux/IO/File.pm line 185, <$fh> > line 6. > > Insecure dependency in chdir while running with -T switch at > /usr/lib/MailScanner/MailScanner/Message.pm line 2415. > Insecure dependency in open while running with -T switch at > /usr/lib64/perl5/vendor_perl/5.12.2/x86_64-linux/IO/File.pm line 185. > Insecure dependency in chown while running with -T switch at > /usr/lib/MailScanner/MailScanner/Message.pm line 1377. > > Insecure dependency in open while running with -T switch at > /usr/lib/MailScanner/MailScanner/Lock.pm line 358. > Insecure dependency in chmod while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 379. > Insecure dependency in utime while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 412. > Insecure dependency in rename while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 413. > Insecure dependency in unlink while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 173. > > John. > > -- > -- Over 4000 webcams from ski resorts around the world - www.snoweye.com > -- Translate your technical documents and web pages - www.tradoc.fr > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Danilo Marques de Gouveia -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110509/7810e4df/attachment.html From kunal.gurukul at gmail.com Tue May 10 11:31:24 2011 From: kunal.gurukul at gmail.com (kunal verma) Date: Tue May 10 11:31:34 2011 Subject: Blocking Attachment on User Basis In-Reply-To: References: Message-ID: what i got is that overloading is to override rules(have overlapping rule) in a particular domain or user.... I m asking if a list of users in same domain have a same rule. Is it possible to have a this list of users in single file. Kunal Verma On Fri, May 6, 2011 at 6:44 AM, Martin Hepworth wrote: > yes, look for "overloading" in the mailscanner wiki > > -- > Martin Hepworth > Oxford, UK > > > > On 6 May 2011 13:48, kunal verma wrote: > >> Thanks for your help. I m able to block with configuration files and rule >> sets. >> add a line for each user to create rule. >> Is is possible to create groups of users and implement the same i.e. for >> each group of user create a different file and >> place a line of rule for each group. >> >> Kunal Verma >> >> >> >> On Fri, May 6, 2011 at 5:39 AM, Alex Neuman wrote: >> >>> That's the only way. Read about rulesets. >>> >>> >>> On Fri, May 6, 2011 at 1:05 AM, kunal verma wrote: >>> >>>> can we put the user lists in a file so that i have to update file each >>>> time i add/remove a user??/ >>>> >>>> On Thu, May 5, 2011 at 2:57 AM, Martin Hepworth wrote: >>>> >>>>> read up using rulesets in the wiki and examples/doc directories. It's >>>>> quite easy. >>>>> >>>>> -- >>>>> Martin Hepworth >>>>> Oxford, UK >>>>> >>>>> >>>>> >>>>> On 5 May 2011 10:41, kunal verma wrote: >>>>> >>>>>> MailScanner is on the same host as the mailserver. I m using >>>>>> sendmail8.13.8 as MTA. I send the mails destined to *outside domain*using UUCP to to >>>>>> *mail gateway *. the mail gateway then relays the mails destined to >>>>>> *outside domain*. >>>>>> Please give me an example configuration to block attachments on user >>>>>> basis for outside domains. >>>>>> >>>>>> Kunal Verma >>>>>> >>>>>> >>>>>> On Thu, May 5, 2011 at 2:17 AM, Martin Hepworth wrote: >>>>>> >>>>>>> ruleset on MaxAttachmentSize should do it >>>>>>> >>>>>>> >>>>>>> http://www.mailscanner.info/MailScanner.conf.index.html#Maximum%20Attachment%20Size >>>>>>> >>>>>>> is MailScanner isn't on the same host as the mailserver or a >>>>>>> separate gateway machine and if on gateway I presume it scans email on the >>>>>>> way out as well as on the way in? >>>>>>> >>>>>>> -- >>>>>>> Martin Hepworth >>>>>>> Oxford, UK >>>>>>> >>>>>>> >>>>>>> On 5 May 2011 07:16, kunal verma wrote: >>>>>>> >>>>>>>> Dear Sir, >>>>>>>> >>>>>>>> I want to configure MailScanner to block attachment on *User basis >>>>>>>> *. >>>>>>>> All users may be able to send attachment in their mail for *local >>>>>>>> domain*. >>>>>>>> Only a list of few Users may be allowed send attachment to *local >>>>>>>> domain* as well as *outside domain,* >>>>>>>> rest all users are blocked from sending attachment to *outside >>>>>>>> domain*. >>>>>>>> >>>>>>>> How this can be achieved? Please let me know if it is possible. >>>>>>>> >>>>>>>> >>>>>>>> Kunal Verma >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> MailScanner mailing list >>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>> >>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> MailScanner mailing list >>>>>>> mailscanner@lists.mailscanner.info >>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>> >>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>>> >>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> >>> -- >>> >>> -- >>> >>> Alex Neuman van der Hans >>> Reliant Technologies / Vida Digital >>> http://vidadigital.com.pa/ >>> >>> +507-6781-9505 >>> +507-832-6725 >>> +1-440-253-9789 (USA) >>> >>> Follow @AlexNeuman on Twitter >>> http://facebook.com/vidadigital >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110510/8a0a5603/attachment.html From glenn.steen at gmail.com Tue May 10 13:14:27 2011 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 10 13:14:37 2011 Subject: Blocking Attachment on User Basis In-Reply-To: References: Message-ID: On 10 May 2011 12:31, kunal verma wrote: > what i got is that overloading is to override rules(have overlapping rule) > in a particular domain or user.... > I m asking if a list of ?users in same domain have a same rule. Is it > possible to have a this list of users in single file. > Kunal Verma > Yes, you can have a file just containing the recipients (for example) and specify that instead of the actual recipient, IIRC. It should probably be the absolute path, and this will be expanded to one rule per line in the file... So one item per row... ISTR this being mentioned in the examples, or possibly in the book. You can call MailScanner to test it, to see what value it'd use... "MailScanner --help" will show the syntax... Something like (I run it as the postfix user, since I run MailScanner as that user...): ]# su - postfix -s /bin/bash -bash-3.2$ /usr/sbin/MailScanner --value=maxattachmentsize --from=aa.nn@example.net --to=bb.nn@example.net Looked up internal option name "maxattachmentsize" With sender = aa.nn@example.net recipient = bb.nn@example.net Client IP = Virus = Result is "-1" -bash-3.2$ As you can see, I don't check this setting in MS, since MS isn't the best place to bounce things... Far better to use a milter in your MTA, if possible, if you intend to bounce things. If just "silent discard", then it doesn't matter... MS is as good as any place then. > On Fri, May 6, 2011 at 6:44 AM, Martin Hepworth wrote: >> >> yes, look for "overloading" in the mailscanner wiki >> >> -- >> Martin Hepworth >> Oxford, UK >> (snip) Cheers! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From piccardi at gmx.net Wed May 11 09:05:35 2011 From: piccardi at gmx.net (Alexander Piccardi) Date: Wed May 11 09:05:46 2011 Subject: SpamAssassin Rule Actions Message-ID: <20110511080535.28620@gmx.net> We made an GUI to generate Rule-Set within the MailScanner.conf it works but by using conf file no action is taken. File: /etc/MailScanner/rules/spam.rule.actions.rules # SpamAssassin Rule Actions ########################### # autogenerated by Engine do not change by hand # Dummy Rule ANTZERO_DUMMY=>not-deliver,store header "ANTZERO-DUMMY: Was to _TO_" # Begin Rules # autogenerated do not change by hand # BEGIN SA_RULE_24 # Comment: Test Rule SA_RULE_24=>store-mcp header "ANTZERO-DUMMY: Was to _TO_" # END SA_RULE_24 we also build an cf entry in /etc/mail/spamassassin like this: header SA_RULE_24 From =~ /user/@example.com/ describe SA_RULE_24 Test Rule score SA_RULE_24 0.01 ---------- Log is saying nothing ... Thank you -- NEU: FreePhone - kostenlos mobil telefonieren und surfen! Jetzt informieren: http://www.gmx.net/de/go/freephone From ms-list at alexb.ch Wed May 11 09:48:03 2011 From: ms-list at alexb.ch (Alex Broens) Date: Wed May 11 09:48:13 2011 Subject: SpamAssassin Rule Actions In-Reply-To: <20110511080535.28620@gmx.net> References: <20110511080535.28620@gmx.net> Message-ID: <4DCA4D43.8060108@alexb.ch> On 2011-05-11 10:05, Alexander Piccardi wrote: > > We made an GUI to generate Rule-Set within the MailScanner.conf it works but by using conf file no action is taken. > > > File: /etc/MailScanner/rules/spam.rule.actions.rules > > > # SpamAssassin Rule Actions ########################### > # autogenerated by Engine do not change by hand > > # Dummy Rule > ANTZERO_DUMMY=>not-deliver,store header "ANTZERO-DUMMY: Was to _TO_" > > # Begin Rules > # autogenerated do not change by hand > > # BEGIN SA_RULE_24 > # Comment: Test Rule > SA_RULE_24=>store-mcp header "ANTZERO-DUMMY: Was to _TO_" > > # END SA_RULE_24 > > > we also build an cf entry in /etc/mail/spamassassin like this: > > header SA_RULE_24 From =~ /user/@example.com/ > describe SA_RULE_24 Test Rule > score SA_RULE_24 0.01 > > ---------- > > Log is saying nothing ... try: header SA_RULE_24 From =~ /user\@example\.com/ (see the difference?) h2h Alex From piccardi at gmx.net Wed May 11 10:02:02 2011 From: piccardi at gmx.net (Alexander Piccardi) Date: Wed May 11 10:02:12 2011 Subject: SpamAssassin Rule Actions In-Reply-To: <4DCA4D43.8060108@alexb.ch> References: <20110511080535.28620@gmx.net> <4DCA4D43.8060108@alexb.ch> Message-ID: <20110511090202.28630@gmx.net> Hi Alex, there is no difference spamassassin 2>&1 -x -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint | grep -i action-rules.cf May 11 10:59:40.314 [672] dbg: config: read file /etc/mail/spamassassin/action-rules.cf seems to be ok - also ... tx Alex -------- Original-Nachricht -------- > Datum: Wed, 11 May 2011 10:48:03 +0200 > Von: Alex Broens > An: mailscanner@lists.mailscanner.info > Betreff: Re: SpamAssassin Rule Actions > On 2011-05-11 10:05, Alexander Piccardi wrote: > > > > We made an GUI to generate Rule-Set within the MailScanner.conf it works > but by using conf file no action is taken. > > > > > > File: /etc/MailScanner/rules/spam.rule.actions.rules > > > > > > # SpamAssassin Rule Actions ########################### > > # autogenerated by Engine do not change by hand > > > > # Dummy Rule > > ANTZERO_DUMMY=>not-deliver,store header "ANTZERO-DUMMY: Was to _TO_" > > > > # Begin Rules > > # autogenerated do not change by hand > > > > # BEGIN SA_RULE_24 > > # Comment: Test Rule > > SA_RULE_24=>store-mcp header "ANTZERO-DUMMY: Was to _TO_" > > > > # END SA_RULE_24 > > > > > > we also build an cf entry in /etc/mail/spamassassin like this: > > > > header SA_RULE_24 From =~ /user/@example.com/ > > describe SA_RULE_24 Test Rule > > score SA_RULE_24 0.01 > > > > ---------- > > > > Log is saying nothing ... > > try: > > header SA_RULE_24 From =~ /user\@example\.com/ > > (see the difference?) > > h2h > > Alex > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- NEU: FreePhone - kostenlos mobil telefonieren und surfen! Jetzt informieren: http://www.gmx.net/de/go/freephone From kunal.gurukul at gmail.com Wed May 11 11:30:33 2011 From: kunal.gurukul at gmail.com (kunal verma) Date: Wed May 11 11:30:42 2011 Subject: MS using kaspersky could not catch eichar.com Message-ID: MS using kaspersky could not catch eichar.com. My Mailscanner configuration file read : Virus Scanners = kaspersky and virus.scanners.conf file has the entry as: kaspersky-4.5 /usr/lib/MailScanner/kaspersky-wrapper /opt/kaspersky/kav4fs anyone can tell me what could be the problem or how to trace it. Kunal -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110511/9375f4a2/attachment.html From glenn.steen at gmail.com Wed May 11 15:12:58 2011 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 11 15:13:08 2011 Subject: MS using kaspersky could not catch eichar.com In-Reply-To: References: Message-ID: On 11 May 2011 12:30, kunal verma wrote: > MS using kaspersky ?could not catch eichar.com. > My Mailscanner configuration file read : > Virus Scanners = kaspersky > and?virus.scanners.conf file has the entry as: > kaspersky-4.5 ? /usr/lib/MailScanner/kaspersky-wrapper > ?/opt/kaspersky/kav4fs > > anyone can tell me what could be the problem or how to trace it. > Kunal Do a debug run: Stop MailScanner then run MailScanner --debug and submitt a message ... The --debug flag will make it run one batch through to completion, without going to the background and printing a load of debug info on the screen ( if you do "MailScanner --debug --debug-sa" it'll do the same including a very large amount of spamassassin outpit as well). That should give you a clue as to what is wrong. Perhaps just setting "Virus Scanners = kaspersky-4.5" would be enough?! Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From kunal.gurukul at gmail.com Thu May 12 09:25:27 2011 From: kunal.gurukul at gmail.com (kunal verma) Date: Thu May 12 09:25:37 2011 Subject: MS using kaspersky could not catch eichar.com In-Reply-To: References: Message-ID: when i run the command MailScanner --debug following information is displayed and remain as it is: In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Nothing happens after that. Kunal On Wed, May 11, 2011 at 7:12 AM, Glenn Steen wrote: > On 11 May 2011 12:30, kunal verma wrote: > > MS using kaspersky could not catch eichar.com. > > My Mailscanner configuration file read : > > Virus Scanners = kaspersky > > and virus.scanners.conf file has the entry as: > > kaspersky-4.5 /usr/lib/MailScanner/kaspersky-wrapper > > /opt/kaspersky/kav4fs > > > > anyone can tell me what could be the problem or how to trace it. > > Kunal > > Do a debug run: > Stop MailScanner then run > MailScanner --debug > and submitt a message > ... The --debug flag will make it run one batch through to completion, > without going to the background and printing a load of debug info on > the screen ( if you do "MailScanner --debug --debug-sa" it'll do the > same including a very large amount of spamassassin outpit as well). > > That should give you a clue as to what is wrong. Perhaps just setting > "Virus Scanners = kaspersky-4.5" would be enough?! > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110512/5341bb6b/attachment.html From j2 at mupp.net Thu May 12 09:30:10 2011 From: j2 at mupp.net (Jan Johansson) Date: Thu May 12 09:30:32 2011 Subject: SV: MS using kaspersky could not catch eichar.com In-Reply-To: References: Message-ID: <53823EF3F5911F4D823DFD09156AD72838894601@ex01.kontinuitet.local> >when i run the command MailScanner --debug >following information is displayed and remain as it is: > >In Debugging mode, not forking... >Trying to setlogsock(unix) >Building a message batch to scan... > >Nothing happens after that. Is there actually anything for Mailscanner to scan? There needs to be something in the incoming queue. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110512/cb0b7d8c/attachment.html From kunal.gurukul at gmail.com Thu May 12 10:14:59 2011 From: kunal.gurukul at gmail.com (kunal verma) Date: Thu May 12 10:15:09 2011 Subject: MS using kaspersky could not catch eichar.com In-Reply-To: <53823EF3F5911F4D823DFD09156AD72838894601@ex01.kontinuitet.local> References: <53823EF3F5911F4D823DFD09156AD72838894601@ex01.kontinuitet.local> Message-ID: When i send a message along with eichar.com as attachment following is the result: In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 1 message. Stopping now as you are debugging me. Kunal On Thu, May 12, 2011 at 1:30 AM, Jan Johansson wrote: > *>*when i run the command MailScanner --debug > > >following information is displayed and remain as it is: > > > > > >In Debugging mode, not forking... > > >Trying to setlogsock(unix) > > >Building a message batch to scan... > > > > > >Nothing happens after that. > > > > Is there actually anything for Mailscanner to scan? There needs to be > something in the incoming queue. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110512/0d97da9a/attachment.html From glenn.steen at gmail.com Thu May 12 10:29:45 2011 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu May 12 10:29:55 2011 Subject: MS using kaspersky could not catch eichar.com In-Reply-To: References: <53823EF3F5911F4D823DFD09156AD72838894601@ex01.kontinuitet.local> Message-ID: On 12 May 2011 11:14, kunal verma wrote: > When i send a message along with eichar.com as attachment following is the > result: > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > Have a batch of 1 message. > Stopping now as you are debugging me. > Kunal (snip) Ok, so there is no evidence that any antivirus scanner is called.... What is the output of ;MailScanner --lint ...? I suspect you have a misconfig on the Virus Scanners (as I pointed out in my initial response). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From kunal.gurukul at gmail.com Thu May 12 11:15:46 2011 From: kunal.gurukul at gmail.com (kunal verma) Date: Thu May 12 11:15:56 2011 Subject: MS using kaspersky could not catch eichar.com In-Reply-To: References: <53823EF3F5911F4D823DFD09156AD72838894601@ex01.kontinuitet.local> Message-ID: he output of MailScanner --lint is: Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 867 hostnames from the phishing whitelist Read 5849 hostnames from the phishing blacklists Checking version numbers... Version number in MailScanner.conf (4.82.6) is correct. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 0 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = kaspersky" Found these virus scanners installed: kaspersky-4.5, kaspersky =========================================================================== Virus and Content Scanning: Starting /opt/kaspersky//kav4fs/bin/kav4fs-kavscanner: invalid option -- I cat: /tmp/kavoutput.tmp.3816: No such file or directory Attachment size check: 68 > 0 (eicar.com) in 1 Content Checks: Found 1 problems =========================================================================== If any of your virus scanners (kaspersky-4.5,kaspersky) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. what could possibly be the error. Kunal On Thu, May 12, 2011 at 2:29 AM, Glenn Steen wrote: > On 12 May 2011 11:14, kunal verma wrote: > > When i send a message along with eichar.com as attachment following is > the > > result: > > In Debugging mode, not forking... > > Trying to setlogsock(unix) > > Building a message batch to scan... > > Have a batch of 1 message. > > Stopping now as you are debugging me. > > Kunal > (snip) > Ok, so there is no evidence that any antivirus scanner is called.... > What is the output of > ;MailScanner --lint > ...? I suspect you have a misconfig on the Virus Scanners (as I > pointed out in my initial response). > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110512/d5340599/attachment.html From mailscanner at vgsi.fr Thu May 12 11:26:50 2011 From: mailscanner at vgsi.fr (Vincent Gatignol) Date: Thu May 12 11:27:03 2011 Subject: MS using kaspersky could not catch eichar.com In-Reply-To: References: <53823EF3F5911F4D823DFD09156AD72838894601@ex01.kontinuitet.local> Message-ID: <4DCBB5EA.9070301@vgsi.fr> Le 12/05/2011 12:15, kunal verma a ?crit : > what could possibly be the error ? > > Virus and Content Scanning: Starting > /opt/kaspersky//kav4fs/bin/kav4fs-kavscanner: invalid option -- I I think you might want to check the double slash /opt/kapersky// And the output (invalid option -- l) maybe the space between -- and l is too much... -- Vincent -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110512/6e88f150/signature.bin From kunal.gurukul at gmail.com Thu May 12 11:34:23 2011 From: kunal.gurukul at gmail.com (kunal verma) Date: Thu May 12 11:34:33 2011 Subject: MS using kaspersky could not catch eichar.com In-Reply-To: <4DCBB5EA.9070301@vgsi.fr> References: <53823EF3F5911F4D823DFD09156AD72838894601@ex01.kontinuitet.local> <4DCBB5EA.9070301@vgsi.fr> Message-ID: I have checked and removed "//" but the problem persist I m not getting what is the "invalid option -- l". where the change is required to be made?? Kunal On Thu, May 12, 2011 at 3:26 AM, Vincent Gatignol wrote: > Le 12/05/2011 12:15, kunal verma a ?crit : > > > what could possibly be the error ? > > > > Virus and Content Scanning: Starting > > /opt/kaspersky//kav4fs/bin/kav4fs-kavscanner: invalid option -- I > I think you might want to check the double slash /opt/kapersky// > > And the output (invalid option -- l) maybe the space between -- and l is > too much... > > -- > Vincent > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110512/cea9f9c4/attachment.html From maxsec at gmail.com Thu May 12 11:59:09 2011 From: maxsec at gmail.com (Martin Hepworth) Date: Thu May 12 11:59:18 2011 Subject: MS using kaspersky could not catch eichar.com In-Reply-To: References: <53823EF3F5911F4D823DFD09156AD72838894601@ex01.kontinuitet.local> <4DCBB5EA.9070301@vgsi.fr> Message-ID: In the script that's calling the kas scanner On Thursday, 12 May 2011, kunal verma wrote: > I have checked and removed "//" but the problem persistI m not getting what is the "invalid option -- l".where the change is required to be made?? > Kunal > > > On Thu, May 12, 2011 at 3:26 AM, Vincent Gatignol wrote: > > Le 12/05/2011 12:15, kunal verma a ?crit : > >> what could possibly be the error ? >> >> Virus and Content Scanning: Starting >> /opt/kaspersky//kav4fs/bin/kav4fs-kavscanner: invalid option -- I > I think you might want to check the double slash /opt/kapersky// > > And the output (invalid option -- l) maybe the space between -- and l is > too much... > > -- > Vincent > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > -- -- Martin Hepworth Oxford, UK From kunal.gurukul at gmail.com Thu May 12 12:16:34 2011 From: kunal.gurukul at gmail.com (kunal verma) Date: Thu May 12 12:16:44 2011 Subject: MS using kaspersky could not catch eichar.com In-Reply-To: References: <53823EF3F5911F4D823DFD09156AD72838894601@ex01.kontinuitet.local> <4DCBB5EA.9070301@vgsi.fr> Message-ID: The script that runs the kav scanner is /usr/lib/MailScanner/kaspersky-wrapper. This script does not contain any -- I option. or some scripts you are talking about. Kunal On Thu, May 12, 2011 at 3:59 AM, Martin Hepworth wrote: > In the script that's calling the kas scanner > > On Thursday, 12 May 2011, kunal verma wrote: > > I have checked and removed "//" but the problem persistI m not getting > what is the "invalid option -- l".where the change is required to be made?? > > Kunal > > > > > > On Thu, May 12, 2011 at 3:26 AM, Vincent Gatignol > wrote: > > > > Le 12/05/2011 12:15, kunal verma a ?crit : > > > >> what could possibly be the error ? > >> > >> Virus and Content Scanning: Starting > >> /opt/kaspersky//kav4fs/bin/kav4fs-kavscanner: invalid option -- I > > I think you might want to check the double slash /opt/kapersky// > > > > And the output (invalid option -- l) maybe the space between -- and l is > > too much... > > > > -- > > Vincent > > > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > -- > -- > Martin Hepworth > Oxford, UK > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110512/ea1cd386/attachment.html From stu at spacehopper.org Thu May 12 13:06:36 2011 From: stu at spacehopper.org (Stuart Henderson) Date: Thu May 12 13:07:01 2011 Subject: Taint problems References: <20110421175625.GA9692@symphytum.spacehopper.org> <61E6D7A087BF46D48F0657F307D34932@SAHOMELT> <4DC81468.9090200@tradoc.fr> Message-ID: On 2011-05-09, Danilo Marques de Gouveia wrote: > > I don't think that it's just something related to perl version. > > I'm running the MS with perl v5.10.1 and I'm getting the same problem, what > I realized is that with the kernel version 2.6.35 I got this error and with > the kernel version 2.6.32 I was running it without problems ... That seems highly unlikely. Could you have picked up a security fix to Perl at the same time as you updated the kernel? From kunal.gurukul at gmail.com Thu May 12 13:29:46 2011 From: kunal.gurukul at gmail.com (kunal verma) Date: Thu May 12 13:29:57 2011 Subject: MS using kaspersky could not catch eichar.com In-Reply-To: References: <53823EF3F5911F4D823DFD09156AD72838894601@ex01.kontinuitet.local> <4DCBB5EA.9070301@vgsi.fr> Message-ID: I m unable to find -- I option in the script.. Please help me. Kunal On Thu, May 12, 2011 at 4:16 AM, kunal verma wrote: > The script that runs the kav scanner > is /usr/lib/MailScanner/kaspersky-wrapper. > This script does not contain any -- I option. > or some scripts you are talking about. > > Kunal > > > > On Thu, May 12, 2011 at 3:59 AM, Martin Hepworth wrote: > >> In the script that's calling the kas scanner >> >> On Thursday, 12 May 2011, kunal verma wrote: >> > I have checked and removed "//" but the problem persistI m not getting >> what is the "invalid option -- l".where the change is required to be made?? >> > Kunal >> > >> > >> > On Thu, May 12, 2011 at 3:26 AM, Vincent Gatignol >> wrote: >> > >> > Le 12/05/2011 12:15, kunal verma a ?crit : >> > >> >> what could possibly be the error ? >> >> >> >> Virus and Content Scanning: Starting >> >> /opt/kaspersky//kav4fs/bin/kav4fs-kavscanner: invalid option -- I >> > I think you might want to check the double slash /opt/kapersky// >> > >> > And the output (invalid option -- l) maybe the space between -- and l is >> > too much... >> > >> > -- >> > Vincent >> > >> > >> > >> > -- >> > MailScanner mailing list >> > mailscanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> > >> > >> > >> > >> >> -- >> -- >> Martin Hepworth >> Oxford, UK >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110512/eb3d9366/attachment.html From kunal.gurukul at gmail.com Thu May 12 13:38:35 2011 From: kunal.gurukul at gmail.com (kunal verma) Date: Thu May 12 13:38:45 2011 Subject: MS using kaspersky could not catch eichar.com In-Reply-To: References: <53823EF3F5911F4D823DFD09156AD72838894601@ex01.kontinuitet.local> <4DCBB5EA.9070301@vgsi.fr> Message-ID: I m unable to find -- I option in the script.. when i run the command: /usr/lib/MailScanner/kaspersky-wrapper /opt/kaspersky it works normally and scans file of the current directory. I m unable to trace the problem. Please help me. Kunal On Thu, May 12, 2011 at 5:29 AM, kunal verma wrote: > I m unable to find -- I option in the script.. > Please help me. > > Kunal > > > > On Thu, May 12, 2011 at 4:16 AM, kunal verma wrote: > >> The script that runs the kav scanner >> is /usr/lib/MailScanner/kaspersky-wrapper. >> This script does not contain any -- I option. >> or some scripts you are talking about. >> >> Kunal >> >> >> >> On Thu, May 12, 2011 at 3:59 AM, Martin Hepworth wrote: >> >>> In the script that's calling the kas scanner >>> >>> On Thursday, 12 May 2011, kunal verma wrote: >>> > I have checked and removed "//" but the problem persistI m not getting >>> what is the "invalid option -- l".where the change is required to be made?? >>> > Kunal >>> > >>> > >>> > On Thu, May 12, 2011 at 3:26 AM, Vincent Gatignol >>> wrote: >>> > >>> > Le 12/05/2011 12:15, kunal verma a ?crit : >>> > >>> >> what could possibly be the error ? >>> >> >>> >> Virus and Content Scanning: Starting >>> >> /opt/kaspersky//kav4fs/bin/kav4fs-kavscanner: invalid option -- I >>> > I think you might want to check the double slash /opt/kapersky// >>> > >>> > And the output (invalid option -- l) maybe the space between -- and l >>> is >>> > too much... >>> > >>> > -- >>> > Vincent >>> > >>> > >>> > >>> > -- >>> > MailScanner mailing list >>> > mailscanner@lists.mailscanner.info >>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> > >>> > Before posting, read http://wiki.mailscanner.info/posting >>> > >>> > Support MailScanner development - buy the book off the website! >>> > >>> > >>> > >>> > >>> >>> -- >>> -- >>> Martin Hepworth >>> Oxford, UK >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110512/d8da660e/attachment.html From kunal.gurukul at gmail.com Thu May 12 14:15:59 2011 From: kunal.gurukul at gmail.com (kunal verma) Date: Thu May 12 14:16:08 2011 Subject: MS using kaspersky could not catch eichar.com In-Reply-To: References: <53823EF3F5911F4D823DFD09156AD72838894601@ex01.kontinuitet.local> <4DCBB5EA.9070301@vgsi.fr> Message-ID: I reinstalled AV and configured the MailScanner.conf for kaspersky-4.5 and it is working. Thanks everyone for help. Kunal On Thu, May 12, 2011 at 5:38 AM, kunal verma wrote: > I m unable to find -- I option in the script.. > when i run the command: > /usr/lib/MailScanner/kaspersky-wrapper /opt/kaspersky > it works normally and scans file of the current directory. > > I m unable to trace the problem. > Please help me. > > Kunal > > On Thu, May 12, 2011 at 5:29 AM, kunal verma wrote: > >> I m unable to find -- I option in the script.. >> Please help me. >> >> Kunal >> >> >> >> On Thu, May 12, 2011 at 4:16 AM, kunal verma wrote: >> >>> The script that runs the kav scanner >>> is /usr/lib/MailScanner/kaspersky-wrapper. >>> This script does not contain any -- I option. >>> or some scripts you are talking about. >>> >>> Kunal >>> >>> >>> >>> On Thu, May 12, 2011 at 3:59 AM, Martin Hepworth wrote: >>> >>>> In the script that's calling the kas scanner >>>> >>>> On Thursday, 12 May 2011, kunal verma wrote: >>>> > I have checked and removed "//" but the problem persistI m not getting >>>> what is the "invalid option -- l".where the change is required to be made?? >>>> > Kunal >>>> > >>>> > >>>> > On Thu, May 12, 2011 at 3:26 AM, Vincent Gatignol < >>>> mailscanner@vgsi.fr> wrote: >>>> > >>>> > Le 12/05/2011 12:15, kunal verma a ?crit : >>>> > >>>> >> what could possibly be the error ? >>>> >> >>>> >> Virus and Content Scanning: Starting >>>> >> /opt/kaspersky//kav4fs/bin/kav4fs-kavscanner: invalid option -- I >>>> > I think you might want to check the double slash /opt/kapersky// >>>> > >>>> > And the output (invalid option -- l) maybe the space between -- and l >>>> is >>>> > too much... >>>> > >>>> > -- >>>> > Vincent >>>> > >>>> > >>>> > >>>> > -- >>>> > MailScanner mailing list >>>> > mailscanner@lists.mailscanner.info >>>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> > >>>> > Before posting, read http://wiki.mailscanner.info/posting >>>> > >>>> > Support MailScanner development - buy the book off the website! >>>> > >>>> > >>>> > >>>> > >>>> >>>> -- >>>> -- >>>> Martin Hepworth >>>> Oxford, UK >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110512/045408cb/attachment.html From campbell at cnpapers.com Thu May 12 19:20:58 2011 From: campbell at cnpapers.com (Steve Campbell) Date: Thu May 12 19:21:23 2011 Subject: OT: auto responder (OOO) question Message-ID: <4DCC250A.1060901@cnpapers.com> As much as I hate to set one of these up, a fellow employee has persuaded me to set up an out-of-office deal for her. I'm running Centos 3 and sendmail. I've played around with a .procmailrc file, but it doesn't seem to do anything. I've also created the symlink in /etc/smrsh to procmail with no avail. Does anyone know if I have to restart sendmail after creating the link? Does Mailscanner have any bearing on using procmail? Any suggestions, please? steve campbell From ssilva at sgvwater.com Thu May 12 20:28:43 2011 From: ssilva at sgvwater.com (Scott Silva) Date: Thu May 12 20:29:18 2011 Subject: OT: auto responder (OOO) question In-Reply-To: <4DCC250A.1060901@cnpapers.com> References: <4DCC250A.1060901@cnpapers.com> Message-ID: on 5/12/2011 11:20 AM Steve Campbell spake the following: > As much as I hate to set one of these up, a fellow employee has persuaded me > to set up an out-of-office deal for her. I'm running Centos 3 and sendmail. > I've played around with a .procmailrc file, but it doesn't seem to do > anything. I've also created the symlink in /etc/smrsh to procmail with no avail. > > Does anyone know if I have to restart sendmail after creating the link? > Does Mailscanner have any bearing on using procmail? > > Any suggestions, please? > > steve campbell > This actually looked good... Won't respond to spam... http://devhen.wordpress.com/2008/01/08/how-to-setup-a-vacation-autoresponder-with-procmail-sendmail/ From campbell at cnpapers.com Thu May 12 21:09:20 2011 From: campbell at cnpapers.com (Steve Campbell) Date: Thu May 12 21:09:38 2011 Subject: OT: auto responder (OOO) question In-Reply-To: References: <4DCC250A.1060901@cnpapers.com> Message-ID: <4DCC3E70.8000208@cnpapers.com> On 5/12/2011 3:28 PM, Scott Silva wrote: > on 5/12/2011 11:20 AM Steve Campbell spake the following: >> As much as I hate to set one of these up, a fellow employee has persuaded me >> to set up an out-of-office deal for her. I'm running Centos 3 and sendmail. >> I've played around with a .procmailrc file, but it doesn't seem to do >> anything. I've also created the symlink in /etc/smrsh to procmail with no avail. >> >> Does anyone know if I have to restart sendmail after creating the link? >> Does Mailscanner have any bearing on using procmail? >> >> Any suggestions, please? >> >> steve campbell >> > This actually looked good... Won't respond to spam... > > http://devhen.wordpress.com/2008/01/08/how-to-setup-a-vacation-autoresponder-with-procmail-sendmail/ > > Thanks Scott, That's actually the one I'm using right now. It creates the log and logs to it, but never sends out the reply. I guess it's working, but can't seem to find out why it's not sending out the response since nothing is getting logged elsewhere. I've deleted the log and started over just in case it tests that, still no luck. steve From ssilva at sgvwater.com Thu May 12 21:46:44 2011 From: ssilva at sgvwater.com (Scott Silva) Date: Thu May 12 21:47:22 2011 Subject: OT: auto responder (OOO) question In-Reply-To: <4DCC3E70.8000208@cnpapers.com> References: <4DCC250A.1060901@cnpapers.com> <4DCC3E70.8000208@cnpapers.com> Message-ID: on 5/12/2011 1:09 PM Steve Campbell spake the following: > > > On 5/12/2011 3:28 PM, Scott Silva wrote: >> on 5/12/2011 11:20 AM Steve Campbell spake the following: >>> As much as I hate to set one of these up, a fellow employee has persuaded me >>> to set up an out-of-office deal for her. I'm running Centos 3 and sendmail. >>> I've played around with a .procmailrc file, but it doesn't seem to do >>> anything. I've also created the symlink in /etc/smrsh to procmail with no >>> avail. >>> >>> Does anyone know if I have to restart sendmail after creating the link? >>> Does Mailscanner have any bearing on using procmail? >>> >>> Any suggestions, please? >>> >>> steve campbell >>> >> This actually looked good... Won't respond to spam... >> >> http://devhen.wordpress.com/2008/01/08/how-to-setup-a-vacation-autoresponder-with-procmail-sendmail/ >> >> >> > Thanks Scott, > > That's actually the one I'm using right now. It creates the log and logs to > it, but never sends out the reply. I guess it's working, but can't seem to > find out why it's not sending out the response since nothing is getting logged > elsewhere. > > I've deleted the log and started over just in case it tests that, still no luck. > > steve > Do you have an /etc/procmailrc that might be grabbing procmail and ending it? I don't remember if procmail drops privilege or not, but check permissions on all related files... maybe you need fully qualified paths, or paths are wrong somehow? From rob at poeweb.com Thu May 12 22:35:43 2011 From: rob at poeweb.com (Rob Poe) Date: Thu May 12 22:35:57 2011 Subject: OT: auto responder (OOO) question In-Reply-To: References: <4DCC250A.1060901@cnpapers.com> <4DCC3E70.8000208@cnpapers.com> Message-ID: <4DCC52AF.6000707@poeweb.com> On 5/12/2011 3:46 PM, Scott Silva wrote: > on 5/12/2011 1:09 PM Steve Campbell spake the following: >> >> On 5/12/2011 3:28 PM, Scott Silva wrote: >>> on 5/12/2011 11:20 AM Steve Campbell spake the following: >>>> As much as I hate to set one of these up, a fellow employee has persuaded me >>>> to set up an out-of-office deal for her. I'm running Centos 3 and sendmail. >>>> I've played around with a .procmailrc file, but it doesn't seem to do >>>> anything. I've also created the symlink in /etc/smrsh to procmail with no >>>> avail. >>>> >>>> Does anyone know if I have to restart sendmail after creating the link? >>>> Does Mailscanner have any bearing on using procmail? >>>> I setup a simple bash script for it -- no checking (honestly, didn't care too much about checking). They've used it forever .. use, don't use, modify, whatever. Enjoy! ----------------------------------------------------- /usr/bin/vacationon #!/bin/bash rm -Rf /home/$1/.procmailrc cp /template/.procmailrc /home/$1/.procmailrc cp /template/vacation.msg /home/$1/vacation.msg echo "\"|/usr/bin/procmail -f-\"" > /home/$1/.forward rm -Rf /home/$1/vacation.cache chown $1:$1 /home/$1/.procmailrc chown $1:$1 /home/$1/vacation.msg chmod 640 /home/$1/.procmailrc chmod 644 /home/$1/vacation.msg cd /home/$1 echo "Please edit vacation.msg for this user." echo "cd /home/$1" echo "pico vacation.msg" ----------------------------------------------------- /template/.procmailrc SHELL=/bin/sh :0 Whc: vacation.lock # Perform a quick check to see if the mail was addressed to us * $^To:.*${LOGNAME} # Don't reply to daemons and mailinglists * !^FROM_DAEMON # Mail loops are evil * !^X-Loop: ${LOGNAME}@utxl.com | formail -rD 8192 vacation.cache :0 ehc # if the name was not in the cache | (formail -rA"Precedence: junk" \ -A"X-Loop: $LOGNAME@utxl.com" -i"Subject: $LOGNAME - Out of office - Will get back to you"; \ cat $HOME/vacation.msg ; \ cat $HOME/.signature 2>/dev/null\ ) | $SENDMAIL -oi -t ----------------------------------------------------- /template/vacation.msg I am out of the office on vacation. If you need further assistance please call xxx-xxx-xxxx. I will receive your email message when I return. Thanks! ----------------------------------------------------- /usr/bin/vacationoff #!/bin/bash rm -Rf /home/$1/.procmailrc rm -Rf /home/$1/vacation.cache rm -Rf /home/$1/vacation.msg rm -Rf /home/$1/.forward From rob at poeweb.com Thu May 12 22:44:22 2011 From: rob at poeweb.com (Rob Poe) Date: Thu May 12 22:44:35 2011 Subject: OT: auto responder (OOO) question In-Reply-To: <4DCC52AF.6000707@poeweb.com> References: <4DCC250A.1060901@cnpapers.com> <4DCC3E70.8000208@cnpapers.com> <4DCC52AF.6000707@poeweb.com> Message-ID: <4DCC54B6.6060304@poeweb.com> Whoops, please ignore the domain name. ;) *sheepish* On 5/12/2011 4:35 PM, Rob Poe wrote: > On 5/12/2011 3:46 PM, Scott Silva wrote: >> on 5/12/2011 1:09 PM Steve Campbell spake the following: >>> >>> On 5/12/2011 3:28 PM, Scott Silva wrote: >>>> on 5/12/2011 11:20 AM Steve Campbell spake the following: >>>>> As much as I hate to set one of these up, a fellow employee has >>>>> persuaded me >>>>> to set up an out-of-office deal for her. I'm running Centos 3 and >>>>> sendmail. >>>>> I've played around with a .procmailrc file, but it doesn't seem to do >>>>> anything. I've also created the symlink in /etc/smrsh to procmail >>>>> with no >>>>> avail. >>>>> >>>>> Does anyone know if I have to restart sendmail after creating the >>>>> link? >>>>> Does Mailscanner have any bearing on using procmail? >>>>> > > I setup a simple bash script for it -- no checking (honestly, didn't > care too much about checking). They've used it forever .. use, don't > use, modify, whatever. Enjoy! > > > ----------------------------------------------------- > /usr/bin/vacationon > > #!/bin/bash > rm -Rf /home/$1/.procmailrc > cp /template/.procmailrc /home/$1/.procmailrc > cp /template/vacation.msg /home/$1/vacation.msg > echo "\"|/usr/bin/procmail -f-\"" > /home/$1/.forward > rm -Rf /home/$1/vacation.cache > chown $1:$1 /home/$1/.procmailrc > chown $1:$1 /home/$1/vacation.msg > chmod 640 /home/$1/.procmailrc > chmod 644 /home/$1/vacation.msg > cd /home/$1 > echo "Please edit vacation.msg for this user." > echo "cd /home/$1" > echo "pico vacation.msg" > > ----------------------------------------------------- > /template/.procmailrc > > SHELL=/bin/sh > > :0 Whc: vacation.lock > # Perform a quick check to see if the mail was addressed to us > * $^To:.*${LOGNAME} > # Don't reply to daemons and mailinglists > * !^FROM_DAEMON > # Mail loops are evil > * !^X-Loop: ${LOGNAME}@utxl.com > | formail -rD 8192 vacation.cache > > :0 ehc # if the name was not in the cache > | (formail -rA"Precedence: junk" \ > -A"X-Loop: $LOGNAME@utxl.com" -i"Subject: $LOGNAME - Out of office - > Will get back to you"; \ > cat $HOME/vacation.msg ; \ > cat $HOME/.signature 2>/dev/null\ > ) | $SENDMAIL -oi -t > > ----------------------------------------------------- > > /template/vacation.msg > > I am out of the office on vacation. If you need further assistance > please call xxx-xxx-xxxx. I will receive your email message when I > return. > > Thanks! > > ----------------------------------------------------- > > /usr/bin/vacationoff > > #!/bin/bash > rm -Rf /home/$1/.procmailrc > rm -Rf /home/$1/vacation.cache > rm -Rf /home/$1/vacation.msg > rm -Rf /home/$1/.forward > > From campbell at cnpapers.com Fri May 13 01:01:51 2011 From: campbell at cnpapers.com (Steve Campbell) Date: Fri May 13 01:02:07 2011 Subject: OT: auto responder (OOO) question In-Reply-To: References: <4DCC250A.1060901@cnpapers.com> <4DCC3E70.8000208@cnpapers.com> Message-ID: <1305244911.4dcc74ef7fe35@perdition.cnpapers.net> Quoting Scott Silva : > on 5/12/2011 1:09 PM Steve Campbell spake the following: > > > > > > On 5/12/2011 3:28 PM, Scott Silva wrote: > >> on 5/12/2011 11:20 AM Steve Campbell spake the following: > >>> As much as I hate to set one of these up, a fellow employee has persuaded > me > >>> to set up an out-of-office deal for her. I'm running Centos 3 and > sendmail. > >>> I've played around with a .procmailrc file, but it doesn't seem to do > >>> anything. I've also created the symlink in /etc/smrsh to procmail with > no > >>> avail. > >>> > >>> Does anyone know if I have to restart sendmail after creating the link? > >>> Does Mailscanner have any bearing on using procmail? > >>> > >>> Any suggestions, please? > >>> > >>> steve campbell > >>> > >> This actually looked good... Won't respond to spam... > >> > >> > http://devhen.wordpress.com/2008/01/08/how-to-setup-a-vacation-autoresponder-with-procmail-sendmail/ > >> > >> > >> > > Thanks Scott, > > > > That's actually the one I'm using right now. It creates the log and logs > to > > it, but never sends out the reply. I guess it's working, but can't seem to > > find out why it's not sending out the response since nothing is getting > logged > > elsewhere. > > > > I've deleted the log and started over just in case it tests that, still no > luck. > > > > steve > > > Do you have an /etc/procmailrc that might be grabbing procmail and ending > it? > I don't remember if procmail drops privilege or not, but check permissions > on > all related files... > maybe you need fully qualified paths, or paths are wrong somehow? > > Thanks again, I'll check for the file in /etc. Pretty sure the permissions are all OK. steve ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ From campbell at cnpapers.com Fri May 13 01:04:19 2011 From: campbell at cnpapers.com (Steve Campbell) Date: Fri May 13 01:04:32 2011 Subject: OT: auto responder (OOO) question In-Reply-To: <4DCC52AF.6000707@poeweb.com> References: <4DCC250A.1060901@cnpapers.com> <4DCC3E70.8000208@cnpapers.com> <4DCC52AF.6000707@poeweb.com> Message-ID: <1305245059.4dcc758391f49@perdition.cnpapers.net> Quoting Rob Poe : > On 5/12/2011 3:46 PM, Scott Silva wrote: > > on 5/12/2011 1:09 PM Steve Campbell spake the following: > >> > >> On 5/12/2011 3:28 PM, Scott Silva wrote: > >>> on 5/12/2011 11:20 AM Steve Campbell spake the following: > >>>> As much as I hate to set one of these up, a fellow employee has > persuaded me > >>>> to set up an out-of-office deal for her. I'm running Centos 3 and > sendmail. > >>>> I've played around with a .procmailrc file, but it doesn't seem to do > >>>> anything. I've also created the symlink in /etc/smrsh to procmail with > no > >>>> avail. > >>>> > >>>> Does anyone know if I have to restart sendmail after creating the link? > >>>> Does Mailscanner have any bearing on using procmail? > >>>> > > I setup a simple bash script for it -- no checking (honestly, didn't > care too much about checking). They've used it forever .. use, don't > use, modify, whatever. Enjoy! > > > ----------------------------------------------------- > /usr/bin/vacationon > > #!/bin/bash > rm -Rf /home/$1/.procmailrc > cp /template/.procmailrc /home/$1/.procmailrc > cp /template/vacation.msg /home/$1/vacation.msg > echo "\"|/usr/bin/procmail -f-\"" > /home/$1/.forward > rm -Rf /home/$1/vacation.cache > chown $1:$1 /home/$1/.procmailrc > chown $1:$1 /home/$1/vacation.msg > chmod 640 /home/$1/.procmailrc > chmod 644 /home/$1/vacation.msg > cd /home/$1 > echo "Please edit vacation.msg for this user." > echo "cd /home/$1" > echo "pico vacation.msg" > > ----------------------------------------------------- > /template/.procmailrc > > SHELL=/bin/sh > > :0 Whc: vacation.lock > # Perform a quick check to see if the mail was addressed to us > * $^To:.*${LOGNAME} > # Don't reply to daemons and mailinglists > * !^FROM_DAEMON > # Mail loops are evil > * !^X-Loop: ${LOGNAME}@utxl.com > | formail -rD 8192 vacation.cache > > :0 ehc # if the name was not in the cache > | (formail -rA"Precedence: junk" \ > -A"X-Loop: $LOGNAME@utxl.com" -i"Subject: $LOGNAME - Out of office - > Will get back to you"; \ > cat $HOME/vacation.msg ; \ > cat $HOME/.signature 2>/dev/null\ > ) | $SENDMAIL -oi -t > > ----------------------------------------------------- > > /template/vacation.msg > > I am out of the office on vacation. If you need further assistance > please call xxx-xxx-xxxx. I will receive your email message when I > return. > > Thanks! > > ----------------------------------------------------- > > /usr/bin/vacationoff > > #!/bin/bash > rm -Rf /home/$1/.procmailrc > rm -Rf /home/$1/vacation.cache > rm -Rf /home/$1/vacation.msg > rm -Rf /home/$1/.forward > > > -- Rob, I saw this very same script and think I tried it. Didn't use the surrounding scripts to turn on/off, but a good idea. BTW, what checking are you referring to? Thanks, steve ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ From rob at poeweb.com Fri May 13 05:05:16 2011 From: rob at poeweb.com (Rob Poe) Date: Fri May 13 05:05:30 2011 Subject: OT: auto responder (OOO) question In-Reply-To: <1305245059.4dcc758391f49@perdition.cnpapers.net> References: <4DCC250A.1060901@cnpapers.com> <4DCC3E70.8000208@cnpapers.com> <4DCC52AF.6000707@poeweb.com> <1305245059.4dcc758391f49@perdition.cnpapers.net> Message-ID: <003001cc1122$f7ac82a0$e70587e0$@poeweb.com> Quoting Rob Poe : > On 5/12/2011 3:46 PM, Scott Silva wrote: > > on 5/12/2011 1:09 PM Steve Campbell spake the following: > >> > >> On 5/12/2011 3:28 PM, Scott Silva wrote: > >>> on 5/12/2011 11:20 AM Steve Campbell spake the following: > >>>> As much as I hate to set one of these up, a fellow employee has > persuaded me > >>>> to set up an out-of-office deal for her. I'm running Centos 3 and > sendmail. > >>>> I've played around with a .procmailrc file, but it doesn't seem > >>>> to do anything. I've also created the symlink in /etc/smrsh to > >>>> procmail with > no > >>>> avail. > >>>> > >>>> Does anyone know if I have to restart sendmail after creating the link? > >>>> Does Mailscanner have any bearing on using procmail? > >>>> > > I setup a simple bash script for it -- no checking (honestly, didn't > care too much about checking). They've used it forever .. use, don't > use, modify, whatever. Enjoy! > > -- Rob, I saw this very same script and think I tried it. Didn't use the surrounding scripts to turn on/off, but a good idea. BTW, what checking are you referring to? Thanks, steve Checking to see if they gave it an argument or spitting an error message telling them to use it as vacationon username instead ofjust vacationon.. From lyndonl at mexcom.co.za Fri May 13 07:38:42 2011 From: lyndonl at mexcom.co.za (Lyndon Labuschagne) Date: Fri May 13 07:39:19 2011 Subject: Archive server OT Message-ID: Hello All This is largely off topic but I think the list users here are probably some of the most knowledgeable mail admins around What I am looking at is a mail archive server(s) ideally it should be set as the MX server, all mail will arrive on the server be scanned etc as per the usual mailscanner way of doing things and then archive the mail in some way shape or form before delivering the mail to the client mail server. it only has to keep the archive for a few days maybe a week or 2 at the most, Are there any products or projects that can do this sort of thing that any of you may have seen, I know there are some commercial hosted products for this sort of thing but ideally I would like to host this ourselves. Any info would be appreciated Thanks Lyndon From ms-list at alexb.ch Fri May 13 07:50:42 2011 From: ms-list at alexb.ch (Alex Broens) Date: Fri May 13 07:50:53 2011 Subject: Archive server OT In-Reply-To: References: Message-ID: <4DCCD4C2.5050804@alexb.ch> On 2011-05-13 8:38, Lyndon Labuschagne wrote: > Hello All > > This is largely off topic but I think the list users here are probably some of the most knowledgeable mail admins around > > What I am looking at is a mail archive server(s) > ideally it should be set as the MX server, > all mail will arrive on the server be scanned etc as per the usual mailscanner way of doing things and then archive the mail in some way shape or form before delivering the mail to the client mail server. > it only has to keep the archive for a few days maybe a week or 2 at the most, > > Are there any products or projects that can do this sort of thing that any of you may have seen, > > I know there are some commercial hosted products for this sort of thing but ideally I would like to host this ourselves. > > Any info would be appreciated > http://www.mailarchiva.com/ h2h Alex From markus at markusoft.se Fri May 13 08:39:48 2011 From: markus at markusoft.se (Markus Nilsson) Date: Fri May 13 08:40:06 2011 Subject: Archive server OT In-Reply-To: <4DCCD4C2.5050804@alexb.ch> Message-ID: <851e2f71-cd69-4a0f-bac9-9f14e2788ec5@cronlabworkstation0> ----- Ursprungligt meddelande ----- > Fr?n: "Alex Broens" > Till: "MailScanner discussion" > Skickat: fredag, 13 maj 2011 8:50:42 > ?mne: Re: Archive server OT > On 2011-05-13 8:38, Lyndon Labuschagne wrote: > > Hello All > > > > This is largely off topic but I think the list users here are > > probably some of the most knowledgeable mail admins around > > > > What I am looking at is a mail archive server(s) > > ideally it should be set as the MX server, > > all mail will arrive on the server be scanned etc as per the usual > > mailscanner way of doing things and then archive the mail in some > > way shape or form before delivering the mail to the client mail > > server. > > it only has to keep the archive for a few days maybe a week or 2 at > > the most, > > > > Are there any products or projects that can do this sort of thing > > that any of you may have seen, > > > > I know there are some commercial hosted products for this sort of > > thing but ideally I would like to host this ourselves. > > > > Any info would be appreciated > > > http://www.mailarchiva.com/ > h2h > Alex Hi Another option is to use the built-in functionality. I use the store rules in Non Spam Actions to save the messages, and with my hard-link-patch, I can get a nice folder structure without duplicating content. (one folder per user and date). Of course, MailArchiva gives you a lot of other features as well, but as a quick and easy archive, that might work for you! Using the _DATE_ macro in the pathname would make it easy to create a cronjob to delete all old mails. /Markus -- This message has been scanned for viruses and dangerous content by CronLab (www.cronlab.com), and is believed to be clean. -------------- next part -------------- Skipped content of type multipart/related From lyndonl at mexcom.co.za Fri May 13 09:01:27 2011 From: lyndonl at mexcom.co.za (Lyndon Labuschagne) Date: Fri May 13 09:02:17 2011 Subject: Archive server OT In-Reply-To: <851e2f71-cd69-4a0f-bac9-9f14e2788ec5@cronlabworkstation0> References: <851e2f71-cd69-4a0f-bac9-9f14e2788ec5@cronlabworkstation0> Message-ID: On 13 May 2011, at 9:39 AM, Markus Nilsson wrote: > > Fr?n: "Alex Broens" > Till: "MailScanner discussion" > Skickat: fredag, 13 maj 2011 8:50:42 > ?mne: Re: Archive server OT > > http://www.mailarchiva.com/ > > h2h > > Alex > Hi > > Another option is to use the built-in functionality. I use the store rules in Non Spam Actions to save the messages, and with my hard-link-patch, I can get a nice folder structure without duplicating content. (one folder per user and date). > > Of course, MailArchiva gives you a lot of other features as well, but as a quick and easy archive, that might work for you! Using the _DATE_ macro in the pathname would make it easy to create a cronjob to delete all old mails. > > /Markus Thank you to both of you for the information, MailArchiva might well be an over kill. and the built in store function might not be enough, ideally i guess what I would like to have is some sort of a webmail (almost) intercase where if a clients mail server in unavailable due to a line failure or server problem they would be able to log in and access the mail on our server, and then the mail can be released to their server when it is available again, even if it is just a read only interface so that they can see the content of the mail. preferably they should be able to reply to the mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110513/f2caaeeb/attachment-0001.html From ms-list at alexb.ch Fri May 13 09:15:06 2011 From: ms-list at alexb.ch (Alex Broens) Date: Fri May 13 09:15:13 2011 Subject: Archive server OT In-Reply-To: References: <851e2f71-cd69-4a0f-bac9-9f14e2788ec5@cronlabworkstation0> Message-ID: <4DCCE88A.8030909@alexb.ch> On 2011-05-13 10:01, Lyndon Labuschagne wrote: > > On 13 May 2011, at 9:39 AM, Markus Nilsson wrote: > >> >> Fr?n: "Alex Broens" >> Till: "MailScanner discussion" >> Skickat: fredag, 13 maj 2011 8:50:42 >> ?mne: Re: Archive server OT >> >> http://www.mailarchiva.com/ >> >> h2h >> >> Alex >> Hi >> >> Another option is to use the built-in functionality. I use the store rules in Non Spam Actions to save the messages, and with my hard-link-patch, I can get a nice folder structure without duplicating content. (one folder per user and date). >> >> Of course, MailArchiva gives you a lot of other features as well, but as a quick and easy archive, that might work for you! Using the _DATE_ macro in the pathname would make it easy to create a cronjob to delete all old mails. >> >> /Markus > > > Thank you to both of you for the information, MailArchiva might well be an over kill. > and the built in store function might not be enough, > ideally i guess what I would like to have is some sort of a webmail (almost) intercase where if a clients mail server in unavailable due to a line failure or server problem they would be able to log in and access the mail on our server, and then the mail can be released to their server when it is available again, even if it is just a read only interface so that they can see the content of the mail. preferably they should be able to reply to the mail. > Disregarding the privacy issues such a system may trigger: You could tell your MTA to BCC all incoming mail to a system with domain catchalls / webmail and purge msgs older than X. From lyndonl at mexcom.co.za Fri May 13 09:28:20 2011 From: lyndonl at mexcom.co.za (Lyndon Labuschagne) Date: Fri May 13 09:28:54 2011 Subject: Archive server OT In-Reply-To: <4DCCE88A.8030909@alexb.ch> References: <851e2f71-cd69-4a0f-bac9-9f14e2788ec5@cronlabworkstation0> <4DCCE88A.8030909@alexb.ch> Message-ID: <41854345-836C-4DDB-99C4-CBFDBC44313E@mexcom.co.za> On 13 May 2011, at 10:15 AM, Alex Broens wrote: > > Disregarding the privacy issues such a system may trigger: > > You could tell your MTA to BCC all incoming mail to a system with domain catchalls / webmail and purge msgs older than X. Thanks Alex, I will give that a look into, Regarding the privacy issues, this will not be a system default, it will be an opt-in only solution. I am not overly keen on it myself but a few clients have asked for it which is the only reason I am looking into it. From andrew at topdog.za.net Fri May 13 09:58:15 2011 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Fri May 13 09:58:32 2011 Subject: Archive server OT In-Reply-To: <41854345-836C-4DDB-99C4-CBFDBC44313E@mexcom.co.za> References: <851e2f71-cd69-4a0f-bac9-9f14e2788ec5@cronlabworkstation0> <4DCCE88A.8030909@alexb.ch> <41854345-836C-4DDB-99C4-CBFDBC44313E@mexcom.co.za> Message-ID: On 13 May 2011, at 10:28 AM, Lyndon Labuschagne wrote: > Thanks Alex, I will give that a look into, > Regarding the privacy issues, this will not be a system default, it will be an opt-in only solution. I am not overly keen on it myself but a few clients have asked for it which is the only reason I am looking into it. I am guessing you are trying to build an email continuity system where your customers can still read their email via a webmail interface while their mail server is down. Depending on what MTA you are using, you can use SMTP multiplexing to deliver both to the webmail system and to the customers mail server. The MTA will deliver to the webmail system a copy of each message that gets processed by the MTA, in even of the remote customer server being down the messages will get queued and delivered normally when the system gets back up. For postfix and sendmail there are milters that can do this, for exim you will have to setup routers to do this. Hope that helps - Andrew -- Baruwa - www.baruwa.org From lyndonl at mexcom.co.za Fri May 13 10:20:46 2011 From: lyndonl at mexcom.co.za (Lyndon Labuschagne) Date: Fri May 13 10:21:23 2011 Subject: Archive server OT In-Reply-To: References: <851e2f71-cd69-4a0f-bac9-9f14e2788ec5@cronlabworkstation0> <4DCCE88A.8030909@alexb.ch> <41854345-836C-4DDB-99C4-CBFDBC44313E@mexcom.co.za> Message-ID: <2EF275AD-663F-4C41-9D1A-74144B5FF95A@mexcom.co.za> >> > > I am guessing you are trying to build an email continuity system where your customers can still read their email > via a webmail interface while their mail server is down. > > Depending on what MTA you are using, you can use SMTP multiplexing to deliver both to the webmail system and > to the customers mail server. > > The MTA will deliver to the webmail system a copy of each message that gets processed by the MTA, in even of the > remote customer server being down the messages will get queued and delivered normally when the system gets > back up. > > For postfix and sendmail there are milters that can do this, for exim you will have to setup routers to do this. > > Hope that helps > > - Andrew > Thanks Andrew, Thats pretty much spot on, we make use of Postfix, I will look into this ASAP, Off to google to go find info on SMTP multiplexing From ms-list at alexb.ch Fri May 13 10:31:06 2011 From: ms-list at alexb.ch (Alex Broens) Date: Fri May 13 10:31:13 2011 Subject: Archive server OT In-Reply-To: <2EF275AD-663F-4C41-9D1A-74144B5FF95A@mexcom.co.za> References: <851e2f71-cd69-4a0f-bac9-9f14e2788ec5@cronlabworkstation0> <4DCCE88A.8030909@alexb.ch> <41854345-836C-4DDB-99C4-CBFDBC44313E@mexcom.co.za> <2EF275AD-663F-4C41-9D1A-74144B5FF95A@mexcom.co.za> Message-ID: <4DCCFA5A.8040008@alexb.ch> On 2011-05-13 11:20, Lyndon Labuschagne wrote: >>> >> >> I am guessing you are trying to build an email continuity system where your customers can still read their email >> via a webmail interface while their mail server is down. >> >> Depending on what MTA you are using, you can use SMTP multiplexing to deliver both to the webmail system and >> to the customers mail server. >> >> The MTA will deliver to the webmail system a copy of each message that gets processed by the MTA, in even of the >> remote customer server being down the messages will get queued and delivered normally when the system gets >> back up. >> >> For postfix and sendmail there are milters that can do this, for exim you will have to setup routers to do this. >> >> Hope that helps >> >> - Andrew >> > Thanks Andrew, > > Thats pretty much spot on, we make use of Postfix, I will look into this ASAP, > Off to google to go find info on SMTP multiplexing > > http://www.snertsoft.com/sendmail/roundhouse/ Description This is an SMTP multiplexer, which takes the input from an SMTP client connection and copies it to one or more SMTP servers. Intended as means to debug and test different mail server configurations using a production mail server's live data stream. From maxsec at gmail.com Fri May 13 11:21:14 2011 From: maxsec at gmail.com (Martin Hepworth) Date: Fri May 13 11:21:23 2011 Subject: Archive server OT In-Reply-To: <4DCCFA5A.8040008@alexb.ch> References: <851e2f71-cd69-4a0f-bac9-9f14e2788ec5@cronlabworkstation0> <4DCCE88A.8030909@alexb.ch> <41854345-836C-4DDB-99C4-CBFDBC44313E@mexcom.co.za> <2EF275AD-663F-4C41-9D1A-74144B5FF95A@mexcom.co.za> <4DCCFA5A.8040008@alexb.ch> Message-ID: NB is you're doing mail archiving for regulartory reasons (SOXX etc) being able to access the information in short timscales is critical. You have to be able to get the to the requestor in quite a small amount of time and of course keep 7 years of data. This abilioty to search and retrieve quickly is where the commercial offerings justify themselves. -- Martin Hepworth Oxford, UK On 13 May 2011 10:31, Alex Broens wrote: > On 2011-05-13 11:20, Lyndon Labuschagne wrote: > >> >>>> >>> I am guessing you are trying to build an email continuity system where >>> your customers can still read their email >>> via a webmail interface while their mail server is down. >>> >>> Depending on what MTA you are using, you can use SMTP multiplexing to >>> deliver both to the webmail system and >>> to the customers mail server. >>> >>> The MTA will deliver to the webmail system a copy of each message that >>> gets processed by the MTA, in even of the >>> remote customer server being down the messages will get queued and >>> delivered normally when the system gets >>> back up. >>> >>> For postfix and sendmail there are milters that can do this, for exim you >>> will have to setup routers to do this. >>> >>> Hope that helps >>> >>> - Andrew >>> >>> Thanks Andrew, >> >> Thats pretty much spot on, we make use of Postfix, I will look into this >> ASAP, >> Off to google to go find info on SMTP multiplexing >> >> >> > http://www.snertsoft.com/sendmail/roundhouse/ > > Description > > This is an SMTP multiplexer, which takes the input from an SMTP client > connection and copies it to one or more SMTP servers. Intended as means to > debug and test different mail server configurations using a production mail > server's live data stream. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110513/51e77c8c/attachment.html From lyndonl at mexcom.co.za Fri May 13 11:37:10 2011 From: lyndonl at mexcom.co.za (Lyndon Labuschagne) Date: Fri May 13 11:37:31 2011 Subject: Archive server OT In-Reply-To: References: <851e2f71-cd69-4a0f-bac9-9f14e2788ec5@cronlabworkstation0> <4DCCE88A.8030909@alexb.ch> <41854345-836C-4DDB-99C4-CBFDBC44313E@mexcom.co.za> <2EF275AD-663F-4C41-9D1A-74144B5FF95A@mexcom.co.za> <4DCCFA5A.8040008@alexb.ch> Message-ID: <0887E3B8-D85C-4852-98EC-FB0F89223BC8@mexcom.co.za> On 13 May 2011, at 12:21 PM, Martin Hepworth wrote: > NB is you're doing mail archiving for regulartory reasons (SOXX etc) being able to access the information in short timscales is critical. You have to be able to get the to the requestor in quite a small amount of time and of course keep 7 years of data. > > This abilioty to search and retrieve quickly is where the commercial offerings justify themselves. > > -- > Martin Hepworth > Oxford, UK Hi Martin We will use the Softco email collector for the actual archiving etc this is really more of a stopgap in case of client mail server unavailability / failure. the Softco solution is brilliant and combined with R8miniweb inside outlook is extremely powerful, and the actual indexing and archiving will be done there. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110513/639ab3b5/attachment.html From campbell at cnpapers.com Fri May 13 13:56:27 2011 From: campbell at cnpapers.com (Steve Campbell) Date: Fri May 13 13:56:40 2011 Subject: OT: auto responder (OOO) question In-Reply-To: <003001cc1122$f7ac82a0$e70587e0$@poeweb.com> References: <4DCC250A.1060901@cnpapers.com> <4DCC3E70.8000208@cnpapers.com> <4DCC52AF.6000707@poeweb.com> <1305245059.4dcc758391f49@perdition.cnpapers.net> <003001cc1122$f7ac82a0$e70587e0$@poeweb.com> Message-ID: <4DCD2A7B.4000108@cnpapers.com> Rob and Scott, Thanks for the responses. I tried Rob's stuff and it seemed to work. I did restart Sendmail (MS) after adding the symlink to procmail in /etc/smrsh, so I don't know if that had anything to do with it working or not, but it works great. I may add the checking as I've already forgot the parm once. Thanks steve On 5/13/2011 12:05 AM, Rob Poe wrote: > Quoting Rob Poe: > >> On 5/12/2011 3:46 PM, Scott Silva wrote: >>> on 5/12/2011 1:09 PM Steve Campbell spake the following: >>>> On 5/12/2011 3:28 PM, Scott Silva wrote: >>>>> on 5/12/2011 11:20 AM Steve Campbell spake the following: >>>>>> As much as I hate to set one of these up, a fellow employee has >> persuaded me >>>>>> to set up an out-of-office deal for her. I'm running Centos 3 and >> sendmail. >>>>>> I've played around with a .procmailrc file, but it doesn't seem >>>>>> to do anything. I've also created the symlink in /etc/smrsh to >>>>>> procmail with >> no >>>>>> avail. >>>>>> >>>>>> Does anyone know if I have to restart sendmail after creating the > link? >>>>>> Does Mailscanner have any bearing on using procmail? >>>>>> >> I setup a simple bash script for it -- no checking (honestly, didn't >> care too much about checking). They've used it forever .. use, don't >> use, modify, whatever. Enjoy! >> >> -- > Rob, > > I saw this very same script and think I tried it. Didn't use the surrounding > scripts to turn on/off, but a good idea. > > BTW, what checking are you referring to? > > Thanks, > steve > > Checking to see if they gave it an argument or spitting an error message > telling them to use it as vacationon username instead ofjust vacationon.. > From campbell at cnpapers.com Fri May 13 14:23:13 2011 From: campbell at cnpapers.com (Steve Campbell) Date: Fri May 13 14:23:26 2011 Subject: OT: auto responder (OOO) question In-Reply-To: <4DCD2A7B.4000108@cnpapers.com> References: <4DCC250A.1060901@cnpapers.com> <4DCC3E70.8000208@cnpapers.com> <4DCC52AF.6000707@poeweb.com> <1305245059.4dcc758391f49@perdition.cnpapers.net> <003001cc1122$f7ac82a0$e70587e0$@poeweb.com> <4DCD2A7B.4000108@cnpapers.com> Message-ID: <4DCD30C1.7060702@cnpapers.com> I added the following little snippet to the top of vacationon and vacationoff: if [ "$#" -ne 1 ] then echo "Incorrect number of arguments"; echo "Usage: vacationon username"; exit 1; fi Changed the vacationon to vacationoff in vacationoff of course. Thanks all steve On 5/13/2011 8:56 AM, Steve Campbell wrote: > Rob and Scott, > > Thanks for the responses. I tried Rob's stuff and it seemed to work. I > did restart Sendmail (MS) after adding the symlink to procmail in > /etc/smrsh, so I don't know if that had anything to do with it working > or not, but it works great. I may add the checking as I've already > forgot the parm once. > > Thanks > > steve > > On 5/13/2011 12:05 AM, Rob Poe wrote: >> Quoting Rob Poe: >> >>> On 5/12/2011 3:46 PM, Scott Silva wrote: >>>> on 5/12/2011 1:09 PM Steve Campbell spake the following: >>>>> On 5/12/2011 3:28 PM, Scott Silva wrote: >>>>>> on 5/12/2011 11:20 AM Steve Campbell spake the following: >>>>>>> As much as I hate to set one of these up, a fellow employee has >>> persuaded me >>>>>>> to set up an out-of-office deal for her. I'm running Centos 3 and >>> sendmail. >>>>>>> I've played around with a .procmailrc file, but it doesn't seem >>>>>>> to do anything. I've also created the symlink in /etc/smrsh to >>>>>>> procmail with >>> no >>>>>>> avail. >>>>>>> >>>>>>> Does anyone know if I have to restart sendmail after creating the >> link? >>>>>>> Does Mailscanner have any bearing on using procmail? >>>>>>> >>> I setup a simple bash script for it -- no checking (honestly, didn't >>> care too much about checking). They've used it forever .. use, don't >>> use, modify, whatever. Enjoy! >>> >>> -- >> Rob, >> >> I saw this very same script and think I tried it. Didn't use the >> surrounding >> scripts to turn on/off, but a good idea. >> >> BTW, what checking are you referring to? >> >> Thanks, >> steve >> >> Checking to see if they gave it an argument or spitting an error message >> telling them to use it as vacationon username instead ofjust >> vacationon.. >> > From Denis.Beauchemin at usherbrooke.ca Fri May 13 14:45:05 2011 From: Denis.Beauchemin at usherbrooke.ca (Beauchemin, Denis) Date: Fri May 13 14:45:40 2011 Subject: Is MS vulnerable to this Unicode trick? Message-ID: <1C7E4902EA98DE4487AA66F401F237F001CD852B@EPSILONX.spa.usherbrooke.ca> I just read something that makes me wonder if MS can detect those Unicode names as executables? http://norman.com/security_center/security_center_archive/2011/rtlo_unicode_hole We?ve been blocking EXE, BAT and many other executables for a long time with MS, just based on the file name. I didn?t want to use the file command because we encouraged people to rename offending attachments before sending them. Should I start using the file command just to be on the safe side? Thanks! Denis Denis Beauchemin Architecte Technologique - Section Infrastructure des serveurs Service des technologies de l?information (S.T.I.) Universit? de Sherbrooke From maxsec at gmail.com Fri May 13 14:57:11 2011 From: maxsec at gmail.com (Martin Hepworth) Date: Fri May 13 14:57:21 2011 Subject: Is MS vulnerable to this Unicode trick? In-Reply-To: <1C7E4902EA98DE4487AA66F401F237F001CD852B@EPSILONX.spa.usherbrooke.ca> References: <1C7E4902EA98DE4487AA66F401F237F001CD852B@EPSILONX.spa.usherbrooke.ca> Message-ID: names make no difference - 'file' (or varients) s used to check for executables not just based on name of file. -- Martin Hepworth Oxford, UK 2011/5/13 Beauchemin, Denis > I just read something that makes me wonder if MS can detect those Unicode > names as executables? > > http://norman.com/security_center/security_center_archive/2011/rtlo_unicode_hole > > We?ve been blocking EXE, BAT and many other executables for a long time > with MS, just based on the file name. I didn?t want to use the file command > because we encouraged people to rename offending attachments before sending > them. > > Should I start using the file command just to be on the safe side? > > Thanks! > > Denis > > Denis Beauchemin > Architecte Technologique - Section Infrastructure des serveurs > Service des technologies de l?information (S.T.I.) > Universit? de Sherbrooke > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110513/cfc5250d/attachment.html From amelein at dantumadiel.eu Fri May 13 15:32:25 2011 From: amelein at dantumadiel.eu (Arjan Melein) Date: Fri May 13 15:32:47 2011 Subject: Betr.: Re: Taint problems Message-ID: <4DCD5D190200008E00019866@10.1.0.206> I am trying out MS on the latest Fedora 15 with the testing repo disabled and I am getting the Taint error. The -U 'fixed' it so that it'll actually run but what is bleeding edge Fedora will eventually be standard once the distro flavor people manage to agree on something. So in case it helps here is my MailScanner -V and the list of errors after adding -U. If anything looks out of place let me know and I'll see what happens when i make it less out of place :-) # MailScanner -debug In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Insecure dependency in open while running with -T switch at /usr/lib/MailScanner/MailScanner/Lock.pm line 358. Insecure dependency in open while running with -T switch at /usr/lib/MailScanner/MailScanner/Lock.pm line 358. Insecure dependency in open while running with -T switch at /usr/lib/MailScanner/MailScanner/Lock.pm line 358. Insecure dependency in open while running with -T switch at /usr/lib/MailScanner/MailScanner/Lock.pm line 358. Have a batch of 2 messages. Insecure dependency in open while running with -T switch at /usr/share/perl5/File/Copy.pm line 246. Insecure dependency in open while running with -T switch at /usr/share/perl5/File/Copy.pm line 246. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 1. Insecure dependency in chdir while running with -T switch at /usr/lib/MailScanner/MailScanner/Message.pm line 2415. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in chdir while running with -T switch at /usr/lib/MailScanner/MailScanner/Message.pm line 2415. Scanning: | Insecure dependency in open while running with -T switch at /usr/lib/MailScanner/MailScanner/Lock.pm line 358. Insecure dependency in open while running with -T switch at /usr/lib/MailScanner/MailScanner/Lock.pm line 358. Insecure dependency in chmod while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 379. Insecure dependency in chmod while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 379. Insecure dependency in chmod while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 379. Insecure dependency in utime while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 412. Insecure dependency in utime while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 412. Insecure dependency in utime while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 412. Insecure dependency in rename while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 413. Insecure dependency in unlink while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 173. Insecure dependency in unlink while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 173. Insecure dependency in unlink while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 173. Insecure dependency in open while running with -T switch at /usr/lib/MailScanner/MailScanner/Lock.pm line 358. Insecure dependency in open while running with -T switch at /usr/lib/MailScanner/MailScanner/Lock.pm line 358. Insecure dependency in chmod while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 379. Insecure dependency in chmod while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 379. Insecure dependency in chmod while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 379. Insecure dependency in utime while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 412. Insecure dependency in utime while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 412. Insecure dependency in utime while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 412. Insecure dependency in rename while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 413. Insecure dependency in unlink while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 173. Insecure dependency in unlink while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 173. Insecure dependency in unlink while running with -T switch at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 173. ---- # MailScanner -V Running on Linux dyn180.domain.local 2.6.38.5-24.fc15.x86_64 #1 SMP Fri May 6 08:00:28 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux This is Fedora release 15 (Lovelock) This is Perl version 5.012003 (5.12.3) This is MailScanner version 4.83.5 Module versions are: 1.00 AnyDBM_File 1.30 Archive::Zip 0.23 bignum 1.17 Carp 2.033 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.125 Data::Dumper 2.30 Date::Parse 1.03 DirHandle 1.06 Fcntl 2.78 File::Basename 2.18 File::Copy 2.02 FileHandle 2.08_01 File::Path 0.22 File::Temp 0.92 Filesys::Df 3.68 HTML::Entities 3.68 HTML::Parser 3.57 HTML::TokeParser 1.25_02 IO 1.14 IO::File 1.13 IO::Pipe 2.07 Mail::Header 1.89_01 Math::BigInt 0.24 Math::BigRat 3.08 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.08 MIME::QuotedPrint 5.427 MIME::Tools 0.14 Net::CIDR 1.25 Net::IP 0.19 OLE::Storage_Lite 1.04 Pod::Escapes 3.14 Pod::Simple 1.19 POSIX 1.23 Scalar::Util 1.87_01 Socket 2.22 Storable 1.4 Sys::Hostname::Long 0.27 Sys::Syslog 1.45 Test::Pod 0.98 Test::Simple 1.9719 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.76 Archive::Tar 0.23 bignum 2.05 Business::ISBN 20081208 Business::ISBN::Data 1.19 Data::Dump 1.82 DB_File 1.31 DBD::SQLite 1.616 DBI 1.16 Digest 1.02 Digest::HMAC 2.39 Digest::MD5 2.13 Digest::SHA1 1.01 Encode::Detect 0.17016 Error 0.280202 ExtUtils::CBuilder 2.2206 ExtUtils::ParseXS 2.38 Getopt::Long 0.48 Inline missing IO::String 1.10 IO::Zlib 2.27 IP::Country 0.29 Mail::ClamAV 3.003002 Mail::SpamAssassin v2.007 Mail::SPF missing Mail::SPF::Query 0.38 Module::Build missing Net::CIDR::Lite 0.66 Net::DNS v0.003 Net::DNS::Resolver::Programmable missing Net::LDAP 4.027 NetAddr::IP 1.965001 Parse::RecDescent missing SAVI 3.17 Test::Harness missing Test::Manifest 2.02 Text::Balanced 1.56 URI 0.88 version missing YAML Cheers, Arjan From maxsec at gmail.com Fri May 13 15:48:27 2011 From: maxsec at gmail.com (Martin Hepworth) Date: Fri May 13 15:48:36 2011 Subject: Betr.: Re: Taint problems In-Reply-To: <4DCD5D190200008E00019866@10.1.0.206> References: <4DCD5D190200008E00019866@10.1.0.206> Message-ID: lets see how many replies this gets you when the message is that using Fedora as a server is a bad idea :-) -- Martin Hepworth Oxford, UK On 13 May 2011 15:32, Arjan Melein wrote: > I am trying out MS on the latest Fedora 15 with the testing repo disabled > and I am getting the Taint error. > > The -U 'fixed' it so that it'll actually run but what is bleeding edge > Fedora will eventually be standard once the distro flavor people manage to > agree on something. > So in case it helps here is my MailScanner -V and the list of errors after > adding -U. If anything looks out of place let me know and I'll see what > happens when i make it less out of place :-) > > # MailScanner -debug > > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > Insecure dependency in open while running with -T switch at > /usr/lib/MailScanner/MailScanner/Lock.pm line 358. > Insecure dependency in open while running with -T switch at > /usr/lib/MailScanner/MailScanner/Lock.pm line 358. > Insecure dependency in open while running with -T switch at > /usr/lib/MailScanner/MailScanner/Lock.pm line 358. > Insecure dependency in open while running with -T switch at > /usr/lib/MailScanner/MailScanner/Lock.pm line 358. > Have a batch of 2 messages. > Insecure dependency in open while running with -T switch at > /usr/share/perl5/File/Copy.pm line 246. > Insecure dependency in open while running with -T switch at > /usr/share/perl5/File/Copy.pm line 246. > Insecure dependency in open while running with -T switch at > /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 1. > Insecure dependency in chdir while running with -T switch at > /usr/lib/MailScanner/MailScanner/Message.pm line 2415. > Insecure dependency in open while running with -T switch at > /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in chdir while running with -T switch at > /usr/lib/MailScanner/MailScanner/Message.pm line 2415. > Scanning: | > Insecure dependency in open while running with -T switch at > /usr/lib/MailScanner/MailScanner/Lock.pm line 358. > Insecure dependency in open while running with -T switch at > /usr/lib/MailScanner/MailScanner/Lock.pm line 358. > Insecure dependency in chmod while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 379. > Insecure dependency in chmod while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 379. > Insecure dependency in chmod while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 379. > Insecure dependency in utime while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 412. > Insecure dependency in utime while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 412. > Insecure dependency in utime while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 412. > Insecure dependency in rename while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 413. > Insecure dependency in unlink while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 173. > Insecure dependency in unlink while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 173. > Insecure dependency in unlink while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 173. > Insecure dependency in open while running with -T switch at > /usr/lib/MailScanner/MailScanner/Lock.pm line 358. > Insecure dependency in open while running with -T switch at > /usr/lib/MailScanner/MailScanner/Lock.pm line 358. > Insecure dependency in chmod while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 379. > Insecure dependency in chmod while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 379. > Insecure dependency in chmod while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 379. > Insecure dependency in utime while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 412. > Insecure dependency in utime while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 412. > Insecure dependency in utime while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 412. > Insecure dependency in rename while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 413. > Insecure dependency in unlink while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 173. > Insecure dependency in unlink while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 173. > Insecure dependency in unlink while running with -T switch at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 173. > > ---- > > # MailScanner -V > Running on > Linux dyn180.domain.local 2.6.38.5-24.fc15.x86_64 #1 SMP Fri May 6 08:00:28 > UTC 2011 x86_64 x86_64 x86_64 GNU/Linux > This is Fedora release 15 (Lovelock) > This is Perl version 5.012003 (5.12.3) > > This is MailScanner version 4.83.5 > Module versions are: > 1.00 AnyDBM_File > 1.30 Archive::Zip > 0.23 bignum > 1.17 Carp > 2.033 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.125 Data::Dumper > 2.30 Date::Parse > 1.03 DirHandle > 1.06 Fcntl > 2.78 File::Basename > 2.18 File::Copy > 2.02 FileHandle > 2.08_01 File::Path > 0.22 File::Temp > 0.92 Filesys::Df > 3.68 HTML::Entities > 3.68 HTML::Parser > 3.57 HTML::TokeParser > 1.25_02 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.07 Mail::Header > 1.89_01 Math::BigInt > 0.24 Math::BigRat > 3.08 MIME::Base64 > 5.427 MIME::Decoder > 5.427 MIME::Decoder::UU > 5.427 MIME::Head > 5.427 MIME::Parser > 3.08 MIME::QuotedPrint > 5.427 MIME::Tools > 0.14 Net::CIDR > 1.25 Net::IP > 0.19 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.14 Pod::Simple > 1.19 POSIX > 1.23 Scalar::Util > 1.87_01 Socket > 2.22 Storable > 1.4 Sys::Hostname::Long > 0.27 Sys::Syslog > 1.45 Test::Pod > 0.98 Test::Simple > 1.9719 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.76 Archive::Tar > 0.23 bignum > 2.05 Business::ISBN > 20081208 Business::ISBN::Data > 1.19 Data::Dump > 1.82 DB_File > 1.31 DBD::SQLite > 1.616 DBI > 1.16 Digest > 1.02 Digest::HMAC > 2.39 Digest::MD5 > 2.13 Digest::SHA1 > 1.01 Encode::Detect > 0.17016 Error > 0.280202 ExtUtils::CBuilder > 2.2206 ExtUtils::ParseXS > 2.38 Getopt::Long > 0.48 Inline > missing IO::String > 1.10 IO::Zlib > 2.27 IP::Country > 0.29 Mail::ClamAV > 3.003002 Mail::SpamAssassin > v2.007 Mail::SPF > missing Mail::SPF::Query > 0.38 Module::Build > missing Net::CIDR::Lite > 0.66 Net::DNS > v0.003 Net::DNS::Resolver::Programmable > missing Net::LDAP > 4.027 NetAddr::IP > 1.965001 Parse::RecDescent > missing SAVI > 3.17 Test::Harness > missing Test::Manifest > 2.02 Text::Balanced > 1.56 URI > 0.88 version > missing YAML > > Cheers, > > Arjan > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110513/105ec371/attachment.html From amelein at dantumadiel.eu Fri May 13 18:25:57 2011 From: amelein at dantumadiel.eu (Arjan Melein) Date: Fri May 13 18:26:17 2011 Subject: Betr.: Re: Taint problems Message-ID: <4DCD85C50200008E00019878@10.1.0.206> >>>> Martin Hepworth 13-05-11 16:52 >>> >lets see how many replies this gets you when the message is that using >Fedora as a server is a bad idea :-) > >-- >Martin Hepworth >Oxford, UK What, never felt like living on the edge ? :-) In all honesty, yes running bleeding edge as a *production* server is a bad idea. But in fedora 15's defense, this scheduler update in the 2.6.38 kernel is very nice(which is why I'm trying this). Stable distro's are too slow with new versions / features and bleeding edge is too fast, so where does that leave you. But this wasn't about if it was smart to use Fedora as a server, this was about 'hey look I get errors with these version modules that people might start using in the future' It's better to look at it before people start getting into trouble with their production servers so it does not have to go on the high priority list :-) Have a good weekend everyone. - Arjan From Denis.Beauchemin at usherbrooke.ca Fri May 13 18:40:23 2011 From: Denis.Beauchemin at usherbrooke.ca (Beauchemin, Denis) Date: Fri May 13 18:43:38 2011 Subject: Is MS vulnerable to this Unicode trick? In-Reply-To: References: <1C7E4902EA98DE4487AA66F401F237F001CD852B@EPSILONX.spa.usherbrooke.ca> Message-ID: <1C7E4902EA98DE4487AA66F401F237F001CD8787@EPSILONX.spa.usherbrooke.ca> Martin, Not everybody is using ?file?. I think those that don't use it are probably vulnerable. Denis ________________________________________ Denis Beauchemin Architecte Technologique - Section Infrastructure des serveurs Service des technologies de l?information (S.T.I.) Universit? de Sherbrooke De?: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] De la part de Martin Hepworth Envoy??: 13 mai 2011 09:57 ??: MailScanner discussion Objet?: Re: Is MS vulnerable to this Unicode trick? names make no difference - 'file' (or varients) s used to check for executables not just based on name of file. -- Martin Hepworth Oxford, UK 2011/5/13 Beauchemin, Denis I just read something that makes me wonder if MS can detect those Unicode names as executables? http://norman.com/security_center/security_center_archive/2011/rtlo_unicode_hole We?ve been blocking EXE, BAT and many other executables for a long time with MS, just based on the file name. I didn?t want to use the file command because we encouraged people to rename offending attachments before sending them. Should I start using the file command just to be on the safe side? Thanks! Denis Denis Beauchemin Architecte Technologique - Section Infrastructure des serveurs Service des technologies de l?information (S.T.I.) Universit? de Sherbrooke -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From rcooper at dwford.com Fri May 13 19:41:32 2011 From: rcooper at dwford.com (Rick Cooper) Date: Fri May 13 19:41:50 2011 Subject: Betr.: Re: Taint problems In-Reply-To: <4DCD85C50200008E00019878@10.1.0.206> References: <4DCD85C50200008E00019878@10.1.0.206> Message-ID: <387B93B0A51A4C9F9A9BB7C3F50B0309@SAHOMELT> Arjan Melein wrote: >>>>> Martin Hepworth 13-05-11 16:52 >>> >> lets see how many replies this gets you when the message is that >> using Fedora as a server is a bad idea :-) >> >> -- >> Martin Hepworth >> Oxford, UK > > What, never felt like living on the edge ? :-) > In all honesty, yes running bleeding edge as a *production* server is > a bad idea. > But in fedora 15's defense, this scheduler update in the 2.6.38 > kernel is very nice(which is why I'm trying this). > Stable distro's are too slow with new versions / features and > bleeding edge is too fast, so where does that leave you. > But this wasn't about if it was smart to use Fedora as a server, this > was about 'hey look I get errors with these version modules that > people might start using in the future' It's better to look at it > before people start getting into trouble with their production > servers so it does not have to go on the high priority list :-) > > Have a good weekend everyone. > A quick look through the Mailscanner items listed in the log output looks like each line is involved with a filename that has not been untainted so I would assume it's cause is the increased taint security in the 5.10+ perl version and will need to be dealt with sooner or later anyway. From mark at msapiro.net Sun May 15 17:26:11 2011 From: mark at msapiro.net (Mark Sapiro) Date: Sun May 15 17:26:26 2011 Subject: Is MS vulnerable to this Unicode trick? In-Reply-To: <1C7E4902EA98DE4487AA66F401F237F001CD8787@EPSILONX.spa.usherbrooke.ca> References: <1C7E4902EA98DE4487AA66F401F237F001CD852B@EPSILONX.spa.usherbrooke.ca> <1C7E4902EA98DE4487AA66F401F237F001CD8787@EPSILONX.spa.usherbrooke.ca> Message-ID: <4DCFFEA3.7020309@msapiro.net> On 11:59 AM, Beauchemin, Denis wrote: > Martin, > > Not everybody is using ?file?. I think those that don't use it are probably vulnerable. According to my tests with MailScanner 4.83.5, they are not. I created a file with name 'abcdef\u202B\u202Ecod.exe' where \u202B\u202E are the unicode right-to-left embedding and right-to-left override codes respectively. This file displays in Windows explorer as an 'executable' icon, and the name appears as 'abcdefexe.doc'. I then used Thunderbird to send myself an email with the file attached. Thunderbird attached the file as Content-Type: application/x-msdownload; name="=?UTF-8?B?YWJjZGVm4oCr4oCuY29kLmV4ZQ==?=" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename*0*=UTF-8''%61%62%63%64%65%66%E2%80%AB%E2%80%AE%63%6F%64%2E%65%78; filename*1*=%65 Note the name= parameter is RFC 2047 encoded and the filename= is RFC 2231 encoded, but both decode to the 'abcdef\u202B\u202Ecod.exe' name. Mailscanner 4.83.5 removed the attached file and logged the following: May 15 08:49:34 sbh16 MailScanner[21254]: Filename Checks: Windows/DOS Executable (89E3D6900B1.AAACB abcdef??cod.exe) May 15 08:49:34 sbh16 MailScanner[21254]: Saved entire message to /var/spool/MailScanner/quarantine/20110515/89E3D6900B1.AAACB May 15 08:49:34 sbh16 MailScanner[21254]: Saved infected "abcdef%%E2%%80%%AB%%E2%%80%%AEco.exe" to /var/spool/MailScanner/quarantine/20110515/89E3D6900B1.AAACB There seems to be an issue of some kind in that in the third log message above, the name is reported as "abcdef%%E2%%80%%AB%%E2%%80%%AEco.exe" which is missing the 'd' in cod.exe, and in the message to the user, the name is even more garbled as At Sun May 15 08:49:34 2011 the virus scanner said: MailScanner: Executable DOS/Windows programs are dangerous in email (abcdef80E2AEco.exe) but the .exe extension was properly recognized. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Sun May 15 18:25:14 2011 From: mark at msapiro.net (Mark Sapiro) Date: Sun May 15 18:25:25 2011 Subject: MailScanner interprets header-like lines in a text/plain body as actual headers Message-ID: <4DD00C7A.3060604@msapiro.net> A single part text/plain message containing the following body (unquoted) > Some text followed by > > Content-Type: text/plain; > name="test.exe" > Content-Transfer-Encoding: 7bit > Content-Disposition: attachment; > filename="test.exe" > > followed by more text is treated by MailScanner as containing an attachment named 'test.exe'. MailScanner reports May 15 10:13:24 sbh16 MailScanner[24185]: Filename Checks: Windows/DOS Executable (C9B9F6900B1.A3C91 ) May 15 10:13:24 sbh16 MailScanner[24185]: Saved entire message to /var/spool/MailScanner/quarantine/20110515/C9B9F6900B1.A3C91 MailScanner -v Running on Linux sbh16.songbird.com 2.6.18-8.1.14.el5 #1 SMP Thu Sep 27 18:58:54 EDT 2007 i 686 i686 i386 GNU/Linux This is CentOS release 5 (Final) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.83.5 Module versions are: 1.00 AnyDBM_File 1.30 Archive::Zip 0.23 bignum 1.04 Carp 1.41 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121_08 Data::Dumper 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.20 File::Temp 0.90 Filesys::Df 3.64 HTML::Entities 3.64 HTML::Parser 3.57 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.04 Mail::Header 1.89 Math::BigInt 0.22 Math::BigRat 3.05 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.03 MIME::QuotedPrint 5.427 MIME::Tools 0.13 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.05 Pod::Simple 1.09 POSIX 1.19 Scalar::Util 1.78 Socket 2.16 Storable 1.4 Sys::Hostname::Long 0.27 Sys::Syslog 1.26 Test::Pod 0.86 Test::Simple 1.68 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.30 Archive::Tar 0.23 bignum 1.82 Business::ISBN 1.10 Business::ISBN::Data 1.08 Data::Dump 1.814 DB_File 1.25 DBD::SQLite 1.607 DBI 1.10 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 1.00 Encode::Detect 0.17008 Error 0.18 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 2.38 Getopt::Long 0.44 Inline 1.08 IO::String 1.04 IO::Zlib 2.21 IP::Country 0.29 Mail::ClamAV 3.003001 Mail::SpamAssassin v2.004 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.65 Net::DNS 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP 4.004 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.64 Test::Harness 0.95 Test::Manifest 1.98 Text::Balanced 1.35 URI 0.7203 version 0.62 YAML -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From Amelein at dantumadiel.eu Mon May 16 10:07:34 2011 From: Amelein at dantumadiel.eu (Arjan Melein) Date: Mon May 16 10:07:57 2011 Subject: Betr.: Re: Taint problems In-Reply-To: <387B93B0A51A4C9F9A9BB7C3F50B0309@SAHOMELT> References: <4DCD85C50200008E00019878@10.1.0.206> <387B93B0A51A4C9F9A9BB7C3F50B0309@SAHOMELT> Message-ID: <4DD105760200008E000198C2@10.1.0.206> >>> Op 13-5-2011 om 20:41 is door "Rick Cooper" geschreven: > > A quick look through the Mailscanner items listed in the log output looks > like each line is involved with a filename that has not been untainted so I > would assume it's cause is the increased taint security in the 5.10+ perl > version and will need to be dealt with sooner or later anyway. Once perl-MIME-tools gets updated from the included 5.427-2 to 5.502-1.fc15 things also break beyond my ability to tinker and get it going again, other then downgrading the rpm. # MailScanner -debug Configuration: Failed to find any configuration files like /etc/MailScanner/conf.d/*, skipping them. at /usr/lib/MailScanner/MailScanner/Config.pm line 2044 In Debugging mode, not forking... Can't locate object method "config" via package "MIME::ToolUtils" (perhaps you forgot to load "MIME::ToolUtils"?) at /usr/sbin/MailScanner line 1471. - Arjan From nerijusb at dtiltas.lt Fri May 20 04:36:44 2011 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Fri May 20 04:36:57 2011 Subject: debugging Message-ID: Hello, Suddenly mailscanner started to crash - it restarts itself when I run 'service MailScanner start' (I can see 'MailScanner ' processes reappearing with 'top'). I tried to debug it with --debug --lint - no errors. MailScanner works if postfix queue is empty - but it crashes when the first email comes in. Tried to disable virus|spam scanning - didn't help. I will happily provide any info needed. Version mailscanner-4.83.5-1.noarch. Regards, Nerijus From maxsec at gmail.com Fri May 20 06:32:03 2011 From: maxsec at gmail.com (Martin Hepworth) Date: Fri May 20 06:32:12 2011 Subject: debugging In-Reply-To: References: Message-ID: Anything in the the incoming queue dir other than mail files? Checked for hidden/dot files? Did u run the debug as the postfix user? Martin On Friday, 20 May 2011, Nerijus Baliunas wrote: > Hello, > > Suddenly mailscanner started to crash - it restarts itself when I run > 'service MailScanner start' (I can see 'MailScanner ' processes > reappearing with 'top'). I tried to debug it with --debug --lint - no errors. > MailScanner works if postfix queue is empty - but it crashes when the first > email comes in. Tried to disable virus|spam scanning - didn't help. > I will happily provide any info needed. > Version mailscanner-4.83.5-1.noarch. > > Regards, > Nerijus > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Martin Hepworth Oxford, UK From prinbra at gmail.com Fri May 20 07:07:07 2011 From: prinbra at gmail.com (Curu Wong) Date: Fri May 20 07:07:16 2011 Subject: debugging In-Reply-To: References: Message-ID: Did you update your perl, you can run ms in debug mode. and if you see output like "Insecure dependency ....", that may be caused by the CVE-2011-1487 fix. in that case, adding the -U switch in the showbang line in /usr/sbin/MailScanner may help 2011/5/20 Nerijus Baliunas > Hello, > > Suddenly mailscanner started to crash - it restarts itself when I run > 'service MailScanner start' (I can see 'MailScanner ' processes > reappearing with 'top'). I tried to debug it with --debug --lint - no > errors. > MailScanner works if postfix queue is empty - but it crashes when the first > email comes in. Tried to disable virus|spam scanning - didn't help. > I will happily provide any info needed. > Version mailscanner-4.83.5-1.noarch. > > Regards, > Nerijus > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110520/2b96b878/attachment.html From richard at fastnet.co.uk Fri May 20 09:06:35 2011 From: richard at fastnet.co.uk (Richard Mealing) Date: Fri May 20 09:06:48 2011 Subject: Can't call method "CombineReports" Message-ID: <1251B5423222C446A299CABAA7B46FF41043F9@fn-exchange.fastnet.local> Hi Everyone, Can you help me with this? May 19 17:23:20 mailfilter7 MailScanner[33559]: Warning: skipping message p4JG6H3O008475 as it has been attempted too many times May 19 17:23:20 mailfilter7 MailScanner[33559]: Quarantined message p4JG6H3O008475 as it caused MailScanner to crash several times May 19 17:23:20 mailfilter7 MailScanner[33559]: Saved entire message to /var/spool/MailScanner/quarantine/20110519/p4JG6H3O008475 May 19 17:23:20 mailfilter7 MailScanner[33430]: Making attempt 6 at processing message p4JG6NE1008526 May 19 17:23:21 mailfilter7 MailScanner[33430]: Making attempt 6 at processing message p4JG6UTB008592 May 19 17:23:21 mailfilter7 MailScanner[33526]: Making attempt 6 at processing message p4JG6W9T008601 May 19 17:23:21 mailfilter7 MailScanner[33430]: Making attempt 4 at processing message p4JG6aVC008654 May 19 17:23:21 mailfilter7 MailScanner[33559]: Making attempt 4 at processing message p4JG6oR8008790 May 19 17:23:21 mailfilter7 MailScanner[33430]: Making attempt 5 at processing message p4JG7000008882 mailscanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 5 messages. Can't call method "CombineReports" on unblessed reference at /usr/local/lib/MailScanner/MailScanner/MessageBatch.pm line 736. pkg_info | grep Mail MailScanner-4.83.4 Powerful virus/spam scanning framework for mail gateways uname -a FreeBSD mailfilter7.domain.com 7.2-RELEASE-p7 FreeBSD 7.2-RELEASE-p7 #0: Fri Feb 26 19:51:57 UTC 2010 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 I am using perl version perl-5.8.9_2. Any ideas how I can fix this? Many thanks, Rich -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110520/3cd90f95/attachment.html From richard at fastnet.co.uk Fri May 20 11:37:55 2011 From: richard at fastnet.co.uk (Richard Mealing) Date: Fri May 20 11:38:10 2011 Subject: Can't call method "CombineReports" In-Reply-To: <1251B5423222C446A299CABAA7B46FF41043F9@fn-exchange.fastnet.local> References: <1251B5423222C446A299CABAA7B46FF41043F9@fn-exchange.fastnet.local> Message-ID: <1251B5423222C446A299CABAA7B46FF4104682@fn-exchange.fastnet.local> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Richard Mealing Sent: 20 May 2011 09:07 To: MailScanner discussion (mailscanner@lists.mailscanner.info) Subject: Can't call method "CombineReports" Hi Everyone, Can you help me with this? May 19 17:23:20 mailfilter7 MailScanner[33559]: Warning: skipping message p4JG6H3O008475 as it has been attempted too many times May 19 17:23:20 mailfilter7 MailScanner[33559]: Quarantined message p4JG6H3O008475 as it caused MailScanner to crash several times May 19 17:23:20 mailfilter7 MailScanner[33559]: Saved entire message to /var/spool/MailScanner/quarantine/20110519/p4JG6H3O008475 May 19 17:23:20 mailfilter7 MailScanner[33430]: Making attempt 6 at processing message p4JG6NE1008526 May 19 17:23:21 mailfilter7 MailScanner[33430]: Making attempt 6 at processing message p4JG6UTB008592 May 19 17:23:21 mailfilter7 MailScanner[33526]: Making attempt 6 at processing message p4JG6W9T008601 May 19 17:23:21 mailfilter7 MailScanner[33430]: Making attempt 4 at processing message p4JG6aVC008654 May 19 17:23:21 mailfilter7 MailScanner[33559]: Making attempt 4 at processing message p4JG6oR8008790 May 19 17:23:21 mailfilter7 MailScanner[33430]: Making attempt 5 at processing message p4JG7000008882 mailscanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 5 messages. Can't call method "CombineReports" on unblessed reference at /usr/local/lib/MailScanner/MailScanner/MessageBatch.pm line 736. pkg_info | grep Mail MailScanner-4.83.4 Powerful virus/spam scanning framework for mail gateways uname -a FreeBSD mailfilter7.domain.com 7.2-RELEASE-p7 FreeBSD 7.2-RELEASE-p7 #0: Fri Feb 26 19:51:57 UTC 2010 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 I am using perl version perl-5.8.9_2. Any ideas how I can fix this? Many thanks, Rich __________________________________________ In reading other discussions about the taint errors, I've added the -U switch in the shebang for /usr/local/sbin/Mailscanner and it all seems to be working again now. In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 1 message. Stopping now as you are debugging me. I have 4 other servers with this set-up, I shall see if they all have the same problem when I restart them I guess. Should I look at updating my perl? Thanks, Rich -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110520/eb14f29b/attachment.html From jaearick at colby.edu Fri May 20 15:11:28 2011 From: jaearick at colby.edu (Jeff Earickson) Date: Fri May 20 15:12:00 2011 Subject: Can't call method "CombineReports" In-Reply-To: <1251B5423222C446A299CABAA7B46FF41043F9@fn-exchange.fastnet.local> References: <1251B5423222C446A299CABAA7B46FF41043F9@fn-exchange.fastnet.local> Message-ID: Julian et al, Ahah! I too have been chasing this issue for the past two or three months, but could never find a batch of emails to reproduce the problem with (too much mail flow). It bites me every couple of weeks or so, and I too would love a fix. Now that Richard has identified a debug complaint, is this a quick fix? My setup: MailScanner 4.83.4, perl 5.12.3, running on Redhat 6.0, Linux virremail 2.6.32-71.29.1.el6.x86_64 #1 SMP Thu Apr 21 16:08:55 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux Jeff Earickson Colby College On Fri, May 20, 2011 at 4:06 AM, Richard Mealing wrote: > Hi Everyone, > > > > Can you help me with this? > > > > May 19 17:23:20 mailfilter7 MailScanner[33559]: Warning: skipping message > p4JG6H3O008475 as it has been attempted too many times > > May 19 17:23:20 mailfilter7 MailScanner[33559]: Quarantined message > p4JG6H3O008475 as it caused MailScanner to crash several times > > May 19 17:23:20 mailfilter7 MailScanner[33559]: Saved entire message to > /var/spool/MailScanner/quarantine/20110519/p4JG6H3O008475 > > May 19 17:23:20 mailfilter7 MailScanner[33430]: Making attempt 6 at > processing message p4JG6NE1008526 > > May 19 17:23:21 mailfilter7 MailScanner[33430]: Making attempt 6 at > processing message p4JG6UTB008592 > > May 19 17:23:21 mailfilter7 MailScanner[33526]: Making attempt 6 at > processing message p4JG6W9T008601 > > May 19 17:23:21 mailfilter7 MailScanner[33430]: Making attempt 4 at > processing message p4JG6aVC008654 > > May 19 17:23:21 mailfilter7 MailScanner[33559]: Making attempt 4 at > processing message p4JG6oR8008790 > > May 19 17:23:21 mailfilter7 MailScanner[33430]: Making attempt 5 at > processing message p4JG7000008882 > > > > > > > > mailscanner --debug > > > > > > In Debugging mode, not forking... > > Trying to setlogsock(unix) > > Building a message batch to scan... > > Have a batch of 5 messages. > > Can't call method "CombineReports" on unblessed reference at > /usr/local/lib/MailScanner/MailScanner/MessageBatch.pm line 736. > > > > > > > > > > pkg_info | grep Mail > > MailScanner-4.83.4? Powerful virus/spam scanning framework for mail gateways > > > > > > uname -a > > FreeBSD mailfilter7.domain.com 7.2-RELEASE-p7 FreeBSD 7.2-RELEASE-p7 #0: Fri > Feb 26 19:51:57 UTC 2010 > root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC ?i386 > > > > I am using perl version perl-5.8.9_2. > > > > Any ideas how I can fix this? > > > > Many thanks, > > Rich > > > > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From j2 at mupp.net Fri May 20 16:23:27 2011 From: j2 at mupp.net (Jan Johansson) Date: Fri May 20 16:23:42 2011 Subject: SV: debugging In-Reply-To: References: Message-ID: <53823EF3F5911F4D823DFD09156AD7283889DCB9@ex01.kontinuitet.local> >Suddenly mailscanner started to crash - it restarts itself when I run 'service MailScanner start' (I can see 'MailScanner ' processes reappearing with 'top'). I tried to debug it with --debug --lint - no errors. >MailScanner works if postfix queue is empty - but it crashes when the first email comes in. Tried to disable virus|spam scanning - didn't help. >I will happily provide any info needed. >Version mailscanner-4.83.5-1.noarch. Search the list for "taint", you probably got burned by a PERL upgrade. From richard at fastnet.co.uk Mon May 23 14:12:34 2011 From: richard at fastnet.co.uk (Richard Mealing) Date: Mon May 23 14:12:47 2011 Subject: Can't call method "CombineReports" In-Reply-To: References: <1251B5423222C446A299CABAA7B46FF41043F9@fn-exchange.fastnet.local> Message-ID: <1251B5423222C446A299CABAA7B46FF4105F3D@fn-exchange.fastnet.local> Hi, -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeff Earickson Sent: 20 May 2011 15:11 To: MailScanner discussion Subject: Re: Can't call method "CombineReports" Julian et al, Ahah! I too have been chasing this issue for the past two or three months, but could never find a batch of emails to reproduce the problem with (too much mail flow). It bites me every couple of weeks or so, and I too would love a fix. Now that Richard has identified a debug complaint, is this a quick fix? My setup: MailScanner 4.83.4, perl 5.12.3, running on Redhat 6.0, Linux virremail 2.6.32-71.29.1.el6.x86_64 #1 SMP Thu Apr 21 16:08:55 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux Jeff Earickson Colby College On Fri, May 20, 2011 at 4:06 AM, Richard Mealing wrote: > Hi Everyone, > > > > Can you help me with this? > > > > May 19 17:23:20 mailfilter7 MailScanner[33559]: Warning: skipping > message > p4JG6H3O008475 as it has been attempted too many times > > May 19 17:23:20 mailfilter7 MailScanner[33559]: Quarantined message > p4JG6H3O008475 as it caused MailScanner to crash several times > > May 19 17:23:20 mailfilter7 MailScanner[33559]: Saved entire message > to > /var/spool/MailScanner/quarantine/20110519/p4JG6H3O008475 > > May 19 17:23:20 mailfilter7 MailScanner[33430]: Making attempt 6 at > processing message p4JG6NE1008526 > > May 19 17:23:21 mailfilter7 MailScanner[33430]: Making attempt 6 at > processing message p4JG6UTB008592 > > May 19 17:23:21 mailfilter7 MailScanner[33526]: Making attempt 6 at > processing message p4JG6W9T008601 > > May 19 17:23:21 mailfilter7 MailScanner[33430]: Making attempt 4 at > processing message p4JG6aVC008654 > > May 19 17:23:21 mailfilter7 MailScanner[33559]: Making attempt 4 at > processing message p4JG6oR8008790 > > May 19 17:23:21 mailfilter7 MailScanner[33430]: Making attempt 5 at > processing message p4JG7000008882 > > > > > > > > mailscanner --debug > > > > > > In Debugging mode, not forking... > > Trying to setlogsock(unix) > > Building a message batch to scan... > > Have a batch of 5 messages. > > Can't call method "CombineReports" on unblessed reference at > /usr/local/lib/MailScanner/MailScanner/MessageBatch.pm line 736. > > > > > > > > > > pkg_info | grep Mail > > MailScanner-4.83.4? Powerful virus/spam scanning framework for mail > gateways > > > > > > uname -a > > FreeBSD mailfilter7.domain.com 7.2-RELEASE-p7 FreeBSD 7.2-RELEASE-p7 > #0: Fri Feb 26 19:51:57 UTC 2010 > root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC ?i386 > > > > I am using perl version perl-5.8.9_2. > > > > Any ideas how I can fix this? > > > > Many thanks, > > Rich > > > > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > I'm still getting this issue, now on another machine with identical setup. mailscanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 30 messages. Can't call method "CombineReports" on unblessed reference at /usr/local/lib/MailScanner/MailScanner/MessageBatch.pm line 736. This is with the -U shebang switch. Any ideas anyone? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From richard at fastnet.co.uk Mon May 23 14:38:26 2011 From: richard at fastnet.co.uk (Richard Mealing) Date: Mon May 23 14:38:40 2011 Subject: Can't call method "CombineReports" In-Reply-To: <1251B5423222C446A299CABAA7B46FF4105F3D@fn-exchange.fastnet.local> References: <1251B5423222C446A299CABAA7B46FF41043F9@fn-exchange.fastnet.local> <1251B5423222C446A299CABAA7B46FF4105F3D@fn-exchange.fastnet.local> Message-ID: <1251B5423222C446A299CABAA7B46FF4105FAE@fn-exchange.fastnet.local> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Richard Mealing Sent: 23 May 2011 14:13 To: MailScanner discussion Subject: RE: Can't call method "CombineReports" Hi, -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeff Earickson Sent: 20 May 2011 15:11 To: MailScanner discussion Subject: Re: Can't call method "CombineReports" Julian et al, Ahah! I too have been chasing this issue for the past two or three months, but could never find a batch of emails to reproduce the problem with (too much mail flow). It bites me every couple of weeks or so, and I too would love a fix. Now that Richard has identified a debug complaint, is this a quick fix? My setup: MailScanner 4.83.4, perl 5.12.3, running on Redhat 6.0, Linux virremail 2.6.32-71.29.1.el6.x86_64 #1 SMP Thu Apr 21 16:08:55 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux Jeff Earickson Colby College On Fri, May 20, 2011 at 4:06 AM, Richard Mealing wrote: > Hi Everyone, > > > > Can you help me with this? > > > > May 19 17:23:20 mailfilter7 MailScanner[33559]: Warning: skipping > message > p4JG6H3O008475 as it has been attempted too many times > > May 19 17:23:20 mailfilter7 MailScanner[33559]: Quarantined message > p4JG6H3O008475 as it caused MailScanner to crash several times > > May 19 17:23:20 mailfilter7 MailScanner[33559]: Saved entire message > to > /var/spool/MailScanner/quarantine/20110519/p4JG6H3O008475 > > May 19 17:23:20 mailfilter7 MailScanner[33430]: Making attempt 6 at > processing message p4JG6NE1008526 > > May 19 17:23:21 mailfilter7 MailScanner[33430]: Making attempt 6 at > processing message p4JG6UTB008592 > > May 19 17:23:21 mailfilter7 MailScanner[33526]: Making attempt 6 at > processing message p4JG6W9T008601 > > May 19 17:23:21 mailfilter7 MailScanner[33430]: Making attempt 4 at > processing message p4JG6aVC008654 > > May 19 17:23:21 mailfilter7 MailScanner[33559]: Making attempt 4 at > processing message p4JG6oR8008790 > > May 19 17:23:21 mailfilter7 MailScanner[33430]: Making attempt 5 at > processing message p4JG7000008882 > > > > > > > > mailscanner --debug > > > > > > In Debugging mode, not forking... > > Trying to setlogsock(unix) > > Building a message batch to scan... > > Have a batch of 5 messages. > > Can't call method "CombineReports" on unblessed reference at > /usr/local/lib/MailScanner/MailScanner/MessageBatch.pm line 736. > > > > > > > > > > pkg_info | grep Mail > > MailScanner-4.83.4? Powerful virus/spam scanning framework for mail > gateways > > > > > > uname -a > > FreeBSD mailfilter7.domain.com 7.2-RELEASE-p7 FreeBSD 7.2-RELEASE-p7 > #0: Fri Feb 26 19:51:57 UTC 2010 > root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC ?i386 > > > > I am using perl version perl-5.8.9_2. > > > > Any ideas how I can fix this? > > > > Many thanks, > > Rich > > > > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > I'm still getting this issue, now on another machine with identical setup. mailscanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 30 messages. Can't call method "CombineReports" on unblessed reference at /usr/local/lib/MailScanner/MailScanner/MessageBatch.pm line 736. This is with the -U shebang switch. Any ideas anyone? ________________________________________________ Hi, My box just would not process any messages now, even after a reboot it keeps going around in circles. I've moved all the mail onto another box (identical) and it's processing through the mail fine. Should I look at updating the perl on this? I'm using 5.8 I believe. Is this the same bug as Alvaro debugged due to the space in the virus name? I'm wondering if anyone has a fix for this? Thanks for any help. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From alvaro at hostalia.com Mon May 23 15:06:47 2011 From: alvaro at hostalia.com (Alvaro Marin) Date: Mon May 23 15:06:57 2011 Subject: Can't call method "CombineReports" In-Reply-To: <1251B5423222C446A299CABAA7B46FF4105FAE@fn-exchange.fastnet.local> References: <1251B5423222C446A299CABAA7B46FF41043F9@fn-exchange.fastnet.local> <1251B5423222C446A299CABAA7B46FF4105F3D@fn-exchange.fastnet.local> <1251B5423222C446A299CABAA7B46FF4105FAE@fn-exchange.fastnet.local> Message-ID: <4DDA69F7.2020301@hostalia.com> Hi, El 23/05/11 15:38, Richard Mealing escribi?: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Richard Mealing > Sent: 23 May 2011 14:13 > To: MailScanner discussion > Subject: RE: Can't call method "CombineReports" > > Hi, > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeff Earickson > Sent: 20 May 2011 15:11 > To: MailScanner discussion > Subject: Re: Can't call method "CombineReports" > > Julian et al, > > Ahah! I too have been chasing this issue for the past two or three months, but could never find a batch of emails to reproduce the problem with (too much mail flow). It bites me every couple of weeks or so, and I too would love a fix. Now that Richard has identified a debug complaint, is this a quick fix? > > My setup: MailScanner 4.83.4, perl 5.12.3, running on Redhat 6.0, Linux virremail 2.6.32-71.29.1.el6.x86_64 #1 SMP Thu Apr 21 16:08:55 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux > > Jeff Earickson > Colby College > > On Fri, May 20, 2011 at 4:06 AM, Richard Mealing wrote: >> Hi Everyone, >> >> >> >> Can you help me with this? >> >> >> >> May 19 17:23:20 mailfilter7 MailScanner[33559]: Warning: skipping >> message >> p4JG6H3O008475 as it has been attempted too many times >> >> May 19 17:23:20 mailfilter7 MailScanner[33559]: Quarantined message >> p4JG6H3O008475 as it caused MailScanner to crash several times >> >> May 19 17:23:20 mailfilter7 MailScanner[33559]: Saved entire message >> to >> /var/spool/MailScanner/quarantine/20110519/p4JG6H3O008475 >> >> May 19 17:23:20 mailfilter7 MailScanner[33430]: Making attempt 6 at >> processing message p4JG6NE1008526 >> >> May 19 17:23:21 mailfilter7 MailScanner[33430]: Making attempt 6 at >> processing message p4JG6UTB008592 >> >> May 19 17:23:21 mailfilter7 MailScanner[33526]: Making attempt 6 at >> processing message p4JG6W9T008601 >> >> May 19 17:23:21 mailfilter7 MailScanner[33430]: Making attempt 4 at >> processing message p4JG6aVC008654 >> >> May 19 17:23:21 mailfilter7 MailScanner[33559]: Making attempt 4 at >> processing message p4JG6oR8008790 >> >> May 19 17:23:21 mailfilter7 MailScanner[33430]: Making attempt 5 at >> processing message p4JG7000008882 >> >> >> >> >> >> >> >> mailscanner --debug >> >> >> >> >> >> In Debugging mode, not forking... >> >> Trying to setlogsock(unix) >> >> Building a message batch to scan... >> >> Have a batch of 5 messages. >> >> Can't call method "CombineReports" on unblessed reference at >> /usr/local/lib/MailScanner/MailScanner/MessageBatch.pm line 736. >> >> >> >> >> >> >> >> >> >> pkg_info | grep Mail >> >> MailScanner-4.83.4 Powerful virus/spam scanning framework for mail >> gateways >> >> >> >> >> >> uname -a >> >> FreeBSD mailfilter7.domain.com 7.2-RELEASE-p7 FreeBSD 7.2-RELEASE-p7 >> #0: Fri Feb 26 19:51:57 UTC 2010 >> root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 >> >> >> >> I am using perl version perl-5.8.9_2. >> >> >> >> Any ideas how I can fix this? >> >> >> >> Many thanks, >> >> Rich >> >> >> >> >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > I'm still getting this issue, now on another machine with identical setup. > > mailscanner --debug > > > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > Have a batch of 30 messages. > Can't call method "CombineReports" on unblessed reference at /usr/local/lib/MailScanner/MailScanner/MessageBatch.pm line 736. > > This is with the -U shebang switch. > > Any ideas anyone? > > > ________________________________________________ > > Hi, > > My box just would not process any messages now, even after a reboot it keeps going around in circles. I've moved all the mail onto another box (identical) and it's processing through the mail fine. > Should I look at updating the perl on this? I'm using 5.8 I believe. Is this the same bug as Alvaro debugged due to the space in the virus name? > > I'm wondering if anyone has a fix for this? > > > Thanks for any help. > That bug was fixed in the last MailScanner version: http://mailscanner.info/ChangeLog Check if you're using SaneSecurity signatures and if you've the last MailScanner version installed. Regards, -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From richard at fastnet.co.uk Tue May 24 09:23:15 2011 From: richard at fastnet.co.uk (Richard Mealing) Date: Tue May 24 09:23:27 2011 Subject: Can't call method "CombineReports" In-Reply-To: <4DDA69F7.2020301@hostalia.com> References: <1251B5423222C446A299CABAA7B46FF41043F9@fn-exchange.fastnet.local> <1251B5423222C446A299CABAA7B46FF4105F3D@fn-exchange.fastnet.local> <1251B5423222C446A299CABAA7B46FF4105FAE@fn-exchange.fastnet.local> <4DDA69F7.2020301@hostalia.com> Message-ID: <1251B5423222C446A299CABAA7B46FF4116423@fn-exchange.fastnet.local> Hi Alvaro, -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alvaro Marin Sent: 23 May 2011 15:07 To: mailscanner@lists.mailscanner.info Subject: Re: Can't call method "CombineReports" Hi, El 23/05/11 15:38, Richard Mealing escribi?: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Richard Mealing > Sent: 23 May 2011 14:13 > To: MailScanner discussion > Subject: RE: Can't call method "CombineReports" > > Hi, > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeff > Earickson > Sent: 20 May 2011 15:11 > To: MailScanner discussion > Subject: Re: Can't call method "CombineReports" > > Julian et al, > > Ahah! I too have been chasing this issue for the past two or three months, but could never find a batch of emails to reproduce the problem with (too much mail flow). It bites me every couple of weeks or so, and I too would love a fix. Now that Richard has identified a debug complaint, is this a quick fix? > > My setup: MailScanner 4.83.4, perl 5.12.3, running on Redhat 6.0, > Linux virremail 2.6.32-71.29.1.el6.x86_64 #1 SMP Thu Apr 21 16:08:55 > EDT 2011 x86_64 x86_64 x86_64 GNU/Linux > > Jeff Earickson > Colby College > > On Fri, May 20, 2011 at 4:06 AM, Richard Mealing wrote: >> Hi Everyone, >> >> >> >> Can you help me with this? >> >> >> >> May 19 17:23:20 mailfilter7 MailScanner[33559]: Warning: skipping >> message >> p4JG6H3O008475 as it has been attempted too many times >> >> May 19 17:23:20 mailfilter7 MailScanner[33559]: Quarantined message >> p4JG6H3O008475 as it caused MailScanner to crash several times >> >> May 19 17:23:20 mailfilter7 MailScanner[33559]: Saved entire message >> to >> /var/spool/MailScanner/quarantine/20110519/p4JG6H3O008475 >> >> May 19 17:23:20 mailfilter7 MailScanner[33430]: Making attempt 6 at >> processing message p4JG6NE1008526 >> >> May 19 17:23:21 mailfilter7 MailScanner[33430]: Making attempt 6 at >> processing message p4JG6UTB008592 >> >> May 19 17:23:21 mailfilter7 MailScanner[33526]: Making attempt 6 at >> processing message p4JG6W9T008601 >> >> May 19 17:23:21 mailfilter7 MailScanner[33430]: Making attempt 4 at >> processing message p4JG6aVC008654 >> >> May 19 17:23:21 mailfilter7 MailScanner[33559]: Making attempt 4 at >> processing message p4JG6oR8008790 >> >> May 19 17:23:21 mailfilter7 MailScanner[33430]: Making attempt 5 at >> processing message p4JG7000008882 >> >> >> >> >> >> >> >> mailscanner --debug >> >> >> >> >> >> In Debugging mode, not forking... >> >> Trying to setlogsock(unix) >> >> Building a message batch to scan... >> >> Have a batch of 5 messages. >> >> Can't call method "CombineReports" on unblessed reference at >> /usr/local/lib/MailScanner/MailScanner/MessageBatch.pm line 736. >> >> >> >> >> >> >> >> >> >> pkg_info | grep Mail >> >> MailScanner-4.83.4 Powerful virus/spam scanning framework for mail >> gateways >> >> >> >> >> >> uname -a >> >> FreeBSD mailfilter7.domain.com 7.2-RELEASE-p7 FreeBSD 7.2-RELEASE-p7 >> #0: Fri Feb 26 19:51:57 UTC 2010 >> root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 >> >> >> >> I am using perl version perl-5.8.9_2. >> >> >> >> Any ideas how I can fix this? >> >> >> >> Many thanks, >> >> Rich >> >> >> >> >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > I'm still getting this issue, now on another machine with identical setup. > > mailscanner --debug > > > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > Have a batch of 30 messages. > Can't call method "CombineReports" on unblessed reference at /usr/local/lib/MailScanner/MailScanner/MessageBatch.pm line 736. > > This is with the -U shebang switch. > > Any ideas anyone? > > > ________________________________________________ > > Hi, > > My box just would not process any messages now, even after a reboot it keeps going around in circles. I've moved all the mail onto another box (identical) and it's processing through the mail fine. > Should I look at updating the perl on this? I'm using 5.8 I believe. Is this the same bug as Alvaro debugged due to the space in the virus name? > > I'm wondering if anyone has a fix for this? > > > Thanks for any help. > That bug was fixed in the last MailScanner version: http://mailscanner.info/ChangeLog Check if you're using SaneSecurity signatures and if you've the last MailScanner version installed. Regards, -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com __________________________________________ I should have checked that. Thanks for the information. I have emailed the port maintainer for maybe a devel package to be added to the freebsd collection. Many thanks for your help, Rich -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From nerijusb at dtiltas.lt Wed May 25 01:51:01 2011 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Wed May 25 02:00:14 2011 Subject: debugging In-Reply-To: References: Message-ID: It helped, thank you. On Fri, 20 May 2011 14:07:07 +0800 Curu Wong wrote: > Did you update your perl, you can run ms in debug mode. and if you see > output like "Insecure dependency ....", that may be caused by the CVE-2011-1487 > fix. in that case, adding the -U switch in the showbang line in > /usr/sbin/MailScanner may help > > > 2011/5/20 Nerijus Baliunas > > > Hello, > > > > Suddenly mailscanner started to crash - it restarts itself when I run > > 'service MailScanner start' (I can see 'MailScanner ' processes > > reappearing with 'top'). I tried to debug it with --debug --lint - no > > errors. > > MailScanner works if postfix queue is empty - but it crashes when the first > > email comes in. Tried to disable virus|spam scanning - didn't help. > > I will happily provide any info needed. > > Version mailscanner-4.83.5-1.noarch. > > > > Regards, > > Nerijus From nerijusb at dtiltas.lt Thu May 26 11:58:51 2011 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Thu May 26 12:00:14 2011 Subject: debug "Message attempted to kill MailScanner" Message-ID: Hello, I have a message (now quarantined) which causes "Message attempted to kill MailScanner". How do I debug this? As I understand, I should run MailScanner --debug and submit this message? How do I submit it? I use postfix and message is quarantined as 'message' file. Regards, Nerijus From nerijusb at dtiltas.lt Fri May 27 14:55:35 2011 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Fri May 27 15:00:19 2011 Subject: debug "Message attempted to kill MailScanner" In-Reply-To: References: Message-ID: On Thu, 26 May 2011 13:58:51 +0300 Nerijus Baliunas wrote: > I have a message (now quarantined) which causes "Message attempted to kill MailScanner". > How do I debug this? As I understand, I should run MailScanner --debug and submit this > message? How do I submit it? I use postfix and message is quarantined as 'message' > file. It was the same problem: Insecure dependency in chmod while running with -T switch at /usr/share/perl5/Archive/Zip/Member.pm line 490. Adding -U to the first line of /usr/sbin/MailScanner helped. Strange, as it is Scientific Linux 6.0 (RHEL6 clone), not Fedora. Regards, Nerijus P.S. Still, does anyone know an easy way to inject 'bad' message from quarantine? I did it by sending the message again and immediately stopping MailScanner service, then running MailScanner --debug. From markus at markusoft.se Fri May 27 15:06:30 2011 From: markus at markusoft.se (Markus Nilsson) Date: Fri May 27 15:06:43 2011 Subject: Bug in phishing net? Message-ID: Hi list! I think I have found a bug in the phishing net, when the mail contains broken A-tags. For example, if the mail contains two A-tags, but only closes one of them, the end-tag callback seems to remove everything inbetween the first tag and the second one: Text More text Link This would be changed to: Link by the phishing filter Have anyone else seen this? Kind Regards Markus -- This message has been scanned for viruses and dangerous content by CronLab (www.cronlab.com), and is believed to be clean. From mailscanner at pdscc.com Fri May 27 16:49:52 2011 From: mailscanner at pdscc.com (Harondel J. Sibble) Date: Fri May 27 16:50:14 2011 Subject: 2 questions different SA scores for outbound vs inbound and best ldap/AD connector for postfix Message-ID: <20110527154956.CF4CD5A1C81@sinclaire.sibble.net> Question #1 Is there a way to assign different spam score requirements to inbound vs outbound mail? I see in the list archives instructions for disabling outbound SA scoring, but not for different directional scores. Basically want Inbound spam = 4 high scoring spam = 7 outbound spam = 7 high scoring spam = 12 Can someone point me to instructions on how to make this work or let me know if it's not even possible? Question #2 what's the current recommended best AD/LDAP connector for using with Postfix and Exchange 2010/Windows 2008 R2 AD. I've been reviewing the list archives and googling and see there are still a lot of options in general, but most I've come across so far seem to be specific to EX2003/2007/Win2k3. Customer is happy to pay for a commercial solution. Just looking for the simplest to deploy/maintain. -- Harondel J. Sibble Sibble Computer Consulting Creating Solutions for the small and medium business computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com Blog: http://www.pdscc.com/blog (604) 739-3709 (voice) From ms-list at alexb.ch Fri May 27 17:02:48 2011 From: ms-list at alexb.ch (Alex Broens) Date: Fri May 27 17:03:01 2011 Subject: 2 questions different SA scores for outbound vs inbound and best ldap/AD connector for postfix In-Reply-To: <20110527154956.CF4CD5A1C81@sinclaire.sibble.net> References: <20110527154956.CF4CD5A1C81@sinclaire.sibble.net> Message-ID: <4DDFCB28.6070101@alexb.ch> On 2011-05-27 17:49, Harondel J. Sibble wrote: > Question #2 > > what's the current recommended best AD/LDAP connector for using with Postfix > and Exchange 2010/Windows 2008 R2 AD. > > I've been reviewing the list archives and googling and see there are still a > lot of options in general, but most I've come across so far seem to be > specific to EX2003/2007/Win2k3. > > Customer is happy to pay for a commercial solution. Just looking for the > simplest to deploy/maintain. > LDAP lookups are slow and in case of a dictionary attack it can drive your AD box ot it's knees Use milter-ahead (snertsoft.com) for the best Postfix support. It's worth every penny. I can endorse it, 100% Postfix's " Recipient address verification" is not as flexible but very efective. Alex From alex at vidadigital.com.pa Fri May 27 20:29:34 2011 From: alex at vidadigital.com.pa (Alex Neuman) Date: Fri May 27 20:29:46 2011 Subject: 2 questions different SA scores for outbound vs inbound and best ldap/AD connector for postfix In-Reply-To: <20110527154956.CF4CD5A1C81@sinclaire.sibble.net> References: <20110527154956.CF4CD5A1C81@sinclaire.sibble.net> Message-ID: About question #1, it's definitely possible - although it's not often you find outbound spam unless your users are spammers themselves! spam = %rules-dir%/spam.rules high scoring spam = %rules-dir%/high.scoring.spam.rules spam.rules: # inbound to: *@mydomain.com 4 # outbound fromorto: default 7 high.scoring.spam.rules: # inbound to: *@mydomain.com 7 # outbound fromorto: default 12 Reload MailScanner and it should pick up. PS: Please don't email back saying it didn't work because you copied it verbatim. This is just an example, read the docs and make sure you know what every parameter does. On Fri, May 27, 2011 at 10:49 AM, Harondel J. Sibble wrote: > Question #1 > > Is there a way to assign different spam score requirements to inbound vs > outbound mail? I see in the list archives instructions for disabling > outbound SA scoring, but not for different directional scores. > > Basically want > > Inbound > spam = 4 > high scoring spam = 7 > > outbound > spam = 7 > high scoring spam = 12 > > Can someone point me to instructions on how to make this work or let me > know > if it's not even possible? > > Question #2 > > what's the current recommended best AD/LDAP connector for using with > Postfix > and Exchange 2010/Windows 2008 R2 AD. > > I've been reviewing the list archives and googling and see there are still > a > lot of options in general, but most I've come across so far seem to be > specific to EX2003/2007/Win2k3. > > Customer is happy to pay for a commercial solution. Just looking for the > simplest to deploy/maintain. > > -- > Harondel J. Sibble > Sibble Computer Consulting > Creating Solutions for the small and medium business computer user. > help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com > Blog: http://www.pdscc.com/blog > (604) 739-3709 (voice) > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110527/b3926102/attachment.html From maxsec at gmail.com Fri May 27 21:00:24 2011 From: maxsec at gmail.com (Martin Hepworth) Date: Fri May 27 21:00:33 2011 Subject: 2 questions different SA scores for outbound vs inbound and best ldap/AD connector for postfix In-Reply-To: References: <20110527154956.CF4CD5A1C81@sinclaire.sibble.net> Message-ID: Also not a great idea to use domains for the outbound checks as many spam use the same from domain as the to domain. Better to use ip address in the from here Martin On Friday, 27 May 2011, Alex Neuman wrote: > About question #1, it's definitely possible - although it's not often you find outbound spam unless your users are spammers themselves! > > spam = %rules-dir%/spam.rules > high scoring spam = %rules-dir%/high.scoring.spam.rules > > spam.rules: > > # inbound > to: *@mydomain.com 4 > # outbound > fromorto: default 7 > > high.scoring.spam.rules: > # inbound > to: *@mydomain.com 7 > # outbound > fromorto: default 12 > > Reload MailScanner and it should pick up. > > PS: Please don't email back saying it didn't work because you copied it verbatim. This is just an example, read the docs and make sure you know what every parameter does. > On Fri, May 27, 2011 at 10:49 AM, Harondel J. Sibble wrote: > > Question #1 > > Is there a way to assign different spam score requirements to inbound vs > outbound mail? ?I see in the list archives instructions for disabling > outbound SA scoring, but not for different directional scores. > > Basically want > > Inbound > spam = 4 > high scoring spam = 7 > > outbound > spam = 7 > high scoring spam = 12 > > Can someone point me to instructions on how to make this work or let me know > if it's not even possible? > > Question #2 > > what's the current recommended best AD/LDAP connector for using with Postfix > and Exchange 2010/Windows 2008 R2 AD. > > I've been reviewing the list archives and googling and see there are still a > lot of options in general, but most I've come across so far seem to be > specific to EX2003/2007/Win2k3. > > Customer is happy to pay for a commercial solution. ?Just looking for the > simplest to deploy/maintain. > > -- > Harondel J. Sibble > Sibble Computer Consulting > Creating Solutions for the small and medium business computer user. > help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com > Blog: http://www.pdscc.com/blog > (604) 739-3709 (voice) > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > > -- > > Alex Neuman van der Hans > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > +507-6781-9505 > +507-832-6725 > +1-440-253-9789 (USA) > > Follow @AlexNeuman on Twitter > http://facebook.com/vidadigital > > > -- -- Martin Hepworth Oxford, UK From alex at vidadigital.com.pa Fri May 27 21:14:37 2011 From: alex at vidadigital.com.pa (Alex Neuman) Date: Fri May 27 21:14:47 2011 Subject: 2 questions different SA scores for outbound vs inbound and best ldap/AD connector for postfix In-Reply-To: References: <20110527154956.CF4CD5A1C81@sinclaire.sibble.net> Message-ID: Good point, though from the fact that he needs to scan outgoing mail suggests his users are not trustworthy - ergo, probably from dynamic IP's. This could be solved by having separate MTA instances running on different IP addresses for local, trusted users vs. nonlocal, non-trustable users. On Fri, May 27, 2011 at 3:00 PM, Martin Hepworth wrote: > Also not a great idea to use domains for the outbound checks as many > spam use the same from domain as the to domain. Better to use ip > address in the from here > > > Martin > On Friday, 27 May 2011, Alex Neuman wrote: > > About question #1, it's definitely possible - although it's not often you > find outbound spam unless your users are spammers themselves! > > > > spam = %rules-dir%/spam.rules > > high scoring spam = %rules-dir%/high.scoring.spam.rules > > > > spam.rules: > > > > # inbound > > to: *@mydomain.com 4 > > # outbound > > fromorto: default 7 > > > > high.scoring.spam.rules: > > # inbound > > to: *@mydomain.com 7 > > # outbound > > fromorto: default 12 > > > > Reload MailScanner and it should pick up. > > > > PS: Please don't email back saying it didn't work because you copied it > verbatim. This is just an example, read the docs and make sure you know what > every parameter does. > > On Fri, May 27, 2011 at 10:49 AM, Harondel J. Sibble < > mailscanner@pdscc.com> wrote: > > > > Question #1 > > > > Is there a way to assign different spam score requirements to inbound vs > > outbound mail? I see in the list archives instructions for disabling > > outbound SA scoring, but not for different directional scores. > > > > Basically want > > > > Inbound > > spam = 4 > > high scoring spam = 7 > > > > outbound > > spam = 7 > > high scoring spam = 12 > > > > Can someone point me to instructions on how to make this work or let me > know > > if it's not even possible? > > > > Question #2 > > > > what's the current recommended best AD/LDAP connector for using with > Postfix > > and Exchange 2010/Windows 2008 R2 AD. > > > > I've been reviewing the list archives and googling and see there are > still a > > lot of options in general, but most I've come across so far seem to be > > specific to EX2003/2007/Win2k3. > > > > Customer is happy to pay for a commercial solution. Just looking for the > > simplest to deploy/maintain. > > > > -- > > Harondel J. Sibble > > Sibble Computer Consulting > > Creating Solutions for the small and medium business computer user. > > help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com > > Blog: http://www.pdscc.com/blog > > (604) 739-3709 (voice) > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > > > > -- > > > > Alex Neuman van der Hans > > Reliant Technologies / Vida Digital > > http://vidadigital.com.pa/ > > > > +507-6781-9505 > > +507-832-6725 > > +1-440-253-9789 (USA) > > > > Follow @AlexNeuman on Twitter > > http://facebook.com/vidadigital > > > > > > > > -- > -- > Martin Hepworth > Oxford, UK > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110527/990b70f9/attachment.html From jonas at vrt.dk Fri May 27 21:37:29 2011 From: jonas at vrt.dk (Jonas) Date: Fri May 27 21:37:48 2011 Subject: Archive server OT In-Reply-To: References: Message-ID: <09F23668E315FD4597C13D73E5123ADF604133@SCTSBS.sct.dk> > Hello All Hi > > This is largely off topic but I think the list users here are probably some of the > most knowledgeable mail admins around > > What I am looking at is a mail archive server(s) ideally it should be set as the > MX server, all mail will arrive on the server be scanned etc as per the usual > mailscanner way of doing things and then archive the mail in some way shape > or form before delivering the mail to the client mail server. > it only has to keep the archive for a few days maybe a week or 2 at the most, > > Are there any products or projects that can do this sort of thing that any of you > may have seen, > > I know there are some commercial hosted products for this sort of thing but > ideally I would like to host this ourselves. > > Any info would be appreciated > We simply use mailwatch for what you need. It can be used as a very basic and ugly webmail experience. It of course do not let the users reply to mails, but they can read them with a little training. It's good enough for us. I'm guessing once Baruwa becomes more mature we will change to that, which probably will or already does offer the same ability to read quarantined/archived mails. Just my 5 cents. Med venlig hilsen / Best regards ? Jonas Akrouh Larsen ? TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S ? Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax:??? 7020 0978 Web: www.techbiz.dk