From glenn.steen at gmail.com Fri Aug 3 09:45:06 2012 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri, 3 Aug 2012 10:45:06 +0200 Subject: Consequences of increasing email size from 16M to 25M In-Reply-To: References: Message-ID: Denis is indeed correct. Uping the limit in Postfix will not affect the size of things being fed into SA. The increase in size will probably only affect clamd, and that marginally. What some people may notice is that really big mail tend to take fairly long time to go through, esoecially on rather busy systems, since they will be handled last, in most cases:-). ( It's not as easy as that, but... Try explain queue theory and MTA priority rule sets to your CEO, and you'll see someone lose interrest really fast;-) Cheers -- -- Glenn Den 20 jul 2012 18:24 skrev "Robert Lopez" : > Thank you to every one who replied. > > Dave and Martin, We do have a file transfer system. > Denis, Thank you, I will trust you are correct and proceed to build a > test system and verify. > > -- > Robert Lopez > Unix Systems Administrator > Central New Mexico Community College (CNM) > 525 Buena Vista SE > Albuquerque, New Mexico 87106 > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120803/01de7bdd/attachment.html From mailscanner at joolee.nl Fri Aug 3 11:38:38 2012 From: mailscanner at joolee.nl (Joolee) Date: Fri, 3 Aug 2012 12:38:38 +0200 Subject: Consequences of increasing email size from 16M to 25M In-Reply-To: References: Message-ID: afaik, there is also a limit to the size of messages handled by Mailscanner at all, this can usually be configured to about 1 MB. All other messages will not be considered spam because even virus spam is always just a few kb. They 'need' to be send by the billions so every byte counts. On 3 August 2012 10:45, Glenn Steen wrote: > Denis is indeed correct. Uping the limit in Postfix will not affect the > size of things being fed into SA. The increase in size will probably only > affect clamd, and that marginally. > What some people may notice is that really big mail tend to take fairly > long time to go through, esoecially on rather busy systems, since they will > be handled last, in most cases:-). ( It's not as easy as that, but... Try > explain queue theory and MTA priority rule sets to your CEO, and you'll see > someone lose interrest really fast;-) > > Cheers > -- > -- Glenn > Den 20 jul 2012 18:24 skrev "Robert Lopez" : > > Thank you to every one who replied. >> >> Dave and Martin, We do have a file transfer system. >> Denis, Thank you, I will trust you are correct and proceed to build a >> test system and verify. >> >> -- >> Robert Lopez >> Unix Systems Administrator >> Central New Mexico Community College (CNM) >> 525 Buena Vista SE >> Albuquerque, New Mexico 87106 >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120803/1acd20ba/attachment.html From kkobb at skylinecorp.com Tue Aug 7 18:22:31 2012 From: kkobb at skylinecorp.com (Kevin Kobb) Date: Tue, 7 Aug 2012 13:22:31 -0400 Subject: Clam update problems Message-ID: <009c01cd74c1$3a0ad130$ae207390$@skylinecorp.com> Has anybody been having problems with ClamAV updates that came out today? I started getting a bunch of false positives and errors this morning, and finally had turn of virus scanning in MailScanner.conf to get messages to flow. From jlarsen at richweb.com Tue Aug 7 19:13:50 2012 From: jlarsen at richweb.com (C. Jon Larsen) Date: Tue, 7 Aug 2012 14:13:50 -0400 (EDT) Subject: Clam update problems In-Reply-To: <009c01cd74c1$3a0ad130$ae207390$@skylinecorp.com> References: <009c01cd74c1$3a0ad130$ae207390$@skylinecorp.com> Message-ID: On Tue, 7 Aug 2012, Kevin Kobb wrote: > Has anybody been having problems with ClamAV updates that came out > today? if you are using 3rd party rulesets like Malware block list, you will find that in mbl.ndb if you have a rule for MBL_312128 it is causing a lot of FPs. Forcing a fresh download of the file fixed the problems for me. Just finished tracking this down a few minutes ago. > I started getting a bunch of false positives and errors this morning, > and finally had turn of virus scanning in MailScanner.conf to get > messages to flow. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From steveb_clamav at sanesecurity.com Tue Aug 7 19:38:34 2012 From: steveb_clamav at sanesecurity.com (Steve Basford) Date: Tue, 7 Aug 2012 19:38:34 +0100 Subject: Clam update problems In-Reply-To: <009c01cd74c1$3a0ad130$ae207390$@skylinecorp.com> References: <009c01cd74c1$3a0ad130$ae207390$@skylinecorp.com> Message-ID: <8a017a0d3af5111f7a959abf1864a509.squirrel@sanesecurity.com> > Has anybody been having problems with ClamAV updates that came out > today? > > I started getting a bunch of false positives and errors this morning, > and finally had turn of virus scanning in MailScanner.conf to get > messages to flow. If you are using unofficial sigs... Just had a report that MBL_303159 is giving mass FP's (a bad signature) SO, if you are using MBL ones... something like this will help... printf > ignoresigs.ign2 MBL_303159 copy the ignoresigs.ign2 file to clamav db directory and restart clamd As the MBL ones aren't distributed or produced by me, I can't really do much more that add an updated .ign2 file to the mirrors :( Cheers, Steve Sanesecurity From kkobb at skylinecorp.com Tue Aug 7 20:44:41 2012 From: kkobb at skylinecorp.com (Kevin Kobb) Date: Tue, 7 Aug 2012 15:44:41 -0400 Subject: Clam update problems In-Reply-To: <8a017a0d3af5111f7a959abf1864a509.squirrel@sanesecurity.com> References: <009c01cd74c1$3a0ad130$ae207390$@skylinecorp.com> <8a017a0d3af5111f7a959abf1864a509.squirrel@sanesecurity.com> Message-ID: <00ac01cd74d5$16908b00$43b1a100$@skylinecorp.com> Yes, MBL_303159 was the one I seemed to be seeing and I had a local.ign2 that I added it too. I hadn't heard of a ignoresigs.ign2 file before, so I assume they are equivalent? Thanks. -----Original Message----- From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steve Basford Sent: Tuesday, August 07, 2012 2:39 PM To: MailScanner discussion Subject: Re: Clam update problems > Has anybody been having problems with ClamAV updates that came out > today? > > I started getting a bunch of false positives and errors this morning, > and finally had turn of virus scanning in MailScanner.conf to get > messages to flow. If you are using unofficial sigs... Just had a report that MBL_303159 is giving mass FP's (a bad signature) SO, if you are using MBL ones... something like this will help... printf > ignoresigs.ign2 MBL_303159 copy the ignoresigs.ign2 file to clamav db directory and restart clamd As the MBL ones aren't distributed or produced by me, I can't really do much more that add an updated .ign2 file to the mirrors :( Cheers, Steve Sanesecurity -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From info at paully.co.uk Wed Aug 8 16:18:01 2012 From: info at paully.co.uk (Paul Littlefield) Date: Wed, 08 Aug 2012 16:18:01 +0100 Subject: MailScanner to Dovecot LDA Message-ID: <50228329.8020603@paully.co.uk> Hi Folks I would like to be able to perform the following steps in the mail process:- Fetchmail > Sendmail + MailScanner > Dovecot LDA > Virtual User Maildir Is this possible? Does anyone else use this setup? I currently have the following "alternatives" working (so I am nearly there!) 1. Fetchmail > Sendmail + MailScanner > Procmail > System User Maildir 2. Fetchmail > Dovecot LDA > Virtual User Maildir Thanks :-) Paully From maxsec at gmail.com Wed Aug 8 17:12:32 2012 From: maxsec at gmail.com (Martin Hepworth) Date: Wed, 8 Aug 2012 17:12:32 +0100 Subject: MailScanner to Dovecot LDA In-Reply-To: <50228329.8020603@paully.co.uk> References: <50228329.8020603@paully.co.uk> Message-ID: Well it's really just a matter of getting Sendmail to talk to Dovecot. MailScanner just does what it says, scans email. It's not involved with the mail delivery process at all and just sits in between two MTA queues (sendmail/exim/..) and passes email from queue to the other., -- Martin Hepworth, CISSP Oxford, UK On 8 August 2012 16:18, Paul Littlefield wrote: > Hi Folks > > I would like to be able to perform the following steps in the mail > process:- > > Fetchmail > Sendmail + MailScanner > Dovecot LDA > Virtual User Maildir > > Is this possible? > > Does anyone else use this setup? > > I currently have the following "alternatives" working (so I am nearly > there!) > > 1. Fetchmail > Sendmail + MailScanner > Procmail > System User Maildir > > 2. Fetchmail > Dovecot LDA > Virtual User Maildir > > Thanks > > :-) > > Paully > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120808/b31d6f9e/attachment.html From dave at KD0YU.COM Wed Aug 8 18:08:35 2012 From: dave at KD0YU.COM (Dave Helton) Date: Wed, 8 Aug 2012 12:08:35 -0500 Subject: MailScanner to Dovecot LDA In-Reply-To: <50228329.8020603@paully.co.uk> References: <50228329.8020603@paully.co.uk> Message-ID: <77F23E6E4DE9084BA33755BA403E53FCF006A053AE@S8.KD0YU.COM> Martin, This may help... http://wiki.dovecot.org/LDA/Sendmail --Dave > Hi Folks > > I would like to be able to perform the following steps in the mail process:- > -- This message has been scanned for viruses and dangerous content by MailScanner at KD0YU.COM, and is believed to be clean. From simon at kmun.gov.kw Thu Aug 9 06:52:40 2012 From: simon at kmun.gov.kw (simon at kmun.gov.kw) Date: Thu, 9 Aug 2012 08:52:40 +0300 Subject: additonal antivirus support for MailScanner Message-ID: Dear All, I have installed MailScanner and its working fine with clamav I would like to install additional antivirus support for MS which are the free packages I can use was looking at bit defender but could not get some good documentation. appreciate if someone could advise and some links for download regards simon -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From info at paully.co.uk Thu Aug 9 09:56:24 2012 From: info at paully.co.uk (Paul Littlefield) Date: Thu, 09 Aug 2012 09:56:24 +0100 Subject: MailScanner to Dovecot LDA In-Reply-To: <77F23E6E4DE9084BA33755BA403E53FCF006A053AE@S8.KD0YU.COM> References: <50228329.8020603@paully.co.uk> <77F23E6E4DE9084BA33755BA403E53FCF006A053AE@S8.KD0YU.COM> Message-ID: <50237B38.3070508@paully.co.uk> On 08/08/12 18:08, Dave Helton wrote: > This may help... > http://wiki.dovecot.org/LDA/Sendmail Thanks Dave. I am trying that... 2 hours spent so far... the documentation for these things is "not the best". If I can crack it, I will post my nice step by step instructions with code output. :-/ Paully From info at paully.co.uk Thu Aug 9 10:01:36 2012 From: info at paully.co.uk (Paul Littlefield) Date: Thu, 09 Aug 2012 10:01:36 +0100 Subject: MailScanner to Dovecot LDA In-Reply-To: References: <50228329.8020603@paully.co.uk> Message-ID: <50237C70.1020705@paully.co.uk> On 08/08/12 17:12, Martin Hepworth wrote: > Well it's really just a matter of getting Sendmail to talk to Dovecot. Yes... it's written in the Wiki... it's in Google, but getting it to actually work for me though... ;-) > MailScanner just does what it says, scans email. It's not involved with the mail delivery process at all and just sits in between two MTA queues (sendmail/exim/..) and passes email from queue to the other. Thanks for that explanation. I hope to crack it today. Maybe. Paully From maxsec at gmail.com Thu Aug 9 10:54:09 2012 From: maxsec at gmail.com (Martin Hepworth) Date: Thu, 9 Aug 2012 10:54:09 +0100 Subject: MailScanner to Dovecot LDA In-Reply-To: <50237C70.1020705@paully.co.uk> References: <50228329.8020603@paully.co.uk> <50237C70.1020705@paully.co.uk> Message-ID: Best way to get started is to ignore MailScanner for the moment Get sendmail just passing emails through and deliverying them. then you can split the setup into the 'incoming sendmail' -> MailScanner -> 'outgoing sendmail' -- Martin Hepworth, CISSP Oxford, UK On 9 August 2012 10:01, Paul Littlefield wrote: > On 08/08/12 17:12, Martin Hepworth wrote: > > Well it's really just a matter of getting Sendmail to talk to Dovecot. > > Yes... it's written in the Wiki... it's in Google, but getting it to > actually work for me though... ;-) > > > MailScanner just does what it says, scans email. It's not involved with > the mail delivery process at all and just sits in between two MTA queues > (sendmail/exim/..) and passes email from queue to the other. > > Thanks for that explanation. I hope to crack it today. > > Maybe. > > Paully > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120809/0f4f2c15/attachment.html From info at paully.co.uk Thu Aug 9 13:02:16 2012 From: info at paully.co.uk (Paul Littlefield) Date: Thu, 09 Aug 2012 13:02:16 +0100 Subject: MailScanner to Dovecot LDA In-Reply-To: References: <50228329.8020603@paully.co.uk> <50237C70.1020705@paully.co.uk> Message-ID: <5023A6C8.3010009@paully.co.uk> On 09/08/12 10:54, Martin Hepworth wrote: > Best way to get started is to ignore MailScanner for the moment > Get sendmail just passing emails through and delivering them. > then you can split the setup into the 'incoming sendmail' -> MailScanner -> 'outgoing sendmail' Hi Martin Thanks for the reply. Yes, I am trying your suggestion... but no joy so far! I will keep pressing on, and posts my results here every hour:- http://wiki.indie-it.com/index.php?title=Dovecot I have to add that (on the same test server) I have successfully managed to get Fetchmail > Dovecot LDA > Virtual Users working, so I know Dovecot is sound. My conf for Sendmail is obviously wrong... :-/ Paully From maxsec at gmail.com Thu Aug 9 14:34:31 2012 From: maxsec at gmail.com (Martin Hepworth) Date: Thu, 9 Aug 2012 14:34:31 +0100 Subject: MailScanner to Dovecot LDA In-Reply-To: <5023A6C8.3010009@paully.co.uk> References: <50228329.8020603@paully.co.uk> <50237C70.1020705@paully.co.uk> <5023A6C8.3010009@paully.co.uk> Message-ID: why not ask on the dovecot lists if you're struggling with getting that setup.. -- Martin Hepworth, CISSP Oxford, UK On 9 August 2012 13:02, Paul Littlefield wrote: > On 09/08/12 10:54, Martin Hepworth wrote: > > Best way to get started is to ignore MailScanner for the moment > > Get sendmail just passing emails through and delivering them. > > then you can split the setup into the 'incoming sendmail' -> MailScanner > -> 'outgoing sendmail' > > Hi Martin > > Thanks for the reply. > > Yes, I am trying your suggestion... but no joy so far! > > I will keep pressing on, and posts my results here every hour:- > > http://wiki.indie-it.com/index.php?title=Dovecot > > I have to add that (on the same test server) I have successfully managed > to get Fetchmail > Dovecot LDA > Virtual Users working, so I know Dovecot > is sound. > > My conf for Sendmail is obviously wrong... > > :-/ > > Paully > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120809/15ad0cfb/attachment.html From dave at KD0YU.COM Thu Aug 9 15:04:34 2012 From: dave at KD0YU.COM (Dave Helton) Date: Thu, 9 Aug 2012 09:04:34 -0500 Subject: MailScanner to Dovecot LDA In-Reply-To: <5023A6C8.3010009@paully.co.uk> References: <50228329.8020603@paully.co.uk> <50237C70.1020705@paully.co.uk> <5023A6C8.3010009@paully.co.uk> Message-ID: <77F23E6E4DE9084BA33755BA403E53FCF006A053B1@S8.KD0YU.COM> Paul, (I replied earlier to Martin instead of you... sorry Martin ;) A quick look at your post... not having tested this or anything. But, isn't mailertable suppose to be "mailer:domain" and not "mailer:user" I believe it should be "dovecot:localhost" and let dovecot accept and forward the mail to the virtual user based on the To: address. I could be totally wrong on this. --Dave > -----Original Message----- > From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner- > bounces at lists.mailscanner.info] On Behalf Of Paul Littlefield > Sent: Thursday, August 09, 2012 7:02 AM > To: MailScanner discussion > Subject: Re: MailScanner to Dovecot LDA > > On 09/08/12 10:54, Martin Hepworth wrote: > > Best way to get started is to ignore MailScanner for the moment Get > > sendmail just passing emails through and delivering them. > > then you can split the setup into the 'incoming sendmail' -> MailScanner -> > 'outgoing sendmail' > > Hi Martin > > Thanks for the reply. > > Yes, I am trying your suggestion... but no joy so far! > > I will keep pressing on, and posts my results here every hour:- > > http://wiki.indie-it.com/index.php?title=Dovecot > > I have to add that (on the same test server) I have successfully managed to > get Fetchmail > Dovecot LDA > Virtual Users working, so I know Dovecot is > sound. > > My conf for Sendmail is obviously wrong... > > :-/ > > Paully > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner at KD0YU.COM, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner at KD0YU.COM, and is believed to be clean. From dave at KD0YU.COM Thu Aug 9 15:45:16 2012 From: dave at KD0YU.COM (Dave Helton) Date: Thu, 9 Aug 2012 09:45:16 -0500 Subject: MailScanner to Dovecot LDA In-Reply-To: <77F23E6E4DE9084BA33755BA403E53FCF006A053B1@S8.KD0YU.COM> References: <50228329.8020603@paully.co.uk> <50237C70.1020705@paully.co.uk> <5023A6C8.3010009@paully.co.uk> <77F23E6E4DE9084BA33755BA403E53FCF006A053B1@S8.KD0YU.COM> Message-ID: <77F23E6E4DE9084BA33755BA403E53FCF006A053B2@S8.KD0YU.COM> /me attempts to engage brain before fingers > -----Original Message----- > From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner- > bounces at lists.mailscanner.info] On Behalf Of Dave Helton > Sent: Thursday, August 09, 2012 9:05 AM > To: MailScanner discussion > Subject: RE: MailScanner to Dovecot LDA > > Paul, > > (I replied earlier to Martin instead of you... sorry Martin ;) > > A quick look at your post... not having tested this or anything. > But, isn't mailertable suppose to be "mailer:domain" and not "mailer:user" "mailer:host" not "mailer:domain" so your mailertable should look like: littlefield.org.uk dovecot:localhost since the virtual users are still local to this box. > > I believe it should be "dovecot:localhost" and let dovecot accept and forward > the mail to the virtual user based on the To: address. > > I could be totally wrong on this. maybe not > > --Dave > > > -----Original Message----- > > From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner- > > bounces at lists.mailscanner.info] On Behalf Of Paul Littlefield > > Sent: Thursday, August 09, 2012 7:02 AM > > To: MailScanner discussion > > Subject: Re: MailScanner to Dovecot LDA > > > > On 09/08/12 10:54, Martin Hepworth wrote: > > > Best way to get started is to ignore MailScanner for the moment Get > > > sendmail just passing emails through and delivering them. > > > then you can split the setup into the 'incoming sendmail' -> > > > MailScanner -> > > 'outgoing sendmail' > > > > Hi Martin > > > > Thanks for the reply. > > > > Yes, I am trying your suggestion... but no joy so far! > > > > I will keep pressing on, and posts my results here every hour:- > > > > http://wiki.indie-it.com/index.php?title=Dovecot > > > > I have to add that (on the same test server) I have successfully > > managed to get Fetchmail > Dovecot LDA > Virtual Users working, so I > > know Dovecot is sound. > > > > My conf for Sendmail is obviously wrong... > > > > :-/ > > > > Paully > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > This message has been scanned for viruses and dangerous content by > > MailScanner at KD0YU.COM, and is believed to be clean. > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner at KD0YU.COM, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner at KD0YU.COM, and is believed to be clean. From info at paully.co.uk Thu Aug 9 16:08:54 2012 From: info at paully.co.uk (Paul Littlefield) Date: Thu, 09 Aug 2012 16:08:54 +0100 Subject: MailScanner to Dovecot LDA In-Reply-To: References: <50228329.8020603@paully.co.uk> <50237C70.1020705@paully.co.uk> <5023A6C8.3010009@paully.co.uk> Message-ID: <5023D286.9050407@paully.co.uk> On 09/08/12 14:34, Martin Hepworth wrote: > why not ask on the dovecot lists if you're struggling with getting that setup. Yes, sorry for cluttering this one, good idea. Paully From info at paully.co.uk Thu Aug 9 16:11:42 2012 From: info at paully.co.uk (Paul Littlefield) Date: Thu, 09 Aug 2012 16:11:42 +0100 Subject: MailScanner to Dovecot LDA In-Reply-To: <77F23E6E4DE9084BA33755BA403E53FCF006A053B1@S8.KD0YU.COM> References: <50228329.8020603@paully.co.uk> <50237C70.1020705@paully.co.uk> <5023A6C8.3010009@paully.co.uk> <77F23E6E4DE9084BA33755BA403E53FCF006A053B1@S8.KD0YU.COM> Message-ID: <5023D32E.3080806@paully.co.uk> On 09/08/12 15:04, Dave Helton wrote: > A quick look at your post... not having tested this or anything. > But, isn't mailertable suppose to be "mailer:domain" and not "mailer:user" > > I believe it should be "dovecot:localhost" and let dovecot accept and forward the > mail to the virtual user based on the To: address. Hi Dave Yes, thanks for that... I am very nearly there! (Dovecot, or Sendmail, keep chopping the domain part of the email address off) Read latest results here: http://wiki.indie-it.com/index.php?title=Dovecot Further to Martin's suggestion, I am going to post on the Dovecot mailing list for this first part with Sendmail, then my come back here if I have trouble with the MailScanner extra bit "in the middle"! Thank to all who replied, and sorry for cluttering the list with the wrong issues! :-/ Paully From ssilva at sgvwater.com Thu Aug 9 16:36:31 2012 From: ssilva at sgvwater.com (Scott Silva) Date: Thu, 09 Aug 2012 08:36:31 -0700 Subject: additonal antivirus support for MailScanner In-Reply-To: References: Message-ID: on 8/8/2012 10:52 PM simon at kmun.gov.kw spake the following: > > Dear All, > > I have installed MailScanner and its working fine with clamav > I would like to install additional antivirus support for MS > > which are the free packages I can use > > was looking at bit defender but could not get some good documentation. > > appreciate if someone could advise and some links for download > > > regards > > > simon > > > > > I do believe that Fprot is still free for personal use, but not business use... AFAIR the free bitdefender is not available anymore, and it was a resource hog when it did work. From info at paully.co.uk Thu Aug 9 16:46:54 2012 From: info at paully.co.uk (Paul Littlefield) Date: Thu, 09 Aug 2012 16:46:54 +0100 Subject: MailScanner to Dovecot LDA In-Reply-To: <5023D32E.3080806@paully.co.uk> References: <50228329.8020603@paully.co.uk> <50237C70.1020705@paully.co.uk> <5023A6C8.3010009@paully.co.uk> <77F23E6E4DE9084BA33755BA403E53FCF006A053B1@S8.KD0YU.COM> <5023D32E.3080806@paully.co.uk> Message-ID: <5023DB6E.5070009@paully.co.uk> On 09/08/12 16:11, Paul Littlefield wrote: > Dovecot, or Sendmail, keeps chopping the domain part of the email address off. Ah... http://wiki2.dovecot.org/DomainLost :-) Paully From info at paully.co.uk Thu Aug 9 17:19:55 2012 From: info at paully.co.uk (Paul Littlefield) Date: Thu, 09 Aug 2012 17:19:55 +0100 Subject: MailScanner to Dovecot LDA In-Reply-To: <5023D32E.3080806@paully.co.uk> References: <50228329.8020603@paully.co.uk> <50237C70.1020705@paully.co.uk> <5023A6C8.3010009@paully.co.uk> <77F23E6E4DE9084BA33755BA403E53FCF006A053B1@S8.KD0YU.COM> <5023D32E.3080806@paully.co.uk> Message-ID: <5023E32B.4000702@paully.co.uk> On 09/08/12 16:11, Paul Littlefield wrote: > I am very nearly there! (Dovecot, or Sendmail, keeps chopping the domain part of the email address off) Yes... done it! It was a combination of sendmail.mc and dovecot.m4 from various web pages. The winning solution (for me) is now written down here:- http://wiki.indie-it.com/index.php?title=Dovecot I will be back another day for the MailScanner part! :-) Paully From cdekievit at gmail.com Mon Aug 13 13:19:25 2012 From: cdekievit at gmail.com (Christian De Kievit) Date: Mon, 13 Aug 2012 22:19:25 +1000 Subject: Problem with insecure dependency while processing message Message-ID: Hi, I'm having trouble with some emails crashing mailscanner with the following output while running /usr/sbin/mailscanner --debug /usr/sbin/MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 1 message. Insecure dependency in open while running with -T switch at /usr/lib/perl/5.12/IO/File.pm line 63. I'm running mailscanner on ubuntu 10.10 and runnig mailscanner --version returns: Running on Linux skynet 3.0.0-15-generic-pae #26-Ubuntu SMP Fri Jan 20 17:07:31 UTC 2012 i686 athlon i386 GNU/Linux This is Perl version 5.012004 (5.12.4) This is MailScanner version 4.84.5 Module versions are: 1.00 AnyDBM_File 1.30 Archive::Zip 0.23 bignum 1.17 Carp 2.024 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.125 Data::Dumper 2.30 Date::Parse 1.03 DirHandle 1.06 Fcntl 2.78 File::Basename 2.18 File::Copy 2.02 FileHandle 2.08_01 File::Path 0.22 File::Temp 0.92 Filesys::Df 3.68 HTML::Entities 3.68 HTML::Parser 3.57 HTML::TokeParser 1.25_02 IO 1.14 IO::File 1.13 IO::Pipe 2.08 Mail::Header 1.89_01 Math::BigInt 0.24 Math::BigRat 3.08 MIME::Base64 5.502 MIME::Decoder 5.502 MIME::Decoder::UU 5.502 MIME::Head 5.502 MIME::Parser 3.08 MIME::QuotedPrint 5.502 MIME::Tools 0.14 Net::CIDR 1.25 Net::IP 0.19 OLE::Storage_Lite 1.04 Pod::Escapes 3.14 Pod::Simple 1.19 POSIX 1.22 Scalar::Util 1.87_01 Socket 2.22 Storable 1.4 Sys::Hostname::Long 0.27 Sys::Syslog missing Test::Pod 0.94 Test::Simple 1.9719 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.54 Archive::Tar 0.23 bignum missing Business::ISBN missing Business::ISBN::Data missing Data::Dump 1.82 DB_File 1.33 DBD::SQLite 1.616 DBI 1.16 Digest 1.03 Digest::HMAC 2.39 Digest::MD5 2.13 Digest::SHA1 missing Encode::Detect 0.17010 Error 0.27 ExtUtils::CBuilder 2.21 ExtUtils::ParseXS 2.38 Getopt::Long missing Inline 1.08 IO::String 1.10 IO::Zlib missing IP::Country missing Mail::ClamAV 3.003002 Mail::SpamAssassin v2.007 Mail::SPF missing Mail::SPF::Query 0.3603 Module::Build 0.21 Net::CIDR::Lite 0.66 Net::DNS missing Net::DNS::Resolver::Programmable 0.4001 Net::LDAP 4.044 NetAddr::IP missing Parse::RecDescent missing SAVI 3.17 Test::Harness missing Test::Manifest 2.02 Text::Balanced 1.58 URI 0.82 version missing YAML Any ideas? Thanks, -- Christian De Kievit -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120813/212cda1b/attachment.html From secmas at gmail.com Thu Aug 16 05:43:38 2012 From: secmas at gmail.com (Sergio) Date: Wed, 15 Aug 2012 22:43:38 -0600 Subject: How to block emails that FROM doesn't belongs to server domain list Message-ID: Hi all, how may I can block and delete any email that is trying to be delivered from the server that the FROM is none of the domains that belongs to the server? Could this be done? Best Regards, Sergio Cabrera -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120815/8355cc44/attachment.html From raymond at prolocation.net Thu Aug 16 06:10:19 2012 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Thu, 16 Aug 2012 07:10:19 +0200 Subject: How to block emails that FROM doesn't belongs to server domain list In-Reply-To: References: Message-ID: <95F23494-B7AF-40C9-A8F3-D9139777AC77@prolocation.net> Hai! Do you mean TO: ? Most FROM: on mails are not yourselve i guess. Thanks, Raymond Dijkxhoorn, Prolocation Op 16 aug. 2012 om 06:43 heeft Sergio het volgende geschreven: > Hi all, > how may I can block and delete any email that is trying to be delivered from the server that the FROM is none of the domains that belongs to the server? > > Could this be done? > > Best Regards, > > Sergio Cabrera > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From maxsec at gmail.com Thu Aug 16 06:19:49 2012 From: maxsec at gmail.com (Martin Hepworth) Date: Thu, 16 Aug 2012 06:19:49 +0100 Subject: How to block emails that FROM doesn't belongs to server domain list In-Reply-To: References: Message-ID: Best to do on the smtp server as youve already asked on the exim list. On Thursday, 16 August 2012, Sergio wrote: > Hi all, > how may I can block and delete any email that is trying to be delivered > from the server that the FROM is none of the domains that belongs to the > server? > > Could this be done? > > Best Regards, > > Sergio Cabrera > -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120816/6e5a6263/attachment.html From rob.verduijn at gmail.com Thu Aug 16 09:10:46 2012 From: rob.verduijn at gmail.com (Rob Verduijn) Date: Thu, 16 Aug 2012 10:10:46 +0200 Subject: How to block emails that FROM doesn't belongs to server domain list In-Reply-To: References: Message-ID: Hello, If you mean mails that fake sending from your domain to your domain (or anywhere else) you might wanna look into dns ptr records. It's a simple trick that allows the receiver to perform a dns lookup on the sending mail server to verify if it's one of the valid mail servers for that domain. It's not foolproof since the receiving end has to do this, but if the receiving end is you it works like a charm :) With ptr dns records you will no longer receive mails from a sender that claims to be from your domain, and a lot of other mail servers who have their ptr record defined as well. I know google uses it since I forgot a mailserver in the dns ptr record once, and it started rejecting all the mail from that specific mail server. Rob 2012/8/16 Sergio : > Hi all, > how may I can block and delete any email that is trying to be delivered from > the server that the FROM is none of the domains that belongs to the server? > > Could this be done? > > Best Regards, > > Sergio Cabrera > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From rob.verduijn at gmail.com Thu Aug 16 09:17:28 2012 From: rob.verduijn at gmail.com (Rob Verduijn) Date: Thu, 16 Aug 2012 10:17:28 +0200 Subject: How to block emails that FROM doesn't belongs to server domain list In-Reply-To: References: Message-ID: Oops ... need to wake up here. replace ptr with spf I meant spf records (sender policy framework) duh.... http://www.openspf.org/SPF_Record_Syntax Rob 2012/8/16 Rob Verduijn : > Hello, > > If you mean mails that fake sending from your domain to your domain > (or anywhere else) you might wanna look into dns ptr records. > It's a simple trick that allows the receiver to perform a dns lookup > on the sending mail server to verify if it's one of the valid mail > servers for that domain. > > It's not foolproof since the receiving end has to do this, but if the > receiving end is you it works like a charm :) > > With ptr dns records you will no longer receive mails from a sender > that claims to be from your domain, and a lot of other mail servers > who have their ptr record defined as well. > > I know google uses it since I forgot a mailserver in the dns ptr > record once, and it started rejecting all the mail from that specific > mail server. > > Rob > > > > > 2012/8/16 Sergio : >> Hi all, >> how may I can block and delete any email that is trying to be delivered from >> the server that the FROM is none of the domains that belongs to the server? >> >> Could this be done? >> >> Best Regards, >> >> Sergio Cabrera >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> From raymond at prolocation.net Thu Aug 16 09:34:14 2012 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Thu, 16 Aug 2012 10:34:14 +0200 (CEST) Subject: How to block emails that FROM doesn't belongs to server domain list In-Reply-To: References: Message-ID: Hi! > If you mean mails that fake sending from your domain to your domain > (or anywhere else) you might wanna look into dns ptr records. > It's a simple trick that allows the receiver to perform a dns lookup > on the sending mail server to verify if it's one of the valid mail > servers for that domain. SPF? > It's not foolproof since the receiving end has to do this, but if the > receiving end is you it works like a charm :) > > With ptr dns records you will no longer receive mails from a sender > that claims to be from your domain, and a lot of other mail servers > who have their ptr record defined as well. > > I know google uses it since I forgot a mailserver in the dns ptr > record once, and it started rejecting all the mail from that specific > mail server. Anyway its a non MailScanner discussion so i suggest to move this elsewhere. Bye, Raymond. From info at paully.co.uk Thu Aug 16 10:14:47 2012 From: info at paully.co.uk (Paul Littlefield) Date: Thu, 16 Aug 2012 10:14:47 +0100 Subject: How to block emails that FROM doesn't belongs to server domain list In-Reply-To: References: Message-ID: <502CBA07.6090708@paully.co.uk> On 16/08/12 09:17, Rob Verduijn wrote: > I meant spf records (sender policy framework) That's a good idea Rob. I have just done a quick Google for spf +bind and cannot find a nice example. Any thoughts? Paully From rob.verduijn at gmail.com Thu Aug 16 13:27:58 2012 From: rob.verduijn at gmail.com (Rob Verduijn) Date: Thu, 16 Aug 2012 14:27:58 +0200 Subject: How to block emails that FROM doesn't belongs to server domain list In-Reply-To: <502CBA07.6090708@paully.co.uk> References: <502CBA07.6090708@paully.co.uk> Message-ID: add this to your dns configuration adjust for your own environment. example.com. TXT "v=spf1 a:mail.example.com -all" Taken from : http://www.openspf.org/FAQ/Examples It's a bit touch to read through the docs from spf just start here and try to force your way through the docs http://www.openspf.org/ Ofcourse you need to explain mailscanner to check for spf records. I'm not at work this week, so I can't give you a working example right now you will have to wait until next week if you want that. Rob 2012/8/16 Paul Littlefield : > On 16/08/12 09:17, Rob Verduijn wrote: >> I meant spf records (sender policy framework) > > That's a good idea Rob. > > I have just done a quick Google for spf +bind and cannot find a nice example. > > Any thoughts? > > Paully > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From info at paully.co.uk Thu Aug 16 14:29:53 2012 From: info at paully.co.uk (Paul Littlefield) Date: Thu, 16 Aug 2012 14:29:53 +0100 Subject: How to block emails that FROM doesn't belongs to server domain list In-Reply-To: References: <502CBA07.6090708@paully.co.uk> Message-ID: <502CF5D1.1030405@paully.co.uk> On 16/08/12 13:27, Rob Verduijn wrote: > Ofcourse you need to explain mailscanner to check for spf records. > I'm not at work this week, so I can't give you a working example right > now you will have to wait until next week if you want that. Fab, thanks Rob. From glenn.steen at gmail.com Thu Aug 16 14:43:38 2012 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu, 16 Aug 2012 15:43:38 +0200 Subject: How to block emails that FROM doesn't belongs to server domain list In-Reply-To: References: Message-ID: Den 16 aug 2012 07:16 skrev "Sergio" : > > Hi all, > how may I can block and delete any email that is trying to be delivered from the server that the FROM is none of the domains that belongs to the server? > > Could this be done? > > Best Regards, > > Sergio Cabrera > Do you/your orgsnization allow out-of-office or similar autoresponders? That might lead to what you describe... Erroneous bouncing might as well. If it is OoO, and you have to allow that to/from the outside world... You lose. Cheers -- -- Glenn -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120816/2e48216d/attachment.html From secmas at gmail.com Thu Aug 16 21:19:38 2012 From: secmas at gmail.com (Sergio) Date: Thu, 16 Aug 2012 14:19:38 -0600 Subject: How to block emails that FROM doesn't belongs to server domain list In-Reply-To: References: Message-ID: Thank all for your inputs. What happens is this: My server is not Open Relayed and it has SPF and DOMAINKEYS in it and that is working great. The problem is when a hacker has obtained the password from an account, so, it can send emails authenticating with the account that has been compromised. When a hacker has access to an account (I am almost sure that any one on the list has seen this), he sends emails but the FROM is changed to something that is not a domain on the server, that is what I am looking to stop. Maybe a rule that could check that the FROM is not the same as the authenticated domain. Could this be done? Best Regards, Sergio -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120816/bb815fe9/attachment.html From secmas at gmail.com Thu Aug 16 21:25:40 2012 From: secmas at gmail.com (Sergio) Date: Thu, 16 Aug 2012 14:25:40 -0600 Subject: How to block emails that FROM doesn't belongs to server domain list In-Reply-To: References: Message-ID: Thank you Martin, I have not received any input from EXIM list and thought that using an MCP rule or any SA rule, this could be achieved. What I want is to stop compromised accounts from delivering emails. Regards, Sergio On Wed, Aug 15, 2012 at 11:19 PM, Martin Hepworth wrote: > Best to do on the smtp server as youve already asked on the exim list. > > > > On Thursday, 16 August 2012, Sergio wrote: > >> Hi all, >> how may I can block and delete any email that is trying to be delivered >> from the server that the FROM is none of the domains that belongs to the >> server? >> >> Could this be done? >> >> Best Regards, >> >> Sergio Cabrera >> > > > -- > -- > Martin Hepworth, CISSP > Oxford, UK > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120816/a8a97b61/attachment.html From dave at KD0YU.COM Thu Aug 16 22:08:35 2012 From: dave at KD0YU.COM (Dave Helton) Date: Thu, 16 Aug 2012 16:08:35 -0500 Subject: How to block emails that FROM doesn't belongs to server domain list In-Reply-To: References: Message-ID: <77F23E6E4DE9084BA33755BA403E53FCF00AAB2152@S8.KD0YU.COM> Patching the symptoms will not fix the cause. You might call the user if you're a small provider and provide a way for them to change their password. Disable the account login/email and wait for the user to call if there are too many. Chances are their email accounts are not the only thing compromised... I'd want to know. While this may seem like a drastic measure, do what you have to do before your IP's make it to the blacklists. If you have a spammer using an email account, chances are their spam messages are all the same. Learn SpamAssassin rules, start writing a few of them. I could go on... but, the bottom line is you are responsible for these servers. Don't be afraid to pull some strings to protect what's yours. --Dave Helton, KD0YU From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Sergio Sent: Thursday, August 16, 2012 3:20 PM To: MailScanner discussion Subject: Re: How to block emails that FROM doesn't belongs to server domain list Thank all for your inputs. What happens is this: My server is not Open Relayed and it has SPF and DOMAINKEYS in it and that is working great. The problem is when a hacker has obtained the password from an account, so, it can send emails authenticating with the account that has been compromised. When a hacker has access to an account (I am almost sure that any one on the list has seen this), he sends emails but the FROM is changed to something that is not a domain on the server, that is what I am looking to stop. Maybe a rule that could check that the FROM is not the same as the authenticated domain. Could this be done? Best Regards, Sergio ___________________________________________________________________ This message has been scanned for viruses and dangerous content by MailScanner running on mail server KD0YU.COM, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner at KD0YU.COM, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120816/f50a3468/attachment.html From secmas at gmail.com Fri Aug 17 05:19:16 2012 From: secmas at gmail.com (Sergio) Date: Thu, 16 Aug 2012 22:19:16 -0600 Subject: How to block emails that FROM doesn't belongs to server domain list In-Reply-To: <77F23E6E4DE9084BA33755BA403E53FCF00AAB2152@S8.KD0YU.COM> References: <77F23E6E4DE9084BA33755BA403E53FCF00AAB2152@S8.KD0YU.COM> Message-ID: Thank you, Dave. Actually my server is secure in a lot of aspects, but there is nothing you can do for a weak password. Right now my server blocks any IP that is trying to send more than 200 emails in an hour and the IP blocked can be free only after we talk to the customer. If we found that the account was compromised we change the password. But what I am looking is to not even left 200 emails leave the server when they are sent from a compromised account, we want to go one step ahead. By now I have created some MCP rules that delete the emails that the body and/or subject has been used in a compromised account, but I am still looking for something more automatic. Regards, Sergio On Thu, Aug 16, 2012 at 3:08 PM, Dave Helton wrote: > Patching the symptoms will not fix the cause.**** > > ** ** > > You might call the user if you're a small provider and provide a way for > them to change their password.**** > > Disable the account login/email and wait for the user to call if there are > too many.**** > > Chances are their email accounts are not the only thing compromised... I'd > want to know.**** > > ** ** > > While this may seem like a drastic measure, do what you have to do before > your IP's make it to the blacklists.**** > > ** ** > > If you have a spammer using an email account, chances are their spam > messages are all the same.**** > > Learn SpamAssassin rules, start writing a few of them.**** > > ** ** > > I could go on... but, the bottom line is you are responsible for these > servers. Don't be afraid to pull some**** > > strings to protect what's yours.**** > > ** ** > > --Dave Helton, KD0YU**** > > ** ** > > *From:* mailscanner-bounces at lists.mailscanner.info [mailto: > mailscanner-bounces at lists.mailscanner.info] *On Behalf Of *Sergio > *Sent:* Thursday, August 16, 2012 3:20 PM > *To:* MailScanner discussion > *Subject:* Re: How to block emails that FROM doesn't belongs to server > domain list**** > > ** ** > > Thank all for your inputs. > > What happens is this: > My server is not Open Relayed and it has SPF and DOMAINKEYS in it and that > is working great. The problem is when a hacker has obtained the password > from an account, so, it can send emails authenticating with the account > that has been compromised. When a hacker has access to an account (I am > almost sure that any one on the list has seen this), he sends emails but > the FROM is changed to something that is not a domain on the server, that > is what I am looking to stop. > > Maybe a rule that could check that the FROM is not the same as the > authenticated domain. > > Could this be done? > > Best Regards, > > Sergio > > **** > > ___________________________________________________________________ > This message has been scanned for viruses and dangerous content by * > MailScanner* > running on mail server *KD0YU.COM* , and is > believed to be clean. **** > > ___________________________________________________________________ > This message has been scanned for viruses and dangerous content by * > MailScanner* > running on mail server *KD0YU.COM* , and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120816/0c682285/attachment.html From mailscanner at joolee.nl Fri Aug 17 08:18:00 2012 From: mailscanner at joolee.nl (Joolee) Date: Fri, 17 Aug 2012 09:18:00 +0200 Subject: How to block emails that FROM doesn't belongs to server domain list In-Reply-To: References: <77F23E6E4DE9084BA33755BA403E53FCF00AAB2152@S8.KD0YU.COM> Message-ID: With Postfix, you could do this by enforcing client restrictions: http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch On 17 August 2012 06:19, Sergio wrote: > Thank you, Dave. > > Actually my server is secure in a lot of aspects, but there is nothing you > can do for a weak password. > > Right now my server blocks any IP that is trying to send more than 200 > emails in an hour and the IP blocked can be free only after we talk to the > customer. If we found that the account was compromised we change the > password. > > But what I am looking is to not even left 200 emails leave the server > when they are sent from a compromised account, we want to go one step ahead. > > By now I have created some MCP rules that delete the emails that the body > and/or subject has been used in a compromised account, but I am still > looking for something more automatic. > > Regards, > > Sergio > > On Thu, Aug 16, 2012 at 3:08 PM, Dave Helton wrote: > >> Patching the symptoms will not fix the cause.**** >> >> ** ** >> >> You might call the user if you're a small provider and provide a way for >> them to change their password.**** >> >> Disable the account login/email and wait for the user to call if there >> are too many.**** >> >> Chances are their email accounts are not the only thing compromised... >> I'd want to know.**** >> >> ** ** >> >> While this may seem like a drastic measure, do what you have to do before >> your IP's make it to the blacklists.**** >> >> ** ** >> >> If you have a spammer using an email account, chances are their spam >> messages are all the same.**** >> >> Learn SpamAssassin rules, start writing a few of them.**** >> >> ** ** >> >> I could go on... but, the bottom line is you are responsible for these >> servers. Don't be afraid to pull some**** >> >> strings to protect what's yours.**** >> >> ** ** >> >> --Dave Helton, KD0YU**** >> >> ** ** >> >> *From:* mailscanner-bounces at lists.mailscanner.info [mailto: >> mailscanner-bounces at lists.mailscanner.info] *On Behalf Of *Sergio >> *Sent:* Thursday, August 16, 2012 3:20 PM >> *To:* MailScanner discussion >> *Subject:* Re: How to block emails that FROM doesn't belongs to server >> domain list**** >> >> ** ** >> >> Thank all for your inputs. >> >> What happens is this: >> My server is not Open Relayed and it has SPF and DOMAINKEYS in it and >> that is working great. The problem is when a hacker has obtained the >> password from an account, so, it can send emails authenticating with the >> account that has been compromised. When a hacker has access to an account >> (I am almost sure that any one on the list has seen this), he sends emails >> but the FROM is changed to something that is not a domain on the server, >> that is what I am looking to stop. >> >> Maybe a rule that could check that the FROM is not the same as the >> authenticated domain. >> >> Could this be done? >> >> Best Regards, >> >> Sergio >> >> **** >> >> ___________________________________________________________________ >> This message has been scanned for viruses and dangerous content by * >> MailScanner* >> running on mail server *KD0YU.COM* , and is >> believed to be clean. **** >> >> ___________________________________________________________________ >> This message has been scanned for viruses and dangerous content by * >> MailScanner* >> running on mail server *KD0YU.COM* , and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120817/610ea7c1/attachment.html From J.Ede at birchenallhowden.co.uk Mon Aug 20 09:57:36 2012 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Mon, 20 Aug 2012 08:57:36 +0000 Subject: How to block emails that FROM doesn't belongs to server domain list In-Reply-To: References: <77F23E6E4DE9084BA33755BA403E53FCF00AAB2152@S8.KD0YU.COM> Message-ID: <1C11C3876A05214EB4DFE6C1D3EB9CCD0BC9107C@BHL-EXCHANGE.bhl.local> We started using the reject_sender_login_mismatch, but it creates its own headache? If, on exchange for example as its quite common, you set up a forward for a mailbox to an external address then the email is forwarded as from the original sender and not from the user on a domain that should be sending through you and that setting triggers and the email is blocked when it shouldn?t be. From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Joolee Sent: 17 August 2012 08:18 To: MailScanner discussion Subject: Re: How to block emails that FROM doesn't belongs to server domain list With Postfix, you could do this by enforcing client restrictions: http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch On 17 August 2012 06:19, Sergio > wrote: Thank you, Dave. Actually my server is secure in a lot of aspects, but there is nothing you can do for a weak password. Right now my server blocks any IP that is trying to send more than 200 emails in an hour and the IP blocked can be free only after we talk to the customer. If we found that the account was compromised we change the password. But what I am looking is to not even left 200 emails leave the server when they are sent from a compromised account, we want to go one step ahead. By now I have created some MCP rules that delete the emails that the body and/or subject has been used in a compromised account, but I am still looking for something more automatic. Regards, Sergio On Thu, Aug 16, 2012 at 3:08 PM, Dave Helton > wrote: Patching the symptoms will not fix the cause. You might call the user if you're a small provider and provide a way for them to change their password. Disable the account login/email and wait for the user to call if there are too many. Chances are their email accounts are not the only thing compromised... I'd want to know. While this may seem like a drastic measure, do what you have to do before your IP's make it to the blacklists. If you have a spammer using an email account, chances are their spam messages are all the same. Learn SpamAssassin rules, start writing a few of them. I could go on... but, the bottom line is you are responsible for these servers. Don't be afraid to pull some strings to protect what's yours. --Dave Helton, KD0YU From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Sergio Sent: Thursday, August 16, 2012 3:20 PM To: MailScanner discussion Subject: Re: How to block emails that FROM doesn't belongs to server domain list Thank all for your inputs. What happens is this: My server is not Open Relayed and it has SPF and DOMAINKEYS in it and that is working great. The problem is when a hacker has obtained the password from an account, so, it can send emails authenticating with the account that has been compromised. When a hacker has access to an account (I am almost sure that any one on the list has seen this), he sends emails but the FROM is changed to something that is not a domain on the server, that is what I am looking to stop. Maybe a rule that could check that the FROM is not the same as the authenticated domain. Could this be done? Best Regards, Sergio ___________________________________________________________________ This message has been scanned for viruses and dangerous content by MailScanner running on mail server KD0YU.COM, and is believed to be clean. ___________________________________________________________________ This message has been scanned for viruses and dangerous content by MailScanner running on mail server KD0YU.COM, and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120820/3a5eade5/attachment.html From rhartmann at pacificmicrotel.com Tue Aug 21 14:00:18 2012 From: rhartmann at pacificmicrotel.com (Rudi Hartmann - Pacific Micro-Tel) Date: Tue, 21 Aug 2012 06:00:18 -0700 Subject: SBS 2003/Exchange and a Linux Spam Gateway Message-ID: <515517C126430E46B3444AB9653A0D42016775B0@pacserver.pacificmt.com> My company uses Microsoft Small Business Server which is running Exchange 2003 for email services. We have been using a service called Exchange Defender provided to us by a consultant that were getting rid of. Exchange Defender is a service that filters spam and viruses for us. There are just 5 of us using Exchange 2003 with Outlook 2010 as clients. I have a little box that is a Via Epia 15000EG motherboard with 1G of RAM and a 250GB drive. I put Linux Mint 13 Mate 32-bit on it and it works great. I would like to use this little box as an email gateway to filter spam and viruses for the Exchange 2003 server. It would be nice if I could just pop that little box between the Internet and the Exchange server as an appliance to do this. I did some Googling and found SpamAssassin and ClamAV as free products to do this. I am just not clear on how to install them properly on the Linux box and how to configure it. I would like to figure out how to do this myself, because I would learn something valuable and get this service running for myself. Thanks ahead of time. Rudy Rudy Hartmann (951)587-8324 x 213 (714)264-9609 Mobile Setting The Standard My VCF Business Card -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120821/934f6ad3/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 9519 bytes Desc: image001.gif Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120821/934f6ad3/attachment.gif From Sampson at p2sol.com Tue Aug 21 14:59:38 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Tue, 21 Aug 2012 13:59:38 +0000 Subject: SBS 2003/Exchange and a Linux Spam Gateway In-Reply-To: <515517C126430E46B3444AB9653A0D42016775B0@pacserver.pacificmt.com> References: <515517C126430E46B3444AB9653A0D42016775B0@pacserver.pacificmt.com> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663E8C54@COMM1.p2sol.com> Rudy, There are a lot of guides on the net that show you how to install the software and configure it. Here is one that I used http://techsup.corp.networkingtechnology.org/ntforum/index.php?topic=158.0 I hope that it helps. Also not sure if this guide lists this but during your installation there is an error in the software that causes Mail Scanner not to work properly. There is a simple fix to this where you have to add a -U to the end of #!/usr/bin/perl -I/usr/lib/MailScanner -U adding the -U will fix the problem and together it is a very powerful software suite From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Rudi Hartmann - Pacific Micro-Tel Sent: Tuesday, August 21, 2012 8:00 AM To: mailscanner at lists.mailscanner.info Subject: SBS 2003/Exchange and a Linux Spam Gateway My company uses Microsoft Small Business Server which is running Exchange 2003 for email services. We have been using a service called Exchange Defender provided to us by a consultant that were getting rid of. Exchange Defender is a service that filters spam and viruses for us. There are just 5 of us using Exchange 2003 with Outlook 2010 as clients. I have a little box that is a Via Epia 15000EG motherboard with 1G of RAM and a 250GB drive. I put Linux Mint 13 Mate 32-bit on it and it works great. I would like to use this little box as an email gateway to filter spam and viruses for the Exchange 2003 server. It would be nice if I could just pop that little box between the Internet and the Exchange server as an appliance to do this. I did some Googling and found SpamAssassin and ClamAV as free products to do this. I am just not clear on how to install them properly on the Linux box and how to configure it. I would like to figure out how to do this myself, because I would learn something valuable and get this service running for myself. Thanks ahead of time. Rudy [Description: logo] Rudy Hartmann (951)587-8324 x 213 (714)264-9609 Mobile Setting The Standard My VCF Business Card -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120821/692e2617/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 9519 bytes Desc: image001.gif Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120821/692e2617/attachment.gif From rhartmann at pacificmicrotel.com Tue Aug 21 15:49:36 2012 From: rhartmann at pacificmicrotel.com (Rudi Hartmann - Pacific Micro-Tel) Date: Tue, 21 Aug 2012 07:49:36 -0700 Subject: SBS 2003/Exchange and a Linux Spam Gateway In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663E8C54@COMM1.p2sol.com> References: <515517C126430E46B3444AB9653A0D42016775B0@pacserver.pacificmt.com> <4ACB6FBB6E06074DA18D653BD3155A663E8C54@COMM1.p2sol.com> Message-ID: <515517C126430E46B3444AB9653A0D42016775B5@pacserver.pacificmt.com> I haven't even been able to install it on Ubuntu. When I eneter4ed this, I got file not found. wget http://debian.intergenia.de/debian/pool/main/m/mailscanner/mailscanner_4 .68.8-1_all.deb Rudy Hartmann Pacific Micro-Tel (951)587-8324 ext 213 (714)264-9609 Mobile From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Sampson, Aaron Sent: Tuesday, August 21, 2012 7:00 AM To: MailScanner discussion Subject: RE: SBS 2003/Exchange and a Linux Spam Gateway Rudy, There are a lot of guides on the net that show you how to install the software and configure it. Here is one that I used http://techsup.corp.networkingtechnology.org/ntforum/index.php?topic=158 .0 I hope that it helps. Also not sure if this guide lists this but during your installation there is an error in the software that causes Mail Scanner not to work properly. There is a simple fix to this where you have to add a -U to the end of #!/usr/bin/perl -I/usr/lib/MailScanner -U adding the -U will fix the problem and together it is a very powerful software suite From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Rudi Hartmann - Pacific Micro-Tel Sent: Tuesday, August 21, 2012 8:00 AM To: mailscanner at lists.mailscanner.info Subject: SBS 2003/Exchange and a Linux Spam Gateway My company uses Microsoft Small Business Server which is running Exchange 2003 for email services. We have been using a service called Exchange Defender provided to us by a consultant that were getting rid of. Exchange Defender is a service that filters spam and viruses for us. There are just 5 of us using Exchange 2003 with Outlook 2010 as clients. I have a little box that is a Via Epia 15000EG motherboard with 1G of RAM and a 250GB drive. I put Linux Mint 13 Mate 32-bit on it and it works great. I would like to use this little box as an email gateway to filter spam and viruses for the Exchange 2003 server. It would be nice if I could just pop that little box between the Internet and the Exchange server as an appliance to do this. I did some Googling and found SpamAssassin and ClamAV as free products to do this. I am just not clear on how to install them properly on the Linux box and how to configure it. I would like to figure out how to do this myself, because I would learn something valuable and get this service running for myself. Thanks ahead of time. Rudy Rudy Hartmann (951)587-8324 x 213 (714)264-9609 Mobile Setting The Standard My VCF Business Card -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120821/cd99a0e1/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 9519 bytes Desc: image001.gif Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120821/cd99a0e1/attachment.gif From rhartmann at pacificmicrotel.com Tue Aug 21 16:52:57 2012 From: rhartmann at pacificmicrotel.com (Rudi Hartmann - Pacific Micro-Tel) Date: Tue, 21 Aug 2012 08:52:57 -0700 Subject: SBS 2003/Exchange and a Linux Spam Gateway In-Reply-To: <515517C126430E46B3444AB9653A0D42016775B5@pacserver.pacificmt.com> References: <515517C126430E46B3444AB9653A0D42016775B0@pacserver.pacificmt.com><4ACB6FBB6E06074DA18D653BD3155A663E8C54@COMM1.p2sol.com> <515517C126430E46B3444AB9653A0D42016775B5@pacserver.pacificmt.com> Message-ID: <515517C126430E46B3444AB9653A0D42016775C3@pacserver.pacificmt.com> I changed the version to 4.79.11-2.2_all.deb and that installed. But when I tried to do this: dpkg -i mailscanner_4.79.11-2.2_all.deb This is what happened: XXXmachineXXX XXXuserXXX # dpkg -i mailscanner_4.79.11-2.2_all.deb (Reading database ... 153292 files and directories currently installed.) Preparing to replace mailscanner 4.79.11-2.2 (using mailscanner_4.79.11-2.2_all.deb) ... No MailScanner found running; none killed. Unpacking replacement mailscanner ... dpkg: dependency problems prevent configuration of mailscanner: mailscanner depends on exim4 | mail-transport-agent; however: Package exim4 is not installed. Package mail-transport-agent is not installed. mailscanner depends on spamassassin (>= 3.1); however: Package spamassassin is not installed. mailscanner depends on libarchive-zip-perl; however: Package libarchive-zip-perl is not installed. mailscanner depends on libsys-hostname-long-perl; however: Package libsys-hostname-long-perl is not installed. mailscanner depends on libole-storage-lite-perl (>= 0.17); however: Package libole-storage-lite-perl is not installed. mailscanner depends on libnet-dns-perl (>= 0.65); however: Package libnet-dns-perl is not installed. mailscanner depends on libdigest-sha1-perl; however: Package libdigest-sha1-perl is not installed. mailscanner depends on libnet-ip-perl; however: Package libnet-ip-perl is not installed. dpkg: error processing mailscanner (--install): dependency problems - leaving unconfigured Processing triggers for ureadahead ... Processing triggers for man-db ... Errors were encountered while processing: Mailscanner Rudy Hartmann Pacific Micro-Tel (951)587-8324 ext 213 (714)264-9609 Mobile From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Rudi Hartmann - Pacific Micro-Tel Sent: Tuesday, August 21, 2012 7:50 AM To: MailScanner discussion Subject: RE: SBS 2003/Exchange and a Linux Spam Gateway I haven't even been able to install it on Ubuntu. When I eneter4ed this, I got file not found. wget http://debian.intergenia.de/debian/pool/main/m/mailscanner/mailscanner_4 .68.8-1_all.deb Rudy Hartmann Pacific Micro-Tel (951)587-8324 ext 213 (714)264-9609 Mobile From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Sampson, Aaron Sent: Tuesday, August 21, 2012 7:00 AM To: MailScanner discussion Subject: RE: SBS 2003/Exchange and a Linux Spam Gateway Rudy, There are a lot of guides on the net that show you how to install the software and configure it. Here is one that I used http://techsup.corp.networkingtechnology.org/ntforum/index.php?topic=158 .0 I hope that it helps. Also not sure if this guide lists this but during your installation there is an error in the software that causes Mail Scanner not to work properly. There is a simple fix to this where you have to add a -U to the end of #!/usr/bin/perl -I/usr/lib/MailScanner -U adding the -U will fix the problem and together it is a very powerful software suite From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Rudi Hartmann - Pacific Micro-Tel Sent: Tuesday, August 21, 2012 8:00 AM To: mailscanner at lists.mailscanner.info Subject: SBS 2003/Exchange and a Linux Spam Gateway My company uses Microsoft Small Business Server which is running Exchange 2003 for email services. We have been using a service called Exchange Defender provided to us by a consultant that were getting rid of. Exchange Defender is a service that filters spam and viruses for us. There are just 5 of us using Exchange 2003 with Outlook 2010 as clients. I have a little box that is a Via Epia 15000EG motherboard with 1G of RAM and a 250GB drive. I put Linux Mint 13 Mate 32-bit on it and it works great. I would like to use this little box as an email gateway to filter spam and viruses for the Exchange 2003 server. It would be nice if I could just pop that little box between the Internet and the Exchange server as an appliance to do this. I did some Googling and found SpamAssassin and ClamAV as free products to do this. I am just not clear on how to install them properly on the Linux box and how to configure it. I would like to figure out how to do this myself, because I would learn something valuable and get this service running for myself. Thanks ahead of time. Rudy Rudy Hartmann (951)587-8324 x 213 (714)264-9609 Mobile Setting The Standard My VCF Business Card -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120821/a2927445/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 9519 bytes Desc: image001.gif Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120821/a2927445/attachment-0001.gif From stephencoxmail at gmail.com Tue Aug 21 19:47:17 2012 From: stephencoxmail at gmail.com (Stephen Cox) Date: Tue, 21 Aug 2012 20:47:17 +0200 Subject: SBS 2003/Exchange and a Linux Spam Gateway In-Reply-To: <515517C126430E46B3444AB9653A0D42016775C3@pacserver.pacificmt.com> References: <515517C126430E46B3444AB9653A0D42016775B0@pacserver.pacificmt.com> <4ACB6FBB6E06074DA18D653BD3155A663E8C54@COMM1.p2sol.com> <515517C126430E46B3444AB9653A0D42016775B5@pacserver.pacificmt.com> <515517C126430E46B3444AB9653A0D42016775C3@pacserver.pacificmt.com> Message-ID: On Tue, Aug 21, 2012 at 5:52 PM, Rudi Hartmann - Pacific Micro-Tel < rhartmann at pacificmicrotel.com> wrote: > I changed the version to 4.79.11-2.2_all.deb and that installed. But when > I tried to do this:**** > > ** ** > > dpkg -i mailscanner_4.79.11-2.2_all.deb**** > > ** ** > > This is what happened:**** > > ** ** > > XXXmachineXXX XXXuserXXX # dpkg -i mailscanner_4.79.11-2.2_all.deb**** > > (Reading database ... 153292 files and directories currently installed.)** > ** > > Preparing to replace mailscanner 4.79.11-2.2 (using > mailscanner_4.79.11-2.2_all.deb) ...**** > > No MailScanner found running; none killed.**** > > Unpacking replacement mailscanner ...**** > > dpkg: dependency problems prevent configuration of mailscanner:**** > > mailscanner depends on exim4 | mail-transport-agent; however:**** > > Package exim4 is not installed.**** > > Package mail-transport-agent is not installed.**** > > mailscanner depends on spamassassin (>= 3.1); however:**** > > Package spamassassin is not installed.**** > > mailscanner depends on libarchive-zip-perl; however:**** > > Package libarchive-zip-perl is not installed.**** > > mailscanner depends on libsys-hostname-long-perl; however:**** > > Package libsys-hostname-long-perl is not installed.**** > > mailscanner depends on libole-storage-lite-perl (>= 0.17); however:**** > > Package libole-storage-lite-perl is not installed.**** > > mailscanner depends on libnet-dns-perl (>= 0.65); however:**** > > Package libnet-dns-perl is not installed.**** > > mailscanner depends on libdigest-sha1-perl; however:**** > > Package libdigest-sha1-perl is not installed.**** > > mailscanner depends on libnet-ip-perl; however:**** > > Package libnet-ip-perl is not installed.**** > > dpkg: error processing mailscanner (--install):**** > > dependency problems - leaving unconfigured**** > > Processing triggers for ureadahead ...**** > > Processing triggers for man-db ...**** > > Errors were encountered while processing:**** > > Mailscanner**** > > ** > Rudy, Try http://www.baruwa.org/docs/install_debian.html Regards, Stephen > ** > > ** ** > > ** ** > > Rudy Hartmann**** > > Pacific Micro-Tel**** > > (951)587-8324 ext 213**** > > (714)264-9609 Mobile**** > > ** ** > > *From:* mailscanner-bounces at lists.mailscanner.info [mailto: > mailscanner-bounces at lists.mailscanner.info] *On Behalf Of *Rudi Hartmann > - Pacific Micro-Tel > *Sent:* Tuesday, August 21, 2012 7:50 AM > > *To:* MailScanner discussion > *Subject:* RE: SBS 2003/Exchange and a Linux Spam Gateway**** > > ** ** > > I haven?t even been able to install it on Ubuntu. When I eneter4ed this, I > got file not found.**** > > ** ** > > wget > http://debian.intergenia.de/debian/pool/main/m/mailscanner/mailscanner_4.68.8-1_all.deb > **** > > ** ** > > ** ** > > ** ** > > ** ** > > Rudy Hartmann**** > > Pacific Micro-Tel**** > > (951)587-8324 ext 213**** > > (714)264-9609 Mobile**** > > ** ** > > *From:* mailscanner-bounces at lists.mailscanner.info > [mailto:mailscanner-bounces at lists.mailscanner.info] *On Behalf Of *Sampson, > Aaron > *Sent:* Tuesday, August 21, 2012 7:00 AM > *To:* MailScanner discussion > *Subject:* RE: SBS 2003/Exchange and a Linux Spam Gateway**** > > ** ** > > Rudy,**** > > ** ** > > There are a lot of guides on the net that show you how to install the > software and configure it. Here is one that I used > http://techsup.corp.networkingtechnology.org/ntforum/index.php?topic=158.0I hope that it helps. Also not sure if this guide lists this but during > your installation there is an error in the software that causes Mail > Scanner not to work properly. There is a simple fix to this where you have > to add a ?U to the end of #!/usr/bin/perl -I/usr/lib/MailScanner *?U * adding > the ?U will fix the problem and together it is a very powerful software > suite**** > > ** ** > > ** ** > > *From:* mailscanner-bounces at lists.mailscanner.info > [mailto:mailscanner-bounces at lists.mailscanner.info] *On Behalf Of *Rudi > Hartmann - Pacific Micro-Tel > *Sent:* Tuesday, August 21, 2012 8:00 AM > *To:* mailscanner at lists.mailscanner.info > *Subject:* SBS 2003/Exchange and a Linux Spam Gateway**** > > ** ** > > My company uses Microsoft Small Business Server which is running Exchange > 2003 for email services. We have been using a service called Exchange > Defender provided to us by a consultant that were getting rid of. Exchange > Defender is a service that filters spam and viruses for us. There are just > 5 of us using Exchange 2003 with Outlook 2010 as clients. I have a little > box that is a Via Epia 15000EG motherboard with 1G of RAM and a 250GB > drive. I put Linux Mint 13 Mate 32-bit on it and it works great. I would > like to use this little box as an email gateway to filter spam and viruses > for the Exchange 2003 server. It would be nice if I could just pop that > little box between the Internet and the Exchange server as an appliance to > do this. I did some Googling and found SpamAssassin and ClamAV as free > products to do this. I am just not clear on how to install them properly on > the Linux box and how to configure it. > > I would like to figure out how to do this myself, because I would learn > something valuable and get this service running for myself. > > Thanks ahead of time. > > Rudy**** > > ** ** > > [image: Description: logo]**** > > Rudy Hartmann**** > > (951)587-8324 x 213**** > > (714)264-9609 Mobile**** > > Setting The Standard > **** > > My VCF Business Card > **** > > ** ** > > ** ** > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Stephen Cox -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120821/abc99723/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 9519 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120821/abc99723/attachment.gif From sergios at greeklug.gr Tue Aug 21 22:58:37 2012 From: sergios at greeklug.gr (Sergey Tsabolov ( aka linuxman )) Date: Wed, 22 Aug 2012 00:58:37 +0300 Subject: SBS 2003/Exchange and a Linux Spam Gateway In-Reply-To: References: <515517C126430E46B3444AB9653A0D42016775B0@pacserver.pacificmt.com> <4ACB6FBB6E06074DA18D653BD3155A663E8C54@COMM1.p2sol.com> <515517C126430E46B3444AB9653A0D42016775B5@pacserver.pacificmt.com> <515517C126430E46B3444AB9653A0D42016775C3@pacserver.pacificmt.com> Message-ID: <5034048D.4020805@greeklug.gr> Hi Rudi ???? 21/08/2012 09:47 ??, ?/? Stephen Cox ??????: > On Tue, Aug 21, 2012 at 5:52 PM, Rudi Hartmann - Pacific Micro-Tel > > > wrote: > > I changed the version to 4.79.11-2.2_all.deb and that installed. > But when I tried to do this: > > dpkg -i mailscanner_4.79.11-2.2_all.deb > > This is what happened: > > XXXmachineXXX XXXuserXXX # dpkg -i mailscanner_4.79.11-2.2_all.deb > > (Reading database ... 153292 files and directories currently > installed.) > > Preparing to replace mailscanner 4.79.11-2.2 (using > mailscanner_4.79.11-2.2_all.deb) ... > > No MailScanner found running; none killed. > > Unpacking replacement mailscanner ... > > dpkg: dependency problems prevent configuration of mailscanner: > > mailscanner depends on exim4 | mail-transport-agent; however: > > Package exim4 is not installed. > > Package mail-transport-agent is not installed. > > mailscanner depends on spamassassin (>= 3.1); however: > > Package spamassassin is not installed. > > mailscanner depends on libarchive-zip-perl; however: > > Package libarchive-zip-perl is not installed. > > mailscanner depends on libsys-hostname-long-perl; however: > > Package libsys-hostname-long-perl is not installed. > > mailscanner depends on libole-storage-lite-perl (>= 0.17); however: > > Package libole-storage-lite-perl is not installed. > > mailscanner depends on libnet-dns-perl (>= 0.65); however: > > Package libnet-dns-perl is not installed. > > mailscanner depends on libdigest-sha1-perl; however: > > Package libdigest-sha1-perl is not installed. > > mailscanner depends on libnet-ip-perl; however: > > Package libnet-ip-perl is not installed. > > dpkg: error processing mailscanner (--install): > > dependency problems - leaving unconfigured > > Processing triggers for ureadahead ... > > Processing triggers for man-db ... > > Errors were encountered while processing: > > Mailscanner > > > Rudy, > > Try http://www.baruwa.org/docs/install_debian.html > > Regards, > Stephen For testing you can try the Proxmox Mail Gateway Appliance here http://pve.proxmox.com/wiki/Main_Page is ready for install. Regards, Sergios > > Rudy Hartmann > > Pacific Micro-Tel > > (951)587-8324 ext 213 > > (714)264-9609 Mobile > > *From:*mailscanner-bounces at lists.mailscanner.info > > [mailto:mailscanner-bounces at lists.mailscanner.info > ] *On Behalf Of > *Rudi Hartmann - Pacific Micro-Tel > *Sent:* Tuesday, August 21, 2012 7:50 AM > > > *To:* MailScanner discussion > *Subject:* RE: SBS 2003/Exchange and a Linux Spam Gateway > > I haven?t even been able to install it on Ubuntu. When I eneter4ed > this, I got file not found. > > wget > http://debian.intergenia.de/debian/pool/main/m/mailscanner/mailscanner_4.68.8-1_all.deb > > Rudy Hartmann > > Pacific Micro-Tel > > (951)587-8324 ext 213 > > (714)264-9609 Mobile > > *From:*mailscanner-bounces at lists.mailscanner.info > > [mailto:mailscanner-bounces at lists.mailscanner.info] > *On > Behalf Of *Sampson, Aaron > *Sent:* Tuesday, August 21, 2012 7:00 AM > *To:* MailScanner discussion > *Subject:* RE: SBS 2003/Exchange and a Linux Spam Gateway > > Rudy, > > There are a lot of guides on the net that show you how to install > the software and configure it. Here is one that I used > http://techsup.corp.networkingtechnology.org/ntforum/index.php?topic=158.0 > I hope that it helps. Also not sure if this guide lists this but > during your installation there is an error in the software that > causes Mail Scanner not to work properly. There is a simple fix > to this where you have to add a ?U to the end of #!/usr/bin/perl > -I/usr/lib/MailScanner *_?U _* adding the ?U will fix the problem > and together it is a very powerful software suite > > *From:*mailscanner-bounces at lists.mailscanner.info > > [mailto:mailscanner-bounces at lists.mailscanner.info] > *On > Behalf Of *Rudi Hartmann - Pacific Micro-Tel > *Sent:* Tuesday, August 21, 2012 8:00 AM > *To:* mailscanner at lists.mailscanner.info > > *Subject:* SBS 2003/Exchange and a Linux Spam Gateway > > My company uses Microsoft Small Business Server which is running > Exchange 2003 for email services. We have been using a service > called Exchange Defender provided to us by a consultant that were > getting rid of. Exchange Defender is a service that filters spam > and viruses for us. There are just 5 of us using Exchange 2003 > with Outlook 2010 as clients. I have a little box that is a Via > Epia 15000EG motherboard with 1G of RAM and a 250GB drive. I put > Linux Mint 13 Mate 32-bit on it and it works great. I would like > to use this little box as an email gateway to filter spam and > viruses for the Exchange 2003 server. It would be nice if I could > just pop that little box between the Internet and the Exchange > server as an appliance to do this. I did some Googling and found > SpamAssassin and ClamAV as free products to do this. I am just not > clear on how to install them properly on the Linux box and how to > configure it. > > I would like to figure out how to do this myself, because I would > learn something valuable and get this service running for myself. > > Thanks ahead of time. > > Rudy > > Description: logo > > Rudy Hartmann > > (951)587-8324 x 213 > > (714)264-9609 Mobile > > Setting The Standard > > > My VCF Business Card > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > -- > Stephen Cox > > > -- -------------------------------------------------------------------------------------- Don't send me documents in .doc , .docx, .xls, .ppt . , .pptx Send it with ODF format : .odt , .odp , .ods or .pdf . Try to use Open Document Format : http://el.libreoffice.org/ Save you money & use GNU/Linux Distro http://distrowatch.com/ ----------------------------------------------------------------------------------------- First they ignore you, then they ridicule you, then they fight you, then you win!!! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120822/a4d139fb/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 9519 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120822/a4d139fb/attachment.gif From maxsec at gmail.com Wed Aug 22 06:28:15 2012 From: maxsec at gmail.com (Martin Hepworth) Date: Wed, 22 Aug 2012 06:28:15 +0100 Subject: SBS 2003/Exchange and a Linux Spam Gateway In-Reply-To: <5034048D.4020805@greeklug.gr> References: <515517C126430E46B3444AB9653A0D42016775B0@pacserver.pacificmt.com> <4ACB6FBB6E06074DA18D653BD3155A663E8C54@COMM1.p2sol.com> <515517C126430E46B3444AB9653A0D42016775B5@pacserver.pacificmt.com> <515517C126430E46B3444AB9653A0D42016775C3@pacserver.pacificmt.com> <5034048D.4020805@greeklug.gr> Message-ID: Given you're not technical theres a couple of email toaster recipes out there. Might not run on debian, but shouldnt be a promblen to use a diff flavour of O/S Alternatively pay for a hosted solution - for 10 users this would be quite cheap. Martin On Tuesday, 21 August 2012, Sergey Tsabolov ( aka linuxman ) wrote: > Hi Rudi > > ???? 21/08/2012 09:47 ??, ?/? Stephen Cox ??????: > > On Tue, Aug 21, 2012 at 5:52 PM, Rudi Hartmann - Pacific Micro-Tel < > rhartmann at pacificmicrotel.com> wrote: > > I changed the version to 4.79.11-2.2_all.deb and that installed. But > when I tried to do this: > > > > dpkg -i mailscanner_4.79.11-2.2_all.deb > > > > This is what happened: > > > > XXXmachineXXX XXXuserXXX # dpkg -i mailscanner_4.79.11-2.2_all.deb > > (Reading database ... 153292 files and directories currently installed.) > > Preparing to replace mailscanner 4.79.11-2.2 (using > mailscanner_4.79.11-2.2_all.deb) ... > > No MailScanner found running; none killed. > > Unpacking replacement mailscanner ... > > dpkg: dependency problems prevent configuration of mailscanner: > > mailscanner depends on exim4 | mail-transport-agent; however: > > Package exim4 is not installed. > > Package mail-transport-agent is not installed. > > mailscanner depends on spamassassin (>= 3.1); however: > > Package spamassassin is not installed. > > mailscanner depends on libarchive-zip-perl; however: > > Package libarchive-zip-perl is not installed. > > mailscanner depends on libsys-hostname-long-perl; however: > > Package libsys-hostname-long-perl is not installed. > > mailscanner depends on libole-storage-lite-perl (>= 0.17); however: > > Package libole-storage-lite-perl is not installed. > > mailscanner depends on libnet-dns-perl (>= 0.65); however: > > Package libnet-dns-perl is not installed. > > mailscanner depends on libdigest-sha1-perl; however: > > Package libdigest-sha1-perl is not installed. > > mailscanner depends on libnet-ip-perl; however: > > Package libnet-ip-perl is not installed. > > dpkg: error processing mailscanner (--install): > > dependency problems - leaving unconfigured > > Processing triggers for ureadahead ...< > > For testing you can try the Proxmox Mail Gateway Appliance here > http://pve.proxmox.com/wiki/Main_Page is ready for install. > > Regards, > > Sergios > > > > > > > > > > Rudy Hartmann > > Pacific Micro-Tel > > (951)587-8324 ext 213 > > (714)264-9609 Mobile > > > > *From:* mailscanner-bounces at lists.mailscanner.info [mailto: > mailscanner-bounces at lists.mailscanner.info] *On Behalf Of *Rudi Hartmann > - Pacific Micro-Tel > *Sent:* Tuesday, August 21, 2012 7:50 AM > > *To:* MailScanner discussion > *Subject:* RE: SBS 2003/Exchange and a Linux Spam Gateway > > > > I haven?t even been able to install it on Ubuntu. When I eneter4ed this, I > got file not found. > > > > wget > http://debian.intergenia.de/debian/pool/main/m/mailscanner/mailscanner_4.68.8-1_all.deb > > > > > > > > > > Rudy Hartmann > > Pacific Micro-Tel > > (951)587-8324 ext 213 > > (714)264-9609 Mobile > > > > *From:* mailscanner-bounces at lists.mailscanner.info > [mailto:mailscanner-bounces at lists.mailscanner.info] *On Behalf Of *Sampson, > Aaron > *Sent:* Tuesday, August 21, 2012 7:00 AM > *To:* Mai > > -- > -------------------------------------------------------------------------------------- > Don't send me documents in .doc , .docx, .xls, .ppt . , .pptx > Send it with ODF format : .odt , .odp , .ods or .pdf . > Try to use Open Document Format : http://el.libreoffice.org/ > Save you money & use GNU/Linux Distro http://distrowatch.com/ > ----------------------------------------------------------------------------------------- > First they ignore you, then they ridicule you, then they fight you, then you win!!! > > -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120822/6ba0b96f/attachment.html From paul at welshfamily.com Fri Aug 24 01:05:21 2012 From: paul at welshfamily.com (Paul Welsh) Date: Fri, 24 Aug 2012 01:05:21 +0100 Subject: Mailscanner + Exim >= 4.73 Message-ID: Hi all I've spent many hours on this and so thought I'd share my findings in case it proves helpful to anyone else. I'm in the process of configuring centos 6.1, exim 4.76 and mailscanner 4.84.3 on directadmin 1.41.1 and have run into the issue whereby specifying a config file with the -C switch no longer runs exim as root. I copied the setup from a server running much older versions of centos, exim and directadmin and it works fine but this was prior to the changes in exim. I originally used an article at http://www.michele.me/blog/archives/2006/01/installing-mailscanner-on-directadmin-with-exim/ My MailScanner.conf contains the lines: Sendmail = /usr/sbin/exim -C /etc/exim.conf Sendmail2 = /usr/sbin/exim -C /etc/exim_send.conf /etc/exim.conf and /etc/exim_send.conf are both symlinks: # ll /usr/local/exim/configure /usr/local/exim/exim_send.conf lrwxrwxrwx 1 root root 14 Aug 19 23:07 /usr/local/exim/configure -> /etc/exim.conf lrwxrwxrwx 1 root root 19 Aug 19 23:07 /usr/local/exim/exim_send.conf -> /etc/exim_send.conf The problem I found was that both exim instances failed to start from /etc/init.d/MailScanner with entries like this in /var/log/exim/mainlog exim user lost privilege for using -C option I realised this was due to the security changes in exim so recompiled exim from source because the version I was running wasn't built with the new TRUSTED_CONFIG_LIST functionality. I added it and left everything else alone. Note that mail is set as the user for exim but the mail group isn't set. In addition, the CONFIGURE_FILE is set to /etc/exim.conf: # grep trusted_configs /root/exim-4.76/Local/Makefile# grep mail /root/exim-4.76/Local/Makefile EXIM_USER=mail TRUSTED_CONFIG_LIST=/usr/local/exim/trusted_configs # grep exim.conf /root/exim-4.76/Local/Makefile CONFIGURE_FILE=/etc/exim.conf However, this still didn't solve my problem. After much messing about I checked the values being used by the init.d script and found that although it contains the following at the top of the file: EXIM=/usr/sbin/exim EXIMINCF=/etc/exim.conf EXIMSENDCF=/etc/exim_send.conf It then states: # If you are using sendmail, Exim or Postfix, please try to avoid editing # this file. Edit /etc/sysconfig/MailScanner instead. Looking at /etc/sysconfig/MailScanner it contained: # Exim settings # EXIM=/usr/local/exim/bin/exim EXIMINCF=/usr/local/exim/configure # Incoming configuration file EXIMSENDCF=/usr/local/exim/exim_send.conf # Outgoing configuration file So essentially the init.d MailScanner referenced the symlink files and the sysconfig MailScanner script referenced the source of the symlink files. I checked which values were being assigned to the variables prior to execution and what was happening when they were executed by hacking the init.d MailScanner file: if test -x $EXIM ; then echo $EXIM $EXIMINCF $EXIM -C $EXIMINCF -bd # $EXIM -C $EXIMINCF -bd 2> /dev/null if test -x $EXIM ; then echo $EXIM $EXIMSENDCF $EXIM -C $EXIMSENDCF -q15m # $EXIM -C $EXIMSENDCF -q15m 2> /dev/null Here's what I got: # service MailScanner start Starting MailScanner daemons: incoming exim: /usr/local/exim/bin/exim /usr/local/exim/configure -C Permission denied [ OK ] outgoing exim: /usr/local/exim/bin/exim /usr/local/exim/exim_send.conf -C Permission denied [ OK ] MailScanner: [ OK ] Adding: /usr/local/exim/configure /usr/local/exim/exim_send.conf to /usr/local/exim/trusted_configs made no difference. However, I updated the sysconfig MailScanner: EXIMINCF=/etc/exim.conf # Incoming configuration file EXIMSENDCF=/etc/exim_send.conf # Outgoing configuration file Then I ensured that /usr/local/exim/trusted_configs contained: /etc/exim_send.conf After this, exim and MailScanner started OK. Note that I didn't need to have /etc/exim.conf in /usr/local/exim/trusted_configs because it was set as the CONFIGURE_FILE in the exim Makefile. You would not believe how long this has taken me to get working! Regards Paul On 18 February 2011 18:33, Jonas wrote: > You can have something like this: > Sendmail2 = /usr/sbin/exim4 -c /etc/exim4/exim.outgoing.conf > > Then, you have to add this new "shim" configuration file into your exim > trusted_configs file. > > # cat /etc/exim4/trusted_configs > /etc/exim4/exim.outgoing.conf > > And finally, in your exim4.outgoing.conf file, you should define your macro and > then include the standard exim config file. For Debian, it might look something > like this: > > # cat /etc/exim4/exim.outgoing.conf > OUTGOING = 1 > .include /var/lib/exim4/config.autogenerated > > This way, you're still only modifying the one main exim4 configuration file for > all of your needs. I've done it this way (I even use a different macro name), > and it works with the patched exim4 in Lenny. > And I expect it to work as is in Squeeze. From uxbod at splatnix.net Fri Aug 24 13:59:29 2012 From: uxbod at splatnix.net (Phil Daws) Date: Fri, 24 Aug 2012 13:59:29 +0100 (BST) Subject: OT: Mail Archiving for Compliance Message-ID: <565041581.1387526.1345813169734.JavaMail.root@splatnix.net> Apart from MailArchiva (which appears quite expensive per seat now IMHO) any other suggestions on OSS based email archiving solutions ? -- Thanks, Phil -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120824/aae7c35d/attachment.html From ssilva at sgvwater.com Fri Aug 24 17:57:40 2012 From: ssilva at sgvwater.com (Scott Silva) Date: Fri, 24 Aug 2012 09:57:40 -0700 Subject: OT: Mail Archiving for Compliance In-Reply-To: <565041581.1387526.1345813169734.JavaMail.root@splatnix.net> References: <565041581.1387526.1345813169734.JavaMail.root@splatnix.net> Message-ID: on 8/24/2012 5:59 AM Phil Daws spake the following: > Apart from MailArchiva (which appears quite expensive per seat now IMHO) any > other suggestions on OSS based email archiving solutions ? > -- > Thanks, Phil > > > Mailscanner does archiving, but I doubt it would pass compliance unless you very carefully locked it down... As long as you have restricted access to the archive, you might get away with it though... From uxbod at splatnix.net Sat Aug 25 11:26:03 2012 From: uxbod at splatnix.net (Phil Daws) Date: Sat, 25 Aug 2012 11:26:03 +0100 (BST) Subject: OT: Mail Archiving for Compliance In-Reply-To: Message-ID: <987462016.1434880.1345890363155.JavaMail.root@splatnix.net> Thanks Scott. The main aspect is a good front-end to help facilitate eDiscovery and the notification to Data Guardians when a search has been performed. I guess this is why good systems carry a premium :) -- Thanks, Phil ----- Original Message ----- > on 8/24/2012 5:59 AM Phil Daws spake the following: > > Apart from MailArchiva (which appears quite expensive per seat now > > IMHO) any > > other suggestions on OSS based email archiving solutions ? > > -- > > Thanks, Phil > > > > > > > Mailscanner does archiving, but I doubt it would pass compliance > unless you > very carefully locked it down... As long as you have restricted > access to the > archive, you might get away with it though... > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ryan.virgo at gmail.com Mon Aug 27 14:55:07 2012 From: ryan.virgo at gmail.com (Ryan Braganza) Date: Mon, 27 Aug 2012 19:25:07 +0530 Subject: Mail-scanner not able to block exe in zip Message-ID: Dear Users, I have enabled blocking of exe in zip archives by setting the "Maximum Archive Depth = 5" I have a proper exe file wininst-7.1.exe which maybe is some windows setup exe. When i do a file command for this exe i get the below output file wininst-7.1.exe wininst-7.1.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bit If I zip it and mail it, Mailscanner fails to block it and pass's it through. If a create a file with an exe extension file ryan1.exe ryan1.exe: ASCII text Mailscanner is able to block it ..... What could be wrong here ? the version am using is mailscanner-4.84.3-1 -- * _________________________________________________________________________________ * * Someone wrote: "I understand that if you play a Microsoft Windows CD backwards you hear strange Satanic messages" To which someone replied:* * "It's even worse than that; play it forwards and it installs Windows Vista !" _________________________________________________________________________________ * -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120827/0d2d71c2/attachment.html From mailscanner at joolee.nl Mon Aug 27 16:04:14 2012 From: mailscanner at joolee.nl (Joolee) Date: Mon, 27 Aug 2012 17:04:14 +0200 Subject: Mail-scanner not able to block exe in zip In-Reply-To: References: Message-ID: What is the contents of your (archive).filename/filetype.rules.conf ? And do you reference these files from your Mailscanner.conf? And do you zip the ryan1.exe file in your example or did you send that as a plain, non-zipped attachment? On 27 August 2012 15:55, Ryan Braganza wrote: > Dear Users, > > I have enabled blocking of exe in zip archives by setting the "Maximum > Archive Depth = 5" > > I have a proper exe file wininst-7.1.exe which maybe is some windows setup > exe. When i do a file command for this exe i get the below output > > file wininst-7.1.exe > wininst-7.1.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bit > > If I zip it and mail it, Mailscanner fails to block it and pass's it > through. > > If a create a file with an exe extension > > file ryan1.exe > ryan1.exe: ASCII text > > Mailscanner is able to block it ..... > > What could be wrong here ? the version am using is mailscanner-4.84.3-1 > > > > > -- > * > _________________________________________________________________________________ > * > * Someone wrote: > "I understand that if you play a Microsoft Windows CD backwards you hear > strange Satanic messages" > > To which someone replied:* * > "It's even worse than that; play it forwards and it installs Windows Vista > !" > > _________________________________________________________________________________ > * > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120827/2e85cd9a/attachment.html From ryan.virgo at gmail.com Tue Aug 28 04:09:41 2012 From: ryan.virgo at gmail.com (Ryan Braganza) Date: Tue, 28 Aug 2012 08:39:41 +0530 Subject: Mail-scanner not able to block exe in zip In-Reply-To: References: Message-ID: Hi Joolee below are the contents of the files cat archives.filetype.rules.conf allow text - - allow \bscript - - allow archive - - allow postscript - - deny self-extract No self-extracting archives No self-extracting archives allowed deny executable No executables No programs allowed #EXAMPLE: deny - x-dosexec No DOS executables No DOS programs allowed deny ELF No executables No programs allowed deny Registry No Windows Registry entries No Windows Registry files allowed ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ cat archives.filename.rules.conf |grep exe deny pretty\s+park\.exe$ "Pretty Park" virus "Pretty Park" virus deny happy99\.exe$ "Happy" virus "Happy" virus deny \.exe$ Windows/DOS Executable Executable DOS/Windows programs are dangerous in email ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ This is the ref to those files in MailScanner.conf cat MailScanner.conf |grep ^Archives: |grep Rules Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf Archives: Filetype Rules = %etc-dir%/archives.filetype.rules.conf Yes I am zipping the exe files when I send the mail. On Mon, Aug 27, 2012 at 8:34 PM, Joolee wrote: > What is the contents of your (archive).filename/filetype.rules.conf ? And > do you reference these files from your Mailscanner.conf? > > And do you zip the ryan1.exe file in your example or did you send that as > a plain, non-zipped attachment? > > On 27 August 2012 15:55, Ryan Braganza wrote: > >> Dear Users, >> >> I have enabled blocking of exe in zip archives by setting the "Maximum >> Archive Depth = 5" >> >> I have a proper exe file wininst-7.1.exe which maybe is some windows >> setup exe. When i do a file command for this exe i get the below output >> >> file wininst-7.1.exe >> wininst-7.1.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bit >> >> If I zip it and mail it, Mailscanner fails to block it and pass's it >> through. >> >> If a create a file with an exe extension >> >> file ryan1.exe >> ryan1.exe: ASCII text >> >> Mailscanner is able to block it ..... >> >> What could be wrong here ? the version am using is mailscanner-4.84.3-1 >> >> >> >> >> -- >> * >> _________________________________________________________________________________ >> * >> * Someone wrote: >> "I understand that if you play a Microsoft Windows CD backwards you hear >> strange Satanic messages" >> >> To which someone replied:* * >> "It's even worse than that; play it forwards and it installs Windows >> Vista !" >> >> _________________________________________________________________________________ >> * >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- * _________________________________________________________________________________ * * Someone wrote: "I understand that if you play a Microsoft Windows CD backwards you hear strange Satanic messages" To which someone replied:* * "It's even worse than that; play it forwards and it installs Windows Vista !" _________________________________________________________________________________ * -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120828/1470a295/attachment.html From Paul.Bijnens at xplanation.com Tue Aug 28 08:55:33 2012 From: Paul.Bijnens at xplanation.com (Paul Bijnens) Date: Tue, 28 Aug 2012 09:55:33 +0200 Subject: Mail-scanner not able to block exe in zip In-Reply-To: References: Message-ID: <503C7975.8040905@xplanation.com> Is the setting "Max Spam Check Size" maybe excluding your large exe-inside-zip to be slipping through the fishing net? On 2012-08-28 05:09, Ryan Braganza wrote: > Hi Joolee below are the contents of the files > > cat archives.filetype.rules.conf > > allow text - - > allow \bscript - - > allow archive - - > allow postscript - - > deny self-extract No self-extracting archives No self-extracting archives allowed > deny executable No executables No programs allowed > #EXAMPLE: deny - x-dosexec No DOS executables No DOS programs allowed > deny ELF No executables No programs allowed > deny Registry No Windows Registry entries No Windows Registry files allowed > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > cat archives.filename.rules.conf |grep exe > > deny pretty\s+park\.exe$ "Pretty Park" virus "Pretty Park" virus > deny happy99\.exe$ "Happy" virus "Happy" virus > deny \.exe$ Windows/DOS Executable Executable DOS/Windows programs are > dangerous in email > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > This is the ref to those files in MailScanner.conf > > cat MailScanner.conf |grep ^Archives: |grep Rules > > Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf > Archives: Filetype Rules = %etc-dir%/archives.filetype.rules.conf > > Yes I am zipping the exe files when I send the mail. > > > On Mon, Aug 27, 2012 at 8:34 PM, Joolee > wrote: > > What is the contents of your (archive).filename/filetype.rules.conf ? And do you reference these files from your > Mailscanner.conf? > > And do you zip the ryan1.exe file in your example or did you send that as a plain, non-zipped attachment? > > On 27 August 2012 15:55, Ryan Braganza > wrote: > > Dear Users, > > I have enabled blocking of exe in zip archives by setting the "Maximum Archive Depth = 5" > > I have a proper exe file wininst-7.1.exe which maybe is some windows setup exe. When i do a file command for > this exe i get the below output > > file wininst-7.1.exe > wininst-7.1.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bit > > If I zip it and mail it, Mailscanner fails to block it and pass's it through. > > If a create a file with an exe extension > > file ryan1.exe > ryan1.exe: ASCII text > > Mailscanner is able to block it ..... > > What could be wrong here ? the version am using is mailscanner-4.84.3-1 > > > > > -- > *_________________________________________________________________________________ > * > * Someone wrote: > "I understand that if you play a Microsoft Windows CD backwards you hear strange Satanic messages" > > To which someone replied:* * > "It's even worse than that; play it forwards and it installs Windows Vista !" > _________________________________________________________________________________* > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > -- > *_________________________________________________________________________________ > * > * Someone wrote: > "I understand that if you play a Microsoft Windows CD backwards you hear strange Satanic messages" > > To which someone replied:* * > "It's even worse than that; play it forwards and it installs Windows Vista !" > _________________________________________________________________________________* > > > -- Paul Bijnens, Xplanation Tel +32 16 397.525 Interleuvenlaan 86, B-3001 Leuven, BELGIUM Fax +32 16 397.552 *********************************************************************** * I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, ^^, * * quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, ~., * * stop, end, ^]c, +++ ATH, disconnect, halt, abort, hangup, KJOB, * * ^X^X, :D::D, kill -9 1, kill -1 $$, shutdown, init 0, Alt-F4, * * Alt-f-e, Ctrl-Alt-Del, Alt-SysRq-reisub, Stop-A, AltGr-NumLock, ... * * ... "Are you sure?" ... YES ... Phew ... I'm out * *********************************************************************** From mailscanner at joolee.nl Tue Aug 28 11:44:17 2012 From: mailscanner at joolee.nl (Joolee) Date: Tue, 28 Aug 2012 12:44:17 +0200 Subject: Mail-scanner not able to block exe in zip In-Reply-To: <503C7975.8040905@xplanation.com> References: <503C7975.8040905@xplanation.com> Message-ID: As far as i know, this setting only applies to anti-spam features and perhaps virus scans. The other protection functions should ignore this setting. It would be pretty useless to only block executables lower than a certain file size and there is no mention in the rules files. (Although most virus executables are extremely small so they can be send in large volumes.) @Ryan: What is your value of the "File Command" setting? There was a discussion a while ago that this should be set to /path/to/file -i and was set to /path/to/file in older versions of MailScanner. On 28 August 2012 09:55, Paul Bijnens wrote: > > Is the setting "Max Spam Check Size" maybe excluding your large > exe-inside-zip to be slipping through the fishing net? > > > > > On 2012-08-28 05:09, Ryan Braganza wrote: > > Hi Joolee below are the contents of the files > > > > cat archives.filetype.rules.conf > > > > allow text - - > > allow \bscript - - > > allow archive - - > > allow postscript - - > > deny self-extract No self-extracting archives No > self-extracting archives allowed > > deny executable No executables No programs allowed > > #EXAMPLE: deny - x-dosexec No DOS executables No DOS > programs allowed > > deny ELF No executables No programs allowed > > deny Registry No Windows Registry entries No Windows Registry > files allowed > > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > cat archives.filename.rules.conf |grep exe > > > > deny pretty\s+park\.exe$ "Pretty Park" virus "Pretty Park" virus > > deny happy99\.exe$ "Happy" virus "Happy" virus > > deny \.exe$ Windows/DOS Executable > Executable DOS/Windows programs are > > dangerous in email > > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > > > This is the ref to those files in MailScanner.conf > > > > cat MailScanner.conf |grep ^Archives: |grep Rules > > > > Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf > > Archives: Filetype Rules = %etc-dir%/archives.filetype.rules.conf > > > > Yes I am zipping the exe files when I send the mail. > > > > > > On Mon, Aug 27, 2012 at 8:34 PM, Joolee mailscanner at joolee.nl>> wrote: > > > > What is the contents of your (archive).filename/filetype.rules.conf > ? And do you reference these files from your > > Mailscanner.conf? > > > > And do you zip the ryan1.exe file in your example or did you send > that as a plain, non-zipped attachment? > > > > On 27 August 2012 15:55, Ryan Braganza ryan.virgo at gmail.com>> wrote: > > > > Dear Users, > > > > I have enabled blocking of exe in zip archives by setting the > "Maximum Archive Depth = 5" > > > > I have a proper exe file wininst-7.1.exe which maybe is some > windows setup exe. When i do a file command for > > this exe i get the below output > > > > file wininst-7.1.exe > > wininst-7.1.exe: PE32 executable for MS Windows (GUI) Intel > 80386 32-bit > > > > If I zip it and mail it, Mailscanner fails to block it and > pass's it through. > > > > If a create a file with an exe extension > > > > file ryan1.exe > > ryan1.exe: ASCII text > > > > Mailscanner is able to block it ..... > > > > What could be wrong here ? the version am using is > mailscanner-4.84.3-1 > > > > > > > > > > -- > > > *_________________________________________________________________________________ > > * > > * Someone wrote: > > "I understand that if you play a Microsoft Windows CD backwards > you hear strange Satanic messages" > > > > To which someone replied:* * > > "It's even worse than that; play it forwards and it installs > Windows Vista !" > > > _________________________________________________________________________________* > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info mailscanner at lists.mailscanner.info> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info mailscanner at lists.mailscanner.info> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > -- > > > *_________________________________________________________________________________ > > * > > * Someone wrote: > > "I understand that if you play a Microsoft Windows CD backwards you hear > strange Satanic messages" > > > > To which someone replied:* * > > "It's even worse than that; play it forwards and it installs Windows > Vista !" > > > _________________________________________________________________________________* > > > > > > > > > > -- > Paul Bijnens, Xplanation Tel +32 16 397.525 > Interleuvenlaan 86, B-3001 Leuven, BELGIUM Fax +32 16 397.552 > *********************************************************************** > * I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, ^^, * > * quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, ~., * > * stop, end, ^]c, +++ ATH, disconnect, halt, abort, hangup, KJOB, * > * ^X^X, :D::D, kill -9 1, kill -1 $$, shutdown, init 0, Alt-F4, * > * Alt-f-e, Ctrl-Alt-Del, Alt-SysRq-reisub, Stop-A, AltGr-NumLock, ... * > * ... "Are you sure?" ... YES ... Phew ... I'm out * > *********************************************************************** > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120828/cbc6434a/attachment.html From ryan.virgo at gmail.com Tue Aug 28 14:55:14 2012 From: ryan.virgo at gmail.com (Ryan Braganza) Date: Tue, 28 Aug 2012 19:25:14 +0530 Subject: Mail-scanner not able to block exe in zip In-Reply-To: References: <503C7975.8040905@xplanation.com> Message-ID: The File Command in my conf was /usr/bin/file , which I then set to /usr/bin/file -i .. Still no luck, On Tue, Aug 28, 2012 at 4:14 PM, Joolee wrote: > As far as i know, this setting only applies to anti-spam features and > perhaps virus scans. The other protection functions should ignore this > setting. It would be pretty useless to only block executables lower than a > certain file size and there is no mention in the rules files. (Although > most virus executables are extremely small so they can be send in large > volumes.) > > @Ryan: > What is your value of the "File Command" setting? There was a discussion a > while ago that this should be set to /path/to/file -i and was set to > /path/to/file in older versions of MailScanner. > > > On 28 August 2012 09:55, Paul Bijnens wrote: > >> >> Is the setting "Max Spam Check Size" maybe excluding your large >> exe-inside-zip to be slipping through the fishing net? >> >> >> >> >> On 2012-08-28 05:09, Ryan Braganza wrote: >> > Hi Joolee below are the contents of the files >> > >> > cat archives.filetype.rules.conf >> > >> > allow text - - >> > allow \bscript - - >> > allow archive - - >> > allow postscript - - >> > deny self-extract No self-extracting archives No >> self-extracting archives allowed >> > deny executable No executables No programs allowed >> > #EXAMPLE: deny - x-dosexec No DOS executables No DOS >> programs allowed >> > deny ELF No executables No programs allowed >> > deny Registry No Windows Registry entries No Windows Registry >> files allowed >> > >> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >> > cat archives.filename.rules.conf |grep exe >> > >> > deny pretty\s+park\.exe$ "Pretty Park" virus "Pretty Park" virus >> > deny happy99\.exe$ "Happy" virus "Happy" virus >> > deny \.exe$ Windows/DOS Executable >> Executable DOS/Windows programs are >> > dangerous in email >> > >> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >> > >> > This is the ref to those files in MailScanner.conf >> > >> > cat MailScanner.conf |grep ^Archives: |grep Rules >> > >> > Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf >> > Archives: Filetype Rules = %etc-dir%/archives.filetype.rules.conf >> > >> > Yes I am zipping the exe files when I send the mail. >> > >> > >> > On Mon, Aug 27, 2012 at 8:34 PM, Joolee > mailscanner at joolee.nl>> wrote: >> > >> > What is the contents of your (archive).filename/filetype.rules.conf >> ? And do you reference these files from your >> > Mailscanner.conf? >> > >> > And do you zip the ryan1.exe file in your example or did you send >> that as a plain, non-zipped attachment? >> > >> > On 27 August 2012 15:55, Ryan Braganza > ryan.virgo at gmail.com>> wrote: >> > >> > Dear Users, >> > >> > I have enabled blocking of exe in zip archives by setting the >> "Maximum Archive Depth = 5" >> > >> > I have a proper exe file wininst-7.1.exe which maybe is some >> windows setup exe. When i do a file command for >> > this exe i get the below output >> > >> > file wininst-7.1.exe >> > wininst-7.1.exe: PE32 executable for MS Windows (GUI) Intel >> 80386 32-bit >> > >> > If I zip it and mail it, Mailscanner fails to block it and >> pass's it through. >> > >> > If a create a file with an exe extension >> > >> > file ryan1.exe >> > ryan1.exe: ASCII text >> > >> > Mailscanner is able to block it ..... >> > >> > What could be wrong here ? the version am using is >> mailscanner-4.84.3-1 >> > >> > >> > >> > >> > -- >> > >> *_________________________________________________________________________________ >> > * >> > * Someone wrote: >> > "I understand that if you play a Microsoft Windows CD backwards >> you hear strange Satanic messages" >> > >> > To which someone replied:* * >> > "It's even worse than that; play it forwards and it installs >> Windows Vista !" >> > >> _________________________________________________________________________________* >> > >> > >> > -- >> > MailScanner mailing list >> > mailscanner at lists.mailscanner.info > mailscanner at lists.mailscanner.info> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> > >> > >> > >> > -- >> > MailScanner mailing list >> > mailscanner at lists.mailscanner.info > mailscanner at lists.mailscanner.info> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> > >> > >> > >> > >> > -- >> > >> *_________________________________________________________________________________ >> > * >> > * Someone wrote: >> > "I understand that if you play a Microsoft Windows CD backwards you >> hear strange Satanic messages" >> > >> > To which someone replied:* * >> > "It's even worse than that; play it forwards and it installs Windows >> Vista !" >> > >> _________________________________________________________________________________* >> > >> > >> > >> >> >> >> -- >> Paul Bijnens, Xplanation Tel +32 16 397.525 >> Interleuvenlaan 86, B-3001 Leuven, BELGIUM Fax +32 16 397.552 >> *********************************************************************** >> * I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, ^^, * >> * quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, ~., * >> * stop, end, ^]c, +++ ATH, disconnect, halt, abort, hangup, KJOB, * >> * ^X^X, :D::D, kill -9 1, kill -1 $$, shutdown, init 0, Alt-F4, * >> * Alt-f-e, Ctrl-Alt-Del, Alt-SysRq-reisub, Stop-A, AltGr-NumLock, ... * >> * ... "Are you sure?" ... YES ... Phew ... I'm out * >> *********************************************************************** >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- * _________________________________________________________________________________ * * Someone wrote: "I understand that if you play a Microsoft Windows CD backwards you hear strange Satanic messages" To which someone replied:* * "It's even worse than that; play it forwards and it installs Windows Vista !" _________________________________________________________________________________ * -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120828/7d43f8cb/attachment.html From ryan.virgo at gmail.com Wed Aug 29 06:12:57 2012 From: ryan.virgo at gmail.com (Ryan Braganza) Date: Wed, 29 Aug 2012 10:42:57 +0530 Subject: Mail-scanner not able to block exe in zip In-Reply-To: References: <503C7975.8040905@xplanation.com> Message-ID: I did a fresh centos5.5 installion with the latest Mailscanner and its working perfect, It blocks all zipped exe's as desired. I guess there is some custom configuration on my production servers due to which it fails to work. Will check that out today. :-) On Tue, Aug 28, 2012 at 7:25 PM, Ryan Braganza wrote: > The File Command in my conf was /usr/bin/file , which I then set to > /usr/bin/file -i .. Still no luck, > > On Tue, Aug 28, 2012 at 4:14 PM, Joolee wrote: > >> As far as i know, this setting only applies to anti-spam features and >> perhaps virus scans. The other protection functions should ignore this >> setting. It would be pretty useless to only block executables lower than a >> certain file size and there is no mention in the rules files. (Although >> most virus executables are extremely small so they can be send in large >> volumes.) >> >> @Ryan: >> What is your value of the "File Command" setting? There was a discussion >> a while ago that this should be set to /path/to/file -i and was set to >> /path/to/file in older versions of MailScanner. >> >> >> On 28 August 2012 09:55, Paul Bijnens wrote: >> >>> >>> Is the setting "Max Spam Check Size" maybe excluding your large >>> exe-inside-zip to be slipping through the fishing net? >>> >>> >>> >>> >>> On 2012-08-28 05:09, Ryan Braganza wrote: >>> > Hi Joolee below are the contents of the files >>> > >>> > cat archives.filetype.rules.conf >>> > >>> > allow text - - >>> > allow \bscript - - >>> > allow archive - - >>> > allow postscript - - >>> > deny self-extract No self-extracting archives No >>> self-extracting archives allowed >>> > deny executable No executables No programs allowed >>> > #EXAMPLE: deny - x-dosexec No DOS executables No DOS >>> programs allowed >>> > deny ELF No executables No programs allowed >>> > deny Registry No Windows Registry entries No Windows Registry >>> files allowed >>> > >>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >>> > cat archives.filename.rules.conf |grep exe >>> > >>> > deny pretty\s+park\.exe$ "Pretty Park" virus "Pretty Park" virus >>> > deny happy99\.exe$ "Happy" virus "Happy" virus >>> > deny \.exe$ Windows/DOS Executable >>> Executable DOS/Windows programs are >>> > dangerous in email >>> > >>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >>> > >>> > This is the ref to those files in MailScanner.conf >>> > >>> > cat MailScanner.conf |grep ^Archives: |grep Rules >>> > >>> > Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf >>> > Archives: Filetype Rules = %etc-dir%/archives.filetype.rules.conf >>> > >>> > Yes I am zipping the exe files when I send the mail. >>> > >>> > >>> > On Mon, Aug 27, 2012 at 8:34 PM, Joolee >> mailscanner at joolee.nl>> wrote: >>> > >>> > What is the contents of your >>> (archive).filename/filetype.rules.conf ? And do you reference these files >>> from your >>> > Mailscanner.conf? >>> > >>> > And do you zip the ryan1.exe file in your example or did you send >>> that as a plain, non-zipped attachment? >>> > >>> > On 27 August 2012 15:55, Ryan Braganza >> ryan.virgo at gmail.com>> wrote: >>> > >>> > Dear Users, >>> > >>> > I have enabled blocking of exe in zip archives by setting the >>> "Maximum Archive Depth = 5" >>> > >>> > I have a proper exe file wininst-7.1.exe which maybe is some >>> windows setup exe. When i do a file command for >>> > this exe i get the below output >>> > >>> > file wininst-7.1.exe >>> > wininst-7.1.exe: PE32 executable for MS Windows (GUI) Intel >>> 80386 32-bit >>> > >>> > If I zip it and mail it, Mailscanner fails to block it and >>> pass's it through. >>> > >>> > If a create a file with an exe extension >>> > >>> > file ryan1.exe >>> > ryan1.exe: ASCII text >>> > >>> > Mailscanner is able to block it ..... >>> > >>> > What could be wrong here ? the version am using is >>> mailscanner-4.84.3-1 >>> > >>> > >>> > >>> > >>> > -- >>> > >>> *_________________________________________________________________________________ >>> > * >>> > * Someone wrote: >>> > "I understand that if you play a Microsoft Windows CD >>> backwards you hear strange Satanic messages" >>> > >>> > To which someone replied:* * >>> > "It's even worse than that; play it forwards and it installs >>> Windows Vista !" >>> > >>> _________________________________________________________________________________* >>> > >>> > >>> > -- >>> > MailScanner mailing list >>> > mailscanner at lists.mailscanner.info >> mailscanner at lists.mailscanner.info> >>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> > >>> > Before posting, read http://wiki.mailscanner.info/posting >>> > >>> > Support MailScanner development - buy the book off the website! >>> > >>> > >>> > >>> > -- >>> > MailScanner mailing list >>> > mailscanner at lists.mailscanner.info >> mailscanner at lists.mailscanner.info> >>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> > >>> > Before posting, read http://wiki.mailscanner.info/posting >>> > >>> > Support MailScanner development - buy the book off the website! >>> > >>> > >>> > >>> > >>> > -- >>> > >>> *_________________________________________________________________________________ >>> > * >>> > * Someone wrote: >>> > "I understand that if you play a Microsoft Windows CD backwards you >>> hear strange Satanic messages" >>> > >>> > To which someone replied:* * >>> > "It's even worse than that; play it forwards and it installs Windows >>> Vista !" >>> > >>> _________________________________________________________________________________* >>> > >>> > >>> > >>> >>> >>> >>> -- >>> Paul Bijnens, Xplanation Tel +32 16 397.525 >>> Interleuvenlaan 86, B-3001 Leuven, BELGIUM Fax +32 16 397.552 >>> *********************************************************************** >>> * I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, ^^, * >>> * quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, ~., * >>> * stop, end, ^]c, +++ ATH, disconnect, halt, abort, hangup, KJOB, * >>> * ^X^X, :D::D, kill -9 1, kill -1 $$, shutdown, init 0, Alt-F4, * >>> * Alt-f-e, Ctrl-Alt-Del, Alt-SysRq-reisub, Stop-A, AltGr-NumLock, ... * >>> * ... "Are you sure?" ... YES ... Phew ... I'm out * >>> *********************************************************************** >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > -- > * > _________________________________________________________________________________ > * > * Someone wrote: > "I understand that if you play a Microsoft Windows CD backwards you hear > strange Satanic messages" > > To which someone replied:* > * > "It's even worse than that; play it forwards and it installs Windows Vista > !" > > _________________________________________________________________________________ > * > > -- * _________________________________________________________________________________ * * Someone wrote: "I understand that if you play a Microsoft Windows CD backwards you hear strange Satanic messages" To which someone replied:* * "It's even worse than that; play it forwards and it installs Windows Vista !" _________________________________________________________________________________ * -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120829/85b08029/attachment.html From vmiszczak at ankama.com Wed Aug 29 09:27:13 2012 From: vmiszczak at ankama.com (Vincent Miszczak) Date: Wed, 29 Aug 2012 10:27:13 +0200 Subject: Mail-scanner not able to block exe in zip In-Reply-To: References: <503C7975.8040905@xplanation.com> Message-ID: <7AFA66599AC41847AD8E021A1DBB9D142684BA8FF7@pandore.ankama.com> Hello, I've been running with this issue. In my case, the setting "dangerous content scanning" was set to "no". Setting it to "yes" solved my problem. Regards De : mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Ryan Braganza Envoy? : mercredi 29 ao?t 2012 07:13 ? : MailScanner discussion Objet : Re: Mail-scanner not able to block exe in zip I did a fresh centos5.5 installion with the latest Mailscanner and its working perfect, It blocks all zipped exe's as desired. I guess there is some custom configuration on my production servers due to which it fails to work. Will check that out today. :-) On Tue, Aug 28, 2012 at 7:25 PM, Ryan Braganza > wrote: The File Command in my conf was /usr/bin/file , which I then set to /usr/bin/file -i .. Still no luck, On Tue, Aug 28, 2012 at 4:14 PM, Joolee > wrote: As far as i know, this setting only applies to anti-spam features and perhaps virus scans. The other protection functions should ignore this setting. It would be pretty useless to only block executables lower than a certain file size and there is no mention in the rules files. (Although most virus executables are extremely small so they can be send in large volumes.) @Ryan: What is your value of the "File Command" setting? There was a discussion a while ago that this should be set to /path/to/file -i and was set to /path/to/file in older versions of MailScanner. On 28 August 2012 09:55, Paul Bijnens > wrote: Is the setting "Max Spam Check Size" maybe excluding your large exe-inside-zip to be slipping through the fishing net? On 2012-08-28 05:09, Ryan Braganza wrote: > Hi Joolee below are the contents of the files > > cat archives.filetype.rules.conf > > allow text - - > allow \bscript - - > allow archive - - > allow postscript - - > deny self-extract No self-extracting archives No self-extracting archives allowed > deny executable No executables No programs allowed > #EXAMPLE: deny - x-dosexec No DOS executables No DOS programs allowed > deny ELF No executables No programs allowed > deny Registry No Windows Registry entries No Windows Registry files allowed > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > cat archives.filename.rules.conf |grep exe > > deny pretty\s+park\.exe$ "Pretty Park" virus "Pretty Park" virus > deny happy99\.exe$ "Happy" virus "Happy" virus > deny \.exe$ Windows/DOS Executable Executable DOS/Windows programs are > dangerous in email > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > This is the ref to those files in MailScanner.conf > > cat MailScanner.conf |grep ^Archives: |grep Rules > > Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf > Archives: Filetype Rules = %etc-dir%/archives.filetype.rules.conf > > Yes I am zipping the exe files when I send the mail. > > > On Mon, Aug 27, 2012 at 8:34 PM, Joolee >> wrote: > > What is the contents of your (archive).filename/filetype.rules.conf ? And do you reference these files from your > Mailscanner.conf? > > And do you zip the ryan1.exe file in your example or did you send that as a plain, non-zipped attachment? > > On 27 August 2012 15:55, Ryan Braganza >> wrote: > > Dear Users, > > I have enabled blocking of exe in zip archives by setting the "Maximum Archive Depth = 5" > > I have a proper exe file wininst-7.1.exe which maybe is some windows setup exe. When i do a file command for > this exe i get the below output > > file wininst-7.1.exe > wininst-7.1.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bit > > If I zip it and mail it, Mailscanner fails to block it and pass's it through. > > If a create a file with an exe extension > > file ryan1.exe > ryan1.exe: ASCII text > > Mailscanner is able to block it ..... > > What could be wrong here ? the version am using is mailscanner-4.84.3-1 > > > > > -- > *_________________________________________________________________________________ > * > * Someone wrote: > "I understand that if you play a Microsoft Windows CD backwards you hear strange Satanic messages" > > To which someone replied:* * > "It's even worse than that; play it forwards and it installs Windows Vista !" > _________________________________________________________________________________* > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > -- > *_________________________________________________________________________________ > * > * Someone wrote: > "I understand that if you play a Microsoft Windows CD backwards you hear strange Satanic messages" > > To which someone replied:* * > "It's even worse than that; play it forwards and it installs Windows Vista !" > _________________________________________________________________________________* > > > -- Paul Bijnens, Xplanation Tel +32 16 397.525 Interleuvenlaan 86, B-3001 Leuven, BELGIUM Fax +32 16 397.552 *********************************************************************** * I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, ^^, * * quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, ~., * * stop, end, ^]c, +++ ATH, disconnect, halt, abort, hangup, KJOB, * * ^X^X, :D::D, kill -9 1, kill -1 $$, shutdown, init 0, Alt-F4, * * Alt-f-e, Ctrl-Alt-Del, Alt-SysRq-reisub, Stop-A, AltGr-NumLock, ... * * ... "Are you sure?" ... YES ... Phew ... I'm out * *********************************************************************** -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- _________________________________________________________________________________ Someone wrote: "I understand that if you play a Microsoft Windows CD backwards you hear strange Satanic messages" To which someone replied: "It's even worse than that; play it forwards and it installs Windows Vista !" _________________________________________________________________________________ -- _________________________________________________________________________________ Someone wrote: "I understand that if you play a Microsoft Windows CD backwards you hear strange Satanic messages" To which someone replied: "It's even worse than that; play it forwards and it installs Windows Vista !" _________________________________________________________________________________ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120829/2f694d0a/attachment.html From goetz.reinicke at filmakademie.de Wed Aug 29 10:44:28 2012 From: goetz.reinicke at filmakademie.de (=?ISO-8859-1?Q?G=F6tz_Reinicke?=) Date: Wed, 29 Aug 2012 11:44:28 +0200 Subject: OT: Mail Archiving for Compliance In-Reply-To: <565041581.1387526.1345813169734.JavaMail.root@splatnix.net> References: <565041581.1387526.1345813169734.JavaMail.root@splatnix.net> Message-ID: <503DE47C.3030904@filmakademie.de> Am 24.08.12 14:59, schrieb Phil Daws: > Apart from MailArchiva (which appears quite expensive per seat now IMHO) > any other suggestions on OSS based email archiving solutions ? may be http://www.enkive.org/ /G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke at filmakademie.de Filmakademie Baden-W?rttemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: J?rgen Walter MdL Staatssekret?r im Ministerium f?r Wissenschaft, Forschung und Kunst Baden-W?rttemberg Gesch?ftsf?hrer: Prof. Thomas Schadt -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5174 bytes Desc: S/MIME Kryptografische Unterschrift Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120829/c1088ff7/attachment-0001.bin From afmarin at bolsayrenta.com Wed Aug 29 20:37:18 2012 From: afmarin at bolsayrenta.com (Alvaro Fernando Marin Restrepo) Date: Wed, 29 Aug 2012 14:37:18 -0500 Subject: Help Request SPAM Asian characters. Message-ID: <6F3E510D39DB804D83A3852E9ED6A2CD36E5BC699C@sbyrmedex01.bolsayrenta.local> Hello, I have a MailScanner 4.84.5 I am receiving messages whose body Asian characters appear. The emails come from: different domains different IP Add to blacklist senders. It's not enough. Edit files spam.asassin.prefs.conf init.pre Stating that my language is Spanish, English and Portuguese The problem was not resolved I wonder if there is any way to stop emails containing Asian characters somewhere in your body Thank you very much for your help ?lvaro Fernado Mar?n Restrepo. Analista de Arquitectura. Bolsa Y Renta S.A. Comisionista de Bolsa Tel: +57 (4) 448 43 00 ext. 421 Fax: +57(4) 326 17 17 afmarin at bolsayrenta.com Medell?n - Colombia [cid:image001.jpg at 01CC319A.329F0A30] ________________________________ Aviso de Confidencialidad: El contenido de este mensaje puede ser informaci?n privilegiada y confidencial. Si usted no es el destinatario real del mismo, por favor informe de ello a quien lo env?a y destr?yalo en forma inmediata. Est? prohibida su retenci?n, grabaci?n, utilizaci?n o divulgaci?n con cualquier prop?sito. Este mensaje ha sido verificado con software antivirus; en consecuencia, el remitente de ?ste no se hace responsable por la presencia en ?l o en sus anexos de alg?n virus que pueda generar da?os en los equipos o programas del destinatario. ********************************************************************************************************************************* Confidentiality Notice: This communication (including all attachments) may contain information that is private, confidential and privileged. If you have received this communication in error; please notify the sender immediately, delete this communication from all data storage devices and destroy all hard copies. Any use, dissemination, distribution, copying or disclosure of this message and any attachments, in whole or in part, by anyone other than the intended recipient(s) is strictly prohibited. This message has been checked with an antivirus software; accordingly, the sender is not liable for the presence of any virus in attachments that causes or may cause damage to the recipient's equipment or software. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120829/b63ce5d1/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Picture (Device Independent Bitmap) 1.jpg Type: image/jpeg Size: 3816 bytes Desc: Picture (Device Independent Bitmap) 1.jpg Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120829/b63ce5d1/attachment.jpg -------------- next part -------------- A non-text attachment was scrubbed... Name: Picture (Device Independent Bitmap) 2.jpg Type: image/jpeg Size: 4486 bytes Desc: Picture (Device Independent Bitmap) 2.jpg Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120829/b63ce5d1/attachment-0001.jpg From dave at KD0YU.COM Wed Aug 29 22:02:04 2012 From: dave at KD0YU.COM (Dave Helton) Date: Wed, 29 Aug 2012 16:02:04 -0500 Subject: Help Request SPAM Asian characters. In-Reply-To: <6F3E510D39DB804D83A3852E9ED6A2CD36E5BC699C@sbyrmedex01.bolsayrenta.local> References: <6F3E510D39DB804D83A3852E9ED6A2CD36E5BC699C@sbyrmedex01.bolsayrenta.local> Message-ID: <77F23E6E4DE9084BA33755BA403E53FCF00AAB2157@S8.KD0YU.COM> See attached. (provided it makes it thru the filters) --Dave Helton From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alvaro Fernando Marin Restrepo Sent: Wednesday, August 29, 2012 2:37 PM To: mailscanner at lists.mailscanner.info Subject: Help Request SPAM Asian characters. Hello, I have a MailScanner 4.84.5 I am receiving messages whose body Asian characters appear. The emails come from: different domains different IP Add to blacklist senders. It's not enough. Edit files spam.asassin.prefs.conf init.pre Stating that my language is Spanish, English and Portuguese The problem was not resolved I wonder if there is any way to stop emails containing Asian characters somewhere in your body Thank you very much for your help ?lvaro Fernado Mar?n Restrepo. Analista de Arquitectura. Bolsa Y Renta S.A. Comisionista de Bolsa Tel: +57 (4) 448 43 00 ext. 421 Fax: +57(4) 326 17 17 afmarin at bolsayrenta.com Medell?n - Colombia [cid:image001.jpg at 01CC319A.329F0A30][cid:image001.jpg at 01CD85FF.A1B96950] [cid:image002.jpg at 01CD85FF.A1B96950] ________________________________ Aviso de Confidencialidad: El contenido de este mensaje puede ser informaci?n privilegiada y confidencial. Si usted no es el destinatario real del mismo, por favor informe de ello a quien lo env?a y destr?yalo en forma inmediata. Est? prohibida su retenci?n, grabaci?n, utilizaci?n o divulgaci?n con cualquier prop?sito. Este mensaje ha sido verificado con software antivirus; en consecuencia, el remitente de ?ste no se hace responsable por la presencia en ?l o en sus anexos de alg?n virus que pueda generar da?os en los equipos o programas del destinatario. ********************************************************************************************************************************* Confidentiality Notice: This communication (including all attachments) may contain information that is private, confidential and privileged. If you have received this communication in error; please notify the sender immediately, delete this communication from all data storage devices and destroy all hard copies. Any use, dissemination, distribution, copying or disclosure of this message and any attachments, in whole or in part, by anyone other than the intended recipient(s) is strictly prohibited. This message has been checked with an antivirus software; accordingly, the sender is not liable for the presence of any virus in attachments that causes or may cause damage to the recipient's equipment or software. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___________________________________________________________________ This message has been scanned for viruses and dangerous content by MailScanner running on mail server KD0YU.COM, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner at KD0YU.COM, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120829/ea410e7b/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 3816 bytes Desc: image001.jpg Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120829/ea410e7b/attachment.jpg -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.jpg Type: image/jpeg Size: 4486 bytes Desc: image002.jpg Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120829/ea410e7b/attachment-0001.jpg -------------- next part -------------- A non-text attachment was scrubbed... Name: no_russian_mail.cf Type: application/octet-stream Size: 3629 bytes Desc: no_russian_mail.cf Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120829/ea410e7b/attachment.obj From ryan.virgo at gmail.com Thu Aug 30 14:16:12 2012 From: ryan.virgo at gmail.com (Ryan Braganza) Date: Thu, 30 Aug 2012 18:46:12 +0530 Subject: Mail-scanner not able to block exe in zip In-Reply-To: <7AFA66599AC41847AD8E021A1DBB9D142684BA8FF7@pandore.ankama.com> References: <503C7975.8040905@xplanation.com> <7AFA66599AC41847AD8E021A1DBB9D142684BA8FF7@pandore.ankama.com> Message-ID: Oh Great, thanks Vincent, it now works for me too ... dangerous content scanning was set to no in my case as well Thank you Joolee and Paul for your suggestions too :-) On Wed, Aug 29, 2012 at 1:57 PM, Vincent Miszczak wrote: > Hello,**** > > ** ** > > I?ve been running with this issue.**** > > ** ** > > In my case, the setting ?dangerous content scanning? was set to ?no?. > Setting it to ?yes? solved my problem.**** > > ** ** > > Regards**** > > ** ** > > *De :* mailscanner-bounces at lists.mailscanner.info [mailto: > mailscanner-bounces at lists.mailscanner.info] *De la part de* Ryan Braganza > *Envoy? :* mercredi 29 ao?t 2012 07:13 > *? :* MailScanner discussion > *Objet :* Re: Mail-scanner not able to block exe in zip**** > > ** ** > > I did a fresh centos5.5 installion with the latest Mailscanner and its > working perfect, It blocks all zipped exe's as desired. I guess there is > some custom configuration on my production servers due to which it fails to > work. Will check that out today. > > :-)**** > > On Tue, Aug 28, 2012 at 7:25 PM, Ryan Braganza > wrote:**** > > The File Command in my conf was /usr/bin/file , which I then set to > /usr/bin/file -i .. Still no luck, **** > > ** ** > > On Tue, Aug 28, 2012 at 4:14 PM, Joolee wrote:**** > > As far as i know, this setting only applies to anti-spam features and > perhaps virus scans. The other protection functions should ignore this > setting. It would be pretty useless to only block executables lower than a > certain file size and there is no mention in the rules files. (Although > most virus executables are extremely small so they can be send in large > volumes.) > > @Ryan: > What is your value of the "File Command" setting? There was a discussion a > while ago that this should be set to /path/to/file -i and was set to > /path/to/file in older versions of MailScanner.**** > > ** ** > > On 28 August 2012 09:55, Paul Bijnens wrote: > **** > > > Is the setting "Max Spam Check Size" maybe excluding your large > exe-inside-zip to be slipping through the fishing net?**** > > > > > > On 2012-08-28 05:09, Ryan Braganza wrote: > > Hi Joolee below are the contents of the files > > > > cat archives.filetype.rules.conf > > > > allow text - - > > allow \bscript - - > > allow archive - - > > allow postscript - - > > deny self-extract No self-extracting archives No > self-extracting archives allowed > > deny executable No executables No programs allowed > > #EXAMPLE: deny - x-dosexec No DOS executables No DOS > programs allowed > > deny ELF No executables No programs allowed > > deny Registry No Windows Registry entries No Windows Registry > files allowed > > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > cat archives.filename.rules.conf |grep exe > > > > deny pretty\s+park\.exe$ "Pretty Park" virus "Pretty Park" virus > > deny happy99\.exe$ "Happy" virus "Happy" virus > > deny \.exe$ Windows/DOS Executable > Executable DOS/Windows programs are > > dangerous in email > > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > > > This is the ref to those files in MailScanner.conf > > > > cat MailScanner.conf |grep ^Archives: |grep Rules > > > > Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf > > Archives: Filetype Rules = %etc-dir%/archives.filetype.rules.conf > > > > Yes I am zipping the exe files when I send the mail. > > > >**** > > > On Mon, Aug 27, 2012 at 8:34 PM, Joolee mailscanner at joolee.nl>> wrote: > > > > What is the contents of your (archive).filename/filetype.rules.conf > ? And do you reference these files from your > > Mailscanner.conf? > > > > And do you zip the ryan1.exe file in your example or did you send > that as a plain, non-zipped attachment? > >**** > > > On 27 August 2012 15:55, Ryan Braganza ryan.virgo at gmail.com>> wrote: > > > > Dear Users, > > > > I have enabled blocking of exe in zip archives by setting the > "Maximum Archive Depth = 5" > > > > I have a proper exe file wininst-7.1.exe which maybe is some > windows setup exe. When i do a file command for > > this exe i get the below output > > > > file wininst-7.1.exe > > wininst-7.1.exe: PE32 executable for MS Windows (GUI) Intel > 80386 32-bit > > > > If I zip it and mail it, Mailscanner fails to block it and > pass's it through. > > > > If a create a file with an exe extension > > > > file ryan1.exe > > ryan1.exe: ASCII text > > > > Mailscanner is able to block it ..... > > > > What could be wrong here ? the version am using is > mailscanner-4.84.3-1 > > > > > > > > > > --**** > > > > *_________________________________________________________________________________ > > ***** > > > * Someone wrote: > > "I understand that if you play a Microsoft Windows CD backwards > you hear strange Satanic messages" > >**** > > > To which someone replied:* ***** > > > "It's even worse than that; play it forwards and it installs > Windows Vista !"**** > > > > _________________________________________________________________________________* > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info mailscanner at lists.mailscanner.info>**** > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > > > -- > > MailScanner mailing list**** > > > mailscanner at lists.mailscanner.info mailscanner at lists.mailscanner.info>**** > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > --**** > > > > *_________________________________________________________________________________ > > ***** > > > * Someone wrote: > > "I understand that if you play a Microsoft Windows CD backwards you hear > strange Satanic messages" > >**** > > > To which someone replied:* ***** > > > "It's even worse than that; play it forwards and it installs Windows > Vista !"**** > > > > _________________________________________________________________________________* > > > > > > > > > > -- > Paul Bijnens, Xplanation Tel +32 16 397.525 > Interleuvenlaan 86, B-3001 Leuven, BELGIUM Fax +32 16 397.552 > *********************************************************************** > * I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, ^^, * > * quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, ~., * > * stop, end, ^]c, +++ ATH, disconnect, halt, abort, hangup, KJOB, * > * ^X^X, :D::D, kill -9 1, kill -1 $$, shutdown, init 0, Alt-F4, * > * Alt-f-e, Ctrl-Alt-Del, Alt-SysRq-reisub, Stop-A, AltGr-NumLock, ... * > * ... "Are you sure?" ... YES ... Phew ... I'm out * > ************************************************************************** > * > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website!**** > > ** ** > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website!**** > > > > **** > > -- **** > > * > _________________________________________________________________________________ > ***** > > * Someone wrote: > "I understand that if you play a Microsoft Windows CD backwards you hear > strange Satanic messages" > > To which someone replied:* **** > > * * > > *"It's even worse than that; play it forwards and it installs Windows > Vista !" > > _________________________________________________________________________________ > * > > ** ** > > ** ** > > > > > -- **** > > * > _________________________________________________________________________________ > ***** > > * Someone wrote: > "I understand that if you play a Microsoft Windows CD backwards you hear > strange Satanic messages" > > To which someone replied:* * > "It's even worse than that; play it forwards and it installs Windows Vista > !" > > _________________________________________________________________________________ > ***** > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. **** > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- * _________________________________________________________________________________ * * Someone wrote: "I understand that if you play a Microsoft Windows CD backwards you hear strange Satanic messages" To which someone replied:* * "It's even worse than that; play it forwards and it installs Windows Vista !" _________________________________________________________________________________ * -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120830/40c9b6c4/attachment.html From afmarin at bolsayrenta.com Thu Aug 30 21:05:19 2012 From: afmarin at bolsayrenta.com (Alvaro Fernando Marin Restrepo) Date: Thu, 30 Aug 2012 15:05:19 -0500 Subject: Help Request SPAM Asian characters. In-Reply-To: <77F23E6E4DE9084BA33755BA403E53FCF00AAB2157@S8.KD0YU.COM> References: <6F3E510D39DB804D83A3852E9ED6A2CD36E5BC699C@sbyrmedex01.bolsayrenta.local> <77F23E6E4DE9084BA33755BA403E53FCF00AAB2157@S8.KD0YU.COM> Message-ID: <6F3E510D39DB804D83A3852E9ED6A2CD36E5C24719@sbyrmedex01.bolsayrenta.local> Hello, You know I can do to block Chinese characters? Again thank you very much. ?lvaro Fernado Mar?n Restrepo. Analista de Arquitectura. Bolsa Y Renta S.A. Comisionista de Bolsa Tel: +57 (4) 448 43 00 ext. 421 Fax: +57(4) 326 17 17 afmarin at bolsayrenta.com Medell?n - Colombia [cid:image003.jpg at 01CD86C0.DE5E0980] [cid:image004.png at 01CD86C0.DE5E0980] De: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] En nombre de Dave Helton Enviado el: mi?rcoles, 29 de agosto de 2012 04:02 p.m. Para: MailScanner discussion Asunto: RE: Help Request SPAM Asian characters. See attached. (provided it makes it thru the filters) --Dave Helton From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alvaro Fernando Marin Restrepo Sent: Wednesday, August 29, 2012 2:37 PM To: mailscanner at lists.mailscanner.info Subject: Help Request SPAM Asian characters. Hello, I have a MailScanner 4.84.5 I am receiving messages whose body Asian characters appear. The emails come from: different domains different IP Add to blacklist senders. It's not enough. Edit files spam.asassin.prefs.conf init.pre Stating that my language is Spanish, English and Portuguese The problem was not resolved I wonder if there is any way to stop emails containing Asian characters somewhere in your body Thank you very much for your help ?lvaro Fernado Mar?n Restrepo. Analista de Arquitectura. Bolsa Y Renta S.A. Comisionista de Bolsa Tel: +57 (4) 448 43 00 ext. 421 Fax: +57(4) 326 17 17 afmarin at bolsayrenta.com Medell?n - Colombia [cid:image001.jpg at 01CC319A.329F0A30][cid:image005.jpg at 01CD86C0.DE5E0980] [cid:image006.jpg at 01CD86C0.DE5E0980] ________________________________ Aviso de Confidencialidad: El contenido de este mensaje puede ser informaci?n privilegiada y confidencial. Si usted no es el destinatario real del mismo, por favor informe de ello a quien lo env?a y destr?yalo en forma inmediata. Est? prohibida su retenci?n, grabaci?n, utilizaci?n o divulgaci?n con cualquier prop?sito. Este mensaje ha sido verificado con software antivirus; en consecuencia, el remitente de ?ste no se hace responsable por la presencia en ?l o en sus anexos de alg?n virus que pueda generar da?os en los equipos o programas del destinatario. ********************************************************************************************************************************* Confidentiality Notice: This communication (including all attachments) may contain information that is private, confidential and privileged. If you have received this communication in error; please notify the sender immediately, delete this communication from all data storage devices and destroy all hard copies. Any use, dissemination, distribution, copying or disclosure of this message and any attachments, in whole or in part, by anyone other than the intended recipient(s) is strictly prohibited. This message has been checked with an antivirus software; accordingly, the sender is not liable for the presence of any virus in attachments that causes or may cause damage to the recipient's equipment or software. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___________________________________________________________________ This message has been scanned for viruses and dangerous content by MailScanner running on mail server KD0YU.COM, and is believed to be clean. ___________________________________________________________________ This message has been scanned for viruses and dangerous content by MailScanner running on mail server KD0YU.COM, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ________________________________ Aviso de Confidencialidad: El contenido de este mensaje puede ser informaci?n privilegiada y confidencial. Si usted no es el destinatario real del mismo, por favor informe de ello a quien lo env?a y destr?yalo en forma inmediata. Est? prohibida su retenci?n, grabaci?n, utilizaci?n o divulgaci?n con cualquier prop?sito. Este mensaje ha sido verificado con software antivirus; en consecuencia, el remitente de ?ste no se hace responsable por la presencia en ?l o en sus anexos de alg?n virus que pueda generar da?os en los equipos o programas del destinatario. ********************************************************************************************************************************* Confidentiality Notice: This communication (including all attachments) may contain information that is private, confidential and privileged. If you have received this communication in error; please notify the sender immediately, delete this communication from all data storage devices and destroy all hard copies. Any use, dissemination, distribution, copying or disclosure of this message and any attachments, in whole or in part, by anyone other than the intended recipient(s) is strictly prohibited. This message has been checked with an antivirus software; accordingly, the sender is not liable for the presence of any virus in attachments that causes or may cause damage to the recipient's equipment or software. ________________________________ Aviso de Confidencialidad: El contenido de este mensaje puede ser informaci?n privilegiada y confidencial. Si usted no es el destinatario real del mismo, por favor informe de ello a quien lo env?a y destr?yalo en forma inmediata. Est? prohibida su retenci?n, grabaci?n, utilizaci?n o divulgaci?n con cualquier prop?sito. Este mensaje ha sido verificado con software antivirus; en consecuencia, el remitente de ?ste no se hace responsable por la presencia en ?l o en sus anexos de alg?n virus que pueda generar da?os en los equipos o programas del destinatario. ********************************************************************************************************************************* Confidentiality Notice: This communication (including all attachments) may contain information that is private, confidential and privileged. If you have received this communication in error; please notify the sender immediately, delete this communication from all data storage devices and destroy all hard copies. Any use, dissemination, distribution, copying or disclosure of this message and any attachments, in whole or in part, by anyone other than the intended recipient(s) is strictly prohibited. This message has been checked with an antivirus software; accordingly, the sender is not liable for the presence of any virus in attachments that causes or may cause damage to the recipient's equipment or software. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120830/5865edfd/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: image003.jpg Type: image/jpeg Size: 3831 bytes Desc: image003.jpg Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120830/5865edfd/attachment.jpg -------------- next part -------------- A non-text attachment was scrubbed... Name: image004.png Type: image/png Size: 10446 bytes Desc: image004.png Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120830/5865edfd/attachment.png -------------- next part -------------- A non-text attachment was scrubbed... Name: image005.jpg Type: image/jpeg Size: 3816 bytes Desc: image005.jpg Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120830/5865edfd/attachment-0001.jpg -------------- next part -------------- A non-text attachment was scrubbed... Name: image006.jpg Type: image/jpeg Size: 4486 bytes Desc: image006.jpg Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120830/5865edfd/attachment-0002.jpg From dave at KD0YU.COM Thu Aug 30 21:57:58 2012 From: dave at KD0YU.COM (Dave Helton) Date: Thu, 30 Aug 2012 15:57:58 -0500 Subject: Help Request SPAM Asian characters. In-Reply-To: <6F3E510D39DB804D83A3852E9ED6A2CD36E5C24719@sbyrmedex01.bolsayrenta.local> References: <6F3E510D39DB804D83A3852E9ED6A2CD36E5BC699C@sbyrmedex01.bolsayrenta.local> <77F23E6E4DE9084BA33755BA403E53FCF00AAB2157@S8.KD0YU.COM> <6F3E510D39DB804D83A3852E9ED6A2CD36E5C24719@sbyrmedex01.bolsayrenta.local> Message-ID: <77F23E6E4DE9084BA33755BA403E53FCF00AAB2158@S8.KD0YU.COM> It helps to make a soft link of /etc/MailScanner/spam.assassin.prefs.conf to /etc/mail/mailscanner.cf this allows anything outside of MailScanner to see the same prefs when running SA. I also run sendmail/mimedefang for the MTA and cyrus for the LDA. Yeah... call me old skool. Add these to /etc/MailScanner/spam.assassin.prefs.conf ~~~~ ok_locales en (you will need to change this for your locale) score CHARSET_FARAWAY 50 score CHARSET_FARAWAY_BODY 50 ~~~~ CHARSET_FARAWAY should score anything outside of your locale above your spam threshold. --Dave From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alvaro Fernando Marin Restrepo Sent: Thursday, August 30, 2012 3:05 PM To: MailScanner discussion Subject: RE: Help Request SPAM Asian characters. Hello, You know I can do to block Chinese characters? Again thank you very much. ?lvaro Fernado Mar?n Restrepo. Analista de Arquitectura. Bolsa Y Renta S.A. Comisionista de Bolsa Tel: +57 (4) 448 43 00 ext. 421 Fax: +57(4) 326 17 17 afmarin at bolsayrenta.com Medell?n - Colombia [cid:image001.jpg at 01CD86C7.A8B91C50] [cid:image002.png at 01CD86C7.A8B91C50] De: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] En nombre de Dave Helton Enviado el: mi?rcoles, 29 de agosto de 2012 04:02 p.m. Para: MailScanner discussion Asunto: RE: Help Request SPAM Asian characters. See attached. (provided it makes it thru the filters) --Dave Helton From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alvaro Fernando Marin Restrepo Sent: Wednesday, August 29, 2012 2:37 PM To: mailscanner at lists.mailscanner.info Subject: Help Request SPAM Asian characters. Hello, I have a MailScanner 4.84.5 I am receiving messages whose body Asian characters appear. The emails come from: different domains different IP Add to blacklist senders. It's not enough. Edit files spam.asassin.prefs.conf init.pre Stating that my language is Spanish, English and Portuguese The problem was not resolved I wonder if there is any way to stop emails containing Asian characters somewhere in your body Thank you very much for your help ?lvaro Fernado Mar?n Restrepo. Analista de Arquitectura. Bolsa Y Renta S.A. Comisionista de Bolsa Tel: +57 (4) 448 43 00 ext. 421 Fax: +57(4) 326 17 17 afmarin at bolsayrenta.com Medell?n - Colombia [cid:image001.jpg at 01CC319A.329F0A30][cid:image003.jpg at 01CD86C7.A8B91C50] [cid:image004.jpg at 01CD86C7.A8B91C50] ________________________________ Aviso de Confidencialidad: El contenido de este mensaje puede ser informaci?n privilegiada y confidencial. Si usted no es el destinatario real del mismo, por favor informe de ello a quien lo env?a y destr?yalo en forma inmediata. Est? prohibida su retenci?n, grabaci?n, utilizaci?n o divulgaci?n con cualquier prop?sito. Este mensaje ha sido verificado con software antivirus; en consecuencia, el remitente de ?ste no se hace responsable por la presencia en ?l o en sus anexos de alg?n virus que pueda generar da?os en los equipos o programas del destinatario. ********************************************************************************************************************************* Confidentiality Notice: This communication (including all attachments) may contain information that is private, confidential and privileged. If you have received this communication in error; please notify the sender immediately, delete this communication from all data storage devices and destroy all hard copies. Any use, dissemination, distribution, copying or disclosure of this message and any attachments, in whole or in part, by anyone other than the intended recipient(s) is strictly prohibited. This message has been checked with an antivirus software; accordingly, the sender is not liable for the presence of any virus in attachments that causes or may cause damage to the recipient's equipment or software. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___________________________________________________________________ This message has been scanned for viruses and dangerous content by MailScanner running on mail server KD0YU.COM, and is believed to be clean. ___________________________________________________________________ This message has been scanned for viruses and dangerous content by MailScanner running on mail server KD0YU.COM, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ________________________________ Aviso de Confidencialidad: El contenido de este mensaje puede ser informaci?n privilegiada y confidencial. Si usted no es el destinatario real del mismo, por favor informe de ello a quien lo env?a y destr?yalo en forma inmediata. Est? prohibida su retenci?n, grabaci?n, utilizaci?n o divulgaci?n con cualquier prop?sito. Este mensaje ha sido verificado con software antivirus; en consecuencia, el remitente de ?ste no se hace responsable por la presencia en ?l o en sus anexos de alg?n virus que pueda generar da?os en los equipos o programas del destinatario. ********************************************************************************************************************************* Confidentiality Notice: This communication (including all attachments) may contain information that is private, confidential and privileged. If you have received this communication in error; please notify the sender immediately, delete this communication from all data storage devices and destroy all hard copies. Any use, dissemination, distribution, copying or disclosure of this message and any attachments, in whole or in part, by anyone other than the intended recipient(s) is strictly prohibited. This message has been checked with an antivirus software; accordingly, the sender is not liable for the presence of any virus in attachments that causes or may cause damage to the recipient's equipment or software. ________________________________ Aviso de Confidencialidad: El contenido de este mensaje puede ser informaci?n privilegiada y confidencial. Si usted no es el destinatario real del mismo, por favor informe de ello a quien lo env?a y destr?yalo en forma inmediata. Est? prohibida su retenci?n, grabaci?n, utilizaci?n o divulgaci?n con cualquier prop?sito. Este mensaje ha sido verificado con software antivirus; en consecuencia, el remitente de ?ste no se hace responsable por la presencia en ?l o en sus anexos de alg?n virus que pueda generar da?os en los equipos o programas del destinatario. ********************************************************************************************************************************* Confidentiality Notice: This communication (including all attachments) may contain information that is private, confidential and privileged. If you have received this communication in error; please notify the sender immediately, delete this communication from all data storage devices and destroy all hard copies. Any use, dissemination, distribution, copying or disclosure of this message and any attachments, in whole or in part, by anyone other than the intended recipient(s) is strictly prohibited. This message has been checked with an antivirus software; accordingly, the sender is not liable for the presence of any virus in attachments that causes or may cause damage to the recipient's equipment or software. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___________________________________________________________________ This message has been scanned for viruses and dangerous content by MailScanner running on mail server KD0YU.COM, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner at KD0YU.COM, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120830/d0ba6ae7/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 3831 bytes Desc: image001.jpg Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120830/d0ba6ae7/attachment-0003.jpg -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.png Type: image/png Size: 10446 bytes Desc: image002.png Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120830/d0ba6ae7/attachment-0001.png -------------- next part -------------- A non-text attachment was scrubbed... Name: image003.jpg Type: image/jpeg Size: 3816 bytes Desc: image003.jpg Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120830/d0ba6ae7/attachment-0004.jpg -------------- next part -------------- A non-text attachment was scrubbed... Name: image004.jpg Type: image/jpeg Size: 4486 bytes Desc: image004.jpg Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120830/d0ba6ae7/attachment-0005.jpg From dave at KD0YU.COM Thu Aug 30 22:07:13 2012 From: dave at KD0YU.COM (Dave Helton) Date: Thu, 30 Aug 2012 16:07:13 -0500 Subject: more on Asian spam Message-ID: <77F23E6E4DE9084BA33755BA403E53FCF00AAB2159@S8.KD0YU.COM> One thing I forgot to mention... Make sure to load TextCat from the .pre files in your /etc/mail/spamassassin (or where ever it's located). grep the directory for it, make sure it's uncommented and loaded. TextCat is needed by 'ok_locale' and CHARSET_FARAWAY. (the pod file states... TextCat will try to make its best guess. YMMV) --Dave -- This message has been scanned for viruses and dangerous content by MailScanner at KD0YU.COM, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120830/fffa8ed9/attachment.html From alex at vidadigital.com.pa Thu Aug 30 22:31:31 2012 From: alex at vidadigital.com.pa (Alex Neuman) Date: Thu, 30 Aug 2012 16:31:31 -0500 Subject: Help Request SPAM Asian characters. In-Reply-To: <6F3E510D39DB804D83A3852E9ED6A2CD36E5C24719@sbyrmedex01.bolsayrenta.local> References: <6F3E510D39DB804D83A3852E9ED6A2CD36E5BC699C@sbyrmedex01.bolsayrenta.local> <77F23E6E4DE9084BA33755BA403E53FCF00AAB2157@S8.KD0YU.COM> <6F3E510D39DB804D83A3852E9ED6A2CD36E5C24719@sbyrmedex01.bolsayrenta.local> Message-ID: You can read the file he sent you and make the changes from the Russian character set to the different asian character sets, including Chinese, Japanese or Korean, for example. You can then recontribute the file so everyone can benefit. You can also try including: ok_locales en ok_languages en es pt on your /etc/mail/spamassassin/local.cf to see if it improves by being more aggressive on e-mail that isn't in regular "latin" characters (ok_locales) or in English/Spanish (ok_languages). After you include them you should restart MailScanner since it might not pick up on those changes immediately unless you restart. From your previous e-mail I see you *tried* doing that, but just in case I wanted to add that you may have needed to restart the service in order for it to pick up the changes. Are you using DCC? Razor? Pyzor? RBL's at the MTA level? RBL's at the MailScanner level? SPF? DKIM? A lot of these chinese spams can be stopped before they get to the users by implementing all of the above. Do you have any e-mail headers that could show what SA is being able to look at? Can you use a pastebin site to paste a full (including headers) example? Before you include a huge embedded graphic advocating "saving trees by not printing", you should consider how much electricity and bandwidth was spent sending that unnecessary graphic. Millions of e-mails every day with graphics like that make much more of an environmental impact than the rare occasion someone prints out an e-mail. In fact, with the cost of paper, ink and power, a lot of people avoid printing as much as possible not to save the planet, but to save their own wallets. On Thu, Aug 30, 2012 at 3:05 PM, Alvaro Fernando Marin Restrepo wrote: > > Hello, > > You know I can do to block Chinese characters? > > Again thank you very much. > > > > > > ?lvaro Fernado Mar?n Restrepo. > > Analista de Arquitectura. > > Bolsa Y Renta S.A. Comisionista de Bolsa > > Tel: +57 (4) 448 43 00 ext. 421 > > Fax: +57(4) 326 17 17 > > afmarin at bolsayrenta.com > > Medell?n - Colombia > > > > De: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] En nombre de Dave Helton > Enviado el: mi?rcoles, 29 de agosto de 2012 04:02 p.m. > Para: MailScanner discussion > Asunto: RE: Help Request SPAM Asian characters. > > > > See attached. > > (provided it makes it thru the filters) > > > > --Dave Helton > > > > From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alvaro Fernando Marin Restrepo > Sent: Wednesday, August 29, 2012 2:37 PM > To: mailscanner at lists.mailscanner.info > Subject: Help Request SPAM Asian characters. > > > > Hello, > > I have a MailScanner 4.84.5 > > I am receiving messages whose body Asian characters appear. > > The emails come from: > > different domains > > different IP > > Add to blacklist senders. > > It's not enough. > > > > Edit files > > spam.asassin.prefs.conf > > init.pre > > > > Stating that my language is Spanish, English and Portuguese > > The problem was not resolved > > > > I wonder if there is any way to stop emails containing Asian characters somewhere in your body > > Thank you very much for your help > > > > ?lvaro Fernado Mar?n Restrepo. > > Analista de Arquitectura. > > Bolsa Y Renta S.A. Comisionista de Bolsa > > Tel: +57 (4) 448 43 00 ext. 421 > > Fax: +57(4) 326 17 17 > > afmarin at bolsayrenta.com > > Medell?n - Colombia > > > > > > > > ________________________________ > > Aviso de Confidencialidad: > > El contenido de este mensaje puede ser informaci?n privilegiada y confidencial. Si usted no es el destinatario real del mismo, por favor informe de ello a quien lo env?a y destr?yalo en forma inmediata. Est? prohibida su retenci?n, grabaci?n, utilizaci?n o divulgaci?n con cualquier prop?sito. Este mensaje ha sido verificado con software antivirus; en consecuencia, el remitente de ?ste no se hace responsable por la presencia en ?l o en sus anexos de alg?n virus que pueda generar da?os en los equipos o programas del destinatario. > > ********************************************************************************************************************************* > Confidentiality Notice: > > This communication (including all attachments) may contain information that is private, confidential and privileged. If you have received this communication in error; please notify the sender immediately, delete this communication from all data storage devices and destroy all hard copies. Any use, dissemination, distribution, copying or disclosure of this message and any attachments, in whole or in part, by anyone other than the intended recipient(s) is strictly prohibited. This message has been checked with an antivirus software; accordingly, the sender is not liable for the presence of any virus in attachments that causes or may cause damage to the recipient's equipment or software. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ___________________________________________________________________ > This message has been scanned for viruses and dangerous content by MailScanner > running on mail server KD0YU.COM, and is believed to be clean. > > ___________________________________________________________________ > This message has been scanned for viruses and dangerous content by MailScanner > running on mail server KD0YU.COM, and is believed to be clean. > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > ________________________________ > > Aviso de Confidencialidad: > > El contenido de este mensaje puede ser informaci?n privilegiada y confidencial. Si usted no es el destinatario real del mismo, por favor informe de ello a quien lo env?a y destr?yalo en forma inmediata. Est? prohibida su retenci?n, grabaci?n, utilizaci?n o divulgaci?n con cualquier prop?sito. Este mensaje ha sido verificado con software antivirus; en consecuencia, el remitente de ?ste no se hace responsable por la presencia en ?l o en sus anexos de alg?n virus que pueda generar da?os en los equipos o programas del destinatario. > > ********************************************************************************************************************************* > Confidentiality Notice: > > This communication (including all attachments) may contain information that is private, confidential and privileged. If you have received this communication in error; please notify the sender immediately, delete this communication from all data storage devices and destroy all hard copies. Any use, dissemination, distribution, copying or disclosure of this message and any attachments, in whole or in part, by anyone other than the intended recipient(s) is strictly prohibited. This message has been checked with an antivirus software; accordingly, the sender is not liable for the presence of any virus in attachments that causes or may cause damage to the recipient's equipment or software. > > > ________________________________ > Aviso de Confidencialidad: > > El contenido de este mensaje puede ser informaci?n privilegiada y confidencial. Si usted no es el destinatario real del mismo, por favor informe de ello a quien lo env?a y destr?yalo en forma inmediata. Est? prohibida su retenci?n, grabaci?n, utilizaci?n o divulgaci?n con cualquier prop?sito. Este mensaje ha sido verificado con software antivirus; en consecuencia, el remitente de ?ste no se hace responsable por la presencia en ?l o en sus anexos de alg?n virus que pueda generar da?os en los equipos o programas del destinatario. > > ********************************************************************************************************************************* > Confidentiality Notice: > > This communication (including all attachments) may contain information that is private, confidential and privileged. If you have received this communication in error; please notify the sender immediately, delete this communication from all data storage devices and destroy all hard copies. Any use, dissemination, distribution, copying or disclosure of this message and any attachments, in whole or in part, by anyone other than the intended recipient(s) is strictly prohibited. This message has been checked with an antivirus software; accordingly, the sender is not liable for the presence of any virus in attachments that causes or may cause damage to the recipient's equipment or software. > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital From alex at vidadigital.com.pa Thu Aug 30 23:25:55 2012 From: alex at vidadigital.com.pa (Alex Neuman) Date: Thu, 30 Aug 2012 17:25:55 -0500 Subject: more on Asian spam In-Reply-To: <77F23E6E4DE9084BA33755BA403E53FCF00AAB2159@S8.KD0YU.COM> References: <77F23E6E4DE9084BA33755BA403E53FCF00AAB2159@S8.KD0YU.COM> Message-ID: Very important! On Thu, Aug 30, 2012 at 4:07 PM, Dave Helton wrote: > One thing I forgot to mention...**** > > ** ** > > Make sure to load TextCat from the .pre files in your > /etc/mail/spamassassin (or where ever it's located).**** > > grep the directory for it, make sure it's uncommented and loaded.**** > > ** ** > > TextCat is needed by 'ok_locale' and CHARSET_FARAWAY.**** > > (the pod file states... TextCat will try to make its best guess. YMMV)**** > > ** ** > > --Dave**** > > ___________________________________________________________________ > This message has been scanned for viruses and dangerous content by * > MailScanner* > running on mail server *KD0YU.COM* , and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital --- ABOUT THOSE "SAVE THE PLANET, DON'T PRINT THIS GRAPHICS -- Before you include a useless, hypocritical embedded graphic advocating "saving trees by not printing", you should consider how much electricity and bandwidth was spent sending that unnecessary graphic. Millions of e-mails every day with worthless graphics like that make much more of an environmental impact than the rare occasion someone prints out an e-mail. In fact, with the cost of paper, ink and power, a lot of people avoid printing as much as possible not to save the planet, but to save their own wallets. -- ABOUT ANY "LEGAL" E-MAIL DISCLAIMERS -- They are not legally binding in most jurisdictions, and are usually internally inconsistent. Don't waste time, money and bandwidth by including "legal disclaimers", they are a waste of everyone's time and resources. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120830/388c038a/attachment.html