From uxbod at splatnix.net Thu Mar 1 15:04:31 2012 From: uxbod at splatnix.net (Phil Daws) Date: Thu Mar 1 15:04:48 2012 Subject: .MOV files Message-ID: <390118116.208605.1330614271440.JavaMail.root@office.splatnix.net> Hello all, I have ran across in interesting problem where .MOV file types do not appear to adhere to the normal scanning process like .EXEs. When adding some debugging to the code I believe the problem is due to the unsafename/safename/TNEF variables not being set correctly. Building a message batch to scan... Have a batch of 1 message. Message Size:70604918 Processing attachments Unsafename: Safename: nmsg-7930-1.txt TNEF: Stopping now as you are debugging me. Any thoughts on this ? Have I missed something in the MailScanner configuration ? -- Thanks, Phil -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120301/1cc2da72/attachment.html From uxbod at splatnix.net Fri Mar 2 09:26:06 2012 From: uxbod at splatnix.net (Phil Daws) Date: Fri Mar 2 09:26:22 2012 Subject: .MOV files In-Reply-To: <390118116.208605.1330614271440.JavaMail.root@office.splatnix.net> Message-ID: <106559895.222609.1330680366652.JavaMail.root@office.splatnix.net> Here is a bit more information of one .MOV being extracted and the other not: Works ----- Content-Type: video/quicktime; name=031.MOV Content-Disposition: attachment; filename=031.MOV Content-Transfer-Encoding: base64 Mar 1 10:41:49 passit01 MailScanner[25799]:Debug: From:root@passit01 Unsafename: Safename:nmsg-25799-3.txt Message Size: 8667799 Attachment Size:53 Mar 1 10:41:49 passit01 MailScanner[25799]:Debug: From:root@passit01 Unsafename:031.MOV Safename:n031.MOV Message Size: 8667799 Attachment Size:6332356 Mar 1 10:41:49 passit01 MailScanner[25799]:Debug: From:root@passit01 Unsafename:msg-25799-1.txt Safename:nmsg-25799-1.txt Message Size: 8667799 Attachment Size:209 Mar 1 10:41:49 passit01 MailScanner[25799]:Debug: From:root@passit01 Unsafename:msg-25799-2.html Safename:nmsg-25799-2.html Message Size: 8667799 Attachment Size:719 Not Works --------- Content-Type: video/quicktime; name=065.MOV Content-Disposition: attachment; filename=065.MOV Content-Transfer-Encoding: base64 Mar 1 10:41:54 passit01 MailScanner[25886]:Debug: From:root@passit01 Unsafename: Safename:nmsg-25886-3.txt Message Size: 70605239 Attachment Size:190 Mar 1 10:41:54 passit01 MailScanner[25886]:Debug: From:root@passit01 Unsafename: Safename:nmsg-25886-1.txt Message Size: 70605239 Attachment Size:387 Mar 1 10:41:54 passit01 MailScanner[25886]:Debug: From:root@passit01 Unsafename: Safename:nmsg-25886-2.html Message Size: 70605239 Attachment Size:955 The only difference between the content was the attachment and inspecting the MIME entities they both appear correct. I even tried commenting out each ScanBatch section of MessageBatch.pm to see if the content checks or something were altering the batch in any way which they are not. This is leading me to think it is something to do with size in the extract attachment code. Wish Jules was around! -- Thanks, Phil ----- Original Message ----- > Hello all, > I have ran across in interesting problem where .MOV file types do not > appear to adhere to the normal scanning process like .EXEs. When > adding some debugging to the code I believe the problem is due to > the unsafename/safename/TNEF variables not being set correctly. > Building a message batch to scan... > Have a batch of 1 message. > Message Size:70604918 > Processing attachments > Unsafename: Safename: nmsg-7930-1.txt TNEF: > Stopping now as you are debugging me. > Any thoughts on this ? Have I missed something in the MailScanner > configuration ? > -- > Thanks, Phil > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > Before posting, read http://wiki.mailscanner.info/posting > Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120302/faaf4968/attachment.html From Robert.Meurlin at se.fujitsu.com Fri Mar 2 10:14:56 2012 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Fri Mar 2 10:15:08 2012 Subject: TLS problem Message-ID: <1346982F9DBDA4488EBA19C8BF28495909F02AED@FINMAIL16.nordic.x> Hi, We have 3 mailgw's who has exactly the same config with sendmail,MailScanner, spamassassin, clamav, TLS. We have 1 customer who have forced TLS with this config: Access.db TLS_Clt:customer.se VERIFY TLS_Srv:customer.se VERIFY ------------ sendmail.mc define(`CERT_DIR', `/etc/mailcerts') define(`confSERVER_CERT', `CERT_DIR/host.cert') define(`confSERVER_KEY', `CERT_DIR/host.key') define(`confCLIENT_CERT', `CERT_DIR/host.cert') define(`confCLIENT_KEY', `CERT_DIR/host.key') define(`confCACERT', `CERT_DIR/cacert.pem') define(`confCACERT_PATH', `CERT_DIR/CA') ---------- This is the TLS error on one of the mailgw's: Running /var/spool/mqueue/q1SHjcxb027590 (sequence 1 of 1) ... Connecting to x.x.se. via esmtp... 220 x.x.se ESMTP >>> EHLO fujitsugw 250-x.x.se 250-PIPELINING 250-SIZE 102400000 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN >>> STARTTLS 220 2.0.0 Ready to start TLS >>> QUIT 221 2.0.0 Bye ... Connecting to x2.x.se. via esmtp... ... Closing connection to x.x.se. 220 x2.x.se ESMTP >>> EHLO fujitsugw 250-x.x.se 250-PIPELINING 250-SIZE 102400000 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN >>> STARTTLS 220 2.0.0 Ready to start TLS >>> QUIT 221 2.0.0 Bye ... Connecting to x.x.se. via esmtp... ... Closing connection to x2.x.se. 220 x.x2.se ESMTP >>> EHLO fujitsugw 250-x.x.se 250-PIPELINING 250-SIZE 102400000 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN >>> STARTTLS 220 2.0.0 Ready to start TLS >>> QUIT 221 2.0.0 Bye ... Connecting to x.x.se. via esmtp... ... Closing connection to x.x.se. 220 x.x.se ESMTP >>> EHLO fujitsugw 250-x3.seb.se 250-PIPELINING 250-SIZE 102400000 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN >>> STARTTLS 220 2.0.0 Ready to start TLS >>> QUIT 221 2.0.0 Bye ... Deferred: 403 4.7.0 authentication failed Closing connection to x.x.se. When we route through the other 2 mailgw's it is no problem but on this TLS doesn't work, normal mail (not TLS) works good on this, I have looked at certs and everything looks good does anyone have a clue? Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120302/179679d3/attachment.html From rabellino at di.unito.it Fri Mar 2 10:37:51 2012 From: rabellino at di.unito.it (Sergio Rabellino) Date: Fri Mar 2 10:38:08 2012 Subject: TLS problem In-Reply-To: <1346982F9DBDA4488EBA19C8BF28495909F02AED@FINMAIL16.nordic.x> References: <1346982F9DBDA4488EBA19C8BF28495909F02AED@FINMAIL16.nordic.x> Message-ID: <4F50A2FF.1050209@di.unito.it> Did you do an hashing of the certs into the CERT_DIR/CA ? It seems that your're not verifying the client certs against the their CA. On 02/03/2012 11:14, Meurlin Robert wrote: > > Hi, > > We have 3 mailgw's who has exactly the same config with > sendmail,MailScanner, spamassassin, clamav, TLS. > > We have 1 customer who have forced TLS with this config: > > Access.db > > TLS_Clt:customer.se VERIFY > > TLS_Srv:customer.se VERIFY > > ------------ > > sendmail.mc > > define(`CERT_DIR', `/etc/mailcerts') > > define(`confSERVER_CERT', `CERT_DIR/host.cert') > > define(`confSERVER_KEY', `CERT_DIR/host.key') > > define(`confCLIENT_CERT', `CERT_DIR/host.cert') > > define(`confCLIENT_KEY', `CERT_DIR/host.key') > > define(`confCACERT', `CERT_DIR/cacert.pem') > > define(`confCACERT_PATH', `CERT_DIR/CA') > > ---------- > > This is the TLS error on one of the mailgw's: > > Running /var/spool/mqueue/q1SHjcxb027590 (sequence 1 of 1) > > ... Connecting to x.x.se. via esmtp... > > 220 x.x.se ESMTP > > >>> EHLO fujitsugw > > 250-x.x.se > > 250-PIPELINING > > 250-SIZE 102400000 > > 250-ETRN > > 250-STARTTLS > > 250-ENHANCEDSTATUSCODES > > 250-8BITMIME > > 250 DSN > > >>> STARTTLS > > 220 2.0.0 Ready to start TLS > > >>> QUIT > > 221 2.0.0 Bye > > ... Connecting to x2.x.se. via esmtp... > > ... Closing connection to x.x.se. > > 220 x2.x.se ESMTP > > >>> EHLO fujitsugw > > 250-x.x.se > > 250-PIPELINING > > 250-SIZE 102400000 > > 250-ETRN > > 250-STARTTLS > > 250-ENHANCEDSTATUSCODES > > 250-8BITMIME > > 250 DSN > > >>> STARTTLS > > 220 2.0.0 Ready to start TLS > > >>> QUIT > > 221 2.0.0 Bye > > ... Connecting to x.x.se. via esmtp... > > ... Closing connection to x2.x.se. > > 220 x.x2.se ESMTP > > >>> EHLO fujitsugw > > 250-x.x.se > > 250-PIPELINING > > 250-SIZE 102400000 > > 250-ETRN > > 250-STARTTLS > > 250-ENHANCEDSTATUSCODES > > 250-8BITMIME > > 250 DSN > > >>> STARTTLS > > 220 2.0.0 Ready to start TLS > > >>> QUIT > > 221 2.0.0 Bye > > ... Connecting to x.x.se. via esmtp... > > ... Closing connection to x.x.se. > > 220 x.x.se ESMTP > > >>> EHLO fujitsugw > > 250-x3.seb.se > > 250-PIPELINING > > 250-SIZE 102400000 > > 250-ETRN > > 250-STARTTLS > > 250-ENHANCEDSTATUSCODES > > 250-8BITMIME > > 250 DSN > > >>> STARTTLS > > 220 2.0.0 Ready to start TLS > > >>> QUIT > > 221 2.0.0 Bye > > ... *Deferred: 403 4.7.0 authentication failed* > > Closing connection to x.x.se. > > When we route through the other 2 mailgw's it is no problem but on > this TLS doesn't work, normal mail (not TLS) works good on this, I > have looked at certs and everything looks good does anyone have a clue? > > Thanks! > > > -- Ing. Sergio Rabellino Universit? degli Studi di Torino Dipartimento di Informatica ICT Services Director Tel +39-0116706701 Fax +39-011751603 C.so Svizzera , 185 - 10149 - Torino -------------- next part -------------- Skipped content of type multipart/related From jtbober at argentassociates.com Fri Mar 2 16:25:58 2012 From: jtbober at argentassociates.com (Jonathan Bober) Date: Fri Mar 2 16:26:15 2012 Subject: Spam Issues w/ MailScanner and SpamAssassin In-Reply-To: <4F50A2FF.1050209@di.unito.it> References: <1346982F9DBDA4488EBA19C8BF28495909F02AED@FINMAIL16.nordic.x> <4F50A2FF.1050209@di.unito.it> Message-ID: <005301ccf891$295fc3b0$7c1f4b10$@com> All, I setup a mail server for a small business with mailscanner, spamassassin, and clamav to handle any viruses or spam. They were being inundated with spam still so I adjusted some settings within mailscanner and spamassassin as well as adding pyzor, razor, dcc and sought rules. For most users this has helped quite a bit but there are still 4 users within the system that are getting hundreds of "enlargement" emails and they are at odds with me about it. Anyone have any experience with a small group of users that are getting tons of spam? Any possible causes mailscanner and spamassassin to allow this through? I have the system set to delete spam as it comes in but this is to no avail. Thanks, Jonathan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120302/d7c8f0a9/attachment.html From jeremy at fluxlabs.net Fri Mar 2 16:29:26 2012 From: jeremy at fluxlabs.net (Jeremy McSpadden) Date: Fri Mar 2 16:29:42 2012 Subject: Spam Issues w/ MailScanner and SpamAssassin In-Reply-To: <005301ccf891$295fc3b0$7c1f4b10$@com> References: <1346982F9DBDA4488EBA19C8BF28495909F02AED@FINMAIL16.nordic.x> <4F50A2FF.1050209@di.unito.it>,<005301ccf891$295fc3b0$7c1f4b10$@com> Message-ID: <4CBDDB79-81F9-4328-845F-6641F539924C@fluxlabs.net> Can you pastebin some of the emails + headers. Are you using any RBLs? -- Jeremy McSpadden On Mar 2, 2012, at 10:27 AM, "Jonathan Bober" > wrote: All, I setup a mail server for a small business with mailscanner, spamassassin, and clamav to handle any viruses or spam. They were being inundated with spam still so I adjusted some settings within mailscanner and spamassassin as well as adding pyzor, razor, dcc and sought rules. For most users this has helped quite a bit but there are still 4 users within the system that are getting hundreds of ?enlargement? emails and they are at odds with me about it. Anyone have any experience with a small group of users that are getting tons of spam? Any possible causes mailscanner and spamassassin to allow this through? I have the system set to delete spam as it comes in but this is to no avail. Thanks, Jonathan -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120302/00ff0848/attachment.html From jeremy at fluxlabs.net Fri Mar 2 16:30:57 2012 From: jeremy at fluxlabs.net (Jeremy McSpadden) Date: Fri Mar 2 16:31:31 2012 Subject: Spam Issues w/ MailScanner and SpamAssassin In-Reply-To: <005301ccf891$295fc3b0$7c1f4b10$@com> References: <1346982F9DBDA4488EBA19C8BF28495909F02AED@FINMAIL16.nordic.x> <4F50A2FF.1050209@di.unito.it>,<005301ccf891$295fc3b0$7c1f4b10$@com> Message-ID: <9A594517-67EB-44BA-B1CD-14CB6A9A0E44@fluxlabs.net> Also, which MTA? -- Jeremy McSpadden On Mar 2, 2012, at 10:27 AM, "Jonathan Bober" > wrote: All, I setup a mail server for a small business with mailscanner, spamassassin, and clamav to handle any viruses or spam. They were being inundated with spam still so I adjusted some settings within mailscanner and spamassassin as well as adding pyzor, razor, dcc and sought rules. For most users this has helped quite a bit but there are still 4 users within the system that are getting hundreds of ?enlargement? emails and they are at odds with me about it. Anyone have any experience with a small group of users that are getting tons of spam? Any possible causes mailscanner and spamassassin to allow this through? I have the system set to delete spam as it comes in but this is to no avail. Thanks, Jonathan -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120302/7028230a/attachment.html From john at tradoc.fr Fri Mar 2 16:59:12 2012 From: john at tradoc.fr (John Wilcock) Date: Fri Mar 2 16:59:30 2012 Subject: Spam Issues w/ MailScanner and SpamAssassin In-Reply-To: <005301ccf891$295fc3b0$7c1f4b10$@com> References: <1346982F9DBDA4488EBA19C8BF28495909F02AED@FINMAIL16.nordic.x> <4F50A2FF.1050209@di.unito.it> <005301ccf891$295fc3b0$7c1f4b10$@com> Message-ID: <4F50FC60.3080704@tradoc.fr> Before you start looking too closely at spamassassin rules, have you set up some basic anti-spam settings on the MTA side? In particular, rejecting invalid and non-FDQN HELO can be a big help, as can one or two reliable RBLs (spamhaus zen is generally considered safe enough to reject outright at MTA level, for example). And of course make sure you're rejecting mail to unknown users rather than diverting to catchall accounts. Le 02/03/2012 17:25, Jonathan Bober a ?crit : > All, > > I setup a mail server for a small business with mailscanner, > spamassassin, and clamav to handle any viruses or spam. They were being > inundated with spam still so I adjusted some settings within mailscanner > and spamassassin as well as adding pyzor, razor, dcc and sought rules. > For most users this has helped quite a bit but there are still 4 users > within the system that are getting hundreds of ?enlargement? emails and > they are at odds with me about it. Anyone have any experience with a > small group of users that are getting tons of spam? Any possible causes > mailscanner and spamassassin to allow this through? I have the system > set to delete spam as it comes in but this is to no avail. > > Thanks, > > Jonathan > > > From jtbober at argentassociates.com Fri Mar 2 17:02:44 2012 From: jtbober at argentassociates.com (Jonathan Bober) Date: Fri Mar 2 17:03:00 2012 Subject: Spam Issues w/ MailScanner and SpamAssassin In-Reply-To: <9A594517-67EB-44BA-B1CD-14CB6A9A0E44@fluxlabs.net> References: <1346982F9DBDA4488EBA19C8BF28495909F02AED@FINMAIL16.nordic.x> <4F50A2FF.1050209@di.unito.it>, <005301ccf891$295fc3b0$7c1f4b10$@com> <9A594517-67EB-44BA-B1CD-14CB6A9A0E44@fluxlabs.net> Message-ID: <006c01ccf896$4c68a110$e539e330$@com> Postfix v. 2.6.6 as the MTA and Dovecot v. 2.0.9 as the MDA. Jonathan From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeremy McSpadden Sent: Friday, March 02, 2012 11:31 AM To: MailScanner discussion Cc: MailScanner discussion Subject: Re: Spam Issues w/ MailScanner and SpamAssassin Also, which MTA? -- Jeremy McSpadden On Mar 2, 2012, at 10:27 AM, "Jonathan Bober" wrote: All, I setup a mail server for a small business with mailscanner, spamassassin, and clamav to handle any viruses or spam. They were being inundated with spam still so I adjusted some settings within mailscanner and spamassassin as well as adding pyzor, razor, dcc and sought rules. For most users this has helped quite a bit but there are still 4 users within the system that are getting hundreds of "enlargement" emails and they are at odds with me about it. Anyone have any experience with a small group of users that are getting tons of spam? Any possible causes mailscanner and spamassassin to allow this through? I have the system set to delete spam as it comes in but this is to no avail. Thanks, Jonathan -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120302/46d88d81/attachment.html From john.oneill.ie at gmail.com Fri Mar 2 17:08:08 2012 From: john.oneill.ie at gmail.com (John O'Neill) Date: Fri Mar 2 17:08:17 2012 Subject: Spam Issues w/ MailScanner and SpamAssassin In-Reply-To: <005301ccf891$295fc3b0$7c1f4b10$@com> References: <1346982F9DBDA4488EBA19C8BF28495909F02AED@FINMAIL16.nordic.x> <4F50A2FF.1050209@di.unito.it> <005301ccf891$295fc3b0$7c1f4b10$@com> Message-ID: May not be helpful but we had something like that. We implemented address lookups before delivery dropping any mail with a non valid address. Stopped a lot of junk coming in for us. On 2 Mar 2012 16:29, "Jonathan Bober" wrote: > All,**** > > ** ** > > I setup a mail server for a small business with mailscanner, spamassassin, > and clamav to handle any viruses or spam. They were being inundated with > spam still so I adjusted some settings within mailscanner and spamassassin > as well as adding pyzor, razor, dcc and sought rules. For most users this > has helped quite a bit but there are still 4 users within the system that > are getting hundreds of ?enlargement? emails and they are at odds with me > about it. Anyone have any experience with a small group of users that are > getting tons of spam? Any possible causes mailscanner and spamassassin to > allow this through? I have the system set to delete spam as it comes in but > this is to no avail.**** > > ** ** > > Thanks,**** > > ** ** > > Jonathan**** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120302/f799a64d/attachment.html From jtbober at argentassociates.com Fri Mar 2 19:08:43 2012 From: jtbober at argentassociates.com (Jonathan Bober) Date: Fri Mar 2 19:15:39 2012 Subject: Spam Issues w/ MailScanner and SpamAssassin In-Reply-To: <4F50FC60.3080704@tradoc.fr> References: <1346982F9DBDA4488EBA19C8BF28495909F02AED@FINMAIL16.nordic.x> <4F50A2FF.1050209@di.unito.it> <005301ccf891$295fc3b0$7c1f4b10$@com> <4F50FC60.3080704@tradoc.fr> Message-ID: <002001ccf8a7$e5d4d7e0$b17e87a0$@com> I have the RBLs setup... mail to unknown users is being rejected...I will look through my setup to see if non-FQDN HELO is being rejected. Thank you for the input -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of John Wilcock Sent: Friday, March 02, 2012 11:59 AM To: MailScanner discussion Subject: Re: Spam Issues w/ MailScanner and SpamAssassin Before you start looking too closely at spamassassin rules, have you set up some basic anti-spam settings on the MTA side? In particular, rejecting invalid and non-FDQN HELO can be a big help, as can one or two reliable RBLs (spamhaus zen is generally considered safe enough to reject outright at MTA level, for example). And of course make sure you're rejecting mail to unknown users rather than diverting to catchall accounts. Le 02/03/2012 17:25, Jonathan Bober a ?crit : > All, > > I setup a mail server for a small business with mailscanner, > spamassassin, and clamav to handle any viruses or spam. They were > being inundated with spam still so I adjusted some settings within > mailscanner and spamassassin as well as adding pyzor, razor, dcc and sought rules. > For most users this has helped quite a bit but there are still 4 users > within the system that are getting hundreds of ?enlargement? emails > and they are at odds with me about it. Anyone have any experience with > a small group of users that are getting tons of spam? Any possible > causes mailscanner and spamassassin to allow this through? I have the > system set to delete spam as it comes in but this is to no avail. > > Thanks, > > Jonathan > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From jtbober at argentassociates.com Fri Mar 2 20:44:43 2012 From: jtbober at argentassociates.com (Jonathan Bober) Date: Fri Mar 2 20:45:00 2012 Subject: Spam Issues w/ MailScanner and SpamAssassin In-Reply-To: <4CBDDB79-81F9-4328-845F-6641F539924C@fluxlabs.net> References: <1346982F9DBDA4488EBA19C8BF28495909F02AED@FINMAIL16.nordic.x> <4F50A2FF.1050209@di.unito.it>, <005301ccf891$295fc3b0$7c1f4b10$@com> <4CBDDB79-81F9-4328-845F-6641F539924C@fluxlabs.net> Message-ID: <000c01ccf8b5$5010f780$f032e680$@com> Typing this from my phone. yes when I have a chance I will paste some headers. I am using RBLs. spamhaus, zen, and one more that I cannot recall without looking at the config. From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeremy McSpadden Sent: Friday, March 02, 2012 11:29 AM To: MailScanner discussion Cc: MailScanner discussion Subject: Re: Spam Issues w/ MailScanner and SpamAssassin Can you pastebin some of the emails + headers. Are you using any RBLs? -- Jeremy McSpadden On Mar 2, 2012, at 10:27 AM, "Jonathan Bober" wrote: All, I setup a mail server for a small business with mailscanner, spamassassin, and clamav to handle any viruses or spam. They were being inundated with spam still so I adjusted some settings within mailscanner and spamassassin as well as adding pyzor, razor, dcc and sought rules. For most users this has helped quite a bit but there are still 4 users within the system that are getting hundreds of "enlargement" emails and they are at odds with me about it. Anyone have any experience with a small group of users that are getting tons of spam? Any possible causes mailscanner and spamassassin to allow this through? I have the system set to delete spam as it comes in but this is to no avail. Thanks, Jonathan -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120302/771d23f3/attachment.html From MailScanner at ecs.soton.ac.uk Sun Mar 4 23:04:17 2012 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sun Mar 4 23:04:33 2012 Subject: /usr/sbin/update_bad_phishing_sites broken References: <4F53F4F1.40706@ecs.soton.ac.uk> Message-ID: Folks, I'm afraid I've broken the update_bad_phishing_sites script due to letting the mailscanner.tv domain expire by accident. I was sure that domain wasn't used for anything, and it's quite expensive, so I let it expire. Bad move. I'll get a new domain set up and running in its place as fast as I can, and then you'll need to do a quick grep www.mailscanner.tv /usr/sbin/* and change each of those occurrences to the new site once I've got it going. Many apologies again for this, and please bear with me while I get this fixed. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'Teach a man to reason, and he will think for a lifetime.' - Phil Plait 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jeremy at fluxlabs.net Sun Mar 4 23:09:32 2012 From: jeremy at fluxlabs.net (Jeremy McSpadden) Date: Sun Mar 4 23:09:46 2012 Subject: /usr/sbin/update_bad_phishing_sites broken In-Reply-To: References: <4F53F4F1.40706@ecs.soton.ac.uk>, Message-ID: <844100C1-5D9F-4A07-9B4A-F97DB6F83822@fluxlabs.net> How much is the renewal? I'm sure the public wouldn't mind pitching into to renew it for everyone. -- Jeremy McSpadden On Mar 4, 2012, at 5:07 PM, "Jules Field" wrote: > Folks, > > I'm afraid I've broken the update_bad_phishing_sites script due to letting the mailscanner.tv domain expire by accident. I was sure that domain wasn't used for anything, and it's quite expensive, so I let it expire. > > Bad move. > > I'll get a new domain set up and running in its place as fast as I can, and then you'll need to do a quick > grep www.mailscanner.tv /usr/sbin/* > and change each of those occurrences to the new site once I've got it going. > > Many apologies again for this, and please bear with me while I get this fixed. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > Need help customising MailScanner? Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM > > 'Teach a man to reason, and he will think for a lifetime.' - Phil Plait > 'All programs have a desire to be useful' - Tron, 1982 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Mar 4 23:26:37 2012 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sun Mar 4 23:26:49 2012 Subject: /usr/sbin/update_bad_phishing_sites broken In-Reply-To: <844100C1-5D9F-4A07-9B4A-F97DB6F83822@fluxlabs.net> References: <4F53F4F1.40706@ecs.soton.ac.uk>, <844100C1-5D9F-4A07-9B4A-F97DB6F83822@fluxlabs.net> <4F53FA2D.9080302@ecs.soton.ac.uk> Message-ID: It's too late, it's already been snapped up by someone else. I'm planning on switching www.mailscanner.tv to cdn.mailscanner.info, but will let you know here as soon as I have something back up and running. It requires help from a good friend of mine (Matt Hampton) so I can't do much until he's read his mail in the morning. I'll be in touch very soon, and will tell you what scripts you'll need to change and exactly what change to make. Jules. On 04/03/2012 23:09, Jeremy McSpadden wrote: > How much is the renewal? I'm sure the public wouldn't mind pitching into to renew it for everyone. > > > -- > Jeremy McSpadden > > On Mar 4, 2012, at 5:07 PM, "Jules Field" wrote: > >> Folks, >> >> I'm afraid I've broken the update_bad_phishing_sites script due to letting the mailscanner.tv domain expire by accident. I was sure that domain wasn't used for anything, and it's quite expensive, so I let it expire. >> >> Bad move. >> >> I'll get a new domain set up and running in its place as fast as I can, and then you'll need to do a quick >> grep www.mailscanner.tv /usr/sbin/* >> and change each of those occurrences to the new site once I've got it going. >> >> Many apologies again for this, and please bear with me while I get this fixed. >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> >> Buy the MailScanner book at www.MailScanner.info/store >> Need help customising MailScanner? Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM >> >> 'Teach a man to reason, and he will think for a lifetime.' - Phil Plait >> 'All programs have a desire to be useful' - Tron, 1982 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > Need help customising MailScanner? Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM > > 'Teach a man to reason, and he will think for a lifetime.' - Phil Plait > 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jeremy at fluxlabs.net Mon Mar 5 00:12:07 2012 From: jeremy at fluxlabs.net (Jeremy McSpadden) Date: Mon Mar 5 00:12:22 2012 Subject: /usr/sbin/update_bad_phishing_sites broken In-Reply-To: References: <4F53F4F1.40706@ecs.soton.ac.uk>, <844100C1-5D9F-4A07-9B4A-F97DB6F83822@fluxlabs.net> <4F53FA2D.9080302@ecs.soton.ac.uk>, Message-ID: Expiration date: 02 Mar 2012 15:51:35 A domain sits in renewal available for at minimum 30 days. Usually depending on registrar. Domain name: mailscanner.tv Registrant Contact: Julian Field () Fax: 21 Church Lane Highfield Southampton, HAMPSHIRE SO17 1SY GB Administrative Contact: Julian Field ([http://source.domaintools.com/email.pgif?md5=044a55be65cdea376e2bd583f9958eb1&face=arial&size=9&color=000000&bgcolor=FFFFFF&face=arial&size=9&color=0000FF&bgcolor=FFFFFF&format[]=underline&format[]=transparent&format[]=transparent]) +44.2380592817 Fax: 21 Church Lane Highfield Southampton, HAMPSHIRE SO17 1SY GB Technical Contact: Julian Field ([http://source.domaintools.com/email.pgif?md5=044a55be65cdea376e2bd583f9958eb1&face=arial&size=9&color=000000&bgcolor=FFFFFF&face=arial&size=9&color=0000FF&bgcolor=FFFFFF&format[]=underline&format[]=transparent&format[]=transparent]) +44.2380592817 Fax: 21 Church Lane Highfield Southampton, HAMPSHIRE SO17 1SY GB You are still the registrars contact for both admin and tech contacts so you can still renew it. I don't mind helping out. -- Jeremy McSpadden On Mar 4, 2012, at 5:31 PM, "Jules Field" > wrote: It's too late, it's already been snapped up by someone else. I'm planning on switching www.mailscanner.tv to cdn.mailscanner.info, but will let you know here as soon as I have something back up and running. It requires help from a good friend of mine (Matt Hampton) so I can't do much until he's read his mail in the morning. I'll be in touch very soon, and will tell you what scripts you'll need to change and exactly what change to make. Jules. On 04/03/2012 23:09, Jeremy McSpadden wrote: How much is the renewal? I'm sure the public wouldn't mind pitching into to renew it for everyone. -- Jeremy McSpadden On Mar 4, 2012, at 5:07 PM, "Jules Field"> wrote: Folks, I'm afraid I've broken the update_bad_phishing_sites script due to letting the mailscanner.tv domain expire by accident. I was sure that domain wasn't used for anything, and it's quite expensive, so I let it expire. Bad move. I'll get a new domain set up and running in its place as fast as I can, and then you'll need to do a quick grep www.mailscanner.tv /usr/sbin/* and change each of those occurrences to the new site once I've got it going. Many apologies again for this, and please bear with me while I get this fixed. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'Teach a man to reason, and he will think for a lifetime.' - Phil Plait 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'Teach a man to reason, and he will think for a lifetime.' - Phil Plait 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120305/2b2faf2e/attachment.html From raymond at prolocation.net Mon Mar 5 07:20:49 2012 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Mon Mar 5 07:21:14 2012 Subject: /usr/sbin/update_bad_phishing_sites broken In-Reply-To: References: <4F53F4F1.40706@ecs.soton.ac.uk> Message-ID: Hai Jules, You can use Mailscanner.us its on auto renew here. Thanks, Raymond Dijkxhoorn, Prolocation Op 5 mrt. 2012 om 00:04 heeft Jules Field het volgende geschreven: > Folks, > > I'm afraid I've broken the update_bad_phishing_sites script due to letting the mailscanner.tv domain expire by accident. I was sure that domain wasn't used for anything, and it's quite expensive, so I let it expire. > > Bad move. > > I'll get a new domain set up and running in its place as fast as I can, and then you'll need to do a quick > grep www.mailscanner.tv /usr/sbin/* > and change each of those occurrences to the new site once I've got it going. > > Many apologies again for this, and please bear with me while I get this fixed. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > Need help customising MailScanner? Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM > > 'Teach a man to reason, and he will think for a lifetime.' - Phil Plait > 'All programs have a desire to be useful' - Tron, 1982 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 5 10:46:56 2012 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 5 10:47:13 2012 Subject: /usr/sbin/update_bad_phishing_sites broken In-Reply-To: References: <4F53F4F1.40706@ecs.soton.ac.uk> <4F5499A0.2010600@ecs.soton.ac.uk> Message-ID: Many thanks for the offers, I have already got it setup and running again. You can either 1. Download and install the latest release from www.mailscanner.info. or 2. Edit /usr/sbin/update_bad_phishing_sites (and /usr/sbin/update_bad_phishing_emails if you have it too). Change "www.mailscanner.tv" to "cdn.mailscanner.info". After doing this, rm -rf /var/spool/MailScanner/quarantine/phishingupdate /usr/sbin/update_bad_phishing_sites (and run /usr/sbin/update_bad_phishing_emails if you have it too). This will regenerate the correct cache, as it may have been corrupted by the people who swiped my domain. Sorry about all of this, Jules. On 05/03/2012 07:20, Raymond Dijkxhoorn wrote: > Hai Jules, > > You can use Mailscanner.us its on auto renew here. > > Thanks, > Raymond Dijkxhoorn, Prolocation > > > Op 5 mrt. 2012 om 00:04 heeft Jules Field het volgende geschreven: > >> Folks, >> >> I'm afraid I've broken the update_bad_phishing_sites script due to letting the mailscanner.tv domain expire by accident. I was sure that domain wasn't used for anything, and it's quite expensive, so I let it expire. >> >> Bad move. >> >> I'll get a new domain set up and running in its place as fast as I can, and then you'll need to do a quick >> grep www.mailscanner.tv /usr/sbin/* >> and change each of those occurrences to the new site once I've got it going. >> >> Many apologies again for this, and please bear with me while I get this fixed. >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> >> Buy the MailScanner book at www.MailScanner.info/store >> Need help customising MailScanner? Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM >> >> 'Teach a man to reason, and he will think for a lifetime.' - Phil Plait >> 'All programs have a desire to be useful' - Tron, 1982 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! Jules Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'It's okay to live without all the answers' - Charlie Eppes, 2011 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From m.a.young at durham.ac.uk Mon Mar 5 12:23:45 2012 From: m.a.young at durham.ac.uk (M A Young) Date: Mon Mar 5 12:24:27 2012 Subject: /usr/sbin/update_bad_phishing_sites broken In-Reply-To: References: <4F53F4F1.40706@ecs.soton.ac.uk> Message-ID: On Sun, 4 Mar 2012, Jules Field wrote: > I'll get a new domain set up and running in its place as fast as I can, and > then you'll need to do a quick > grep www.mailscanner.tv /usr/sbin/* > and change each of those occurrences to the new site once I've got it going. mailscanner.tv is also used in /etc/MailScanner/MailScanner.conf - Web Bug Replacement = http://www.mailscanner.tv/1x1spacer.gif There are also references to the web bug replacement link in /usr/share/doc/mailscanner-4.83.4/MailScanner.conf.index.html /usr/share/doc/mailscanner-4.83.4/doc/MailScanner.conf.index.html Michael Young From phil.randal at hoopleltd.co.uk Mon Mar 5 12:28:11 2012 From: phil.randal at hoopleltd.co.uk (Randal, Phil) Date: Mon Mar 5 12:29:17 2012 Subject: /usr/sbin/update_bad_phishing_sites broken In-Reply-To: References: <4F53F4F1.40706@ecs.soton.ac.uk> <4F5499A0.2010600@ecs.soton.ac.uk> Message-ID: <7CA580B59C1ABD45B4614ED90D4C7B853D1008C6@HC-EXMBX04.herefordshire.gov.uk> ScamNailer users also need to update the ScamNailer script in the same way, or download the updated ScamNailer script. Cheers, Phil -- Phil Randal Infrastructure Engineer Hoople Ltd | Thorn Office Centre | Hereford HR2 6JT Tel: 01432 260415 | Email: phil.randal@hoopleltd.co.uk -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 05 March 2012 10:47 To: MailScanner discussion Subject: Re: /usr/sbin/update_bad_phishing_sites broken Many thanks for the offers, I have already got it setup and running again. You can either 1. Download and install the latest release from www.mailscanner.info. or 2. Edit /usr/sbin/update_bad_phishing_sites (and /usr/sbin/update_bad_phishing_emails if you have it too). Change "www.mailscanner.tv" to "cdn.mailscanner.info". After doing this, rm -rf /var/spool/MailScanner/quarantine/phishingupdate /usr/sbin/update_bad_phishing_sites (and run /usr/sbin/update_bad_phishing_emails if you have it too). This will regenerate the correct cache, as it may have been corrupted by the people who swiped my domain. Sorry about all of this, Jules. On 05/03/2012 07:20, Raymond Dijkxhoorn wrote: > Hai Jules, > > You can use Mailscanner.us its on auto renew here. > > Thanks, > Raymond Dijkxhoorn, Prolocation > > > Op 5 mrt. 2012 om 00:04 heeft Jules Field het volgende geschreven: > >> Folks, >> >> I'm afraid I've broken the update_bad_phishing_sites script due to letting the mailscanner.tv domain expire by accident. I was sure that domain wasn't used for anything, and it's quite expensive, so I let it expire. >> >> Bad move. >> >> I'll get a new domain set up and running in its place as fast as I >> can, and then you'll need to do a quick grep www.mailscanner.tv >> /usr/sbin/* and change each of those occurrences to the new site once I've got it going. >> >> Many apologies again for this, and please bear with me while I get this fixed. >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> >> Buy the MailScanner book at www.MailScanner.info/store Need help >> customising MailScanner? Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM >> >> 'Teach a man to reason, and he will think for a lifetime.' - Phil >> Plait 'All programs have a desire to be useful' - Tron, 1982 >> >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! Jules Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'It's okay to live without all the answers' - Charlie Eppes, 2011 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ?Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From Denis.Beauchemin at usherbrooke.ca Mon Mar 5 13:25:22 2012 From: Denis.Beauchemin at usherbrooke.ca (Denis Beauchemin) Date: Mon Mar 5 13:26:01 2012 Subject: /usr/sbin/update_bad_phishing_sites broken In-Reply-To: References: <4F53F4F1.40706@ecs.soton.ac.uk> Message-ID: Jules, The /usr/sbin/update_bad_phishing_sites script does not work if your Quarantine Dir variable is set to a ruleset such as %rules-dir%/quarantine.rules. I modified the script to use the default quarantine location which is ok for me. Denis ______________________________ Denis Beauchemin Architecte technologique - Infrastructure des serveurs Service des technologies de l?information Universit? de Sherbrooke T?l.?: 819 821-8000, poste 62252 Courriel?: Denis.Beauchemin@USherbrooke.ca > -----Message d'origine----- > De?: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] De la part de Jules Field > Envoy??: 4 mars 2012 18:06 > ??: MailScanner mailing list > Objet?: /usr/sbin/update_bad_phishing_sites broken > > Folks, > > I'm afraid I've broken the update_bad_phishing_sites script due to letting > the mailscanner.tv domain expire by accident. I was sure that domain wasn't > used for anything, and it's quite expensive, so I let it expire. > > Bad move. > > I'll get a new domain set up and running in its place as fast as I can, and then > you'll need to do a quick grep www.mailscanner.tv /usr/sbin/* and change > each of those occurrences to the new site once I've got it going. > > Many apologies again for this, and please bear with me while I get this fixed. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store Need help > customising MailScanner? Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow > me at twitter.com/JulesFM > > 'Teach a man to reason, and he will think for a lifetime.' - Phil Plait 'All > programs have a desire to be useful' - Tron, 1982 > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 5 14:24:38 2012 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 5 14:24:54 2012 Subject: /usr/sbin/update_bad_phishing_sites broken In-Reply-To: References: <4F53F4F1.40706@ecs.soton.ac.uk> <4F54CCA6.7090505@ecs.soton.ac.uk> Message-ID: On 05/03/2012 12:23, M A Young wrote: > On Sun, 4 Mar 2012, Jules Field wrote: > >> I'll get a new domain set up and running in its place as fast as I >> can, and then you'll need to do a quick >> grep www.mailscanner.tv /usr/sbin/* >> and change each of those occurrences to the new site once I've got it >> going. > > mailscanner.tv is also used in > /etc/MailScanner/MailScanner.conf - Web Bug Replacement = > http://www.mailscanner.tv/1x1spacer.gif Yes, you're absolutely right, you need to change "www.mailscanner.tv" to "cdn.mailscanner.info" in that line as well. I've just released 4.84.5-2 to reflect that change. > There are also references to the web bug replacement link in > /usr/share/doc/mailscanner-4.83.4/MailScanner.conf.index.html > /usr/share/doc/mailscanner-4.83.4/doc/MailScanner.conf.index.html > They are auto-generated so should now be correct in 4.84.5-2. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'It's okay to live without all the answers' - Charlie Eppes, 2011 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From bbecken at aafp.org Mon Mar 5 14:36:09 2012 From: bbecken at aafp.org (Brad Beckenhauer) Date: Mon Mar 5 14:36:30 2012 Subject: /usr/sbin/update_bad_phishing_sites broken In-Reply-To: References: <4F53F4F1.40706@ecs.soton.ac.uk> <4F5499A0.2010600@ecs.soton.ac.uk> Message-ID: <4F547AF902000068000AEC1D@smtp.aafp.org> Skipped content of type multipart/alternative From raylund.lai at kankanwoo.com Mon Mar 5 17:16:47 2012 From: raylund.lai at kankanwoo.com (Raylund Lai) Date: Mon Mar 5 17:17:20 2012 Subject: MailScanner IMPORTANT FIX In-Reply-To: References: <4F549A39.1060705@ecs.soton.ac.uk> Message-ID: <008701ccfaf3$bf6a1860$3e3e4920$@kankanwoo.com> For people using FreeBSD, the files are: /usr/local/libexec/MailScanner/update_bad_phishing_sites /usr/local/libexec/MailScanner/update_bad_phishing_emails Cheers Raylund -----Original Message----- From: mailscanner-announce-bounces@lists.mailscanner.info [mailto:mailscanner-announce-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Monday, March 05, 2012 5:49 AM To: MailScanner-Announce mailing list list Subject: MailScanner IMPORTANT FIX This is important news for all users of MailScanner and/or ScamNailer. Due to a domain name expiring (yes, my fault, I know :-( ) the updates for the known bad phishing sites will no longer be correct. You can either 1a. Download and install the latest release of MailScanner from www.mailscanner.info. or 1b. Edit /usr/sbin/update_bad_phishing_sites (and /usr/sbin/update_bad_phishing_emails if you have it too). Change "www.mailscanner.tv" to "cdn.mailscanner.info". 2. After doing steps 1a or 1b above, rm -rf /var/spool/MailScanner/quarantine/phishingupdate /usr/sbin/update_bad_phishing_sites (and run /usr/sbin/update_bad_phishing_emails if you have it too). This will regenerate the correct cache, as it may have been corrupted by the people who swiped my domain. Sorry about all of this, Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'It's okay to live without all the answers' - Charlie Eppes, 2011 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner-announce mailing list mailscanner-announce@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner-announce Before posting, read the Wiki (http://wiki.mailscanner.info/). Support MailScanner development - buy the book off the website! From Jean-Francois.Masson at USherbrooke.ca Mon Mar 5 18:02:59 2012 From: Jean-Francois.Masson at USherbrooke.ca (Jean-Francois Masson) Date: Mon Mar 5 18:03:19 2012 Subject: /usr/sbin/update_bad_phishing_sites broken In-Reply-To: References: <4F53F4F1.40706@ecs.soton.ac.uk> Message-ID: <4F54FFD3.5050106@USherbrooke.ca> Salut, Je viens de voir l'update. Est-ce que tu as fait l'update sur nos machines. Est-ce qu'il en reste ? faire? JF On 03/05/2012 08:25 AM, Denis Beauchemin wrote: > Jules, > > The /usr/sbin/update_bad_phishing_sites script does not work if your Quarantine Dir variable is set to a ruleset such as %rules-dir%/quarantine.rules. > > I modified the script to use the default quarantine location which is ok for me. > > Denis > > ______________________________ > Denis Beauchemin > Architecte technologique - Infrastructure des serveurs > Service des technologies de l?information > Universit? de Sherbrooke > > T?l. : 819 821-8000, poste 62252 > Courriel : Denis.Beauchemin@USherbrooke.ca > >> -----Message d'origine----- >> De : mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] De la part de Jules Field >> Envoy? : 4 mars 2012 18:06 >> ? : MailScanner mailing list >> Objet : /usr/sbin/update_bad_phishing_sites broken >> >> Folks, >> >> I'm afraid I've broken the update_bad_phishing_sites script due to letting >> the mailscanner.tv domain expire by accident. I was sure that domain wasn't >> used for anything, and it's quite expensive, so I let it expire. >> >> Bad move. >> >> I'll get a new domain set up and running in its place as fast as I can, and then >> you'll need to do a quick grep www.mailscanner.tv /usr/sbin/* and change >> each of those occurrences to the new site once I've got it going. >> >> Many apologies again for this, and please bear with me while I get this fixed. >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> >> Buy the MailScanner book at www.MailScanner.info/store Need help >> customising MailScanner? Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow >> me at twitter.com/JulesFM >> >> 'Teach a man to reason, and he will think for a lifetime.' - Phil Plait 'All >> programs have a desire to be useful' - Tron, 1982 >> >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! -- ------------------------------------------------------------------------ *Jean-Fran?ois Masson* Technicien en syst?mes ordin?s - Infrastructure des serveurs Service des technologies de l?information Universit? de Sherbrooke T?l. : 819 821-8000, poste 61987 Courriel : Jean-Francois.Masson@USherbrooke.ca -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120305/35163dad/attachment.html From jeremy at fluxlabs.net Mon Mar 5 18:19:22 2012 From: jeremy at fluxlabs.net (Jeremy McSpadden) Date: Mon Mar 5 18:19:39 2012 Subject: /usr/sbin/update_bad_phishing_sites broken In-Reply-To: Message-ID: root@smtp2 sbin]# update_phishing_sites --2012-03-05 12:18:39-- http://cdn.mailscanner.info/phishing.safe.sites.conf.master Resolving cdn.mailscanner.info... 67.201.31.178 Connecting to cdn.mailscanner.info|67.201.31.178|:80... connected. HTTP request sent, awaiting response... 404 Not Found 2012-03-05 12:18:39 ERROR 404: Not Found. -- Jeremy McSpadden Flux Labs, Inc http://www.fluxlabs.net Endless Solutions Office : 850-588-4626 Cell : 850-890-2543 Fax : 850-254-2955 On 3/5/12 8:24 AM, "Julian Field" wrote: > > >On 05/03/2012 12:23, M A Young wrote: >> On Sun, 4 Mar 2012, Jules Field wrote: >> >>> I'll get a new domain set up and running in its place as fast as I >>> can, and then you'll need to do a quick >>> grep www.mailscanner.tv /usr/sbin/* >>> and change each of those occurrences to the new site once I've got it >>> going. >> >> mailscanner.tv is also used in >> /etc/MailScanner/MailScanner.conf - Web Bug Replacement = >> http://www.mailscanner.tv/1x1spacer.gif >Yes, you're absolutely right, you need to change "www.mailscanner.tv" to >"cdn.mailscanner.info" in that line as well. I've just released 4.84.5-2 >to reflect that change. >> There are also references to the web bug replacement link in >> /usr/share/doc/mailscanner-4.83.4/MailScanner.conf.index.html >> /usr/share/doc/mailscanner-4.83.4/doc/MailScanner.conf.index.html >> >They are auto-generated so should now be correct in 4.84.5-2. > >Jules > >-- >Julian Field MEng CITP CEng >www.MailScanner.info > >Buy the MailScanner book at www.MailScanner.info/store >Need help customising MailScanner? Contact me! > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >Follow me at twitter.com/JulesFM > >'It's okay to live without all the answers' - Charlie Eppes, 2011 >'All programs have a desire to be useful' - Tron, 1982 > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > From mark at msapiro.net Mon Mar 5 19:39:48 2012 From: mark at msapiro.net (Mark Sapiro) Date: Mon Mar 5 19:40:01 2012 Subject: /usr/sbin/update_bad_phishing_sites broken - ScamNailer too. References: alpine.GSO.2.00.1203051215320.13614@algedi.dur.ac.uk Message-ID: <4F551684.3060602@msapiro.net> Julian Field wrote: > You can either > 1a. Download and install the latest release of MailScanner from > www.mailscanner.info. > or > 1b. Edit /usr/sbin/update_bad_phishing_sites (and > /usr/sbin/update_bad_phishing_emails if you have it too). Change > "www.mailscanner.tv" to "cdn.mailscanner.info". You also need to make this change in your ScamNailer script if you have one, or is that what is meant by /usr/sbin/update_bad_phishing_emails? If so, that's not where my ScamNailer script is. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From alex at vidadigital.com.pa Mon Mar 5 19:55:10 2012 From: alex at vidadigital.com.pa (Alex Neuman) Date: Mon Mar 5 19:55:20 2012 Subject: /usr/sbin/update_bad_phishing_sites broken In-Reply-To: References: <4F53F4F1.40706@ecs.soton.ac.uk> Message-ID: One way in the meantime to fix could be an entry in /etc/hosts pointing to the new IP address, IMHO. Could you tell us what it is, Jules? On Mon, Mar 5, 2012 at 7:23 AM, M A Young wrote: > On Sun, 4 Mar 2012, Jules Field wrote: > >> I'll get a new domain set up and running in its place as fast as I can, >> and then you'll need to do a quick >> grep www.mailscanner.tv /usr/sbin/* >> and change each of those occurrences to the new site once I've got it >> going. > > > mailscanner.tv is also used in > /etc/MailScanner/MailScanner.conf - Web Bug Replacement = > http://www.mailscanner.tv/1x1spacer.gif > There are also references to the web bug replacement link in > /usr/share/doc/mailscanner-4.83.4/MailScanner.conf.index.html > /usr/share/doc/mailscanner-4.83.4/doc/MailScanner.conf.index.html > > ? ? ? ?Michael Young > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital From email at ace.net.au Mon Mar 5 20:05:57 2012 From: email at ace.net.au (Peter Nitschke) Date: Mon Mar 5 20:06:13 2012 Subject: /usr/sbin/update_bad_phishing_sites broken In-Reply-To: References: <4F53F4F1.40706@ecs.soton.ac.uk> <4F5499A0.2010600@ecs.soton.ac.uk> Message-ID: <201203060635570186.153E9D28@web.ace.net.au> Thank you for the prompt solution! Cheers *********** REPLY SEPARATOR *********** On 5/03/2012 at 10:46 AM Julian Field wrote: >Many thanks for the offers, I have already got it setup and running again. > >You can either >1. Download and install the latest release from www.mailscanner.info. >or >2. Edit /usr/sbin/update_bad_phishing_sites (and >/usr/sbin/update_bad_phishing_emails if you have it too). Change >"www.mailscanner.tv" to "cdn.mailscanner.info". > >After doing this, > rm -rf /var/spool/MailScanner/quarantine/phishingupdate > /usr/sbin/update_bad_phishing_sites >(and run /usr/sbin/update_bad_phishing_emails if you have it too). > >This will regenerate the correct cache, as it may have been corrupted by >the people who swiped my domain. > >Sorry about all of this, >Jules. > From micoots at yahoo.com Mon Mar 5 23:47:42 2012 From: micoots at yahoo.com (Michael Mansour) Date: Mon Mar 5 23:47:52 2012 Subject: MailScanner IMPORTANT FIX In-Reply-To: References: <4F549A39.1060705@ecs.soton.ac.uk> Message-ID: <1330991262.93209.YahooMailNeo@web160703.mail.bf1.yahoo.com> For the benefit of the list, I also had to do (for ScamNailer): 1. Edit /usr/local/bin/ScamNailer and change to: ? my $urlbase = "http://cdn.mailscanner.info/emails."; 2. rm -fr /var/cache/ScamNailer/ 3. re-run /usr/local/bin/ScamNailer Regards, Michael. ________________________________ From: Julian Field To: MailScanner-Announce mailing list list Sent: Monday, 5 March 2012 9:49 PM Subject: MailScanner IMPORTANT FIX This is important news for all users of MailScanner and/or ScamNailer. Due to a domain name expiring (yes, my fault, I know :-( ) the updates for the known bad phishing sites will no longer be correct. You can either 1a. Download and install the latest release of MailScanner from www.mailscanner.info. or 1b. Edit /usr/sbin/update_bad_phishing_sites (and /usr/sbin/update_bad_phishing_emails if you have it too). Change "www.mailscanner.tv" to "cdn.mailscanner.info". 2. After doing steps 1a or 1b above, ? ? rm -rf /var/spool/MailScanner/quarantine/phishingupdate ? ? /usr/sbin/update_bad_phishing_sites (and run /usr/sbin/update_bad_phishing_emails if you have it too). This will regenerate the correct cache, as it may have been corrupted by the people who swiped my domain. Sorry about all of this, Jules -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120305/714ebd8d/attachment.html From suren at ramadbk.com Tue Mar 6 07:08:13 2012 From: suren at ramadbk.com (Suren Manatunga) Date: Tue Mar 6 07:43:32 2012 Subject: Update Clamav In-Reply-To: <4ED7BD1B.1050003@casa.co.cu> References: <20111130224343.12601e0tsxi804q7@webmail.casa.cult.cu> <4ED7BD1B.1050003@casa.co.cu> Message-ID: <000001ccfb67$f0fd5800$d2f80800$@com> Does anyone know, how to upgrade the Clamav from the Clamav site itself, Because clearly Mailscanner Team is not supporting us by updating their web site. I was thinking to do something like this, can someone confirm if this should work STEP1 wget http://downloads.sourceforge.net/clamav/clamav-0.97.3.tar.gz STEP2 tar zxvf clamav-0.97.3.tar.gz STEP3 ./configure -prefix=/usr/bin/ Make Make install Any help would be appreciated -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120306/a9d7a3f0/attachment-0001.html From Amelein at dantumadiel.eu Tue Mar 6 08:26:27 2012 From: Amelein at dantumadiel.eu (Arjan Melein) Date: Tue Mar 6 08:27:18 2012 Subject: Betr.: Update Clamav In-Reply-To: <000001ccfb67$f0fd5800$d2f80800$@com> References: <20111130224343.12601e0tsxi804q7@webmail.casa.cult.cu> <4ED7BD1B.1050003@casa.co.cu> <000001ccfb67$f0fd5800$d2f80800$@com> Message-ID: <4F55D8430200008E0001D84D@10.1.0.206> If you go with compiling from source, make sure you do not have the RPM's installed. If you want to use RPM's, get the SRPM's and build from that, which makes future updates easier but can cause issues if your distro has clamav in its repo's and releases something slightly newer. There are plenty of howto's on how to set up 'rpmbuild' for first use. If, after installing your own new version, MS hates you and can't find clamav or wont update it, check the virus.scanners.conf and clamav-autoupdate files. Other then that it should pretty much be as straightforward as you already said, just make sure you don't end up with different versions installed at the same time :-) - Arjan >>> Op 6-3-2012 om 8:08 is door "Suren Manatunga" geschreven: > Does anyone know, how to upgrade the Clamav from the Clamav site itself, > Because clearly Mailscanner Team is not supporting us by updating their web > site. > > I was thinking to do something like this, can someone confirm if this should > work > > STEP1 > wget http://downloads.sourceforge.net/clamav/clamav-0.97.3.tar.gz > > > STEP2 > tar zxvf clamav-0.97.3.tar.gz > > STEP3 > ./configure -prefix=/usr/bin/ > Make > Make install > > > Any help would be appreciated > > > From rietendakje at live.nl Tue Mar 6 10:47:30 2012 From: rietendakje at live.nl (glenn b) Date: Tue Mar 6 10:47:40 2012 Subject: Mailwatch per_user filtering Message-ID: Hi all, I?ve want some more information about user_administration in mailscanner/mailwatch. At this moment I?ve been looking to the documentation on the website and found out that you can add several different user types. Documentation: http://mailwatch.sourceforge.net/doku.php?id=mailwatch:documentation:user_administration I?m interested in the ?R? typ : Regexpr. INSERT INTO users VALUES ('',md5(''),'','R'); INSERT INTO user_filters VALUES ('','',md5(rand()),'Y'); I?ve been looking for some examples, but I couldn?t found one on the web. The things I want to know, is what you can put in the field. As I?m correct you can setup a user with a certain view with this method, is it possible to set some user op that can view everything except certain mails with a certain object? For example: ? User R cannot see mails from mails incomming with subject ?Private?. ? User R2 cannot read the body from sensitive/confidential mails. ( this info is located in the message header) At this moment I?m interesting to setting up a user for the second example, but I?m not sure if this is possible and if a regular expression can help me with this. Any advice or examples are welcome. Kind Regards,Glenn -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120306/88806abb/attachment.html From mailscanner at joolee.nl Tue Mar 6 11:17:57 2012 From: mailscanner at joolee.nl (Joolee) Date: Tue Mar 6 11:18:46 2012 Subject: Mailwatch per_user filtering In-Reply-To: References: Message-ID: I didn't check it but as far as i know, the filters are only used for filtering the E-mail addresses. For instance, you can use filter /info@username\..+\.tld/i to match all mail to info on a subdomein per user for all domeins. (don't have a clue who could use something like this but you get the point) (I didn't theck the format it could be eregi is used so you don't need the / /i parts.) On 6 March 2012 11:47, glenn b wrote: > Hi all, > > > > I?ve want some more information about user_administration in > mailscanner/mailwatch. > > > > At this moment I?ve been looking to the documentation on the website and > found out that you can add several different user types. > > Documentation: > http://mailwatch.sourceforge.net/doku.php?id=mailwatch:documentation:user_administration > > > > I?m interested in the ?R? typ : Regexpr. > > > > INSERT INTO users VALUES ('',md5(''),'','R') > ; > > INSERT INTO user_filters VALUES ('','',md5(rand()),'Y'); > > > > I?ve been looking for some examples, but I couldn?t found one on the web. > The things I want to know, is what you can put in the field. > > > > As I?m correct you can setup a user with a certain view with this method, > is it possible to set some user op that can view everything except certain > mails with a certain object? > > > > For example: > > > > ? User R cannot see mails from mails incomming with subject > ?Private?. > > ? User R2 cannot read the body from sensitive/confidential mails. > ( this info is located in the message header) > > > > At this moment I?m interesting to setting up a user for the second > example, but I?m not sure if this is possible and if a regular expression > can help me with this. > > > > Any advice or examples are welcome. > > > Kind Regards, > > Glenn > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120306/a09e2b3e/attachment.html From jeremy at fluxlabs.net Tue Mar 6 13:42:29 2012 From: jeremy at fluxlabs.net (Jeremy McSpadden) Date: Tue Mar 6 13:42:45 2012 Subject: Mailwatch per_user filtering In-Reply-To: References: Message-ID: <3CEA88F8-9C71-4F5E-9864-AF1F34CDBD08@fluxlabs.net> Take a look at Baruwa. Alot more options than mail watch. -- Jeremy McSpadden On Mar 6, 2012, at 4:49 AM, "glenn b" > wrote: Hi all, I?ve want some more information about user_administration in mailscanner/mailwatch. At this moment I?ve been looking to the documentation on the website and found out that you can add several different user types. Documentation: http://mailwatch.sourceforge.net/doku.php?id=mailwatch:documentation:user_administration I?m interested in the ?R? typ : Regexpr. INSERT INTO users VALUES ('',md5(''),'','R'); INSERT INTO user_filters VALUES ('','',md5(rand()),'Y'); I?ve been looking for some examples, but I couldn?t found one on the web. The things I want to know, is what you can put in the field. As I?m correct you can setup a user with a certain view with this method, is it possible to set some user op that can view everything except certain mails with a certain object? For example: ? User R cannot see mails from mails incomming with subject ?Private?. ? User R2 cannot read the body from sensitive/confidential mails. ( this info is located in the message header) At this moment I?m interesting to setting up a user for the second example, but I?m not sure if this is possible and if a regular expression can help me with this. Any advice or examples are welcome. Kind Regards, Glenn -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120306/a0938386/attachment.html From john.oneill.ie at gmail.com Tue Mar 6 13:46:25 2012 From: john.oneill.ie at gmail.com (John O'Neill) Date: Tue Mar 6 13:46:34 2012 Subject: RBL Check not working Message-ID: Hi all, I am having an issue at the moment with some spam getting into our mail system. Its seems that the RBL check is not being carried out. Relevant config lines are as follows Spam Checks = yes > Spam List = spamhaus-ZEN barracuda > Spam Lists To Be Spam = 1 > Spam List Timeout = 10 > If I run a manual check of a listed IP address using dig I get the following results dig 86.38.186.83.zen.spamhaus.org. > ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> > 86.38.186.83.zen.spamhaus.org. > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1225 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;86.38.186.83.zen.spamhaus.org. IN A > > ;; ANSWER SECTION: > 86.38.186.83.zen.spamhaus.org. 529 IN A 127.0.0.11 > > ;; Query time: 18 msec > ;; SERVER: 208.67.222.222#53(208.67.222.222) > ;; WHEN: Tue Mar 6 13:31:28 2012 > ;; MSG SIZE rcvd: 63 > I have RBL checks disabled in spam.assassin.prefs.conf (skip_rbl_checks 1) on the basis that I want MailScanner to do them. The system is running MailScanner 4.84.3 on Cent OS Anybody seen this before ? Cheers, John -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120306/bfaa1e95/attachment.html From alex at vidadigital.com.pa Tue Mar 6 17:37:30 2012 From: alex at vidadigital.com.pa (Alex Neuman van der Hans) Date: Tue Mar 6 17:37:49 2012 Subject: Update Clamav In-Reply-To: <000001ccfb67$f0fd5800$d2f80800$@com> References: <20111130224343.12601e0tsxi804q7@webmail.casa.cult.cu> <4ED7BD1B.1050003@casa.co.cu> <000001ccfb67$f0fd5800$d2f80800$@com> Message-ID: Should work as long as the conf's use the same paths - which work if you installed it from source originally. On Mar 6, 2012, at 2:08 AM, Suren Manatunga wrote: > Does anyone know, how to upgrade the Clamav from the Clamav site itself, > Because clearly Mailscanner Team is not supporting us by updating their web site. > > I was thinking to do something like this, can someone confirm if this should work > > STEP1 > wget http://downloads.sourceforge.net/clamav/clamav-0.97.3.tar.gz > > > STEP2 > tar zxvf clamav-0.97.3.tar.gz > > STEP3 > ./configure ?prefix=/usr/bin/ > Make > Make install > > > Any help would be appreciated > > > > > -------------- > This message has been scanned for viruses and > dangerous content by RamaDBK MailScanner (ramadbk.com), > and is believed to be clean. -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From suren at ramadbk.com Wed Mar 7 01:01:37 2012 From: suren at ramadbk.com (Suren Manatunga) Date: Wed Mar 7 00:51:04 2012 Subject: Update Clamav In-Reply-To: References: <20111130224343.12601e0tsxi804q7@webmail.casa.cult.cu> <4ED7BD1B.1050003@casa.co.cu> <000001ccfb67$f0fd5800$d2f80800$@com> Message-ID: <006f01ccfbfd$da7aa470$8f6fed50$@com> Before I installed it from Mailscanner Website "ClamAV 0.96.5 and SpamAssassin 3.3.1 easy installation package." There for if I install the clamav-0.97.3.tar.gz from source will it be ok too. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans Sent: Wednesday, March 07, 2012 2:38 AM To: MailScanner discussion Subject: Re: Update Clamav Should work as long as the conf's use the same paths - which work if you installed it from source originally. On Mar 6, 2012, at 2:08 AM, Suren Manatunga wrote: > Does anyone know, how to upgrade the Clamav from the Clamav site itself, > Because clearly Mailscanner Team is not supporting us by updating their web site. > > I was thinking to do something like this, can someone confirm if this should work > > STEP1 > wget http://downloads.sourceforge.net/clamav/clamav-0.97.3.tar.gz > > > STEP2 > tar zxvf clamav-0.97.3.tar.gz > > STEP3 > ./configure -prefix=/usr/bin/ > Make > Make install > > > Any help would be appreciated > > > > > -------------- > This message has been scanned for viruses and > dangerous content by RamaDBK MailScanner (ramadbk.com), > and is believed to be clean. -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From m.a.young at durham.ac.uk Wed Mar 7 12:14:09 2012 From: m.a.young at durham.ac.uk (M A Young) Date: Wed Mar 7 12:15:02 2012 Subject: Update Clamav In-Reply-To: <000001ccfb67$f0fd5800$d2f80800$@com> References: <20111130224343.12601e0tsxi804q7@webmail.casa.cult.cu> <4ED7BD1B.1050003@casa.co.cu> <000001ccfb67$f0fd5800$d2f80800$@com> Message-ID: On Tue, 6 Mar 2012, Suren Manatunga wrote: > Does anyone know, how to upgrade the Clamav from the Clamav site itself, > > Because clearly Mailscanner Team is not supporting us by updating their web > site. Depending on your OS you may be able to get prebuilt packages. For CentOS or RHEL we use the rpms from http://rpmforge.net/ . Michael Young From iam at st-andrews.ac.uk Wed Mar 7 17:07:26 2012 From: iam at st-andrews.ac.uk (Ian McDonald) Date: Wed Mar 7 17:07:50 2012 Subject: Debug mode. Message-ID: Hi, Is there a way to get mailscanner to run normally, and chuck all the debug information into the logs too? (I know this will have adverse effects on performance :) ) We're trying to get to the bottom of an intermittent issue where mailscanner loops over a message that clamav detects as having a virus in (over and over) until it quarantines it, but can't seem to recreate it when the system's not under load. We're running 4.84.3.1, perl 5.10.1, clamav 0.97.3. Thanks -- ian The University of St Andrews is a charity registered in Scotland : No SC013532 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120307/4a358f08/attachment.html From jeremy at fluxlabs.net Wed Mar 7 17:14:51 2012 From: jeremy at fluxlabs.net (Jeremy McSpadden) Date: Wed Mar 7 17:15:07 2012 Subject: Debug mode. In-Reply-To: Message-ID: Are you sure its not a taint issue? What distro? Can you paste bin any logs that show the loops? -- Jeremy McSpadden Flux Labs, Inc http://www.fluxlabs.net Endless Solutions Office : 850-588-4626 Cell : 850-890-2543 Fax : 850-254-2955 From: Ian McDonald > Reply-To: MailScanner discussion > Date: Wed, 7 Mar 2012 17:07:26 +0000 To: MailScanner discussion > Subject: Debug mode. Hi, Is there a way to get mailscanner to run normally, and chuck all the debug information into the logs too? (I know this will have adverse effects on performance :) ) We?re trying to get to the bottom of an intermittent issue where mailscanner loops over a message that clamav detects as having a virus in (over and over) until it quarantines it, but can?t seem to recreate it when the system?s not under load. We?re running 4.84.3.1, perl 5.10.1, clamav 0.97.3. Thanks -- ian The University of St Andrews is a charity registered in Scotland : No SC013532 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120307/43bb8a17/attachment.html From iam at st-andrews.ac.uk Wed Mar 7 18:27:20 2012 From: iam at st-andrews.ac.uk (Ian McDonald) Date: Wed Mar 7 18:27:46 2012 Subject: Debug mode. In-Reply-To: References: Message-ID: Not sure it's a taint issue (and we've -U on anyway) http://pastebin.com/6qY4GNm8 It seems to do it for a minute or so on a heap of messages every few hours. If I look at the messages, I find nothing out of the ordinary. -- ian From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeremy McSpadden Sent: 07 March 2012 17:15 To: MailScanner discussion Subject: Re: Debug mode. Are you sure its not a taint issue? What distro? Can you paste bin any logs that show the loops? -- Jeremy McSpadden Flux Labs, Inc http://www.fluxlabs.net Endless Solutions Office : 850-588-4626 Cell : 850-890-2543 Fax : 850-254-2955 From: Ian McDonald > Reply-To: MailScanner discussion > Date: Wed, 7 Mar 2012 17:07:26 +0000 To: MailScanner discussion > Subject: Debug mode. Hi, Is there a way to get mailscanner to run normally, and chuck all the debug information into the logs too? (I know this will have adverse effects on performance :) ) We're trying to get to the bottom of an intermittent issue where mailscanner loops over a message that clamav detects as having a virus in (over and over) until it quarantines it, but can't seem to recreate it when the system's not under load. We're running 4.84.3.1, perl 5.10.1, clamav 0.97.3. Thanks -- ian The University of St Andrews is a charity registered in Scotland : No SC013532 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120307/20bdff0f/attachment.html From pparsons at techeez.com Wed Mar 7 23:33:08 2012 From: pparsons at techeez.com (Philip Parsons) Date: Wed Mar 7 23:36:54 2012 Subject: /usr/sbin/update_bad_phishing_sites broken In-Reply-To: <201203060635570186.153E9D28@web.ace.net.au> References: <4F53F4F1.40706@ecs.soton.ac.uk> <4F5499A0.2010600@ecs.soton.ac.uk> <201203060635570186.153E9D28@web.ace.net.au> Message-ID: <11D8E491D9562549A61FD3186F36342001AC84705D@exchange.techeez.com> Today after making the change I am getting.. Failed to retrieve http://cdn.mailscanner.info/2012-103.56 at /usr/sbin/update_bad_phishing_sites line 198. Retrieving http://cdn.mailscanner.info/2012-103.57 Is anyone else getting that ? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter Nitschke Sent: March-05-12 12:06 PM To: mailscanner@lists.mailscanner.info Subject: Re: /usr/sbin/update_bad_phishing_sites broken Thank you for the prompt solution! Cheers *********** REPLY SEPARATOR *********** On 5/03/2012 at 10:46 AM Julian Field wrote: >Many thanks for the offers, I have already got it setup and running again. > >You can either >1. Download and install the latest release from www.mailscanner.info. >or >2. Edit /usr/sbin/update_bad_phishing_sites (and >/usr/sbin/update_bad_phishing_emails if you have it too). Change >"www.mailscanner.tv" to "cdn.mailscanner.info". > >After doing this, > rm -rf /var/spool/MailScanner/quarantine/phishingupdate > /usr/sbin/update_bad_phishing_sites >(and run /usr/sbin/update_bad_phishing_emails if you have it too). > >This will regenerate the correct cache, as it may have been corrupted >by the people who swiped my domain. > >Sorry about all of this, >Jules. > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From email at ace.net.au Thu Mar 8 00:47:03 2012 From: email at ace.net.au (Peter Nitschke) Date: Thu Mar 8 00:47:18 2012 Subject: /usr/sbin/update_bad_phishing_sites broken In-Reply-To: <11D8E491D9562549A61FD3186F36342001AC84705D@exchange.techeez.com> References: <4F53F4F1.40706@ecs.soton.ac.uk> <4F5499A0.2010600@ecs.soton.ac.uk> <201203060635570186.153E9D28@web.ace.net.au> <11D8E491D9562549A61FD3186F36342001AC84705D@exchange.techeez.com> Message-ID: <201203081117030075.208C9849@web.ace.net.au> Yes, it just started recently - cdn.mainscanner.info doesn't exist in DNS records. *********** REPLY SEPARATOR *********** On 7/03/2012 at 11:33 PM Philip Parsons wrote: >Today after making the change I am getting.. > >Failed to retrieve http://cdn.mailscanner.info/2012-103.56 at >/usr/sbin/update_bad_phishing_sites line 198. >Retrieving http://cdn.mailscanner.info/2012-103.57 > >Is anyone else getting that ? > >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter >Nitschke >Sent: March-05-12 12:06 PM >To: mailscanner@lists.mailscanner.info >Subject: Re: /usr/sbin/update_bad_phishing_sites broken > >Thank you for the prompt solution! > >Cheers > >*********** REPLY SEPARATOR *********** > >On 5/03/2012 at 10:46 AM Julian Field wrote: > >>Many thanks for the offers, I have already got it setup and running again. >> >>You can either >>1. Download and install the latest release from www.mailscanner.info. >>or >>2. Edit /usr/sbin/update_bad_phishing_sites (and >>/usr/sbin/update_bad_phishing_emails if you have it too). Change >>"www.mailscanner.tv" to "cdn.mailscanner.info". >> >>After doing this, >> rm -rf /var/spool/MailScanner/quarantine/phishingupdate >> /usr/sbin/update_bad_phishing_sites >>(and run /usr/sbin/update_bad_phishing_emails if you have it too). >> >>This will regenerate the correct cache, as it may have been corrupted >>by the people who swiped my domain. >> >>Sorry about all of this, >>Jules. >> > > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > >-- >This message has been scanned for viruses and dangerous content by >MailScanner, and is believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From mailscanner-list at okla.com Thu Mar 8 01:01:15 2012 From: mailscanner-list at okla.com (Tracy Greggs) Date: Thu Mar 8 01:01:49 2012 Subject: /usr/sbin/update_bad_phishing_sites broken In-Reply-To: <201203081117030075.208C9849@web.ace.net.au> References: <4F53F4F1.40706@ecs.soton.ac.uk> <4F5499A0.2010600@ecs.soton.ac.uk> <201203060635570186.153E9D28@web.ace.net.au> <11D8E491D9562549A61FD3186F36342001AC84705D@exchange.techeez.com> <201203081117030075.208C9849@web.ace.net.au> Message-ID: <001901ccfcc6$fa451fa0$eecf5ee0$@okla.com> cdn.mailscanner.info canonical name = wwwmailscannertv.bastionnetworksl.netdna-cdn.com Which does not resolve. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter Nitschke Sent: Wednesday, March 07, 2012 6:47 PM To: mailscanner@lists.mailscanner.info Subject: RE: /usr/sbin/update_bad_phishing_sites broken Yes, it just started recently - cdn.mainscanner.info doesn't exist in DNS records. *********** REPLY SEPARATOR *********** On 7/03/2012 at 11:33 PM Philip Parsons wrote: >Today after making the change I am getting.. > >Failed to retrieve http://cdn.mailscanner.info/2012-103.56 at >/usr/sbin/update_bad_phishing_sites line 198. >Retrieving http://cdn.mailscanner.info/2012-103.57 > >Is anyone else getting that ? > >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter >Nitschke >Sent: March-05-12 12:06 PM >To: mailscanner@lists.mailscanner.info >Subject: Re: /usr/sbin/update_bad_phishing_sites broken > >Thank you for the prompt solution! > >Cheers > >*********** REPLY SEPARATOR *********** > >On 5/03/2012 at 10:46 AM Julian Field wrote: > >>Many thanks for the offers, I have already got it setup and running again. >> >>You can either >>1. Download and install the latest release from www.mailscanner.info. >>or >>2. Edit /usr/sbin/update_bad_phishing_sites (and >>/usr/sbin/update_bad_phishing_emails if you have it too). Change >>"www.mailscanner.tv" to "cdn.mailscanner.info". >> >>After doing this, >> rm -rf /var/spool/MailScanner/quarantine/phishingupdate >> /usr/sbin/update_bad_phishing_sites >>(and run /usr/sbin/update_bad_phishing_emails if you have it too). >> >>This will regenerate the correct cache, as it may have been corrupted >>by the people who swiped my domain. >> >>Sorry about all of this, >>Jules. >> > > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > >-- >This message has been scanned for viruses and dangerous content by >MailScanner, and is believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From pparsons at techeez.com Thu Mar 8 00:59:41 2012 From: pparsons at techeez.com (Philip Parsons) Date: Thu Mar 8 01:03:23 2012 Subject: /usr/sbin/update_bad_phishing_sites broken In-Reply-To: <201203081117030075.208C9849@web.ace.net.au> References: <4F53F4F1.40706@ecs.soton.ac.uk> <4F5499A0.2010600@ecs.soton.ac.uk> <201203060635570186.153E9D28@web.ace.net.au> <11D8E491D9562549A61FD3186F36342001AC84705D@exchange.techeez.com> <201203081117030075.208C9849@web.ace.net.au> Message-ID: <11D8E491D9562549A61FD3186F36342001AC84707A@exchange.techeez.com> Yeah I figured that out once I had sent in the message. Julies what's happened to DNS ? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter Nitschke Sent: March-07-12 4:47 PM To: mailscanner@lists.mailscanner.info Subject: RE: /usr/sbin/update_bad_phishing_sites broken Yes, it just started recently - cdn.mainscanner.info doesn't exist in DNS records. *********** REPLY SEPARATOR *********** On 7/03/2012 at 11:33 PM Philip Parsons wrote: >Today after making the change I am getting.. > >Failed to retrieve http://cdn.mailscanner.info/2012-103.56 at >/usr/sbin/update_bad_phishing_sites line 198. >Retrieving http://cdn.mailscanner.info/2012-103.57 > >Is anyone else getting that ? > >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter >Nitschke >Sent: March-05-12 12:06 PM >To: mailscanner@lists.mailscanner.info >Subject: Re: /usr/sbin/update_bad_phishing_sites broken > >Thank you for the prompt solution! > >Cheers > >*********** REPLY SEPARATOR *********** > >On 5/03/2012 at 10:46 AM Julian Field wrote: > >>Many thanks for the offers, I have already got it setup and running again. >> >>You can either >>1. Download and install the latest release from www.mailscanner.info. >>or >>2. Edit /usr/sbin/update_bad_phishing_sites (and >>/usr/sbin/update_bad_phishing_emails if you have it too). Change >>"www.mailscanner.tv" to "cdn.mailscanner.info". >> >>After doing this, >> rm -rf /var/spool/MailScanner/quarantine/phishingupdate >> /usr/sbin/update_bad_phishing_sites >>(and run /usr/sbin/update_bad_phishing_emails if you have it too). >> >>This will regenerate the correct cache, as it may have been corrupted >>by the people who swiped my domain. >> >>Sorry about all of this, >>Jules. >> > > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > >-- >This message has been scanned for viruses and dangerous content by >MailScanner, and is believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From noel.butler at ausics.net Thu Mar 8 01:09:02 2012 From: noel.butler at ausics.net (Noel Butler) Date: Thu Mar 8 01:09:14 2012 Subject: /usr/sbin/update_bad_phishing_sites broken In-Reply-To: <11D8E491D9562549A61FD3186F36342001AC84705D@exchange.techeez.com> References: <4F53F4F1.40706@ecs.soton.ac.uk> <4F5499A0.2010600@ecs.soton.ac.uk> <201203060635570186.153E9D28@web.ace.net.au> <11D8E491D9562549A61FD3186F36342001AC84705D@exchange.techeez.com> Message-ID: <1331168942.4156.14.camel@tardis> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120308/9c45ca01/attachment.bin From mark at msapiro.net Thu Mar 8 02:58:30 2012 From: mark at msapiro.net (Mark Sapiro) Date: Thu Mar 8 02:58:47 2012 Subject: cdn.mailscanner.info quit working Message-ID: <4F582056.6090305@msapiro.net> The domain for phishing site and ScamNailer, cdn.mailscanner.info, is no longer working. DNS chows a CNAME to wwwmailscannertv.bastionnetworksl.netdna-cdn.com. I don't know if this is correct or not, but wwwmailscannertv.bastionnetworksl.netdna-cdn.com has no A record. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From alishagurung89 at gmail.com Thu Mar 8 05:38:10 2012 From: alishagurung89 at gmail.com (alisha gurung) Date: Thu Mar 8 05:38:19 2012 Subject: Mailscanner Upgrade Message-ID: HI all, i am running Centos 5.7 in the server and the output of MailScanner is: *This is MailScanner version 4.84.3 Module versions are: 1.00 AnyDBM_File 1.30 Archive::Zip 0.23 bignum 1.04 Carp 1.42 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121_08 Data::Dumper 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.20 File::Temp 0.90 Filesys::Df 3.64 HTML::Entities 3.64 HTML::Parser 3.57 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.04 Mail::Header 1.89 Math::BigInt 0.22 Math::BigRat 3.05 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.03 MIME::QuotedPrint 5.427 MIME::Tools 0.13 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.05 Pod::Simple 1.09 POSIX 1.21 Scalar::Util 1.78 Socket 2.15 Storable 1.4 Sys::Hostname::Long 0.27 Sys::Syslog 1.26 Test::Pod 0.6 Test::Simple 1.68 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.29 Archive::Tar 0.23 bignum 1.82 Business::ISBN 1.10 Business::ISBN::Data 1.08 Data::Dump 1.814 DB_File 1.25 DBD::SQLite 1.607 DBI 1.10 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 1.00 Encode::Detect 0.17008 Error 0.18 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 2.38 Getopt::Long 0.44 Inline 1.08 IO::String 1.04 IO::Zlib 2.21 IP::Country 0.29 Mail::ClamAV 3.003001 Mail::SpamAssassin v2.004 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.65 Net::DNS 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP 4.004 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.52 Test::Harness 0.95 Test::Manifest 1.98 Text::Balanced 1.35 URI 0.7203 version 0.62 YAML *I would like to update/upgrade it to the latest version which is 4.84.5-2 and we have postfix installed and even that needs to be updated.. Can you please tell me how can we do that in CentOS? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120308/cf61f7bf/attachment.html From jeremy at fluxlabs.net Thu Mar 8 05:41:31 2012 From: jeremy at fluxlabs.net (Jeremy McSpadden) Date: Thu Mar 8 05:41:48 2012 Subject: Mailscanner Upgrade In-Reply-To: Message-ID: yum update ? assuming you installed from a repo. If it was from source, grab the source, and compile. -- Jeremy McSpadden Flux Labs, Inc http://www.fluxlabs.net Endless Solutions Office : 850-588-4626 Cell : 850-890-2543 Fax : 850-254-2955 From: alisha gurung > Reply-To: MailScanner discussion > Date: Thu, 8 Mar 2012 00:38:10 -0500 To: MailScanner discussion > Subject: Mailscanner Upgrade HI all, i am running Centos 5.7 in the server and the output of MailScanner is: This is MailScanner version 4.84.3 Module versions are: 1.00 AnyDBM_File 1.30 Archive::Zip 0.23 bignum 1.04 Carp 1.42 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121_08 Data::Dumper 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.20 File::Temp 0.90 Filesys::Df 3.64 HTML::Entities 3.64 HTML::Parser 3.57 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.04 Mail::Header 1.89 Math::BigInt 0.22 Math::BigRat 3.05 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.03 MIME::QuotedPrint 5.427 MIME::Tools 0.13 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.05 Pod::Simple 1.09 POSIX 1.21 Scalar::Util 1.78 Socket 2.15 Storable 1.4 Sys::Hostname::Long 0.27 Sys::Syslog 1.26 Test::Pod 0.6 Test::Simple 1.68 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.29 Archive::Tar 0.23 bignum 1.82 Business::ISBN 1.10 Business::ISBN::Data 1.08 Data::Dump 1.814 DB_File 1.25 DBD::SQLite 1.607 DBI 1.10 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 1.00 Encode::Detect 0.17008 Error 0.18 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 2.38 Getopt::Long 0.44 Inline 1.08 IO::String 1.04 IO::Zlib 2.21 IP::Country 0.29 Mail::ClamAV 3.003001 Mail::SpamAssassin v2.004 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.65 Net::DNS 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP 4.004 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.52 Test::Harness 0.95 Test::Manifest 1.98 Text::Balanced 1.35 URI 0.7203 version 0.62 YAML I would like to update/upgrade it to the latest version which is 4.84.5-2 and we have postfix installed and even that needs to be updated.. Can you please tell me how can we do that in CentOS? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120308/92395180/attachment.html From maxsec at gmail.com Thu Mar 8 06:29:19 2012 From: maxsec at gmail.com (Martin Hepworth) Date: Thu Mar 8 06:29:32 2012 Subject: Mailscanner Upgrade In-Reply-To: References: Message-ID: Assuming you installed using rpms from the web site follow the instructions in the wiki Martin On Thursday, 8 March 2012, Jeremy McSpadden wrote: > yum update ? assuming you installed from a repo. If it was from source, grab the source, and compile. > -- > Jeremy McSpadden > Flux Labs, Inc > http://www.fluxlabs.net > Endless Solutions > Office : 850-588-4626 > Cell : 850-890-2543 > Fax : 850-254-2955 > From: alisha gurung > Reply-To: MailScanner discussion > Date: Thu, 8 Mar 2012 00:38:10 -0500 > To: MailScanner discussion > Subject: Mailscanner Upgrade > > HI all, > > i am running Centos 5.7 in the server and the output of MailScanner is: > > This is MailScanner version 4.84.3 > Module versions are: > 1.00 AnyDBM_File > 1.30 Archive::Zip > 0.23 bignum > 1.04 Carp > 1.42 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.121_08 Data::Dumper > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.74 File::Basename > 2.09 File::Copy > 2.01 FileHandle > 1.08 File::Path > 0.20 File::Temp > 0.90 Filesys::Df > 3.64 HTML::Entities > 3.64 HTML::Parser > 3.57 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.04 Mail::Header > 1.89 Math::BigInt > 0.22 Math::BigRat > 3.05 MIME::Base64 > 5.427 MIME::Decoder > 5.427 MIME::Decoder::UU > 5.427 MIME::Head > 5.427 MIME::Parser > 3.03 MIME::QuotedPrint > 5.427 MIME::Tools > 0.13 Net::CIDR > 1.25 Net::IP > 0.16 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.05 Pod::Simple > 1.09 POSIX > 1.21 Scalar::Util > 1.78 Socket > 2.15 Storable > 1.4 Sys::Hostname::Long > 0.27 Sys::Syslog > 1.26 Test::Pod > 0.6 Test::Simple > 1.68 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.29 Archive::Tar > 0.23 bignum > 1.82 Business::ISBN > 1.10 Business::ISBN::Data > 1.08 Data::Dump > 1.814 DB_File > 1.25 DBD::SQLite > 1.607 DBI > 1.10 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > 1.00 Encode::Detect > 0.17008 Error > 0.18 ExtUtils::CBuilder > 2.18 ExtUtils::ParseXS > 2.38 Getopt::Long > 0.44 Inline > 1.08 IO::String > 1.04 IO::Zlib > 2.21 IP::Country > 0.29 Mail::ClamAV > 3.003001 Mail::SpamAssassin > v2.004 Mail::SPF > 1.999001 Mail::SPF::Query > 0.2808 Module::Build > 0.20 Net::CIDR::Lite > 0.65 Net::DNS > 0.002.2 Net::DNS::Resolver::Programmable > missing Net::LDAP > 4.004 NetAddr::IP > 1.94 Parse::RecDescent > missing SAVI > 2.52 Test::Harness > 0.95 Test::Manifest > 1.98 Text::Balanced > 1.35 URI > 0.7203 version > 0.62 YAML > > I would like to update/upgrade it to the latest version which is 4.84.5-2 and we have postfix installed and even that needs to be updated.. > > Can you please tell me how can we do that in CentOS? > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120308/4fa90d77/attachment.html From matt.hampton.uk at gmail.com Thu Mar 8 08:51:19 2012 From: matt.hampton.uk at gmail.com (Matt Hampton) Date: Thu Mar 8 08:51:27 2012 Subject: Issues with the Phishing Updates Message-ID: All For some reason the CDN provider has removed the CNAME from the DNS servers. I have a ticket raised with them to get the issue addressed asap. Matt From bonivart at opencsw.org Thu Mar 8 12:48:48 2012 From: bonivart at opencsw.org (Peter Bonivart) Date: Thu Mar 8 12:49:18 2012 Subject: CLSID in filenames Message-ID: I have some customers receiving files like this: VENDET_83410_20120124_{396E4021-9322-4F70-9A2C-45ECD782B8A6}.pdf. They trigger the default CLSID rule in filename.rules.conf: # Deny filenames containing CLSID's deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real type Files containing CLSID's are trying to hide their real type I googled it and found this: http://www.juniper.net/security/auto/vulnerabilities/vuln2612.html. According to that it's only dangerous if the CLSID is at the end of the filename, in the example above a normal extension comes after the CLSID. Would it be recommended to change the rule to something like this? # Deny filenames containing CLSID's deny \{[a-hA-H0-9-]{25,}\}$ Filename trying to hide its real type Files containing CLSID's are trying to hide their real type /peter From peter at farrows.org Thu Mar 8 13:12:00 2012 From: peter at farrows.org (Peter Farrow) Date: Thu Mar 8 13:12:12 2012 Subject: CLSID in filenames In-Reply-To: References: Message-ID: <191146989-1331212323-cardhu_decombobulator_blackberry.rim.net-1737318960-@b18.c11.bise7.blackberry> I think this is a sender education issue. P. ------------------ -----Original Message----- From: Peter Bonivart Sender: mailscanner-bounces@lists.mailscanner.info Date: Thu, 8 Mar 2012 13:48:48 To: MailScanner discussion Reply-To: MailScanner discussion Subject: CLSID in filenames I have some customers receiving files like this: VENDET_83410_20120124_{396E4021-9322-4F70-9A2C-45ECD782B8A6}.pdf. They trigger the default CLSID rule in filename.rules.conf: # Deny filenames containing CLSID's deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real type Files containing CLSID's are trying to hide their real type I googled it and found this: http://www.juniper.net/security/auto/vulnerabilities/vuln2612.html. According to that it's only dangerous if the CLSID is at the end of the filename, in the example above a normal extension comes after the CLSID. Would it be recommended to change the rule to something like this? # Deny filenames containing CLSID's deny \{[a-hA-H0-9-]{25,}\}$ Filename trying to hide its real type Files containing CLSID's are trying to hide their real type /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by the Togethia MailScanner, and is believed to be clean. Scanner:local From terry at graybell.net Thu Mar 8 13:50:42 2012 From: terry at graybell.net (terry@graybell.net) Date: Thu Mar 8 13:58:02 2012 Subject: /usr/sbin/update_bad_phishing_sites broken In-Reply-To: <1331168942.4156.14.camel@tardis> References: <4F53F4F1.40706@ecs.soton.ac.uk> <4F5499A0.2010600@ecs.soton.ac.uk> <201203060635570186.153E9D28@web.ace.net.au> <11D8E491D9562549A61FD3186F36342001AC84705D@exchange.techeez.com> <1331168942.4156.14.camel@tardis> Message-ID: <2dbace63ac73434a120664cb0da009a0@127.0.0.1> So are we still waiting for an official post to fix this? Are we supposed to go ahead and make the change and wait for DNS to get straightened out? On Thu, 08 Mar 2012 11:09:02 +1000, Noel Butler wrote: > On Wed, 2012-03-07 at 23:33 +0000, Philip Parsons wrote: > >> Philip Parsons > > > 14400 20000 3600000 3600 > The zone for mailscanner.info is wrong, a retry value (20000) must be > lower than refresh (14400) > > That said, querying the name servers directly for cdn, does return the > correct CNAME > But querying the NS's of the aliased results in REFUSED From bonivart at opencsw.org Thu Mar 8 13:57:48 2012 From: bonivart at opencsw.org (Peter Bonivart) Date: Thu Mar 8 13:58:18 2012 Subject: CLSID in filenames In-Reply-To: <191146989-1331212323-cardhu_decombobulator_blackberry.rim.net-1737318960-@b18.c11.bise7.blackberry> References: <191146989-1331212323-cardhu_decombobulator_blackberry.rim.net-1737318960-@b18.c11.bise7.blackberry> Message-ID: On Thu, Mar 8, 2012 at 2:12 PM, Peter Farrow wrote: > I think this is a sender education issue. Since I handle mail for multiple clients I can't take it upon me to educate even those users and certainly not all sending to them. :) I was more interested in if the default rule is poorly constructed and prone to false alerts. /peter From peter at farrows.org Thu Mar 8 14:19:53 2012 From: peter at farrows.org (Peter Farrow) Date: Thu Mar 8 14:20:07 2012 Subject: CLSID in filenames In-Reply-To: References: <191146989-1331212323-cardhu_decombobulator_blackberry.rim.net-1737318960-@b18.c11.bise7.blackberry> Message-ID: <691618910-1331216394-cardhu_decombobulator_blackberry.rim.net-813907966-@b18.c11.bise7.blackberry> I manage a shared system for hundreds of clients, anyone sending crappy attachment names like this gets them rejected. Simply email them back telling them what to do. Train your client base and people who email your client base to make your life easier. I wouldn't consider trying to modify rules for this I would tell them to give the attachment a sensible name. P. ------------------ -----Original Message----- From: Peter Bonivart Sender: mailscanner-bounces@lists.mailscanner.info Date: Thu, 8 Mar 2012 14:57:48 To: MailScanner discussion Reply-To: MailScanner discussion Subject: Re: CLSID in filenames On Thu, Mar 8, 2012 at 2:12 PM, Peter Farrow wrote: > I think this is a sender education issue. Since I handle mail for multiple clients I can't take it upon me to educate even those users and certainly not all sending to them. :) I was more interested in if the default rule is poorly constructed and prone to false alerts. /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by the Togethia MailScanner, and is believed to be clean. Scanner:local From pparsons at techeez.com Thu Mar 8 15:55:57 2012 From: pparsons at techeez.com (Philip Parsons) Date: Thu Mar 8 15:59:44 2012 Subject: Issues with the Phishing Updates In-Reply-To: References: Message-ID: <11D8E491D9562549A61FD3186F36342001AC8471CD@exchange.techeez.com> Any word on this Matt ? It is still not working that I can see. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Hampton Sent: March-08-12 12:51 AM To: mailscanner@lists.mailscanner.info; Jules Field Subject: Issues with the Phishing Updates All For some reason the CDN provider has removed the CNAME from the DNS servers. I have a ticket raised with them to get the issue addressed asap. Matt -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at vidadigital.com.pa Thu Mar 8 16:17:09 2012 From: alex at vidadigital.com.pa (Alex Neuman) Date: Thu Mar 8 16:17:18 2012 Subject: Update Clamav In-Reply-To: <006f01ccfbfd$da7aa470$8f6fed50$@com> References: <20111130224343.12601e0tsxi804q7@webmail.casa.cult.cu> <4ED7BD1B.1050003@casa.co.cu> <000001ccfb67$f0fd5800$d2f80800$@com> <006f01ccfbfd$da7aa470$8f6fed50$@com> Message-ID: I believe there are some differences between the "raw" source and the "easy install". On Tue, Mar 6, 2012 at 8:01 PM, Suren Manatunga wrote: > Before I installed it from Mailscanner Website > "ClamAV 0.96.5 and SpamAssassin 3.3.1 easy installation package." > > There for if I install the clamav-0.97.3.tar.gz from source will it be ok > too. > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman > van der Hans > Sent: Wednesday, March 07, 2012 2:38 AM > To: MailScanner discussion > Subject: Re: Update Clamav > > Should work as long as the conf's use the same paths - which work if you > installed it from source originally. > > On Mar 6, 2012, at 2:08 AM, Suren Manatunga wrote: > >> Does anyone know, how to upgrade the Clamav from the Clamav site itself, >> Because clearly Mailscanner Team is not supporting us by updating their > web site. >> >> I was thinking to do something like this, can someone confirm if this > should work >> >> STEP1 >> wget http://downloads.sourceforge.net/clamav/clamav-0.97.3.tar.gz >> >> >> STEP2 >> tar zxvf clamav-0.97.3.tar.gz >> >> STEP3 >> ./configure -prefix=/usr/bin/ >> Make >> Make install >> >> >> Any help would be appreciated >> >> >> >> >> -------------- >> This message has been scanned for viruses and >> dangerous content by RamaDBK MailScanner (ramadbk.com), >> and is believed to be clean. -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital From matt.hampton.uk at gmail.com Thu Mar 8 18:42:47 2012 From: matt.hampton.uk at gmail.com (Matt Hampton) Date: Thu Mar 8 18:42:56 2012 Subject: Issues with the Phishing Updates In-Reply-To: <11D8E491D9562549A61FD3186F36342001AC8471CD@exchange.techeez.com> References: <11D8E491D9562549A61FD3186F36342001AC8471CD@exchange.techeez.com> Message-ID: I have pushed for an update. No news yet. Looks like it is an issue with the zone propagating to the DNS servers and is an issue with the backend On Mar 8, 2012 4:07 PM, "Philip Parsons" wrote: > Any word on this Matt ? It is still not working that I can see. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto: > mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Hampton > Sent: March-08-12 12:51 AM > To: mailscanner@lists.mailscanner.info; Jules Field > Subject: Issues with the Phishing Updates > > All > > For some reason the CDN provider has removed the CNAME from the DNS > servers. I have a ticket raised with them to get the issue addressed asap. > > Matt > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120308/8ba697ae/attachment.html From phaleintx at gmail.com Thu Mar 8 20:12:23 2012 From: phaleintx at gmail.com (Phil Hale) Date: Thu Mar 8 20:12:34 2012 Subject: Issues with the Phishing Updates In-Reply-To: References: <11D8E491D9562549A61FD3186F36342001AC8471CD@exchange.techeez.com> Message-ID: <4F5912A7.3070708@gmail.com> All, I've temporarily added the following to my /etc/hosts file on my Edge MailScanner servers: 69.174.57.113 cdn.mailscanner.info Results: [root@mailscanner-host ScamNailer]# ./ScamNailer Reading status from /var/cache/ScamNailer/status Checking that /var/cache/ScamNailer/cache/2012-104 exists... ok Checking that /var/cache/ScamNailer/cache/2012-104.27 exists... ok I am working with: Current: 2012-104 - 27 and Status: 2012-104 - 27 No base update required Seems to be working as expected for now. Phil Phil Hale Linux Systems Administrator Texas A&M University-Corpus Christi On 03/08/2012 12:42 PM, Matt Hampton wrote: > > I have pushed for an update. No news yet. > > Looks like it is an issue with the zone propagating to the DNS servers > and is an issue with the backend > > On Mar 8, 2012 4:07 PM, "Philip Parsons" > wrote: > > Any word on this Matt ? It is still not working that I can see. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info > ] On Behalf Of > Matt Hampton > Sent: March-08-12 12:51 AM > To: mailscanner@lists.mailscanner.info > ; Jules Field > Subject: Issues with the Phishing Updates > > All > > For some reason the CDN provider has removed the CNAME from the > DNS servers. I have a ticket raised with them to get the issue > addressed asap. > > Matt > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120308/47edd9fd/attachment.html From matt.hampton.uk at gmail.com Thu Mar 8 20:14:44 2012 From: matt.hampton.uk at gmail.com (Matt Hampton) Date: Thu Mar 8 20:14:53 2012 Subject: Issues with the Phishing Updates In-Reply-To: References: <11D8E491D9562549A61FD3186F36342001AC8471CD@exchange.techeez.com> Message-ID: OK, They have re-inserted the zone file and it should be fully propagated within 2 hours. This will get cdn.mailscanner.info working again - haven't been able to get them to re-instate www.mailscanner.tv. They have changed their policy regarding using the "www" prefix on domains hosted on the CDN. I had to decomission www to get cdn.mailscanner.info to work. Ho hum... matt On 8 March 2012 18:42, Matt Hampton wrote: > I have pushed for an update. No news yet. > > Looks like it is an issue with the zone propagating to the DNS servers and > is an issue with the backend > > On Mar 8, 2012 4:07 PM, "Philip Parsons" wrote: >> >> Any word on this Matt ? ?It is still not working that I can see. >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt >> Hampton >> Sent: March-08-12 12:51 AM >> To: mailscanner@lists.mailscanner.info; Jules Field >> Subject: Issues with the Phishing Updates >> >> All >> >> For some reason the CDN provider has removed the CNAME from the DNS >> servers. ?I have a ticket raised with them to get the issue addressed asap. >> >> Matt >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! From jkf at ecs.soton.ac.uk Fri Mar 9 00:16:04 2012 From: jkf at ecs.soton.ac.uk (Jules Field) Date: Fri Mar 9 00:17:43 2012 Subject: Issues with the Phishing Updates In-Reply-To: References: <11D8E491D9562549A61FD3186F36342001AC8471CD@exchange.techeez.com> <49CBB67C-9234-4499-918F-268B4191C3FE@ecs.soton.ac.uk> Message-ID: Brilliant news Matt, many thanks. I'll try to get a redirector on www.mailscanner.tv first thing tomorrow. If someone wants to mail me a .htaccess file that will do the job before then, it will speed things up a lot as I still have to look up that sort of stuff. Thankyou all for your patience. -- Jules On 8 Mar 2012, at 08:14 PM, Matt Hampton wrote: > OK, > > They have re-inserted the zone file and it should be fully propagated > within 2 hours. > > This will get cdn.mailscanner.info working again - haven't been able > to get them to re-instate www.mailscanner.tv. They have changed their > policy regarding using the "www" prefix on domains hosted on the CDN. > I had to decomission www to get cdn.mailscanner.info to work. > > Ho hum... > > matt > > On 8 March 2012 18:42, Matt Hampton wrote: >> I have pushed for an update. No news yet. >> >> Looks like it is an issue with the zone propagating to the DNS servers and >> is an issue with the backend >> >> On Mar 8, 2012 4:07 PM, "Philip Parsons" wrote: >>> >>> Any word on this Matt ? It is still not working that I can see. >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt >>> Hampton >>> Sent: March-08-12 12:51 AM >>> To: mailscanner@lists.mailscanner.info; Jules Field >>> Subject: Issues with the Phishing Updates >>> >>> All >>> >>> For some reason the CDN provider has removed the CNAME from the DNS >>> servers. I have a ticket raised with them to get the issue addressed asap. >>> >>> Matt >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> This message has been scanned for viruses and dangerous content by >>> MailScanner, and is believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jeremy at fluxlabs.net Fri Mar 9 00:29:32 2012 From: jeremy at fluxlabs.net (Jeremy McSpadden) Date: Fri Mar 9 00:29:46 2012 Subject: Issues with the Phishing Updates In-Reply-To: References: <11D8E491D9562549A61FD3186F36342001AC8471CD@exchange.techeez.com> <49CBB67C-9234-4499-918F-268B4191C3FE@ecs.soton.ac.uk>, Message-ID: <7A0A9B30-7892-4AF8-80A1-ECCD25A3941E@fluxlabs.net> Options +FollowSymLinks RewriteEngine on RewriteCond %{HTTP_HOST} ^mailscanner\.info RewriteRule ^(.*)$ http://www.mailscanner.info/$1 [R=permanent,L] -- Jeremy McSpadden On Mar 8, 2012, at 6:25 PM, "Jules Field" wrote: > Brilliant news Matt, many thanks. > > I'll try to get a redirector on www.mailscanner.tv first thing tomorrow. If someone wants to mail me a .htaccess file that will do the job before then, it will speed things up a lot as I still have to look up that sort of stuff. > > Thankyou all for your patience. > > -- > Jules > > On 8 Mar 2012, at 08:14 PM, Matt Hampton wrote: > >> OK, >> >> They have re-inserted the zone file and it should be fully propagated >> within 2 hours. >> >> This will get cdn.mailscanner.info working again - haven't been able >> to get them to re-instate www.mailscanner.tv. They have changed their >> policy regarding using the "www" prefix on domains hosted on the CDN. >> I had to decomission www to get cdn.mailscanner.info to work. >> >> Ho hum... >> >> matt >> >> On 8 March 2012 18:42, Matt Hampton wrote: >>> I have pushed for an update. No news yet. >>> >>> Looks like it is an issue with the zone propagating to the DNS servers and >>> is an issue with the backend >>> >>> On Mar 8, 2012 4:07 PM, "Philip Parsons" wrote: >>>> >>>> Any word on this Matt ? It is still not working that I can see. >>>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt >>>> Hampton >>>> Sent: March-08-12 12:51 AM >>>> To: mailscanner@lists.mailscanner.info; Jules Field >>>> Subject: Issues with the Phishing Updates >>>> >>>> All >>>> >>>> For some reason the CDN provider has removed the CNAME from the DNS >>>> servers. I have a ticket raised with them to get the issue addressed asap. >>>> >>>> Matt >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> -- >>>> This message has been scanned for viruses and dangerous content by >>>> MailScanner, and is believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From rob.verduijn at gmail.com Fri Mar 9 08:14:03 2012 From: rob.verduijn at gmail.com (Rob Verduijn) Date: Fri Mar 9 08:14:12 2012 Subject: mailscanner/baruwa/clam marking all emails as infected Message-ID: Hello, For some reason mailscanner shows all mails as infected since yesterday. I've checked messages that contain nothing but plain text get flagged as infected. Anybody who has any ideas about this ? Rob -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120309/2f11cffe/attachment.html From maxsec at gmail.com Fri Mar 9 10:32:39 2012 From: maxsec at gmail.com (Martin Hepworth) Date: Fri Mar 9 10:32:47 2012 Subject: mailscanner/baruwa/clam marking all emails as infected In-Reply-To: References: Message-ID: have a look in logs, maybe there's an issue with an old clam version or clam using third party signatures that are outof date/broken -- Martin Hepworth Oxford, UK On 9 March 2012 08:14, Rob Verduijn wrote: > Hello, > > For some reason mailscanner shows all mails as infected since yesterday. > I've checked messages that contain nothing but plain text get flagged as > infected. > > Anybody who has any ideas about this ? > > Rob > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120309/aef56edd/attachment.html From rob.verduijn at gmail.com Fri Mar 9 10:41:56 2012 From: rob.verduijn at gmail.com (Rob Verduijn) Date: Fri Mar 9 10:42:06 2012 Subject: mailscanner/baruwa/clam marking all emails as infected In-Reply-To: References: Message-ID: Hi all, It was something with the last update, after restarting everything and adding the "-U" switch to the /usr/sbin/mailscanner again, mail started flowing again. I must have forgotten to restart one of the services and that prolly got mailscanner mixed up causing it to flag everything as infected. Regards Rob 2012/3/9 Martin Hepworth > have a look in logs, maybe there's an issue with an old clam version or > clam using third party signatures that are outof date/broken > > > -- > Martin Hepworth > Oxford, UK > > > On 9 March 2012 08:14, Rob Verduijn wrote: > >> Hello, >> >> For some reason mailscanner shows all mails as infected since yesterday. >> I've checked messages that contain nothing but plain text get flagged as >> infected. >> >> Anybody who has any ideas about this ? >> >> Rob >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120309/80102878/attachment.html From MailScanner at ecs.soton.ac.uk Fri Mar 9 14:25:05 2012 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 9 14:25:18 2012 Subject: Issues with the Phishing Updates In-Reply-To: <7A0A9B30-7892-4AF8-80A1-ECCD25A3941E@fluxlabs.net> References: <11D8E491D9562549A61FD3186F36342001AC8471CD@exchange.techeez.com> <49CBB67C-9234-4499-918F-268B4191C3FE@ecs.soton.ac.uk>, <7A0A9B30-7892-4AF8-80A1-ECCD25A3941E@fluxlabs.net> <4F5A12C1.7070204@ecs.soton.ac.uk> Message-ID: Beat you to it in the end, but thanks for the confirmation, that's pretty much what I wrote! Both cdn.mailscanner.info and www.mailscanner.tv should be working now. You can use either. If your update_bad_phishing_sites complains that it can't download things from www.mailscanner.tv, update your Perl "LWP" package either using RPMForge (or similar), or CPAN with perl -MCPAN -e shell install LWP Phew! Glad that's all behind us now (he says, hoping madly....) Cheers! Jules. On 09/03/2012 00:29, Jeremy McSpadden wrote: > Options +FollowSymLinks > RewriteEngine on > RewriteCond %{HTTP_HOST} ^mailscanner\.info > RewriteRule ^(.*)$ http://www.mailscanner.info/$1 [R=permanent,L] > > > -- > Jeremy McSpadden > > On Mar 8, 2012, at 6:25 PM, "Jules Field" wrote: > >> Brilliant news Matt, many thanks. >> >> I'll try to get a redirector on www.mailscanner.tv first thing tomorrow. If someone wants to mail me a .htaccess file that will do the job before then, it will speed things up a lot as I still have to look up that sort of stuff. >> >> Thankyou all for your patience. >> >> -- >> Jules >> >> On 8 Mar 2012, at 08:14 PM, Matt Hampton wrote: >> >>> OK, >>> >>> They have re-inserted the zone file and it should be fully propagated >>> within 2 hours. >>> >>> This will get cdn.mailscanner.info working again - haven't been able >>> to get them to re-instate www.mailscanner.tv. They have changed their >>> policy regarding using the "www" prefix on domains hosted on the CDN. >>> I had to decomission www to get cdn.mailscanner.info to work. >>> >>> Ho hum... >>> >>> matt >>> >>> On 8 March 2012 18:42, Matt Hampton wrote: >>>> I have pushed for an update. No news yet. >>>> >>>> Looks like it is an issue with the zone propagating to the DNS servers and >>>> is an issue with the backend >>>> >>>> On Mar 8, 2012 4:07 PM, "Philip Parsons" wrote: >>>>> Any word on this Matt ? It is still not working that I can see. >>>>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt >>>>> Hampton >>>>> Sent: March-08-12 12:51 AM >>>>> To: mailscanner@lists.mailscanner.info; Jules Field >>>>> Subject: Issues with the Phishing Updates >>>>> >>>>> All >>>>> >>>>> For some reason the CDN provider has removed the CNAME from the DNS >>>>> servers. I have a ticket raised with them to get the issue addressed asap. >>>>> >>>>> Matt >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> -- >>>>> This message has been scanned for viruses and dangerous content by >>>>> MailScanner, and is believed to be clean. >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > Need help customising MailScanner? Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM > > 'It's okay to live without all the answers' - Charlie Eppes, 2011 > 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Mar 9 14:26:55 2012 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 9 14:27:17 2012 Subject: Issues with the Phishing Updates In-Reply-To: References: <11D8E491D9562549A61FD3186F36342001AC8471CD@exchange.techeez.com> <4F5A132F.1020604@ecs.soton.ac.uk> Message-ID: Matt, I just wanted to publicly say a huge "Thank you!" to you for all your help over the past few days getting all this stuff sorted out. I couldn't have done it without your responding to emails at silly hours of the night and generally being a super-hero! Cheers, Jules. On 08/03/2012 20:14, Matt Hampton wrote: > OK, > > They have re-inserted the zone file and it should be fully propagated > within 2 hours. > > This will get cdn.mailscanner.info working again - haven't been able > to get them to re-instate www.mailscanner.tv. They have changed their > policy regarding using the "www" prefix on domains hosted on the CDN. > I had to decomission www to get cdn.mailscanner.info to work. > > Ho hum... > > matt > > On 8 March 2012 18:42, Matt Hampton wrote: >> I have pushed for an update. No news yet. >> >> Looks like it is an issue with the zone propagating to the DNS servers and >> is an issue with the backend >> >> On Mar 8, 2012 4:07 PM, "Philip Parsons" wrote: >>> Any word on this Matt ? It is still not working that I can see. >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt >>> Hampton >>> Sent: March-08-12 12:51 AM >>> To: mailscanner@lists.mailscanner.info; Jules Field >>> Subject: Issues with the Phishing Updates >>> >>> All >>> >>> For some reason the CDN provider has removed the CNAME from the DNS >>> servers. I have a ticket raised with them to get the issue addressed asap. >>> >>> Matt >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> This message has been scanned for viruses and dangerous content by >>> MailScanner, and is believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'It's okay to live without all the answers' - Charlie Eppes, 2011 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From matt.hampton.uk at gmail.com Fri Mar 9 14:43:31 2012 From: matt.hampton.uk at gmail.com (Matt Hampton) Date: Fri Mar 9 14:43:39 2012 Subject: Issues with the Phishing Updates In-Reply-To: References: <11D8E491D9562549A61FD3186F36342001AC8471CD@exchange.techeez.com> <49CBB67C-9234-4499-918F-268B4191C3FE@ecs.soton.ac.uk> <4F5A12C1.7070204@ecs.soton.ac.uk> <7A0A9B30-7892-4AF8-80A1-ECCD25A3941E@fluxlabs.net> Message-ID: We are now up to about 95% of pre incident levels. ... On 9 March 2012 14:25, Julian Field wrote: > Beat you to it in the end, but thanks for the confirmation, that's pretty > much what I wrote! > > Both cdn.mailscanner.info and www.mailscanner.tv should be working now. You > can use either. > > If your update_bad_phishing_sites complains that it can't download things > from www.mailscanner.tv, update your Perl "LWP" package either using > RPMForge (or similar), or CPAN with > ? ?perl -MCPAN -e shell > ? ?install LWP > > Phew! Glad that's all behind us now (he says, hoping madly....) > > Cheers! > Jules. > > > On 09/03/2012 00:29, Jeremy McSpadden wrote: >> >> Options +FollowSymLinks >> RewriteEngine on >> RewriteCond %{HTTP_HOST} ^mailscanner\.info >> RewriteRule ^(.*)$ http://www.mailscanner.info/$1 [R=permanent,L] >> >> >> -- >> Jeremy McSpadden >> >> On Mar 8, 2012, at 6:25 PM, "Jules Field" ?wrote: >> >>> Brilliant news Matt, many thanks. >>> >>> I'll try to get a redirector on www.mailscanner.tv first thing tomorrow. >>> If someone wants to mail me a .htaccess file that will do the job before >>> then, it will speed things up a lot as I still have to look up that sort of >>> stuff. >>> >>> Thankyou all for your patience. >>> >>> -- >>> Jules >>> >>> On 8 Mar 2012, at 08:14 PM, Matt Hampton >>> ?wrote: >>> >>>> OK, >>>> >>>> They have re-inserted the zone file and it should be fully propagated >>>> within 2 hours. >>>> >>>> This will get cdn.mailscanner.info working again - haven't been able >>>> to get them to re-instate www.mailscanner.tv. ?They have changed their >>>> policy regarding using the "www" prefix on domains hosted on the CDN. >>>> I had to decomission www to get cdn.mailscanner.info to work. >>>> >>>> Ho hum... >>>> >>>> matt >>>> >>>> On 8 March 2012 18:42, Matt Hampton ?wrote: >>>>> >>>>> I have pushed for an update. No news yet. >>>>> >>>>> Looks like it is an issue with the zone propagating to the DNS servers >>>>> and >>>>> is an issue with the backend >>>>> >>>>> On Mar 8, 2012 4:07 PM, "Philip Parsons" ?wrote: >>>>>> >>>>>> Any word on this Matt ? ?It is still not working that I can see. >>>>>> >>>>>> -----Original Message----- >>>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt >>>>>> Hampton >>>>>> Sent: March-08-12 12:51 AM >>>>>> To: mailscanner@lists.mailscanner.info; Jules Field >>>>>> Subject: Issues with the Phishing Updates >>>>>> >>>>>> All >>>>>> >>>>>> For some reason the CDN provider has removed the CNAME from the DNS >>>>>> servers. ?I have a ticket raised with them to get the issue addressed >>>>>> asap. >>>>>> >>>>>> Matt >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> -- >>>>>> This message has been scanned for viruses and dangerous content by >>>>>> MailScanner, and is believed to be clean. >>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> >> Buy the MailScanner book at www.MailScanner.info/store >> Need help customising MailScanner? Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM >> >> 'It's okay to live without all the answers' - Charlie Eppes, 2011 >> 'All programs have a desire to be useful' - Tron, 1982 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From btj at havleik.no Sat Mar 10 10:19:39 2012 From: btj at havleik.no (=?ISO-8859-1?Q?Bj=F8rn?= T Johansen) Date: Sat Mar 10 10:19:49 2012 Subject: Quarantined message 13A82BF8DD.AF8F7 as it caused MailScanner to crash several times In-Reply-To: <20120101230831.2e7b8aaf@pennywise.havleik.no> References: <20120101230831.2e7b8aaf@pennywise.havleik.no> Message-ID: <20120310111939.1b35beee@tux-btj.asp-as.no> On Sun, 1 Jan 2012 23:08:31 +0100 Bj?rn T Johansen wrote: > I am getting these in the log every day, at the moment: > > Warning: skipping message 13A82BF8DD.AF8F7 as it has been attempted too many times > Quarantined message 13A82BF8DD.AF8F7 as it caused MailScanner to crash several times > MailScanner E-Mail Virus Scanner version 4.84.3 starting... > > And this is a big problem because my mailsrv then stops to deliver any mail; the mail is just kept in the hold directory under postfix.. > > > What is causing this? And is there a way to ignore this error and still deliver the rest of the mail? > > > Regards, > > BTJ > I am now getting these again... And this is with the -U fix... Anyway to permanently fix this? It's really annoying..... Regards, BTJ From andrew at topdog.za.net Sat Mar 10 10:43:35 2012 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Sat Mar 10 10:44:00 2012 Subject: Quarantined message 13A82BF8DD.AF8F7 as it caused MailScanner to crash several times In-Reply-To: <20120310111939.1b35beee@tux-btj.asp-as.no> References: <20120101230831.2e7b8aaf@pennywise.havleik.no> <20120310111939.1b35beee@tux-btj.asp-as.no> Message-ID: On 10 Mar 2012, at 12:19 PM, Bj?rn T Johansen wrote: > On Sun, 1 Jan 2012 23:08:31 +0100 > Bj?rn T Johansen wrote: > >> I am getting these in the log every day, at the moment: >> >> Warning: skipping message 13A82BF8DD.AF8F7 as it has been attempted too many times >> Quarantined message 13A82BF8DD.AF8F7 as it caused MailScanner to crash several times >> MailScanner E-Mail Virus Scanner version 4.84.3 starting... >> >> And this is a big problem because my mailsrv then stops to deliver any mail; the mail is just kept in the hold directory under postfix.. >> >> >> What is causing this? And is there a way to ignore this error and still deliver the rest of the mail? >> >> >> Regards, >> >> BTJ >> > > I am now getting these again... And this is with the -U fix... > Anyway to permanently fix this? It's really annoying..... > Can you run mailscanner in debug mode, your should get a more descriptive error -- www.baruwa.org From btj at havleik.no Sat Mar 10 10:55:47 2012 From: btj at havleik.no (=?ISO-8859-1?Q?Bj=F8rn?= T Johansen) Date: Sat Mar 10 10:55:56 2012 Subject: Quarantined message 13A82BF8DD.AF8F7 as it caused MailScanner to crash several times In-Reply-To: References: <20120101230831.2e7b8aaf@pennywise.havleik.no> <20120310111939.1b35beee@tux-btj.asp-as.no> Message-ID: <20120310115547.48350309@tux-btj.asp-as.no> On Sat, 10 Mar 2012 12:43:35 +0200 Andrew Colin Kissa wrote: > > On 10 Mar 2012, at 12:19 PM, Bj?rn T Johansen wrote: > > > On Sun, 1 Jan 2012 23:08:31 +0100 > > Bj?rn T Johansen wrote: > > > >> I am getting these in the log every day, at the moment: > >> > >> Warning: skipping message 13A82BF8DD.AF8F7 as it has been attempted too many times > >> Quarantined message 13A82BF8DD.AF8F7 as it caused MailScanner to crash several times > >> MailScanner E-Mail Virus Scanner version 4.84.3 starting... > >> > >> And this is a big problem because my mailsrv then stops to deliver any mail; the mail is just kept in the hold directory under postfix.. > >> > >> > >> What is causing this? And is there a way to ignore this error and still deliver the rest of the mail? > >> > >> > >> Regards, > >> > >> BTJ > >> > > > > I am now getting these again... And this is with the -U fix... > > Anyway to permanently fix this? It's really annoying..... > > > > Can you run mailscanner in debug mode, your should get a more descriptive error > And if I understand it correctly, I then have to wait for the next message that fails and stop MailScanner and det Debug = Yes in MailScanner.conf and the start it again? BTJ From andrew at topdog.za.net Sat Mar 10 11:04:57 2012 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Sat Mar 10 11:05:19 2012 Subject: Quarantined message 13A82BF8DD.AF8F7 as it caused MailScanner to crash several times In-Reply-To: <20120310115547.48350309@tux-btj.asp-as.no> References: <20120101230831.2e7b8aaf@pennywise.havleik.no> <20120310111939.1b35beee@tux-btj.asp-as.no> <20120310115547.48350309@tux-btj.asp-as.no> Message-ID: <97016B3D-3127-4516-B156-0B1B01A3E48B@topdog.za.net> On 10 Mar 2012, at 12:55 PM, Bj?rn T Johansen wrote: > And if I understand it correctly, I then have to wait for the next message that fails and stop MailScanner and det Debug = Yes in MailScanner.conf and the start it again? No, Stop the MailScanner service and run MailScanner --debug From the command line. -- www.baruwa.org From btj at havleik.no Sat Mar 10 14:13:30 2012 From: btj at havleik.no (=?ISO-8859-1?Q?Bj=F8rn?= T Johansen) Date: Sat Mar 10 14:13:40 2012 Subject: Quarantined message 13A82BF8DD.AF8F7 as it caused MailScanner to crash several times In-Reply-To: <97016B3D-3127-4516-B156-0B1B01A3E48B@topdog.za.net> References: <20120101230831.2e7b8aaf@pennywise.havleik.no> <20120310111939.1b35beee@tux-btj.asp-as.no> <20120310115547.48350309@tux-btj.asp-as.no> <97016B3D-3127-4516-B156-0B1B01A3E48B@topdog.za.net> Message-ID: <20120310151330.0601fc71@tux-btj.asp-as.no> On Sat, 10 Mar 2012 13:04:57 +0200 Andrew Colin Kissa wrote: > > On 10 Mar 2012, at 12:55 PM, Bj?rn T Johansen wrote: > > > And if I understand it correctly, I then have to wait for the next message that fails and stop MailScanner and det Debug = Yes in MailScanner.conf and the start it again? > > No, > > Stop the MailScanner service and run > > MailScanner --debug > > From the command line. > And of course after almost two days with mailscanner stopping frequently it no longer stops... Can it be specific mails that are sent to stop mailscanner and/or fuck up mail reception? BTJ From andrew at topdog.za.net Sat Mar 10 14:29:35 2012 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Sat Mar 10 14:29:53 2012 Subject: Quarantined message 13A82BF8DD.AF8F7 as it caused MailScanner to crash several times In-Reply-To: <20120310151330.0601fc71@tux-btj.asp-as.no> References: <20120101230831.2e7b8aaf@pennywise.havleik.no> <20120310111939.1b35beee@tux-btj.asp-as.no> <20120310115547.48350309@tux-btj.asp-as.no> <97016B3D-3127-4516-B156-0B1B01A3E48B@topdog.za.net> <20120310151330.0601fc71@tux-btj.asp-as.no> Message-ID: <3A38F594-4F68-4C0A-8BAB-2D6682D56281@topdog.za.net> On 10 Mar 2012, at 4:13 PM, Bj?rn T Johansen wrote: >> >> On 10 Mar 2012, at 12:55 PM, Bj?rn T Johansen wrote: >> >>> And if I understand it correctly, I then have to wait for the next message that fails and stop MailScanner and det Debug = Yes in MailScanner.conf and the start it again? >> >> No, >> >> Stop the MailScanner service and run >> >> MailScanner --debug >> >> From the command line. >> > > And of course after almost two days with mailscanner stopping frequently it no longer stops... Can it be specific mails that are sent to stop mailscanner and/or fuck up mail > reception? Inject back the quarantined message with mailscanner in debug mode to see what causes it to crush mailscanner. -- www.baruwa.org From btj at havleik.no Sat Mar 10 14:46:43 2012 From: btj at havleik.no (=?ISO-8859-1?Q?Bj=F8rn?= T Johansen) Date: Sat Mar 10 14:46:51 2012 Subject: Quarantined message 13A82BF8DD.AF8F7 as it caused MailScanner to crash several times In-Reply-To: <97016B3D-3127-4516-B156-0B1B01A3E48B@topdog.za.net> References: <20120101230831.2e7b8aaf@pennywise.havleik.no> <20120310111939.1b35beee@tux-btj.asp-as.no> <20120310115547.48350309@tux-btj.asp-as.no> <97016B3D-3127-4516-B156-0B1B01A3E48B@topdog.za.net> Message-ID: <20120310154643.71ef85fa@tux-btj.asp-as.no> On Sat, 10 Mar 2012 13:04:57 +0200 Andrew Colin Kissa wrote: > > On 10 Mar 2012, at 12:55 PM, Bj?rn T Johansen wrote: > > > And if I understand it correctly, I then have to wait for the next message that fails and stop MailScanner and det Debug = Yes in MailScanner.conf and the start it again? > > No, > > Stop the MailScanner service and run > > MailScanner --debug > > From the command line. > Finally got a message.... :) The debug session writes this: In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Insecure dependency in mkdir while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 189. Insecure dependency in chown while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 190. Insecure dependency in chown while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 190. Insecure dependency in chown while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 190. Insecure dependency in open while running with -T switch at /usr/lib/perl5/IO/File.pm line 185. Can't call method "print" on an undefined value at /usr/share/MailScanner/MailScanner/PFDiskStore.pm line 755 Is this related to the fact that I have locale set to ISO-8859-1 or is it something else? BTJ From btj at havleik.no Sat Mar 10 16:18:13 2012 From: btj at havleik.no (=?ISO-8859-1?Q?Bj=F8rn?= T Johansen) Date: Sat Mar 10 16:18:23 2012 Subject: Quarantined message 13A82BF8DD.AF8F7 as it caused MailScanner to crash several times In-Reply-To: <20120310154643.71ef85fa@tux-btj.asp-as.no> References: <20120101230831.2e7b8aaf@pennywise.havleik.no> <20120310111939.1b35beee@tux-btj.asp-as.no> <20120310115547.48350309@tux-btj.asp-as.no> <97016B3D-3127-4516-B156-0B1B01A3E48B@topdog.za.net> <20120310154643.71ef85fa@tux-btj.asp-as.no> Message-ID: <20120310171813.4437447f@tux-btj.asp-as.no> On Sat, 10 Mar 2012 15:46:43 +0100 Bj?rn T Johansen wrote: > On Sat, 10 Mar 2012 13:04:57 +0200 > Andrew Colin Kissa wrote: > > > > > On 10 Mar 2012, at 12:55 PM, Bj?rn T Johansen wrote: > > > > > And if I understand it correctly, I then have to wait for the next message that fails and stop MailScanner and det Debug = Yes in MailScanner.conf and the start it again? > > > > No, > > > > Stop the MailScanner service and run > > > > MailScanner --debug > > > > From the command line. > > > > Finally got a message.... :) > > The debug session writes this: > > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > Insecure dependency in mkdir while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 189. > Insecure dependency in chown while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 190. > Insecure dependency in chown while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 190. > Insecure dependency in chown while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 190. > Insecure dependency in open while running with -T switch at /usr/lib/perl5/IO/File.pm line 185. > Can't call method "print" on an undefined value at /usr/share/MailScanner/MailScanner/PFDiskStore.pm line 755 > > > Is this related to the fact that I have locale set to ISO-8859-1 or is it something else? > No, I guess it means that $handle is not defined for some reasons? BTJ From jeremy at fluxlabs.net Sat Mar 10 16:54:04 2012 From: jeremy at fluxlabs.net (Jeremy McSpadden) Date: Sat Mar 10 16:54:19 2012 Subject: Quarantined message 13A82BF8DD.AF8F7 as it caused MailScanner to crash several times In-Reply-To: <20120310171813.4437447f@tux-btj.asp-as.no> References: <20120101230831.2e7b8aaf@pennywise.havleik.no> <20120310111939.1b35beee@tux-btj.asp-as.no> <20120310115547.48350309@tux-btj.asp-as.no> <97016B3D-3127-4516-B156-0B1B01A3E48B@topdog.za.net> <20120310154643.71ef85fa@tux-btj.asp-as.no>, <20120310171813.4437447f@tux-btj.asp-as.no> Message-ID: Taint issue -- Jeremy McSpadden On Mar 10, 2012, at 10:19 AM, "Bj?rn T Johansen" wrote: > On Sat, 10 Mar 2012 15:46:43 +0100 > Bj?rn T Johansen wrote: > >> On Sat, 10 Mar 2012 13:04:57 +0200 >> Andrew Colin Kissa wrote: >> >>> >>> On 10 Mar 2012, at 12:55 PM, Bj?rn T Johansen wrote: >>> >>>> And if I understand it correctly, I then have to wait for the next message that fails and stop MailScanner and det Debug = Yes in MailScanner.conf and the start it again? >>> >>> No, >>> >>> Stop the MailScanner service and run >>> >>> MailScanner --debug >>> >>> From the command line. >>> >> >> Finally got a message.... :) >> >> The debug session writes this: >> >> In Debugging mode, not forking... >> Trying to setlogsock(unix) >> Building a message batch to scan... >> Insecure dependency in mkdir while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 189. >> Insecure dependency in chown while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 190. >> Insecure dependency in chown while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 190. >> Insecure dependency in chown while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 190. >> Insecure dependency in open while running with -T switch at /usr/lib/perl5/IO/File.pm line 185. >> Can't call method "print" on an undefined value at /usr/share/MailScanner/MailScanner/PFDiskStore.pm line 755 >> >> >> Is this related to the fact that I have locale set to ISO-8859-1 or is it something else? >> > > No, I guess it means that $handle is not defined for some reasons? > > BTJ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From andrew at topdog.za.net Sat Mar 10 17:44:10 2012 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Sat Mar 10 17:44:29 2012 Subject: Quarantined message 13A82BF8DD.AF8F7 as it caused MailScanner to crash several times In-Reply-To: <20120310171813.4437447f@tux-btj.asp-as.no> References: <20120101230831.2e7b8aaf@pennywise.havleik.no> <20120310111939.1b35beee@tux-btj.asp-as.no> <20120310115547.48350309@tux-btj.asp-as.no> <97016B3D-3127-4516-B156-0B1B01A3E48B@topdog.za.net> <20120310154643.71ef85fa@tux-btj.asp-as.no> <20120310171813.4437447f@tux-btj.asp-as.no> Message-ID: <264B75BA-44B9-4358-80BF-E0FE23ED14CE@topdog.za.net> On 10 Mar 2012, at 6:18 PM, Bj?rn T Johansen wrote: >> In Debugging mode, not forking... >> Trying to setlogsock(unix) >> Building a message batch to scan... >> Insecure dependency in mkdir while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 189. >> Insecure dependency in chown while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 190. >> Insecure dependency in chown while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 190. >> Insecure dependency in chown while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 190. >> Insecure dependency in open while running with -T switch at /usr/lib/perl5/IO/File.pm line 185. >> Can't call method "print" on an undefined value at /usr/share/MailScanner/MailScanner/PFDiskStore.pm line 755 >> >> >> Is this related to the fact that I have locale set to ISO-8859-1 or is it something else? >> > > No, I guess it means that $handle is not defined for some reasons? This issue is already fixed in the latest version. https://github.com/akissa/MailScanner/blob/master/mailscanner/bin/MailScanner/Quarantine.pm#L189 You better upgrade. -- www.baruwa.org From btj at havleik.no Sat Mar 10 19:55:25 2012 From: btj at havleik.no (=?ISO-8859-1?Q?Bj=F8rn?= T Johansen) Date: Sat Mar 10 19:56:17 2012 Subject: Quarantined message 13A82BF8DD.AF8F7 as it caused MailScanner to crash several times In-Reply-To: <264B75BA-44B9-4358-80BF-E0FE23ED14CE@topdog.za.net> References: <20120101230831.2e7b8aaf@pennywise.havleik.no> <20120310111939.1b35beee@tux-btj.asp-as.no> <20120310115547.48350309@tux-btj.asp-as.no> <97016B3D-3127-4516-B156-0B1B01A3E48B@topdog.za.net> <20120310154643.71ef85fa@tux-btj.asp-as.no> <20120310171813.4437447f@tux-btj.asp-as.no> <264B75BA-44B9-4358-80BF-E0FE23ED14CE@topdog.za.net> Message-ID: <20120310205525.2a826c73@pennywise.havleik.no> Ok, I am running CentOS 6.2 and using Baruwa and MailScanner from the baruwa repository... What is the best way for me to upgrade? BTJ On Sat, 10 Mar 2012 19:44:10 +0200 Andrew Colin Kissa wrote: > > On 10 Mar 2012, at 6:18 PM, Bj?rn T Johansen wrote: > > >> In Debugging mode, not forking... > >> Trying to setlogsock(unix) > >> Building a message batch to scan... > >> Insecure dependency in mkdir while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 189. > >> Insecure dependency in chown while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 190. > >> Insecure dependency in chown while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 190. > >> Insecure dependency in chown while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 190. > >> Insecure dependency in open while running with -T switch at /usr/lib/perl5/IO/File.pm line 185. > >> Can't call method "print" on an undefined value at /usr/share/MailScanner/MailScanner/PFDiskStore.pm line 755 > >> > >> > >> Is this related to the fact that I have locale set to ISO-8859-1 or is it something else? > >> > > > > No, I guess it means that $handle is not defined for some reasons? > > This issue is already fixed in the latest version. https://github.com/akissa/MailScanner/blob/master/mailscanner/bin/MailScanner/Quarantine.pm#L189 > > You better upgrade. > > -- > www.baruwa.org > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From btj at havleik.no Sat Mar 10 19:52:48 2012 From: btj at havleik.no (=?ISO-8859-1?Q?Bj=F8rn?= T Johansen) Date: Sat Mar 10 20:03:01 2012 Subject: Quarantined message 13A82BF8DD.AF8F7 as it caused MailScanner to crash several times In-Reply-To: References: <20120101230831.2e7b8aaf@pennywise.havleik.no> <20120310111939.1b35beee@tux-btj.asp-as.no> <20120310115547.48350309@tux-btj.asp-as.no> <97016B3D-3127-4516-B156-0B1B01A3E48B@topdog.za.net> <20120310154643.71ef85fa@tux-btj.asp-as.no> <20120310171813.4437447f@tux-btj.asp-as.no> Message-ID: <20120310205248.1200e0bd@pennywise.havleik.no> Ok... But how do I stop messages like this crashing MailScanner and stopping MailScanner from deliverying my emails? BTJ On Sat, 10 Mar 2012 16:54:04 +0000 Jeremy McSpadden wrote: > Taint issue > > > -- > Jeremy McSpadden > > On Mar 10, 2012, at 10:19 AM, "Bj?rn T Johansen" wrote: > > > On Sat, 10 Mar 2012 15:46:43 +0100 > > Bj?rn T Johansen wrote: > > > >> On Sat, 10 Mar 2012 13:04:57 +0200 > >> Andrew Colin Kissa wrote: > >> > >>> > >>> On 10 Mar 2012, at 12:55 PM, Bj?rn T Johansen wrote: > >>> > >>>> And if I understand it correctly, I then have to wait for the next message that fails and stop MailScanner and det Debug = Yes in MailScanner.conf and the start it again? > >>> > >>> No, > >>> > >>> Stop the MailScanner service and run > >>> > >>> MailScanner --debug > >>> > >>> From the command line. > >>> > >> > >> Finally got a message.... :) > >> > >> The debug session writes this: > >> > >> In Debugging mode, not forking... > >> Trying to setlogsock(unix) > >> Building a message batch to scan... > >> Insecure dependency in mkdir while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 189. > >> Insecure dependency in chown while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 190. > >> Insecure dependency in chown while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 190. > >> Insecure dependency in chown while running with -T switch at /usr/share/MailScanner/MailScanner/Quarantine.pm line 190. > >> Insecure dependency in open while running with -T switch at /usr/lib/perl5/IO/File.pm line 185. > >> Can't call method "print" on an undefined value at /usr/share/MailScanner/MailScanner/PFDiskStore.pm line 755 > >> > >> > >> Is this related to the fact that I have locale set to ISO-8859-1 or is it something else? > >> > > > > No, I guess it means that $handle is not defined for some reasons? > > > > BTJ > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From andrew at topdog.za.net Sat Mar 10 20:05:43 2012 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Sat Mar 10 20:05:55 2012 Subject: Quarantined message 13A82BF8DD.AF8F7 as it caused MailScanner to crash several times In-Reply-To: <20120310205525.2a826c73@pennywise.havleik.no> References: <20120101230831.2e7b8aaf@pennywise.havleik.no> <20120310111939.1b35beee@tux-btj.asp-as.no> <20120310115547.48350309@tux-btj.asp-as.no> <97016B3D-3127-4516-B156-0B1B01A3E48B@topdog.za.net> <20120310154643.71ef85fa@tux-btj.asp-as.no> <20120310171813.4437447f@tux-btj.asp-as.no> <264B75BA-44B9-4358-80BF-E0FE23ED14CE@topdog.za.net> <20120310205525.2a826c73@pennywise.havleik.no> Message-ID: <883A7E59-ED29-46BE-8F9F-CCFC133A7CF9@topdog.za.net> On 10 Mar 2012, at 9:55 PM, Bj?rn T Johansen wrote: > Ok, I am running CentOS 6.2 and using Baruwa and MailScanner from the baruwa repository... What is the best way for me to upgrade? yum upgrade mailscanner -- www.baruwa.org From btj at havleik.no Sat Mar 10 20:46:04 2012 From: btj at havleik.no (=?ISO-8859-1?Q?Bj=F8rn_T_Johansen?=) Date: Sat Mar 10 20:53:05 2012 Subject: Quarantined message 13A82BF8DD.AF8F7 as it caused MailScanner to crash several times In-Reply-To: <883A7E59-ED29-46BE-8F9F-CCFC133A7CF9@topdog.za.net> References: <20120101230831.2e7b8aaf@pennywise.havleik.no> <20120310111939.1b35beee@tux-btj.asp-as.no> <20120310115547.48350309@tux-btj.asp-as.no> <97016B3D-3127-4516-B156-0B1B01A3E48B@topdog.za.net> <20120310154643.71ef85fa@tux-btj.asp-as.no> <20120310171813.4437447f@tux-btj.asp-as.no> <264B75BA-44B9-4358-80BF-E0FE23ED14CE@topdog.za.net> <20120310205525.2a826c73@pennywise.havleik.no> <883A7E59-ED29-46BE-8F9F-CCFC133A7CF9@topdog.za.net> Message-ID: <30876a8b-7494-492b-bc4c-da552411be81@email.android.com> Hmmm... That's what started all this.. I upgraded to new mailscanner couple of days ago and then the mailscanner started to crash.. I downgraded the mailscanner but that apparently didn't help... BTJ Andrew Colin Kissa wrote: > >On 10 Mar 2012, at 9:55 PM, Bj?rn T Johansen wrote: > >> Ok, I am running CentOS 6.2 and using Baruwa and MailScanner from the >baruwa repository... What is the best way for me to upgrade? > >yum upgrade mailscanner > >-- >www.baruwa.org > > > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. -- Sent from Kaiten Mail for Android. Please excuse my brevity. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120310/b14ff12d/attachment.html From btj at havleik.no Sun Mar 11 10:43:19 2012 From: btj at havleik.no (=?ISO-8859-1?Q?Bj=F8rn?= T Johansen) Date: Sun Mar 11 10:53:25 2012 Subject: Quarantined message 13A82BF8DD.AF8F7 as it caused MailScanner to crash several times In-Reply-To: <883A7E59-ED29-46BE-8F9F-CCFC133A7CF9@topdog.za.net> References: <20120101230831.2e7b8aaf@pennywise.havleik.no> <20120310111939.1b35beee@tux-btj.asp-as.no> <20120310115547.48350309@tux-btj.asp-as.no> <97016B3D-3127-4516-B156-0B1B01A3E48B@topdog.za.net> <20120310154643.71ef85fa@tux-btj.asp-as.no> <20120310171813.4437447f@tux-btj.asp-as.no> <264B75BA-44B9-4358-80BF-E0FE23ED14CE@topdog.za.net> <20120310205525.2a826c73@pennywise.havleik.no> <883A7E59-ED29-46BE-8F9F-CCFC133A7CF9@topdog.za.net> Message-ID: <20120311114319.094a0188@pennywise.havleik.no> Tried to upgrade and when running MailScanner --debug I still get the following..: In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Can't call method "print" on an undefined value at /usr/share/MailScanner/MailScanner/PFDiskStore.pm line 755. The same message with or without -U Any solution or should I start looking for something that works better? BTJ On Sat, 10 Mar 2012 22:05:43 +0200 Andrew Colin Kissa wrote: > > On 10 Mar 2012, at 9:55 PM, Bj?rn T Johansen wrote: > > > Ok, I am running CentOS 6.2 and using Baruwa and MailScanner from the baruwa repository... What is the best way for me to upgrade? > > yum upgrade mailscanner > > -- > www.baruwa.org > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From btj at havleik.no Sun Mar 11 12:07:13 2012 From: btj at havleik.no (=?ISO-8859-1?Q?Bj=F8rn?= T Johansen) Date: Sun Mar 11 12:13:25 2012 Subject: Quarantined message 13A82BF8DD.AF8F7 as it caused MailScanner to crash several times In-Reply-To: <20120311114319.094a0188@pennywise.havleik.no> References: <20120101230831.2e7b8aaf@pennywise.havleik.no> <20120310111939.1b35beee@tux-btj.asp-as.no> <20120310115547.48350309@tux-btj.asp-as.no> <97016B3D-3127-4516-B156-0B1B01A3E48B@topdog.za.net> <20120310154643.71ef85fa@tux-btj.asp-as.no> <20120310171813.4437447f@tux-btj.asp-as.no> <264B75BA-44B9-4358-80BF-E0FE23ED14CE@topdog.za.net> <20120310205525.2a826c73@pennywise.havleik.no> <883A7E59-ED29-46BE-8F9F-CCFC133A7CF9@topdog.za.net> <20120311114319.094a0188@pennywise.havleik.no> Message-ID: <20120311130713.55ece659@pennywise.havleik.no> > > > > > On 10 Mar 2012, at 9:55 PM, Bj?rn T Johansen wrote: > > > > > Ok, I am running CentOS 6.2 and using Baruwa and MailScanner from the baruwa repository... What is the best way for me to upgrade? > > > > yum upgrade mailscanner > > > > -- I think I finally figured out why this is happening... The MailScanner/quarantine directory was not writable for MailScanner.... Seems the owner of that directory changed during the upgrade... BTJ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From stu at spacehopper.org Sun Mar 11 13:47:11 2012 From: stu at spacehopper.org (Stuart Henderson) Date: Sun Mar 11 13:47:35 2012 Subject: Quarantined message 13A82BF8DD.AF8F7 as it caused MailScanner to crash several times References: <20120101230831.2e7b8aaf@pennywise.havleik.no> <20120310111939.1b35beee@tux-btj.asp-as.no> <20120310115547.48350309@tux-btj.asp-as.no> <97016B3D-3127-4516-B156-0B1B01A3E48B@topdog.za.net> <20120310154643.71ef85fa@tux-btj.asp-as.no> <20120310171813.4437447f@tux-btj.asp-as.no> Message-ID: On 2012-03-10, Jeremy McSpadden wrote: > Taint issue If you explicitly run mailscanner as the 'run as user' (i.e. with su or sudo) then perl won't use taint mode (unless you specifically ask for it). From mikael at syska.dk Sun Mar 11 18:16:56 2012 From: mikael at syska.dk (Mikael Syska) Date: Sun Mar 11 18:17:07 2012 Subject: Quarantined message 13A82BF8DD.AF8F7 as it caused MailScanner to crash several times In-Reply-To: <20120311114319.094a0188@pennywise.havleik.no> References: <20120101230831.2e7b8aaf@pennywise.havleik.no> <20120310111939.1b35beee@tux-btj.asp-as.no> <20120310115547.48350309@tux-btj.asp-as.no> <97016B3D-3127-4516-B156-0B1B01A3E48B@topdog.za.net> <20120310154643.71ef85fa@tux-btj.asp-as.no> <20120310171813.4437447f@tux-btj.asp-as.no> <264B75BA-44B9-4358-80BF-E0FE23ED14CE@topdog.za.net> <20120310205525.2a826c73@pennywise.havleik.no> <883A7E59-ED29-46BE-8F9F-CCFC133A7CF9@topdog.za.net> <20120311114319.094a0188@pennywise.havleik.no> Message-ID: Hi, On Sun, Mar 11, 2012 at 11:43 AM, Bj?rn T Johansen wrote: > Tried to upgrade and when running MailScanner --debug I still get the following..: > > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > Can't call method "print" on an undefined value at /usr/share/MailScanner/MailScanner/PFDiskStore.pm line 755. > > > The same message with or without -U > > > Any solution or should I start looking for something that works better? I hope this is meant as a very bad joke, if not, shame on you. You are always welcome to send patches or start use other free software. Alternatively you can pay for actually MailScanner support if you are not able to handle the problems free software can give :-) > > > > BTJ > > On Sat, 10 Mar 2012 22:05:43 +0200 > Andrew Colin Kissa wrote: > >> >> On 10 Mar 2012, at 9:55 PM, Bj?rn T Johansen wrote: >> >> > Ok, I am running CentOS 6.2 and using Baruwa and MailScanner from the baruwa repository... What is the best way for me to upgrade? >> >> yum upgrade mailscanner >> >> -- >> www.baruwa.org >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! mvh Mikael Syska From btj at havleik.no Sun Mar 11 19:27:32 2012 From: btj at havleik.no (=?ISO-8859-1?Q?Bj=F8rn?= T Johansen) Date: Sun Mar 11 19:38:26 2012 Subject: Quarantined message 13A82BF8DD.AF8F7 as it caused MailScanner to crash several times In-Reply-To: References: <20120101230831.2e7b8aaf@pennywise.havleik.no> <20120310111939.1b35beee@tux-btj.asp-as.no> <20120310115547.48350309@tux-btj.asp-as.no> <97016B3D-3127-4516-B156-0B1B01A3E48B@topdog.za.net> <20120310154643.71ef85fa@tux-btj.asp-as.no> <20120310171813.4437447f@tux-btj.asp-as.no> <264B75BA-44B9-4358-80BF-E0FE23ED14CE@topdog.za.net> <20120310205525.2a826c73@pennywise.havleik.no> <883A7E59-ED29-46BE-8F9F-CCFC133A7CF9@topdog.za.net> <20120311114319.094a0188@pennywise.havleik.no> Message-ID: <20120311202732.765ee431@pennywise.havleik.no> On Sun, 11 Mar 2012 19:16:56 +0100 Mikael Syska wrote: > Hi, > > On Sun, Mar 11, 2012 at 11:43 AM, Bj?rn T Johansen wrote: > > Tried to upgrade and when running MailScanner --debug I still get the following..: > > > > In Debugging mode, not forking... > > Trying to setlogsock(unix) > > Building a message batch to scan... > > Can't call method "print" on an undefined value at /usr/share/MailScanner/MailScanner/PFDiskStore.pm line 755. > > > > > > The same message with or without -U > > > > > > Any solution or should I start looking for something that works better? > > I hope this is meant as a very bad joke, if not, shame on you. You are > always welcome to send patches or start use other free software. > Alternatively you can pay for actually MailScanner support if you are > not able to handle the problems free software can give :-) > Njae... More out of frustration after beating at this problem for the last 2 days... I have been using MailScanner for the last 7-8 years and never had any real problems before this... But I finally nailed it; everything seems to be working as it should now... :) BTJ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at barendse.to Mon Mar 12 11:31:46 2012 From: mailscanner at barendse.to (Remco Barendse) Date: Mon Mar 12 11:32:04 2012 Subject: MailScanner IMPORTANT FIX In-Reply-To: References: <4F549A39.1060705@ecs.soton.ac.uk> Message-ID: Hi Julian, Does this version also fix some of teh other pending problems (like TNEF etc.) ? Thanks for the update! Remco On Mon, 5 Mar 2012, Julian Field wrote: > This is important news for all users of MailScanner and/or ScamNailer. > > Due to a domain name expiring (yes, my fault, I know :-( ) the updates for > the known bad phishing sites will no longer be correct. > > You can either > 1a. Download and install the latest release of MailScanner from > www.mailscanner.info. > or > 1b. Edit /usr/sbin/update_bad_phishing_sites (and > /usr/sbin/update_bad_phishing_emails if you have it too). Change > "www.mailscanner.tv" to "cdn.mailscanner.info". > > 2. After doing steps 1a or 1b above, > rm -rf /var/spool/MailScanner/quarantine/phishingupdate > /usr/sbin/update_bad_phishing_sites > (and run /usr/sbin/update_bad_phishing_emails if you have it too). > > This will regenerate the correct cache, as it may have been corrupted by the > people who swiped my domain. > > Sorry about all of this, > > Jules > > From mailscanner at pdscc.com Mon Mar 12 17:25:43 2012 From: mailscanner at pdscc.com (Harondel J. Sibble) Date: Mon Mar 12 17:26:01 2012 Subject: lots of spam getting through with zero score since saturday Message-ID: <20120312172546.4106E5A1C81@sinclaire.sibble.net> Kinda scratching my head here Client emailed to say that this weekend lots of spam started coming through. Other than moving the box from physical to virtual about a month ago, there haven't been any changes or updates. All the spam that's getting through has a listing of 0.00 Clean in Mailwatch, this is what I see in Mailwatch when I pull up the detailed info.. SpamAssassin Spam: N Action(s): store, deliver High Scoring Spam: N SpamAssassin Spam: N Listed in RBL: N Spam Whitelisted: N Spam Blacklisted: N SpamAssassin Autolearn: N SpamAssassin Score: 0.00 Spam Report: Score Matching Rule Description cached not out timed Some messages are being appropriately tagged as spam, even highscoring spam, but that's maybe 1 out of a hundred, the other 99 are just flowing through. I'm reviewing the configuration, but so far nothing seems out of the ordinary, Suggestions for next steps? -- Harondel J. Sibble Sibble Computer Consulting Creating Solutions for the small and medium business computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com Blog: http://www.pdscc.com/blog (604) 739-3709 (voice) From ms-list at alexb.ch Mon Mar 12 17:44:34 2012 From: ms-list at alexb.ch (Alex Broens) Date: Mon Mar 12 17:44:45 2012 Subject: lots of spam getting through with zero score since saturday In-Reply-To: <20120312172546.4106E5A1C81@sinclaire.sibble.net> References: <20120312172546.4106E5A1C81@sinclaire.sibble.net> Message-ID: <4F5E3602.4090102@alexb.ch> On 03/12/2012 06:25 PM, Harondel J. Sibble wrote: > Kinda scratching my head here > > Client emailed to say that this weekend lots of spam started coming through. > Other than moving the box from physical to virtual about a month ago, there > haven't been any changes or updates. > > All the spam that's getting through has a listing of 0.00 Clean in Mailwatch, > this is what I see in Mailwatch when I pull up the detailed info.. > > SpamAssassin > Spam: N Action(s): store, deliver > High Scoring Spam: N > SpamAssassin Spam: N > Listed in RBL: N > Spam Whitelisted: N > Spam Blacklisted: N > SpamAssassin Autolearn: N > SpamAssassin Score: 0.00 > > Spam Report: Score Matching Rule Description > cached not > out timed > > Some messages are being appropriately tagged as spam, even highscoring spam, > but that's maybe 1 out of a hundred, the other 99 are just flowing through. > > I'm reviewing the configuration, but so far nothing seems out of the > ordinary, > > Suggestions for next steps? I'd start with getting hold of missed messages, analyze, write SA rules, feed bayes.... From ssilva at sgvwater.com Mon Mar 12 18:24:24 2012 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 12 18:24:55 2012 Subject: lots of spam getting through with zero score since saturday In-Reply-To: <20120312172546.4106E5A1C81@sinclaire.sibble.net> References: <20120312172546.4106E5A1C81@sinclaire.sibble.net> Message-ID: on 3/12/2012 10:25 AM Harondel J. Sibble spake the following: < > > Suggestions for next steps? > Spamassassin is timing out... From adrik at salesmanager.nl Tue Mar 13 12:44:55 2012 From: adrik at salesmanager.nl (Adri Koppes) Date: Tue Mar 13 12:45:05 2012 Subject: Error expanding TNEF attachments in new 4.84.5-2 Message-ID: Julian, I just updated to the last version 4.84.5-2 and noticed a bug with the new 'mktemp' fixes. When I receive a message having a tnef attachment I get the following messages in syslog: Mar 13 13:13:45 mail MailScanner[17323]: New Batch: Scanning 1 messages, 32172 bytes Mar 13 13:13:45 mail MailScanner[17323]: Expanding TNEF archive at /usr/local/etc/MailScanner/incoming/17323/q2DCDfuq022124/winmail.dat Mar 13 13:13:45 mail MailScanner[17323]: Trying to unpack nwinmail.dat in message q2DCDfuq022124, could not create subdirectory q2DCDfuq022124//tnefdDM1SB, failed to unpack TNEF message Mar 13 13:13:45 mail MailScanner[17323]: Corrupt TNEF winmail.dat that cannot be analysed in message q2DCDfuq022124 This is using the external tnef decoder setting in MailScanner.conf The message is not sent to the recipients, instead an 'Other Bad Content Detected' report and notice is generated. Best regards, Adri. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120313/da384059/attachment.html From jeremy at fluxlabs.net Tue Mar 13 12:54:12 2012 From: jeremy at fluxlabs.net (Jeremy McSpadden) Date: Tue Mar 13 12:54:30 2012 Subject: Error expanding TNEF attachments in new 4.84.5-2 In-Reply-To: Message-ID: could not create subdirectory q2DCDfuq022124//tnefdDM1SB Check perms -- Jeremy McSpadden Flux Labs, Inc http://www.fluxlabs.net Endless Solutions Office : 850-588-4626 Cell : 850-890-2543 Fax : 850-254-2955 From: Adri Koppes > Reply-To: MailScanner discussion > Date: Tue, 13 Mar 2012 13:44:55 +0100 To: MailScanner discussion > Subject: Error expanding TNEF attachments in new 4.84.5-2 Julian, I just updated to the last version 4.84.5-2 and noticed a bug with the new ?mktemp? fixes. When I receive a message having a tnef attachment I get the following messages in syslog: Mar 13 13:13:45 mail MailScanner[17323]: New Batch: Scanning 1 messages, 32172 bytes Mar 13 13:13:45 mail MailScanner[17323]: Expanding TNEF archive at /usr/local/etc/MailScanner/incoming/17323/q2DCDfuq022124/winmail.dat Mar 13 13:13:45 mail MailScanner[17323]: Trying to unpack nwinmail.dat in message q2DCDfuq022124, could not create subdirectory q2DCDfuq022124//tnefdDM1SB, failed to unpack TNEF message Mar 13 13:13:45 mail MailScanner[17323]: Corrupt TNEF winmail.dat that cannot be analysed in message q2DCDfuq022124 This is using the external tnef decoder setting in MailScanner.conf The message is not sent to the recipients, instead an ?Other Bad Content Detected? report and notice is generated. Best regards, Adri. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120313/9432e841/attachment.html From adrik at salesmanager.nl Tue Mar 13 13:13:48 2012 From: adrik at salesmanager.nl (Adri Koppes) Date: Tue Mar 13 13:13:57 2012 Subject: Error expanding TNEF attachments in new 4.84.5-2 In-Reply-To: References: Message-ID: Jeremy, The perms are 755, owner is root and group is clamav. But the incoming/* directories are created by MailScanner, so setting correct perms should be done by MailScanner. Also the same setup worked fine with version 4.83.5. If I replace 'lib/MailScanner/TNEF.pm' with the corresponding file from version 4.83.5, then everything works fine again. Adri. From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeremy McSpadden Sent: dinsdag 13 maart 2012 13:54 To: MailScanner discussion Subject: Re: Error expanding TNEF attachments in new 4.84.5-2 could not create subdirectory q2DCDfuq022124//tnefdDM1SB Check perms -- Jeremy McSpadden Flux Labs, Inc http://www.fluxlabs.net Endless Solutions Office : 850-588-4626 Cell : 850-890-2543 Fax : 850-254-2955 From: Adri Koppes Reply-To: MailScanner discussion Date: Tue, 13 Mar 2012 13:44:55 +0100 To: MailScanner discussion Subject: Error expanding TNEF attachments in new 4.84.5-2 Julian, I just updated to the last version 4.84.5-2 and noticed a bug with the new 'mktemp' fixes. When I receive a message having a tnef attachment I get the following messages in syslog: Mar 13 13:13:45 mail MailScanner[17323]: New Batch: Scanning 1 messages, 32172 bytes Mar 13 13:13:45 mail MailScanner[17323]: Expanding TNEF archive at /usr/local/etc/MailScanner/incoming/17323/q2DCDfuq022124/winmail.dat Mar 13 13:13:45 mail MailScanner[17323]: Trying to unpack nwinmail.dat in message q2DCDfuq022124, could not create subdirectory q2DCDfuq022124//tnefdDM1SB, failed to unpack TNEF message Mar 13 13:13:45 mail MailScanner[17323]: Corrupt TNEF winmail.dat that cannot be analysed in message q2DCDfuq022124 This is using the external tnef decoder setting in MailScanner.conf The message is not sent to the recipients, instead an 'Other Bad Content Detected' report and notice is generated. Best regards, Adri. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120313/c10502b7/attachment.html From jeremy at fluxlabs.net Tue Mar 13 13:24:52 2012 From: jeremy at fluxlabs.net (Jeremy McSpadden) Date: Tue Mar 13 13:25:07 2012 Subject: Error expanding TNEF attachments in new 4.84.5-2 In-Reply-To: Message-ID: So it's a Taint in perl issue .. What does ?debug output? -- Jeremy McSpadden Flux Labs, Inc http://www.fluxlabs.net Endless Solutions Office : 850-588-4626 Cell : 850-890-2543 Fax : 850-254-2955 From: Adri Koppes > Reply-To: MailScanner discussion > Date: Tue, 13 Mar 2012 14:13:48 +0100 To: MailScanner discussion > Subject: RE: Error expanding TNEF attachments in new 4.84.5-2 Jeremy, The perms are 755, owner is root and group is clamav. But the incoming/* directories are created by MailScanner, so setting correct perms should be done by MailScanner. Also the same setup worked fine with version 4.83.5. If I replace ?lib/MailScanner/TNEF.pm? with the corresponding file from version 4.83.5, then everything works fine again. Adri. From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeremy McSpadden Sent: dinsdag 13 maart 2012 13:54 To: MailScanner discussion Subject: Re: Error expanding TNEF attachments in new 4.84.5-2 could not create subdirectory q2DCDfuq022124//tnefdDM1SB Check perms -- Jeremy McSpadden Flux Labs, Inc http://www.fluxlabs.net Endless Solutions Office : 850-588-4626 Cell : 850-890-2543 Fax : 850-254-2955 From: Adri Koppes > Reply-To: MailScanner discussion > Date: Tue, 13 Mar 2012 13:44:55 +0100 To: MailScanner discussion > Subject: Error expanding TNEF attachments in new 4.84.5-2 Julian, I just updated to the last version 4.84.5-2 and noticed a bug with the new ?mktemp? fixes. When I receive a message having a tnef attachment I get the following messages in syslog: Mar 13 13:13:45 mail MailScanner[17323]: New Batch: Scanning 1 messages, 32172 bytes Mar 13 13:13:45 mail MailScanner[17323]: Expanding TNEF archive at /usr/local/etc/MailScanner/incoming/17323/q2DCDfuq022124/winmail.dat Mar 13 13:13:45 mail MailScanner[17323]: Trying to unpack nwinmail.dat in message q2DCDfuq022124, could not create subdirectory q2DCDfuq022124//tnefdDM1SB, failed to unpack TNEF message Mar 13 13:13:45 mail MailScanner[17323]: Corrupt TNEF winmail.dat that cannot be analysed in message q2DCDfuq022124 This is using the external tnef decoder setting in MailScanner.conf The message is not sent to the recipients, instead an ?Other Bad Content Detected? report and notice is generated. Best regards, Adri. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120313/62c96669/attachment.html From kkobb at skylinecorp.com Tue Mar 13 13:28:53 2012 From: kkobb at skylinecorp.com (Kevin Kobb) Date: Tue Mar 13 13:29:12 2012 Subject: Error expanding TNEF attachments in new 4.84.5-2 In-Reply-To: References: Message-ID: <4F5F4B95.5020008@skylinecorp.com> On 3/13/2012 9:13 AM, Adri Koppes wrote: > Jeremy, > > > > The perms are 755, owner is root and group is clamav. > > But the incoming/* directories are created by MailScanner, so setting > correct perms should be done by MailScanner. > > Also the same setup worked fine with version 4.83.5. > > If I replace ?lib/MailScanner/TNEF.pm? with the corresponding file from > version 4.83.5, then everything works fine again. > > > > Adri. > > > > > > *From:*mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Jeremy McSpadden > *Sent:* dinsdag 13 maart 2012 13:54 > *To:* MailScanner discussion > *Subject:* Re: Error expanding TNEF attachments in new 4.84.5-2 > > > > could not create subdirectory q2DCDfuq022124//tnefdDM1SB > > > > Check perms > > -- > > Jeremy McSpadden > > Flux Labs, Inc > > http://www.fluxlabs.net > Endless Solutions > > *Office* : 850-588-4626 > > *Cell* : 850-890-2543 > *Fax* : 850-254-2955 > > > > *From: *Adri Koppes > > *Reply-To: *MailScanner discussion > > *Date: *Tue, 13 Mar 2012 13:44:55 +0100 > *To: *MailScanner discussion > > *Subject: *Error expanding TNEF attachments in new 4.84.5-2 > > > > Julian, > > > > I just updated to the last version 4.84.5-2 and noticed a bug with the > new ?mktemp? fixes. > > When I receive a message having a tnef attachment I get the following > messages in syslog: > > > > Mar 13 13:13:45 mail MailScanner[17323]: New Batch: Scanning 1 messages, > 32172 bytes > > Mar 13 13:13:45 mail MailScanner[17323]: Expanding TNEF archive at > /usr/local/etc/MailScanner/incoming/17323/q2DCDfuq022124/winmail.dat > > Mar 13 13:13:45 mail MailScanner[17323]: Trying to unpack nwinmail.dat > in message q2DCDfuq022124, could not create subdirectory > q2DCDfuq022124//tnefdDM1SB, failed to unpack TNEF message > > Mar 13 13:13:45 mail MailScanner[17323]: Corrupt TNEF winmail.dat that > cannot be analysed in message q2DCDfuq022124 > > > > This is using the external tnef decoder setting in MailScanner.conf > > The message is not sent to the recipients, instead an ?Other Bad Content > Detected? report and notice is generated. > > > > Best regards, > > > > Adri. > > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner Before > posting, read http://wiki.mailscanner.info/posting Support MailScanner > development - buy the book off the website! > > > Which version of tnef are you using? When I upgraded to tnef 1.4.9 I had these problems even though I had applied the recent patches that were posted, and all the perms looked fine. When I went back to tnef 1.4.8, everything was OK again. I also don't understand why tnef was touching most of these messages. I had the user compose a single line email, composed in html, and no attachments, and it still unpacked it. However, with tnef 1.4.8 it didn't fail at least. From adrik at salesmanager.nl Tue Mar 13 14:34:51 2012 From: adrik at salesmanager.nl (Adri Koppes) Date: Tue Mar 13 14:35:00 2012 Subject: Error expanding TNEF attachments in new 4.84.5-2 In-Reply-To: <4F5F4B95.5020008@skylinecorp.com> References: <4F5F4B95.5020008@skylinecorp.com> Message-ID: Kevin, I also recently installed tnef 1.4.9. But the new tnef 1.4.9 works fine with the older MailScanner 4.83.5. Also the error seems to be generated by MailScanner in TNEF.pm when it tried to create a temporary subdirectory, before the external tnef program is run. Adri. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kevin Kobb Sent: dinsdag 13 maart 2012 14:29 To: MailScanner discussion Subject: Re: Error expanding TNEF attachments in new 4.84.5-2 On 3/13/2012 9:13 AM, Adri Koppes wrote: > Jeremy, > > > > The perms are 755, owner is root and group is clamav. > > But the incoming/* directories are created by MailScanner, so setting > correct perms should be done by MailScanner. > > Also the same setup worked fine with version 4.83.5. > > If I replace 'lib/MailScanner/TNEF.pm' with the corresponding file > from version 4.83.5, then everything works fine again. > > > > Adri. > > > > > > *From:*mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Jeremy McSpadden > *Sent:* dinsdag 13 maart 2012 13:54 > *To:* MailScanner discussion > *Subject:* Re: Error expanding TNEF attachments in new 4.84.5-2 > > > > could not create subdirectory q2DCDfuq022124//tnefdDM1SB > > > > Check perms > > -- > > Jeremy McSpadden > > Flux Labs, Inc > > http://www.fluxlabs.net Endless Solutions > > *Office* : 850-588-4626 > > *Cell* : 850-890-2543 > *Fax* : 850-254-2955 > > > > *From: *Adri Koppes > > *Reply-To: *MailScanner discussion > > *Date: *Tue, 13 Mar 2012 13:44:55 +0100 > *To: *MailScanner discussion > > *Subject: *Error expanding TNEF attachments in new 4.84.5-2 > > > > Julian, > > > > I just updated to the last version 4.84.5-2 and noticed a bug with the > new 'mktemp' fixes. > > When I receive a message having a tnef attachment I get the following > messages in syslog: > > > > Mar 13 13:13:45 mail MailScanner[17323]: New Batch: Scanning 1 > messages, > 32172 bytes > > Mar 13 13:13:45 mail MailScanner[17323]: Expanding TNEF archive at > /usr/local/etc/MailScanner/incoming/17323/q2DCDfuq022124/winmail.dat > > Mar 13 13:13:45 mail MailScanner[17323]: Trying to unpack nwinmail.dat > in message q2DCDfuq022124, could not create subdirectory > q2DCDfuq022124//tnefdDM1SB, failed to unpack TNEF message > > Mar 13 13:13:45 mail MailScanner[17323]: Corrupt TNEF winmail.dat that > cannot be analysed in message q2DCDfuq022124 > > > > This is using the external tnef decoder setting in MailScanner.conf > > The message is not sent to the recipients, instead an 'Other Bad > Content Detected' report and notice is generated. > > > > Best regards, > > > > Adri. > > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner Before > posting, read http://wiki.mailscanner.info/posting Support MailScanner > development - buy the book off the website! > > > Which version of tnef are you using? When I upgraded to tnef 1.4.9 I had these problems even though I had applied the recent patches that were posted, and all the perms looked fine. When I went back to tnef 1.4.8, everything was OK again. I also don't understand why tnef was touching most of these messages. I had the user compose a single line email, composed in html, and no attachments, and it still unpacked it. However, with tnef 1.4.8 it didn't fail at least. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From m.anderlini at database.it Tue Mar 13 14:38:26 2012 From: m.anderlini at database.it (Marcello Anderlini) Date: Tue Mar 13 14:38:51 2012 Subject: Does MailScanner is realy using SpamAssassin ? Message-ID: <9B32944F89124C54A36925A71B5333D4@xpmarcello> Hello guys, first thing, sorry for my ridicolous English but as you can notice is not my first language. I'm trying to install the last mailscanner (4.84.5-2) on a centos 6.x x86_64. All seem to work well but in the maillog I can not see any evidence of Spamassasin score. In one old installation in maillog I can see for exaples this : =================== Message q2DEW1jo017136 from 109.236.85.8 (nicolas@critsend.com) to xxxxx.it is spam, SpamAssassin (not cached, punteggio=5.913, necessario 5, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, HTML_IMAGE_RATIO_04 0.61, HTML_MESSAGE 0.00, T_SURBL_MULTI1 0.01, T_URIBL_BLACK_OVERLAP 0.01, URIBL_BLACK 1.77, URIBL_JP_SURBL 1.95, URIBL_WS_SURBL 1.66) =================== Instead in the new one I do not see any SpamAssasin Score. ========= Mar 13 11:25:52 dhcppc15 MailScanner[10794]: Connected to SpamAssassin cache database Mar 13 11:25:54 dhcppc15 MailScanner[10794]: Connected to Processing Attempts Database Mar 13 11:25:54 dhcppc15 MailScanner[10794]: Found 0 messages in the Processing Attempts Database Mar 13 11:25:54 dhcppc15 MailScanner[10794]: Using locktype = posix Mar 13 11:25:59 dhcppc15 sendmail[10795]: q2DAPxFf010795: from=, size=310272, class=0, nrcpts=1, msgid=<4F5F20D4.8010204@cittaonline.it>, proto=ESMTP, daemon=MTA, relay=[192.168.1.102] Mar 13 11:26:00 dhcppc15 MailScanner[10794]: New Batch: Scanning 1 messages, 310715 bytes Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Virus and Content Scanning: Starting Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Spam Checks: Starting Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Content Checks: Detected and have disarmed web bug tags in HTML message in q2DAPxFf010795 from info@cittaonline.it Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Uninfected: Delivered 1 messages Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Deleted 1 messages from processing-database Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Batch completed at 0 bytes per second (310715 / 0) Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Batch (1 message) processed in 0.13 seconds Mar 13 11:26:00 dhcppc15 sendmail[10800]: q2DAPxFf010795: to=, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=430272, dsn=2.0.0, stat=Sent ========= In Mailscanner.conf I've set this value for logging ================ Syslog Facility = mail Log Speed = yes Log Spam = yes Log Non Spam = yes Log Delivery And Non-Delivery = no Log Permitted Filenames = no Log Permitted Filetypes = no Log Permitted File MIME Types = no Log Silent Viruses = no Log Dangerous HTML Tags = no Log SpamAssassin Rule Actions = yes ================ This is MailScanner --lint report ======================= Currently you are using no virus scanners. This is probably not what you want. In your /etc/MailScanner/MailScanner.conf file, set Virus Scanners = clamav Then download Unpack it, "cd" into the directory and run ./install.sh Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 869 hostnames from the phishing whitelist Read 4948 hostnames from the phishing blacklists Checking version numbers... Version number in MailScanner.conf (4.84.5) is correct. Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 0 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = none" Found these virus scanners installed: =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting =========================================================================== If any of your virus scanners () are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. ======================= Thanks for any help Cheers Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it From kkobb at skylinecorp.com Tue Mar 13 14:53:36 2012 From: kkobb at skylinecorp.com (Kevin Kobb) Date: Tue Mar 13 14:53:53 2012 Subject: Error expanding TNEF attachments in new 4.84.5-2 In-Reply-To: References: <4F5F4B95.5020008@skylinecorp.com> Message-ID: <4F5F5F70.4090200@skylinecorp.com> On 3/13/2012 10:34 AM, Adri Koppes wrote: > Kevin, > > I also recently installed tnef 1.4.9. > But the new tnef 1.4.9 works fine with the older MailScanner 4.83.5. > Also the error seems to be generated by MailScanner in TNEF.pm when it > tried to create a temporary subdirectory, before the external tnef > program is run. > > Adri. > Interesting. I'll have to experiment with this a little more when I get a chance. I just did this a couple days ago, so I haven't had a lot of time to look at it yet. From ssilva at sgvwater.com Tue Mar 13 16:32:07 2012 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 13 16:32:28 2012 Subject: Does MailScanner is realy using SpamAssassin ? In-Reply-To: <9B32944F89124C54A36925A71B5333D4@xpmarcello> References: <9B32944F89124C54A36925A71B5333D4@xpmarcello> Message-ID: on 3/13/2012 7:38 AM Marcello Anderlini spake the following: > Hello guys, first thing, sorry for my ridicolous English but as you can > notice is not my first language. > > I'm trying to install the last mailscanner (4.84.5-2) on a centos 6.x > x86_64. All seem to work well but in the maillog I can not see any evidence > of Spamassasin score. > In one old installation in maillog I can see for exaples this : > =================== > Message q2DEW1jo017136 from 109.236.85.8 (nicolas@critsend.com) to xxxxx.it > is spam, SpamAssassin (not cached, punteggio=5.913, necessario 5, > DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, HTML_IMAGE_RATIO_04 > 0.61, HTML_MESSAGE 0.00, T_SURBL_MULTI1 0.01, T_URIBL_BLACK_OVERLAP 0.01, > URIBL_BLACK 1.77, URIBL_JP_SURBL 1.95, URIBL_WS_SURBL 1.66) > =================== > > Instead in the new one I do not see any SpamAssasin Score. > ========= > Mar 13 11:25:52 dhcppc15 MailScanner[10794]: Connected to SpamAssassin cache > database > Mar 13 11:25:54 dhcppc15 MailScanner[10794]: Connected to Processing > Attempts Database > Mar 13 11:25:54 dhcppc15 MailScanner[10794]: Found 0 messages in the > Processing Attempts Database > Mar 13 11:25:54 dhcppc15 MailScanner[10794]: Using locktype = posix > Mar 13 11:25:59 dhcppc15 sendmail[10795]: q2DAPxFf010795: > from=, size=310272, class=0, nrcpts=1, > msgid=<4F5F20D4.8010204@cittaonline.it>, proto=ESMTP, daemon=MTA, > relay=[192.168.1.102] > Mar 13 11:26:00 dhcppc15 MailScanner[10794]: New Batch: Scanning 1 messages, > 310715 bytes > Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Virus and Content Scanning: > Starting > Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Spam Checks: Starting > Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Content Checks: Detected and > have disarmed web bug tags in HTML message in q2DAPxFf010795 from > info@cittaonline.it > Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Uninfected: Delivered 1 > messages > Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Deleted 1 messages from > processing-database > Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Batch completed at 0 bytes per > second (310715 / 0) > Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Batch (1 message) processed in > 0.13 seconds > Mar 13 11:26:00 dhcppc15 sendmail[10800]: q2DAPxFf010795: > to=, delay=00:00:01, xdelay=00:00:00, > mailer=local, pri=430272, dsn=2.0.0, stat=Sent > ========= > > In Mailscanner.conf I've set this value for logging > ================ > Syslog Facility = mail > Log Speed = yes > Log Spam = yes > Log Non Spam = yes > Log Delivery And Non-Delivery = no > Log Permitted Filenames = no > Log Permitted Filetypes = no > Log Permitted File MIME Types = no > Log Silent Viruses = no > Log Dangerous HTML Tags = no > Log SpamAssassin Rule Actions = yes > ================ > > This is MailScanner --lint report > > ======================= > Currently you are using no virus scanners. > This is probably not what you want. > > In your /etc/MailScanner/MailScanner.conf file, set > Virus Scanners = clamav > Then download > > Unpack it, "cd" into the directory and run ./install.sh > > Trying to setlogsock(unix) > > Reading configuration file /etc/MailScanner/MailScanner.conf > Reading configuration file /etc/MailScanner/conf.d/README > Read 869 hostnames from the phishing whitelist > Read 4948 hostnames from the phishing blacklists > > Checking version numbers... > Version number in MailScanner.conf (4.84.5) is correct. > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > Connected to Processing Attempts Database > Created Processing Attempts Database successfully > There are 0 messages in the Processing Attempts Database > Using locktype = posix > MailScanner.conf says "Virus Scanners = none" > Found these virus scanners installed: > =========================================================================== > Filename Checks: Windows/DOS Executable (1 eicar.com) > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > =========================================================================== > > If any of your virus scanners () > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its virus.scanners.conf. > ======================= > > > Thanks for any help > > Cheers There is a setting in MailScanner to always show the spamassassin score. You could turn that on, at least long enough to check if it is working... From m.anderlini at database.it Tue Mar 13 17:01:27 2012 From: m.anderlini at database.it (Marcello Anderlini) Date: Tue Mar 13 17:01:54 2012 Subject: R: Does MailScanner is realy using SpamAssassin ? In-Reply-To: References: <9B32944F89124C54A36925A71B5333D4@xpmarcello> Message-ID: <9A4B22217FFF45AD8501BEB5AE1AA7BF@xpmarcello> I've set this values: ============ Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = yes ============ But I still can not see scores: ============== ar 13 17:58:11 dhcppc15 sendmail[21520]: q2DGwB40021520: from=, size=311725, class=0, nrcpts=1, msgid=<4F5F7CC2.2000304@cittaonline.it>, proto=ESMTP, daemon=MTA, relay=[192.168.1.102] Mar 13 17:58:12 dhcppc15 MailScanner[21517]: New Batch: Scanning 1 messages, 312168 bytes Mar 13 17:58:12 dhcppc15 MailScanner[21517]: Virus and Content Scanning: Starting Mar 13 17:58:12 dhcppc15 MailScanner[21517]: Spam Checks: Starting Mar 13 17:58:12 dhcppc15 MailScanner[21517]: Content Checks: Detected and have disarmed web bug tags in HTML message in q2DGwB40021520 from info@cittaonline.it Mar 13 17:58:12 dhcppc15 MailScanner[21517]: Uninfected: Delivered 1 messages Mar 13 17:58:12 dhcppc15 MailScanner[21517]: Deleted 1 messages from processing-database Mar 13 17:58:12 dhcppc15 MailScanner[21517]: Batch completed at 0 bytes per second (312168 / 0) Mar 13 17:58:12 dhcppc15 MailScanner[21517]: Batch (1 message) processed in 0.13 seconds Mar 13 17:58:12 dhcppc15 sendmail[21525]: q2DGwB40021520: to=, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=431725, dsn=2.0.0, stat=Sent ============== Are there more values to set ? Thanks Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it -----Messaggio originale----- Da: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Per conto di Scott Silva Inviato: marted? 13 marzo 2012 17.32 A: mailscanner@lists.mailscanner.info Oggetto: Re: Does MailScanner is realy using SpamAssassin ? on 3/13/2012 7:38 AM Marcello Anderlini spake the following: > Hello guys, first thing, sorry for my ridicolous English but as you can > notice is not my first language. > > I'm trying to install the last mailscanner (4.84.5-2) on a centos 6.x > x86_64. All seem to work well but in the maillog I can not see any evidence > of Spamassasin score. > In one old installation in maillog I can see for exaples this : > =================== > Message q2DEW1jo017136 from 109.236.85.8 (nicolas@critsend.com) to xxxxx.it > is spam, SpamAssassin (not cached, punteggio=5.913, necessario 5, > DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, HTML_IMAGE_RATIO_04 > 0.61, HTML_MESSAGE 0.00, T_SURBL_MULTI1 0.01, T_URIBL_BLACK_OVERLAP 0.01, > URIBL_BLACK 1.77, URIBL_JP_SURBL 1.95, URIBL_WS_SURBL 1.66) > =================== > > Instead in the new one I do not see any SpamAssasin Score. > ========= > Mar 13 11:25:52 dhcppc15 MailScanner[10794]: Connected to SpamAssassin cache > database > Mar 13 11:25:54 dhcppc15 MailScanner[10794]: Connected to Processing > Attempts Database > Mar 13 11:25:54 dhcppc15 MailScanner[10794]: Found 0 messages in the > Processing Attempts Database > Mar 13 11:25:54 dhcppc15 MailScanner[10794]: Using locktype = posix > Mar 13 11:25:59 dhcppc15 sendmail[10795]: q2DAPxFf010795: > from=, size=310272, class=0, nrcpts=1, > msgid=<4F5F20D4.8010204@cittaonline.it>, proto=ESMTP, daemon=MTA, > relay=[192.168.1.102] > Mar 13 11:26:00 dhcppc15 MailScanner[10794]: New Batch: Scanning 1 messages, > 310715 bytes > Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Virus and Content Scanning: > Starting > Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Spam Checks: Starting > Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Content Checks: Detected and > have disarmed web bug tags in HTML message in q2DAPxFf010795 from > info@cittaonline.it > Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Uninfected: Delivered 1 > messages > Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Deleted 1 messages from > processing-database > Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Batch completed at 0 bytes per > second (310715 / 0) > Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Batch (1 message) processed in > 0.13 seconds > Mar 13 11:26:00 dhcppc15 sendmail[10800]: q2DAPxFf010795: > to=, delay=00:00:01, xdelay=00:00:00, > mailer=local, pri=430272, dsn=2.0.0, stat=Sent > ========= > > In Mailscanner.conf I've set this value for logging > ================ > Syslog Facility = mail > Log Speed = yes > Log Spam = yes > Log Non Spam = yes > Log Delivery And Non-Delivery = no > Log Permitted Filenames = no > Log Permitted Filetypes = no > Log Permitted File MIME Types = no > Log Silent Viruses = no > Log Dangerous HTML Tags = no > Log SpamAssassin Rule Actions = yes > ================ > > This is MailScanner --lint report > > ======================= > Currently you are using no virus scanners. > This is probably not what you want. > > In your /etc/MailScanner/MailScanner.conf file, set > Virus Scanners = clamav > Then download > > Unpack it, "cd" into the directory and run ./install.sh > > Trying to setlogsock(unix) > > Reading configuration file /etc/MailScanner/MailScanner.conf > Reading configuration file /etc/MailScanner/conf.d/README > Read 869 hostnames from the phishing whitelist > Read 4948 hostnames from the phishing blacklists > > Checking version numbers... > Version number in MailScanner.conf (4.84.5) is correct. > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > Connected to Processing Attempts Database > Created Processing Attempts Database successfully > There are 0 messages in the Processing Attempts Database > Using locktype = posix > MailScanner.conf says "Virus Scanners = none" > Found these virus scanners installed: > =========================================================================== > Filename Checks: Windows/DOS Executable (1 eicar.com) > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > =========================================================================== > > If any of your virus scanners () > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its virus.scanners.conf. > ======================= > > > Thanks for any help > > Cheers There is a setting in MailScanner to always show the spamassassin score. You could turn that on, at least long enough to check if it is working... -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From jbull at esd113.org Tue Mar 13 17:02:06 2012 From: jbull at esd113.org (John Bull) Date: Tue Mar 13 17:02:19 2012 Subject: Does MailScanner is realy using SpamAssassin ? In-Reply-To: References: <9B32944F89124C54A36925A71B5333D4@xpmarcello> Message-ID: <2046762850AF9D4DA8E1EB3B6F2BA19C16C1F144@VA3DIAXVS1A1.RED001.local> You may wish to consider/confirm some the following MailScanner configuration options: Changes to Messsage Headers Include Scores In SpamAssassin Report = yes SpamScore Number Instead Of Stars = yes Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = yes Spam Detection and Spam Lists Spam Checks = yes Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules Is Definitely Spam = %rules-dir%/spam.blacklist.rules Definite Spam Is High Scoring = yes SpamAssassin Use SpamAssassin = yes Required SpamAssassin Score = 4.75 High SpamAssassin Score = 5 Spam Score = yes Logging Log Spam = yes Log Non Spam = yes -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: Tuesday, March 13, 2012 9:32 AM To: mailscanner@lists.mailscanner.info Subject: Re: Does MailScanner is realy using SpamAssassin ? on 3/13/2012 7:38 AM Marcello Anderlini spake the following: > Hello guys, first thing, sorry for my ridicolous English but as you > can notice is not my first language. > > I'm trying to install the last mailscanner (4.84.5-2) on a centos 6.x > x86_64. All seem to work well but in the maillog I can not see any > evidence of Spamassasin score. > In one old installation in maillog I can see for exaples this : > =================== > Message q2DEW1jo017136 from 109.236.85.8 (nicolas@critsend.com) to > xxxxx.it is spam, SpamAssassin (not cached, punteggio=5.913, > necessario 5, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, > HTML_IMAGE_RATIO_04 0.61, HTML_MESSAGE 0.00, T_SURBL_MULTI1 0.01, > T_URIBL_BLACK_OVERLAP 0.01, URIBL_BLACK 1.77, URIBL_JP_SURBL 1.95, > URIBL_WS_SURBL 1.66) =================== > > Instead in the new one I do not see any SpamAssasin Score. > ========= > Mar 13 11:25:52 dhcppc15 MailScanner[10794]: Connected to SpamAssassin > cache database Mar 13 11:25:54 dhcppc15 MailScanner[10794]: Connected > to Processing Attempts Database Mar 13 11:25:54 dhcppc15 > MailScanner[10794]: Found 0 messages in the Processing Attempts > Database Mar 13 11:25:54 dhcppc15 MailScanner[10794]: Using locktype = > posix Mar 13 11:25:59 dhcppc15 sendmail[10795]: q2DAPxFf010795: > from=, size=310272, class=0, nrcpts=1, > msgid=<4F5F20D4.8010204@cittaonline.it>, proto=ESMTP, daemon=MTA, > relay=[192.168.1.102] Mar 13 11:26:00 dhcppc15 MailScanner[10794]: New > Batch: Scanning 1 messages, > 310715 bytes > Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Virus and Content Scanning: > Starting > Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Spam Checks: Starting Mar > 13 11:26:00 dhcppc15 MailScanner[10794]: Content Checks: Detected and > have disarmed web bug tags in HTML message in q2DAPxFf010795 from > info@cittaonline.it Mar 13 11:26:00 dhcppc15 MailScanner[10794]: > Uninfected: Delivered 1 messages Mar 13 11:26:00 dhcppc15 > MailScanner[10794]: Deleted 1 messages from processing-database Mar 13 > 11:26:00 dhcppc15 MailScanner[10794]: Batch completed at 0 bytes per > second (310715 / 0) Mar 13 11:26:00 dhcppc15 MailScanner[10794]: Batch > (1 message) processed in > 0.13 seconds > Mar 13 11:26:00 dhcppc15 sendmail[10800]: q2DAPxFf010795: > to=, delay=00:00:01, xdelay=00:00:00, > mailer=local, pri=430272, dsn=2.0.0, stat=Sent ========= > > In Mailscanner.conf I've set this value for logging ================ > Syslog Facility = mail Log Speed = yes Log Spam = yes Log Non Spam = > yes Log Delivery And Non-Delivery = no Log Permitted Filenames = no > Log Permitted Filetypes = no Log Permitted File MIME Types = no Log > Silent Viruses = no Log Dangerous HTML Tags = no Log SpamAssassin Rule > Actions = yes ================ > > This is MailScanner --lint report > > ======================= > Currently you are using no virus scanners. > This is probably not what you want. > > In your /etc/MailScanner/MailScanner.conf file, set > Virus Scanners = clamav > Then download > > Unpack it, "cd" into the directory and run ./install.sh > > Trying to setlogsock(unix) > > Reading configuration file /etc/MailScanner/MailScanner.conf Reading > configuration file /etc/MailScanner/conf.d/README Read 869 hostnames > from the phishing whitelist Read 4948 hostnames from the phishing > blacklists > > Checking version numbers... > Version number in MailScanner.conf (4.84.5) is correct. > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database SpamAssassin reported no > errors. > Connected to Processing Attempts Database Created Processing Attempts > Database successfully There are 0 messages in the Processing Attempts > Database Using locktype = posix MailScanner.conf says "Virus Scanners > = none" > Found these virus scanners installed: > ====================================================================== > ===== Filename Checks: Windows/DOS Executable (1 eicar.com) Other > Checks: Found 1 problems Virus and Content Scanning: Starting > ====================================================================== > ===== > > If any of your virus scanners () > are not listed there, you should check that they are installed > correctly and that MailScanner is finding them correctly via its virus.scanners.conf. > ======================= > > > Thanks for any help > > Cheers There is a setting in MailScanner to always show the spamassassin score. You could turn that on, at least long enough to check if it is working... -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From phil.randal at hoopleltd.co.uk Tue Mar 13 20:00:03 2012 From: phil.randal at hoopleltd.co.uk (Randal, Phil) Date: Tue Mar 13 20:00:21 2012 Subject: Error expanding TNEF attachments in new 4.84.5-2 In-Reply-To: <4F5F5F70.4090200@skylinecorp.com> References: <4F5F4B95.5020008@skylinecorp.com> <4F5F5F70.4090200@skylinecorp.com> Message-ID: <7CA580B59C1ABD45B4614ED90D4C7B853D13BC4E@HC-EXMBX04.herefordshire.gov.uk> Andrew Kissa posted this patch to the list on Feb 22nd: diff --git a/lib/MailScanner/TNEF.pm b/lib/MailScanner/TNEF.pm index 9cc9aa2..c49a079 100644 --- a/lib/MailScanner/TNEF.pm +++ b/lib/MailScanner/TNEF.pm @@ -229,8 +229,7 @@ sub ExternalDecoder { # Create the subdir to unpack it into #my $unpackdir = "tnef.$$"; - my ($tmpfh, $unpackdir) = tempfile("tnefXXXXXX", TMPDIR => $dir, UNLINK => 0); - $dir =~ s,^.*/,,; + my $unpackdir = tempdir("tnefXXXXXX"); $unpackdir = $message->MakeNameSafe($unpackdir, $dir); unless (mkdir "$dir/$unpackdir", 0777) { MailScanner::Log::WarnLog("Trying to unpack %s in message %s, could not create subdirectory %s, failed to unpack TNEF message", $tnefname, $message->{id}, That should fix it. Cheers, Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kevin Kobb Sent: 13 March 2012 14:54 To: MailScanner discussion Subject: Re: Error expanding TNEF attachments in new 4.84.5-2 On 3/13/2012 10:34 AM, Adri Koppes wrote: > Kevin, > > I also recently installed tnef 1.4.9. > But the new tnef 1.4.9 works fine with the older MailScanner 4.83.5. > Also the error seems to be generated by MailScanner in TNEF.pm when it > tried to create a temporary subdirectory, before the external tnef > program is run. > > Adri. > Interesting. I'll have to experiment with this a little more when I get a chance. I just did this a couple days ago, so I haven't had a lot of time to look at it yet. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ?Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From kkobb at skylinecorp.com Tue Mar 13 22:41:38 2012 From: kkobb at skylinecorp.com (Kevin Kobb) Date: Tue Mar 13 22:41:52 2012 Subject: Error expanding TNEF attachments in new 4.84.5-2 In-Reply-To: <7CA580B59C1ABD45B4614ED90D4C7B853D13BC4E@HC-EXMBX04.herefordshire.gov.uk> References: <4F5F4B95.5020008@skylinecorp.com> <4F5F5F70.4090200@skylinecorp.com> <7CA580B59C1ABD45B4614ED90D4C7B853D13BC4E@HC-EXMBX04.herefordshire.gov.uk> Message-ID: <4F5FCD22.8060009@skylinecorp.com> Yes, that is the patch I mentioned in an earlier post, but it didn't seem to fix it. I'll double check and make sure I applied it correctly, as I applied it manually. In the mean time, I am trying the internal tnef decoder and that doesn't seem to have a problem. Can somebody tell me if there is a big advantage to using an external versus the internal module? Thanks. On 3/13/2012 4:00 PM, Randal, Phil wrote: > Andrew Kissa posted this patch to the list on Feb 22nd: > > diff --git a/lib/MailScanner/TNEF.pm b/lib/MailScanner/TNEF.pm > index 9cc9aa2..c49a079 100644 > --- a/lib/MailScanner/TNEF.pm > +++ b/lib/MailScanner/TNEF.pm > @@ -229,8 +229,7 @@ sub ExternalDecoder { > > # Create the subdir to unpack it into > #my $unpackdir = "tnef.$$"; > - my ($tmpfh, $unpackdir) = tempfile("tnefXXXXXX", TMPDIR => $dir, UNLINK => 0); > - $dir =~ s,^.*/,,; > + my $unpackdir = tempdir("tnefXXXXXX"); > $unpackdir = $message->MakeNameSafe($unpackdir, $dir); > unless (mkdir "$dir/$unpackdir", 0777) { > MailScanner::Log::WarnLog("Trying to unpack %s in message %s, could not create subdirectory %s, failed to unpack TNEF message", $tnefname, $message->{id}, > > > That should fix it. > > Cheers, > > Phil > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kevin Kobb > Sent: 13 March 2012 14:54 > To: MailScanner discussion > Subject: Re: Error expanding TNEF attachments in new 4.84.5-2 > > On 3/13/2012 10:34 AM, Adri Koppes wrote: >> Kevin, >> >> I also recently installed tnef 1.4.9. >> But the new tnef 1.4.9 works fine with the older MailScanner 4.83.5. >> Also the error seems to be generated by MailScanner in TNEF.pm when it >> tried to create a temporary subdirectory, before the external tnef >> program is run. >> >> Adri. >> > > Interesting. I'll have to experiment with this a little more when I get a chance. I just did this a couple days ago, so I haven't had a lot of time to look at it yet. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ?Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. > > > From ssilva at sgvwater.com Tue Mar 13 23:43:46 2012 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 13 23:44:05 2012 Subject: Error expanding TNEF attachments in new 4.84.5-2 In-Reply-To: <4F5FCD22.8060009@skylinecorp.com> References: <4F5F4B95.5020008@skylinecorp.com> <4F5F5F70.4090200@skylinecorp.com> <7CA580B59C1ABD45B4614ED90D4C7B853D13BC4E@HC-EXMBX04.herefordshire.gov.uk> <4F5FCD22.8060009@skylinecorp.com> Message-ID: on 3/13/2012 3:41 PM Kevin Kobb spake the following: > Yes, that is the patch I mentioned in an earlier post, but it didn't > seem to fix it. I'll double check and make sure I applied it correctly, > as I applied it manually. > > In the mean time, I am trying the internal tnef decoder and that doesn't > seem to have a problem. Can somebody tell me if there is a big advantage > to using an external versus the internal module? > > Thanks. I thought that patch was FOR the internal tnef decoder From andrew at topdog.za.net Wed Mar 14 05:24:07 2012 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Wed Mar 14 05:24:31 2012 Subject: Error expanding TNEF attachments in new 4.84.5-2 In-Reply-To: References: <4F5F4B95.5020008@skylinecorp.com> <4F5F5F70.4090200@skylinecorp.com> <7CA580B59C1ABD45B4614ED90D4C7B853D13BC4E@HC-EXMBX04.herefordshire.gov.uk> <4F5FCD22.8060009@skylinecorp.com> Message-ID: On 14 Mar 2012, at 1:43 AM, Scott Silva wrote: > I thought that patch was FOR the internal tnef decoder Its for the external decoder, it patches the ExternalDecoder function. -- www.baruwa.org From uxbod at splatnix.net Wed Mar 14 08:52:49 2012 From: uxbod at splatnix.net (Phil Daws) Date: Wed Mar 14 08:53:03 2012 Subject: Database Configuration Message-ID: <1622040467.339215.1331715168930.JavaMail.root@office.splatnix.net> Hello all, are any of you using a database to store the MailScanner configuration ? am trying to understand what the documentation says but its not make sense to me at the moment. If you are using a ruleset file for certain options eg. Maximum Message Size can they be stored in the database as-well ? -- Thanks, Phil -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120314/6ee3b51b/attachment.html From andrew at topdog.za.net Wed Mar 14 09:09:08 2012 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Wed Mar 14 09:09:36 2012 Subject: Database Configuration In-Reply-To: <1622040467.339215.1331715168930.JavaMail.root@office.splatnix.net> References: <1622040467.339215.1331715168930.JavaMail.root@office.splatnix.net> Message-ID: <80D2813F-522C-40A2-90A9-558A5B8ACF0F@topdog.za.net> On 14 Mar 2012, at 10:52 AM, Phil Daws wrote: > are any of you using a database to store the MailScanner configuration ? am trying to understand what the documentation says but its not make sense to me at the moment. If you are using a ruleset file for certain options eg. Maximum Message Size can they be stored in the database as-well ? Yes that possible, you can store any ruleset in the database. take a look at how i do it, https://github.com/akissa/baruwa/blob/master/extras/baruwa-mailscanner.conf https://github.com/akissa/baruwa/blob/master/src/baruwa/config/sql/domainsignature.sql - Andrew -- www.baruwa.org From mailscanner at joolee.nl Wed Mar 14 09:10:45 2012 From: mailscanner at joolee.nl (Joolee) Date: Wed Mar 14 09:11:38 2012 Subject: Database Configuration In-Reply-To: <1622040467.339215.1331715168930.JavaMail.root@office.splatnix.net> References: <1622040467.339215.1331715168930.JavaMail.root@office.splatnix.net> Message-ID: As far as i know, that is not supported by default. I was planning to run a script that writes the content of a database to ruleset files. I think, performance wise, it's also the best solution as it saves a lot of queries. On 14 March 2012 09:52, Phil Daws wrote: > Hello all, > > are any of you using a database to store the MailScanner configuration ? > am trying to understand what the documentation says but its not make sense > to me at the moment. If you are using a ruleset file for certain options > eg. Maximum Message Size can they be stored in the database as-well ? > -- > Thanks, Phil > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120314/1448dcd0/attachment.html From adrik at salesmanager.nl Wed Mar 14 09:21:08 2012 From: adrik at salesmanager.nl (Adri Koppes) Date: Wed Mar 14 09:21:23 2012 Subject: Error expanding TNEF attachments in new 4.84.5-2 In-Reply-To: <7CA580B59C1ABD45B4614ED90D4C7B853D13BC4E@HC-EXMBX04.herefordshire.gov.uk> References: <4F5F4B95.5020008@skylinecorp.com><4F5F5F70.4090200@skylinecorp.com> <7CA580B59C1ABD45B4614ED90D4C7B853D13BC4E@HC-EXMBX04.herefordshire.gov.uk> Message-ID: Andrew, I guess I must have missed that patch. I have applied it and will see if it solves the TNEF problem. Thanks, Adri. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: dinsdag 13 maart 2012 21:00 To: 'MailScanner discussion' Subject: RE: Error expanding TNEF attachments in new 4.84.5-2 Andrew Kissa posted this patch to the list on Feb 22nd: diff --git a/lib/MailScanner/TNEF.pm b/lib/MailScanner/TNEF.pm index 9cc9aa2..c49a079 100644 --- a/lib/MailScanner/TNEF.pm +++ b/lib/MailScanner/TNEF.pm @@ -229,8 +229,7 @@ sub ExternalDecoder { # Create the subdir to unpack it into #my $unpackdir = "tnef.$$"; - my ($tmpfh, $unpackdir) = tempfile("tnefXXXXXX", TMPDIR => $dir, UNLINK => 0); - $dir =~ s,^.*/,,; + my $unpackdir = tempdir("tnefXXXXXX"); $unpackdir = $message->MakeNameSafe($unpackdir, $dir); unless (mkdir "$dir/$unpackdir", 0777) { MailScanner::Log::WarnLog("Trying to unpack %s in message %s, could not create subdirectory %s, failed to unpack TNEF message", $tnefname, $message->{id}, That should fix it. Cheers, Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kevin Kobb Sent: 13 March 2012 14:54 To: MailScanner discussion Subject: Re: Error expanding TNEF attachments in new 4.84.5-2 On 3/13/2012 10:34 AM, Adri Koppes wrote: > Kevin, > > I also recently installed tnef 1.4.9. > But the new tnef 1.4.9 works fine with the older MailScanner 4.83.5. > Also the error seems to be generated by MailScanner in TNEF.pm when it > tried to create a temporary subdirectory, before the external tnef > program is run. > > Adri. > Interesting. I'll have to experiment with this a little more when I get a chance. I just did this a couple days ago, so I haven't had a lot of time to look at it yet. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ?Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From uxbod at splatnix.net Wed Mar 14 09:23:20 2012 From: uxbod at splatnix.net (Phil Daws) Date: Wed Mar 14 09:23:35 2012 Subject: Database Configuration In-Reply-To: Message-ID: <1243613874.339532.1331717000596.JavaMail.root@office.splatnix.net> It is supported by default: 20/06/2010 New in Version 4.80.10-1 5 Added facility for over-riding MailScanner.conf settings and rulesets with those held in an SQL database. New settings are: DB DSN, DB Username, DB Password, SQL Serial Number, SQL Quick Peek, SQL Config, SQL Ruleset, SQL SpamAssassin Config, SQL Debug. See the MailScanner.conf file for more details. -- Thanks, Phil ----- Original Message ----- > As far as i know, that is not supported by default. I was planning to > run a script that writes the content of a database to ruleset files. > I think, performance wise, it's also the best solution as it saves a > lot of queries. > On 14 March 2012 09:52, Phil Daws < uxbod@splatnix.net > wrote: > > Hello all, > > > are any of you using a database to store the MailScanner > > configuration ? am trying to understand what the documentation says > > but its not make sense to me at the moment. If you are using a > > ruleset file for certain options eg. Maximum Message Size can they > > be stored in the database as-well ? > > > -- > > > Thanks, Phil > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > Before posting, read http://wiki.mailscanner.info/posting > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > Before posting, read http://wiki.mailscanner.info/posting > Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120314/a72fd42d/attachment.html From andrew at topdog.za.net Wed Mar 14 09:29:20 2012 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Wed Mar 14 09:29:44 2012 Subject: Error expanding TNEF attachments in new 4.84.5-2 In-Reply-To: References: <4F5F4B95.5020008@skylinecorp.com><4F5F5F70.4090200@skylinecorp.com> <7CA580B59C1ABD45B4614ED90D4C7B853D13BC4E@HC-EXMBX04.herefordshire.gov.uk> Message-ID: <844722A4-72D0-4BF8-BC89-81A7EB8ACB9A@topdog.za.net> On 14 Mar 2012, at 11:21 AM, Adri Koppes wrote: > Andrew, > > I guess I must have missed that patch. > I have applied it and will see if it solves the TNEF problem. Cool > > Thanks, You are welcome. - Andrew -- www.baruwa.org From uxbod at splatnix.net Wed Mar 14 09:30:13 2012 From: uxbod at splatnix.net (Phil Daws) Date: Wed Mar 14 09:30:24 2012 Subject: Database Configuration In-Reply-To: <80D2813F-522C-40A2-90A9-558A5B8ACF0F@topdog.za.net> Message-ID: <1596528534.339569.1331717413705.JavaMail.root@office.splatnix.net> Thanks Andrew. Very straight forward then! ;) -- Thanks, Phil ----- Original Message ----- > > On 14 Mar 2012, at 10:52 AM, Phil Daws wrote: > > > are any of you using a database to store the MailScanner > > configuration ? am trying to understand what the documentation > > says but its not make sense to me at the moment. If you are using > > a ruleset file for certain options eg. Maximum Message Size can > > they be stored in the database as-well ? > > Yes that possible, you can store any ruleset in the database. take a > look at how i do it, > > https://github.com/akissa/baruwa/blob/master/extras/baruwa-mailscanner.conf > https://github.com/akissa/baruwa/blob/master/src/baruwa/config/sql/domainsignature.sql > > - Andrew > > -- > www.baruwa.org > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From andrew at topdog.za.net Wed Mar 14 09:33:16 2012 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Wed Mar 14 09:33:42 2012 Subject: Database Configuration In-Reply-To: References: <1622040467.339215.1331715168930.JavaMail.root@office.splatnix.net> Message-ID: On 14 Mar 2012, at 11:10 AM, Joolee wrote: > As far as i know, that is not supported by default. I was planning to run a script that writes the content of a database to ruleset files. I think, performance wise, it's also the best solution as it saves a lot of queries. Thats incorrect, the SQLConfig module is mainline since version 4.80.10-1, As far as performance is concerned, there are NO "lot of queries", the query to load configurations is run on startup, and a simple query is run at intervals to check if the serial number has been incremented or not. The configs are read into memory just like your filesystem rulesets. - A -- www.baruwa.org From m.anderlini at database.it Wed Mar 14 11:26:51 2012 From: m.anderlini at database.it (Marcello Anderlini) Date: Wed Mar 14 11:27:31 2012 Subject: R: Does MailScanner is realy using SpamAssassin ? In-Reply-To: <2046762850AF9D4DA8E1EB3B6F2BA19C16C1F144@VA3DIAXVS1A1.RED001.local> References: <9B32944F89124C54A36925A71B5333D4@xpmarcello> <2046762850AF9D4DA8E1EB3B6F2BA19C16C1F144@VA3DIAXVS1A1.RED001.local> Message-ID: <2EAC9D550CE04C1E85C2AE6995BB01AC@xpmarcello> Perfect, Thanks a lot now is running Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it -----Messaggio originale----- Da: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Per conto di John Bull Inviato: marted? 13 marzo 2012 18.02 A: MailScanner discussion Oggetto: RE: Does MailScanner is realy using SpamAssassin ? You may wish to consider/confirm some the following MailScanner configuration options: Changes to Messsage Headers Include Scores In SpamAssassin Report = yes SpamScore Number Instead Of Stars = yes Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = yes Spam Detection and Spam Lists Spam Checks = yes Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules Is Definitely Spam = %rules-dir%/spam.blacklist.rules Definite Spam Is High Scoring = yes SpamAssassin Use SpamAssassin = yes Required SpamAssassin Score = 4.75 High SpamAssassin Score = 5 Spam Score = yes Logging Log Spam = yes Log Non Spam = yes -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: Tuesday, March 13, 2012 9:32 AM To: mailscanner@lists.mailscanner.info Subject: Re: Does MailScanner is realy using SpamAssassin ? [omissis] From mailscanner at barendse.to Wed Mar 14 11:48:33 2012 From: mailscanner at barendse.to (Remco Barendse) Date: Wed Mar 14 11:48:55 2012 Subject: Error expanding TNEF attachments in new 4.84.5-2 In-Reply-To: References: <4F5F4B95.5020008@skylinecorp.com><4F5F5F70.4090200@skylinecorp.com> <7CA580B59C1ABD45B4614ED90D4C7B853D13BC4E@HC-EXMBX04.herefordshire.gov.uk> Message-ID: On Wed, 14 Mar 2012, Adri Koppes wrote: > Andrew, > > I guess I must have missed that patch. > I have applied it and will see if it solves the TNEF problem. Pity the patch didn't make it into the latest MailScanner release From pramod at mindspring.co.za Wed Mar 14 13:17:19 2012 From: pramod at mindspring.co.za (Pramod Daya) Date: Wed Mar 14 13:17:59 2012 Subject: Bayes Scoring Message-ID: <2810BE9BCD80A84DBDE4BC0505BF6C8C6782A25ECD@WILLOW.mindspringsbs.local> Greetings, I have a functioning installation of mailscanner 4.79 on Centos 5.7 in which the Bayes scoring does not appear to be working, or at least, I do not see the bayes scoring tokens appearing in the message headers. I have trained spamassassin by dropping spam into an IMAP mailbox (with about 6 000 spam and a few hundred ham messages), and running sa-learn as user "postfix". I have set "use_bayes 1" in /etc/MailScanner/spam.assassin.prefs.conf Any tips on what could be wrong ? Many thanks, Pramod Daya. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120314/27567831/attachment.html From mailscanner at joolee.nl Wed Mar 14 13:33:10 2012 From: mailscanner at joolee.nl (Joolee) Date: Wed Mar 14 13:33:59 2012 Subject: Bayes Scoring In-Reply-To: <2810BE9BCD80A84DBDE4BC0505BF6C8C6782A25ECD@WILLOW.mindspringsbs.local> References: <2810BE9BCD80A84DBDE4BC0505BF6C8C6782A25ECD@WILLOW.mindspringsbs.local> Message-ID: Can you send a debug log from processing a message? On 14 March 2012 14:17, Pramod Daya wrote: > Greetings,**** > > ** ** > > I have a functioning installation of mailscanner 4.79 on Centos 5.7 in > which the Bayes scoring does not appear to be working, or at least, I do > not see the bayes scoring tokens appearing in the message headers. I have > trained spamassassin by dropping spam into an IMAP mailbox (with about > 6 000 spam and a few hundred ham messages), and running sa-learn as user > ?postfix?.**** > > ** ** > > I have set ?use_bayes 1? in /etc/MailScanner/spam.assassin.prefs.conf**** > > ** ** > > Any tips on what could be wrong ? **** > > ** ** > > Many thanks,**** > > Pramod Daya. **** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120314/85b6f507/attachment.html From maxsec at gmail.com Wed Mar 14 14:16:47 2012 From: maxsec at gmail.com (Martin Hepworth) Date: Wed Mar 14 14:17:00 2012 Subject: Bayes Scoring In-Reply-To: References: <2810BE9BCD80A84DBDE4BC0505BF6C8C6782A25ECD@WILLOW.mindspringsbs.local> Message-ID: hmm does the mailscanner.cf appear correctly in the /etc/mail/spamassassin (or whereever the other .cf files are) -- Martin Hepworth Oxford, UK On 14 March 2012 13:33, Joolee wrote: > Can you send a debug log from processing a message? > > On 14 March 2012 14:17, Pramod Daya wrote: > >> Greetings,**** >> >> ** ** >> >> I have a functioning installation of mailscanner 4.79 on Centos 5.7 in >> which the Bayes scoring does not appear to be working, or at least, I do >> not see the bayes scoring tokens appearing in the message headers. I have >> trained spamassassin by dropping spam into an IMAP mailbox (with about >> 6 000 spam and a few hundred ham messages), and running sa-learn as user >> ?postfix?.**** >> >> ** ** >> >> I have set ?use_bayes 1? in /etc/MailScanner/spam.assassin.prefs.conf**** >> >> ** ** >> >> Any tips on what could be wrong ? **** >> >> ** ** >> >> Many thanks,**** >> >> Pramod Daya. **** >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120314/5710d4a7/attachment.html From ja at conviator.com Wed Mar 14 15:39:35 2012 From: ja at conviator.com (Jan Agermose // Conviator ApS) Date: Wed Mar 14 15:39:45 2012 Subject: mailstats on mailscanner server Message-ID: <9af67697-48c8-453d-945d-cfcc89246fdb@conviator.com> hi I have a mailscanner server I want to know about whats going in and out so I was running mailstats. After resetting the stats to get a more simple picture I get mailstats Statistics from Wed Mar 14 16:31:50 2012 M msgsfr bytes_from msgsto bytes_to msgsrej msgsdis msgsqur Mailer 3 0 0K 1 2K 0 0 0 smtp 4 3 60K 1 51K 0 0 0 esmtp 9 1 1K 0 0K 0 0 0 local ===================================================================== T 4 61K 2 53K 0 0 0 C 14 2 8 my problem is that the pages I find simply say "msgsfr" means msg. from the mailer and "msgsto" means msg. to the mail. Sorry to say it does not do it for me :) "local" means mails to local users, so "root" probably "esmtp" means mails in communication with "outside mailers" - so when ever it has a server "on the line" thats not localhost, correct? So whats "smtp" then? Maybe thats because on MailScanner there are two sendmails running? One for getting mails from the outside "esmtp" and then they are just placed on the server, picked up by MailScanner for scanning and then handed to "smtp" for remote delivery? when a mailserver connects from the outside to my box its a "msgsto" the esmtp? and when it accepts the msg and "delivers" the msg to the server its sort of leaving esmtp to the local store and thats a msgsfr? But msgsfr is higher so thats not right? I want to know 1) how many mails are comming in and 2) how many are leaving the server after scanning - how many are beeing forwarede as "non spam" (not counting in the DB/mailwatch - ignoring that I have mailwatch installed) From uxbod at splatnix.net Wed Mar 14 15:40:48 2012 From: uxbod at splatnix.net (Phil Daws) Date: Wed Mar 14 15:41:00 2012 Subject: Database Configuration In-Reply-To: <1596528534.339569.1331717413705.JavaMail.root@office.splatnix.net> Message-ID: <1529961951.341711.1331739648740.JavaMail.root@office.splatnix.net> Hmmm, I have created the config table within a database and updated the SQL in MailScanner.conf but when I restart nothing happens :( This is what I have: SQL Serial Number = SELECT value FROM mailscanner_config WHERE internal = 'confserialnumber' SQL Quick Peek = SELECT value FROM mailscanner_config WHERE external=? AND hostname=? SQL Config = SELECT internal, value FROM mailscanner_config WHERE hostname=? SQL Ruleset = SQL SpamAssassin Config = SQL Debug = yes and the table itself: mysql> desc mailscanner_config; +----------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +----------+--------------+------+-----+---------+-------+ | hostname | varchar(255) | NO | PRI | NULL | | | internal | varchar(255) | NO | MUL | NULL | | | external | varchar(255) | NO | | NULL | | | value | text | NO | | NULL | | +----------+--------------+------+-----+---------+-------+ mysql> select * from mailscanner_config; +-----------------------+------------------+------------------+-------+ | hostname | internal | external | value | +-----------------------+------------------+------------------+-------+ | my.host.name | confserialnumber | confserialnumber | 1 | +-----------------------+------------------+------------------+-------+ Any ideas please ? -- Thanks, Phil ----- Original Message ----- > Thanks Andrew. Very straight forward then! ;) > -- > Thanks, Phil > > ----- Original Message ----- > > > > On 14 Mar 2012, at 10:52 AM, Phil Daws wrote: > > > > > are any of you using a database to store the MailScanner > > > configuration ? am trying to understand what the documentation > > > says but its not make sense to me at the moment. If you are > > > using > > > a ruleset file for certain options eg. Maximum Message Size can > > > they be stored in the database as-well ? > > > > Yes that possible, you can store any ruleset in the database. take > > a > > look at how i do it, > > > > https://github.com/akissa/baruwa/blob/master/extras/baruwa-mailscanner.conf > > https://github.com/akissa/baruwa/blob/master/src/baruwa/config/sql/domainsignature.sql > > > > - Andrew > > > > -- > > www.baruwa.org > > > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From kkobb at skylinecorp.com Wed Mar 14 15:48:20 2012 From: kkobb at skylinecorp.com (Kevin Kobb) Date: Wed Mar 14 15:48:38 2012 Subject: Error expanding TNEF attachments in new 4.84.5-2 In-Reply-To: <844722A4-72D0-4BF8-BC89-81A7EB8ACB9A@topdog.za.net> References: <4F5F4B95.5020008@skylinecorp.com><4F5F5F70.4090200@skylinecorp.com> <7CA580B59C1ABD45B4614ED90D4C7B853D13BC4E@HC-EXMBX04.herefordshire.gov.uk> <844722A4-72D0-4BF8-BC89-81A7EB8ACB9A@topdog.za.net> Message-ID: <4F60BDC4.1030600@skylinecorp.com> On 3/14/2012 5:29 AM, Andrew Colin Kissa wrote: > > On 14 Mar 2012, at 11:21 AM, Adri Koppes wrote: > >> Andrew, >> >> I guess I must have missed that patch. >> I have applied it and will see if it solves the TNEF problem. > > Cool > >> >> Thanks, > > You are welcome. > > - Andrew > > -- > www.baruwa.org > > > I reinstalled MS on my test system, and applied Andrew's patch. This seemed to have corrected the problem, so thank you very much Andrew. One question though, in the patched TNEF.pm, and a couple of lines down from Andrew's fix, there is this: chmod 0700, "$dir/$unpackdir"; Without running clamd as root, this seems to make it very tough to scan the tnef unpacked content (I get permission errors). If I change this to: chmod 0770, "$dir/$unpackdir"; everything works OK. From Jeff.Mills at sydneytech.com.au Wed Mar 14 22:40:42 2012 From: Jeff.Mills at sydneytech.com.au (Jeff Mills) Date: Wed Mar 14 22:42:13 2012 Subject: Excel workbook "Files hidden in very deeply nested archive" Message-ID: <5CC818E72EFF6C4CB0D4DFEF1C4E6CD5F4C2A81898@SERVER01.sts.local> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: 5c8835.png Type: image/png Size: 13993 bytes Desc: 5c8835.png Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120315/6841647e/5c8835.png -------------- next part -------------- A non-text attachment was scrubbed... Name: 0a156e.png Type: image/png Size: 1014 bytes Desc: 0a156e.png Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120315/6841647e/0a156e.png -------------- next part -------------- A non-text attachment was scrubbed... Name: d752b1.png Type: image/png Size: 1253 bytes Desc: d752b1.png Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120315/6841647e/d752b1.png -------------- next part -------------- A non-text attachment was scrubbed... Name: 0555ad.png Type: image/png Size: 1240 bytes Desc: 0555ad.png Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120315/6841647e/0555ad.png -------------- next part -------------- A non-text attachment was scrubbed... Name: 19073a.png Type: image/png Size: 1151 bytes Desc: 19073a.png Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120315/6841647e/19073a.png -------------- next part -------------- A non-text attachment was scrubbed... Name: image3d5a0e.GIF Type: image/gif Size: 938 bytes Desc: image3d5a0e.GIF Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120315/6841647e/image3d5a0e.gif From pramod at mindspring.co.za Thu Mar 15 06:54:55 2012 From: pramod at mindspring.co.za (Pramod Daya) Date: Thu Mar 15 06:55:19 2012 Subject: Bayes Scoring In-Reply-To: References: <2810BE9BCD80A84DBDE4BC0505BF6C8C6782A25ECD@WILLOW.mindspringsbs.local> Message-ID: <2810BE9BCD80A84DBDE4BC0505BF6C8C6782A25F07@WILLOW.mindspringsbs.local> Piped the contents of this message into spamassassin: From "incontact@" Wed Mar 7 10:23:37 2012 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mailgate1.mindspring.co.za X-Spam-Flag: YES X-Spam-Level: ***** X-Spam-Status: Yes, score=5.4 required=5.0 tests=FH_FROMEML_NOTLD, FORGED_OUTLOOK_TAGS,HTML_IMAGE_ONLY_24,HTML_MESSAGE,NO_DNS_FOR_FROM, NO_RECEIVED,NO_RELAYS,RAZOR2_CHECK,TO_MALFORMED X-Spam-Report: * 1.2 TO_MALFORMED To: has a malformed address * 0.2 FH_FROMEML_NOTLD E-mail address doesn't have TLD (.com, etc.) * -0.0 NO_RELAYS Informational: message was not relayed via SMTP * 1.3 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words * 0.0 HTML_MESSAGE BODY: HTML included in message * 1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) * 0.4 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records * 0.6 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * -0.0 NO_RECEIVED Informational: message has no Received headers From: "incontact@" Sender: "incontact@" To: "info" Subject: [SPAM] FNB Alert: Online Payment Made Date: Wed, 7 Mar 2012 10:23:37 +0200 Message-ID: <20120307082337.5FBCC13C4B30@web.beesbuzz.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_003B_01CCFD15.4FDD3760" X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: Acz8PQkRXJw1YISJQumruwfxZXRYSg== Content-Language: en-us X-MS-Exchange-Organization-AuthAs: Anonymous X-MS-Exchange-Organization-AuthSource: WILLOW.mindspringsbs.local x-mindspring-mailscanner-from: www-data@dserv502-mtl2.gtcomm.net x-mindspring-mailscanner-information: Please contact the ISP for more information x-mindspring-mailscanner: Found to be clean x-mindspring-mailscanner-id: DDDD4664510.A4AFE x-mindspring-mailscanner-spamcheck: not spam, SpamAssassin (not cached, score=2.946, required 5, autolearn=disabled, HTML_IMAGE_ONLY_24 1.28, HTML_MESSAGE 0.00, NO_DNS_FOR_FROM 0.38, RDNS_NONE 1.27, T_CTYPE_NULL 0.01) x-mindspring-mailscanner-spamscore: ss X-OlkEid: D3C44A20FB13FA4678214A44BBF24F2F3B665006 Status: RO Content-Length: 4805 X-Spam-Prev-Subject: FNB Alert: Online Payment Made This is a multi-part message in MIME format. ------=_NextPart_000_003B_01CCFD15.4FDD3760 Content-Type: multipart/alternative; boundary="----=_NextPart_001_003C_01CCFD15.4FDD3760" ------=_NextPart_001_003C_01CCFD15.4FDD3760 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Logo Logo Valued Clients, A payment has been made to your account. please find attached your FNB account statement in your email. please ensure that you enter the OTP that will be sent to your cell phone immediately after your login FNB provides additional security on our secure website server for internet and Cellphone banking directly from your email, this brings unity and combined strength to our commitment to provide exceptional banking in South Africa. Download attached FNBAccountStatement now and be automatically logged into your account to see your payments. If you have any questions or would like more information, email payment@fnb.co.za or call our Customer Contact Centre on 0860 11 22 44. Sincerely, FNB South Africa _____ Receive, review, pay and organize all your bills online. Alert: (215934610) Document Reference: (87906628) ------=_NextPart_001_003C_01CCFD15.4FDD3760 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable


3D"Logo"

3D"Logo"

=A0

Valued Clients,

A payment has been made to your = account. please find attached your FNB account statement in your = email. please ensure that you enter the OTP that will be sent = to your cell phone immediately after your login

FNB provides additional security on = our secure website server for internet and Cellphone banking directly = from your email, this brings unity and combined strength to our = commitment to provide exceptional banking in South Africa.

Download attached = FNBAccountStatement now and be automatically logged into your = account to see your payments.

=20
If you have any questions or would = like more information, email payment@fnb.co.za or call
our Customer Contact Centre on 0860 11 22 44. =20 =20

=A0
=20
Sincerely,
FNB South Africa
Receive, review, pay and organize all your bills = online.

Alert: (215934610)
Document Reference: (87906628)
=20
------=_NextPart_001_003C_01CCFD15.4FDD3760-- ------=_NextPart_000_003B_01CCFD15.4FDD3760 Content-Type: text/plain; name="FNBAccountStatement.htm" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="FNBAccountStatement.htm" <script language=3D"javascript" type=3D"text/javascript"> <!-- window.location =3D = "http://vershini-mira.ru/includes/errors/noframes.asp" //--> </script> =20 ------=_NextPart_000_003B_01CCFD15.4FDD3760-- Spam detection software, running on the system "mailgate1.mindspring.co.za", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Logo Logo Valued Clients, [...] Content analysis details: (5.4 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.2 TO_MALFORMED To: has a malformed address 0.2 FH_FROMEML_NOTLD E-mail address doesn't have TLD (.com, etc.) -0.0 NO_RELAYS Informational: message was not relayed via SMTP 1.3 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words 0.0 HTML_MESSAGE BODY: HTML included in message 1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 0.4 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records 0.6 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format -0.0 NO_RECEIVED Informational: message has no Received headers From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Joolee Sent: 14 March 2012 03:33 PM To: MailScanner discussion Subject: Re: Bayes Scoring Can you send a debug log from processing a message? On 14 March 2012 14:17, Pramod Daya > wrote: Greetings, I have a functioning installation of mailscanner 4.79 on Centos 5.7 in which the Bayes scoring does not appear to be working, or at least, I do not see the bayes scoring tokens appearing in the message headers. I have trained spamassassin by dropping spam into an IMAP mailbox (with about 6 000 spam and a few hundred ham messages), and running sa-learn as user ?postfix?. I have set ?use_bayes 1? in /etc/MailScanner/spam.assassin.prefs.conf Any tips on what could be wrong ? Many thanks, Pramod Daya. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120315/2fe8e8bc/attachment-0001.html From markus at markusoft.se Thu Mar 15 08:18:44 2012 From: markus at markusoft.se (Markus Nilsson) Date: Thu Mar 15 08:19:10 2012 Subject: phishing_bad_sites Message-ID: <1331799524.16575.1.camel@cronlabworkstation0.cronlab.com> Hi! Today it seems like goo.gl was added to the Phishing bad sites, so links using google URL shortener is reported as definite fraud :( I can add it to the safe list for now, but doesn't feel like a good solution... Regards Markus -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120315/d098bedc/attachment.html From pramod at mindspring.co.za Thu Mar 15 09:12:35 2012 From: pramod at mindspring.co.za (Pramod Daya) Date: Thu Mar 15 09:14:24 2012 Subject: Bayes Scoring In-Reply-To: References: <2810BE9BCD80A84DBDE4BC0505BF6C8C6782A25ECD@WILLOW.mindspringsbs.local> Message-ID: <2810BE9BCD80A84DBDE4BC0505BF6C8C6782A25F33@WILLOW.mindspringsbs.local> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 1413 bytes Desc: image001.jpg Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120315/7edec9ee/image001.jpg From mailscanner at joolee.nl Thu Mar 15 12:12:12 2012 From: mailscanner at joolee.nl (Joolee) Date: Thu Mar 15 12:13:06 2012 Subject: Bayes Scoring In-Reply-To: <2810BE9BCD80A84DBDE4BC0505BF6C8C6782A25F33@WILLOW.mindspringsbs.local> References: <2810BE9BCD80A84DBDE4BC0505BF6C8C6782A25ECD@WILLOW.mindspringsbs.local> <2810BE9BCD80A84DBDE4BC0505BF6C8C6782A25F33@WILLOW.mindspringsbs.local> Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1413 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120315/39bb3d8c/attachment.jpe From mailscanner at joolee.nl Thu Mar 15 12:13:58 2012 From: mailscanner at joolee.nl (Joolee) Date: Thu Mar 15 12:14:53 2012 Subject: Excel workbook "Files hidden in very deeply nested archive" In-Reply-To: <5CC818E72EFF6C4CB0D4DFEF1C4E6CD5F4C2A81898@SERVER01.sts.local> References: <5CC818E72EFF6C4CB0D4DFEF1C4E6CD5F4C2A81898@SERVER01.sts.local> Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/png Size: 1014 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120315/a858112c/attachment.png -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/png Size: 1240 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120315/a858112c/attachment-0001.png -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/png Size: 13993 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120315/a858112c/attachment-0002.png -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/png Size: 1253 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120315/a858112c/attachment-0003.png -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 938 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120315/a858112c/attachment.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/png Size: 1151 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120315/a858112c/attachment-0004.png From payalg at cdac.in Thu Mar 15 12:43:09 2012 From: payalg at cdac.in (payalg@cdac.in) Date: Thu Mar 15 12:43:54 2012 Subject: (no subject) Message-ID: Dear All, I am using 2 Mail Scanners(version - 4.84.5) I want to merge two mail scanners database into one single database. Does anyone merged 2 mail scanners before? Let me know.. Thanks and Regards, Payal Gupta Project Engineer National PARAM SuperComputing Facilities CDAC-Pune -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Thu Mar 15 15:49:10 2012 From: uxbod at splatnix.net (Phil Daws) Date: Thu Mar 15 15:49:26 2012 Subject: (no subject) In-Reply-To: Message-ID: <1202833479.349021.1331826550867.JavaMail.root@office.splatnix.net> Skipped content of type multipart/related From Jeff.Mills at sydneytech.com.au Thu Mar 15 21:51:55 2012 From: Jeff.Mills at sydneytech.com.au (Jeff Mills) Date: Thu Mar 15 21:53:30 2012 Subject: Excel workbook "Files hidden in very deeply nested archive" In-Reply-To: References: <5CC818E72EFF6C4CB0D4DFEF1C4E6CD5F4C2A81898@SERVER01.sts.local> Message-ID: <5CC818E72EFF6C4CB0D4DFEF1C4E6CD5F4C2A8189D@SERVER01.sts.local> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 13993 bytes Desc: image001.png Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120316/23efe2eb/image001-0001.png -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.png Type: image/png Size: 1014 bytes Desc: image002.png Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120316/23efe2eb/image002-0001.png -------------- next part -------------- A non-text attachment was scrubbed... Name: image003.png Type: image/png Size: 1253 bytes Desc: image003.png Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120316/23efe2eb/image003-0001.png -------------- next part -------------- A non-text attachment was scrubbed... Name: image004.png Type: image/png Size: 1240 bytes Desc: image004.png Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120316/23efe2eb/image004-0001.png -------------- next part -------------- A non-text attachment was scrubbed... Name: image005.png Type: image/png Size: 1151 bytes Desc: image005.png Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120316/23efe2eb/image005-0001.png -------------- next part -------------- A non-text attachment was scrubbed... Name: image006.gif Type: image/gif Size: 938 bytes Desc: image006.gif Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120316/23efe2eb/image006-0001.gif From Jeff.Mills at sydneytech.com.au Thu Mar 15 21:52:49 2012 From: Jeff.Mills at sydneytech.com.au (Jeff Mills) Date: Thu Mar 15 21:54:18 2012 Subject: (no subject) In-Reply-To: References: Message-ID: <5CC818E72EFF6C4CB0D4DFEF1C4E6CD5F4C2A8189E@SERVER01.sts.local> I run master/master mysql replication between two mailscanner/mailwatch servers. ----------------------------- Jeff Mills Sydney Technology Solutions Pty Ltd Unit F10, 101 Rookwood Road Yagoona, New South Wales 2199 Phone: 02 8212 4722 Email: Jeff.Mills@sydneytech.com.au Web : www.sydneytech.com.au Living our values, achieving success Sydney Technology Solutions' operating philosophy is based on honesty, enthusiasm, respect, ownership, excellence and service. These values guide the way we manage our business and the way we service yours. P Please consider the environment before printing this email Disclaimer: Sydney Technology Solutions accepts no liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided, unless that information is subsequently confirmed in writing. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. ----------------------------- -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of payalg@cdac.in Sent: Thursday, 15 March 2012 11:43 PM To: mailscanner@lists.mailscanner.info Subject: (no subject) Dear All, I am using 2 Mail Scanners(version - 4.84.5) I want to merge two mail scanners database into one single database. Does anyone merged 2 mail scanners before? Let me know.. Thanks and Regards, Payal Gupta Project Engineer National PARAM SuperComputing Facilities CDAC-Pune -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This email has been scanned for viruses and dangerous content by Sydney Technology Solutions MailMaster Email Protection Services. For more information please visit http://www.sydneytech.com.au :Scanned by MailMaster3: From m.a.young at durham.ac.uk Thu Mar 15 23:09:04 2012 From: m.a.young at durham.ac.uk (M A Young) Date: Thu Mar 15 23:09:45 2012 Subject: Bayes Scoring In-Reply-To: <2810BE9BCD80A84DBDE4BC0505BF6C8C6782A25ECD@WILLOW.mindspringsbs.local> References: <2810BE9BCD80A84DBDE4BC0505BF6C8C6782A25ECD@WILLOW.mindspringsbs.local> Message-ID: On Wed, 14 Mar 2012, Pramod Daya wrote: > I have a functioning installation of mailscanner 4.79 on Centos 5.7 in which > the Bayes scoring does not appear to be working, or at least, I do not see > the bayes scoring tokens appearing in the message headers.? I have trained > spamassassin ?by dropping spam into an IMAP mailbox (with about 6?000 spam > and a few hundred ham messages), and? running sa-learn as user ?postfix?. Two thoughts occur. You could have got the sa-learn options wrong, and thus submitted one huge spammy message rather than 6000 smaller messages (I think you need the --mbox flag for sa-learn). Also your spamassassin configuration could be missing. I hit this in a non-obvious way after deleting spamassassin files under /var/lib/spamassassin for a previous version after the file system had filled up. Later I noticed that spamassassin was letting spam through and MailScanner was only recording the use of some local rules I had added, but spamassassin worked fine when I ran it directly. I eventually traced the problem to some spamassassin perl files that had been left from an older version in a different part of the perl search path to the current version. MailScanner was finding the old files and trying to use the older spamassassin configuration files I had deleted, but spamassassin was using the current files when run directly. Also, as with any CentOS problem of things not working as expected, you can try again with selinux off if it is enabled (eg. run setenforce 0 beforehand), as selinux is good at getting in the way if you are doing things in ways it doesn't quite expect. Michael Young From jlmiller at mmtnetworks.com.au Fri Mar 16 00:00:26 2012 From: jlmiller at mmtnetworks.com.au (Jlmiller) Date: Fri Mar 16 00:45:58 2012 Subject: Need major help Message-ID: I would like to know if there is any documentation on setting up MailScanner and MailWatch from the being? I use postfix and side Linux enterprise. Getting heaps of spam and need to stop this ASAP Regards, Jon L. Miller Sent from my iPhone From brent.addis at nsp.co.nz Fri Mar 16 01:21:03 2012 From: brent.addis at nsp.co.nz (Brent Addis) Date: Fri Mar 16 01:21:16 2012 Subject: Need major help In-Reply-To: References: Message-ID: <71EE5816EB7C4D4C9DEA1003EB79470F34A54594@nspexch01.nsp.local> Personally I would use Baruwa. Its slicker than mailwatch but still uses mailscanner. http://www.baruwa.org/ Documentation there is pretty good. Brent Addis Systems Integration Specialist Network Service Providers Ltd. Unit 1, 13 Farnham St, Auckland 1052 PO Box 90208, Victoria West, Auckland Email: mailto:brent.addis@nsp.co.nz | Customer Service: cs@nsp.co.nz | Web: http://www.nsp.co.nz Tel: +64-9-306-0230 | Support: +64-9-306-0234 | Fax: +64-9-306-0239 Disclaimer: This message contains confidential information and is intended only for mailscanner@lists.mailscanner.info. If you are not mailscanner@lists.mailscanner.info you should not disseminate, distribute or copy this e-mail. Please notify brent.addis@nsp.co.nz immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Brent Addis therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Network Service Providers is a limited liability company registered in New Zealand. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jlmiller Sent: Friday, 16 March 2012 1:00 p.m. To: mailscanner@lists.mailscanner.info Subject: Need major help I would like to know if there is any documentation on setting up MailScanner and MailWatch from the being? I use postfix and side Linux enterprise. Getting heaps of spam and need to stop this ASAP Regards, Jon L. Miller Sent from my iPhone-- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From terry at graybell.net Fri Mar 16 02:30:03 2012 From: terry at graybell.net (Terry Hulen Jr.) Date: Fri Mar 16 02:30:18 2012 Subject: Need major help Message-ID: <1554763637-1331865004-cardhu_decombobulator_blackberry.rim.net-1682837510-@b25.c28.bise6.blackberry> There is a document that I frequent on HowToForge. It has a set up guide for a "SpamSnake". It uses mailscanner, mailwatch, postfix, spamassassin, and more. ------Original Message------ From: Jlmiller Sender: mailscanner-bounces@lists.mailscanner.info To: mailscanner@lists.mailscanner.info ReplyTo: MailScanner discussion Subject: Need major help Sent: Mar 15, 2012 8:00 PM I would like to know if there is any documentation on setting up MailScanner and MailWatch from the being? I use postfix and side Linux enterprise. Getting heaps of spam and need to stop this ASAP Regards, Jon L. Miller Sent from my iPhone-- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Sent from my Verizon Wireless BlackBerry From pramod at mindspring.co.za Fri Mar 16 07:35:47 2012 From: pramod at mindspring.co.za (Pramod Daya) Date: Fri Mar 16 07:37:23 2012 Subject: Bayes Scoring solved (I think !) In-Reply-To: References: <2810BE9BCD80A84DBDE4BC0505BF6C8C6782A25ECD@WILLOW.mindspringsbs.local> <2810BE9BCD80A84DBDE4BC0505BF6C8C6782A25F33@WILLOW.mindspringsbs.local> Message-ID: <2810BE9BCD80A84DBDE4BC0505BF6C8C6782A25FAE@WILLOW.mindspringsbs.local> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: image004.jpg Type: image/jpeg Size: 1413 bytes Desc: image004.jpg Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120316/528b0a2f/image004.jpg -------------- next part -------------- A non-text attachment was scrubbed... Name: image003.jpg Type: image/jpeg Size: 1413 bytes Desc: image003.jpg Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120316/528b0a2f/image003.jpg From lhaig at haigmail.com Fri Mar 16 23:05:00 2012 From: lhaig at haigmail.com (Lance Haig) Date: Fri Mar 16 23:05:17 2012 Subject: CentOS 6.2 ? Message-ID: <4F63C71C.8070407@haigmail.com> Hi All, Is it possible to get MS running on CentOS 6.2? I need to move my current install. Regards Lance -- This message was scanned by Better Hosted and is believed to be clean. http://www.betterhosted.com From jeremy at fluxlabs.net Fri Mar 16 23:13:21 2012 From: jeremy at fluxlabs.net (Jeremy McSpadden) Date: Fri Mar 16 23:13:34 2012 Subject: CentOS 6.2 ? In-Reply-To: <4F63C71C.8070407@haigmail.com> References: <4F63C71C.8070407@haigmail.com> Message-ID: Yes -- Jeremy McSpadden On Mar 16, 2012, at 6:11 PM, "Lance Haig" wrote: > Hi All, > > Is it possible to get MS running on CentOS 6.2? > > I need to move my current install. > > Regards > > Lance > > -- > This message was scanned by Better Hosted and is believed to be clean. > http://www.betterhosted.com > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From tony at ai.net.nz Fri Mar 16 23:58:51 2012 From: tony at ai.net.nz (Tony Arcus) Date: Fri Mar 16 23:59:15 2012 Subject: CentOS 6.2 ? In-Reply-To: <4F63C71C.8070407@haigmail.com> References: <4F63C71C.8070407@haigmail.com> Message-ID: <20120317125851.Horde.zTJ1AZ4kF5xPY9O7Tl9wMDA@webmail.ai.net.nz> I have a mail server on centos 6.2, running sendmail, mailscanner, spam assassin, clamav and mailwatch for a rather buggy over view of how I did it. http://ai.net.nz/gettinghelp/how-do-i/centos-servers.html Quoting Lance Haig : > Hi All, > > Is it possible to get MS running on CentOS 6.2? > > I need to move my current install. > > Regards > > Lance > > -- > This message was scanned by Better Hosted and is believed to be clean. > http://www.betterhosted.com > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. -- Tony Arcus Systems and Network Engineer Access Information Limited PO Box 122 Carterton Wairarapa Phone : 06-379-6668 Phone : 04-831-1401 Email : tony@ai.net.nz Cell : 021-827-660 This email and any accompanying documentation may contain privileged and confidential information. If you are not the intended recipient, your use of the information is strictly prohibited. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From campbell at cnpapers.com Sat Mar 17 00:44:07 2012 From: campbell at cnpapers.com (Steve Campbell) Date: Sat Mar 17 00:44:28 2012 Subject: CentOS 6.2 ? In-Reply-To: <4F63C71C.8070407@haigmail.com> References: <4F63C71C.8070407@haigmail.com> Message-ID: <1331945047.4f63de57eb5bb@perdition.cnpapers.net> Quoting Lance Haig : > Hi All, > > Is it possible to get MS running on CentOS 6.2? > > I need to move my current install. > > Regards > > Lance > I have it running on one server now and am planning another install shortly. My biggest problem was mostly due to the preferences of Centos 6.2. It wants to use postfix for the smtp server and dovecot for imap/pop. Both of these are new to me and require, to some degree, some configuration beyond what the old services required. I eventually went back to sendmail for smtp. I installed mailwatch 1.1.15 and except for the few changes it required (some dos2unix fixes, etc) I had no problem there. Clamd is the same. Depending on what you're moving from, I'd say you won't have much problems unless you're moving from something really, really old. I moved from Centos 3. steve ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ From lhaig at haigmail.com Sat Mar 17 07:54:42 2012 From: lhaig at haigmail.com (Lance Haig) Date: Sat Mar 17 07:54:59 2012 Subject: CentOS 6.2 ? In-Reply-To: <20120317125851.Horde.zTJ1AZ4kF5xPY9O7Tl9wMDA@webmail.ai.net.nz> References: <4F63C71C.8070407@haigmail.com> <20120317125851.Horde.zTJ1AZ4kF5xPY9O7Tl9wMDA@webmail.ai.net.nz> Message-ID: <4F644342.1040101@haigmail.com> Thanks Tony, I will take a read Lance On 16/03/12 23:58, Tony Arcus wrote: > I have a mail server on centos 6.2, running sendmail, mailscanner, > spam assassin, clamav and mailwatch > > for a rather buggy over view of how I did it. > > > http://ai.net.nz/gettinghelp/how-do-i/centos-servers.html > > > Quoting Lance Haig : > >> Hi All, >> >> Is it possible to get MS running on CentOS 6.2? >> >> I need to move my current install. >> >> Regards >> >> Lance >> >> -- >> This message was scanned by Better Hosted and is believed to be clean. >> http://www.betterhosted.com >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. > -- This message was scanned by Better Hosted and is believed to be clean. http://www.betterhosted.com From lhaig at haigmail.com Sat Mar 17 07:56:26 2012 From: lhaig at haigmail.com (Lance Haig) Date: Sat Mar 17 07:56:47 2012 Subject: CentOS 6.2 ? In-Reply-To: <1331945047.4f63de57eb5bb@perdition.cnpapers.net> References: <4F63C71C.8070407@haigmail.com> <1331945047.4f63de57eb5bb@perdition.cnpapers.net> Message-ID: <4F6443AA.5080408@haigmail.com> Hi Steve, Thanks buddy, I am moving from CentOS 3 as well. and the install was originally copied from ESVA build code. That project has close so I have to build it myself now :-) Lance On 17/03/12 00:44, Steve Campbell wrote: > Quoting Lance Haig: > >> Hi All, >> >> Is it possible to get MS running on CentOS 6.2? >> >> I need to move my current install. >> >> Regards >> >> Lance >> > > I have it running on one server now and am planning another install shortly. > > My biggest problem was mostly due to the preferences of Centos 6.2. It wants to > use postfix for the smtp server and dovecot for imap/pop. Both of these are new > to me and require, to some degree, some configuration beyond what the old > services required. I eventually went back to sendmail for smtp. I installed > mailwatch 1.1.15 and except for the few changes it required (some dos2unix > fixes, etc) I had no problem there. Clamd is the same. > > Depending on what you're moving from, I'd say you won't have much problems > unless you're moving from something really, really old. I moved from Centos 3. > > steve > > ------------------------------------------------- > This mail sent through IMP: http://horde.org/imp/ -- This message was scanned by Better Hosted and is believed to be clean. http://www.betterhosted.com From mailscanner at joolee.nl Mon Mar 19 11:07:19 2012 From: mailscanner at joolee.nl (Joolee) Date: Mon Mar 19 11:08:09 2012 Subject: MailScanner IMPORTANT FIX In-Reply-To: References: <4F549A39.1060705@ecs.soton.ac.uk> Message-ID: Is it me or is this latest releas not on Github yet? When it's updated, can the changes from Akisa also be merged into the main? He already filed a pull request. On 12 March 2012 12:31, Remco Barendse wrote: > Hi Julian, > > Does this version also fix some of teh other pending problems (like TNEF > etc.) ? > > Thanks for the update! > Remco > > > On Mon, 5 Mar 2012, Julian Field wrote: > > This is important news for all users of MailScanner and/or ScamNailer. >> >> Due to a domain name expiring (yes, my fault, I know :-( ) the updates >> for the known bad phishing sites will no longer be correct. >> >> You can either >> 1a. Download and install the latest release of MailScanner from >> www.mailscanner.info. >> or >> 1b. Edit /usr/sbin/update_bad_phishing_**sites (and >> /usr/sbin/update_bad_phishing_**emails if you have it too). Change " >> www.mailscanner.tv" to "cdn.mailscanner.info". >> >> 2. After doing steps 1a or 1b above, >> rm -rf /var/spool/MailScanner/**quarantine/phishingupdate >> /usr/sbin/update_bad_phishing_**sites >> (and run /usr/sbin/update_bad_phishing_**emails if you have it too). >> >> This will regenerate the correct cache, as it may have been corrupted by >> the people who swiped my domain. >> >> Sorry about all of this, >> >> Jules >> >> >> -- > MailScanner mailing list > mailscanner@lists.mailscanner.**info > http://lists.mailscanner.info/**mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/**posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120319/7e3984ea/attachment.html From ssilva at sgvwater.com Mon Mar 19 16:10:39 2012 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 19 16:11:02 2012 Subject: CentOS 6.2 ? In-Reply-To: <4F6443AA.5080408@haigmail.com> References: <4F63C71C.8070407@haigmail.com> <1331945047.4f63de57eb5bb@perdition.cnpapers.net> <4F6443AA.5080408@haigmail.com> Message-ID: on 3/17/2012 12:56 AM Lance Haig spake the following: > Hi Steve, > > Thanks buddy, I am moving from CentOS 3 as well. and the install was > originally copied from ESVA build code. > > That project has close so I have to build it myself now :-) > > Lance > You can still get ESVA, and although the project has forked, I don't think the code is that out of date... From Sampson at p2sol.com Mon Mar 19 20:31:40 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Mon Mar 19 20:31:52 2012 Subject: M.S. 4.84.5 Question Message-ID: <4ACB6FBB6E06074DA18D653BD3155A6637839E@COMM1.p2sol.com> I am runnning MailScanner 4.84.5 on Centos 6.2 and my question is we have gotten e-mails from a valid business network site that contained a bogus link, so is there a way that you can have MailScanner check the URL to ensure that it is valid. I know it will check to see if the link is a numeric IP address but these are coming across as a name. Is there some thing in MailScanner.conf that I can change to have it check these e-mails? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120319/e56603ed/attachment.html From ka at pacific.net Mon Mar 19 21:31:45 2012 From: ka at pacific.net (Ken A) Date: Mon Mar 19 21:32:06 2012 Subject: M.S. 4.84.5 Question In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A6637839E@COMM1.p2sol.com> References: <4ACB6FBB6E06074DA18D653BD3155A6637839E@COMM1.p2sol.com> Message-ID: <4F67A5C1.6080102@pacific.net> You mean like paypal or some other kind of bogosity? Different spam is caught in different ways, so you need to be specific in your question. Ken On 3/19/2012 3:31 PM, Sampson, Aaron wrote: > > > I am runnning MailScanner 4.84.5 on Centos 6.2 and my question is we > have gotten e-mails from a valid business network site that contained > a bogus link, so is there a way that you can have MailScanner check > the URL to ensure that it is valid. I know it will check to see if > the link is a numeric IP address but these are coming across as a > name. Is there some thing in MailScanner.conf that I can change to > have it check these e-mails? > > > > -- Ken Anderson From eric_le_corre at msn.com Tue Mar 20 12:39:20 2012 From: eric_le_corre at msn.com (mul) Date: Tue Mar 20 12:39:42 2012 Subject: Keep quarantine more than 9 days Message-ID: Hello ans sorry for my english, all emails are quarantined nine days. Apparently there is a script where indicated nine days because it never goes beyond. But I would like to keep emails longer. I do not have a CRON script that removes Quarantine ! would have an idea where you will be shown the number of days to keep quarantine? thanks for help From lists at Tatorz.com Tue Mar 20 13:23:19 2012 From: lists at Tatorz.com (Mail Lists) Date: Tue Mar 20 13:23:32 2012 Subject: Keep quarantine more than 9 days In-Reply-To: References: Message-ID: <4F6884C7.5010407@Tatorz.com> On 03/20/2012 08:39 AM, mul wrote: > Hello ans sorry for my english, > > all emails are quarantined nine days. Apparently there is a script where > indicated nine days because it never goes beyond. But I would like to keep > emails longer. > > I do not have a CRON script that removes Quarantine ! > > would have an idea where you will be shown the number of days to keep > quarantine? > > thanks for help > MailScanne running on CentOS 6.2 /etc/cron.daily/clean.quarantine If you are running another platform you could search for it. The oddest part is by default I don't believe MailScanner removes quarantined mail. -- Brian ----- Get the latest Fremont, OH Weather http://www.Fremont-OH-Weather.com From Sampson at p2sol.com Tue Mar 20 13:35:50 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Tue Mar 20 13:36:05 2012 Subject: M.S. 4.84.5 Question In-Reply-To: <4F67A5C1.6080102@pacific.net> References: <4ACB6FBB6E06074DA18D653BD3155A6637839E@COMM1.p2sol.com> <4F67A5C1.6080102@pacific.net> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663787E6@COMM1.p2sol.com> Sorry if I was not clear enough. There is a link embedded in these emails says "Visit your inbox now" from a valid business social site (linked IN). But when you look at the link it would take you to "bogus_site.com" But again the problem is how do I or Can I scan these messages for these embedded links to bogus sites. I'm still fairly new but the questions is more of a general is it possible and have you done it question. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A Sent: Monday, March 19, 2012 4:32 PM To: mailscanner@lists.mailscanner.info Subject: Re: M.S. 4.84.5 Question You mean like paypal or some other kind of bogosity? Different spam is caught in different ways, so you need to be specific in your question. Ken On 3/19/2012 3:31 PM, Sampson, Aaron wrote: > > > I am runnning MailScanner 4.84.5 on Centos 6.2 and my question is we > have gotten e-mails from a valid business network site that contained > a bogus link, so is there a way that you can have MailScanner check > the URL to ensure that it is valid. I know it will check to see if > the link is a numeric IP address but these are coming across as a > name. Is there some thing in MailScanner.conf that I can change to > have it check these e-mails? > > > > -- Ken Anderson -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Sampson at p2sol.com Tue Mar 20 14:26:23 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Tue Mar 20 14:26:43 2012 Subject: Keep quarantine more than 9 days In-Reply-To: <4F6884C7.5010407@Tatorz.com> References: <4F6884C7.5010407@Tatorz.com> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A6637888B@COMM1.p2sol.com> edit /etc/cron.daily/clean.quarantine.cron The above is the config file that states how long it will keep the quarantine folders. Depending on how much spam you get keeping these files for a long time could eat up a lot of space on your system. By default it is set to disabled so Mail Scanner shouldn't automatically be deleting the folders after 9 days -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mail Lists Sent: Tuesday, March 20, 2012 8:23 AM To: MailScanner discussion Subject: Re: Keep quarantine more than 9 days On 03/20/2012 08:39 AM, mul wrote: > Hello ans sorry for my english, > > all emails are quarantined nine days. Apparently there is a script > where indicated nine days because it never goes beyond. But I would > like to keep emails longer. > > I do not have a CRON script that removes Quarantine ! > > would have an idea where you will be shown the number of days to keep > quarantine? > > thanks for help > MailScanne running on CentOS 6.2 /etc/cron.daily/clean.quarantine If you are running another platform you could search for it. The oddest part is by default I don't believe MailScanner removes quarantined mail. -- Brian ----- Get the latest Fremont, OH Weather http://www.Fremont-OH-Weather.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ka at pacific.net Tue Mar 20 15:12:13 2012 From: ka at pacific.net (Ken A) Date: Tue Mar 20 15:12:34 2012 Subject: M.S. 4.84.5 Question In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663787E6@COMM1.p2sol.com> References: <4ACB6FBB6E06074DA18D653BD3155A6637839E@COMM1.p2sol.com> <4F67A5C1.6080102@pacific.net> <4ACB6FBB6E06074DA18D653BD3155A663787E6@COMM1.p2sol.com> Message-ID: <4F689E4D.3050302@pacific.net> Those are usually caught by the URI based blacklists in SpamAssassin, but you can also use a milter. Good lists are provided by Spamhaus, URIBL and SURBL. See http://www.spamhaus.org/faq/section/Spamhaus%20DBL Ken On 3/20/2012 8:35 AM, Sampson, Aaron wrote: > Sorry if I was not clear enough. > > There is a link embedded in these emails says "Visit your inbox now" from a valid business social site (linked IN). But when you look at the link it would take you to "bogus_site.com" But again the problem is how do I or Can I scan these messages for these embedded links to bogus sites. > > I'm still fairly new but the questions is more of a general is it possible and have you done it question. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A > Sent: Monday, March 19, 2012 4:32 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: M.S. 4.84.5 Question > > > You mean likepaypal or some other kind of bogosity? Different spam is caught in different ways, so you need to be specific in your question. > Ken > > On 3/19/2012 3:31 PM, Sampson, Aaron wrote: >> >> >> I am runnning MailScanner 4.84.5 on Centos 6.2 and my question is we >> have gotten e-mails from a valid business network site that contained >> a bogus link, so is there a way that you can have MailScanner check >> the URL to ensure that it is valid. I know it will check to see if >> the link is a numeric IP address but these are coming across as a >> name. Is there some thing in MailScanner.conf that I can change to >> have it check these e-mails? >> >> >> >> > > -- > Ken Anderson > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Ken Anderson Pacific Internet - http://www.pacific.net Latest Pacific.Net Status - http://twitter.com/pacnetstatus From Sampson at p2sol.com Tue Mar 20 15:39:09 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Tue Mar 20 15:39:24 2012 Subject: M.S. 4.84.5 Question In-Reply-To: <4F689E4D.3050302@pacific.net> References: <4ACB6FBB6E06074DA18D653BD3155A6637839E@COMM1.p2sol.com> <4F67A5C1.6080102@pacific.net> <4ACB6FBB6E06074DA18D653BD3155A663787E6@COMM1.p2sol.com> <4F689E4D.3050302@pacific.net> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A66378900@COMM1.p2sol.com> I am currently using spam assassin with mail scanner, and clam D. Which has been doing a great job so far now that I have worked some of the bugs out in our setup. Just the owner of our company HATES spam lol and just trying to see if there is a way to tweak the system to get it to catch a little more. That being said the blacklist in spam(whatever) will black list the url that the email is coming from which is not what I want in this case but to be able to scan the e-mail itself and verify that any links in the email are valid and safe. I know that the system in its current config will scan for links that go to numeric ip addresses. So maybe restating my question to will mail scanner (or spam assassin) scan the links that go to bogus sites and flag them as possible phishing sites even If the link goes to a word address such as bad_site.com instead of a numeric address -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A Sent: Tuesday, March 20, 2012 10:12 AM To: mailscanner@lists.mailscanner.info Subject: Re: M.S. 4.84.5 Question Those are usually caught by the URI based blacklists in SpamAssassin, but you can also use a milter. Good lists are provided by Spamhaus, URIBL and SURBL. See http://www.spamhaus.org/faq/section/Spamhaus%20DBL Ken On 3/20/2012 8:35 AM, Sampson, Aaron wrote: > Sorry if I was not clear enough. > > There is a link embedded in these emails says "Visit your inbox now" from a valid business social site (linked IN). But when you look at the link it would take you to "bogus_site.com" But again the problem is how do I or Can I scan these messages for these embedded links to bogus sites. > > I'm still fairly new but the questions is more of a general is it possible and have you done it question. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A > Sent: Monday, March 19, 2012 4:32 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: M.S. 4.84.5 Question > > > You mean likepaypal or some other kind of bogosity? Different spam is caught in different ways, so you need to be specific in your question. > Ken > > On 3/19/2012 3:31 PM, Sampson, Aaron wrote: >> >> >> I am runnning MailScanner 4.84.5 on Centos 6.2 and my question is we >> have gotten e-mails from a valid business network site that contained >> a bogus link, so is there a way that you can have MailScanner check >> the URL to ensure that it is valid. I know it will check to see if >> the link is a numeric IP address but these are coming across as a >> name. Is there some thing in MailScanner.conf that I can change to >> have it check these e-mails? >> >> >> >> > > -- > Ken Anderson > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Ken Anderson Pacific Internet - http://www.pacific.net Latest Pacific.Net Status - http://twitter.com/pacnetstatus -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Sampson at p2sol.com Tue Mar 20 16:13:07 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Tue Mar 20 16:13:27 2012 Subject: M.S. 4.84.5 Question In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A66378900@COMM1.p2sol.com> References: <4ACB6FBB6E06074DA18D653BD3155A6637839E@COMM1.p2sol.com> <4F67A5C1.6080102@pacific.net> <4ACB6FBB6E06074DA18D653BD3155A663787E6@COMM1.p2sol.com> <4F689E4D.3050302@pacific.net> <4ACB6FBB6E06074DA18D653BD3155A66378900@COMM1.p2sol.com> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A6637893C@COMM1.p2sol.com> Has anyone used the Phishing Bad Sites File List? I states that this will automatically trigger an additional test? I'm wondering if by listing a valid site here that will cause the system to run additional checks if it will work more efficiently at catching phishing links such as the one that I posted about. Has anyone added a site to this list before, in a similar situation? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Sampson, Aaron Sent: Tuesday, March 20, 2012 10:39 AM To: MailScanner discussion Subject: RE: M.S. 4.84.5 Question I am currently using spam assassin with mail scanner, and clam D. Which has been doing a great job so far now that I have worked some of the bugs out in our setup. Just the owner of our company HATES spam lol and just trying to see if there is a way to tweak the system to get it to catch a little more. That being said the blacklist in spam(whatever) will black list the url that the email is coming from which is not what I want in this case but to be able to scan the e-mail itself and verify that any links in the email are valid and safe. I know that the system in its current config will scan for links that go to numeric ip addresses. So maybe restating my question to will mail scanner (or spam assassin) scan the links that go to bogus sites and flag them as possible phishing sites even If the link goes to a word address such as bad_site.com instead of a numeric address -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A Sent: Tuesday, March 20, 2012 10:12 AM To: mailscanner@lists.mailscanner.info Subject: Re: M.S. 4.84.5 Question Those are usually caught by the URI based blacklists in SpamAssassin, but you can also use a milter. Good lists are provided by Spamhaus, URIBL and SURBL. See http://www.spamhaus.org/faq/section/Spamhaus%20DBL Ken On 3/20/2012 8:35 AM, Sampson, Aaron wrote: > Sorry if I was not clear enough. > > There is a link embedded in these emails says "Visit your inbox now" from a valid business social site (linked IN). But when you look at the link it would take you to "bogus_site.com" But again the problem is how do I or Can I scan these messages for these embedded links to bogus sites. > > I'm still fairly new but the questions is more of a general is it possible and have you done it question. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A > Sent: Monday, March 19, 2012 4:32 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: M.S. 4.84.5 Question > > > You mean likepaypal or some other kind of bogosity? Different spam is caught in different ways, so you need to be specific in your question. > Ken > > On 3/19/2012 3:31 PM, Sampson, Aaron wrote: >> >> >> I am runnning MailScanner 4.84.5 on Centos 6.2 and my question is we >> have gotten e-mails from a valid business network site that contained >> a bogus link, so is there a way that you can have MailScanner check >> the URL to ensure that it is valid. I know it will check to see if >> the link is a numeric IP address but these are coming across as a >> name. Is there some thing in MailScanner.conf that I can change to >> have it check these e-mails? >> >> >> >> > > -- > Ken Anderson > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Ken Anderson Pacific Internet - http://www.pacific.net Latest Pacific.Net Status - http://twitter.com/pacnetstatus -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ka at pacific.net Tue Mar 20 17:04:55 2012 From: ka at pacific.net (Ken A) Date: Tue Mar 20 17:05:17 2012 Subject: M.S. 4.84.5 Question In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A66378900@COMM1.p2sol.com> References: <4ACB6FBB6E06074DA18D653BD3155A6637839E@COMM1.p2sol.com> <4F67A5C1.6080102@pacific.net> <4ACB6FBB6E06074DA18D653BD3155A663787E6@COMM1.p2sol.com> <4F689E4D.3050302@pacific.net> <4ACB6FBB6E06074DA18D653BD3155A66378900@COMM1.p2sol.com> Message-ID: <4F68B8B7.1070903@pacific.net> No need to restate your question, just to read the answer again. :-) That is exactly what URI based blacklists do. Ken On 3/20/2012 10:39 AM, Sampson, Aaron wrote: > I am currently using spam assassin with mail scanner, and clam D. Which has been doing a great job so far now that I have worked some of the bugs out in our setup. Just the owner of our company HATES spam lol and just trying to see if there is a way to tweak the system to get it to catch a little more. That being said the blacklist in spam(whatever) will black list the url that the email is coming from which is not what I want in this case but to be able to scan the e-mail itself and verify that any links in the email are valid and safe. I know that the system in its current config will scan for links that go to numeric ip addresses. So maybe restating my question to will mail scanner (or spam assassin) scan the links that go to bogus sites and flag them as possible phishing sites even If the link goes to a word address such as bad_site.com instead of a numeric address > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A > Sent: Tuesday, March 20, 2012 10:12 AM > To: mailscanner@lists.mailscanner.info > Subject: Re: M.S. 4.84.5 Question > > Those are usually caught by the URI based blacklists in SpamAssassin, but you can also use a milter. > Good lists are provided by Spamhaus, URIBL and SURBL. > See http://www.spamhaus.org/faq/section/Spamhaus%20DBL > > Ken > > On 3/20/2012 8:35 AM, Sampson, Aaron wrote: >> Sorry if I was not clear enough. >> >> There is a link embedded in these emails says "Visit your inbox now" from a valid business social site (linked IN). But when you look at the link it would take you to "bogus_site.com" But again the problem is how do I or Can I scan these messages for these embedded links to bogus sites. >> >> I'm still fairly new but the questions is more of a general is it possible and have you done it question. >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A >> Sent: Monday, March 19, 2012 4:32 PM >> To: mailscanner@lists.mailscanner.info >> Subject: Re: M.S. 4.84.5 Question >> >> >> You mean likepaypal or some other kind of bogosity? Different spam is caught in different ways, so you need to be specific in your question. >> Ken >> >> On 3/19/2012 3:31 PM, Sampson, Aaron wrote: >>> >>> >>> I am runnning MailScanner 4.84.5 on Centos 6.2 and my question is we >>> have gotten e-mails from a valid business network site that contained >>> a bogus link, so is there a way that you can have MailScanner check >>> the URL to ensure that it is valid. I know it will check to see if >>> the link is a numeric IP address but these are coming across as a >>> name. Is there some thing in MailScanner.conf that I can change to >>> have it check these e-mails? >>> >>> >>> >>> >> >> -- >> Ken Anderson >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > Ken Anderson > Pacific Internet - http://www.pacific.net Latest Pacific.Net Status - http://twitter.com/pacnetstatus > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Ken Anderson Pacific Internet - http://www.pacific.net Latest Pacific.Net Status - http://twitter.com/pacnetstatus From Sampson at p2sol.com Tue Mar 20 17:48:30 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Tue Mar 20 17:48:51 2012 Subject: M.S. 4.84.5 Question In-Reply-To: <4F68B8B7.1070903@pacific.net> References: <4ACB6FBB6E06074DA18D653BD3155A6637839E@COMM1.p2sol.com> <4F67A5C1.6080102@pacific.net> <4ACB6FBB6E06074DA18D653BD3155A663787E6@COMM1.p2sol.com> <4F689E4D.3050302@pacific.net> <4ACB6FBB6E06074DA18D653BD3155A66378900@COMM1.p2sol.com> <4F68B8B7.1070903@pacific.net> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A66378999@COMM1.p2sol.com> Thanks Ken, that is I guess the answer I was really looking for is just clarification that using that would do what I wanted it to do and not mess anything else up. Appreciate you responding so quickly on this issue. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A Sent: Tuesday, March 20, 2012 12:05 PM To: mailscanner@lists.mailscanner.info Subject: Re: M.S. 4.84.5 Question No need to restate your question, just to read the answer again. :-) That is exactly what URI based blacklists do. Ken On 3/20/2012 10:39 AM, Sampson, Aaron wrote: > I am currently using spam assassin with mail scanner, and clam D. > Which has been doing a great job so far now that I have worked some of > the bugs out in our setup. Just the owner of our company HATES spam > lol and just trying to see if there is a way to tweak the system to > get it to catch a little more. That being said the blacklist in > spam(whatever) will black list the url that the email is coming from > which is not what I want in this case but to be able to scan the > e-mail itself and verify that any links in the email are valid and > safe. I know that the system in its current config will scan for > links that go to numeric ip addresses. So maybe restating my question > to will mail scanner (or spam assassin) scan the links that go to > bogus sites and flag them as possible phishing sites even If the link > goes to a word address such as bad_site.com instead of a numeric > address > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A > Sent: Tuesday, March 20, 2012 10:12 AM > To: mailscanner@lists.mailscanner.info > Subject: Re: M.S. 4.84.5 Question > > Those are usually caught by the URI based blacklists in SpamAssassin, but you can also use a milter. > Good lists are provided by Spamhaus, URIBL and SURBL. > See http://www.spamhaus.org/faq/section/Spamhaus%20DBL > > Ken > > On 3/20/2012 8:35 AM, Sampson, Aaron wrote: >> Sorry if I was not clear enough. >> >> There is a link embedded in these emails says "Visit your inbox now" from a valid business social site (linked IN). But when you look at the link it would take you to "bogus_site.com" But again the problem is how do I or Can I scan these messages for these embedded links to bogus sites. >> >> I'm still fairly new but the questions is more of a general is it possible and have you done it question. >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken >> A >> Sent: Monday, March 19, 2012 4:32 PM >> To: mailscanner@lists.mailscanner.info >> Subject: Re: M.S. 4.84.5 Question >> >> >> You mean likepaypal or some other kind of bogosity? Different spam is caught in different ways, so you need to be specific in your question. >> Ken >> >> On 3/19/2012 3:31 PM, Sampson, Aaron wrote: >>> >>> >>> I am runnning MailScanner 4.84.5 on Centos 6.2 and my question is we >>> have gotten e-mails from a valid business network site that >>> contained a bogus link, so is there a way that you can have >>> MailScanner check the URL to ensure that it is valid. I know it >>> will check to see if the link is a numeric IP address but these are >>> coming across as a name. Is there some thing in MailScanner.conf >>> that I can change to have it check these e-mails? >>> >>> >>> >>> >> >> -- >> Ken Anderson >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > Ken Anderson > Pacific Internet - http://www.pacific.net Latest Pacific.Net Status - > http://twitter.com/pacnetstatus > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Ken Anderson Pacific Internet - http://www.pacific.net Latest Pacific.Net Status - http://twitter.com/pacnetstatus -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From payalg at cdac.in Wed Mar 21 10:06:13 2012 From: payalg at cdac.in (payalg@cdac.in) Date: Wed Mar 21 10:06:38 2012 Subject: Want to learn about Mail Scanner Message-ID: Dear All, I am new to mail scanner and want to learn about how it works, what are the basic things and files one should be aware of, what are rules and filters in mail scanner, how to write your own rules? Can you please suggest me a good source for it? Thanks and Regards, -- Payal Gupta Project Engineer National PARAM SuperComputing Facilities CDAC-Pune -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From miguelk at konsultex.com.br Wed Mar 21 12:24:45 2012 From: miguelk at konsultex.com.br (Miguel Koren O'Brien de Lacy) Date: Wed Mar 21 12:22:19 2012 Subject: Want to learn about Mail Scanner In-Reply-To: References: Message-ID: <4F69C88D.6080004@konsultex.com.br> Hi Payal, There's a book about Mail Scanner: See here: http://mailscanner.info/ (on the right) Miguel On 03/21/2012 07:06 AM, payalg@cdac.in wrote: > > Dear All, > > I am new to mail scanner and want to learn about how it works, > what are the basic things and files one should be aware of, what are rules > and filters in mail scanner, how to write your own rules? > > Can you please suggest me a good source for it? > > Thanks and Regards, From Sampson at p2sol.com Wed Mar 21 13:13:51 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Wed Mar 21 13:14:11 2012 Subject: Want to learn about Mail Scanner In-Reply-To: <4F69C88D.6080004@konsultex.com.br> References: <4F69C88D.6080004@konsultex.com.br> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A66378C3D@COMM1.p2sol.com> Anyone know when Julian is going to come out with a new book, since you brought it up. The one online says it was updated in 07, there has been a lot of version updates since then -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Miguel Koren O'Brien de Lacy Sent: Wednesday, March 21, 2012 7:25 AM To: mailscanner@lists.mailscanner.info Subject: Re: Want to learn about Mail Scanner Hi Payal, There's a book about Mail Scanner: See here: http://mailscanner.info/ (on the right) Miguel On 03/21/2012 07:06 AM, payalg@cdac.in wrote: > > Dear All, > > I am new to mail scanner and want to learn about how it > works, what are the basic things and files one should be aware of, > what are rules and filters in mail scanner, how to write your own rules? > > Can you please suggest me a good source for it? > > Thanks and Regards, -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From technician at cenpac.net.nr Wed Mar 21 13:38:54 2012 From: technician at cenpac.net.nr (Technician) Date: Wed Mar 21 13:39:28 2012 Subject: Want to learn about Mail Scanner In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A66378C3D@COMM1.p2sol.com> References: <4F69C88D.6080004@konsultex.com.br> <4ACB6FBB6E06074DA18D653BD3155A66378C3D@COMM1.p2sol.com> Message-ID: <000901cd0767$f5435930$dfca0b90$@net.nr> Hi Miguel / Payal / Everyone, I've been an observer of Mailscanner list since 2009 and I guess would be in the same boat as Payal, but have not had the guts (like Payal has :-)) to put the question. Now that it's "out" and Miguel has replied with the "Go read all about it" ... :-)..it was funny and at the same time given me my cue to at least say something. Thanks Payal / Miguel. Now as Payal has also included in his question ...".. the basic things and files one should be aware of," ... I think I too would like to know. :-) any answers to this? Should we get a hail-storm of meteos falling from the skies, in our little country, I'll know its from "mailscanner". :-) Thanks Ru > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Sampson, Aaron > Sent: Thursday, March 22, 2012 1:14 AM > To: MailScanner discussion > Subject: RE: Want to learn about Mail Scanner > > Anyone know when Julian is going to come out with a new book, since > you brought it up. The one online says it was updated in 07, there has > been a lot of version updates since then > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Miguel Koren O'Brien de > Lacy > Sent: Wednesday, March 21, 2012 7:25 AM > To: mailscanner@lists.mailscanner.info > Subject: Re: Want to learn about Mail Scanner > > Hi Payal, > > There's a book about Mail Scanner: > > See here: http://mailscanner.info/ (on the right) > > Miguel > > On 03/21/2012 07:06 AM, payalg@cdac.in wrote: > > > > Dear All, > > > > I am new to mail scanner and want to learn about how it > > works, what are the basic things and files one should be aware of, > > what are rules and filters in mail scanner, how to write your own rules? > > > > Can you please suggest me a good source for it? > > > > Thanks and Regards, > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From Sampson at p2sol.com Wed Mar 21 14:04:52 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Wed Mar 21 14:05:06 2012 Subject: Want to learn about Mail Scanner In-Reply-To: <000901cd0767$f5435930$dfca0b90$@net.nr> References: <4F69C88D.6080004@konsultex.com.br> <4ACB6FBB6E06074DA18D653BD3155A66378C3D@COMM1.p2sol.com> <000901cd0767$f5435930$dfca0b90$@net.nr> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A66378CAE@COMM1.p2sol.com> The nice thing about mail scanner (which I am new too as well) has been that there are a lot of different forums, a lot of good IT people responding to them and it is very customizable to meet your needs. My suggestion to anyone learning MS is to do what I did which was create a VM load your OS on it like it was a live system and down load the programs and start to play with the different options. The configuration file (/etc/mailscanner/mailscanner.conf) is laid out in such a way that it provides a pretty good explanation of what each option does or will do. I set up MS with spam assassin and Clam D. We are a small company but have found a drastic decrease of spam and viruses coming through (which you can choose to whether or not to notify the end user on) before setting these up I had not even touched a Linux box or used terminal before so don?t just read about it, be about it and take the leap. Then if you have questions or problems post again and the community can help you work out any bugs -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Technician Sent: Wednesday, March 21, 2012 8:39 AM To: 'MailScanner discussion' Subject: RE: Want to learn about Mail Scanner Hi Miguel / Payal / Everyone, I've been an observer of Mailscanner list since 2009 and I guess would be in the same boat as Payal, but have not had the guts (like Payal has :-)) to put the question. Now that it's "out" and Miguel has replied with the "Go read all about it" ... :-)..it was funny and at the same time given me my cue to at least say something. Thanks Payal / Miguel. Now as Payal has also included in his question ...".. the basic things and files one should be aware of," ... I think I too would like to know. :-) any answers to this? Should we get a hail-storm of meteos falling from the skies, in our little country, I'll know its from "mailscanner". :-) Thanks Ru > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Sampson, Aaron > Sent: Thursday, March 22, 2012 1:14 AM > To: MailScanner discussion > Subject: RE: Want to learn about Mail Scanner > > Anyone know when Julian is going to come out with a new book, since > you brought it up. The one online says it was updated in 07, there > has been a lot of version updates since then > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Miguel Koren O'Brien de > Lacy > Sent: Wednesday, March 21, 2012 7:25 AM > To: mailscanner@lists.mailscanner.info > Subject: Re: Want to learn about Mail Scanner > > Hi Payal, > > There's a book about Mail Scanner: > > See here: http://mailscanner.info/ (on the right) > > Miguel > > On 03/21/2012 07:06 AM, payalg@cdac.in wrote: > > > > Dear All, > > > > I am new to mail scanner and want to learn about how it > > works, what are the basic things and files one should be aware of, > > what are rules and filters in mail scanner, how to write your own rules? > > > > Can you please suggest me a good source for it? > > > > Thanks and Regards, > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From technician at cenpac.net.nr Wed Mar 21 14:27:32 2012 From: technician at cenpac.net.nr (Technician) Date: Wed Mar 21 14:27:58 2012 Subject: Want to learn about Mail Scanner In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A66378CAE@COMM1.p2sol.com> References: <4F69C88D.6080004@konsultex.com.br> <4ACB6FBB6E06074DA18D653BD3155A66378C3D@COMM1.p2sol.com> <000901cd0767$f5435930$dfca0b90$@net.nr> <4ACB6FBB6E06074DA18D653BD3155A66378CAE@COMM1.p2sol.com> Message-ID: <001001cd076e$c0b7cb40$422761c0$@net.nr> Hi Aaron and thanks! I hope you realise how encouraging that piece of info was. ..especially when mentioning your background before starting on MS... just hope you're not one of those graduates with 5 x extra honors on the side. Very grateful and thanks again. ...and to those to follow. Best regards to all, Ru > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Sampson, Aaron > Sent: Thursday, March 22, 2012 2:05 AM > To: MailScanner discussion > Subject: RE: Want to learn about Mail Scanner > > The nice thing about mail scanner (which I am new too as well) has > been that there are a lot of different forums, a lot of good IT people > responding to them and it is very customizable to meet your needs. My > suggestion to anyone learning MS is to do what I did which was create > a VM load your OS on it like it was a live system and down load the > programs and start to play with the different options. The configuration > file (/etc/mailscanner/mailscanner.conf) is laid out in such a way that it > provides a pretty good explanation of what each option does or will > do. I set up MS with spam assassin and Clam D. We are a small > company but have found a drastic decrease of spam and viruses > coming through (which you can choose to whether or not to notify the > end user on) before setting these up I had not even touched a Linux > box or used terminal before so don?t just read about it, be about it and > take the leap. > > Then if you have questions or problems post again and the community > can help you work out any bugs > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Technician > Sent: Wednesday, March 21, 2012 8:39 AM > To: 'MailScanner discussion' > Subject: RE: Want to learn about Mail Scanner > > Hi Miguel / Payal / Everyone, > > I've been an observer of Mailscanner list since 2009 and I guess would > be in the same boat as Payal, but have not had the guts (like Payal has > :-)) to put the question. Now that it's "out" and Miguel has replied with > the "Go read all about it" ... :-)..it was funny and at the same time given > me my cue to at least say something. Thanks Payal / Miguel. Now as > Payal has also included in his question ...".. the basic things and files one > should be aware of," ... I think I too would like to know. :-) any answers > to this? > Should we get a hail-storm of meteos falling from the skies, in our little > country, I'll know its from "mailscanner". :-) > > Thanks > > Ru > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Sampson, Aaron > > Sent: Thursday, March 22, 2012 1:14 AM > > To: MailScanner discussion > > Subject: RE: Want to learn about Mail Scanner > > > > Anyone know when Julian is going to come out with a new book, > since > > you brought it up. The one online says it was updated in 07, there > > has been a lot of version updates since then > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Miguel Koren O'Brien de > > Lacy > > Sent: Wednesday, March 21, 2012 7:25 AM > > To: mailscanner@lists.mailscanner.info > > Subject: Re: Want to learn about Mail Scanner > > > > Hi Payal, > > > > There's a book about Mail Scanner: > > > > See here: http://mailscanner.info/ (on the right) > > > > Miguel > > > > On 03/21/2012 07:06 AM, payalg@cdac.in wrote: > > > > > > Dear All, > > > > > > I am new to mail scanner and want to learn about how it > > > works, what are the basic things and files one should be aware of, > > > what are rules and filters in mail scanner, how to write your own > rules? > > > > > > Can you please suggest me a good source for it? > > > > > > Thanks and Regards, > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From campbell at cnpapers.com Wed Mar 21 15:00:12 2012 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Mar 21 14:57:52 2012 Subject: Want to learn about Mail Scanner In-Reply-To: References: Message-ID: <4F69ECFC.2060105@cnpapers.com> On 3/21/2012 6:06 AM, payalg@cdac.in wrote: > Dear All, > > I am new to mail scanner and want to learn about how it works, > what are the basic things and files one should be aware of, what are rules > and filters in mail scanner, how to write your own rules? > > Can you please suggest me a good source for it? > > Thanks and Regards, I little information about what you are trying to install this on might be a great help in getting some answers for you. Which OS are you going to be using? What smtp software are you going to be using? There's a slight difference in the config file if you're using postfix instead of sendmail. Sendmail will pretty much use the defaults out of the box. Recent versions of Centos/RH install a pretty new version of spamassassin from their repositories, so that becomes less of an issue. Clamd can be installed and updated from the rpmforge/repoforge site if you're using yum as a manager for rpms. Perhaps it works with apt and others as well. Download the zipped install file and extract it some where. You don't have to use it if you install it if you've got a way to disable it's usage (like init scripts and so on). From there, you can review the config file, and like others have already mentioned, the config file has tons of comments to describe nearly all of the options. Or maybe someone could send you the file in an email just so you could review it without installation. The best way to monitor it's results is to use something like MailWatch. It will give you a visual display of what's going on. But that's another program and list. It's not necessary to use it with MailScanner, but it sure helps analyze what's going on in real time. MailScanner is pretty easy to set up, especially if you know what you want to do with it. Spamassassin is a little more complicated, but again, it works pretty much out of the box. Tuning it to make it work better is always a plus. The main point to express is that this list helps everyone with any of the above programs. It's amazing the help I've received with sendmail on this list without being told to join the sendmail list. Go ahead and try it out. It's not permanent in any way. steve campbell From mailscanner at joolee.nl Wed Mar 21 16:07:21 2012 From: mailscanner at joolee.nl (Joolee) Date: Wed Mar 21 16:08:12 2012 Subject: Want to learn about Mail Scanner In-Reply-To: <4F69ECFC.2060105@cnpapers.com> References: <4F69ECFC.2060105@cnpapers.com> Message-ID: If you want a good tutorial to start with, I can recommend http://www.howtoforge.com/the-perfect-spamsnake-ubuntu-jeos-10.10-maverick-meerkat If your server doesn't handle much traffic, don't use the Greylist. I've run the 8.04 version of the tutorial (still using MailWatch) and the results are very good. With the knowledge I've gained by setting it all up myself, it's also possible to do a lot of debugging and modifications myself. You could also run a pre-build VM with Mailscanner but you won't know what going on in there so it's more difficult to debug and tweak. When beginning my own spamfilter project, I had minimum experience with ESVA and had only messed around a bit with Linux before. You do need to be curious by nature ofcourse, otherwise you still won't learn a thing by copy-pasting the tutorial info =P On 21 March 2012 16:00, Steve Campbell wrote: > > > On 3/21/2012 6:06 AM, payalg@cdac.in wrote: > >> Dear All, >> >> I am new to mail scanner and want to learn about how it works, >> what are the basic things and files one should be aware of, what are rules >> and filters in mail scanner, how to write your own rules? >> >> Can you please suggest me a good source for it? >> >> Thanks and Regards, >> > I little information about what you are trying to install this on might be > a great help in getting some answers for you. > > Which OS are you going to be using? > What smtp software are you going to be using? There's a slight difference > in the config file if you're using postfix instead of sendmail. Sendmail > will pretty much use the defaults out of the box. > Recent versions of Centos/RH install a pretty new version of spamassassin > from their repositories, so that becomes less of an issue. > Clamd can be installed and updated from the rpmforge/repoforge site if > you're using yum as a manager for rpms. Perhaps it works with apt and > others as well. > > Download the zipped install file and extract it some where. You don't have > to use it if you install it if you've got a way to disable it's usage (like > init scripts and so on). From there, you can review the config file, and > like others have already mentioned, the config file has tons of comments to > describe nearly all of the options. Or maybe someone could send you the > file in an email just so you could review it without installation. > > The best way to monitor it's results is to use something like MailWatch. > It will give you a visual display of what's going on. But that's another > program and list. It's not necessary to use it with MailScanner, but it > sure helps analyze what's going on in real time. > > MailScanner is pretty easy to set up, especially if you know what you want > to do with it. > > Spamassassin is a little more complicated, but again, it works pretty much > out of the box. Tuning it to make it work better is always a plus. > > The main point to express is that this list helps everyone with any of the > above programs. It's amazing the help I've received with sendmail on this > list without being told to join the sendmail list. Go ahead and try it out. > It's not permanent in any way. > > steve campbell > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.**info > http://lists.mailscanner.info/**mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/**posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120321/ba8f7fcc/attachment.html From rlopezcnm at gmail.com Wed Mar 21 17:23:57 2012 From: rlopezcnm at gmail.com (Robert Lopez) Date: Wed Mar 21 17:24:06 2012 Subject: Want to learn about Mail Scanner In-Reply-To: References: <4F69ECFC.2060105@cnpapers.com> Message-ID: Payal, I do want to state again the operating system is very important. My point is not that MailScanner will run significantly differently, but the installation and updating will be different. You need to look at the versions of updates that are available and notice different OS have support persons who have different delays in preparing update packages. If you will build your own, that that becomes a different issue. The Mail Transfer Agent(s) used is the other issue. MailScanner will get email from one. It can be set up to return it to the same one or send it to another. The same maintenance timing issues should be investigated. For example if you go to an OS depository and look at all the components you want to use, are they all updated at about the same times? I also will point out again the SpamAssassin may take more time and effort to customize and maintain than SpamAssassin. You will maintain it via MailScanner and not directly, therefore you will have to understand you can not just replicate information you may encounter if it is intended for direct manipulation of SpamAssassin. -- Robert Lopez From payalg at cdac.in Thu Mar 22 05:39:33 2012 From: payalg at cdac.in (payalg@cdac.in) Date: Thu Mar 22 05:39:52 2012 Subject: (no subject) Message-ID: Hi Everyone, I am really thankful to all you guys for replying and helping me. -- Payal Gupta Project Engineer National PARAM SuperComputing Facilities CDAC-Pune -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From payalg at cdac.in Fri Mar 23 08:44:53 2012 From: payalg at cdac.in (payalg@cdac.in) Date: Fri Mar 23 08:45:18 2012 Subject: How to merge mail scanner database into 1 Message-ID: Dear All, We are using two mail scanners and mail watch as its front end. I want to merge two mail scanners databases into one. Does anyone know the solution? Please let me know... Thanks and Regards. -- Payal Gupta Project Engineer National PARAM SuperComputing Facilities CDAC-Pune -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From pjhealy at healyville.com Fri Mar 23 13:06:48 2012 From: pjhealy at healyville.com (Patrick Healy) Date: Fri Mar 23 13:07:25 2012 Subject: Mailscanner / Postfix / Procmail Message-ID: <4F6C7568.9070903@healyville.com> Hi, I know this is going to sound like a newbie question, but I'm having a brain hiccup and can't seem to completely wrap my head around this... I'm relatively new to postfix, but I've got a MailScanner / Postfix configuration set up and working. Traditionally I would have set up a procmail rule to handle the spamscore and dump SPAM in to a folder. However, I'm seeing notes about the huge performance hit that I'll take if I enable procmail in the postfix/main.cf file. My question is this - should I be using procmail to filter the SPAM that MailScanner/Spamassassin tag? I know that MailScanner is taking things out of the HOLD queue and tagging them, then replacing them back into the incoming queue for Postfix to deal with, but I figured that MailScanner would handle the SPAM between those two steps so as not to add to Postfix's load... Any thoughts? Thanks to all! Pat From alex at vidadigital.com.pa Fri Mar 23 13:26:19 2012 From: alex at vidadigital.com.pa (Alex Neuman) Date: Fri Mar 23 13:26:29 2012 Subject: Mailscanner / Postfix / Procmail In-Reply-To: <4F6C7568.9070903@healyville.com> References: <4F6C7568.9070903@healyville.com> Message-ID: Haven't read those notes, but in my experience using .procmail to dump all spam into a Junk Mail folder is almost a requirement - otherwise SPAM keeps finding its way (albeit tagged) to people's mobile devices. It may take a bit of CPU/disk resources to do, but it saves plenty on bandwidth/user experience. On Fri, Mar 23, 2012 at 8:06 AM, Patrick Healy wrote: > Hi, > > I know this is going to sound like a newbie question, but I'm having a brain > hiccup and can't seem to completely wrap my head around this... > > I'm relatively new to postfix, but I've got a MailScanner / Postfix > configuration set up and working. ?Traditionally I would have set up a > procmail rule to handle the spamscore and dump SPAM in to a folder. > ?However, I'm seeing notes about the huge performance hit that I'll take if > I enable procmail in the postfix/main.cf file. > > My question is this - should I be using procmail to filter the SPAM that > MailScanner/Spamassassin tag? ?I know that MailScanner is taking things out > of the HOLD queue and tagging them, then replacing them back into the > incoming queue for Postfix to deal with, but I figured that MailScanner > would handle the SPAM between those two steps so as not to add to Postfix's > load... > > Any thoughts? > > Thanks to all! > > Pat > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital From maxsec at gmail.com Fri Mar 23 13:41:38 2012 From: maxsec at gmail.com (Martin Hepworth) Date: Fri Mar 23 13:41:48 2012 Subject: Mailscanner / Postfix / Procmail In-Reply-To: <4F6C7568.9070903@healyville.com> References: <4F6C7568.9070903@healyville.com> Message-ID: I tag low scoring spam I tag the subject and deliver, for high scoring spam the action I just delete it don't deliver. Now I'd suggest having the mailscanner gateway on separate machine (real or virtual) from the end user server, I've seen too many issues with mixing the two, esp when it comes to updates of the OS and applications. Plus it's better to keep the load off the user email server so it can concentrate on that job and not be affected too much by having to process all that crub email in the first place. -- Martin Hepworth Oxford, UK On 23 March 2012 13:06, Patrick Healy wrote: > Hi, > > I know this is going to sound like a newbie question, but I'm having a > brain hiccup and can't seem to completely wrap my head around this... > > I'm relatively new to postfix, but I've got a MailScanner / Postfix > configuration set up and working. Traditionally I would have set up a > procmail rule to handle the spamscore and dump SPAM in to a folder. > However, I'm seeing notes about the huge performance hit that I'll take if > I enable procmail in the postfix/main.cf file. > > My question is this - should I be using procmail to filter the SPAM that > MailScanner/Spamassassin tag? I know that MailScanner is taking things out > of the HOLD queue and tagging them, then replacing them back into the > incoming queue for Postfix to deal with, but I figured that MailScanner > would handle the SPAM between those two steps so as not to add to Postfix's > load... > > Any thoughts? > > Thanks to all! > > Pat > -- > MailScanner mailing list > mailscanner@lists.mailscanner.**info > http://lists.mailscanner.info/**mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/**posting > > Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120323/0ba0990a/attachment.html From john at tradoc.fr Fri Mar 23 14:00:26 2012 From: john at tradoc.fr (John Wilcock) Date: Fri Mar 23 14:00:42 2012 Subject: Mailscanner / Postfix / Procmail In-Reply-To: <4F6C7568.9070903@healyville.com> References: <4F6C7568.9070903@healyville.com> Message-ID: <4F6C81FA.8060206@tradoc.fr> Le 23/03/2012 14:06, Patrick Healy a ?crit : > Traditionally I would have set up a procmail rule to handle the > spamscore and dump SPAM in to a folder. However, I'm seeing notes about > the huge performance hit that I'll take if I enable procmail in the > postfix/main.cf file. > > My question is this - should I be using procmail to filter the SPAM that > MailScanner/Spamassassin tag? Firstly, the usual setup is to have MailScanner delete (or quarantine) all high-scoring spam and not deliver it to the user's mailbox, which will reduce the load on postfix and the MDA. But that still leaves the low-scoring spam messages which users don't generally want to see in their main inbox. Procmail is one solution for moving them to a folder, but there may well be other more efficient methods. I use dovecot as my MDA, for example, and have set up a global dovecot-sieve rule to move spam to a Junk folder. John. -- -- Over 5000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From alex at vidadigital.com.pa Fri Mar 23 14:13:17 2012 From: alex at vidadigital.com.pa (Alex Neuman) Date: Fri Mar 23 14:13:31 2012 Subject: Mailscanner / Postfix / Procmail In-Reply-To: References: <4F6C7568.9070903@healyville.com> Message-ID: +1 On Fri, Mar 23, 2012 at 8:41 AM, Martin Hepworth wrote: > I tag low scoring spam I tag the subject and deliver, for high scoring spam > the action I just delete it don't deliver. > > Now I'd suggest having the mailscanner gateway on separate machine (real or > virtual) from the end user server, I've seen too many issues with mixing the > two, esp when it comes to updates of the OS and applications. Plus it's > better to keep the load off the user email server so it can concentrate on > that job and not be affected too much by having to process all that crub > email in the first place. > > -- > Martin Hepworth > Oxford, UK > > > On 23 March 2012 13:06, Patrick Healy wrote: >> >> Hi, >> >> I know this is going to sound like a newbie question, but I'm having a >> brain hiccup and can't seem to completely wrap my head around this... >> >> I'm relatively new to postfix, but I've got a MailScanner / Postfix >> configuration set up and working. ?Traditionally I would have set up a >> procmail rule to handle the spamscore and dump SPAM in to a folder. >> ?However, I'm seeing notes about the huge performance hit that I'll take if >> I enable procmail in the postfix/main.cf file. >> >> My question is this - should I be using procmail to filter the SPAM that >> MailScanner/Spamassassin tag? ?I know that MailScanner is taking things out >> of the HOLD queue and tagging them, then replacing them back into the >> incoming queue for Postfix to deal with, but I figured that MailScanner >> would handle the SPAM between those two steps so as not to add to Postfix's >> load... >> >> Any thoughts? >> >> Thanks to all! >> >> Pat >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital From ka at pacific.net Fri Mar 23 15:03:25 2012 From: ka at pacific.net (Ken A) Date: Fri Mar 23 15:03:39 2012 Subject: Mailscanner / Postfix / Procmail In-Reply-To: References: <4F6C7568.9070903@healyville.com> Message-ID: <4F6C90BD.8000406@pacific.net> I've found it nice to have 2 mailscanner gateways, so that one can be offline while it's updated, and the other can keep mail flowing. MX records & SMTP handle the balancing/failover in most cases, so it's easy. You can even do this with 2 VMs if that will suffice. Ken On 3/23/2012 9:13 AM, Alex Neuman wrote: > +1 > > On Fri, Mar 23, 2012 at 8:41 AM, Martin Hepworth wrote: >> I tag low scoring spam I tag the subject and deliver, for high scoring spam >> the action I just delete it don't deliver. >> >> Now I'd suggest having the mailscanner gateway on separate machine (real or >> virtual) from the end user server, I've seen too many issues with mixing the >> two, esp when it comes to updates of the OS and applications. Plus it's >> better to keep the load off the user email server so it can concentrate on >> that job and not be affected too much by having to process all that crub >> email in the first place. >> >> -- >> Martin Hepworth >> Oxford, UK >> >> >> On 23 March 2012 13:06, Patrick Healy wrote: >>> >>> Hi, >>> >>> I know this is going to sound like a newbie question, but I'm having a >>> brain hiccup and can't seem to completely wrap my head around this... >>> >>> I'm relatively new to postfix, but I've got a MailScanner / Postfix >>> configuration set up and working. Traditionally I would have set up a >>> procmail rule to handle the spamscore and dump SPAM in to a folder. >>> However, I'm seeing notes about the huge performance hit that I'll take if >>> I enable procmail in the postfix/main.cf file. >>> >>> My question is this - should I be using procmail to filter the SPAM that >>> MailScanner/Spamassassin tag? I know that MailScanner is taking things out >>> of the HOLD queue and tagging them, then replacing them back into the >>> incoming queue for Postfix to deal with, but I figured that MailScanner >>> would handle the SPAM between those two steps so as not to add to Postfix's >>> load... >>> >>> Any thoughts? >>> >>> Thanks to all! >>> >>> Pat >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > -- Ken Anderson Pacific Internet - http://www.pacific.net Latest Pacific.Net Status - http://twitter.com/pacnetstatus From fabiodemartin at gmail.com Sat Mar 24 15:29:28 2012 From: fabiodemartin at gmail.com (Fabio De Martin) Date: Sat Mar 24 15:29:41 2012 Subject: Quarantine Taint issue Message-ID: <4F6DE858.1050306@gmail.com> Hi, I'm installing MailScanner 4.84.5-2 on CentOS 6.2 and found some trouble with quarantine. Getting "Insecure dependency in open while running with -T switch at /usr/share/perl5/File/Copy.pm line 192" Any help? Regards, Fabio De Martin ------------------------------------------------------------------------ Result of MailScanner --debug: In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 1 message. Insecure dependency in open while running with -T switch at /usr/share/perl5/File/Copy.pm line 192. Result of MailScanner -v: Running on Linux localhost.localdomain 2.6.32-220.7.1.el6.x86_64 #1 SMP Wed Mar 7 00:52:02 GMT 2012 x86_64 x86_64 x86_64 GNU/Linux This is CentOS release 6.2 (Final) This is Perl version 5.010001 (5.10.1) This is MailScanner version 4.84.5 Module versions are: 1.00 AnyDBM_File 1.30 Archive::Zip 0.23 bignum 1.11 Carp 2.02 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.124 Data::Dumper 2.27 Date::Parse 1.03 DirHandle 1.06 Fcntl 2.77 File::Basename 2.14 File::Copy 2.02 FileHandle 2.08 File::Path 0.22 File::Temp 0.92 Filesys::Df 3.64 HTML::Entities 3.64 HTML::Parser 3.57 HTML::TokeParser 1.25 IO 1.14 IO::File 1.13 IO::Pipe 2.04 Mail::Header 1.89 Math::BigInt 0.22 Math::BigRat 3.08 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.08 MIME::QuotedPrint 5.427 MIME::Tools 0.14 Net::CIDR 1.25 Net::IP 0.19 OLE::Storage_Lite 1.04 Pod::Escapes 3.13 Pod::Simple 1.17 POSIX 1.21 Scalar::Util 1.82 Socket 2.20 Storable 1.4 Sys::Hostname::Long 0.27 Sys::Syslog 1.40 Test::Pod 0.92 Test::Simple 1.9721 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.58 Archive::Tar 0.23 bignum 2.05 Business::ISBN 20081208 Business::ISBN::Data 1.15 Data::Dump 1.82 DB_File 1.27 DBD::SQLite 1.609 DBI 1.16 Digest 1.01 Digest::HMAC 2.39 Digest::MD5 2.12 Digest::SHA1 1.01 Encode::Detect 0.17015 Error 0.27 ExtUtils::CBuilder 2.2203 ExtUtils::ParseXS 2.38 Getopt::Long 0.46 Inline 1.08 IO::String 1.09 IO::Zlib 2.27 IP::Country 0.29 Mail::ClamAV 3.003002 Mail::SpamAssassin v2.007 Mail::SPF missing Mail::SPF::Query 0.35 Module::Build 0.21 Net::CIDR::Lite 0.65 Net::DNS v0.003 Net::DNS::Resolver::Programmable missing Net::LDAP 4.027 NetAddr::IP 1.965001 Parse::RecDescent missing SAVI 3.17 Test::Harness 1.22 Test::Manifest 2.0.0 Text::Balanced 1.40 URI 0.77 version 0.70 YAML Quarantine configuration on MailScanner.conf: Run As User = postfix Run As Group = mail Quarantine Dir = /var/spool/MailScanner/quarantine Quarantine User = postfix Quarantine Group = mail Quarantine Permissions = 0660 Quarantine Infections = yes Quarantine Silent Viruses = yes Quarantine Modified Body = no Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = yes -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120324/3eae49bb/attachment.html From maxsec at gmail.com Sat Mar 24 16:04:50 2012 From: maxsec at gmail.com (Martin Hepworth) Date: Sat Mar 24 16:04:58 2012 Subject: Quarantine Taint issue In-Reply-To: <4F6DE858.1050306@gmail.com> References: <4F6DE858.1050306@gmail.com> Message-ID: Make sure you are running with the -U flag onthe mailscanner executable Martin On Saturday, 24 March 2012, Fabio De Martin wrote: > Hi, > > I'm installing MailScanner 4.84.5-2 on CentOS 6.2 and found some trouble with quarantine. > Getting "Insecure dependency in open while running with -T switch at /usr/share/perl5/File/Copy.pm line 192" > > Any help? > > Regards, > > Fabio De Martin > > ________________________________ > > Result of MailScanner --debug: > > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > Have a batch of 1 message. > Insecure dependency in open while running with -T switch at /usr/share/perl5/File/Copy.pm line 192. > > Result of MailScanner -v: > > Running on > Linux localhost.localdomain 2.6.32-220.7.1.el6.x86_64 #1 SMP Wed Mar 7 00:52:02 GMT 2012 x86_64 x86_64 x86_64 GNU/Linux > This is CentOS release 6.2 (Final) > This is Perl version 5.010001 (5.10.1) > > This is MailScanner version 4.84.5 > Module versions are: > 1.00 AnyDBM_File > 1.30 Archive::Zip > 0.23 bignum > 1.11 Carp > 2.02 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.124 Data::Dumper > 2.27 Date::Parse > 1.03 DirHandle > 1.06 Fcntl > 2.77 File::Basename > 2.14 File::Copy > 2.02 FileHandle > 2.08 File::Path > 0.22 File::Temp > 0.92 Filesys::Df > 3.64 HTML::Entities > 3.64 HTML::Parser > 3.57 HTML::TokeParser > 1.25 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.04 Mail::Header > 1.89 Math::BigInt > 0.22 Math::BigRat > 3.08 MIME::Base64 > 5.427 MIME::Decoder > 5.427 MIME::Decoder::UU > 5.427 MIME::Head > 5.427 MIME::Parser > 3.08 MIME::QuotedPrint > 5.427 MIME::Tools > 0.14 Net::CIDR > 1.25 Net::IP > 0.19 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.13 Pod::Simple > 1.17 POSIX > 1.21 Scalar::Util > 1.82 Socket > 2.20 Storable > 1.4 Sys::Hostname::Long > 0.27 Sys::Syslog > 1.40 Test::Pod > 0.92 Test::Simple > 1.9721 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.58 Archive::Tar > 0.23 bignum > 2.05 Business::ISBN > 20081208 Business::ISBN::Data > 1.15 Data::Dump > 1.82 DB_File > 1.27 DBD::SQLite > 1.609 DBI > 1.16 Digest > 1.01 Digest::HMAC > 2.39 Digest::MD5 > 2.12 Digest::SHA1 > 1.01 Encode::Detect > 0.17015 Error > 0.27 ExtUtils::CBuilder > 2.2203 ExtUtils::ParseXS > 2.38 Getopt::Long > 0.46 Inline > 1.08 IO::String > 1.09 IO::Zlib > 2.27 IP::Country > 0.29 Mail::ClamAV > 3.003002 Mail::SpamAssassin > v2.007 Mail::SPF > missing Mail::SPF::Query > 0.35 Module::Build > 0.21 Net::CIDR::Lite > 0.65 Net::DNS > v0.003 Net::DNS::Resolver::Programmable > missing Net::LDAP > 4.027 NetAddr::IP > 1.965001 Parse::RecDescent > missing SAVI > 3.17 Test::Harness > 1.22 Test::Manifest > 2.0.0 Text::Balanced > 1.40 URI > 0.77 version > 0.70 YAML > > Quarantine configuration on MailScanner.conf: > Run As User = postfix > Run As Group = mail > Quarantine Dir = /var/spool/MailScanner/quarantine > Quarantine User = postfix > Quarantine Group = mail > Quarantine Permissions = 0660 > Quarantine Infections = yes > Quarantine Silent Viruses = yes > Quarantine Modified Body = no > Quarantine Whole Message = yes > Quarantine Whole Messages As Queue Files = yes > > > > -- -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120324/7ef12837/attachment.html From Jeff.Mills at sydneytech.com.au Sun Mar 25 22:48:35 2012 From: Jeff.Mills at sydneytech.com.au (Jeff Mills) Date: Sun Mar 25 22:50:55 2012 Subject: How to merge mail scanner database into 1 In-Reply-To: References: Message-ID: <5CC818E72EFF6C4CB0D4DFEF1C4E6CD5011FD6BBF84F@SERVER01.sts.local> I use mysql master/master replication. ----------------------------- Jeff Mills Sydney Technology Solutions Pty Ltd Unit F10, 101 Rookwood Road Yagoona, New South Wales 2199 Phone: 02 8212 4722 Email: Jeff.Mills@sydneytech.com.au Web : www.sydneytech.com.au Living our values, achieving success Sydney Technology Solutions' operating philosophy is based on honesty, enthusiasm, respect, ownership, excellence and service. These values guide the way we manage our business and the way we service yours. P Please consider the environment before printing this email Disclaimer: Sydney Technology Solutions accepts no liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided, unless that information is subsequently confirmed in writing. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. ----------------------------- -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of payalg@cdac.in Sent: Friday, 23 March 2012 7:45 PM To: MailScanner discussion Subject: How to merge mail scanner database into 1 Dear All, We are using two mail scanners and mail watch as its front end. I want to merge two mail scanners databases into one. Does anyone know the solution? Please let me know... Thanks and Regards. -- Payal Gupta Project Engineer National PARAM SuperComputing Facilities CDAC-Pune -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This email has been scanned for viruses and dangerous content by Sydney Technology Solutions MailMaster Email Protection Services. For more information please visit http://www.sydneytech.com.au :Scanned by MailMaster3: From fabiodemartin at gmail.com Mon Mar 26 15:52:01 2012 From: fabiodemartin at gmail.com (Fabio De Martin) Date: Mon Mar 26 15:52:15 2012 Subject: Quarantine Taint issue Message-ID: <4F708291.6050003@gmail.com> Hi, As per Martin Hepworth request, I tried to run with -U flag on the mailscanner executable but it does not work. Just more taint errors... Please see MailScanner --debug result with -U flag: In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 1 message. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 2. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Stopping now as you are debugging me. Regards, Fabio De Martin ------------------------------------------------------------------------ Hi, I'm installing MailScanner 4.84.5-2 on CentOS 6.2 and found some trouble with quarantine. Getting "Insecure dependency in open while running with -T switch at /usr/share/perl5/File/Copy.pm line 192" Any help? Regards, Fabio De Martin ------------------------------------------------------------------------ Result of MailScanner --debug: In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 1 message. Insecure dependency in open while running with -T switch at /usr/share/perl5/File/Copy.pm line 192. Result of MailScanner -v: Running on Linux localhost.localdomain 2.6.32-220.7.1.el6.x86_64 #1 SMP Wed Mar 7 00:52:02 GMT 2012 x86_64 x86_64 x86_64 GNU/Linux This is CentOS release 6.2 (Final) This is Perl version 5.010001 (5.10.1) This is MailScanner version 4.84.5 Module versions are: 1.00 AnyDBM_File 1.30 Archive::Zip 0.23 bignum 1.11 Carp 2.02 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.124 Data::Dumper 2.27 Date::Parse 1.03 DirHandle 1.06 Fcntl 2.77 File::Basename 2.14 File::Copy 2.02 FileHandle 2.08 File::Path 0.22 File::Temp 0.92 Filesys::Df 3.64 HTML::Entities 3.64 HTML::Parser 3.57 HTML::TokeParser 1.25 IO 1.14 IO::File 1.13 IO::Pipe 2.04 Mail::Header 1.89 Math::BigInt 0.22 Math::BigRat 3.08 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.08 MIME::QuotedPrint 5.427 MIME::Tools 0.14 Net::CIDR 1.25 Net::IP 0.19 OLE::Storage_Lite 1.04 Pod::Escapes 3.13 Pod::Simple 1.17 POSIX 1.21 Scalar::Util 1.82 Socket 2.20 Storable 1.4 Sys::Hostname::Long 0.27 Sys::Syslog 1.40 Test::Pod 0.92 Test::Simple 1.9721 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.58 Archive::Tar 0.23 bignum 2.05 Business::ISBN 20081208 Business::ISBN::Data 1.15 Data::Dump 1.82 DB_File 1.27 DBD::SQLite 1.609 DBI 1.16 Digest 1.01 Digest::HMAC 2.39 Digest::MD5 2.12 Digest::SHA1 1.01 Encode::Detect 0.17015 Error 0.27 ExtUtils::CBuilder 2.2203 ExtUtils::ParseXS 2.38 Getopt::Long 0.46 Inline 1.08 IO::String 1.09 IO::Zlib 2.27 IP::Country 0.29 Mail::ClamAV 3.003002 Mail::SpamAssassin v2.007 Mail::SPF missing Mail::SPF::Query 0.35 Module::Build 0.21 Net::CIDR::Lite 0.65 Net::DNS v0.003 Net::DNS::Resolver::Programmable missing Net::LDAP 4.027 NetAddr::IP 1.965001 Parse::RecDescent missing SAVI 3.17 Test::Harness 1.22 Test::Manifest 2.0.0 Text::Balanced 1.40 URI 0.77 version 0.70 YAML Quarantine configuration on MailScanner.conf: Run As User = postfix Run As Group = mail Quarantine Dir = /var/spool/MailScanner/quarantine Quarantine User = postfix Quarantine Group = mail Quarantine Permissions = 0660 Quarantine Infections = yes Quarantine Silent Viruses = yes Quarantine Modified Body = no Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = yes -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120326/6abb9a45/attachment.html From Sampson at p2sol.com Mon Mar 26 16:02:26 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Mon Mar 26 16:02:38 2012 Subject: Quarantine Taint issue In-Reply-To: <4F708291.6050003@gmail.com> References: <4F708291.6050003@gmail.com> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A6637A6A9@COMM1.p2sol.com> Just to make sure that we are all on the same page this is part of the documentation that I have listed on what I changed to fix that same error. This worked for me to fix the problem. So are you sure you made the same change? Change configuration in /usr/sbin/MailScanner and add the ?U to the end of the line of code. This causes a fatal Taint error which prevents MailScanner from placing e-mails into the quarantine folders that it creates. Adding the ?U will change the fatal error to just a warning and e-mails will be placed into quarantine. #!/usr/bin/perl -I/usr/lib/MailScanner -U From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Fabio De Martin Sent: Monday, March 26, 2012 9:52 AM To: mailscanner@lists.mailscanner.info Subject: Re: Quarantine Taint issue Hi, As per Martin Hepworth request, I tried to run with -U flag on the mailscanner executable but it does not work. Just more taint errors... Please see MailScanner --debug result with -U flag: In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 1 message. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 2. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Stopping now as you are debugging me. Regards, Fabio De Martin ________________________________ Hi, I'm installing MailScanner 4.84.5-2 on CentOS 6.2 and found some trouble with quarantine. Getting "Insecure dependency in open while running with -T switch at /usr/share/perl5/File/Copy.pm line 192" Any help? Regards, Fabio De Martin ________________________________ Result of MailScanner --debug: In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 1 message. Insecure dependency in open while running with -T switch at /usr/share/perl5/File/Copy.pm line 192. Result of MailScanner -v: Running on Linux localhost.localdomain 2.6.32-220.7.1.el6.x86_64 #1 SMP Wed Mar 7 00:52:02 GMT 2012 x86_64 x86_64 x86_64 GNU/Linux This is CentOS release 6.2 (Final) This is Perl version 5.010001 (5.10.1) This is MailScanner version 4.84.5 Module versions are: 1.00 AnyDBM_File 1.30 Archive::Zip 0.23 bignum 1.11 Carp 2.02 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.124 Data::Dumper 2.27 Date::Parse 1.03 DirHandle 1.06 Fcntl 2.77 File::Basename 2.14 File::Copy 2.02 FileHandle 2.08 File::Path 0.22 File::Temp 0.92 Filesys::Df 3.64 HTML::Entities 3.64 HTML::Parser 3.57 HTML::TokeParser 1.25 IO 1.14 IO::File 1.13 IO::Pipe 2.04 Mail::Header 1.89 Math::BigInt 0.22 Math::BigRat 3.08 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.08 MIME::QuotedPrint 5.427 MIME::Tools 0.14 Net::CIDR 1.25 Net::IP 0.19 OLE::Storage_Lite 1.04 Pod::Escapes 3.13 Pod::Simple 1.17 POSIX 1.21 Scalar::Util 1.82 Socket 2.20 Storable 1.4 Sys::Hostname::Long 0.27 Sys::Syslog 1.40 Test::Pod 0.92 Test::Simple 1.9721 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.58 Archive::Tar 0.23 bignum 2.05 Business::ISBN 20081208 Business::ISBN::Data 1.15 Data::Dump 1.82 DB_File 1.27 DBD::SQLite 1.609 DBI 1.16 Digest 1.01 Digest::HMAC 2.39 Digest::MD5 2.12 Digest::SHA1 1.01 Encode::Detect 0.17015 Error 0.27 ExtUtils::CBuilder 2.2203 ExtUtils::ParseXS 2.38 Getopt::Long 0.46 Inline 1.08 IO::String 1.09 IO::Zlib 2.27 IP::Country 0.29 Mail::ClamAV 3.003002 Mail::SpamAssassin v2.007 Mail::SPF missing Mail::SPF::Query 0.35 Module::Build 0.21 Net::CIDR::Lite 0.65 Net::DNS v0.003 Net::DNS::Resolver::Programmable missing Net::LDAP 4.027 NetAddr::IP 1.965001 Parse::RecDescent missing SAVI 3.17 Test::Harness 1.22 Test::Manifest 2.0.0 Text::Balanced 1.40 URI 0.77 version 0.70 YAML Quarantine configuration on MailScanner.conf: Run As User = postfix Run As Group = mail Quarantine Dir = /var/spool/MailScanner/quarantine Quarantine User = postfix Quarantine Group = mail Quarantine Permissions = 0660 Quarantine Infections = yes Quarantine Silent Viruses = yes Quarantine Modified Body = no Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = yes -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120326/aee91d5a/attachment.html From fabiodemartin at gmail.com Mon Mar 26 16:26:16 2012 From: fabiodemartin at gmail.com (Fabio De Martin) Date: Mon Mar 26 16:26:30 2012 Subject: Quarantine Taint issue In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A6637A6A9@COMM1.p2sol.com> References: <4F708291.6050003@gmail.com> <4ACB6FBB6E06074DA18D653BD3155A6637A6A9@COMM1.p2sol.com> Message-ID: <4F708A98.7090205@gmail.com> Thanks, Works with -U flag. Do you believe it will be fixed on future releases? Regards, Fabio De Martin On 3/26/12 12:02 PM, Sampson, Aaron wrote: > > Just to make sure that we are all on the same page this is part of the > documentation that I have listed on what I changed to fix that same > error. This worked for me to fix the problem. So are you sure you > made the same change? > > Change configuration in /usr/sbin/MailScanner and add the *?_U_* to > the end of the line of code. This causes a fatal Taint error which > prevents MailScanner from placing e-mails into the quarantine folders > that it creates. Adding the ?U will change the fatal error to just a > warning and e-mails will be placed into quarantine. > > #!/usr/bin/perl -I/usr/lib/MailScanner *_-U_* > > *From:*mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Fabio De Martin > *Sent:* Monday, March 26, 2012 9:52 AM > *To:* mailscanner@lists.mailscanner.info > *Subject:* Re: Quarantine Taint issue > > Hi, > > As per Martin Hepworth request, I tried to run with -U flag on the > mailscanner executable but it does not work. Just more taint errors... > Please see MailScanner --debug result with -U flag: > > > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > Have a batch of 1 message. > Insecure dependency in open while running with -T switch at > /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 2. > Insecure dependency in open while running with -T switch at > /usr/lib64/perl5/IO/File.pm line 185. > Stopping now as you are debugging me. > > Regards, > > Fabio De Martin > > ------------------------------------------------------------------------ > > > Hi, > > I'm installing MailScanner 4.84.5-2 on CentOS 6.2 and found some > trouble with quarantine. > Getting "Insecure dependency in open while running with -T switch at > /usr/share/perl5/File/Copy.pm line 192" > > Any help? > > Regards, > > Fabio De Martin > > ------------------------------------------------------------------------ > > > > Result of MailScanner --debug: > > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > Have a batch of 1 message. > Insecure dependency in open while running with -T switch at > /usr/share/perl5/File/Copy.pm line 192. > > Result of MailScanner -v: > > Running on > Linux localhost.localdomain 2.6.32-220.7.1.el6.x86_64 #1 SMP Wed Mar 7 > 00:52:02 GMT 2012 x86_64 x86_64 x86_64 GNU/Linux > This is CentOS release 6.2 (Final) > This is Perl version 5.010001 (5.10.1) > > This is MailScanner version 4.84.5 > Module versions are: > 1.00 AnyDBM_File > 1.30 Archive::Zip > 0.23 bignum > 1.11 Carp > 2.02 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.124 Data::Dumper > 2.27 Date::Parse > 1.03 DirHandle > 1.06 Fcntl > 2.77 File::Basename > 2.14 File::Copy > 2.02 FileHandle > 2.08 File::Path > 0.22 File::Temp > 0.92 Filesys::Df > 3.64 HTML::Entities > 3.64 HTML::Parser > 3.57 HTML::TokeParser > 1.25 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.04 Mail::Header > 1.89 Math::BigInt > 0.22 Math::BigRat > 3.08 MIME::Base64 > 5.427 MIME::Decoder > 5.427 MIME::Decoder::UU > 5.427 MIME::Head > 5.427 MIME::Parser > 3.08 MIME::QuotedPrint > 5.427 MIME::Tools > 0.14 Net::CIDR > 1.25 Net::IP > 0.19 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.13 Pod::Simple > 1.17 POSIX > 1.21 Scalar::Util > 1.82 Socket > 2.20 Storable > 1.4 Sys::Hostname::Long > 0.27 Sys::Syslog > 1.40 Test::Pod > 0.92 Test::Simple > 1.9721 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.58 Archive::Tar > 0.23 bignum > 2.05 Business::ISBN > 20081208 Business::ISBN::Data > 1.15 Data::Dump > 1.82 DB_File > 1.27 DBD::SQLite > 1.609 DBI > 1.16 Digest > 1.01 Digest::HMAC > 2.39 Digest::MD5 > 2.12 Digest::SHA1 > 1.01 Encode::Detect > 0.17015 Error > 0.27 ExtUtils::CBuilder > 2.2203 ExtUtils::ParseXS > 2.38 Getopt::Long > 0.46 Inline > 1.08 IO::String > 1.09 IO::Zlib > 2.27 IP::Country > 0.29 Mail::ClamAV > 3.003002 Mail::SpamAssassin > v2.007 Mail::SPF > missing Mail::SPF::Query > 0.35 Module::Build > 0.21 Net::CIDR::Lite > 0.65 Net::DNS > v0.003 Net::DNS::Resolver::Programmable > missing Net::LDAP > 4.027 NetAddr::IP > 1.965001 Parse::RecDescent > missing SAVI > 3.17 Test::Harness > 1.22 Test::Manifest > 2.0.0 Text::Balanced > 1.40 URI > 0.77 version > 0.70 YAML > > Quarantine configuration on MailScanner.conf: > Run As User = postfix > Run As Group = mail > Quarantine Dir = /var/spool/MailScanner/quarantine > Quarantine User = postfix > Quarantine Group = mail > Quarantine Permissions = 0660 > Quarantine Infections = yes > Quarantine Silent Viruses = yes > Quarantine Modified Body = no > Quarantine Whole Message = yes > Quarantine Whole Messages As Queue Files = yes > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120326/c494963b/attachment.html From tomb.stoney at gmail.com Wed Mar 28 11:38:26 2012 From: tomb.stoney at gmail.com (=?ISO-8859-2?Q?Tom=E1=B9_Kurinec?=) Date: Wed Mar 28 11:38:36 2012 Subject: What tables to create for using SQL capability of MailScanner conf. Message-ID: Hi all, I'm trying to use mailscanner sql configuration capabilities mainly for custom rulesets and spamassassin, but I can't find out how should the tables looks like. Could you be so kind and provide me SQL like this: CREATE TABLE mailscanner_config ( id int(11) NOT NULL auto_increment, hostname varchar(100) NOT NULL, value varchar(100) NOT NULL, external varchar(100) NOT NULL, options varchar(100) NOT NULL, PRIMARY KEY (id) ) ENGINE=MyISAM I don't know if this is a good table for such a purpose, but you probably get the idea. Thank you very much! Tom From Sampson at p2sol.com Wed Mar 28 16:07:28 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Wed Mar 28 16:07:44 2012 Subject: Rejected email redirect Message-ID: <4ACB6FBB6E06074DA18D653BD3155A6637AF8E@COMM1.p2sol.com> So my company is starting to deal with a lot of smaller companies and I am running into an issue of e-mails being rejected due to the HELO command coming back incorrect from the incoming e-mail. I know this is a simple fix and we have fixed this issue for several companies but that is time consuming, and will become impossible as business grows. Is there a way to for Mail Scanner to take the rejected e-mails and place them in a folder like quarantine or even the quarantined folder? If I change the reject message to a rule set how would I set up the rule to say (any rejected e-mail place in FOLDER...) using MS 4.84.5, with clamd, spamassassin on CENTOS 6.2 in case you need this as well. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120328/25222ffb/attachment.html From jeremy at fluxlabs.net Wed Mar 28 16:18:08 2012 From: jeremy at fluxlabs.net (Jeremy McSpadden) Date: Wed Mar 28 16:18:24 2012 Subject: Rejected email redirect In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A6637AF8E@COMM1.p2sol.com> References: <4ACB6FBB6E06074DA18D653BD3155A6637AF8E@COMM1.p2sol.com> Message-ID: Where is it being blocked? Usually your MTA would handle that. If they don't comply with the rules, the bounced messages should be enough for their admins to fix the issue. I wouldn't see it as your responsibility to fix other companies errors. We simply block all non compliant servers. Eventually they'll get them fixed. -- Jeremy McSpadden On Mar 28, 2012, at 10:09 AM, "Sampson, Aaron" > wrote: So my company is starting to deal with a lot of smaller companies and I am running into an issue of e-mails being rejected due to the HELO command coming back incorrect from the incoming e-mail. I know this is a simple fix and we have fixed this issue for several companies but that is time consuming, and will become impossible as business grows. Is there a way to for Mail Scanner to take the rejected e-mails and place them in a folder like quarantine or even the quarantined folder? If I change the reject message to a rule set how would I set up the rule to say (any rejected e-mail place in FOLDER?) using MS 4.84.5, with clamd, spamassassin on CENTOS 6.2 in case you need this as well. Thanks -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120328/d7cb8025/attachment.html From Sampson at p2sol.com Wed Mar 28 16:41:08 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Wed Mar 28 16:41:26 2012 Subject: Rejected email redirect In-Reply-To: References: <4ACB6FBB6E06074DA18D653BD3155A6637AF8E@COMM1.p2sol.com> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A6637B3D7@COMM1.p2sol.com> Granted that is a good point, problem is that our guys have gone through a lot to get these companies to send us data, that with out it the business starts to fail. SO that being said kind of can't take the approach of they will eventually fix it. And yes the MTA is currently dealing with it but I am wondering if I comment out that option and allow the message to go through will MS be able to take that message and out it into quarantine From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeremy McSpadden Sent: Wednesday, March 28, 2012 10:18 AM To: MailScanner discussion Cc: mailscanner@lists.mailscanner.info Subject: Re: Rejected email redirect Where is it being blocked? Usually your MTA would handle that. If they don't comply with the rules, the bounced messages should be enough for their admins to fix the issue. I wouldn't see it as your responsibility to fix other companies errors. We simply block all non compliant servers. Eventually they'll get them fixed. -- Jeremy McSpadden On Mar 28, 2012, at 10:09 AM, "Sampson, Aaron" > wrote: So my company is starting to deal with a lot of smaller companies and I am running into an issue of e-mails being rejected due to the HELO command coming back incorrect from the incoming e-mail. I know this is a simple fix and we have fixed this issue for several companies but that is time consuming, and will become impossible as business grows. Is there a way to for Mail Scanner to take the rejected e-mails and place them in a folder like quarantine or even the quarantined folder? If I change the reject message to a rule set how would I set up the rule to say (any rejected e-mail place in FOLDER...) using MS 4.84.5, with clamd, spamassassin on CENTOS 6.2 in case you need this as well. Thanks -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120328/c4443554/attachment.html From jeremy at fluxlabs.net Wed Mar 28 16:43:12 2012 From: jeremy at fluxlabs.net (Jeremy McSpadden) Date: Wed Mar 28 16:43:27 2012 Subject: Rejected email redirect In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A6637B3D7@COMM1.p2sol.com> References: <4ACB6FBB6E06074DA18D653BD3155A6637AF8E@COMM1.p2sol.com> , <4ACB6FBB6E06074DA18D653BD3155A6637B3D7@COMM1.p2sol.com> Message-ID: <59E172B0-4A7D-435D-9995-3F39E46E7870@fluxlabs.net> I'd be afraid your opening the door to ALOT of spam. -- Jeremy McSpadden On Mar 28, 2012, at 10:41 AM, "Sampson, Aaron" > wrote: Granted that is a good point, problem is that our guys have gone through a lot to get these companies to send us data, that with out it the business starts to fail. SO that being said kind of can?t take the approach of they will eventually fix it. And yes the MTA is currently dealing with it but I am wondering if I comment out that option and allow the message to go through will MS be able to take that message and out it into quarantine From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeremy McSpadden Sent: Wednesday, March 28, 2012 10:18 AM To: MailScanner discussion Cc: mailscanner@lists.mailscanner.info Subject: Re: Rejected email redirect Where is it being blocked? Usually your MTA would handle that. If they don't comply with the rules, the bounced messages should be enough for their admins to fix the issue. I wouldn't see it as your responsibility to fix other companies errors. We simply block all non compliant servers. Eventually they'll get them fixed. -- Jeremy McSpadden On Mar 28, 2012, at 10:09 AM, "Sampson, Aaron" > wrote: So my company is starting to deal with a lot of smaller companies and I am running into an issue of e-mails being rejected due to the HELO command coming back incorrect from the incoming e-mail. I know this is a simple fix and we have fixed this issue for several companies but that is time consuming, and will become impossible as business grows. Is there a way to for Mail Scanner to take the rejected e-mails and place them in a folder like quarantine or even the quarantined folder? If I change the reject message to a rule set how would I set up the rule to say (any rejected e-mail place in FOLDER?) using MS 4.84.5, with clamd, spamassassin on CENTOS 6.2 in case you need this as well. Thanks -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120328/38752fd0/attachment.html From ka at pacific.net Wed Mar 28 16:59:51 2012 From: ka at pacific.net (Ken A) Date: Wed Mar 28 17:00:17 2012 Subject: Rejected email redirect In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A6637AF8E@COMM1.p2sol.com> References: <4ACB6FBB6E06074DA18D653BD3155A6637AF8E@COMM1.p2sol.com> Message-ID: <4F733577.1090709@pacific.net> SA already has a lot of HELO rules, due to all the spam from bots, and the lack of decent HELO checks in MTAs by default. Use score actions in MailScanner.conf to put spam in quarantine or tag/deliver or whatever. Quarantine here is MTA quarantine, not an IMAP folder named "quarantine". If you want them in specific IMAP folders, you'll need to use your LDA + sieve, procmail, or similar to match something in the headers - like the X-MailScanner-SpamCheck header with "HELO_" Ken On 3/28/2012 10:07 AM, Sampson, Aaron wrote: > So my company is starting to deal with a lot of smaller companies and > I am running into an issue of e-mails being rejected due to the HELO > command coming back incorrect from the incoming e-mail. I know this > is a simple fix and we have fixed this issue for several companies > but that is time consuming, and will become impossible as business > grows. Is there a way to for Mail Scanner to take the rejected > e-mails and place them in a folder like quarantine or even the > quarantined folder? If I change the reject message to a rule set how > would I set up the rule to say (any rejected e-mail place in > FOLDER...) using MS 4.84.5, with clamd, spamassassin on CENTOS 6.2 > in case you need this as well. Thanks > > > > > > > -- Ken Anderson Pacific Internet - http://www.pacific.net Latest Pacific.Net Status - http://twitter.com/pacnetstatus From Sampson at p2sol.com Wed Mar 28 17:02:22 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Wed Mar 28 17:02:33 2012 Subject: Rejected email redirect In-Reply-To: <59E172B0-4A7D-435D-9995-3F39E46E7870@fluxlabs.net> References: <4ACB6FBB6E06074DA18D653BD3155A6637AF8E@COMM1.p2sol.com> , <4ACB6FBB6E06074DA18D653BD3155A6637B3D7@COMM1.p2sol.com> <59E172B0-4A7D-435D-9995-3F39E46E7870@fluxlabs.net> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A6637B428@COMM1.p2sol.com> Just to clairify We have been using the: smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, <-- this is the only one we are thinking about changing permit but that has been my main concern is that turning this off opens the door to a lot of spam, which also means I will have to hear about it from the users. From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeremy McSpadden Sent: Wednesday, March 28, 2012 10:43 AM To: MailScanner discussion Cc: MailScanner discussion Subject: Re: Rejected email redirect I'd be afraid your opening the door to ALOT of spam. -- Jeremy McSpadden On Mar 28, 2012, at 10:41 AM, "Sampson, Aaron" > wrote: Granted that is a good point, problem is that our guys have gone through a lot to get these companies to send us data, that with out it the business starts to fail. SO that being said kind of can't take the approach of they will eventually fix it. And yes the MTA is currently dealing with it but I am wondering if I comment out that option and allow the message to go through will MS be able to take that message and out it into quarantine From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeremy McSpadden Sent: Wednesday, March 28, 2012 10:18 AM To: MailScanner discussion Cc: mailscanner@lists.mailscanner.info Subject: Re: Rejected email redirect Where is it being blocked? Usually your MTA would handle that. If they don't comply with the rules, the bounced messages should be enough for their admins to fix the issue. I wouldn't see it as your responsibility to fix other companies errors. We simply block all non compliant servers. Eventually they'll get them fixed. -- Jeremy McSpadden On Mar 28, 2012, at 10:09 AM, "Sampson, Aaron" > wrote: So my company is starting to deal with a lot of smaller companies and I am running into an issue of e-mails being rejected due to the HELO command coming back incorrect from the incoming e-mail. I know this is a simple fix and we have fixed this issue for several companies but that is time consuming, and will become impossible as business grows. Is there a way to for Mail Scanner to take the rejected e-mails and place them in a folder like quarantine or even the quarantined folder? If I change the reject message to a rule set how would I set up the rule to say (any rejected e-mail place in FOLDER...) using MS 4.84.5, with clamd, spamassassin on CENTOS 6.2 in case you need this as well. Thanks -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120328/336fe510/attachment.html From iveymr at gmail.com Wed Mar 28 17:19:37 2012 From: iveymr at gmail.com (Ryan Ivey) Date: Wed Mar 28 17:19:47 2012 Subject: Rejected email redirect In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A6637B428@COMM1.p2sol.com> References: <4ACB6FBB6E06074DA18D653BD3155A6637AF8E@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A6637B3D7@COMM1.p2sol.com> <59E172B0-4A7D-435D-9995-3F39E46E7870@fluxlabs.net> <4ACB6FBB6E06074DA18D653BD3155A6637B428@COMM1.p2sol.com> Message-ID: On Wed, Mar 28, 2012 at 12:02 PM, Sampson, Aaron wrote: > Just to clairify**** > > ** ** > > We have been using the:**** > > smtpd_helo_restrictions = > permit_mynetworks, > reject_non_fqdn_helo_hostname, > reject_invalid_helo_hostname,**** > > reject_unknown_helo_hostname, ? this is the only one we are thinking > about changing > permit > > **** > > but that has been my main concern is that turning this off opens the door > to a lot of spam, which also means I will have to hear about it from the > users.**** > > > No need to turn it off. Just add smtpd_helo_restrictions = permit_mynetworks, *check_client_access hash:/etc/postfix/client_**whitelist *, ... Inside /etc/postfix/client_whitelist, put the IP Addresses (one on each line) of the new acquisitions with OK beside each. I'm assuming those smaller companies have dedicated IP's they're coming from which could be determined through the merger/acquisition discussions. > but I am wondering if I comment out that option and allow the message to > go through will MS be able to take that message and out it into quarantine > > If you really want to move them to quarantine, then create a spamassassin rule based on the header finding those IP Addresses and add a score high enough so it winds up as High Scoring Spam. Seems redundant (and resource intensive) to allow them only in to then block them again. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120328/566b5adf/attachment.html From Sampson at p2sol.com Wed Mar 28 18:59:40 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Wed Mar 28 19:00:01 2012 Subject: Rejected email redirect In-Reply-To: References: <4ACB6FBB6E06074DA18D653BD3155A6637AF8E@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A6637B3D7@COMM1.p2sol.com> <59E172B0-4A7D-435D-9995-3F39E46E7870@fluxlabs.net> <4ACB6FBB6E06074DA18D653BD3155A6637B428@COMM1.p2sol.com> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A6637B4DE@COMM1.p2sol.com> No way to know for sure if they are using dedicated IP's or not but good idea. Plus there will be a lot of smaller (mom & pop) companies/stores that I think that asking them if they are using a dedicated IP will just make them look at us funny and ask what lang we are speaking. From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ryan Ivey Sent: Wednesday, March 28, 2012 11:20 AM To: MailScanner discussion Subject: Re: Rejected email redirect On Wed, Mar 28, 2012 at 12:02 PM, Sampson, Aaron > wrote: Just to clairify We have been using the: smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, <-- this is the only one we are thinking about changing permit but that has been my main concern is that turning this off opens the door to a lot of spam, which also means I will have to hear about it from the users. No need to turn it off. Just add smtpd_helo_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/client_whitelist, ... Inside /etc/postfix/client_whitelist, put the IP Addresses (one on each line) of the new acquisitions with OK beside each. I'm assuming those smaller companies have dedicated IP's they're coming from which could be determined through the merger/acquisition discussions. but I am wondering if I comment out that option and allow the message to go through will MS be able to take that message and out it into quarantine If you really want to move them to quarantine, then create a spamassassin rule based on the header finding those IP Addresses and add a score high enough so it winds up as High Scoring Spam. Seems redundant (and resource intensive) to allow them only in to then block them again. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120328/dc1fda49/attachment.html From Sampson at p2sol.com Wed Mar 28 19:06:04 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Wed Mar 28 19:06:13 2012 Subject: Rejected email redirect In-Reply-To: <4F733577.1090709@pacific.net> References: <4ACB6FBB6E06074DA18D653BD3155A6637AF8E@COMM1.p2sol.com> <4F733577.1090709@pacific.net> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A6637B4F2@COMM1.p2sol.com> So Ken are you saying that if I turn off the option in PF that SA is already running the same check by default? If so will we run into the same issue that we have been facing that e-mails that are being sent to us whose name will not resolve will still be rejected, unless I change the config? Also I already have where (spam?) that does not fall into the high scoring spam score will go to quarantine folders but in the current state rejected emails are being denied in the MTA so never have an option to be processed further. Which is the reason for looking at the change to allow the e-mails to make it further into the system before being rejected and/or stored. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A Sent: Wednesday, March 28, 2012 11:00 AM To: mailscanner@lists.mailscanner.info Subject: Re: Rejected email redirect SA already has a lot of HELO rules, due to all the spam from bots, and the lack of decent HELO checks in MTAs by default. Use score actions in MailScanner.conf to put spam in quarantine or tag/deliver or whatever. Quarantine here is MTA quarantine, not an IMAP folder named "quarantine". If you want them in specific IMAP folders, you'll need to use your LDA + sieve, procmail, or similar to match something in the headers - like the X-MailScanner-SpamCheck header with "HELO_" Ken On 3/28/2012 10:07 AM, Sampson, Aaron wrote: > So my company is starting to deal with a lot of smaller companies and > I am running into an issue of e-mails being rejected due to the HELO > command coming back incorrect from the incoming e-mail. I know this > is a simple fix and we have fixed this issue for several companies but > that is time consuming, and will become impossible as business grows. > Is there a way to for Mail Scanner to take the rejected e-mails and > place them in a folder like quarantine or even the quarantined folder? > If I change the reject message to a rule set how would I set up the > rule to say (any rejected e-mail place in > FOLDER...) using MS 4.84.5, with clamd, spamassassin on CENTOS 6.2 in > case you need this as well. Thanks > > > > > > > -- Ken Anderson Pacific Internet - http://www.pacific.net Latest Pacific.Net Status - http://twitter.com/pacnetstatus -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ka at pacific.net Wed Mar 28 19:48:14 2012 From: ka at pacific.net (Ken A) Date: Wed Mar 28 19:48:32 2012 Subject: Rejected email redirect In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A6637B4F2@COMM1.p2sol.com> References: <4ACB6FBB6E06074DA18D653BD3155A6637AF8E@COMM1.p2sol.com> <4F733577.1090709@pacific.net> <4ACB6FBB6E06074DA18D653BD3155A6637B4F2@COMM1.p2sol.com> Message-ID: <4F735CEE.5020202@pacific.net> On 3/28/2012 1:06 PM, Sampson, Aaron wrote: > So Ken are you saying that if I turn off the option in PF that SA is > already running the same check by default? Very similar checks, probably not the same exactly.. I have not done any comparison.. See `grep HELO /usr/share/spamassassin/*` to see what they check.. If so will we run into the > same issue that we have been facing that e-mails that are being sent > to us whose name will not resolve will still be rejected, unless I > change the config? It may be tagged as spam and whatever you configure MailScanner to do - it will do. That's easy to deal with though. You can whitelist by IP, or change the scores of the HELO rules, or write new rules to offset the HELO rules. ie: look for HELO =~ /(?:somecompany|someothercompany)/ (not tested).. Ken Also I already have where (spam?) that does not > fall into the high scoring spam score will go to quarantine folders > but in the current state rejected emails are being denied in the MTA > so never have an option to be processed further. Which is the reason > for looking at the change to allow the e-mails to make it further > into the system before being rejected and/or stored. > > -----Original Message----- From: > mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken > A Sent: Wednesday, March 28, 2012 11:00 AM To: > mailscanner@lists.mailscanner.info Subject: Re: Rejected email > redirect > > SA already has a lot of HELO rules, due to all the spam from bots, > and the lack of decent HELO checks in MTAs by default. > > Use score actions in MailScanner.conf to put spam in quarantine or > tag/deliver or whatever. Quarantine here is MTA quarantine, not an > IMAP folder named "quarantine". > > If you want them in specific IMAP folders, you'll need to use your > LDA + sieve, procmail, or similar to match something in the headers - > like the X-MailScanner-SpamCheck header with "HELO_" > > Ken > > > > On 3/28/2012 10:07 AM, Sampson, Aaron wrote: >> So my company is starting to deal with a lot of smaller companies >> and I am running into an issue of e-mails being rejected due to the >> HELO command coming back incorrect from the incoming e-mail. I >> know this is a simple fix and we have fixed this issue for several >> companies but that is time consuming, and will become impossible as >> business grows. Is there a way to for Mail Scanner to take the >> rejected e-mails and place them in a folder like quarantine or even >> the quarantined folder? If I change the reject message to a rule >> set how would I set up the rule to say (any rejected e-mail place >> in FOLDER...) using MS 4.84.5, with clamd, spamassassin on CENTOS >> 6.2 in case you need this as well. Thanks >> >> >> >> >> >> >> > > -- Ken Anderson Pacific Internet - http://www.pacific.net Latest > Pacific.Net Status - http://twitter.com/pacnetstatus -- MailScanner > mailing list mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Ken Anderson Pacific Internet - http://www.pacific.net Latest Pacific.Net Status - http://twitter.com/pacnetstatus From Sampson at p2sol.com Wed Mar 28 20:36:33 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Wed Mar 28 20:36:48 2012 Subject: Rejected email redirect In-Reply-To: <4F735CEE.5020202@pacific.net> References: <4ACB6FBB6E06074DA18D653BD3155A6637AF8E@COMM1.p2sol.com> <4F733577.1090709@pacific.net> <4ACB6FBB6E06074DA18D653BD3155A6637B4F2@COMM1.p2sol.com> <4F735CEE.5020202@pacific.net> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A6637B59A@COMM1.p2sol.com> Okay I will take some of these options to the team and try a few. I will try to remember to come back and post results in case anyone else runs into a similar issue. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A Sent: Wednesday, March 28, 2012 1:48 PM To: mailscanner@lists.mailscanner.info Subject: Re: Rejected email redirect On 3/28/2012 1:06 PM, Sampson, Aaron wrote: > So Ken are you saying that if I turn off the option in PF that SA is > already running the same check by default? Very similar checks, probably not the same exactly.. I have not done any comparison.. See `grep HELO /usr/share/spamassassin/*` to see what they check.. If so will we run into the > same issue that we have been facing that e-mails that are being sent > to us whose name will not resolve will still be rejected, unless I > change the config? It may be tagged as spam and whatever you configure MailScanner to do - it will do. That's easy to deal with though. You can whitelist by IP, or change the scores of the HELO rules, or write new rules to offset the HELO rules. ie: look for HELO =~ /(?:somecompany|someothercompany)/ (not tested).. Ken Also I already have where (spam?) that does not > fall into the high scoring spam score will go to quarantine folders > but in the current state rejected emails are being denied in the MTA > so never have an option to be processed further. Which is the reason > for looking at the change to allow the e-mails to make it further into > the system before being rejected and/or stored. > > -----Original Message----- From: > mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A > Sent: Wednesday, March 28, 2012 11:00 AM To: > mailscanner@lists.mailscanner.info Subject: Re: Rejected email > redirect > > SA already has a lot of HELO rules, due to all the spam from bots, and > the lack of decent HELO checks in MTAs by default. > > Use score actions in MailScanner.conf to put spam in quarantine or > tag/deliver or whatever. Quarantine here is MTA quarantine, not an > IMAP folder named "quarantine". > > If you want them in specific IMAP folders, you'll need to use your LDA > + sieve, procmail, or similar to match something in the headers - like > the X-MailScanner-SpamCheck header with "HELO_" > > Ken > > > > On 3/28/2012 10:07 AM, Sampson, Aaron wrote: >> So my company is starting to deal with a lot of smaller companies and >> I am running into an issue of e-mails being rejected due to the HELO >> command coming back incorrect from the incoming e-mail. I know this >> is a simple fix and we have fixed this issue for several companies >> but that is time consuming, and will become impossible as business >> grows. Is there a way to for Mail Scanner to take the rejected >> e-mails and place them in a folder like quarantine or even the >> quarantined folder? If I change the reject message to a rule set how >> would I set up the rule to say (any rejected e-mail place in >> FOLDER...) using MS 4.84.5, with clamd, spamassassin on CENTOS >> 6.2 in case you need this as well. Thanks >> >> >> >> >> >> >> > > -- Ken Anderson Pacific Internet - http://www.pacific.net Latest > Pacific.Net Status - http://twitter.com/pacnetstatus -- MailScanner > mailing list mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Ken Anderson Pacific Internet - http://www.pacific.net Latest Pacific.Net Status - http://twitter.com/pacnetstatus -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website!