From doctor at doctor.nl2k.ab.ca Sun Nov 4 23:49:30 2012 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Sun, 4 Nov 2012 16:49:30 -0700 Subject: New Version Message-ID: <20121104234930.GB6460@doctor.nl2k.ab.ca> Any new versions of MailScanner up and coming? -- Member - Liberal International This is doctor at nl2k.ab.ca Ici doctor at nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k USA petition to dissolve the Republic and vote to disoolve it in November 2012 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From nwilson123 at gmail.com Mon Nov 5 07:19:21 2012 From: nwilson123 at gmail.com (Neil) Date: Mon, 5 Nov 2012 09:19:21 +0200 Subject: Problem messages when spam checks enabled Message-ID: Hi guys, I've got a strange issue on a MailScanner install... It seems like when SpamAssassin is being called (use SpamAssassin = yes) the emails end up being "problem messages" and eventually after 3 retries the messages are then quarantined... Nov 2 17:13:43 mail MailScanner[19750]: Warning: skipping message 0310480032E.AF1CF as it has been attempted too many times Nov 2 17:13:43 mail MailScanner[19750]: Quarantined message 0310480032E.AF1CF as it caused MailScanner to crash several times Nov 2 17:13:43 mail MailScanner[19750]: Saved entire message to /var/spool/MailScanner/quarantine/20121102/0310480032E.AF1CF If I set "use SpamAssassin =no" then emails pass through perfectly. [root at mail ~]# MailScanner --debug-sa --lint Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 869 hostnames from the phishing whitelist Read 4249 hostnames from the phishing blacklists Config: calling custom init function SQLBlacklist Starting up SQL Blacklist Read 0 blacklist entries Config: calling custom init function MailWatchLogging Started SQL Logging child Config: calling custom init function SQLWhitelist Starting up SQL Whitelist Read 0 whitelist entries Checking version numbers... Version number in MailScanner.conf (4.84.5) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. MailScanner setting GID to (89) MailScanner setting UID to (89) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 0 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = clamd" Found these virus scanners installed: clamavmodule, clamd =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com Virus Scanning: Clamd found 2 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 2 viruses =========================================================================== Virus Scanner test reports: Clamd said "eicar.com was infected: Eicar-Test-Signature" If any of your virus scanners (clamavmodule,clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Config: calling custom end function SQLBlacklist Closing down by-domain spam blacklist Config: calling custom end function MailWatchLogging Config: calling custom end function SQLWhitelist Closing down by-domain spam whitelist Anyone have any ideas where to start? Thanks. Regards. Neil Wilson. From mailscanner at joolee.nl Mon Nov 5 08:09:39 2012 From: mailscanner at joolee.nl (Joolee) Date: Mon, 5 Nov 2012 09:09:39 +0100 Subject: Problem messages when spam checks enabled In-Reply-To: References: Message-ID: Can you run a lint test with spamassassin and a debug run with spamassassin on one of the problem E-mails? On 5 November 2012 08:19, Neil wrote: > Hi guys, > > I've got a strange issue on a MailScanner install... > > It seems like when SpamAssassin is being called (use SpamAssassin = > yes) the emails end up being "problem messages" and eventually after 3 > retries the messages are then quarantined... > > Nov 2 17:13:43 mail MailScanner[19750]: Warning: skipping message > 0310480032E.AF1CF as it has been attempted too many times > Nov 2 17:13:43 mail MailScanner[19750]: Quarantined message > 0310480032E.AF1CF as it caused MailScanner to crash several times > Nov 2 17:13:43 mail MailScanner[19750]: Saved entire message to > /var/spool/MailScanner/quarantine/20121102/0310480032E.AF1CF > > If I set "use SpamAssassin =no" then emails pass through perfectly. > > [root at mail ~]# MailScanner --debug-sa --lint > Trying to setlogsock(unix) > > Reading configuration file /etc/MailScanner/MailScanner.conf > Reading configuration file /etc/MailScanner/conf.d/README > Read 869 hostnames from the phishing whitelist > Read 4249 hostnames from the phishing blacklists > Config: calling custom init function SQLBlacklist > Starting up SQL Blacklist > Read 0 blacklist entries > Config: calling custom init function MailWatchLogging > Started SQL Logging child > Config: calling custom init function SQLWhitelist > Starting up SQL Whitelist > Read 0 whitelist entries > > Checking version numbers... > Version number in MailScanner.conf (4.84.5) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > MailScanner setting GID to (89) > MailScanner setting UID to (89) > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > Connected to Processing Attempts Database > Created Processing Attempts Database successfully > There are 0 messages in the Processing Attempts Database > Using locktype = posix > MailScanner.conf says "Virus Scanners = clamd" > Found these virus scanners installed: clamavmodule, clamd > =========================================================================== > Filename Checks: Windows/DOS Executable (1 eicar.com) > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com > Virus Scanning: Clamd found 2 infections > Infected message 1 came from 10.1.1.1 > Virus Scanning: Found 2 viruses > =========================================================================== > Virus Scanner test reports: > Clamd said "eicar.com was infected: Eicar-Test-Signature" > > If any of your virus scanners (clamavmodule,clamd) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its virus.scanners.conf. > Config: calling custom end function SQLBlacklist > Closing down by-domain spam blacklist > Config: calling custom end function MailWatchLogging > Config: calling custom end function SQLWhitelist > Closing down by-domain spam whitelist > > Anyone have any ideas where to start? > > Thanks. > > Regards. > > Neil Wilson. > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121105/0616a2b8/attachment.html From stephencoxmail at gmail.com Mon Nov 5 08:32:34 2012 From: stephencoxmail at gmail.com (Stephen Cox) Date: Mon, 5 Nov 2012 10:32:34 +0200 Subject: New Version In-Reply-To: <20121104234930.GB6460@doctor.nl2k.ab.ca> References: <20121104234930.GB6460@doctor.nl2k.ab.ca> Message-ID: On Mon, Nov 5, 2012 at 1:49 AM, The Doctor wrote: > Any new versions of MailScanner up and coming? > Andrew and I are a bit tied up at the moment, but I am planning to do a release before Christmas. :-) https://github.com/MailScanner/MailScanner/issues?milestone=1&state=open -- Stephen Cox -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121105/b5569693/attachment.html From stephencoxmail at gmail.com Mon Nov 5 08:39:45 2012 From: stephencoxmail at gmail.com (Stephen Cox) Date: Mon, 5 Nov 2012 10:39:45 +0200 Subject: Problem messages when spam checks enabled In-Reply-To: References: Message-ID: On Mon, Nov 5, 2012 at 9:19 AM, Neil wrote: > Anyone have any ideas where to start? > What distro are you using? What is the output of MailScanner -v? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121105/a3cc2a74/attachment.html From nwilson123 at gmail.com Mon Nov 5 10:30:14 2012 From: nwilson123 at gmail.com (Neil) Date: Mon, 5 Nov 2012 12:30:14 +0200 Subject: Problem messages when spam checks enabled In-Reply-To: References: Message-ID: On Mon, Nov 5, 2012 at 10:39 AM, Stephen Cox wrote: > On Mon, Nov 5, 2012 at 9:19 AM, Neil wrote: >> >> Anyone have any ideas where to start? > > > What distro are you using? > > What is the output of MailScanner -v? Thanks for coming back to me Stephen and Joolee, below are some of the details requested, I'll send through the rest shortly. Should I paste the output of my spamassassin --lint -D into a pastebin link, or send it here? Also I'm not sure how to go about doing a "debug run on one of the problem emails?" MailScanner -v Running on Linux mail.mydomain.co.za 2.6.32-279.5.2.el6.x86_64 #1 SMP Fri Aug 24 01:07:11 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux This is CentOS release 6.3 (Final) This is Perl version 5.010001 (5.10.1) This is MailScanner version 4.84.5 Module versions are: 1.00 AnyDBM_File 1.30 Archive::Zip 0.23 bignum 1.11 Carp 2.02 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.124 Data::Dumper 2.27 Date::Parse 1.03 DirHandle 1.06 Fcntl 2.77 File::Basename 2.14 File::Copy 2.02 FileHandle 2.08 File::Path 0.22 File::Temp 0.90 Filesys::Df 3.64 HTML::Entities 3.64 HTML::Parser 3.57 HTML::TokeParser 1.25 IO 1.14 IO::File 1.13 IO::Pipe 2.04 Mail::Header 1.89 Math::BigInt 0.22 Math::BigRat 3.05 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.03 MIME::QuotedPrint 5.427 MIME::Tools 0.13 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.13 Pod::Simple 1.17 POSIX 1.21 Scalar::Util 1.82 Socket 2.20 Storable 1.4 Sys::Hostname::Long 0.27 Sys::Syslog 1.26 Test::Pod 0.6 Test::Simple 1.68 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.58 Archive::Tar 0.23 bignum 1.82 Business::ISBN 1.10 Business::ISBN::Data 1.08 Data::Dump 1.82 DB_File 1.27 DBD::SQLite 1.609 DBI 1.10 Digest 1.01 Digest::HMAC 2.39 Digest::MD5 2.10 Digest::SHA1 1.01 Encode::Detect 0.17015 Error 0.27 ExtUtils::CBuilder 2.2203 ExtUtils::ParseXS 2.38 Getopt::Long 0.44 Inline 1.08 IO::String 1.09 IO::Zlib 2.21 IP::Country 0.29 Mail::ClamAV 3.003001 Mail::SpamAssassin v2.004 Mail::SPF missing Mail::SPF::Query 0.35 Module::Build 0.20 Net::CIDR::Lite 0.65 Net::DNS 0.002.2 Net::DNS::Resolver::Programmable 0.40 Net::LDAP 4.027 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.52 Test::Harness 0.95 Test::Manifest 2.0.0 Text::Balanced 1.35 URI 0.77 version 0.62 YAML Thank you! Regards. Neil Wilson. From stephencoxmail at gmail.com Mon Nov 5 11:21:56 2012 From: stephencoxmail at gmail.com (Stephen Cox) Date: Mon, 5 Nov 2012 13:21:56 +0200 Subject: Problem messages when spam checks enabled In-Reply-To: References: Message-ID: On Mon, Nov 5, 2012 at 12:30 PM, Neil wrote: > Should I paste the output of my spamassassin --lint -D into a pastebin > link, or send it here? Also I'm not sure how to go about doing a > "debug run on one of the problem emails?" > Pastebin please > MailScanner -v > Running on > Linux mail.mydomain.co.za 2.6.32-279.5.2.el6.x86_64 #1 SMP Fri Aug 24 > 01:07:11 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux > This is CentOS release 6.3 (Final) > This is Perl version 5.010001 (5.10.1) > > This is MailScanner version 4.84.5 > Module versions are: > 1.00 AnyDBM_File > 1.30 Archive::Zip > It can be an insecure dependency, stop MailScanner and process a single email using MailScanner --debug. The email must be one of the messages that crashed MailScanner. -- Stephen Cox -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121105/e089625f/attachment.html From mailscanner at joolee.nl Mon Nov 5 11:53:49 2012 From: mailscanner at joolee.nl (Joolee) Date: Mon, 5 Nov 2012 12:53:49 +0100 Subject: Problem messages when spam checks enabled In-Reply-To: References: Message-ID: I have created a modified version of sa_lint.php (Mailwatch) to run a spamassassin debug for a selected e-mail. The command it actually runs is: "/usr/bin/spamassassin --use-ignores -x -D < /var/spool/MailScanner/quarantine/20121105/nonspam/3459951D.A46D3 2>&1" On 5 November 2012 12:21, Stephen Cox wrote: > > > > On Mon, Nov 5, 2012 at 12:30 PM, Neil wrote: > >> Should I paste the output of my spamassassin --lint -D into a pastebin >> link, or send it here? Also I'm not sure how to go about doing a >> "debug run on one of the problem emails?" >> > > Pastebin please > > >> MailScanner -v >> Running on >> Linux mail.mydomain.co.za 2.6.32-279.5.2.el6.x86_64 #1 SMP Fri Aug 24 >> 01:07:11 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux >> This is CentOS release 6.3 (Final) >> This is Perl version 5.010001 (5.10.1) >> >> This is MailScanner version 4.84.5 >> Module versions are: >> 1.00 AnyDBM_File >> 1.30 Archive::Zip >> > > It can be an insecure dependency, stop MailScanner and process a single > email using MailScanner --debug. The email must be one of the messages > that crashed MailScanner. > -- > Stephen Cox > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121105/430b08f3/attachment.html From nwilson123 at gmail.com Mon Nov 5 12:01:50 2012 From: nwilson123 at gmail.com (Neil) Date: Mon, 5 Nov 2012 14:01:50 +0200 Subject: Problem messages when spam checks enabled In-Reply-To: References: Message-ID: On Mon, Nov 5, 2012 at 1:21 PM, Stephen Cox wrote: > > On Mon, Nov 5, 2012 at 12:30 PM, Neil wrote: >> >> Should I paste the output of my spamassassin --lint -D into a pastebin >> link, or send it here? Also I'm not sure how to go about doing a >> "debug run on one of the problem emails?" > Pastebin please Okay, paste bin as requested. http://pastebin.com/Uh9T4NqL >> MailScanner -v >> Running on >> Linux mail.mydomain.co.za 2.6.32-279.5.2.el6.x86_64 #1 SMP Fri Aug 24 >> 01:07:11 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux >> This is CentOS release 6.3 (Final) >> This is Perl version 5.010001 (5.10.1) >> >> This is MailScanner version 4.84.5 >> Module versions are: >> 1.00 AnyDBM_File >> 1.30 Archive::Zip > > > It can be an insecure dependency, stop MailScanner and process a single > email using MailScanner --debug. The email must be one of the messages that > crashed MailScanner. I ran the --debug and saw the following in the logs.... Building a message batch to scan... Nov 5 13:54:04 mail MailScanner[12500]: New Batch: Scanning 1 messages, 766 bytes Have a batch of 1 message. Nov 5 13:54:04 mail MailScanner[12500]: Virus and Content Scanning: Starting Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Nov 5 13:54:11 mail MailScanner[12500]: Spam Checks: Found 1 spam messages It's very easy to get it to replicate the issue, just by sending a test email with lots of common spam key words in the subject line. Do you need more than the above, or is this enough? I don't want to leave it running for too long in case it starts blocking legitimate emails. Thank you very much. Regards. Neil Wilson. From stephencoxmail at gmail.com Mon Nov 5 12:49:15 2012 From: stephencoxmail at gmail.com (Stephen Cox) Date: Mon, 5 Nov 2012 14:49:15 +0200 Subject: Problem messages when spam checks enabled In-Reply-To: References: Message-ID: On Mon, Nov 5, 2012 at 2:01 PM, Neil wrote: > Insecure dependency in open while running with -T switch at > /usr/lib64/perl5/IO/File.pm line 185. > Andrew fixed most of those issues. Did you install MailScanner from the Baruwa repo? -- Stephen Cox -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121105/e5f8dac7/attachment.html From nwilson123 at gmail.com Mon Nov 5 13:28:42 2012 From: nwilson123 at gmail.com (Neil) Date: Mon, 5 Nov 2012 15:28:42 +0200 Subject: Problem messages when spam checks enabled In-Reply-To: References: Message-ID: Thanks, I used the original Centos/Redhat RPM from the mailscanner.info site... filename of (MailScanner-4.84.3-1.rpm.tar.gz) I have since re-run the install for the later release(MailScanner-4.84.5-2.rpm.tar.gz) but this hasn't made any difference. Below is the pastbin link to one of the files that crashed MS when running the debug on the already quarantined emails... http://pastebin.com/DfVEv47r Thanks! Neil Wilson. On Mon, Nov 5, 2012 at 2:49 PM, Stephen Cox wrote: > On Mon, Nov 5, 2012 at 2:01 PM, Neil wrote: >> >> Insecure dependency in open while running with -T switch at >> /usr/lib64/perl5/IO/File.pm line 185. > > > Andrew fixed most of those issues. Did you install MailScanner from the > Baruwa repo? > > -- > Stephen Cox > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From stephencoxmail at gmail.com Mon Nov 5 14:27:44 2012 From: stephencoxmail at gmail.com (Stephen Cox) Date: Mon, 5 Nov 2012 16:27:44 +0200 Subject: Problem messages when spam checks enabled In-Reply-To: References: Message-ID: On Mon, Nov 5, 2012 at 3:28 PM, Neil wrote: > I used the original Centos/Redhat RPM from the mailscanner.info > site... filename of (MailScanner-4.84.3-1.rpm.tar.gz) > Use the http://repo.baruwa.org/ repo for now. > I have since re-run the install for the later > release(MailScanner-4.84.5-2.rpm.tar.gz) but this hasn't made any > difference. > I don't think we uploaded a new rpm there, the baruwa repo has the latest rpm. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121105/cc88154b/attachment.html From nwilson123 at gmail.com Mon Nov 5 14:59:42 2012 From: nwilson123 at gmail.com (Neil) Date: Mon, 5 Nov 2012 16:59:42 +0200 Subject: Problem messages when spam checks enabled In-Reply-To: References: Message-ID: Thanks Stephen, I'll give it a try first thing tomorrow morning. I'm very surprised I haven't encountered this problem before, I've done a number of Centos 6.3 installs using the latest version of MS with MW without encountering this issue, very strange. Thanks again for your assistance. Regards. Neil Wilson. On Mon, Nov 5, 2012 at 4:27 PM, Stephen Cox wrote: > On Mon, Nov 5, 2012 at 3:28 PM, Neil wrote: >> >> I used the original Centos/Redhat RPM from the mailscanner.info >> site... filename of (MailScanner-4.84.3-1.rpm.tar.gz) > > > Use the http://repo.baruwa.org/ repo for now. > >> >> I have since re-run the install for the later >> release(MailScanner-4.84.5-2.rpm.tar.gz) but this hasn't made any >> difference. > > > I don't think we uploaded a new rpm there, the baruwa repo has the latest > rpm. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From alvaro at hostalia.com Mon Nov 5 18:28:44 2012 From: alvaro at hostalia.com (Alvaro Marin) Date: Mon, 05 Nov 2012 19:28:44 +0100 Subject: Large rule files In-Reply-To: References: <50900976.5050104@hostalia.com> Message-ID: <5098055C.5010606@hostalia.com> Hi, thank you Eduardo, I think that I'll try the SQL capability of MailScanner. Regards, El 30/10/12 20:17, Eduardo Casarero escribi?: > Hi alvaro, we are using an sqlite db to hold white/blacklists, we didn't > measure performance impacts, but both of our lists has over thousand > rules and works fine. We took some CustomFunctions from Mailwatch and > tuned to work with sqlite instead of mysql. > > Regards, > > Eduardo. > > 2012/10/30 Alvaro Marin > > > Hello, > > we've some rule files (whitelist, blacklist, checks...) and some days > ago, I added new rules so some of those files have more than 25000 lines > now. > > We have seen an important performance impact in MailScanner...Is there > any "magic" solution to this? > I've been reading about Ruleset-from-Function.pm, is anyone using it? > > Thanks! > > Regards, > > -- > Alvaro Mar?n Illera > Hostalia Internet > www.hostalia.com > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From nwilson123 at gmail.com Tue Nov 6 07:57:59 2012 From: nwilson123 at gmail.com (Neil) Date: Tue, 6 Nov 2012 09:57:59 +0200 Subject: Problem messages when spam checks enabled In-Reply-To: References: Message-ID: Hi guys, I've upgraded to the latest MS from the baruwa repo, but unfortunately I'm still faced with the same problem. [root at mail MailScanner]# Building a message batch to scan... Have a batch of 2 messages. [root at mail MailScanner]# Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Not sure what to try next apart from completely uninstalling MS and SA and then re-installing from scratch. Thanks. Regards. Neil Wilson. On Mon, Nov 5, 2012 at 4:59 PM, Neil wrote: > Thanks Stephen, I'll give it a try first thing tomorrow morning. > > I'm very surprised I haven't encountered this problem before, I've > done a number of Centos 6.3 installs using the latest version of MS > with MW without encountering this issue, very strange. > > Thanks again for your assistance. > > Regards. > > Neil Wilson. > > > On Mon, Nov 5, 2012 at 4:27 PM, Stephen Cox wrote: >> On Mon, Nov 5, 2012 at 3:28 PM, Neil wrote: >>> >>> I used the original Centos/Redhat RPM from the mailscanner.info >>> site... filename of (MailScanner-4.84.3-1.rpm.tar.gz) >> >> >> Use the http://repo.baruwa.org/ repo for now. >> >>> >>> I have since re-run the install for the later >>> release(MailScanner-4.84.5-2.rpm.tar.gz) but this hasn't made any >>> difference. >> >> >> I don't think we uploaded a new rpm there, the baruwa repo has the latest >> rpm. >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> From andrew at topdog.za.net Tue Nov 6 08:28:21 2012 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Tue, 6 Nov 2012 10:28:21 +0200 Subject: Problem messages when spam checks enabled In-Reply-To: References: Message-ID: <98E6C351-02AB-4AAF-9A02-E91FBDBCA4F6@topdog.za.net> On 06 Nov 2012, at 9:57 AM, Neil wrote: > I've upgraded to the latest MS from the baruwa repo, but unfortunately > I'm still faced with the same problem. Will investigate disable taint check in the meantime. Edit the /usr/sbin/MailScanner file at the first line to add -U to the end like; #!/usr/bin/perl -I/usr/lib/MailScanner -U That should fix it. - Andrew -- www.baruwa.org From andrew at topdog.za.net Tue Nov 6 08:38:05 2012 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Tue, 6 Nov 2012 10:38:05 +0200 Subject: Problem messages when spam checks enabled In-Reply-To: References: Message-ID: <93383F03-A091-4D47-89BC-E0D81C8B47DC@topdog.za.net> On 06 Nov 2012, at 9:57 AM, Neil wrote: > [root at mail MailScanner]# Insecure dependency in open while running > with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Please supply your sample configuration files, i suspect these taint issues could be in the postfix/sendmail modules as i use exim and have fixed most of the taint issues in the exim module and am running ms with taint on without any issues. - Andrew -- www.baruwa.org From john at tradoc.fr Tue Nov 6 09:23:38 2012 From: john at tradoc.fr (John Wilcock) Date: Tue, 06 Nov 2012 10:23:38 +0100 Subject: Problem messages when spam checks enabled In-Reply-To: References: Message-ID: <5098D71A.10701@tradoc.fr> Le 06/11/2012 08:57, Neil a ?crit : > [root at mail MailScanner]# Insecure dependency in open while running > with -T switch at /usr/lib64/perl5/IO/File.pm line 185. That one's been reported before, but AFAIK is still unfixed. The only solution is to run MailScanner in untainted mode (add -U to the first line of /usr/sbin/MailScanner). John. -- -- Over 5000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From john at tradoc.fr Tue Nov 6 10:36:42 2012 From: john at tradoc.fr (John Wilcock) Date: Tue, 06 Nov 2012 11:36:42 +0100 Subject: Problem messages when spam checks enabled In-Reply-To: <93383F03-A091-4D47-89BC-E0D81C8B47DC@topdog.za.net> References: <93383F03-A091-4D47-89BC-E0D81C8B47DC@topdog.za.net> Message-ID: <5098E83A.8030208@tradoc.fr> Le 06/11/2012 09:38, Andrew Colin Kissa a ?crit : >> [root at mail MailScanner]# Insecure dependency in open while running >> >with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Please supply your sample configuration files, i suspect these taint issues > could be in the postfix/sendmail modules as i use exim and have fixed > most of the taint issues in the exim module and am running ms with taint > on without any issues. FWIW, I see this issue using postfix. John. -- -- Over 5000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From roedie at roedie.nl Tue Nov 6 12:02:40 2012 From: roedie at roedie.nl (Sander Klein) Date: Tue, 06 Nov 2012 13:02:40 +0100 Subject: Problem messages when spam checks enabled In-Reply-To: <5098D71A.10701@tradoc.fr> References: <5098D71A.10701@tradoc.fr> Message-ID: On 06.11.2012 10:23, John Wilcock wrote: > Le 06/11/2012 08:57, Neil a ?crit : >> [root at mail MailScanner]# Insecure dependency in open while running >> with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > > That one's been reported before, but AFAIK is still unfixed. The only > solution is to run MailScanner in untainted mode (add -U to the first > line of /usr/sbin/MailScanner). Hmm, no the fix is there. Please see: http://article.gmane.org/gmane.mail.virus.mailscanner/78526/match= and http://article.gmane.org/gmane.mail.virus.mailscanner/78670/match= . Some dutch guy posted it ;-) It seems that it's even in the github repo, see: https://github.com/MailScanner/MailScanner/commit/03a33f191555febbf1ae2b614ba771bf51681d3b Greets, Sander Klein From john at tradoc.fr Tue Nov 6 13:40:15 2012 From: john at tradoc.fr (John Wilcock) Date: Tue, 06 Nov 2012 14:40:15 +0100 Subject: Problem messages when spam checks enabled In-Reply-To: References: <5098D71A.10701@tradoc.fr> Message-ID: <5099133F.7020509@tradoc.fr> Le 06/11/2012 13:02, Sander Klein a ?crit : > Hmm, no the fix is there. Please see: > http://article.gmane.org/gmane.mail.virus.mailscanner/78526/match= and > http://article.gmane.org/gmane.mail.virus.mailscanner/78670/match= . > Some dutch guy posted it;-) > > It seems that it's even in the github repo, see: > https://github.com/MailScanner/MailScanner/commit/03a33f191555febbf1ae2b614ba771bf51681d3b Thanks. That fix worries me somewhat though, in that it assumes that filenames of postfix files in MailScanner fit the regex /([\w\d]{10}\.[\w\d]{5})/ In fact the part before the dot is the postfix queue file name, which IIRC corresponds to the inode number, the length of which depends on the filesystem. Mine are 11 hex digits, not 10, for example. Changing the regex in the fix to /([\w\d]{9,12}\.[\w\d]{5})/ works for me, and at last allows me to run in taint mode, though I'm not sure whether that 9 to 12 range is sufficient for all filesystems. John. -- -- Over 5000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From nwilson123 at gmail.com Tue Nov 6 13:40:24 2012 From: nwilson123 at gmail.com (Neil) Date: Tue, 6 Nov 2012 15:40:24 +0200 Subject: Problem messages when spam checks enabled In-Reply-To: <5098E83A.8030208@tradoc.fr> References: <93383F03-A091-4D47-89BC-E0D81C8B47DC@topdog.za.net> <5098E83A.8030208@tradoc.fr> Message-ID: Hi everyone, Thanks for all the info. I added the -U and it's now working correctly and my MS is no longer crashing when spam emails are detected. Andrew would you still like my configs? I'm using MailScanner-4.84.5-2 on Centos 6.3 with the install-Clam-0.96.5-SA-3.3.1 from mailscanner.info I did try using the baruwa repo, however I encountered issues path differences with the init script and various other minor issues, so I rolled back to the previous version I was using. What I really can't work out here is that I've used this same setup for a number of installs and never encountered this issue before... Thanks! Regards. Neil Wilson. On Tue, Nov 6, 2012 at 12:36 PM, John Wilcock wrote: > Le 06/11/2012 09:38, Andrew Colin Kissa a ?crit : >>> [root at mail MailScanner]# Insecure dependency in open while running >>> >with -T switch at /usr/lib64/perl5/IO/File.pm line 185. >> Please supply your sample configuration files, i suspect these taint issues >> could be in the postfix/sendmail modules as i use exim and have fixed >> most of the taint issues in the exim module and am running ms with taint >> on without any issues. > > FWIW, I see this issue using postfix. > > > John. > > -- > -- Over 5000 webcams from ski resorts around the world - www.snoweye.com > -- Translate your technical documents and web pages - www.tradoc.fr > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From stephencoxmail at gmail.com Tue Nov 6 14:29:00 2012 From: stephencoxmail at gmail.com (Stephen Cox) Date: Tue, 6 Nov 2012 16:29:00 +0200 Subject: Problem messages when spam checks enabled In-Reply-To: <5099133F.7020509@tradoc.fr> References: <5098D71A.10701@tradoc.fr> <5099133F.7020509@tradoc.fr> Message-ID: On Tue, Nov 6, 2012 at 3:40 PM, John Wilcock wrote: > In fact the part before the dot is the postfix queue file name, which > IIRC corresponds to the inode number, the length of which depends on the > filesystem. Mine are 11 hex digits, not 10, for example. > > Changing the regex in the fix to /([\w\d]{9,12}\.[\w\d]{5})/ works for > me, and at last allows me to run in taint mode, though I'm not sure > whether that 9 to 12 range is sufficient for all filesystems. Please report this issue if you find the time at https://github.com/MailScanner/MailScanner/issues -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121106/f8c11831/attachment.html From nwilson123 at gmail.com Tue Nov 6 15:04:25 2012 From: nwilson123 at gmail.com (Neil) Date: Tue, 6 Nov 2012 17:04:25 +0200 Subject: Problem messages when spam checks enabled In-Reply-To: <5099133F.7020509@tradoc.fr> References: <5098D71A.10701@tradoc.fr> <5099133F.7020509@tradoc.fr> Message-ID: Thanks John and Sander, very interesting. I've checked PFDiskStore.pm on a working system(Centos 6.3 with MailScanner-4.84.5-2 and postfix-2.6.6-2.2.el6_1.x86_64) and compared it to the same file on my problematic system and the file is the same so I still can't work out why this hasn't happened to my installs before, I've also compared the postfix filenames on both systems and both of them are 11 characters long. Anyway, thanks for your assistance. What is the danger/harm in running in non taint mode? Thanks. Regards. Neil Wilson. On Tue, Nov 6, 2012 at 3:40 PM, John Wilcock wrote: > Le 06/11/2012 13:02, Sander Klein a ?crit : >> Hmm, no the fix is there. Please see: >> http://article.gmane.org/gmane.mail.virus.mailscanner/78526/match= and >> http://article.gmane.org/gmane.mail.virus.mailscanner/78670/match= . >> Some dutch guy posted it;-) >> >> It seems that it's even in the github repo, see: >> https://github.com/MailScanner/MailScanner/commit/03a33f191555febbf1ae2b614ba771bf51681d3b > > Thanks. That fix worries me somewhat though, in that it assumes that > filenames of postfix files in MailScanner fit the regex > /([\w\d]{10}\.[\w\d]{5})/ > > In fact the part before the dot is the postfix queue file name, which > IIRC corresponds to the inode number, the length of which depends on the > filesystem. Mine are 11 hex digits, not 10, for example. > > Changing the regex in the fix to /([\w\d]{9,12}\.[\w\d]{5})/ works for > me, and at last allows me to run in taint mode, though I'm not sure > whether that 9 to 12 range is sufficient for all filesystems. > > John. > > -- > -- Over 5000 webcams from ski resorts around the world - www.snoweye.com > -- Translate your technical documents and web pages - www.tradoc.fr > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From john at tradoc.fr Tue Nov 6 15:41:10 2012 From: john at tradoc.fr (John Wilcock) Date: Tue, 06 Nov 2012 16:41:10 +0100 Subject: Problem messages when spam checks enabled In-Reply-To: References: <5098D71A.10701@tradoc.fr> <5099133F.7020509@tradoc.fr> Message-ID: <50992F96.90802@tradoc.fr> Le 06/11/2012 15:29, Stephen Cox a ?crit : > Please report this issue if you find the time at > https://github.com/MailScanner/MailScanner/issues I've added a comment to the thread for the initial fix. I'm not familiar with github, but there doesn't seem to be a way to mark the issue as reopened. John. -- -- Over 5000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From andrew at topdog.za.net Wed Nov 7 08:07:57 2012 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Wed, 7 Nov 2012 10:07:57 +0200 Subject: Problem messages when spam checks enabled In-Reply-To: <50992F96.90802@tradoc.fr> References: <5098D71A.10701@tradoc.fr> <5099133F.7020509@tradoc.fr> <50992F96.90802@tradoc.fr> Message-ID: <21D409E0-88DA-46B1-BA90-AE65F7507D32@topdog.za.net> On 06 Nov 2012, at 5:41 PM, John Wilcock wrote: > I've added a comment to the thread for the initial fix. I'm not familiar > with github, but there doesn't seem to be a way to mark the issue as > reopened. Committed[1] your suggestions, i have increased it to 9 - 15 if it does not work for someone we will increase as and when the need arises. [1] https://github.com/akissa/MailScanner/commit/6849c4e169d5c582ab954a105cda8018b551b8d7 - Andrew -- www.baruwa.org From stephencoxmail at gmail.com Thu Nov 8 08:32:50 2012 From: stephencoxmail at gmail.com (Stephen Cox) Date: Thu, 8 Nov 2012 10:32:50 +0200 Subject: Problem messages when spam checks enabled In-Reply-To: References: <5098D71A.10701@tradoc.fr> <5099133F.7020509@tradoc.fr> Message-ID: On Tue, Nov 6, 2012 at 5:04 PM, Neil wrote: > I've checked PFDiskStore.pm on a working system(Centos 6.3 with > MailScanner-4.84.5-2 and postfix-2.6.6-2.2.el6_1.x86_64) and compared > it to the same file on my problematic system and the file is the same > so I still can't work out why this hasn't happened to my installs > before, I've also compared the postfix filenames on both systems and > both of them are 11 characters long. > > Is there a difference in the output of MailScanner -v of these systems? > Anyway, thanks for your assistance. What is the danger/harm in running > in non taint mode? It is less secure. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121108/569f4bf1/attachment.html From nwilson123 at gmail.com Thu Nov 8 09:06:47 2012 From: nwilson123 at gmail.com (Neil) Date: Thu, 8 Nov 2012 11:06:47 +0200 Subject: Problem messages when spam checks enabled In-Reply-To: References: <5098D71A.10701@tradoc.fr> <5099133F.7020509@tradoc.fr> Message-ID: On Thu, Nov 8, 2012 at 10:32 AM, Stephen Cox wrote: > On Tue, Nov 6, 2012 at 5:04 PM, Neil wrote: >> >> I've checked PFDiskStore.pm on a working system(Centos 6.3 with >> MailScanner-4.84.5-2 and postfix-2.6.6-2.2.el6_1.x86_64) and compared >> it to the same file on my problematic system and the file is the same >> so I still can't work out why this hasn't happened to my installs >> before, I've also compared the postfix filenames on both systems and >> both of them are 11 characters long. >> > > Is there a difference in the output of MailScanner -v of these systems? Yes, below are the differences, hopefully the wrapping doesn't mess this up too badly.. Linux mail.broken.co.za 2.6.32-279.5.2.el6.x86_64 #1 SMP | Linux smtp.working.co.za 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 2 3.05 MIME::Base64 | 3.08 MIME::Base64 3.03 MIME::QuotedPrint | 3.08 MIME::QuotedPrint 1.40 Test::Pod | 1.26 Test::Pod 0.6 Test::Simple | 0.92 Test::Simple 1.68 Time::HiRes | 1.9721 Time::HiRes 1.10 Digest | 1.16 Digest 2.10 Digest::SHA1 | 2.12 Digest::SHA1 2.52 Test::Harness | 3.17 Test::Harness 1.35 URI | 1.40 URI Thanks Stephen! Regards. Neil Wilson. From nwilson123 at gmail.com Thu Nov 8 09:08:44 2012 From: nwilson123 at gmail.com (Neil) Date: Thu, 8 Nov 2012 11:08:44 +0200 Subject: Problem messages when spam checks enabled In-Reply-To: References: <5098D71A.10701@tradoc.fr> <5099133F.7020509@tradoc.fr> Message-ID: Crumbs, I see the wrapping messed it up terribly..below is a different format... diff --suppress-common-lines /root/broken.txt /root/working.txt 1c1 < Linux mail.broken.co.za 2.6.32-279.5.2.el6.x86_64 #1 SMP Fri Aug 24 01:07:11 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux --- > Linux smtp.working.co.za 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux 33c33 < 3.05 MIME::Base64 --- > 3.08 MIME::Base64 38c38 < 3.03 MIME::QuotedPrint --- > 3.08 MIME::QuotedPrint 51,53c51,53 < 1.40 Test::Pod < 0.6 Test::Simple < 1.68 Time::HiRes --- > 1.26 Test::Pod > 0.92 Test::Simple > 1.9721 Time::HiRes 65c65 < 1.10 Digest --- > 1.16 Digest 68c68 < 2.10 Digest::SHA1 --- > 2.12 Digest::SHA1 90c90 < 2.52 Test::Harness --- > 3.17 Test::Harness 93c93 < 1.35 URI --- > 1.40 URI Sorry for the first post... Regards. Neil. On Thu, Nov 8, 2012 at 11:06 AM, Neil wrote: > On Thu, Nov 8, 2012 at 10:32 AM, Stephen Cox wrote: >> On Tue, Nov 6, 2012 at 5:04 PM, Neil wrote: >>> >>> I've checked PFDiskStore.pm on a working system(Centos 6.3 with >>> MailScanner-4.84.5-2 and postfix-2.6.6-2.2.el6_1.x86_64) and compared >>> it to the same file on my problematic system and the file is the same >>> so I still can't work out why this hasn't happened to my installs >>> before, I've also compared the postfix filenames on both systems and >>> both of them are 11 characters long. >>> >> >> Is there a difference in the output of MailScanner -v of these systems? > > Yes, below are the differences, hopefully the wrapping doesn't mess > this up too badly.. > > Linux mail.broken.co.za 2.6.32-279.5.2.el6.x86_64 #1 SMP | Linux > smtp.working.co.za 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 2 > 3.05 MIME::Base64 | 3.08 > MIME::Base64 > 3.03 MIME::QuotedPrint | 3.08 > MIME::QuotedPrint > 1.40 Test::Pod | 1.26 > Test::Pod > 0.6 Test::Simple | 0.92 > Test::Simple > 1.68 Time::HiRes | 1.9721 > Time::HiRes > 1.10 Digest | 1.16 Digest > 2.10 Digest::SHA1 | 2.12 > Digest::SHA1 > 2.52 Test::Harness | 3.17 > Test::Harness > 1.35 URI | 1.40 URI > > Thanks Stephen! > > Regards. > > Neil Wilson. From stephencoxmail at gmail.com Thu Nov 8 10:35:32 2012 From: stephencoxmail at gmail.com (Stephen Cox) Date: Thu, 8 Nov 2012 12:35:32 +0200 Subject: Problem messages when spam checks enabled In-Reply-To: References: <5098D71A.10701@tradoc.fr> <5099133F.7020509@tradoc.fr> Message-ID: On Thu, Nov 8, 2012 at 11:08 AM, Neil wrote: > diff --suppress-common-lines /root/broken.txt /root/working.txt > 1c1 > < Linux mail.broken.co.za 2.6.32-279.5.2.el6.x86_64 #1 SMP Fri Aug 24 > 01:07:11 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux > --- > > Linux smtp.working.co.za 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 > 12:19:21 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux > 33c33 > < 3.05 MIME::Base64 > --- > > 3.08 MIME::Base64 > 38c38 > < 3.03 MIME::QuotedPrint > --- > > 3.08 MIME::QuotedPrint > 51,53c51,53 > < 1.40 Test::Pod > < 0.6 Test::Simple > < 1.68 Time::HiRes > --- > > 1.26 Test::Pod > > 0.92 Test::Simple > > 1.9721 Time::HiRes > 65c65 > < 1.10 Digest > --- > > 1.16 Digest > 68c68 > < 2.10 Digest::SHA1 > --- > > 2.12 Digest::SHA1 > 90c90 > < 2.52 Test::Harness > --- > > 3.17 Test::Harness > 93c93 > < 1.35 URI > --- > > 1.40 URI > What is perl --version on these machines? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121108/ff13c8dc/attachment.html From paolg16 at gmail.com Thu Nov 8 21:14:21 2012 From: paolg16 at gmail.com (GiNo PaoLo) Date: Thu, 8 Nov 2012 16:14:21 -0500 Subject: error spamassassin Message-ID: Hi everyone, I have installed mailscanner-4.84.5-2 from tarball and i have a problem when "high scoring spam actions = notify store", spamassassin check and detect like high spam, then spam action said: "message actions are store, notify " then "notify user1 at dominio.com", but never pass to postfix to send mail with notification to the user, just the proccess there end. that i'snt all, because postfix found this message and pickup again the message with another ID and pass to the mailscanner, and mailscanner again analyze and repeat the procces of spam actions again. this loop follow to i remove the queue of postfix incoming. score spam= 3 score high spam= 5 postfix 2.7.1-1+squeeze1 spamassassin 3.3.1 installed from install_Clam-SA-latest.tar.gz from web mailscanner.info i hope your help. thnks -- GiNo PaoLo -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121108/d9a6cd73/attachment.html From paolg16 at gmail.com Thu Nov 8 21:29:21 2012 From: paolg16 at gmail.com (GiNo PaoLo) Date: Thu, 8 Nov 2012 16:29:21 -0500 Subject: mailscanner loop when notify Message-ID: Hi everyone, I have installed mailscanner-4.84.5-2 from tarball and i have a problem when "high scoring spam actions = notify store", spamassassin check and detect like high spam, then spam action said: "message actions are store, notify " then "notify user1 at dominio.com ", but never pass to postfix to send mail with notification to the user, just the proccess there end. that i'snt all, because postfix found this message and pickup again the message with another ID and pass to the mailscanner, and mailscanner again analyze and repeat the procces of spam actions again. this loop follow to i remove the queue of postfix incoming. score spam= 3 score high spam= 5 postfix 2.7.1-1+squeeze1 spamassassin 3.3.1 installed from install_Clam-SA-latest.tar.gz from webmailscanner.info i hope your help. thnks -- GiNo PaoLo -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121108/05a0b094/attachment.html From nwilson123 at gmail.com Fri Nov 9 06:54:08 2012 From: nwilson123 at gmail.com (Neil) Date: Fri, 9 Nov 2012 08:54:08 +0200 Subject: Problem messages when spam checks enabled In-Reply-To: References: <5098D71A.10701@tradoc.fr> <5099133F.7020509@tradoc.fr> Message-ID: On Thu, Nov 8, 2012 at 12:35 PM, Stephen Cox wrote: > On Thu, Nov 8, 2012 at 11:08 AM, Neil wrote: >> >> diff --suppress-common-lines /root/broken.txt /root/working.txt >> 1c1 >> < Linux mail.broken.co.za 2.6.32-279.5.2.el6.x86_64 #1 SMP Fri Aug 24 >> 01:07:11 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux >> --- >> > Linux smtp.working.co.za 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 >> > 12:19:21 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux >> 33c33 >> < 3.05 MIME::Base64 >> --- >> > 3.08 MIME::Base64 >> 38c38 >> < 3.03 MIME::QuotedPrint >> --- >> > 3.08 MIME::QuotedPrint >> 51,53c51,53 >> < 1.40 Test::Pod >> < 0.6 Test::Simple >> < 1.68 Time::HiRes >> --- >> > 1.26 Test::Pod >> > 0.92 Test::Simple >> > 1.9721 Time::HiRes >> 65c65 >> < 1.10 Digest >> --- >> > 1.16 Digest >> 68c68 >> < 2.10 Digest::SHA1 >> --- >> > 2.12 Digest::SHA1 >> 90c90 >> < 2.52 Test::Harness >> --- >> > 3.17 Test::Harness >> 93c93 >> < 1.35 URI >> --- >> > 1.40 URI > > > What is perl --version on these machines? Hi Stephen, Sorry for the late reply. Just checked now, both are the same.. Working.. This is perl, v5.10.1 (*) built for x86_64-linux-thread-multi Broken.. This is perl, v5.10.1 (*) built for x86_64-linux-thread-multi The only difference between the two that I can think of, is the Broken one was first installed with "MailScanner-4.84.3-1.rpm.tar.gz" and then it was upgraded later to "MailScanner-4.84.5-2.rpm.tar.gz" whereas the working one was installed fresh from "MailScanner-4.84.5-2.rpm.tar.gz" Not sure if this will have any affect? Thanks for your assistance. Regards. Neil Wilson. From stephencoxmail at gmail.com Fri Nov 9 08:20:42 2012 From: stephencoxmail at gmail.com (Stephen Cox) Date: Fri, 9 Nov 2012 10:20:42 +0200 Subject: Problem messages when spam checks enabled In-Reply-To: References: <5098D71A.10701@tradoc.fr> <5099133F.7020509@tradoc.fr> Message-ID: On Fri, Nov 9, 2012 at 8:54 AM, Neil wrote: > On Thu, Nov 8, 2012 at 12:35 PM, Stephen Cox > wrote: > > What is perl --version on these machines? > Just checked now, both are the same.. > > Working.. This is perl, v5.10.1 (*) built for x86_64-linux-thread-multi > Broken.. This is perl, v5.10.1 (*) built for x86_64-linux-thread-multi > > The only difference between the two that I can think of, is the Broken > one was first installed with "MailScanner-4.84.3-1.rpm.tar.gz" and > then it was upgraded later to "MailScanner-4.84.5-2.rpm.tar.gz" > whereas the working one was installed fresh from > "MailScanner-4.84.5-2.rpm.tar.gz" > > Not sure if this will have any affect? > What is the output of rpm -qf /usr/lib64/perl5/IO/File.pm on these machines? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121109/99345ef8/attachment.html From stephencoxmail at gmail.com Fri Nov 9 08:28:21 2012 From: stephencoxmail at gmail.com (Stephen Cox) Date: Fri, 9 Nov 2012 10:28:21 +0200 Subject: error spamassassin In-Reply-To: References: Message-ID: On Thu, Nov 8, 2012 at 11:14 PM, GiNo PaoLo wrote: > Hi everyone, > I have installed mailscanner-4.84.5-2 from tarball and i have a problem > when "high scoring spam actions = notify store", spamassassin check and > detect like high spam, then spam action said: "message actions are store, > notify " then "notify user1 at dominio.com", but never pass to postfix to > send mail with notification to the user, just the proccess there end. > that i'snt all, because postfix found this message and pickup again the > message with another ID and pass to the mailscanner, and mailscanner again > analyze and repeat the procces of spam actions again. > this loop follow to i remove the queue of postfix incoming. > > score spam= 3 > score high spam= 5 > > postfix 2.7.1-1+squeeze1 > spamassassin 3.3.1 installed from install_Clam-SA-latest.tar.gz from web > mailscanner.info Is 127.0.0.1 added in the whitelist @ MailScanner/rules/spam.whitelist.rules ? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121109/ba3bd8a8/attachment.html From nwilson123 at gmail.com Fri Nov 9 09:01:32 2012 From: nwilson123 at gmail.com (Neil) Date: Fri, 9 Nov 2012 11:01:32 +0200 Subject: Problem messages when spam checks enabled In-Reply-To: References: <5098D71A.10701@tradoc.fr> <5099133F.7020509@tradoc.fr> Message-ID: On Fri, Nov 9, 2012 at 10:20 AM, Stephen Cox wrote: > On Fri, Nov 9, 2012 at 8:54 AM, Neil wrote: >> >> On Thu, Nov 8, 2012 at 12:35 PM, Stephen Cox >> wrote: >> > What is perl --version on these machines? >> Just checked now, both are the same.. >> >> Working.. This is perl, v5.10.1 (*) built for x86_64-linux-thread-multi >> Broken.. This is perl, v5.10.1 (*) built for x86_64-linux-thread-multi >> >> The only difference between the two that I can think of, is the Broken >> one was first installed with "MailScanner-4.84.3-1.rpm.tar.gz" and >> then it was upgraded later to "MailScanner-4.84.5-2.rpm.tar.gz" >> whereas the working one was installed fresh from >> "MailScanner-4.84.5-2.rpm.tar.gz" >> >> Not sure if this will have any affect? > > > What is the output of rpm -qf /usr/lib64/perl5/IO/File.pm on these machines? Broken: perl-5.10.1-127.el6.x86_64 Working: perl-5.10.1-127.el6.x86_64 Thanks! Neil Wilson. From glenn.steen at gmail.com Fri Nov 9 15:11:28 2012 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri, 9 Nov 2012 16:11:28 +0100 Subject: mailscanner loop when notify In-Reply-To: References: Message-ID: On 8 November 2012 22:29, GiNo PaoLo wrote: > > Hi everyone, > I have installed mailscanner-4.84.5-2 from tarball and i have a problem > when "high scoring spam actions = notify store", spamassassin check and > detect like high spam, then spam action said: "message actions are store, > notify " then "notify user1 at dominio.com", but never pass to postfix to > send > mail with notification to the user, just the proccess there end. > that i'snt all, because postfix found this message and pickup again the > message with another ID and pass to the mailscanner, and mailscanner again > analyze and repeat the procces of spam actions again. > this loop follow to i remove the queue of postfix incoming. > > score spam= 3 > score high spam= 5 > > postfix 2.7.1-1+squeeze1 > spamassassin 3.3.1 installed from install_Clam-SA-latest.tar.gz from web > mailscanner.info > > i hope your help. > > thnks > > If you check the processing database, do the problem IDs "linger" there? If you do a debug run (stop MailScanner, supply the message, run "MailScanner --debug" as the postfix user... ISTR the wiki containing more detailed instructions;), and check that MailScanner isn't dying on you... Might be the usual taint problem (cured by the -U fix)... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From paolg16 at gmail.com Fri Nov 9 19:37:41 2012 From: paolg16 at gmail.com (GiNo PaoLo) Date: Fri, 9 Nov 2012 14:37:41 -0500 Subject: error spamassassin In-Reply-To: References: Message-ID: thanks it works!!! but now i have another problem, the message marked lik spam, doesnt store in quarantine/spam, just store the header, and i check that "quarantine whole message = yes" y quarantine whole messages as queue files =yes" in MailScanner.conf. On Fri, Nov 9, 2012 at 3:28 AM, Stephen Cox wrote: > On Thu, Nov 8, 2012 at 11:14 PM, GiNo PaoLo wrote: > >> Hi everyone, >> I have installed mailscanner-4.84.5-2 from tarball and i have a problem >> when "high scoring spam actions = notify store", spamassassin check and >> detect like high spam, then spam action said: "message actions are store, >> notify " then "notify user1 at dominio.com", but never pass to postfix to >> send mail with notification to the user, just the proccess there end. >> that i'snt all, because postfix found this message and pickup again the >> message with another ID and pass to the mailscanner, and mailscanner again >> analyze and repeat the procces of spam actions again. >> this loop follow to i remove the queue of postfix incoming. >> >> score spam= 3 >> score high spam= 5 >> >> postfix 2.7.1-1+squeeze1 >> spamassassin 3.3.1 installed from install_Clam-SA-latest.tar.gz from web >> mailscanner.info > > > Is 127.0.0.1 added in the whitelist @ > MailScanner/rules/spam.whitelist.rules ? > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- GiNo PaoLo -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121109/e5d5b148/attachment.html From stephencoxmail at gmail.com Sat Nov 10 07:01:01 2012 From: stephencoxmail at gmail.com (Stephen Cox) Date: Sat, 10 Nov 2012 09:01:01 +0200 Subject: error spamassassin In-Reply-To: References: Message-ID: On Fri, Nov 9, 2012 at 9:37 PM, GiNo PaoLo wrote: > thanks it works!!! but now i have another problem, the message marked lik > spam, doesnt store in quarantine/spam, just store the header, and i check > that "quarantine whole message = yes" y quarantine whole messages as queue > files =yes" in MailScanner.conf. > If the spam score is larger than {High SpamAssassin Score} the {High Scoring Spam Actions} will be used instead of the {Spam Actions} in MailScanner.conf -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121110/e3aa92de/attachment.html From MailScanner at ecs.soton.ac.uk Sat Nov 10 13:15:34 2012 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sat, 10 Nov 2012 13:15:34 +0000 Subject: FIXED: missing or disappearing MessageBatch.pm problem References: <509E5376.4060902@ecs.soton.ac.uk> Message-ID: I have just released a tiny update for MailScanner 4.84.5-3 which fixes the problem where clamd would quarantine MessageBatch.pm because it should it had a virus in it. It does indeed have a copy of EICAR in it (a 100% safe test string used for testing virus scanners), and I have now encoded it rather better so that clamd won't find it. Cheers! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'Teach a man to reason, and he will think for a lifetime.' - Phil Plait 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From doctor at doctor.nl2k.ab.ca Sat Nov 10 13:56:26 2012 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Sat, 10 Nov 2012 06:56:26 -0700 Subject: FIXED: missing or disappearing MessageBatch.pm problem In-Reply-To: References: <509E5376.4060902@ecs.soton.ac.uk> Message-ID: <20121110135626.GA11920@doctor.nl2k.ab.ca> On Sat, Nov 10, 2012 at 01:15:34PM +0000, Jules Field wrote: > I have just released a tiny update for MailScanner 4.84.5-3 which fixes > the problem where clamd would quarantine MessageBatch.pm because it > should it had a virus in it. > > It does indeed have a copy of EICAR in it (a 100% safe test string used > for testing virus scanners), and I have now encoded it rather better so > that clamd won't find it. > > Cheers! > > Jules > Glad to see you again! > -- > Julian Field MEng CITP CEng > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > Need help customising MailScanner? Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM > > 'Teach a man to reason, and he will think for a lifetime.' - Phil Plait > 'All programs have a desire to be useful' - Tron, 1982 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Member - Liberal International This is doctor at nl2k.ab.ca Ici doctor at nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Lest We Forget 11 NOv 2012 From doctor at doctor.nl2k.ab.ca Sat Nov 10 19:22:45 2012 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Sat, 10 Nov 2012 12:22:45 -0700 Subject: FIXED: missing or disappearing MessageBatch.pm problem In-Reply-To: References: <509E5376.4060902@ecs.soton.ac.uk> Message-ID: <20121110192245.GA6646@doctor.nl2k.ab.ca> On Sat, Nov 10, 2012 at 01:15:34PM +0000, Jules Field wrote: > I have just released a tiny update for MailScanner 4.84.5-3 which fixes > the problem where clamd would quarantine MessageBatch.pm because it > should it had a virus in it. > > It does indeed have a copy of EICAR in it (a 100% safe test string used > for testing virus scanners), and I have now encoded it rather better so > that clamd won't find it. > > Cheers! > > Jules > Just tried to run this with exim and everything skewed up. Using perl 5.16.2 . Temporarily took MailScaner off as it was not passing passing mail to the out queue. No sign of processing. MailScanner --debug hung. All right do we need to update the perl modules? What should be tested? > -- > Julian Field MEng CITP CEng > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > Need help customising MailScanner? Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM > > 'Teach a man to reason, and he will think for a lifetime.' - Phil Plait > 'All programs have a desire to be useful' - Tron, 1982 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Member - Liberal International This is doctor at nl2k.ab.ca Ici doctor at nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Lest We Forget 11 NOv 2012 From john at tradoc.fr Sun Nov 11 09:25:13 2012 From: john at tradoc.fr (John Wilcock) Date: Sun, 11 Nov 2012 10:25:13 +0100 Subject: FIXED: missing or disappearing MessageBatch.pm problem In-Reply-To: References: <509E5376.4060902@ecs.soton.ac.uk> Message-ID: <509F6EF9.1060203@tradoc.fr> Le 10/11/2012 14:15, Jules Field a ?crit : > I have just released a tiny update for MailScanner 4.84.5-3 which fixes > the problem where clamd would quarantine MessageBatch.pm because it > should it had a virus in it. > > It does indeed have a copy of EICAR in it (a 100% safe test string used > for testing virus scanners), and I have now encoded it rather better so > that clamd won't find it. Good to hear from you, Jules. What's the situation of your updates compared with the github repository you entrusted to Andrew and Stephen? AFAICT the latest pushes to that aren't included in your 4.84.5-3. -- John From paul at welshfamily.com Mon Nov 12 01:19:49 2012 From: paul at welshfamily.com (Paul Welsh) Date: Mon, 12 Nov 2012 01:19:49 +0000 Subject: dnswl.org and phishing Message-ID: Hi all Bit off-topic but thought I'd mention dnswl.org which the spamassassin wiki describes here - http://wiki.apache.org/spamassassin/Rules/RCVD_IN_DNSWL_MED - and which describes itself as "the leading whitelist provider for email filtering". I was tweaking my spam.assassin.prefs.conf today and noticed RCVD_IN_DNSWL_MED gets a -2.3 spamassassin score by default. However, on doing some digging I noticed this: 2012-11-10 11:01:45 1TX8or-0008Fj-1P <= service at santander.co.uk H=p02c11o144.mxlogic.net [208.65.144.77] P=esmtps X=TLSv1:AES256-SHA:256 S=3244 id=FS3rRZ1UbDBRArVc4Iu00000255 at fs3.ellison.local T="YOUR ONLINE ACCOUNT HAS BEEN SUSPENDED" from for This phishing email came from mxlogic.net, now called McAfee SaaS Email Protection & Continuity. dnswl.org gives mxlogic.net a classification of: "Medium Rare spam occurrences, corrected promptly." Fair enough, this is doubtless one of those rare occurrences but I just thought I'd highlight that phishing does appear to be getting through mxlogic.net and because of dnswl.org's treatment of it, spamassassin is subtracting nearly 3 points from its score. In the case of the phishing mail I saw, it still got picked up as high scoring spam and deleted but had the attempts to forge the Outlook headers been better and/or had I given RCVD_IN_DNSWL_MED a higher negative score (which I was seriously considering doing), this would have been delivered: Nov 10 11:01:50 mail MailScanner[27602]: Message 1TX8or-0008Fj-1P from 208.65.144.77 (service at santander.co.uk) to is spam, SpamAssassin (score=10.984, required 6, autolearn=disabled, AXB_XMAILER_MIMEOLE_OL_1ECD5 3.26, FORGED_MUA_OUTLOOK 2.79, FORGED_OUTLOOK_HTML 0.00, FROM_MISSPACED 0.00, FROM_MISSP_EH_MATCH 0.00, FROM_MISSP_MSFT 0.00, FROM_MISSP_URI 0.00, FROM_MISSP_USER 0.00, FSL_NEW_HELO_USER 0.00, HTML_IMAGE_ONLY_16 1.05, HTML_MESSAGE 0.00, HTML_TAG_BALANCE_BODY 0.71, MIME_HTML_ONLY 1.10, MISSING_HEADERS 1.21, NSL_RCVD_FROM_USER 0.00, RCVD_IN_DNSWL_MED -2.30, SUBJ_ALL_CAPS 1.62, TVD_PH_BODY_ACCOUNTS_PRE 1.53, T_REMOTE_IMAGE 0.01) Nov 10 11:01:50 mail MailScanner[27602]: Non-delivery of spam: message 1TX8or-0008Fj-1P from service at santander.co.uk to with subject YOUR ONLINE ACCOUNT HAS BEEN SUSPENDED Nov 10 11:01:50 mail MailScanner[27602]: Spam Actions: message 1TX8or-0008Fj-1P actions are delete From stephencoxmail at gmail.com Mon Nov 12 12:51:27 2012 From: stephencoxmail at gmail.com (Stephen Cox) Date: Mon, 12 Nov 2012 14:51:27 +0200 Subject: dnswl.org and phishing In-Reply-To: References: Message-ID: On Mon, Nov 12, 2012 at 3:19 AM, Paul Welsh wrote: > Hi all > > Bit off-topic but thought I'd mention dnswl.org which the spamassassin > wiki describes here - > http://wiki.apache.org/spamassassin/Rules/RCVD_IN_DNSWL_MED - and > which describes itself as "the leading whitelist provider for email > filtering". > > I was tweaking my spam.assassin.prefs.conf today and noticed > RCVD_IN_DNSWL_MED gets a -2.3 spamassassin score by default. However, > on doing some digging I noticed this: > > 2012-11-10 11:01:45 1TX8or-0008Fj-1P <= service at santander.co.uk > H=p02c11o144.mxlogic.net [208.65.144.77] P=esmtps > X=TLSv1:AES256-SHA:256 S=3244 > id=FS3rRZ1UbDBRArVc4Iu00000255 at fs3.ellison.local T="YOUR ONLINE > ACCOUNT HAS BEEN SUSPENDED" from for > > This phishing email came from mxlogic.net, now called McAfee SaaS > Email Protection & Continuity. dnswl.org gives mxlogic.net a > classification of: > "Medium Rare spam occurrences, corrected promptly." > > Fair enough, this is doubtless one of those rare occurrences but I > just thought I'd highlight that phishing does appear to be getting > through mxlogic.net and because of dnswl.org's treatment of it, > spamassassin is subtracting nearly 3 points from its score. > > In the case of the phishing mail I saw, it still got picked up as high > scoring spam and deleted but had the attempts to forge the Outlook > headers been better and/or had I given RCVD_IN_DNSWL_MED a higher > negative score (which I was seriously considering doing), this would > have been delivered: > > Nov 10 11:01:50 mail MailScanner[27602]: Message 1TX8or-0008Fj-1P from > 208.65.144.77 (service at santander.co.uk) to is spam, > SpamAssassin (score=10.984, required 6, autolearn=disabled, > AXB_XMAILER_MIMEOLE_OL_1ECD5 3.26, FORGED_MUA_OUTLOOK 2.79, > FORGED_OUTLOOK_HTML 0.00, FROM_MISSPACED 0.00, FROM_MISSP_EH_MATCH > 0.00, FROM_MISSP_MSFT 0.00, FROM_MISSP_URI 0.00, FROM_MISSP_USER 0.00, > FSL_NEW_HELO_USER 0.00, HTML_IMAGE_ONLY_16 1.05, HTML_MESSAGE 0.00, > HTML_TAG_BALANCE_BODY 0.71, MIME_HTML_ONLY 1.10, MISSING_HEADERS 1.21, > NSL_RCVD_FROM_USER 0.00, RCVD_IN_DNSWL_MED -2.30, SUBJ_ALL_CAPS 1.62, > TVD_PH_BODY_ACCOUNTS_PRE 1.53, T_REMOTE_IMAGE 0.01) > Nov 10 11:01:50 mail MailScanner[27602]: Non-delivery of spam: message > 1TX8or-0008Fj-1P from service at santander.co.uk to with subject > YOUR ONLINE ACCOUNT HAS BEEN SUSPENDED > Nov 10 11:01:50 mail MailScanner[27602]: Spam Actions: message > 1TX8or-0008Fj-1P actions are delete Thanks for sharing! -- Stephen Cox -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121112/17a59ee0/attachment.html From stephencoxmail at gmail.com Mon Nov 12 12:55:18 2012 From: stephencoxmail at gmail.com (Stephen Cox) Date: Mon, 12 Nov 2012 14:55:18 +0200 Subject: FIXED: missing or disappearing MessageBatch.pm problem In-Reply-To: <509F6EF9.1060203@tradoc.fr> References: <509E5376.4060902@ecs.soton.ac.uk> <509F6EF9.1060203@tradoc.fr> Message-ID: On Sun, Nov 11, 2012 at 11:25 AM, John Wilcock wrote: > Le 10/11/2012 14:15, Jules Field a ?crit : > > I have just released a tiny update for MailScanner 4.84.5-3 which fixes > > the problem where clamd would quarantine MessageBatch.pm because it > > should it had a virus in it. > > > > It does indeed have a copy of EICAR in it (a 100% safe test string used > > for testing virus scanners), and I have now encoded it rather better so > > that clamd won't find it. > > Good to hear from you, Jules. > > What's the situation of your updates compared with the github repository > you entrusted to Andrew and Stephen? AFAICT the latest pushes to that > aren't included in your 4.84.5-3. > > Jules has no spare time to spend on MailScanner. I received the patch from him and will merge it when I find the time. > -- > John > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Stephen Cox -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121112/9c54a7f4/attachment.html From stephencoxmail at gmail.com Mon Nov 12 12:58:46 2012 From: stephencoxmail at gmail.com (Stephen Cox) Date: Mon, 12 Nov 2012 14:58:46 +0200 Subject: FIXED: missing or disappearing MessageBatch.pm problem In-Reply-To: <20121110192245.GA6646@doctor.nl2k.ab.ca> References: <509E5376.4060902@ecs.soton.ac.uk> <20121110192245.GA6646@doctor.nl2k.ab.ca> Message-ID: On Sat, Nov 10, 2012 at 9:22 PM, The Doctor wrote: > On Sat, Nov 10, 2012 at 01:15:34PM +0000, Jules Field wrote: > > I have just released a tiny update for MailScanner 4.84.5-3 which fixes > > the problem where clamd would quarantine MessageBatch.pm because it > > should it had a virus in it. > > > > It does indeed have a copy of EICAR in it (a 100% safe test string used > > for testing virus scanners), and I have now encoded it rather better so > > that clamd won't find it. > > > > Cheers! > > > > Jules > > > > Just tried to run this with exim and everything skewed up. > The change is a simple patch compared to the previous version. From what version did you upgrade? > > Using perl 5.16.2 . > What distro? > > Temporarily took MailScaner off as it was not passing passing mail to the > out > queue. No sign of processing. > > MailScanner --debug hung. > > All right do we need to update the perl modules? > > What should be tested? > > > -- > > Julian Field MEng CITP CEng > > www.MailScanner.info > > > > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? Contact me! > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > Follow me at twitter.com/JulesFM > > > > 'Teach a man to reason, and he will think for a lifetime.' - Phil Plait > > 'All programs have a desire to be useful' - Tron, 1982 > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > Member - Liberal International This is doctor at nl2k.ab.ca Ici > doctor at nl2k.ab.ca > God,Queen and country!Never Satan President Republic!Beware AntiChrist > rising! > http://www.fullyfollow.me/rootnl2k Lest We Forget 11 NOv 2012 > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Stephen Cox -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121112/fb54f789/attachment.html From doctor at doctor.nl2k.ab.ca Mon Nov 12 18:44:02 2012 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Mon, 12 Nov 2012 11:44:02 -0700 Subject: MailScanner, winmail.dat, docx and anitword Message-ID: <20121112184402.GA24158@doctor.nl2k.ab.ca> All right. Are there any updates for MilScanner so that modern winmail.dat files can be read? -- Member - Liberal International This is doctor at nl2k.ab.ca Ici doctor at nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Lest We Forget 11 NOv 2012 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maxsec at gmail.com Mon Nov 12 21:09:09 2012 From: maxsec at gmail.com (Martin Hepworth) Date: Mon, 12 Nov 2012 21:09:09 +0000 Subject: MailScanner, winmail.dat, docx and anitword In-Reply-To: <20121112184402.GA24158@doctor.nl2k.ab.ca> References: <20121112184402.GA24158@doctor.nl2k.ab.ca> Message-ID: What version of mailscanner are you using And more importantly why are you still having to cope with winmail.dat which is outdated insecure and still a bad idea :-) Martin On Monday, 12 November 2012, The Doctor wrote: > All right. > > Are there any updates for MilScanner so that modern > winmail.dat files can be read? > > -- > Member - Liberal International This is doctor at nl2k.ab.ca Ici > doctor at nl2k.ab.ca > God,Queen and country!Never Satan President Republic!Beware AntiChrist > rising! > http://www.fullyfollow.me/rootnl2k Lest We Forget 11 NOv 2012 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121112/c8231409/attachment.html From doctor at doctor.nl2k.ab.ca Mon Nov 12 21:28:23 2012 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Mon, 12 Nov 2012 14:28:23 -0700 Subject: MailScanner, winmail.dat, docx and anitwordy In-Reply-To: References: <20121112184402.GA24158@doctor.nl2k.ab.ca> Message-ID: <20121112212823.GA2264@doctor.nl2k.ab.ca> On Mon, Nov 12, 2012 at 09:09:09PM +0000, Martin Hepworth wrote: > What version of mailscanner are you using > 4.84.5-2 > And more importantly why are you still having to cope with winmail.dat > which is outdated insecure and still a bad idea :-) > Because people using Outhouse Excess and Windopws Mail vista Onwards still uses that. Also docx xlsx pptx are not accounted for. > Martin > > On Monday, 12 November 2012, The Doctor wrote: > > > All right. > > > > Are there any updates for MilScanner so that modern > > winmail.dat files can be read? > > > > -- > > Member - Liberal International This is doctor at nl2k.ab.ca Ici > > doctor at nl2k.ab.ca > > God,Queen and country!Never Satan President Republic!Beware AntiChrist > > rising! > > http://www.fullyfollow.me/rootnl2k Lest We Forget 11 NOv 2012 > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > -- > -- > Martin Hepworth, CISSP > Oxford, UK > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > This message has been 'sanitized'. This means that potentially > dangerous content has been rewritten or removed. The following > log describes which actions were taken. > > Sanitizer (start="1352754823"): > Part (pos="3350"): > Part (pos="107"): > SanitizeFile (filename="unnamed.txt", mimetype="text/plain"): > Match (names="unnamed.txt", rule="2"): > Enforced policy: accept > > Part (pos="1223"): > SanitizeFile (filename="unnamed.html, filetype.html", mimetype="text/html"): > Match (names="unnamed.html, filetype.html", rule="2"): > Enforced policy: accept > > Note: Styles and layers give attackers many tools to fool the > user and common browsers interpret Javascript code found > within style definitions. > > Rewrote HTML tag: >>_div_<< > as: >>_p__DEFANGED_div_<< > Rewrote HTML tag: >>_/div_<< > as: >>_/p__DEFANGED_div_<< > Rewrote HTML tag: >>_div_<< > as: >>_p__DEFANGED_div_<< > Rewrote HTML tag: >>_/div_<< > as: >>_/p__DEFANGED_div_<< > Rewrote HTML tag: >>_div_<< > as: >>_p__DEFANGED_div_<< > Rewrote HTML tag: >>_/div_<< > as: >>_/p__DEFANGED_div_<< > Rewrote HTML tag: >>_div_<< > as: >>_p__DEFANGED_div_<< > Rewrote HTML tag: >>_span_<< > as: >>_DEFANGED_span_<< > Rewrote HTML tag: >>_/span_<< > as: >>_/DEFANGED_span_<< > Rewrote HTML tag: >>_blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"_<< > as: >>_blockquote class="gmail_quote" DEFANGED_style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"_<< > Rewrote HTML tag: >>_a href="javascript:;" onclick="_e(event, 'cvml', 'doctor at nl2k.ab.ca')"_<< > as: >>_a DEFANGED_href="javascript:;" DEFANGED_onclick="_e(event, 'cvml', 'doctor at nl2k.ab.ca')"_<< > Rewrote HTML tag: >>_a href="javascript:;" onclick="_e(event, 'cvml', 'doctor at nl2k.ab.ca')"_<< > as: >>_a DEFANGED_href="javascript:;" DEFANGED_onclick="_e(event, 'cvml', 'doctor at nl2k.ab.ca')"_<< > Rewrote HTML tag: >>_a href="javascript:;" onclick="_e(event, 'cvml', 'mailscanner at lists.mailscanner.info')"_<< > as: >>_a DEFANGED_href="javascript:;" DEFANGED_onclick="_e(event, 'cvml', 'mailscanner at lists.mailscanner.info')"_<< > Rewrote HTML tag: >>_/div_<< > as: >>_/p__DEFANGED_div_<< > > Part (pos="6549"): > SanitizeFile (filename="unnamed.txt", mimetype="text/plain"): > Match (names="unnamed.txt", rule="2"): > Enforced policy: accept > > Total modifications so far: 17 > > > Anomy 0.0.0 : Sanitizer.pm > $Id: Sanitizer.pm,v 1.94 2006/01/02 16:43:10 bre Exp $ -- Member - Liberal International This is doctor at nl2k.ab.ca Ici doctor at nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Lest We Forget 11 NOv 2012 From paolg16 at gmail.com Mon Nov 12 21:41:29 2012 From: paolg16 at gmail.com (GiNo PaoLo) Date: Mon, 12 Nov 2012 16:41:29 -0500 Subject: error spamassassin In-Reply-To: References: Message-ID: yes, i know, High score spam is 5 and scor spam is 3. but mailscanner doesnt report disarmed content like stored.content.message.txt, stored.virus.message.txt, and other stored messages, because sent mail with EICAR test content and dont stop, just deliver mail., sent mail with 20 attachments and mailscanner doesn't filter and dont send the message report. if you can explain me when reports are deliver to users, i would do something else, maybe something wrong with clamav or spamassassin?? On Sat, Nov 10, 2012 at 2:01 AM, Stephen Cox wrote: > On Fri, Nov 9, 2012 at 9:37 PM, GiNo PaoLo wrote: > >> thanks it works!!! but now i have another problem, the message marked lik >> spam, doesnt store in quarantine/spam, just store the header, and i check >> that "quarantine whole message = yes" y quarantine whole messages as queue >> files =yes" in MailScanner.conf. >> > > If the spam score is larger than {High SpamAssassin Score} the {High > Scoring Spam Actions} will be used instead of the {Spam Actions} in > MailScanner.conf > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- GiNo PaoLo -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121112/9790bce1/attachment.html From paolg16 at gmail.com Mon Nov 12 21:43:40 2012 From: paolg16 at gmail.com (GiNo PaoLo) Date: Mon, 12 Nov 2012 16:43:40 -0500 Subject: mailscanner loop when notify In-Reply-To: References: Message-ID: thanks Glenn, but i added 127.0.0.1 to whitelist of mailscanner and that works!!. thank for response. On Fri, Nov 9, 2012 at 10:11 AM, Glenn Steen wrote: > On 8 November 2012 22:29, GiNo PaoLo wrote: > > > > Hi everyone, > > I have installed mailscanner-4.84.5-2 from tarball and i have a problem > > when "high scoring spam actions = notify store", spamassassin check and > > detect like high spam, then spam action said: "message actions are store, > > notify " then "notify user1 at dominio.com", but never pass to postfix > to > > send > > mail with notification to the user, just the proccess there end. > > that i'snt all, because postfix found this message and pickup again the > > message with another ID and pass to the mailscanner, and mailscanner > again > > analyze and repeat the procces of spam actions again. > > this loop follow to i remove the queue of postfix incoming. > > > > score spam= 3 > > score high spam= 5 > > > > postfix 2.7.1-1+squeeze1 > > spamassassin 3.3.1 installed from install_Clam-SA-latest.tar.gz from web > > mailscanner.info > > > > i hope your help. > > > > thnks > > > > > If you check the processing database, do the problem IDs "linger" > there? If you do a debug run (stop MailScanner, supply the message, > run "MailScanner --debug" as the postfix user... ISTR the wiki > containing more detailed instructions;), and check that MailScanner > isn't dying on you... Might be the usual taint problem (cured by the > -U fix)... > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- GiNo PaoLo -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121112/dfc0086d/attachment.html From stephencoxmail at gmail.com Tue Nov 13 05:36:12 2012 From: stephencoxmail at gmail.com (Stephen Cox) Date: Tue, 13 Nov 2012 07:36:12 +0200 Subject: MailScanner, winmail.dat, docx and anitwordy In-Reply-To: <20121112212823.GA2264@doctor.nl2k.ab.ca> References: <20121112184402.GA24158@doctor.nl2k.ab.ca> <20121112212823.GA2264@doctor.nl2k.ab.ca> Message-ID: On Mon, Nov 12, 2012 at 11:28 PM, The Doctor wrote: > > And more importantly why are you still having to cope with winmail.dat > > which is outdated insecure and still a bad idea :-) > > Because people using Outhouse Excess and Windopws Mail vista Onwards > still uses that. > > > Also docx xlsx pptx are not accounted for. > Can you file a bug @ https://github.com/MailScanner/MailScanner/issues?milestone=1&state=open -- Stephen Cox -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121113/fc2c586a/attachment.html From konve at logout.cz Tue Nov 13 14:27:25 2012 From: konve at logout.cz (Dalimil Gala) Date: Tue, 13 Nov 2012 15:27:25 +0100 Subject: CRM114 css not updating In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04B1074@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB04B1052@winchester.andrewscompanies.com><27348762.10521186080876081.JavaMail.root@office.splatnix.net><1964AAFBC212F742958F9275BF63DBB04B1056@winchester.andrewscompanies.com> <4D1CD0994309F84BA83DF998BF0075AF35AA2DC4@ts-dc2.TS-Webarts.local> <1964AAFBC212F742958F9275BF63DBB04B1074@winchester.andrewscompanies.com> Message-ID: <50A258CD.4030905@logout.cz> Hi, my apologies for posting into 5+ years dead topic but I had spent couple of hours until I discovered that the autolearning doesn't work without SA plugin "Mail::SpamAssassin::Plugin::AutoLearnThreshold" enabled (to be found in /etc/mail/spamassassin/v330.pre). The "bayes_auto_learn" must be switched on too (to be found in /opt/MailScanner/etc/spam.assassin.prefs.conf) --dg Steven Andrews wrote: > > Thanks for the tips; been down that road a few dozen times already; but I reviewed it just the same. > > When I turn that option on, it does actually log mail to allmail.txt and I do get content into the reaver_cache under texts and prob_good; but no updates to the css files and no scoring. > > Steve > > -----Original Message----- > From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of MailScanner Mailinglist > Sent: Friday, August 03, 2007 7:39 PM > To: MailScanner discussion > Subject: AW: RE: CRM114 css not updating > > Hi, > > please make sure, you have copied the file /usr/share/doc/crm114-0/mailfilter.cf into the directory /etc/mail/spamassassin/crm114 > > Please make also sure you have the following files in your /etc/mail/spamassassin/crm114 directory: > > priolist.mfp > allmail.txt > rewrites.mfp > > Last but not least you need to set chmod -R 777 to /etc/mail/spamassassin/crm114/reaver_cache > > Regards, > > Roland > > -----Urspr?ngliche Nachricht----- > Von: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] Im Auftrag von Steven Andrews > Gesendet: Donnerstag, 2. August 2007 20:55 > An: MailScanner discussion > Betreff: RE: CRM114 css not updating > > I have. > > Crm114.cf: > # these two lines are necessary to activate the plugin: > loadplugin crm114 crm114.pm > full CRM114_CHECK eval:check_crm() > > # this high priority is not necessary. but running late allows us # to compare the CRM score and the result of all previous SA tests # # 899 is chosen as an optimization because FuzzyOCR runs at 900 # thus if CRM already yields a high SA score, # then FuzzyOCR will decide to skip its tests priority CRM114_CHECK 899 > > # commandline to execute CRM114 > # default: crm -u ~/.crm114 mailreaver.crm #crm114_command /usr/local/bin/crm -u /var/amavis/.crm114 mailreaver.crm crm114_command /usr/bin/crm -u /etc/mail/spamassassin/crm114 mailreaver.crm > > # let SA add header lines to processed mails #add_header all CRM114-Version _CRM114VERSION_ #add_header all CRM114-CacheID _CRM114CACHEID_ add_header all CRM114-Status _CRM114STATUS_ ( _CRM114SCORE_ ) > > # ignore existing X-Spam or X-Virus headers # if SpamAssassin is called by Amavis then use the same value as Amavis does. > # that way a SA-check from Amavis and on from the command line both see the same # Headers # default: 0 #crm114_remove_existing_spam_headers 1 #crm114_remove_existing_virus_headers 1 > > # dynamic score > # values: 0 - returns subtest results > # 1 - returns a dynamic CRM score (default) > #crm114_dynscore 1 > > # dynamic score normalization factor > # CRM score have much higher absolute values and different signs than SA scores # (usual ham-scores are between 15 and 40, scores from -10 to 10 are undecided, # previously seen spam easily gets -200). > # With dynamic scoring the SA score is calculated by: * crm114_dynscore_factor # # Notes: - this has to be a negative number! > # - the absolute value should be quite low (certainly<.3, > probably<=.2), > # otherwise the returned score would override all other tests. > # default: calculate factor so that CRM-score -25 yields the SA required spam threshold #crm114_dynscore_factor -0.05 > > # static scores > # without dynamic scores these scores are used # default values are respectively -3, 0, 3 for good, unsure, spam > #crm114_staticscore_good -3.0 > #crm114_staticscore_unsure 0.0 > #crm114_staticscore_spam 3.0 > > # should CRM114 be trained by SA? > # If enabled, then a call to Mail::SpamAssassin->learn() or # "spamassassin --report/--revoke" also calls the CRM114 plugin. > # Since CRM114 uses a "Train On Error" strategy the plugin will check the # reported mail and only learn it if it is not not classified correctly. > # default: 0 > #crm114_learn 1 > > # should CRM114 be trained by SA-autolearn? > # If enabled, then SA's autolearn also calls the CRM114 plugin. > # > # This is different from :automatic_training: in CRM114's mailfilter.cf # because SA's score is influenced by several different factors while # CRM114 has to rely on its own classification. > # But anyway: Only activate this if you know what you're doing! > # default: 0 > crm114_autolearn 1 > > # should we preserve the CRM114-CacheID for training or discard it? > # > # to use the cache enable it in mailfilter.cf, set this option, and # include the CacheID into all Mails with # "add_header all CRM114-CacheID _CRM114CACHEID_" > # -- otherwise disable this option to strip CacheIDs before training # default: 0 #crm114_use_cacheid 1 > > # should we skip CRM114 if other tests indicate certain spam/ham? > # > # disable CRM114 if a message already has a score (from other tests) # less than crm114_autodisable_negative_score or # more than crm114_autodisable_score. > # > # default: -999/999 > # crm114_autodisable_negative_score -999 # crm114_autodisable_score 999 > > Output: > Using username "root". > Last login: Thu Aug 2 14:50:43 2007 from 192.168.1.200 [root at spamfilter ~]# cssutil -b -r /etc/mail/spamassassin/crm114/spam.css > > Sparse spectra file /etc/mail/spamassassin/crm114/spam.css statistics: > > Total available buckets : 1048577 > Total buckets in use : 0 > Total in-use zero-count buckets : 0 > Total buckets with value>= max : 0 > Total hashed datums in file : 0 > Documents learned : 1 > Features learned : 1 > Average datums per bucket : 0.00 > Maximum length of overflow chain : 0 > Average length of overflow chain : 0.00 > Average packing density : 0.00 > > [root at spamfilter ~]# cssutil -b -r > /etc/mail/spamassassin/crm114/nonspam.css > > Sparse spectra file /etc/mail/spamassassin/crm114/nonspam.css > statistics: > > Total available buckets : 1048577 > Total buckets in use : 0 > Total in-use zero-count buckets : 0 > Total buckets with value>= max : 0 > Total hashed datums in file : 0 > Documents learned : 1 > Features learned : 1 > Average datums per bucket : 0.00 > Maximum length of overflow chain : 0 > Average length of overflow chain : 0.00 > Average packing density : 0.00 > > > -----Original Message----- > From: mailscanner-bounces at lists.mailscanner.info > [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of UxBoD > Sent: Thursday, August 02, 2007 2:55 PM > To: MailScanner discussion > Subject: Re: CRM114 css not updating > > Have you set it to autolearn in crm114.cf ? What does it show if you do a cssutil -b -r spam.css and cssutil -b -r nonspam.css ? > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // > Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 > 2749 SIP Phone: uxbod at sip.splatnix.net > > ----- Original Message ----- > From: "Steven Andrews" > To: "MailScanner discussion" > Sent: Thursday, August 2, 2007 7:22:43 PM (GMT) Europe/London > Subject: CRM114 css not updating > > Centos4 > Been throught wiki regarding install twice and I haven't missed anything. > > Spamassassin -D --lint shows it's being called and allmail.txt is catching incoming mail; no errors. > Running the test from MailWatch, blows up with: > > [12961] dbg: crm114: crm114_command run 0.01892 > ERROR: mailreaver.crm broke. Here's the error\: 0.02391 > ERROR: 0.00025 > /usr/bin/crm: *ERROR* 9E-05 > For some reason, I was unable to write-open the file named allmail.txt > 9E-05 > Sorry, but this program is very sick and probably should be killed off. > 8E-05 > This happened at line 165 of file mailreaver.crm 8E-05 [12961] dbg: > info: leaving helper-app run mode 0.0009 [12961] dbg: crm114: call_crm returns (UNKNOWN, 0) 0.00069 [12961] warn: crm114: Error. Failed to get CRM114-Status. at /etc/mail/spamassassin/crm114.pm line 315. > > I kind of expect that since it's running as apache; everything else as root. > > So, I give it a quick chmod 777 and I get a little further: > > [13748] dbg: crm114: crm114_command run 0.01103 > ERROR: maillib.crm broke. Here's the error\: 0.06252 > ERROR: 0.00026 > /usr/bin/crm: *WARNING* 9E-05 > Couldn't memory-map the table file spam.css 8E-05 I'll try to keep working. 7E-05 This happened at line 662 of file mailreaver.crm 8E-05 [13748] dbg: info: leaving helper-app run mode 0.00086 [13748] dbg: > crm114: call_crm returns (UNKNOWN, 0) 0.00069 [13748] warn: crm114: > Error. Failed to get CRM114-Status. at /etc/mail/spamassassin/crm114.pm line 315. > > Got it, Ok, 777 for the css files too. > > [14005] dbg: crm114: crm114_command run 0.02064 [14005] dbg: crm114: > found version 20070301-BlameBaltar ( TRE 0.7.5 > (LGPL) ) MR-BD9991E2 0.07717 > [14005] dbg: crm114: found CacheID sfid-20070802_140925_378605_D6AAF116 > 0.00043 > [14005] dbg: crm114: found status UNSURE and score 0.00 0.00029 [14005] > dbg: crm114: found Notice Please train this message. 0.00029 [14005] > dbg: info: leaving helper-app run mode 0.00125 [14005] dbg: crm114: > call_crm returns (UNSURE, 0.00) 0.00069 [14005] dbg: crm114: score is 0.0000, translated to SA score: -0.0000, linear factor was -0.2000 > > Looks good; doublecheck spamassassin -D --lint show no errors. > > The spam.css and nospam.css files still refuse to move beyond the timestamp from their creation time. Cssutil -b -r > /etc/mail/spamassassin/crm114 still shows the base info. > > Messages have -0.00 CRM114_CHECK. I even set it to use static scoring and all I get is the unsure score. I do see items adding to the /reaver_cache/texts directory. Nothing in the other reaver_cache directories. > > I've done the requisite banging on my mouse and pounding my head on the desk, but that didn't work either. > > Any thoughts? > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. > > > > -- > This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > ---------------------------------------------------------- > Diese Nachricht wurde von mailMind(R) auf Viren und andere gefaehrliche Inhalte untersucht und ist sauber. > --- mailMind(R) - we have your Mailsecurity in mind! > http://www.mailmind.de --- > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From max at inmindlabs.com Wed Nov 14 19:58:23 2012 From: max at inmindlabs.com (Max Kipness) Date: Wed, 14 Nov 2012 13:58:23 -0600 Subject: Spam increasing Message-ID: <11375BD8FE838A409E10DB32B9BFFE9B6AF149@addc01.assuredata.local> Hello - I set up a new MailScanner system with the latest software, version of SpamAssassin with Bayes, etc. a couple of month ago. It was working really well for a while, but in the last week we've started getting bombed with loan, medicine spam, etc. The most prevalent spam email of late is the one that has wide but short image that tries to present itself at the top of the email. All the images look the same size across different spam topics and different senders, but of course Outlook blocks the image with a red x. Well when I look at the score, most have a fairly high score except for the Bayes which will usually be at 50%. So this causes it to be considered non spam. I send tons of these for learning, but no change. The next one will come in with a 50% bayes score. At this point is this considered Bayes Poisoning? Should I start over on Bayes? I manage the system, so I also have an IMAP account to the MS system and created a program that grabs the email out of my IMAP spam folder, sends it for learning, and then saves it in an mbox file. So I have every spam message I've ever sent. So would the best course at this point be to start clean on Bayes and then feed all the spam back in? FYI, this MS system does filter tons of spam. Yesterday's count was 6,702 spam caught. But I've seen an increase from 1 or 2 a day personally to about 10 - 20, some of them going to Outlook Junk. As I'm writing this I just got another one of those image spams about medicate. Here is the score. If my Bayes was reporting right, it would have been considered spam. not spam, SpamAssassin (not cached, score=4.733, required 5, BAYES_50 0.80, HTML_MESSAGE 0.00, RDNS_DYNAMIC 0.98, URIBL_DBL_SPAM 1.70, URIBL_JP_SURBL 1.25) Thanks, Max -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121114/e85c8676/attachment.html From maxsec at gmail.com Wed Nov 14 22:21:22 2012 From: maxsec at gmail.com (Martin Hepworth) Date: Wed, 14 Nov 2012 22:21:22 +0000 Subject: Spam increasing In-Reply-To: <11375BD8FE838A409E10DB32B9BFFE9B6AF149@addc01.assuredata.local> References: <11375BD8FE838A409E10DB32B9BFFE9B6AF149@addc01.assuredata.local> Message-ID: Well its just under the spam score of 5, Apart from the uri-bl entries its not hitting many rules so perhaps dropping the spam (full headers as well ) so people can run on their systems and see what rules hit Are you running sa-update every so often for rule updates to be applied Also worth looking at the 'getting the most out of spamassin' section of the wiki. The extra rulesets mentioned there are a little outdated but i think the other suggestions are worthwhile Oh and 6000 spam isnt much, i was looking at that an hour a few years ago on one of my systems :-) Martin On Wednesday, 14 November 2012, Max Kipness wrote: > Hello -**** > > ** ** > > I set up a new MailScanner system with the latest software, version of > SpamAssassin with Bayes, etc. a couple of month ago. It was working really > well for a while, but in the last week we?ve started getting bombed with > loan, medicine spam, etc. The most prevalent spam email of late is the one > that has wide but short image that tries to present itself at the top of > the email. All the images look the same size across different spam topics > and different senders, but of course Outlook blocks the image with a red x. > **** > > ** ** > > Well when I look at the score, most have a fairly high score except for > the Bayes which will usually be at 50%. So this causes it to be considered > non spam. I send tons of these for learning, but no change. The next one > will come in with a 50% bayes score. At this point is this considered Bayes > Poisoning? Should I start over on Bayes? I manage the system, so I also > have an IMAP account to the MS system and created a program that grabs the > email out of my IMAP spam folder, sends it for learning, and then saves it > in an mbox file. So I have every spam message I?ve ever sent. So would the > best course at this point be to start clean on Bayes and then feed all the > spam back in?**** > > ** ** > > FYI, this MS system does filter tons of spam. Yesterday?s count was 6,702 > spam caught. But I?ve seen an increase from 1 or 2 a day personally to > about 10 - 20, some of them going to Outlook Junk.**** > > ** ** > > As I?m writing this I just got another one of those image spams about > medicate. Here is the score. If my Bayes was reporting right, it would have > been considered spam.**** > > ** ** > > not spam, SpamAssassin (not cached,**** > > score=4.733, required 5, BAYES_50 0.80, HTML_MESSAGE 0.00, > **** > > RDNS_DYNAMIC 0.98, URIBL_DBL_SPAM 1.70, URIBL_JP_SURBL > 1.25)**** > > ** ** > > Thanks,**** > > Max**** > -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121114/5767c2c5/attachment.html From max at inmindlabs.com Wed Nov 14 23:59:56 2012 From: max at inmindlabs.com (Max Kipness) Date: Wed, 14 Nov 2012 17:59:56 -0600 Subject: Spam increasing References: <11375BD8FE838A409E10DB32B9BFFE9B6AF149@addc01.assuredata.local> Message-ID: <11375BD8FE838A409E10DB32B9BFFE9B6AF157@addc01.assuredata.local> Thanks for the response... > Apart from the uri-bl entries its not hitting many rules so perhaps dropping the spam (full headers as well ) so people can run on their systems and see what rules hit What do you mean by dropping the spam/headers so people can run on their systems? > Are you running sa-update every so often for rule updates to be applied No I did not but have it set up now. Thanks, Max From maxsec at gmail.com Thu Nov 15 06:33:23 2012 From: maxsec at gmail.com (Martin Hepworth) Date: Thu, 15 Nov 2012 06:33:23 +0000 Subject: Spam increasing In-Reply-To: <11375BD8FE838A409E10DB32B9BFFE9B6AF157@addc01.assuredata.local> References: <11375BD8FE838A409E10DB32B9BFFE9B6AF149@addc01.assuredata.local> <11375BD8FE838A409E10DB32B9BFFE9B6AF157@addc01.assuredata.local> Message-ID: On Wednesday, 14 November 2012, Max Kipness wrote: > Thanks for the response... > > > Apart from the uri-bl entries its not hitting many rules so perhaps > dropping the spam (full headers as well ) so people can run on their > systems and see what rules hit > > What do you mean by dropping the spam/headers so people can run on their > systems? > > Get the full spam email with all the headers in a text format pref before mailscanner has seen it, then goto pastebin.org and drop it to that . The send the link here We can then copy the email to our systems and see what rules hit on our systems to see if any of our setups do a better job > Are you running sa-update every so often for rule updates to be > applied > > No I did not but have it set up now. > > Thanks, > Max > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121115/9248cd69/attachment.html From max at inmindlabs.com Thu Nov 15 19:49:08 2012 From: max at inmindlabs.com (Max Kipness) Date: Thu, 15 Nov 2012 13:49:08 -0600 Subject: Spam increasing References: <11375BD8FE838A409E10DB32B9BFFE9B6AF149@addc01.assuredata.local><11375BD8FE838A409E10DB32B9BFFE9B6AF157@addc01.assuredata.local> Message-ID: <11375BD8FE838A409E10DB32B9BFFE9B6AF189@addc01.assuredata.local> > Get the full spam email with all the ?headers in a text format pref before mailscanner has seen it, then goto pastebin.org and drop it to that . The send the link here > We can then copy the email to our systems and see what rules hit on our systems to see if any of our setups do a better job Ok, I'll see what I can do. In order to get a copy before it hits MailScanner I would have to use MailScanner archiving? Also, what are your thoughts on bayes being at 50% for a lot of spam? Would it be best to start over with the bayes database? It would seem that by having auto-learning turned on, and a few spam messages get through, this could create a domino effect as more and more is learned as non-spam when it actually is spam. I continue to send tons of the same type of spam through for learning, but I will then see the same type come through with 50%. By starting over and feeding 1000k + of legitimate spam, would that clean the bayes scoring up? Thanks. From paolg16 at gmail.com Thu Nov 15 20:15:24 2012 From: paolg16 at gmail.com (GiNo PaoLo) Date: Thu, 15 Nov 2012 15:15:24 -0500 Subject: Front-end to report spam Message-ID: Hey guys, do you know some front-end to report and graphic statistics for spam. i just probe installing mailwatch, but i wanna something better. thanks. -- GiNo PaoLo -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121115/dbe46491/attachment.html From sonidhaval at gmail.com Thu Nov 15 20:44:16 2012 From: sonidhaval at gmail.com (sonidhaval at gmail.com) Date: Fri, 16 Nov 2012 02:14:16 +0530 Subject: Front-end to report spam In-Reply-To: References: Message-ID: Baruwa is also good one. -- Kind regards, Dhaval Soni ( RHCA ) *Website:* www.DhavalSoni.com *Blog:* www.LinuxArticles.org On Fri, Nov 16, 2012 at 1:45 AM, GiNo PaoLo wrote: > Hey guys, > do you know some front-end to report and graphic statistics for spam. > i just probe installing mailwatch, but i wanna something better. > > thanks. > > -- > GiNo PaoLo > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121116/642218e2/attachment.html From ssilva at sgvwater.com Thu Nov 15 21:17:38 2012 From: ssilva at sgvwater.com (Scott Silva) Date: Thu, 15 Nov 2012 13:17:38 -0800 Subject: Spam increasing In-Reply-To: <11375BD8FE838A409E10DB32B9BFFE9B6AF189@addc01.assuredata.local> References: <11375BD8FE838A409E10DB32B9BFFE9B6AF149@addc01.assuredata.local><11375BD8FE838A409E10DB32B9BFFE9B6AF157@addc01.assuredata.local> <11375BD8FE838A409E10DB32B9BFFE9B6AF189@addc01.assuredata.local> Message-ID: on 11/15/2012 11:49 AM Max Kipness spake the following: >> Get the full spam email with all the headers in a text format pref before mailscanner has seen it, then goto pastebin.org and drop it to that . The send the link here > >> We can then copy the email to our systems and see what rules hit on our systems to see if any of our setups do a better job > > Ok, I'll see what I can do. In order to get a copy before it hits MailScanner I would have to use MailScanner archiving? > > Also, what are your thoughts on bayes being at 50% for a lot of spam? Would it be best to start over with the bayes database? It would seem that by having auto-learning turned on, and a few spam messages get through, this could create a domino effect as more and more is learned as non-spam when it actually is spam. I continue to send tons of the same type of spam through for learning, but I will then see the same type come through with 50%. By starting over and feeding 1000k + of legitimate spam, would that clean the bayes scoring up? > > Thanks. > Autolearn is not very good. I turned it off long ago. Do you do bayes maintenance? Like sa-learn --force-expire... From bfebrian.milis at gmail.com Fri Nov 16 01:55:10 2012 From: bfebrian.milis at gmail.com (Budi Febrianto) Date: Fri, 16 Nov 2012 08:55:10 +0700 Subject: Emails rejected by blackberry servers Message-ID: Hi, Many users in my office forward their email office to their blackberry email address like noname at nosubdomain.blackberry.com. This already running for years without any big problem. Last night, I found out that all emails to blackberry.com are rejected, with error message "550 #5.7.1 Your access to submit messages to this e-mail system has been rejected." After googled, I found out that this happen because mostly that my office domain are listed is one or two dnsbl, that's why blackberry rejected the emails. Is someone know which dnsbl that blackberry using? Checked with http://www.mxtoolbox.com, my domain listed only in INPS_DE, I want to make sure because INPS_DE want some fee for delisting. Best Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121116/dc36c2d7/attachment.html From terry at graybell.net Fri Nov 16 02:25:14 2012 From: terry at graybell.net (Terry Hulen Jr.) Date: Thu, 15 Nov 2012 21:25:14 -0500 Subject: Emails rejected by blackberry servers In-Reply-To: References: Message-ID: <36AB094C-F366-4156-BE32-4AE6AA43C3D5@graybell.net> I had an issue with RIM about 6 months ago. Their DNS gets updated at a snails pace with the rest of the world. I would call them and see if that is the issue. Sent from mobile device. Please excuse grammar errors. On Nov 15, 2012, at 8:55 PM, Budi Febrianto wrote: > Hi, > > Many users in my office forward their email office to their blackberry email address like noname at nosubdomain.blackberry.com. > This already running for years without any big problem. > > Last night, I found out that all emails to blackberry.com are rejected, with error message > "550 #5.7.1 Your access to submit messages to this e-mail system has been rejected." > > After googled, I found out that this happen because mostly that my office domain are listed is one or two dnsbl, that's why blackberry rejected the emails. > > Is someone know which dnsbl that blackberry using? > > Checked with http://www.mxtoolbox.com, my domain listed only in INPS_DE, I want to make sure because INPS_DE want some fee for delisting. > > Best Regards > > > -- > This message has been scanned for viruses and > dangerous content and is believed to be clean. > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121115/906401b0/attachment.html From mailscanner at joolee.nl Fri Nov 16 08:26:06 2012 From: mailscanner at joolee.nl (Joolee) Date: Fri, 16 Nov 2012 09:26:06 +0100 Subject: Spam increasing In-Reply-To: References: <11375BD8FE838A409E10DB32B9BFFE9B6AF149@addc01.assuredata.local> <11375BD8FE838A409E10DB32B9BFFE9B6AF157@addc01.assuredata.local> <11375BD8FE838A409E10DB32B9BFFE9B6AF189@addc01.assuredata.local> Message-ID: Also, Bayes doesn't process images. As you state in your first email, the rest of the e-mail changes constantly. That way, Bayes can't recognize it. On 15 November 2012 22:17, Scott Silva wrote: > on 11/15/2012 11:49 AM Max Kipness spake the following: > >> Get the full spam email with all the headers in a text format pref > before mailscanner has seen it, then goto pastebin.org and drop it to > that . The send the link here > > > >> We can then copy the email to our systems and see what rules hit on our > systems to see if any of our setups do a better job > > > > Ok, I'll see what I can do. In order to get a copy before it hits > MailScanner I would have to use MailScanner archiving? > > > > Also, what are your thoughts on bayes being at 50% for a lot of spam? > Would it be best to start over with the bayes database? It would seem that > by having auto-learning turned on, and a few spam messages get through, > this could create a domino effect as more and more is learned as non-spam > when it actually is spam. I continue to send tons of the same type of spam > through for learning, but I will then see the same type come through with > 50%. By starting over and feeding 1000k + of legitimate spam, would that > clean the bayes scoring up? > > > > Thanks. > > > Autolearn is not very good. I turned it off long ago. Do you do bayes > maintenance? Like sa-learn --force-expire... > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121116/ed6f47e8/attachment.html From maxsec at gmail.com Fri Nov 16 13:20:44 2012 From: maxsec at gmail.com (Martin Hepworth) Date: Fri, 16 Nov 2012 13:20:44 +0000 Subject: Emails rejected by blackberry servers In-Reply-To: <36AB094C-F366-4156-BE32-4AE6AA43C3D5@graybell.net> References: <36AB094C-F366-4156-BE32-4AE6AA43C3D5@graybell.net> Message-ID: any reason why you're not properly integrated with BB and can also collect the sent items and so on? Forwarding email to BB's sounds like a poor BYOD problem to me.. -- Martin Hepworth, CISSP Oxford, UK On 16 November 2012 02:25, Terry Hulen Jr. wrote: > I had an issue with RIM about 6 months ago. Their DNS gets updated at a > snails pace with the rest of the world. I would call them and see if that > is the issue. > > Sent from mobile device. Please excuse grammar errors. > > On Nov 15, 2012, at 8:55 PM, Budi Febrianto > wrote: > > Hi, > > Many users in my office forward their email office to their blackberry > email address like noname at nosubdomain.blackberry.com. > This already running for years without any big problem. > > Last night, I found out that all emails to blackberry.com are rejected, > with error message > "550 #5.7.1 Your access to submit messages to this e-mail system has been > rejected." > > After googled, I found out that this happen because mostly that my office > domain are listed is one or two dnsbl, that's why blackberry rejected the > emails. > > Is someone know which dnsbl that blackberry using? > > Checked with http://www.mxtoolbox.com, my domain listed only in INPS_DE, > I want to make sure because INPS_DE want some fee for delisting. > > Best Regards > > > -- > This message has been scanned for viruses and > dangerous content and is believed to be clean. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121116/6332e0fc/attachment.html From bfebrian.milis at gmail.com Sat Nov 17 02:27:46 2012 From: bfebrian.milis at gmail.com (Budi Febrianto) Date: Sat, 17 Nov 2012 09:27:46 +0700 Subject: Emails rejected by blackberry servers In-Reply-To: References: <36AB094C-F366-4156-BE32-4AE6AA43C3D5@graybell.net> Message-ID: We using Lotus Domino for mail server, and most of the user using outlook as their mail client. Problem is they can't access their mailbox at the same time, it will cause one of the email will be rejected. Only one client able to access mailbox at a time. Sometime we even need to turn off their bb so outlook can download emails. On Nov 16, 2012 8:42 PM, "Martin Hepworth" wrote: > > any reason why you're not properly integrated with BB and can also collect the sent items and so on? >>w > Forwarding email to BB's sounds like a poor BYOD problem to me.. > > -- > Martin Hepworth, CISSP > Oxford, UK > > > > On 16 November 2012 02:25, Terry Hulen Jr. wrote: >> >> I had an issue with RIM about 6 months ago. Their DNS gets updated at a snails pace with the rest of the world. I would call them and see if that is the issue. >> >> Sent from mobile device. Please excuse grammar errors. >> >> On Nov 15, 2012, at 8:55 PM, Budi Febrianto wrote: >> >>> Hi, >>> >>> Many users in my office forward their email office to their blackberry email address like noname at nosubdomain.blackberry.com. >>> This already running for years without any big problem. >>> >>> Last night, I found out that all emails to blackberry.com are rejected, with error message >>> "550 #5.7.1 Your access to submit messages to this e-mail system has been rejected." >>> >>> After googled, I found out that this happen because mostly that my office domain are listed is one or two dnsbl, that's why blackberry rejected the emails. >>> >>> Is someone know which dnsbl that blackberry using? >>> >>> Checked with http://www.mxtoolbox.com, my domain listed only in INPS_DE, I want to make sure because INPS_DE want some fee for delisting. >>> >>> Best Regards >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content and is believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121117/91c29d7d/attachment.html From bfebrian.milis at gmail.com Sat Nov 17 02:32:25 2012 From: bfebrian.milis at gmail.com (Budi Febrianto) Date: Sat, 17 Nov 2012 09:32:25 +0700 Subject: Emails rejected by blackberry servers In-Reply-To: <36AB094C-F366-4156-BE32-4AE6AA43C3D5@graybell.net> References: <36AB094C-F366-4156-BE32-4AE6AA43C3D5@graybell.net> Message-ID: Now confirm that smtp ip is blacklisted by rim maybe via one of their dnsbl. I have to create another smtp server, only for email to blackberry while checking internal problem why rim blacklist us. Thanks all On Nov 16, 2012 9:43 AM, "Terry Hulen Jr." wrote: > I had an issue with RIM about 6 months ago. Their DNS gets updated at a > snails pace with the rest of the world. I would call them and see if that > is the issue. > > Sent from mobile device. Please excuse grammar errors. > > On Nov 15, 2012, at 8:55 PM, Budi Febrianto > wrote: > > Hi, > > Many users in my office forward their email office to their blackberry > email address like noname at nosubdomain.blackberry.com. > This already running for years without any big problem. > > Last night, I found out that all emails to blackberry.com are rejected, > with error message > "550 #5.7.1 Your access to submit messages to this e-mail system has been > rejected." > > After googled, I found out that this happen because mostly that my office > domain are listed is one or two dnsbl, that's why blackberry rejected the > emails. > > Is someone know which dnsbl that blackberry using? > > Checked with http://www.mxtoolbox.com, my domain listed only in INPS_DE, > I want to make sure because INPS_DE want some fee for delisting. > > Best Regards > > > -- > This message has been scanned for viruses and > dangerous content and is believed to be clean. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121117/40346234/attachment.html From terry at graybell.net Sat Nov 17 15:14:15 2012 From: terry at graybell.net (Terry Hulen Jr.) Date: Sat, 17 Nov 2012 10:14:15 -0500 Subject: Emails rejected by blackberry servers In-Reply-To: References: <36AB094C-F366-4156-BE32-4AE6AA43C3D5@graybell.net> Message-ID: <8F0D5434-ACEC-4034-BA8C-7ED8EE9DD788@graybell.net> Read my first reply. They are behind the curve when it comes to DNS updates. Sent from mobile device. Please excuse grammar errors. On Nov 16, 2012, at 9:32 PM, Budi Febrianto wrote: > Now confirm that smtp ip is blacklisted by rim maybe via one of their dnsbl. > I have to create another smtp server, only for email to blackberry while checking internal problem why rim blacklist us. > > Thanks all > On Nov 16, 2012 9:43 AM, "Terry Hulen Jr." wrote: >> I had an issue with RIM about 6 months ago. Their DNS gets updated at a snails pace with the rest of the world. I would call them and see if that is the issue. >> >> Sent from mobile device. Please excuse grammar errors. >> >> On Nov 15, 2012, at 8:55 PM, Budi Febrianto wrote: >> >>> Hi, >>> >>> Many users in my office forward their email office to their blackberry email address like noname at nosubdomain.blackberry.com. >>> This already running for years without any big problem. >>> >>> Last night, I found out that all emails to blackberry.com are rejected, with error message >>> "550 #5.7.1 Your access to submit messages to this e-mail system has been rejected." >>> >>> After googled, I found out that this happen because mostly that my office domain are listed is one or two dnsbl, that's why blackberry rejected the emails. >>> >>> Is someone know which dnsbl that blackberry using? >>> >>> Checked with http://www.mxtoolbox.com, my domain listed only in INPS_DE, I want to make sure because INPS_DE want some fee for delisting. >>> >>> Best Regards >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content and is believed to be clean. >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content and is believed to be clean. > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121117/a4549d10/attachment.html From vernon at comp-wiz.com Mon Nov 19 17:46:33 2012 From: vernon at comp-wiz.com (Vernon Webb) Date: Mon, 19 Nov 2012 12:46:33 -0500 Subject: Email Store & Relay Message-ID: <008d01cdc67d$d0c670d0$72535270$@comp-wiz.com> I'm sorry if this is the wrong place for this but I really don't know where else to. I have a CentOS Linux Web Hosting/Email Server with emails being scanned by MailScanner. I have a client that has an in house Exchange server that is looking for Spam/Virus filtering. I know I could use my box as a relay server which would scan the incoming emails and have them sent to their server. The way I understand MailScanner to work is virus/spam are set at certain levels and are quarantined and others are deleted all setup in the config file. However, as it is currently it goes into a folder which if an email is quarantined I basically have to go on the server and get what they need. What I would like to know is, is there some way to store rejected emails on the Linux server as emails with some type of individual user interface so that they can login there themselves (on an email per email level) and see if something that was missed. Does that make any sense? Does anyone have any idea how I would go about setting like that up? Thanks Vern -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121119/611741ac/attachment.html From maxsec at gmail.com Mon Nov 19 19:40:56 2012 From: maxsec at gmail.com (Martin Hepworth) Date: Mon, 19 Nov 2012 19:40:56 +0000 Subject: Email Store & Relay In-Reply-To: <008d01cdc67d$d0c670d0$72535270$@comp-wiz.com> References: <008d01cdc67d$d0c670d0$72535270$@comp-wiz.com> Message-ID: Sure check out baruwa http://www.baruwa.org/ Martin On Monday, 19 November 2012, Vernon Webb wrote: > I?m sorry if this is the wrong place for this but I really don?t know > where else to. I have a CentOS Linux Web Hosting/Email Server with emails > being scanned by MailScanner. I have a client that has an in house > Exchange server that is looking for Spam/Virus filtering. I know I could > use my box as a relay server which would scan the incoming emails and have > them sent to their server. The way I understand MailScanner to work is > virus/spam are set at certain levels and are quarantined and others are > deleted all setup in the config file. However, as it is currently it goes > into a folder which if an email is quarantined I basically have to go on > the server and get what they need. What I would like to know is, is there > some way to store rejected emails on the Linux server as emails with some > type of individual user interface so that they can login there themselves > (on an email per email level) and see if something that was missed. Does > that make any sense? Does anyone have any idea how I would go about setting > like that up? **** > > ** ** > > Thanks**** > > Vern**** > -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121119/a8594d9c/attachment.html From stephencoxmail at gmail.com Mon Nov 19 19:45:19 2012 From: stephencoxmail at gmail.com (Stephen Cox) Date: Mon, 19 Nov 2012 21:45:19 +0200 Subject: Email Store & Relay In-Reply-To: <008d01cdc67d$d0c670d0$72535270$@comp-wiz.com> References: <008d01cdc67d$d0c670d0$72535270$@comp-wiz.com> Message-ID: On Mon, Nov 19, 2012 at 7:46 PM, Vernon Webb wrote: > I?m sorry if this is the wrong place for this but I really don?t know > where else to. I have a CentOS Linux Web Hosting/Email Server with emails > being scanned by MailScanner. I have a client that has an in house > Exchange server that is looking for Spam/Virus filtering. I know I could > use my box as a relay server which would scan the incoming emails and have > them sent to their server. The way I understand MailScanner to work is > virus/spam are set at certain levels and are quarantined and others are > deleted all setup in the config file. However, as it is currently it goes > into a folder which if an email is quarantined I basically have to go on > the server and get what they need. What I would like to know is, is there > some way to store rejected emails on the Linux server as emails with some > type of individual user interface so that they can login there themselves > (on an email per email level) and see if something that was missed. Does > that make any sense? Does anyone have any idea how I would go about setting > like that up? > Have a look at www.baruwa.org or http://sourceforge.net/projects/mailwatch/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121119/2782e1c2/attachment.html From paolg16 at gmail.com Mon Nov 19 23:26:55 2012 From: paolg16 at gmail.com (GiNo PaoLo) Date: Mon, 19 Nov 2012 18:26:55 -0500 Subject: MailScanner defunct, attempted too many times Message-ID: hi friends, need your help, in mail.log is appear message below many times, and daemon MailScanner is , queue grow up till 320 message and follow grow up. how can i do?, Warning: skipping message CA45D3C7637.AECCE as it has been attempted too many times Nov 19 17:53:36 server MailScanner[3753]: Quarantined message CA45D3C7637.AECCE as it caused MailScanner to crash several times Nov 19 17:53:36 server MailScanner[3753]: Saved entire message to /var/spool/MailScanner/quarantine/20121119/CA45D3C7637.AECCE Nov 19 17:53:36 server MailScanner[3753]: writing to /var/spool/MailScanner/quarantine/20121119/CA45D3C7637.AECCE//var/spool/MailScanner/quarantine/20121119/CA45D3C7637 -- GiNo PaoLo -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121119/9a56cb32/attachment.html From paolg16 at gmail.com Mon Nov 19 23:39:58 2012 From: paolg16 at gmail.com (GiNo PaoLo) Date: Mon, 19 Nov 2012 18:39:58 -0500 Subject: MailScanner dont Disarmed Content Message-ID: How can i Do? to MailScanner sent user a report with message {Disarmed Content}? i sent from hotmail and gmail a mail with html content (15 pictures) and mailscanner just mark like Spam, but dont disarm the content, and I need that when user receive many attachments (more than 5) MS send to users a message report with quarantine ID, to recovery them. pleaes help. -- GiNo PaoLo -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121119/7b631b48/attachment.html From anders at kongsted.dk Tue Nov 20 06:54:20 2012 From: anders at kongsted.dk (=?utf-8?B?QW5kZXJzIEtvbmdzdGVk?=) Date: Tue, 20 Nov 2012 07:54:20 +0100 Subject: =?utf-8?B?U1Y6IE1haWxTY2FubmVyIGRlZnVuY3QsIGF0dGVtcHRlZCB0b28gbWFueSB0aW1l?= =?utf-8?B?cw==?= Message-ID: <201211200807.qAK86uq0020698@listserver.mailscanner.info> Hi, Is it all the messages there is kept on the server, or is some of them delivered? Med venlig hilsen Anders Kongsted ----- Reply message ----- Fra: "GiNo PaoLo" Til: "MailScanner discussion" Emne: MailScanner defunct, attempted too many times Dato: tir., nov. 20, 2012 00:26 hi friends, need your help, in mail.log is appear message below many times, and daemon MailScanner is , queue grow up till 320 message and follow grow up. how can i do?, Warning: skipping message CA45D3C7637.AECCE as it has been attempted too many times Nov 19 17:53:36 server MailScanner[3753]: Quarantined message CA45D3C7637.AECCE as it caused MailScanner to crash several times Nov 19 17:53:36 server MailScanner[3753]: Saved entire message to /var/spool/MailScanner/quarantine/20121119/CA45D3C7637.AECCE Nov 19 17:53:36 server MailScanner[3753]: writing to /var/spool/MailScanner/quarantine/20121119/CA45D3C7637.AECCE//var/spool/MailScanner/quarantine/20121119/CA45D3C7637 -- GiNo PaoLo -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121120/b1164cbc/attachment.html From mailinglist at mindconnect.nl Tue Nov 20 11:55:31 2012 From: mailinglist at mindconnect.nl (Martijn) Date: Tue, 20 Nov 2012 12:55:31 +0100 Subject: Owner/group/perms on /var/spool/MailScanner keep clamav from scanning Message-ID: <50AB6FB3.8060705@mindconnect.nl> Hi there, In MailScanner.conf, I can set the user/group under which MailScanner should do it's work. I'm using Postfix, which is running as user postfix, so this is set to: Run As User = postfix Run As Group = postfix Then I can set the path, user, group and permissions for the Work Dir. I use clamav with user clamav for clamscan and clamdscan, so I set this to: Incoming Work Dir = /var/spool/MailScanner/incoming Incoming Work User = (empty so this is postfix, taken from Run As User) Incoming Work Group = clamav Incoming Work Permissions = 0640 This is as suggested in de configuration. In addition I also needed to adjust my apparmor configuration to allow clamav to scan in that directory. Now the problem I have doesn't seem related to the permissions for the Work Dir, but to a higher directory. Every time MailScanner is restarted, it (re)sets to owner for /var/spool/MailScanner to postfix:postfix. The permissions on this dir are 640, not allowing the user clamav entry to the lower /var/spool/MailScanner/incoming. If /var/spool/MailScanner is postfix:clamav, all works fine. Should the permissions on /var/spool/MailScanner be 640, and if so, how can the suggested settings work combined with the reset of the permissions on the higher directory? This is on Ubuntu 10.04 with a recent MailScanner .deb from Baruwa. - Martijn From Amelein at dantumadiel.eu Tue Nov 20 12:27:53 2012 From: Amelein at dantumadiel.eu (Arjan Melein) Date: Tue, 20 Nov 2012 13:27:53 +0100 Subject: Betr.: Owner/group/perms on /var/spool/MailScanner keep clamav from scanning In-Reply-To: <50AB6FB3.8060705@mindconnect.nl> References: <50AB6FB3.8060705@mindconnect.nl> Message-ID: <50AB85590200008E000212EA@10.1.0.206> I have the incoming work group set to 'postfix' and unless you are using clamd instead of clamscan the AV will be launched as the same user MailScanner runs as which is 'postfix'. If you are running with clamd i'd suggest trying to run it as postfix as an easy fix, or add the clam user to the postfix group. If you're using clamscan change the work group to postfix. I actually have the permissions set to 0660, forgot if this is to fix AV problems or something to do with MailWatch.. its been a while since I installed our running machine. - Arjan >>> Op 20-11-2012 om 12:55 is door Martijn geschreven: > Hi there, > > In MailScanner.conf, I can set the user/group under which MailScanner > should do it's work. I'm using Postfix, which is running as user > postfix, so this is set to: > > Run As User = postfix > Run As Group = postfix > > Then I can set the path, user, group and permissions for the Work Dir. I > use clamav with user clamav for clamscan and clamdscan, so I set this to: > > Incoming Work Dir = /var/spool/MailScanner/incoming > Incoming Work User = (empty so this is postfix, taken from Run As User) > Incoming Work Group = clamav > Incoming Work Permissions = 0640 > > This is as suggested in de configuration. In addition I also needed to > adjust my apparmor configuration to allow clamav to scan in that directory. > > Now the problem I have doesn't seem related to the permissions for the > Work Dir, but to a higher directory. Every time MailScanner is > restarted, it (re)sets to owner for /var/spool/MailScanner to > postfix:postfix. The permissions on this dir are 640, not allowing the > user clamav entry to the lower /var/spool/MailScanner/incoming. > > If /var/spool/MailScanner is postfix:clamav, all works fine. > > Should the permissions on /var/spool/MailScanner be 640, and if so, how > can the suggested settings work combined with the reset of the > permissions on the higher directory? > > This is on Ubuntu 10.04 with a recent MailScanner .deb from Baruwa. > > - Martijn From paolg16 at gmail.com Tue Nov 20 13:35:37 2012 From: paolg16 at gmail.com (paolg16 at gmail.com) Date: Tue, 20 Nov 2012 13:35:37 +0000 Subject: SV: MailScanner defunct, attempted too many times In-Reply-To: <201211200807.qAK86uq0020698@listserver.mailscanner.info> References: <201211200807.qAK86uq0020698@listserver.mailscanner.info> Message-ID: <432280586-1353418537-cardhu_decombobulator_blackberry.rim.net-1960902886-@b13.c6.bise6.blackberry> I put spam score and high Score spam to store . When detect, message like thiS below appear. All messages kept in the server. Enviado desde mi BlackBerry de Claro. -----Original Message----- From: "Anders Kongsted" Sender: mailscanner-bounces at lists.mailscanner.info Date: Tue, 20 Nov 2012 07:54:20 To: MailScanner discussion Reply-To: MailScanner discussion Subject: SV: MailScanner defunct, attempted too many times -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Tue Nov 20 14:22:05 2012 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue, 20 Nov 2012 15:22:05 +0100 Subject: Owner/group/perms on /var/spool/MailScanner keep clamav from scanning In-Reply-To: <50AB6FB3.8060705@mindconnect.nl> References: <50AB6FB3.8060705@mindconnect.nl> Message-ID: On 20 November 2012 12:55, Martijn wrote: > Hi there, > > In MailScanner.conf, I can set the user/group under which MailScanner > should do it's work. I'm using Postfix, which is running as user > postfix, so this is set to: > > Run As User = postfix > Run As Group = postfix > > Then I can set the path, user, group and permissions for the Work Dir. I > use clamav with user clamav for clamscan and clamdscan, so I set this to: > > Incoming Work Dir = /var/spool/MailScanner/incoming > Incoming Work User = (empty so this is postfix, taken from Run As User) > Incoming Work Group = clamav > Incoming Work Permissions = 0640 > > This is as suggested in de configuration. In addition I also needed to > adjust my apparmor configuration to allow clamav to scan in that directory. > > Now the problem I have doesn't seem related to the permissions for the > Work Dir, but to a higher directory. Every time MailScanner is > restarted, it (re)sets to owner for /var/spool/MailScanner to > postfix:postfix. The permissions on this dir are 640, not allowing the > user clamav entry to the lower /var/spool/MailScanner/incoming. > > If /var/spool/MailScanner is postfix:clamav, all works fine. > > Should the permissions on /var/spool/MailScanner be 640, and if so, how > can the suggested settings work combined with the reset of the > permissions on the higher directory? > > This is on Ubuntu 10.04 with a recent MailScanner .deb from Baruwa. > > - Martijn You can easily test what is happening by becoming the sepective users and try to cd/ls the directories from root (/) on down to the /var/spool/MailScanner/incoming directory (e.g. "su - postfix -s /bin/bash" etc). What is very likely happening is that the "toplevel" directory /var/spool/MailScanner, due to the --- perms for other, simply don't allow the clamd-process to change directory into it's child directory incoming. Simply make that one 4 (1.e. r-x) as well and you'll be fine. I suppose you need tell all (filesystem, MailScanner.conf and AppArmour) what the deal is. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Nov 20 14:36:06 2012 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue, 20 Nov 2012 15:36:06 +0100 Subject: SV: MailScanner defunct, attempted too many times In-Reply-To: <432280586-1353418537-cardhu_decombobulator_blackberry.rim.net-1960902886-@b13.c6.bise6.blackberry> References: <201211200807.qAK86uq0020698@listserver.mailscanner.info> <432280586-1353418537-cardhu_decombobulator_blackberry.rim.net-1960902886-@b13.c6.bise6.blackberry> Message-ID: On 20 November 2012 14:35, wrote: > I put spam score and high Score spam to store . When detect, message like thiS below appear. > All messages kept in the server. > Enviado desde mi BlackBerry de Claro. > (snip) Probable cause is either of: - Junk file (perhaps a spamassassin file of some type or other) in the hold directory. If so, clear it/move it and determine why it got created ther (sign of a misconfiguration!). - Sign of taint problems or misconfiguration. If so, stop MailScanner, then (on the commandline) start a debug run (this will run one batch through, with output to the console/terminal, then exit). Look for signs of error, if you get any, google them (or check the ml archives if those are known/with a fix), and ... if they indeed are taint problems, try adding the -U flag to the hashbang line of MailScanner (the main script, likely in /usr/sbin). If it iseems to be a misconfig, "MailScanner --lint" may help you pinpoint the error. - This might also be the sign of malicious emails crafted to crash MailScanner. If so, you need provide these messages to the list and/or Stephen Cox/Andrew Colin Kissa. pastebin is preferred for that, or some other form of download. site. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mailinglist at mindconnect.nl Tue Nov 20 23:57:14 2012 From: mailinglist at mindconnect.nl (Martijn) Date: Wed, 21 Nov 2012 00:57:14 +0100 Subject: Owner/group/perms on /var/spool/MailScanner keep clamav from scanning In-Reply-To: References: <50AB6FB3.8060705@mindconnect.nl> Message-ID: <50AC18DA.7000506@mindconnect.nl> Hi Glen, On 20-11-2012 15:22, Glenn Steen wrote: > On 20 November 2012 12:55, Martijn wrote: [cut] > You can easily test what is happening by becoming the sepective users > and try to cd/ls the directories from root (/) on down to the > /var/spool/MailScanner/incoming directory (e.g. "su - postfix -s > /bin/bash" etc). > What is very likely happening is that the "toplevel" directory > /var/spool/MailScanner, due to the --- perms for other, simply don't > allow the clamd-process to change directory into it's child directory > incoming. Simply make that one 4 (1.e. r-x) as well and you'll be > fine. I suppose you need tell all (filesystem, MailScanner.conf and > AppArmour) what the deal is. > > Cheers That is a good suggestion for everyone running into this. With this, I have verified that the root cause is not the ownership or perms on /var/spool/MailScanner/incoming OR the directories higher up the tree where the files are stored, but the owner/perms on /var/spool/MailScanner itself, PLUS that MailScanner resets these settings every restart. Reason I'm on to this is that there seems to be some confusion about this. A lot of people are looking for clues at the wrong directory. For example: http://comments.gmane.org/gmane.mail.virus.mailscanner/74234 So, cutting it short: - The suggested settings for clamav/clamd in the configuration file don't work 100% on some systems, and this is causing some confusion. Mainly, because the error in the logs suggest a problem with the permissions of the directory higher up the tree: the Incoming Dir. I couldn't find anyone reporting the true cause as the owner/perms on /var/spool/MailScanner, so I thought it was a good idea to start a new thread. My aim would be to just reduce the confusion :-) Everyone seeing the lstat() error the first time will investigate. The hints for adding # For MailScanner /var/spool/MailScanner/** rw, to /etc/apparmor.d/usr.sbin.clamd is a keeper, particularly for users on Ubuntu. Also, I would like to aim at a common solution that . So far, I have read several fixes, which I think may not be a good idea: - Set less strict permissions on directories, opening up those dirs not just for clamav but for who knows what. - Adding clamav to the postfix group, or reversed. Again, opening things up on a much larger scale then needed. Those work in the sense that they get rid of the error. But they also 'fix' a lot more than just the error in the logs. Setting the ownership of /var/spool/MailScanner to postfix:clamav and perms 640 I think would be a very good fix, if it weren't for MailScanner resetting those values. I think fixing this may need some extra settings in the configuration, to regulate the ownership and perms in /var/spool/MailScanner specifically, instead of assuming Run As values. Any thoughts on this from the community? - Martijn From mailinglist at mindconnect.nl Wed Nov 21 00:09:33 2012 From: mailinglist at mindconnect.nl (Martijn) Date: Wed, 21 Nov 2012 01:09:33 +0100 Subject: Betr.: Owner/group/perms on /var/spool/MailScanner keep clamav from scanning In-Reply-To: <50AB85590200008E000212EA@10.1.0.206> References: <50AB6FB3.8060705@mindconnect.nl> <50AB85590200008E000212EA@10.1.0.206> Message-ID: <50AC1BBD.9070409@mindconnect.nl> Hi Arjan, On 20-11-2012 13:27, Arjan Melein wrote: > I have the incoming work group set to 'postfix' and unless you are using clamd instead of clamscan the AV will be launched as the same user MailScanner runs as which is 'postfix'. > If you are running with clamd i'd suggest trying to run it as postfix as an easy fix, or add the clam user to the postfix group. > If you're using clamscan change the work group to postfix. > I actually have the permissions set to 0660, forgot if this is to fix AV problems or something to do with MailWatch.. its been a while since I installed our running machine. I understand how running clamav as postfix would make the error disappear, but that kind of fix implies a lot more than just that. I wouldn't recommend doing it that way. ClamAV has a history with vulnerabilities, for example the recent http://www.ubuntu.com/usn/usn-1482-1/ - it's not impossible a (future) vulnerability may somehow lead to someone accessing files that previously could only be read by postfix itself, instead of postfix and clamav. I'm using clamd by the way - it's how the recent Baruwa package installed it. - Martijn From mikew at crucis.net Wed Nov 21 18:08:00 2012 From: mikew at crucis.net (Mike Watson) Date: Wed, 21 Nov 2012 12:08:00 -0600 Subject: Spamassassin issue Message-ID: <50AD1880.3040103@crucis.net> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121121/06adecb1/attachment.html From jonas.lilja at sigma.se Wed Nov 21 21:58:57 2012 From: jonas.lilja at sigma.se (Jonas Lilja) Date: Wed, 21 Nov 2012 21:58:57 +0000 Subject: MTA/Perl script for relaying only to Exchange-users Message-ID: <0D2642158E94914C89FE215EA2F50B8A191B0CC7@SS0205.sigma.local> Hi, for a couple of years ago there was a guide on mailscanner.info about restricting the MTA (Sendmail) to only deliver email to valid users in an Exchange environment. This made the performance of the server much better because either MailScanner or Spamassassin need to process invalid emails. I remember that there was a perl-script which picked up the content from a textfile (with all smtp-addresses in the domain) and then build a special file in /etc/mail/ I can't find this guide on the site. Anyone who can help me? BR /Jonas Lilja -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121121/d4217ac4/attachment.html From axisml at gmail.com Wed Nov 21 22:26:32 2012 From: axisml at gmail.com (Chris Stone) Date: Wed, 21 Nov 2012 15:26:32 -0700 Subject: MTA/Perl script for relaying only to Exchange-users In-Reply-To: <0D2642158E94914C89FE215EA2F50B8A191B0CC7@SS0205.sigma.local> References: <0D2642158E94914C89FE215EA2F50B8A191B0CC7@SS0205.sigma.local> Message-ID: I don't know about any such script, but what I use for this (works with all backend SMTP servers, not just Exchange) is milter-ahead. Works great - been using it for years on a number of MailScanner servers. Chris On Wed, Nov 21, 2012 at 2:58 PM, Jonas Lilja wrote: > Hi, for a couple of years ago there was a guide on mailscanner.infoabout restricting the MTA (Sendmail) to only deliver email to valid users > in an Exchange environment. This made the performance of the server much > better because either MailScanner or Spamassassin need to process invalid > emails.**** > > ** ** > > I remember that there was a perl-script which picked up the content from a > textfile (with all smtp-addresses in the domain) and then build a special > file in /etc/mail/**** > > ** ** > > I can?t find this guide on the site. Anyone who can help me?**** > > ** ** > > BR /Jonas Lilja**** > > ** ** > > ** ** > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Chris Stone AxisInternet, Inc. www.axint.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121121/b036c76a/attachment.html From rob at kettle.org.uk Wed Nov 21 22:52:48 2012 From: rob at kettle.org.uk (Rob Kettle) Date: Wed, 21 Nov 2012 22:52:48 +0000 Subject: MTA/Perl script for relaying only to Exchange-users In-Reply-To: <0D2642158E94914C89FE215EA2F50B8A191B0CC7@SS0205.sigma.local> Message-ID: Hi, I'm running a task on my exchange server and on my sendmail box that achieve exactly what you describe but not perl based. I'm not able to get the info right now but can do so tomorrow if you still need it. Let me know if you want my take on it. Regards Rob From: Jonas Lilja [mailto:jonas.lilja at sigma.se] Sent: Wednesday, November 21, 2012 09:58 PM To: mailscanner at lists.mailscanner.info Subject: MTA/Perl script for relaying only to Exchange-users Hi, for a couple of years ago there was a guide on mailscanner.info about restricting the MTA (Sendmail) to only deliver email to valid users in an Exchange environment. This made the performance of the server much better because either MailScanner or Spamassassin need to process invalid emails. I remember that there was a perl-script which picked up the content from a textfile (with all smtp-addresses in the domain) and then build a special file in /etc/mail/ I can?t find this guide on the site. Anyone who can help me? BR /Jonas Lilja -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121121/dfb7ce2c/attachment.html From jwoltz at gmail.com Thu Nov 22 00:18:47 2012 From: jwoltz at gmail.com (J.C. Woltz) Date: Thu, 22 Nov 2012 00:18:47 +0000 Subject: MTA/Perl script for relaying only to Exchange-users In-Reply-To: <0D2642158E94914C89FE215EA2F50B8A191B0CC7@SS0205.sigma.local> References: <0D2642158E94914C89FE215EA2F50B8A191B0CC7@SS0205.sigma.local> Message-ID: <2053689806-1353543524-cardhu_decombobulator_blackberry.rim.net-480154980-@b16.c16.bise6.blackberry> I know what you're talking about and have used it too. Unfortunately, I am unable to get to a computer. It might help to search for LDAP sendmail mailscanner. The script would pull all of the email addresses out of Active Directory. Then put them in a file. JC Sent from mobile device. -----Original Message----- From: Jonas Lilja Sender: mailscanner-bounces at lists.mailscanner.info Date: Wed, 21 Nov 2012 21:58:57 To: mailscanner at lists.mailscanner.info Reply-To: MailScanner discussion Subject: MTA/Perl script for relaying only to Exchange-users -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From pparsons at techeez.com Thu Nov 22 00:24:54 2012 From: pparsons at techeez.com (Philip Parsons) Date: Thu, 22 Nov 2012 00:24:54 +0000 Subject: MTA/Perl script for relaying only to Exchange-users In-Reply-To: <0D2642158E94914C89FE215EA2F50B8A191B0CC7@SS0205.sigma.local> References: <0D2642158E94914C89FE215EA2F50B8A191B0CC7@SS0205.sigma.local> Message-ID: <11D8E491D9562549A61FD3186F36342001B42A85B4@exchange.techeez.com> There are 2 scripts needed one called getadsmtp.pl which connects to the AD and pulls a list of all the e-mail addresses and then make_mailhost.pl which adds the email addreses to the mailhost db.. From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jonas Lilja Sent: Wednesday, November 21, 2012 1:59 PM To: mailscanner at lists.mailscanner.info Subject: MTA/Perl script for relaying only to Exchange-users Hi, for a couple of years ago there was a guide on mailscanner.info about restricting the MTA (Sendmail) to only deliver email to valid users in an Exchange environment. This made the performance of the server much better because either MailScanner or Spamassassin need to process invalid emails. I remember that there was a perl-script which picked up the content from a textfile (with all smtp-addresses in the domain) and then build a special file in /etc/mail/ I can't find this guide on the site. Anyone who can help me? BR /Jonas Lilja -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121122/5fbb0729/attachment.html From Johan at double-l.nl Thu Nov 22 14:40:43 2012 From: Johan at double-l.nl (Johan Hendriks) Date: Thu, 22 Nov 2012 14:40:43 +0000 Subject: MTA/Perl script for relaying only to Exchange-users In-Reply-To: <0D2642158E94914C89FE215EA2F50B8A191B0CC7@SS0205.sigma.local> References: <0D2642158E94914C89FE215EA2F50B8A191B0CC7@SS0205.sigma.local> Message-ID: <23D04C868D0C0349AAF928DCEE9C62E806D5F373@SRV01.neuteboom.local> In postfix there is a verify option. >From main.cf # HELO restrictions: smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access pcre:/usr/local/etc/postfix/helo_access.pcre, permit # Sender restrictions: smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit # Recipient restrictions: smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unauth_destination, reject_unknown_recipient_domain, reject_unverified_recipient, reject_rbl_client bl.spamcop.net # address verify address_verify_map = btree:/var/db/postfix/verify_cache unverified_recipient_reject_code = 550 >From master.cf verify unix - - n - 1 verify I am very short on time, so maybe i miss something. But google will help you out. But in general before a message is accepted postfix first ask the destination MTA if the address could be delivered. If not the sender wil get bounce. No need to script the whole shabang together. ! gr Johan Hendriks Neuteboom Automatisering Van: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] Namens Jonas Lilja Verzonden: woensdag 21 november 2012 22:59 Aan: mailscanner at lists.mailscanner.info Onderwerp: MTA/Perl script for relaying only to Exchange-users Hi, for a couple of years ago there was a guide on mailscanner.info about restricting the MTA (Sendmail) to only deliver email to valid users in an Exchange environment. This made the performance of the server much better because either MailScanner or Spamassassin need to process invalid emails. I remember that there was a perl-script which picked up the content from a textfile (with all smtp-addresses in the domain) and then build a special file in /etc/mail/ I can't find this guide on the site. Anyone who can help me? BR /Jonas Lilja -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121122/9d061654/attachment.html From vmiszczak at ankama.com Thu Nov 22 15:09:19 2012 From: vmiszczak at ankama.com (Vincent Miszczak) Date: Thu, 22 Nov 2012 16:09:19 +0100 Subject: MTA/Perl script for relaying only to Exchange-users In-Reply-To: <23D04C868D0C0349AAF928DCEE9C62E806D5F373@SRV01.neuteboom.local> References: <0D2642158E94914C89FE215EA2F50B8A191B0CC7@SS0205.sigma.local> <23D04C868D0C0349AAF928DCEE9C62E806D5F373@SRV01.neuteboom.local> Message-ID: <7AFA66599AC41847AD8E021A1DBB9D1426FAA412BC@pandore.ankama.com> Hi, We are using in production the script you describe, you'll find it attached. (need to replace, dc1,dc2, login and password, save as sh script and that's it) In Postfix main.cf, set relay_recipient_maps=hash:/etc/postfix/recipients.list http://www.postfix.org/postconf.5.html#relay_recipient_maps Vince De : mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Johan Hendriks Envoy? : jeudi 22 novembre 2012 15:41 ? : MailScanner discussion Objet : RE: MTA/Perl script for relaying only to Exchange-users In postfix there is a verify option. From main.cf # HELO restrictions: smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access pcre:/usr/local/etc/postfix/helo_access.pcre, permit # Sender restrictions: smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit # Recipient restrictions: smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unauth_destination, reject_unknown_recipient_domain, reject_unverified_recipient, reject_rbl_client bl.spamcop.net # address verify address_verify_map = btree:/var/db/postfix/verify_cache unverified_recipient_reject_code = 550 From master.cf verify unix - - n - 1 verify I am very short on time, so maybe i miss something. But google will help you out. But in general before a message is accepted postfix first ask the destination MTA if the address could be delivered. If not the sender wil get bounce. No need to script the whole shabang together. ! gr Johan Hendriks Neuteboom Automatisering Van: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] Namens Jonas Lilja Verzonden: woensdag 21 november 2012 22:59 Aan: mailscanner at lists.mailscanner.info Onderwerp: MTA/Perl script for relaying only to Exchange-users Hi, for a couple of years ago there was a guide on mailscanner.info about restricting the MTA (Sendmail) to only deliver email to valid users in an Exchange environment. This made the performance of the server much better because either MailScanner or Spamassassin need to process invalid emails. I remember that there was a perl-script which picked up the content from a textfile (with all smtp-addresses in the domain) and then build a special file in /etc/mail/ I can't find this guide on the site. Anyone who can help me? BR /Jonas Lilja -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121122/38cff0b2/attachment.html -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: updatePostfixRecipients.txt Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121122/38cff0b2/attachment.txt From mailscanner at joolee.nl Thu Nov 22 15:22:48 2012 From: mailscanner at joolee.nl (Joolee) Date: Thu, 22 Nov 2012 16:22:48 +0100 Subject: MTA/Perl script for relaying only to Exchange-users In-Reply-To: <2053689806-1353543524-cardhu_decombobulator_blackberry.rim.net-480154980-@b16.c16.bise6.blackberry> References: <0D2642158E94914C89FE215EA2F50B8A191B0CC7@SS0205.sigma.local> <2053689806-1353543524-cardhu_decombobulator_blackberry.rim.net-480154980-@b16.c16.bise6.blackberry> Message-ID: http://www.howtoforge.com/the-perfect-spamsnake-ubuntu-jeos-10.10-maverick-meerkat-p4 I remembered I saw this when I was installing my spamfilter. On 22 November 2012 01:18, J.C. Woltz wrote: > I know what you're talking about and have used it too. Unfortunately, I am > unable to get to a computer. It might help to search for LDAP sendmail > mailscanner. > > The script would pull all of the email addresses out of Active Directory. > Then put them in a file. > > JC > Sent from mobile device. > > -----Original Message----- > From: Jonas Lilja > Sender: mailscanner-bounces at lists.mailscanner.info > Date: Wed, 21 Nov 2012 21:58:57 > To: mailscanner at lists.mailscanner.info > Reply-To: MailScanner discussion > Subject: MTA/Perl script for relaying only to Exchange-users > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121122/2a8507c4/attachment.html From glenn.steen at gmail.com Fri Nov 23 03:07:52 2012 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri, 23 Nov 2012 04:07:52 +0100 Subject: Spamassassin issue In-Reply-To: <50AD1880.3040103@crucis.net> References: <50AD1880.3040103@crucis.net> Message-ID: What MTA? Den 21 nov 2012 19:34 skrev "Mike Watson" : > I'm running the current versions of MailScanner and Spamassassin on a > new CentOS 6 server. Both MS and SA appear to be working detecting spam and > virii. However, I'm seeing some false positives and negatives from > Spamassassin. I know there is a mechanism, SA-LEARN, to teach Spamassassin. > > What is the correct means of "teaching" Spamassassin? Where is the Bayes > db located? The one under MS appears unused (at least unupdated). If I run > emails through sa-learn, which user should I be (the local user or root?) > > I've used MS and SA before and didn't seem to have these problems but I am > getting a significant number of false hits on the new server. > > mw > > -- > -- > > "Lose not thy airspeed, lest the ground rises up and smites thee." > -- William Kershnerhttp://crucis-court.comhttp://www.crucis.net/1632search > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121123/f675f526/attachment.html From glenn.steen at gmail.com Fri Nov 23 03:41:00 2012 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri, 23 Nov 2012 04:41:00 +0100 Subject: MTA/Perl script for relaying only to Exchange-users In-Reply-To: <0D2642158E94914C89FE215EA2F50B8A191B0CC7@SS0205.sigma.local> References: <0D2642158E94914C89FE215EA2F50B8A191B0CC7@SS0205.sigma.local> Message-ID: IIRC this was never detailed in the main site, but rather in the wiki ( http://wiki.mailscanner.info)... Somewhere under the docs for the respective MTA... The script you refer to was most likely for Postfix, but ISTR someone adapting that for Sendmail use, but the bottom line is that nowadays... Neither MTA needs that hack. In Sendmail, use a milter (there are more than one that will do this, at least some that are FOSS;-), in Postfix use the docs for recipient verification as found in the postconf man page/ob the postfix.org site (it might still be in the sender address verification doc there... don't do that, just the recipient bit)... Or, as said, look in the wiki (might be slightly dated info there;-). Having said all that, I personally still use a homegrown script around the open-ldap tools and postmap, more for historical reasons/lazyness tgan anything else. The reason for it all dates back to the time when I was protecting an Exchange 5.5 which was managed by a contrary fellow who wouldn't even try make it correctly reject unknown recipients. Now... I'm in charge of the Exchange bit too, and the defaults for that MTA has changed, so it will reject as expected (that too changed quite a few versions back... In Exchange 2000, IIRC:-). Cheers -- -- Glenn Den 21 nov 2012 23:24 skrev "Jonas Lilja" : > Hi, for a couple of years ago there was a guide on mailscanner.infoabout restricting the MTA (Sendmail) to only deliver email to valid users > in an Exchange environment. This made the performance of the server much > better because either MailScanner or Spamassassin need to process invalid > emails.**** > > ** ** > > I remember that there was a perl-script which picked up the content from a > textfile (with all smtp-addresses in the domain) and then build a special > file in /etc/mail/**** > > ** ** > > I can?t find this guide on the site. Anyone who can help me?**** > > ** ** > > BR /Jonas Lilja**** > > ** ** > > ** ** > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121123/a2baaeb0/attachment.html From jonas.lilja at sigma.se Fri Nov 23 13:41:28 2012 From: jonas.lilja at sigma.se (Jonas Lilja) Date: Fri, 23 Nov 2012 13:41:28 +0000 Subject: SV: MTA/Perl script for relaying only to Exchange-users In-Reply-To: References: <0D2642158E94914C89FE215EA2F50B8A191B0CC7@SS0205.sigma.local> Message-ID: <0D2642158E94914C89FE215EA2F50B8A191CD239@SS0205.sigma.local> Thanx all. As JC Woltz wrote, the script made an import from a regular text file and build mailhost.db in /etc/mail. Very easy to configure and effective. However, if that scripts has been obsolete, I'll check that milter-ahead instead. If anyone here have that Perl-script (I think it was Perl-based) I would be happy because I know how it works. Is Milter-ahead easy to configure? (I'll of course read the manual ;-) BR /Jonas Fr?n: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] F?r Glenn Steen Skickat: den 23 november 2012 04:41 Till: MailScanner discussion ?mne: Re: MTA/Perl script for relaying only to Exchange-users IIRC this was never detailed in the main site, but rather in the wiki ()... Somewhere under the docs for the respective MTA... The script you refer to was most likely for Postfix, but ISTR someone adapting that for Sendmail use, but the bottom line is that nowadays... Neither MTA needs that hack. In Sendmail, use a milter (there are more than one that will do this, at least some that are FOSS;-), in Postfix use the docs for recipient verification as found in the postconf man page/ob the postfix.org site (it might still be in the sender address verification doc there... don't do that, just the recipient bit)... Or, as said, look in the wiki (might be slightly dated info there;-). Having said all that, I personally still use a homegrown script around the open-ldap tools and postmap, more for historical reasons/lazyness tgan anything else. The reason for it all dates back to the time when I was protecting an Exchange 5.5 which was managed by a contrary fellow who wouldn't even try make it correctly reject unknown recipients. Now... I'm in charge of the Exchange bit too, and the defaults for that MTA has changed, so it will reject as expected (that too changed quite a few versions back... In Exchange 2000, IIRC:-). Cheers -- -- Glenn Den 21 nov 2012 23:24 skrev "Jonas Lilja" >: Hi, for a couple of years ago there was a guide on mailscanner.info about restricting the MTA (Sendmail) to only deliver email to valid users in an Exchange environment. This made the performance of the server much better because either MailScanner or Spamassassin need to process invalid emails. I remember that there was a perl-script which picked up the content from a textfile (with all smtp-addresses in the domain) and then build a special file in /etc/mail/ I can't find this guide on the site. Anyone who can help me? BR /Jonas Lilja -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121123/9c1b2a9d/attachment.html From axisml at gmail.com Fri Nov 23 17:16:36 2012 From: axisml at gmail.com (Chris Stone) Date: Fri, 23 Nov 2012 10:16:36 -0700 Subject: MTA/Perl script for relaying only to Exchange-users In-Reply-To: <0D2642158E94914C89FE215EA2F50B8A191CD239@SS0205.sigma.local> References: <0D2642158E94914C89FE215EA2F50B8A191B0CC7@SS0205.sigma.local> <0D2642158E94914C89FE215EA2F50B8A191CD239@SS0205.sigma.local> Message-ID: milter-ahead is going to be a ton more efficient than any perl based script. milter-ahead is written in C, supports caching and numerous indexed or flat text file databases for the local cache. Chris On Fri, Nov 23, 2012 at 6:41 AM, Jonas Lilja wrote: > Thanx all. As JC Woltz wrote, the script made an import from a regular > text file and build mailhost.db in /etc/mail. Very easy to configure and > effective.**** > > ** ** > > However, if that scripts has been obsolete, I?ll check that milter-ahead > instead.**** > > ** ** > > If anyone here have that Perl-script (I think it was Perl-based) I would > be happy because I know how it works. Is Milter-ahead easy to configure? > (I?ll of course read the manual ;-) **** > > ** ** > > BR /Jonas**** > > ** ** > > *Fr?n:* mailscanner-bounces at lists.mailscanner.info [mailto: > mailscanner-bounces at lists.mailscanner.info] *F?r *Glenn Steen > *Skickat:* den 23 november 2012 04:41 > *Till:* MailScanner discussion > *?mne:* Re: MTA/Perl script for relaying only to Exchange-users**** > > ** ** > > IIRC this was never detailed in the main site, but rather in the wiki > ()... Somewhere under the docs for the respective MTA... > > The script you refer to was most likely for Postfix, but ISTR someone > adapting that for Sendmail use, but the bottom line is that nowadays... > Neither MTA needs that hack. In Sendmail, use a milter (there are more than > one that will do this, at least some that are FOSS;-), in Postfix use the > docs for recipient verification as found in the postconf man page/ob the > postfix.org site (it might still be in the sender address verification > doc there... don't do that, just the recipient bit)... Or, as said, look in > the wiki (might be slightly dated info there;-).**** > > Having said all that, I personally still use a homegrown script around the > open-ldap tools and postmap, more for historical reasons/lazyness tgan > anything else. The reason for it all dates back to the time when I was > protecting an Exchange 5.5 which was managed by a contrary fellow who > wouldn't even try make it correctly reject unknown recipients. Now... I'm > in charge of the Exchange bit too, and the defaults for that MTA has > changed, so it will reject as expected (that too changed quite a few > versions back... In Exchange 2000, IIRC:-).**** > > Cheers > -- > -- Glenn**** > > Den 21 nov 2012 23:24 skrev "Jonas Lilja" :**** > > Hi, for a couple of years ago there was a guide on mailscanner.info about > restricting the MTA (Sendmail) to only deliver email to valid users in an > Exchange environment. This made the performance of the server much better > because either MailScanner or Spamassassin need to process invalid emails. > **** > > **** > > I remember that there was a perl-script which picked up the content from a > textfile (with all smtp-addresses in the domain) and then build a special > file in /etc/mail/**** > > **** > > I can?t find this guide on the site. Anyone who can help me?**** > > **** > > BR /Jonas Lilja**** > > **** > > **** > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website!**** > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Chris Stone AxisInternet, Inc. www.axint.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121123/43eee369/attachment.html From mikew at crucis.net Fri Nov 23 17:44:36 2012 From: mikew at crucis.net (Mike Watson) Date: Fri, 23 Nov 2012 11:44:36 -0600 Subject: Spamassassin issue In-Reply-To: References: <50AD1880.3040103@crucis.net> Message-ID: <50AFB604.6060009@crucis.net> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121123/36f6d68d/attachment.html From glenn.steen at gmail.com Fri Nov 23 17:49:33 2012 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri, 23 Nov 2012 18:49:33 +0100 Subject: MTA/Perl script for relaying only to Exchange-users In-Reply-To: References: <0D2642158E94914C89FE215EA2F50B8A191B0CC7@SS0205.sigma.local> <0D2642158E94914C89FE215EA2F50B8A191CD239@SS0205.sigma.local> Message-ID: ... And if one don't like/can use the commercial license of milter-ahead, there is smf-sav (another milter)which one can configure to only do recipient verification. Have never seen a performance comparison between them, but I imagine they are pretty similar... And smf-sav had a pure OSS license, last I looked (admittedly a while back:-). Cheers! -- -- Glenn Den 23 nov 2012 18:37 skrev "Chris Stone" : > milter-ahead is going to be a ton more efficient than any perl based > script. milter-ahead is written in C, supports caching and numerous indexed > or flat text file databases for the local cache. > > > Chris > > > > On Fri, Nov 23, 2012 at 6:41 AM, Jonas Lilja wrote: > >> Thanx all. As JC Woltz wrote, the script made an import from a regular >> text file and build mailhost.db in /etc/mail. Very easy to configure and >> effective.**** >> >> ** ** >> >> However, if that scripts has been obsolete, I?ll check that milter-ahead >> instead.**** >> >> ** ** >> >> If anyone here have that Perl-script (I think it was Perl-based) I would >> be happy because I know how it works. Is Milter-ahead easy to configure? >> (I?ll of course read the manual ;-) **** >> >> ** ** >> >> BR /Jonas**** >> >> ** ** >> >> *Fr?n:* mailscanner-bounces at lists.mailscanner.info [mailto: >> mailscanner-bounces at lists.mailscanner.info] *F?r *Glenn Steen >> *Skickat:* den 23 november 2012 04:41 >> *Till:* MailScanner discussion >> *?mne:* Re: MTA/Perl script for relaying only to Exchange-users**** >> >> ** ** >> >> IIRC this was never detailed in the main site, but rather in the wiki >> ()... Somewhere under the docs for the respective MTA... >> >> The script you refer to was most likely for Postfix, but ISTR someone >> adapting that for Sendmail use, but the bottom line is that nowadays... >> Neither MTA needs that hack. In Sendmail, use a milter (there are more than >> one that will do this, at least some that are FOSS;-), in Postfix use the >> docs for recipient verification as found in the postconf man page/ob the >> postfix.org site (it might still be in the sender address verification >> doc there... don't do that, just the recipient bit)... Or, as said, look in >> the wiki (might be slightly dated info there;-).**** >> >> Having said all that, I personally still use a homegrown script around >> the open-ldap tools and postmap, more for historical reasons/lazyness tgan >> anything else. The reason for it all dates back to the time when I was >> protecting an Exchange 5.5 which was managed by a contrary fellow who >> wouldn't even try make it correctly reject unknown recipients. Now... I'm >> in charge of the Exchange bit too, and the defaults for that MTA has >> changed, so it will reject as expected (that too changed quite a few >> versions back... In Exchange 2000, IIRC:-).**** >> >> Cheers >> -- >> -- Glenn**** >> >> Den 21 nov 2012 23:24 skrev "Jonas Lilja" :**** >> >> Hi, for a couple of years ago there was a guide on mailscanner.infoabout restricting the MTA (Sendmail) to only deliver email to valid users >> in an Exchange environment. This made the performance of the server much >> better because either MailScanner or Spamassassin need to process invalid >> emails.**** >> >> **** >> >> I remember that there was a perl-script which picked up the content from >> a textfile (with all smtp-addresses in the domain) and then build a special >> file in /etc/mail/**** >> >> **** >> >> I can?t find this guide on the site. Anyone who can help me?**** >> >> **** >> >> BR /Jonas Lilja**** >> >> **** >> >> **** >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website!**** >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > -- > Chris Stone > AxisInternet, Inc. > www.axint.net > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121123/2fb46b31/attachment.html From bonivart at opencsw.org Fri Nov 23 18:28:52 2012 From: bonivart at opencsw.org (Peter Bonivart) Date: Fri, 23 Nov 2012 19:28:52 +0100 Subject: MTA/Perl script for relaying only to Exchange-users In-Reply-To: References: <0D2642158E94914C89FE215EA2F50B8A191B0CC7@SS0205.sigma.local> <0D2642158E94914C89FE215EA2F50B8A191CD239@SS0205.sigma.local> Message-ID: On Fri, Nov 23, 2012 at 6:16 PM, Chris Stone wrote: > milter-ahead is going to be a ton more efficient than any perl based script. > milter-ahead is written in C, supports caching and numerous indexed or flat > text file databases for the local cache. I assume the script was only used to extract the recipient addresses from AD and build the necessary Sendmail files via a cron job so performance shouldn't be an issue at all. /peter From axisml at gmail.com Fri Nov 23 21:17:42 2012 From: axisml at gmail.com (Chris Stone) Date: Fri, 23 Nov 2012 14:17:42 -0700 Subject: MTA/Perl script for relaying only to Exchange-users In-Reply-To: References: <0D2642158E94914C89FE215EA2F50B8A191B0CC7@SS0205.sigma.local> <0D2642158E94914C89FE215EA2F50B8A191CD239@SS0205.sigma.local> Message-ID: On Fri, Nov 23, 2012 at 11:28 AM, Peter Bonivart wrote: > On Fri, Nov 23, 2012 at 6:16 PM, Chris Stone wrote: > > milter-ahead is going to be a ton more efficient than any perl based > script. > > milter-ahead is written in C, supports caching and numerous indexed or > flat > > text file databases for the local cache. > > I assume the script was only used to extract the recipient addresses > from AD and build the necessary Sendmail files via a cron job so > performance shouldn't be an issue at all. > But, that would mean though that any changes to accounts on the Exchange server(s) would not be reflected until the next time the script runs. Using milter-ahead or smf-sav makes it dynamic rather than static. I did look at smf-sav and while it worked good, there was a problem that made it so I decided to license milter-ahead instead - don't recall for sure, but I think it was that it uses null sender or postmaster as the MAIL FROM on lookups, whereas, milter-ahead can be configured to use the original MAIL FROM - which suits my needs better. Probably could add that support to smf-sav, but since milter-ahead already did it, I went route. Chris -- Chris Stone AxisInternet, Inc. www.axint.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121123/4474f42a/attachment.html From bonivart at opencsw.org Fri Nov 23 22:05:16 2012 From: bonivart at opencsw.org (Peter Bonivart) Date: Fri, 23 Nov 2012 23:05:16 +0100 Subject: MTA/Perl script for relaying only to Exchange-users In-Reply-To: References: <0D2642158E94914C89FE215EA2F50B8A191B0CC7@SS0205.sigma.local> <0D2642158E94914C89FE215EA2F50B8A191CD239@SS0205.sigma.local> Message-ID: On Fri, Nov 23, 2012 at 10:17 PM, Chris Stone wrote: > But, that would mean though that any changes to accounts on the Exchange > server(s) would not be reflected until the next time the script runs. Yes, but it also means it will be more robust. /peter From glenn.steen at gmail.com Fri Nov 23 22:10:35 2012 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri, 23 Nov 2012 23:10:35 +0100 Subject: Spamassassin issue In-Reply-To: <50AFB604.6060009@crucis.net> References: <50AD1880.3040103@crucis.net> <50AFB604.6060009@crucis.net> Message-ID: And have you checked that you have the mailscanner.cf symlink in /etc/mail/spamassassin? That's how the spam.assassin.prefs.conf get sucked into SA... You likely run as root, so if something is up with the config, you'll likely find your bayes and other SA stuff in /root/.spamassassin ? have a look there. Also try first "MailScanner --lint" and then "spamassassin --lint" (might want -D as well). Look gor/fix ettors;-) Cheers -- -- Glenn Den 23 nov 2012 19:05 skrev "Mike Watson" : > Sendmail (sendmail-8.14.4-8.el6.x86_64). > > mw > > -- > > "Lose not thy airspeed, lest the ground rises up and smites thee." > -- William Kershnerhttp://crucis-court.comhttp://www.crucis.net/1632search > > > On 11/22/2012 09:07 PM, Glenn Steen wrote: > > What MTA? > Den 21 nov 2012 19:34 skrev "Mike Watson" : > >> I'm running the current versions of MailScanner and Spamassassin on a >> new CentOS 6 server. Both MS and SA appear to be working detecting spam and >> virii. However, I'm seeing some false positives and negatives from >> Spamassassin. I know there is a mechanism, SA-LEARN, to teach Spamassassin. >> >> What is the correct means of "teaching" Spamassassin? Where is the Bayes >> db located? The one under MS appears unused (at least unupdated). If I run >> emails through sa-learn, which user should I be (the local user or root?) >> >> I've used MS and SA before and didn't seem to have these problems but I >> am getting a significant number of false hits on the new server. >> >> mw >> >> -- >> -- >> >> "Lose not thy airspeed, lest the ground rises up and smites thee." >> -- William Kershnerhttp://crucis-court.comhttp://www.crucis.net/1632search >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121123/44c9ffa6/attachment.html From dave at KD0YU.COM Fri Nov 23 22:54:31 2012 From: dave at KD0YU.COM (Dave Helton) Date: Fri, 23 Nov 2012 16:54:31 -0600 Subject: MTA/Perl script for relaying only to Exchange-users In-Reply-To: References: <0D2642158E94914C89FE215EA2F50B8A191B0CC7@SS0205.sigma.local> <0D2642158E94914C89FE215EA2F50B8A191CD239@SS0205.sigma.local> Message-ID: <77F23E6E4DE9084BA33755BA403E53FCFB2C16297F@S8.KD0YU.COM> Hi, Running the script in a cron job would work.... seems to me to be a lot of overhead. mimedefang (another milter) has a check_with_ad_server_for_valid_user() function. (it's not called that but you get the idea..) I used to use it a lot, but I convinced a customer the Exchange server was not worth the money or effort. (long time ago, when it wasn't ;) Since mimedefang has segments that are only called during certain parts of the mail conversation... you can implement as much or as little as you like. BTW... written in perl. --Dave From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Chris Stone Sent: Friday, November 23, 2012 3:18 PM To: MailScanner discussion Subject: Re: MTA/Perl script for relaying only to Exchange-users On Fri, Nov 23, 2012 at 11:28 AM, Peter Bonivart > wrote: On Fri, Nov 23, 2012 at 6:16 PM, Chris Stone > wrote: > milter-ahead is going to be a ton more efficient than any perl based script. > milter-ahead is written in C, supports caching and numerous indexed or flat > text file databases for the local cache. I assume the script was only used to extract the recipient addresses from AD and build the necessary Sendmail files via a cron job so performance shouldn't be an issue at all. -- This message has been scanned for viruses and dangerous content by MailScanner at KD0YU.COM, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121123/b30d40b5/attachment.html From mikew at crucis.net Fri Nov 23 23:59:22 2012 From: mikew at crucis.net (Mike Watson) Date: Fri, 23 Nov 2012 17:59:22 -0600 Subject: Spamassassin issue In-Reply-To: References: <50AD1880.3040103@crucis.net> <50AFB604.6060009@crucis.net> Message-ID: <50B00DDA.3060300@crucis.net> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121123/ccfd8534/attachment.html From bmckerr at gmail.com Mon Nov 26 01:40:37 2012 From: bmckerr at gmail.com (Brian McKerr) Date: Mon, 26 Nov 2012 11:40:37 +1000 Subject: MTA/Perl script for relaying only to Exchange-users In-Reply-To: References: <0D2642158E94914C89FE215EA2F50B8A191B0CC7@SS0205.sigma.local> <0D2642158E94914C89FE215EA2F50B8A191CD239@SS0205.sigma.local> Message-ID: Correct me if I'm wrong, but thing you have to consider with the 'milterahead' approach is that if the downstream exchange server is unavailable for some reason, you will not be able to receive any mail and emails will bounce with invalid user or some such error ? I have a shell script sitting in front of my zimbra server, this script is run from cron and currently it runs every hour primarily because I rarely add new email addresses or domains. It uses ldapsearch against the zimbra server and could easily be adopted to suit AD/Exchange. It generates postfix map files for virtual_mailbox and virtual_domains. Happy to share if anyone wants to help me debug it ;) On Sat, Nov 24, 2012 at 8:05 AM, Peter Bonivart wrote: > On Fri, Nov 23, 2012 at 10:17 PM, Chris Stone wrote: > > But, that would mean though that any changes to accounts on the Exchange > > server(s) would not be reflected until the next time the script runs. > > Yes, but it also means it will be more robust. > > /peter > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121126/8d326991/attachment.html From axisml at gmail.com Mon Nov 26 02:10:12 2012 From: axisml at gmail.com (Chris Stone) Date: Sun, 25 Nov 2012 19:10:12 -0700 Subject: MTA/Perl script for relaying only to Exchange-users In-Reply-To: References: <0D2642158E94914C89FE215EA2F50B8A191B0CC7@SS0205.sigma.local> <0D2642158E94914C89FE215EA2F50B8A191CD239@SS0205.sigma.local> Message-ID: No mail is bounced when the backend server is unavailable. Wiith milter-ahead, I use it with the backup-mx switch. If the backend mail server (be it exchange or any other) is unavailable for any reason, mail will be accepted and good mail queued for later delivery. The domain mail would still be received on the filtering server, although all addresses would be then accepted and processed normally. You'd not be able to receive email as a client, but that would be a problem with the Exchange server to be resolved. With this setup, no 5xx series errors are returned by the filtering server then the backend server is unavailable. Chris On Sun, Nov 25, 2012 at 6:40 PM, Brian McKerr wrote: > Correct me if I'm wrong, but thing you have to consider with the > 'milterahead' approach is that if the downstream exchange server is > unavailable for some reason, you will not be able to receive any mail and > emails will bounce with invalid user or some such error ? > > I have a shell script sitting in front of my zimbra server, this script is > run from cron and currently it runs every hour primarily because I rarely > add new email addresses or domains. It uses ldapsearch against the zimbra > server and could easily be adopted to suit AD/Exchange. It generates > postfix map files for virtual_mailbox and virtual_domains. > > Happy to share if anyone wants to help me debug it ;) > > > > > On Sat, Nov 24, 2012 at 8:05 AM, Peter Bonivart wrote: > >> On Fri, Nov 23, 2012 at 10:17 PM, Chris Stone wrote: >> > But, that would mean though that any changes to accounts on the Exchange >> > server(s) would not be reflected until the next time the script runs. >> >> Yes, but it also means it will be more robust. >> >> /peter >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Chris Stone AxisInternet, Inc. www.axint.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121125/91b3ae5a/attachment.html From glenn.steen at gmail.com Mon Nov 26 09:59:00 2012 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon, 26 Nov 2012 10:59:00 +0100 Subject: Spamassassin issue In-Reply-To: <50B00DDA.3060300@crucis.net> References: <50AD1880.3040103@crucis.net> <50AFB604.6060009@crucis.net> <50B00DDA.3060300@crucis.net> Message-ID: On 24 November 2012 00:59, Mike Watson wrote: > Mailscanner.cf exists and it does point to > /etc/MailScanner/spam.assassin.prefs.conf. I did get one error with running > spamassassin --lint that it failed to parse a line, "pyzor_add_header." > Ok. The pyzor error is likely because you haven't done a "loadplugin Mail::SpamAssassin::Plugin::Pyzor" in one of the .pre files in /etc/mail/spamassassin ... You need install/configure Pyzor before doing that. How to setup the digest tests Razor, Pyzor and DCC is in the wiki, so go have a look there. Those will likely help a bit with your FP-problem. > I found the bayes files in /root/.spamassassin with current timestamps. The > warning aside, it appears to be running properly. I'll start running > sa-learn --ham as root and hopefully that should start correcting the false > positives I've been getting. > bayes_path (which actually is a path and filename segment, read the comment in mailscanner.cf) and permissions are set in mailscanner.cf... but may be overridden in a later .cf file, so do a little grep on that to see what it really is set to. Also check that you actually do the loadplugin for Bayes as well. > I'm assuming that if a run sa-learn as user:root that it will automatically > update the bayes files in /root/.spamassassin? > If the config is done OK, then yes. The reason for moving it to a place like /var/spool/MailScanner/spamassassin is mainly to place it somewhere easily accessible/updatable for the webserver user, provided you run systems like MailWath or Baruwa (not sure if the latter needs that, I got disenthused while trying it:-). > mw > (snip) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From hilario at soliton.com.br Mon Nov 26 20:38:23 2012 From: hilario at soliton.com.br (Hilario Fochi Silveira) Date: Mon, 26 Nov 2012 18:38:23 -0200 Subject: Minor typo errors on mailscanner.info Message-ID: <201211262152.qAQLps3U011957@listserver.mailscanner.info> I have seen these minor errors for years. Thus I have attached an edited MailScanner.conf with all the corrections I saw. A simple diff with the current MailScanner.conf file should show the diferences. Hope this helps. Atenciosamente, Hil?rio Fochi Silveira Soliton Controles Industriais Ltda. 02017-002 Rua Alfredo Pujol, 1010 - S?o Paulo - SP - Brasil Tel: +55 11 2950-1834 Fax: +55 11 2979-8980 e-mail: hilario at soliton.com.br Distribuidor Parker/SSD Drives (Anteriormente Eurotherm Drives), Eurotherm Controls, Action Instruments, Montalvo, Koyo, Sharp/Hakko Monitouch www.soliton.com.br www.ssddrives.com.br www.eurotherm.com.br www.actionio.com.br www.montalvo.com.br -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121126/dc0c941d/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: MailScanner.zip Type: application/zip Size: 38898 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121126/dc0c941d/attachment.zip From chrisgibson at gmail.com Tue Nov 27 22:43:37 2012 From: chrisgibson at gmail.com (Chris Gibson) Date: Tue, 27 Nov 2012 15:43:37 -0700 Subject: lstat() failed on: /var/spool/MailScanner/incoming/ Message-ID: First of all I know there have been lots of threads on this, I think I've seen them all and that's why I'm sending to the list, maybe someone out there can help... Running Centos 6.3 and MailScanner 4.84.5 in MailScanner.conf I have the following set up: Run As Group = clamav Incoming Work Group = clamav Incoming Work Permissions = 0770 (I've tried 777 as well) ClamAV is running as root the permissions on the incoming dir look like this: MailScanner]# ls -alF /var/spool/MailScanner/ total 20 drwxrwxr-x. 5 root root 4096 Mar 6 2012 ./ drwxrwxr-x. 16 root root 4096 Mar 6 2012 ../ drwxrwx---. 9 postfix clamav 4096 Nov 27 15:23 incoming/ drwxrwx---. 3 postfix clamav 4096 Nov 25 21:43 quarantine/ drwxrwx---. 2 postfix clamav 4096 Mar 7 2012 spamassassin/ The dirs that clamav is complaining about look like this: MailScanner]# ls -alF /var/spool/MailScanner/incoming/ total 348 drwxrwx---. 9 postfix clamav 4096 Nov 27 15:23 ./ drwxrwxr-x. 5 root root 4096 Mar 6 2012 ../ drwxrwx---. 2 postfix clamav 4096 Nov 27 15:11 4374/ drwxrwx---. 2 postfix clamav 4096 Nov 27 15:11 4378/ drwxrwx---. 2 postfix clamav 4096 Nov 27 15:11 4379/ drwxrwx---. 2 postfix clamav 4096 Nov 27 15:12 4393/ drwxrwx---. 2 postfix clamav 4096 Nov 27 15:11 4397/ Clearly root should be able to do whatever he wishes with these files but the error persists, even if the clamd user is set to clamd? This is happening on every email that is being sent but the emails do make it to their destination. Here is the output of MailScanner --lint: MailScanner --lint Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 869 hostnames from the phishing whitelist Read 4832 hostnames from the phishing blacklists Checking version numbers... Version number in MailScanner.conf (4.84.5) is correct. Unrar is not installed, it should be in /usr/bin/unrar. This is required for RAR archives to be read to check filenames and filetypes. Virus scanning is not affected. ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf ERROR: is not correct, it should match X-data4-MailScanner-From MailScanner setting GID to (488) **clamd MailScanner setting UID to (89) **postfix Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 0 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = clamd" Found these virus scanners installed: clamd =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/4911 Virus Scanning: Clamd found 1 infections Virus Scanning: Found 1 viruses =========================================================================== If any of your virus scanners (clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Sorry for the length of this, hope someone out there can help! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121127/d1947a27/attachment.html From ms-mailing-list at mailborder.com Wed Nov 28 01:46:00 2012 From: ms-mailing-list at mailborder.com (Mailborder at Gmail) Date: Wed, 28 Nov 2012 02:46:00 +0100 Subject: Clamd Read Error Message-ID: Hello, I have come across a problem and from the research I have done this was a problem when ClamAV 0.96 first came out, but I have not seen any newly reported issues with it. I have reproduced this error in my lab 100% of the time. If anyone has some guidance, I would appreciate it. I have two different systems I am testing: - The first is running CentOS 5.8 64bit and it DOES NOT encounter this problem. - The second is CentOS 6.3 64 bit and it DOES encounter this problem even after a clean re-install. *Build:* - MTA: Postfix mail_version = 2.6.6 - MailScanner: MailScanner-4.84.5-3 - ClamAV: clamav-0.97.6-1, clamav-db-0.97.6-1, clamav-devel-0.97.6-1, clamd-0.97.6-1 (from http://pkgs.repoforge.org/clamav/) *Tests Performed:* - Send a regular email. Both platforms are ok. - Send an email with a .pdf file attachment. Both platforms process and send ok. - Send an oversized email. (6mb) The CentOS 5.8 system has no problems. It quarantines the email and logs it correctly. The CentOS 6.3 system cannot process the email. (Will post --lint below.) *Notes: * - Both systems are running identical versions of ClamAV (the latest) from http://pkgs.repoforge.org/clamav/ - Both are running the same versions of MailScanner - Both are running the same version of Postfix - Both are 64bit OS - Permissions are correct (else the smaller email would not be processed) - Once the CentOS 6.3 system gets this email, it is hung and will not process any further email until I clear it. - If I delete the email from the postfix queue and delete /var/spool/MailScanner/incoming/*.db normal processing will resume. Any help would be greatly appreciated. Thanks, Jerry *MailScanner --lint* * * Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Reading configuration file /etc/MailScanner/conf.d/mailborder.conf Read 869 hostnames from the phishing whitelist Read 4846 hostnames from the phishing blacklists Config: calling custom init function MailWatchLogging Started SQL Logging Checking version numbers... Version number in MailScanner.conf (4.84.5) is correct. ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf ERROR: is not correct, it should match X-Mailborder-Mailborder-From MailScanner setting GID to (89) MailScanner setting UID to (89) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database config: failed to parse line, skipping, in "/etc/mail/spamassassin/ mailscanner.cf": use_auto_whitelist 0 SpamAssassin reported an error. Connected to Processing Attempts Database Created Processing Attempts Database successfully There is 1 message in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = clamd" Found these virus scanners installed: clamd =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting Clamd::ERROR:: UNKNOWN CLAMD RETURN ./1/lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/3820 Clamd::ERROR:: UNKNOWN CLAMD RETURN ./1.header/Access denied. ERROR :: /var/spool/MailScanner/incoming/3820 Virus Scanning: Clamd found 2 infections Virus Scanning: Found 2 viruses =========================================================================== If any of your virus scanners (clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. cannot remove directory for /var/spool/MailScanner/incoming/3820: Permission denied at /usr/lib/MailScanner/MailScanner/WorkArea.pm line 205 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121128/3ae7e7b5/attachment.html From andrew at topdog.za.net Wed Nov 28 05:05:36 2012 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Wed, 28 Nov 2012 07:05:36 +0200 Subject: lstat() failed on: /var/spool/MailScanner/incoming/ In-Reply-To: References: Message-ID: Hi On 28 Nov 2012, at 12:43 AM, Chris Gibson wrote: > Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/4911 Have you checked that selinux is disabled ? Regards, Andrew -- www.baruwa.org From andrew at topdog.za.net Wed Nov 28 05:06:21 2012 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Wed, 28 Nov 2012 07:06:21 +0200 Subject: Clamd Read Error In-Reply-To: References: Message-ID: <4BCA6FC4-52DD-4C8E-91AD-CB998AE1A174@topdog.za.net> On 28 Nov 2012, at 3:46 AM, Mailborder at Gmail wrote: > If any of your virus scanners (clamd) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its virus.scanners.conf. > cannot remove directory for /var/spool/MailScanner/incoming/3820: Permission denied at /usr/lib/MailScanner/MailScanner/WorkArea.pm line 205 I will try and reproduce this over the weekend. - Andrew -- www.baruwa.org From chrisgibson at gmail.com Wed Nov 28 15:43:43 2012 From: chrisgibson at gmail.com (Chris Gibson) Date: Wed, 28 Nov 2012 08:43:43 -0700 Subject: lstat() failed on: /var/spool/MailScanner/incoming/ In-Reply-To: References: Message-ID: Thank you so much Andrew, been pulling my hair out with this and never even thought to check for SELinux. I've disabled SELinux and no more error. Thanks again! On Tue, Nov 27, 2012 at 10:05 PM, Andrew Colin Kissa wrote: > Hi > > On 28 Nov 2012, at 12:43 AM, Chris Gibson wrote: > > > Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. > ERROR :: /var/spool/MailScanner/incoming/4911 > > Have you checked that selinux is disabled ? > > Regards, > Andrew > > -- > www.baruwa.org > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121128/21c3e77d/attachment.html From mailborder at gmail.com Wed Nov 28 16:19:10 2012 From: mailborder at gmail.com (Mailborder at Gmail) Date: Wed, 28 Nov 2012 17:19:10 +0100 Subject: lstat() failed on: /var/spool/MailScanner/incoming/ In-Reply-To: References: Message-ID: Rather than disabling selinux, just fix it. grep denied /var/log/audit/audit/log | audit2allow -M mypolicy semodule -i mypolicy.pp On Wed, Nov 28, 2012 at 4:43 PM, Chris Gibson wrote: > Thank you so much Andrew, been pulling my hair out with this and never > even thought to check for SELinux. > > I've disabled SELinux and no more error. > > Thanks again! > > > > > On Tue, Nov 27, 2012 at 10:05 PM, Andrew Colin Kissa > wrote: > >> Hi >> >> On 28 Nov 2012, at 12:43 AM, Chris Gibson wrote: >> >> > Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission >> denied. ERROR :: /var/spool/MailScanner/incoming/4911 >> >> Have you checked that selinux is disabled ? >> >> Regards, >> Andrew >> >> -- >> www.baruwa.org >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121128/65fb0fb6/attachment.html From stephencoxmail at gmail.com Thu Nov 29 16:46:17 2012 From: stephencoxmail at gmail.com (Stephen Cox) Date: Thu, 29 Nov 2012 18:46:17 +0200 Subject: Minor typo errors on mailscanner.info In-Reply-To: <201211262152.qAQLps3U011957@listserver.mailscanner.info> References: <201211262152.qAQLps3U011957@listserver.mailscanner.info> Message-ID: Hilario, Thank you. I have filed it as an issue on github[1]. [1] https://github.com/MailScanner/MailScanner/issues/13 On Mon, Nov 26, 2012 at 10:38 PM, Hilario Fochi Silveira < hilario at soliton.com.br> wrote: > I have seen these minor errors for years. > > Thus I have attached an edited MailScanner.conf with all the corrections I > saw. > > A simple diff with the current MailScanner.conf file should show the > diferences. > > Hope this helps. > -- Stephen Cox -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121129/e9b8f0df/attachment.html From stephencoxmail at gmail.com Thu Nov 29 16:53:16 2012 From: stephencoxmail at gmail.com (Stephen Cox) Date: Thu, 29 Nov 2012 18:53:16 +0200 Subject: Clamd Read Error In-Reply-To: References: Message-ID: Mailborder, Filed as https://github.com/MailScanner/MailScanner/issues/14 On Wed, Nov 28, 2012 at 3:46 AM, Mailborder at Gmail < ms-mailing-list at mailborder.com> wrote: > cannot remove directory for /var/spool/MailScanner/incoming/3820: > Permission denied at /usr/lib/MailScanner/MailScanner/WorkArea.pm line 205 > -- Stephen Cox -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121129/375c4f2d/attachment.html From msauvola at nwls.lib.wi.us Thu Nov 29 18:33:11 2012 From: msauvola at nwls.lib.wi.us (Michael Sauvola) Date: Thu, 29 Nov 2012 12:33:11 -0600 Subject: Reprocessing quarantined messages Message-ID: Hi all, Due to my own fault, MailScanner put about 16 hours worth of messages (4026) into the quarantine. /var/spool/MailScanner/quarantine/20121127/qARJ0a8W011130/message /qARJ0Cr8W02980/message /qARJ0j88K673043/message and so on... I fixed my goof-up, and mail is now flowing through normally. How can I re-send/reprocess the 4026 messages through MailScanner? Mike -- This message has been scanned for viruses and dangerous content by Northern Waters MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121129/2a92ab88/attachment.html From steve at fsl.com Thu Nov 29 20:05:25 2012 From: steve at fsl.com (Stephen Swaney) Date: Thu, 29 Nov 2012 15:05:25 -0500 Subject: Reprocessing quarantined messages In-Reply-To: References: <50B7C005.3010301@fsl.com> Message-ID: Michael, If you are using sendmail, you could create a script something like: ---------------------cut start ------------------------- !# /bin/bash MESSAGES="/qARJ0a8W011130 qARJ0j88K673043 qARJ0j88K673043" for each message in $MESSAGES do sendmail -toi < /var/spool/MailScanner/quarantine/20121127/${message}/message done exit 0 --------------------cut end---------------------- Best regards, Steve -- Steve Swaney steve at fsl.com 202 595-7760 ext: 601 www.fsl.com The most accurate and cost effective anti-spam solutions available On 11/29/12 1:33 PM, Michael Sauvola wrote: > Hi all, > Due to my own fault, MailScanner put about 16 hours worth of messages > (4026) into the quarantine. > message > /qARJ0Cr8W02980/message > /qARJ0j88K673043/message and so on... > I fixed my goof-up, and mail is now flowing through normally. > How can I re-send/reprocess the 4026 messages through MailScanner? > Mike > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121129/fa5b99b8/attachment.html From msauvola at nwls.lib.wi.us Thu Nov 29 21:16:18 2012 From: msauvola at nwls.lib.wi.us (Michael Sauvola) Date: Thu, 29 Nov 2012 15:16:18 -0600 Subject: Reprocessing quarantined messages In-Reply-To: References: <50B7C005.3010301@fsl.com> Message-ID: <0FB878752A944045B4F9238F5CDEA5E7@lib.wan> Stephan, You mean I would have to type in all 4046 directories named qARJ0a8W011130, qARJ0j88K673043, etc... for this to work? Yikes! Mike From: Stephen Swaney Sent: Thursday, November 29, 2012 2:05 PM To: MailScanner discussion Subject: Re: Reprocessing quarantined messages Michael, If you are using sendmail, you could create a script something like: ---------------------cut start ------------------------- !# /bin/bash MESSAGES="/qARJ0a8W011130 qARJ0j88K673043 qARJ0j88K673043" for each message in $MESSAGES do sendmail -toi < /var/spool/MailScanner/quarantine/20121127/${message}/message done exit 0 --------------------cut end---------------------- Best regards, Steve -- Steve Swaney steve at fsl.com 202 595-7760 ext: 601 www.fsl.com The most accurate and cost effective anti-spam solutions available On 11/29/12 1:33 PM, Michael Sauvola wrote: Hi all, Due to my own fault, MailScanner put about 16 hours worth of messages (4026) into the quarantine. message /qARJ0Cr8W02980/message /qARJ0j88K673043/message and so on... I fixed my goof-up, and mail is now flowing through normally. How can I re-send/reprocess the 4026 messages through MailScanner? Mike -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------------------------------------------------------------- -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Northern Waters MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121129/2fde712d/attachment.html From Kevin_Miller at ci.juneau.ak.us Thu Nov 29 21:28:32 2012 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu, 29 Nov 2012 12:28:32 -0900 Subject: Reprocessing quarantined messages In-Reply-To: <0FB878752A944045B4F9238F5CDEA5E7@lib.wan> References: <50B7C005.3010301@fsl.com> <0FB878752A944045B4F9238F5CDEA5E7@lib.wan> Message-ID: <4A09477D575C2C4B86497161427DD94C27AA6E7003@city-exchange07> Just "ls" the directory, and output it to a text file. I forget the syntax but you can specify the characters to keep, tossing the rest (date, permissions, etc.) and keeping the filename. You could then paste that into the script or redirect it in from the cli... ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357 From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Michael Sauvola Sent: Thursday, November 29, 2012 12:16 PM To: MailScanner discussion Subject: Re: Reprocessing quarantined messages Stephan, You mean I would have to type in all 4046 directories named qARJ0a8W011130, qARJ0j88K673043, etc... for this to work? Yikes! Mike From: Stephen Swaney Sent: Thursday, November 29, 2012 2:05 PM To: MailScanner discussion Subject: Re: Reprocessing quarantined messages Michael, If you are using sendmail, you could create a script something like: ---------------------cut start ------------------------- !# /bin/bash MESSAGES="/qARJ0a8W011130 qARJ0j88K673043 qARJ0j88K673043" for each message in $MESSAGES do sendmail -toi < /var/spool/MailScanner/quarantine/20121127/${message}/message done exit 0 --------------------cut end---------------------- Best regards, Steve -- Steve Swaney steve at fsl.com 202 595-7760 ext: 601 www.fsl.com The most accurate and cost effective anti-spam solutions available On 11/29/12 1:33 PM, Michael Sauvola wrote: Hi all, Due to my own fault, MailScanner put about 16 hours worth of messages (4026) into the quarantine. message /qARJ0Cr8W02980/message /qARJ0j88K673043/message and so on... I fixed my goof-up, and mail is now flowing through normally. How can I re-send/reprocess the 4026 messages through MailScanner? Mike -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ________________________________ -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121129/74d4d461/attachment.html From Kevin_Miller at ci.juneau.ak.us Thu Nov 29 21:32:50 2012 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu, 29 Nov 2012 12:32:50 -0900 Subject: Reprocessing quarantined messages In-Reply-To: <4A09477D575C2C4B86497161427DD94C27AA6E7003@city-exchange07> References: <50B7C005.3010301@fsl.com> <0FB878752A944045B4F9238F5CDEA5E7@lib.wan> <4A09477D575C2C4B86497161427DD94C27AA6E7003@city-exchange07> Message-ID: <4A09477D575C2C4B86497161427DD94C27AA6E7004@city-exchange07> Or another way: MESSAGES=(`find -name "*"`) ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357 From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Kevin Miller Sent: Thursday, November 29, 2012 12:29 PM To: 'MailScanner discussion' Subject: RE: Reprocessing quarantined messages Just "ls" the directory, and output it to a text file. I forget the syntax but you can specify the characters to keep, tossing the rest (date, permissions, etc.) and keeping the filename. You could then paste that into the script or redirect it in from the cli... ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357 From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Michael Sauvola Sent: Thursday, November 29, 2012 12:16 PM To: MailScanner discussion Subject: Re: Reprocessing quarantined messages Stephan, You mean I would have to type in all 4046 directories named qARJ0a8W011130, qARJ0j88K673043, etc... for this to work? Yikes! Mike From: Stephen Swaney Sent: Thursday, November 29, 2012 2:05 PM To: MailScanner discussion Subject: Re: Reprocessing quarantined messages Michael, If you are using sendmail, you could create a script something like: ---------------------cut start ------------------------- !# /bin/bash MESSAGES="/qARJ0a8W011130 qARJ0j88K673043 qARJ0j88K673043" for each message in $MESSAGES do sendmail -toi < /var/spool/MailScanner/quarantine/20121127/${message}/message done exit 0 --------------------cut end---------------------- Best regards, Steve -- Steve Swaney steve at fsl.com 202 595-7760 ext: 601 www.fsl.com The most accurate and cost effective anti-spam solutions available On 11/29/12 1:33 PM, Michael Sauvola wrote: Hi all, Due to my own fault, MailScanner put about 16 hours worth of messages (4026) into the quarantine. message /qARJ0Cr8W02980/message /qARJ0j88K673043/message and so on... I fixed my goof-up, and mail is now flowing through normally. How can I re-send/reprocess the 4026 messages through MailScanner? Mike -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ________________________________ -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121129/ba295331/attachment.html From bonivart at opencsw.org Thu Nov 29 21:47:44 2012 From: bonivart at opencsw.org (Peter Bonivart) Date: Thu, 29 Nov 2012 22:47:44 +0100 Subject: Reprocessing quarantined messages In-Reply-To: <0FB878752A944045B4F9238F5CDEA5E7@lib.wan> References: <50B7C005.3010301@fsl.com> <0FB878752A944045B4F9238F5CDEA5E7@lib.wan> Message-ID: On Thu, Nov 29, 2012 at 10:16 PM, Michael Sauvola wrote: > You mean I would have to type in all 4046 directories named qARJ0a8W011130, > qARJ0j88K673043, etc... for this to work? Yikes! No, just use something like `ls /var/spool/MailScanner/quarantine/20121127/` to fill $MESSAGE. From steve at fsl.com Thu Nov 29 21:55:08 2012 From: steve at fsl.com (Stephen Swaney) Date: Thu, 29 Nov 2012 16:55:08 -0500 Subject: Reprocessing quarantined messages In-Reply-To: References: <50B7C005.3010301@fsl.com> <0FB878752A944045B4F9238F5CDEA5E7@lib.wan> <50B7D9BC.5000902@fsl.com> Message-ID: On 11/29/12 4:16 PM, Michael Sauvola wrote: > You mean I would have to type in all 4046 directories named > qARJ0a8W011130, qARJ0j88K673043, etc... for this to work? Yikes! That would be a lot of work, Why not run: cd /var/spool/MailScanner/quarantine/20121127 ls -t > /tmp/filelist vi /tmp/filelist < Then edit the file to contain only the files that were quarantined. the names should be in chronological sequence so if you can find the start and end of the problem - It should be easy to edit. The file itself will should look something like this: qATHUX60023993 nonspam qATC2RO3028466 qATEICTV020685 qATHC1oi014830 spam qATC2RO1028466 qATAxGTL014630 qATIkZQW025502 . . . . . Steve --- Steve Swaney steve at fsl.com 202 595-7760 ext 601 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121129/23a663ed/attachment.html From msauvola at nwls.lib.wi.us Thu Nov 29 22:29:10 2012 From: msauvola at nwls.lib.wi.us (Michael Sauvola) Date: Thu, 29 Nov 2012 16:29:10 -0600 Subject: Reprocessing quarantined messages In-Reply-To: <4A09477D575C2C4B86497161427DD94C27AA6E7003@city-exchange07> References: <50B7C005.3010301@fsl.com><0FB878752A944045B4F9238F5CDEA5E7@lib.wan> <4A09477D575C2C4B86497161427DD94C27AA6E7003@city-exchange07> Message-ID: <6D676837677C4FAB8130C0F15300E5E7@lib.wan> OK, so using your suggestions, I have a script like this: MESSAGES= ? qARJ0a8W011130 qARJ0j88K673043 etc... ? for each message in $MESSAGES do sendmail -toi < /var/spool/MailScanner/quarantine/20121127/${message}/message done exit 0 When I run it, I get errors: line 182: syntax error near unexpected token `message? line 182: `for each message in $MESSAGES? Mike From: Kevin Miller Sent: Thursday, November 29, 2012 3:28 PM To: 'MailScanner discussion' Subject: RE: Reprocessing quarantined messages Just ?ls? the directory, and output it to a text file. I forget the syntax but you can specify the characters to keep, tossing the rest (date, permissions, etc.) and keeping the filename. You could then paste that into the script or redirect it in from the cli? ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357 From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Michael Sauvola Sent: Thursday, November 29, 2012 12:16 PM To: MailScanner discussion Subject: Re: Reprocessing quarantined messages Stephan, You mean I would have to type in all 4046 directories named qARJ0a8W011130, qARJ0j88K673043, etc... for this to work? Yikes! Mike From: Stephen Swaney Sent: Thursday, November 29, 2012 2:05 PM To: MailScanner discussion Subject: Re: Reprocessing quarantined messages Michael, If you are using sendmail, you could create a script something like: ---------------------cut start ------------------------- !# /bin/bash MESSAGES="/qARJ0a8W011130 qARJ0j88K673043 qARJ0j88K673043" for each message in $MESSAGES do sendmail -toi < /var/spool/MailScanner/quarantine/20121127/${message}/message done exit 0 --------------------cut end---------------------- Best regards, Steve -- Steve Swaney steve at fsl.com 202 595-7760 ext: 601 www.fsl.com The most accurate and cost effective anti-spam solutions available On 11/29/12 1:33 PM, Michael Sauvola wrote: Hi all, Due to my own fault, MailScanner put about 16 hours worth of messages (4026) into the quarantine. message /qARJ0Cr8W02980/message /qARJ0j88K673043/message and so on... I fixed my goof-up, and mail is now flowing through normally. How can I re-send/reprocess the 4026 messages through MailScanner? Mike -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------------------------------------------------------------- -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------------------------------------------------------------- -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Northern Waters MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121129/29ccf2a9/attachment.html From supunr at lankacom.net Fri Nov 30 01:21:58 2012 From: supunr at lankacom.net (Supun Rathnayake) Date: Fri, 30 Nov 2012 06:51:58 +0530 Subject: Reprocessing quarantined messages In-Reply-To: <6D676837677C4FAB8130C0F15300E5E7@lib.wan> References: <50B7C005.3010301@fsl.com><0FB878752A944045B4F9238F5CDEA5E7@lib.wan> <4A09477D575C2C4B86497161427DD94C27AA6E7003@city-exchange07> <6D676837677C4FAB8130C0F15300E5E7@lib.wan> Message-ID: <50B80A36.6010602@lankacom.net> Hi , I think "each" keyword is wrong hence it has to be for message in $MESSAGES do sendmail -toi < /var/spool/MailScanner/quarantine/20121127/${message}/message done exit 0 Thanks, Supun On 11/30/2012 03:59 AM, Michael Sauvola wrote: > OK, so using your suggestions, I have a script like this: > MESSAGES= " qARJ0a8W011130 qARJ0j88K673043 etc... " > for each message in $MESSAGES > do > sendmail -toi < > /var/spool/MailScanner/quarantine/20121127/${message}/message > done > exit 0 > When I run it, I get errors: > line 182: syntax error near unexpected token `message' > line 182: `for each message in $MESSAGES' > Mike > *From:* Kevin Miller > *Sent:* Thursday, November 29, 2012 3:28 PM > *To:* 'MailScanner discussion' > > *Subject:* RE: Reprocessing quarantined messages > > Just "ls" the directory, and output it to a text file. I forget the > syntax but you can specify the characters to keep, tossing the rest > (date, permissions, etc.) and keeping the filename. You could then > paste that into the script or redirect it in from the cli... > > ...Kevin > -- > Kevin Miller > Network/email Administrator, CBJ MIS Dept. > 155 South Seward Street > Juneau, Alaska 99801 > Phone: (907) 586-0242, Fax: (907) 586-4500 > Registered Linux User No: 307357 > > *From:*mailscanner-bounces at lists.mailscanner.info > [mailto:mailscanner-bounces at lists.mailscanner.info] *On Behalf Of > *Michael Sauvola > *Sent:* Thursday, November 29, 2012 12:16 PM > *To:* MailScanner discussion > *Subject:* Re: Reprocessing quarantined messages > > Stephan, > > You mean I would have to type in all 4046 directories named > qARJ0a8W011130, qARJ0j88K673043, etc... for this to work? Yikes! > > Mike > > *From:*Stephen Swaney > > *Sent:*Thursday, November 29, 2012 2:05 PM > > *To:*MailScanner discussion > > *Subject:*Re: Reprocessing quarantined messages > > Michael, > > If you are using sendmail, you could create a script something like: > > ---------------------cut start ------------------------- > !# /bin/bash > > MESSAGES="/qARJ0a8W011130 > qARJ0j88K673043 > qARJ0j88K673043" > > for each message in $MESSAGES > do > sendmail -toi < > /var/spool/MailScanner/quarantine/20121127/${message}/message > done > > exit 0 > --------------------cut end---------------------- > > > Best regards, > > Steve > -- > Steve Swaney > steve at fsl.com > 202 595-7760 ext: 601 > www.fsl.com > The most accurate and cost effective anti-spam solutions available > > > > On 11/29/12 1:33 PM, Michael Sauvola wrote: > > Hi all, > > Due to my own fault, MailScanner put about 16 hours worth of > messages (4026) into the quarantine. > > message > > /qARJ0Cr8W02980/message > > /qARJ0j88K673043/message and so on... > > I fixed my goof-up, and mail is now flowing through normally. > > How can I re-send/reprocess the 4026 messages through MailScanner? > > Mike > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , > and is > believed to be clean. > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > > ------------------------------------------------------------------------ > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > > ------------------------------------------------------------------------ > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121130/1e623306/attachment-0001.html From mailborder at gmail.com Fri Nov 30 07:33:09 2012 From: mailborder at gmail.com (Mailborder at Gmail) Date: Fri, 30 Nov 2012 08:33:09 +0100 Subject: Reprocessing quarantined messages In-Reply-To: References: Message-ID: If postfix: postsuper -r ALL On Thu, Nov 29, 2012 at 7:33 PM, Michael Sauvola wrote: > Hi all, > > Due to my own fault, MailScanner put about 16 hours worth of messages > (4026) into the quarantine. > > /var/spool/MailScanner/quarantine/20121127/qARJ0a8W011130/message > > /qARJ0Cr8W02980/message > > /qARJ0j88K673043/message and so on... > > I fixed my goof-up, and mail is now flowing through normally. > > How can I re-send/reprocess the 4026 messages through MailScanner? > > Mike > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121130/3814d0c5/attachment.html From mailborder at gmail.com Fri Nov 30 07:49:22 2012 From: mailborder at gmail.com (Mailborder at Gmail) Date: Fri, 30 Nov 2012 08:49:22 +0100 Subject: Mailborder Message-ID: Hello all, I spoke to Jules regarding Mailborder and extending an offer to the Beta program to everyone on the MailScanner list. I have been developing a product called Mailborder for about 8 years now that incorporates MailScanner. It is a clusterable solution for email gateways. It has previously been used only in private environments. It is now available for open Beta to everyone on this list. It is limited to RH / CentOS v5.8 at the moment, which is stable. The version for RH / CentOS 6.3 is in development. It is a licensed product. However, for Beta and the members of the MailScanner developer community it is of course free. (As in free beer.) The details are on the web site. You can use the code *BETA323 *to get as many free licenses as you need. I ask that in return you post feedback to the forums. I invite you all to take a look. I am confident you will be impressed. http://www.mailborder.com Jerry Benton -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121130/6582a631/attachment.html From glenn.steen at gmail.com Fri Nov 30 09:26:50 2012 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri, 30 Nov 2012 10:26:50 +0100 Subject: Reprocessing quarantined messages In-Reply-To: References: Message-ID: No, that won't cut it. That only works when the messages are in the postfix hold queue, which these aren't. When the messages have been quarantined, regardless of MTA, you need script a way to reintroduce them into the mailflow, as suggested in this thread. IIRC there is a few scripts/suggestions about that in the wiki... And creating the script from scratch is rather trivial too. However... One need take into consideration any special rules (in MailScanner) for locally supplied mail, and perhaps temporarily disable any such rule... It is rather common practice ro have a rule bypassing scanning, to facilitate easy release from quarantine, that would kind of defeat the purpose of MS:-). I guess one has to know obes own setup well enough to determine that, or accept that some crap will get through. Cheers -- -- Glenn Den 30 nov 2012 08:57 skrev "Mailborder at Gmail" : > If postfix: > > postsuper -r ALL > > > On Thu, Nov 29, 2012 at 7:33 PM, Michael Sauvola wrote: > >> Hi all, >> >> Due to my own fault, MailScanner put about 16 hours worth of messages >> (4026) into the quarantine. >> >> /var/spool/MailScanner/quarantine/20121127/qARJ0a8W011130/message >> >> /qARJ0Cr8W02980/message >> >> /qARJ0j88K673043/message and so on... >> >> I fixed my goof-up, and mail is now flowing through normally. >> >> How can I re-send/reprocess the 4026 messages through MailScanner? >> >> Mike >> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by *MailScanner* , and >> is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121130/2827d050/attachment.html From richard at fastnet.co.uk Fri Nov 30 10:35:33 2012 From: richard at fastnet.co.uk (Richard Mealing) Date: Fri, 30 Nov 2012 10:35:33 +0000 Subject: Reprocessing quarantined messages In-Reply-To: References: Message-ID: <1251B5423222C446A299CABAA7B46FF4098F4094@fn-exchange.fastnet.local> Hi Mike, Why do you just go into the directory and put it in a while loop? Make a temp directory first mkdir /tmp/sometempdir cd /var/spool/MailScanner/quarantine/20121127/ ls | while read myfiles ; do cp $myfiles/* /tmp/sometempdir ; done Then cd into the /tmp/sometempdir and check the messages are all in there. Then just copy them to your incoming queue, so cp * /var/spool/mqueue.in/ Richard From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Michael Sauvola Sent: 29 November 2012 18:33 To: mailscanner at lists.mailscanner.info Subject: Reprocessing quarantined messages Hi all, Due to my own fault, MailScanner put about 16 hours worth of messages (4026) into the quarantine. /var/spool/MailScanner/quarantine/20121127/qARJ0a8W011130/message /qARJ0Cr8W02980/message /qARJ0j88K673043/message and so on... I fixed my goof-up, and mail is now flowing through normally. How can I re-send/reprocess the 4026 messages through MailScanner? Mike -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121130/5b84270c/attachment.html From glenn.steen at gmail.com Fri Nov 30 13:14:27 2012 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri, 30 Nov 2012 14:14:27 +0100 Subject: Reprocessing quarantined messages In-Reply-To: <1251B5423222C446A299CABAA7B46FF4098F4094@fn-exchange.fastnet.local> References: <1251B5423222C446A299CABAA7B46FF4098F4094@fn-exchange.fastnet.local> Message-ID: Hello Richard, Since the quarantine in question contain "message" files, one can surmise that the quarantine doesn't contain the queue files... Rather it is the complete message coded as an RFC822 text file (likely a MailWatch setup, or similar). Hence one need resubmit them rather than just copy a few queue files;-) Cheers! -- -- Glenn Den 30 nov 2012 12:00 skrev "Richard Mealing" : > Hi Mike,**** > > ** ** > > Why do you just go into the directory and put it in a while loop?**** > > ** ** > > Make a temp directory first **** > > ** ** > > mkdir /tmp/sometempdir**** > > ** ** > > cd /var/spool/MailScanner/quarantine/20121127/**** > > ** ** > > ls | while read myfiles ; do cp $myfiles/* /tmp/sometempdir ; done**** > > ** ** > > Then cd into the /tmp/sometempdir and check the messages are all in there. > Then just copy them to your incoming queue, so cp * /var/spool/mqueue.in/* > *** > > ** ** > > ** ** > > ** ** > > Richard **** > > > > > **** > > > > **** > > ** ** > > *From:* mailscanner-bounces at lists.mailscanner.info [mailto: > mailscanner-bounces at lists.mailscanner.info] *On Behalf Of *Michael Sauvola > *Sent:* 29 November 2012 18:33 > *To:* mailscanner at lists.mailscanner.info > *Subject:* Reprocessing quarantined messages**** > > ** ** > > Hi all,**** > > **** > > Due to my own fault, MailScanner put about 16 hours worth of messages > (4026) into the quarantine.**** > > **** > > /var/spool/MailScanner/quarantine/20121127/qARJ0a8W011130/message**** > > > /qARJ0Cr8W02980/message**** > > > /qARJ0j88K673043/message and so on...**** > > **** > > I fixed my goof-up, and mail is now flowing through normally.**** > > **** > > How can I re-send/reprocess the 4026 messages through MailScanner?**** > > **** > > Mike**** > > **** > > **** > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. **** > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121130/378e76d1/attachment.html From Denis.Beauchemin at usherbrooke.ca Fri Nov 30 13:35:50 2012 From: Denis.Beauchemin at usherbrooke.ca (Denis Beauchemin) Date: Fri, 30 Nov 2012 13:35:50 +0000 Subject: Reprocessing quarantined messages In-Reply-To: <1251B5423222C446A299CABAA7B46FF4098F4094@fn-exchange.fastnet.local> References: <1251B5423222C446A299CABAA7B46FF4098F4094@fn-exchange.fastnet.local> Message-ID: What Richard suggests is close to what I would do?: cd /var/spool/MailScanner/quarantine find . -name '[dq]*' -print0 | xargs -0 -I "{}" cp {} /var/spool/mqueue.in This would work for messages "Quarantine Whole Messages As Queue Files" for sendmail. Denis ______________________________ Denis Beauchemin Architecte technologique - Infrastructure des serveurs Service des technologies de l?information Universit? de Sherbrooke T?l.?: 819 821-8000, poste 62252 Courriel?: Denis.Beauchemin at USherbrooke.ca De?: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Richard Mealing Envoy??: 30 novembre 2012 05:44 ??: MailScanner discussion Objet?: RE: Reprocessing quarantined messages Hi Mike, Why do you just go into the directory and put it in a while loop? Make a temp directory first mkdir /tmp/sometempdir cd /var/spool/MailScanner/quarantine/20121127/ ls | while read myfiles ; do cp $myfiles/* /tmp/sometempdir ; done Then cd into the /tmp/sometempdir and check the messages are all in there. Then just copy them to your incoming queue, so cp * /var/spool/mqueue.in/ Richard From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Michael Sauvola Sent: 29 November 2012 18:33 To: mailscanner at lists.mailscanner.info Subject: Reprocessing quarantined messages Hi all, ? Due to my own fault, MailScanner put about 16 hours worth of messages (4026) into the quarantine. ? /var/spool/MailScanner/quarantine/20121127/qARJ0a8W011130/message ??????????????????????????????????????????????????????????????????????????? /qARJ0Cr8W02980/message ??????????????????????????????????????????????????????????????????????????? /qARJ0j88K673043/message and so on... ? I fixed my goof-up, and mail is now flowing through normally. ? How can I re-send/reprocess the 4026 messages through MailScanner? ? Mike ? ? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Fri Nov 30 15:07:08 2012 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri, 30 Nov 2012 16:07:08 +0100 Subject: Reprocessing quarantined messages In-Reply-To: References: <1251B5423222C446A299CABAA7B46FF4098F4094@fn-exchange.fastnet.local> Message-ID: Yes Denis, but the first message in this thread show that this isn't the case here. It's set to "no";-) Cheers! -- -- Glenn Den 30 nov 2012 14:58 skrev "Denis Beauchemin" < Denis.Beauchemin at usherbrooke.ca>: > What Richard suggests is close to what I would do : > cd /var/spool/MailScanner/quarantine > find . -name '[dq]*' -print0 | xargs -0 -I "{}" cp {} /var/spool/mqueue.in > > This would work for messages "Quarantine Whole Messages As Queue Files" > for sendmail. > > Denis > ______________________________ > Denis Beauchemin > Architecte technologique - Infrastructure des serveurs > Service des technologies de l?information > Universit? de Sherbrooke > > T?l. : 819 821-8000, poste 62252 > Courriel : Denis.Beauchemin at USherbrooke.ca > > De : mailscanner-bounces at lists.mailscanner.info [mailto: > mailscanner-bounces at lists.mailscanner.info] De la part de Richard Mealing > Envoy? : 30 novembre 2012 05:44 > ? : MailScanner discussion > Objet : RE: Reprocessing quarantined messages > > Hi Mike, > > Why do you just go into the directory and put it in a while loop? > > Make a temp directory first > > mkdir /tmp/sometempdir > > cd /var/spool/MailScanner/quarantine/20121127/ > > ls | while read myfiles ; do cp $myfiles/* /tmp/sometempdir ; done > > Then cd into the /tmp/sometempdir and check the messages are all in there. > Then just copy them to your incoming queue, so cp * /var/spool/mqueue.in/ > > > > Richard > > > > > From: mailscanner-bounces at lists.mailscanner.info [mailto: > mailscanner-bounces at lists.mailscanner.info] On Behalf Of Michael Sauvola > Sent: 29 November 2012 18:33 > To: mailscanner at lists.mailscanner.info > Subject: Reprocessing quarantined messages > > Hi all, > > Due to my own fault, MailScanner put about 16 hours worth of messages > (4026) into the quarantine. > > /var/spool/MailScanner/quarantine/20121127/qARJ0a8W011130/message > > /qARJ0Cr8W02980/message > > /qARJ0j88K673043/message and so on... > > I fixed my goof-up, and mail is now flowing through normally. > > How can I re-send/reprocess the 4026 messages through MailScanner? > > Mike > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121130/3c864a23/attachment.html From msauvola at nwls.lib.wi.us Fri Nov 30 18:01:03 2012 From: msauvola at nwls.lib.wi.us (Michael Sauvola) Date: Fri, 30 Nov 2012 12:01:03 -0600 Subject: Reprocessing quarantined messages In-Reply-To: References: <50B7C005.3010301@fsl.com> Message-ID: OK, I took the ?each? out of the statement, and it seems to go through each directory. But now as it processes, I get this message: ?No recipient addressess found in header? If I look inside some of the message files, they seem to be broken up ?pieces? of messages. So, ?Quarantine Whole Messages As Queue Files=no? breaks them into pieces rather than storing the whole message plain text? Or at least that?s what seems to have happened. I appreciate the help you folks are giving me. I am somewhat swamped with 400+ PCs to support in 30 locations 130 miles apart, plus 7 servers here in the main office. With the help of 1 other staff member, we know enough to keep things going most of the time, but haven?t become expert in anything, so need a bit of direction now and then. Any other suggestions? Or are we screwed? Thanks again, Mike -- This message has been scanned for viruses and dangerous content by Northern Waters MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121130/a264ed0b/attachment.html From msauvola at nwls.lib.wi.us Fri Nov 30 18:48:18 2012 From: msauvola at nwls.lib.wi.us (Michael Sauvola) Date: Fri, 30 Nov 2012 12:48:18 -0600 Subject: Reprocessing quarantined messages In-Reply-To: References: <50B7C005.3010301@fsl.com> Message-ID: <55D4C64596F3450C9A0216665FE44BAA@lib.wan> Or does this explain it ( at the top of one message) This is a multi-part message in MIME format. --------=_NextPart_000_0077_01CDCCA4.A62F4130 Content-Type: text/plain; charset=?iso-8859-1? Content-Transfer-Encoding: quoted-printable Mike From: Michael Sauvola Sent: Friday, November 30, 2012 12:01 PM To: MailScanner discussion Subject: Re: Reprocessing quarantined messages OK, I took the ?each? out of the statement, and it seems to go through each directory. But now as it processes, I get this message: ?No recipient addressess found in header? If I look inside some of the message files, they seem to be broken up ?pieces? of messages. So, ?Quarantine Whole Messages As Queue Files=no? breaks them into pieces rather than storing the whole message plain text? Or at least that?s what seems to have happened. I appreciate the help you folks are giving me. I am somewhat swamped with 400+ PCs to support in 30 locations 130 miles apart, plus 7 servers here in the main office. With the help of 1 other staff member, we know enough to keep things going most of the time, but haven?t become expert in anything, so need a bit of direction now and then. Any other suggestions? Or are we screwed? Thanks again, Mike -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------------------------------------------------------------- -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Northern Waters MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121130/40ee397f/attachment.html From msauvola at nwls.lib.wi.us Fri Nov 30 23:02:07 2012 From: msauvola at nwls.lib.wi.us (Michael Sauvola) Date: Fri, 30 Nov 2012 17:02:07 -0600 Subject: Reprocessing quarantined messages [Solved, sort of] In-Reply-To: <55D4C64596F3450C9A0216665FE44BAA@lib.wan> References: <50B7C005.3010301@fsl.com> <55D4C64596F3450C9A0216665FE44BAA@lib.wan> Message-ID: <0030FF4C264344AC9D469DBF83EA01AE@lib.wan> I think I found the cause, and unfortunately no solution. MailScanner.conf Quarantine Whole Message=no Quarantine Whole Message as Queue File=no Mike From: Michael Sauvola Sent: Friday, November 30, 2012 12:48 PM To: MailScanner discussion Subject: Re: Reprocessing quarantined messages Or does this explain it ( at the top of one message) This is a multi-part message in MIME format. --------=_NextPart_000_0077_01CDCCA4.A62F4130 Content-Type: text/plain; charset=?iso-8859-1? Content-Transfer-Encoding: quoted-printable Mike From: Michael Sauvola Sent: Friday, November 30, 2012 12:01 PM To: MailScanner discussion Subject: Re: Reprocessing quarantined messages OK, I took the ?each? out of the statement, and it seems to go through each directory. But now as it processes, I get this message: ?No recipient addressess found in header? If I look inside some of the message files, they seem to be broken up ?pieces? of messages. So, ?Quarantine Whole Messages As Queue Files=no? breaks them into pieces rather than storing the whole message plain text? Or at least that?s what seems to have happened. I appreciate the help you folks are giving me. I am somewhat swamped with 400+ PCs to support in 30 locations 130 miles apart, plus 7 servers here in the main office. With the help of 1 other staff member, we know enough to keep things going most of the time, but haven?t become expert in anything, so need a bit of direction now and then. Any other suggestions? Or are we screwed? Thanks again, Mike -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------------------------------------------------------------- -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------------------------------------------------------------- -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Northern Waters MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121130/7a0c5150/attachment.html From ssilva at sgvwater.com Fri Nov 30 23:26:08 2012 From: ssilva at sgvwater.com (Scott Silva) Date: Fri, 30 Nov 2012 15:26:08 -0800 Subject: Reprocessing quarantined messages [Solved, sort of] In-Reply-To: <0030FF4C264344AC9D469DBF83EA01AE@lib.wan> References: <50B7C005.3010301@fsl.com> <55D4C64596F3450C9A0216665FE44BAA@lib.wan> <0030FF4C264344AC9D469DBF83EA01AE@lib.wan> Message-ID: on 11/30/2012 3:02 PM Michael Sauvola spake the following: > > I think I found the cause, and unfortunately no solution. > > MailScanner.conf > Quarantine Whole Message=no > Quarantine Whole Message as Queue File=no > > Mike Yep.... Not sure how you can fix that without going through the logs to match queue ids to recipients... From Kevin_Miller at ci.juneau.ak.us Fri Nov 30 23:29:39 2012 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri, 30 Nov 2012 14:29:39 -0900 Subject: Reprocessing quarantined messages [Solved, sort of] In-Reply-To: <0030FF4C264344AC9D469DBF83EA01AE@lib.wan> References: <50B7C005.3010301@fsl.com> <55D4C64596F3450C9A0216665FE44BAA@lib.wan> <0030FF4C264344AC9D469DBF83EA01AE@lib.wan> Message-ID: <4A09477D575C2C4B86497161427DD94C27AA6E707C@city-exchange07> Back in 2007 someone was having a similar problem. Steve Freegard posted a note and script which I?m reposting. I haven?t had need to try it but assume it works fine (Steve?s a sharp guy). Hopefully it?ll help you as well. =========================================================== Hi Glenn/Jason, Glenn Steen wrote: > On 16/07/07, Jason Gottschalk > wrote: > "Archive of quarantine"? Sounds a bit like you are using MailWatch and > have store set on the non-spam action... In whiich case this beconmes > a problem of: > a) Finding the relevant messages, and > b) sending them to the recipient. > > If you indeed use MailWatch, then a) is fixed by a simple SQL query... > All you really need is to construct a file containing all the message > IDs and possibly all the dates... Heck, why not let the SQL scriptlet > construct a file of filenames (one/line) with the absolute path to the > message file (which is in RFC822 format), then simply loop over that > and use yourMTAs sendmail command (for i in $(cat filenames); do > sendmail recipient at add.ress<$i; done) ... Simple as that:-). > I'm on vacation, so will not be writing that scriptlet for you anytime > this week... perhaps when I'm back to the grindstone...:-) I wrote something similar for a customer with a similar problem which is attached. You will need to edit it and change 'mysql -N mailscanner' to 'mysql -u -p -N mailscanner' where is your MailWatch MySQL user. It will prompt you for the password when you run it. It is run like: resend.sh 2007-06-01 2007-06-16 fsl.com The first argument is the date from, second is the date to and third is used to match all or part of a destination address (e.g. domain or full e-mail address), it will then find all messages for matching those criteria and resend them from the quarantine. Hope it helps. Kind regards, Steve. -- Steve Freegard Development Director Fort Systems Ltd. =========================================================== ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357 From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Michael Sauvola Sent: Friday, November 30, 2012 2:02 PM To: MailScanner discussion Subject: Re: Reprocessing quarantined messages [Solved, sort of] I think I found the cause, and unfortunately no solution. MailScanner.conf Quarantine Whole Message=no Quarantine Whole Message as Queue File=no Mike From: Michael Sauvola Sent: Friday, November 30, 2012 12:48 PM To: MailScanner discussion Subject: Re: Reprocessing quarantined messages Or does this explain it ( at the top of one message) This is a multi-part message in MIME format. --------=_NextPart_000_0077_01CDCCA4.A62F4130 Content-Type: text/plain; charset=?iso-8859-1? Content-Transfer-Encoding: quoted-printable Mike From: Michael Sauvola Sent: Friday, November 30, 2012 12:01 PM To: MailScanner discussion Subject: Re: Reprocessing quarantined messages OK, I took the ?each? out of the statement, and it seems to go through each directory. But now as it processes, I get this message: ?No recipient addressess found in header? If I look inside some of the message files, they seem to be broken up ?pieces? of messages. So, ?Quarantine Whole Messages As Queue Files=no? breaks them into pieces rather than storing the whole message plain text? Or at least that?s what seems to have happened. I appreciate the help you folks are giving me. I am somewhat swamped with 400+ PCs to support in 30 locations 130 miles apart, plus 7 servers here in the main office. With the help of 1 other staff member, we know enough to keep things going most of the time, but haven?t become expert in anything, so need a bit of direction now and then. Any other suggestions? Or are we screwed? Thanks again, Mike -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ________________________________ -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ________________________________ -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121130/e4ca42d2/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: resend.sh Type: application/octet-stream Size: 603 bytes Desc: resend.sh Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121130/e4ca42d2/attachment-0001.obj From Kevin_Miller at ci.juneau.ak.us Fri Nov 30 23:58:48 2012 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri, 30 Nov 2012 14:58:48 -0900 Subject: Reprocessing quarantined messages [Solved, sort of] In-Reply-To: <4A09477D575C2C4B86497161427DD94C27AA6E707C@city-exchange07> References: <50B7C005.3010301@fsl.com> <55D4C64596F3450C9A0216665FE44BAA@lib.wan> <0030FF4C264344AC9D469DBF83EA01AE@lib.wan> <4A09477D575C2C4B86497161427DD94C27AA6E707C@city-exchange07> Message-ID: <4A09477D575C2C4B86497161427DD94C27AA6E7082@city-exchange07> Opps ? missed the ?Quarantine Whole Message=no? So Steve?s script probably won?t do what you need it to do. Bummer. Not sure if the script even made it to the mailing list anyway. I can post it elsewhere if it didn't and anyone's interested? ?...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357 From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Kevin Miller Sent: Friday, November 30, 2012 2:30 PM To: 'MailScanner discussion' Subject: RE: Reprocessing quarantined messages [Solved, sort of] Back in 2007 someone was having a similar problem.? Steve Freegard posted a note and script which I?m reposting.? I haven?t had need to try it but assume it works fine (Steve?s a sharp guy).? Hopefully it?ll help you as well. Snip