From ravennaita at gmail.com Sun Sep 2 08:56:45 2012 From: ravennaita at gmail.com (Ravenna Ita) Date: Sun, 2 Sep 2012 14:56:45 +0700 Subject: Adding Multiple Signatures In-Reply-To: <4FE466FD.4030406@paully.co.uk> References: <4FE466FD.4030406@paully.co.uk> Message-ID: On Fri, Jun 22, 2012 at 7:37 PM, Paul Littlefield wrote: > Hello. > > I would like to add 2 signatures to all outgoing messages. > > e.g. > > Personal Signature > + > General Signature > > I have created the rules file > > From: paul at domain.com /opt/MailScanner/etc/reports/en/paul.sig.txt > From: itsupport at domain.com > /opt/MailScanner/etc/reports/en/itsupport.sig.txt > FromOrTo: default /opt/MailScanner/etc/reports/en/inline.sig.txt > > and MailScanner does add just ONE of the signatures correctly... the first > one it matches. > > However, is there a way to get it to add both the name signature AND the > default signature? > > i.e. > > paul.sig.txt > + > inline.sig.txt > > :-) > > Hope you can help. > > Regards > > Paully > -- Hello Paully, i am on the same situation with you, needing to add 2 signatures could you share the solution in case you have found one Ravenna Ita From alex at vidadigital.com.pa Mon Sep 3 00:47:40 2012 From: alex at vidadigital.com.pa (Alex Neuman) Date: Sun, 2 Sep 2012 18:47:40 -0500 Subject: Adding Multiple Signatures In-Reply-To: References: <4FE466FD.4030406@paully.co.uk> Message-ID: Add the contents of the general signature to each one of the personal signatures. Rename inline.sig.txt to uselesscrap.txt, go to /opt/MailScanner/etc/reports/en/, for a in *.sig.txt; do cat uselesscrap.txt >> $a; done Then you can rename uselesscrap.txt back to inline.sig.txt. On Sun, Sep 2, 2012 at 2:56 AM, Ravenna Ita wrote: > On Fri, Jun 22, 2012 at 7:37 PM, Paul Littlefield > wrote: > > Hello. > > > > I would like to add 2 signatures to all outgoing messages. > > > > e.g. > > > > Personal Signature > > + > > General Signature > > > > I have created the rules file > > > > From: paul at domain.com /opt/MailScanner/etc/reports/en/paul.sig.txt > > From: itsupport at domain.com > > /opt/MailScanner/etc/reports/en/itsupport.sig.txt > > FromOrTo: default /opt/MailScanner/etc/reports/en/inline.sig.txt > > > > and MailScanner does add just ONE of the signatures correctly... the > first > > one it matches. > > > > However, is there a way to get it to add both the name signature AND the > > default signature? > > > > i.e. > > > > paul.sig.txt > > + > > inline.sig.txt > > > > :-) > > > > Hope you can help. > > > > Regards > > > > Paully > > -- > > > > Hello Paully, > > i am on the same situation with you, needing to add 2 signatures > could you share the solution in case you have found one > > Ravenna Ita > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital --- ABOUT THOSE "SAVE THE PLANET, DON'T PRINT THIS GRAPHICS -- Before you include a useless, hypocritical embedded graphic advocating "saving trees by not printing", you should consider how much electricity and bandwidth was spent sending that unnecessary graphic. Millions of e-mails every day with worthless graphics like that make much more of an environmental impact than the rare occasion someone prints out an e-mail. In fact, with the cost of paper, ink and power, a lot of people avoid printing as much as possible not to save the planet, but to save their own wallets. -- ABOUT ANY "LEGAL" E-MAIL DISCLAIMERS -- They are not legally binding in most jurisdictions, and are usually internally inconsistent. Don't waste time, money and bandwidth by including "legal disclaimers", they are a waste of everyone's time and resources. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120902/3240782d/attachment.html From info at paully.co.uk Mon Sep 3 13:37:13 2012 From: info at paully.co.uk (Paul Littlefield) Date: Mon, 03 Sep 2012 13:37:13 +0100 Subject: Adding Multiple Signatures In-Reply-To: References: <4FE466FD.4030406@paully.co.uk> Message-ID: <5044A479.9020201@paully.co.uk> On 02/09/12 08:56, Ravenna Ita wrote: > i am on the same situation with you, needing to add 2 signatures > could you share the solution in case you have found one Hi Ravenna I could not find an easy solution to this, so in the end I used a combination of Client Signature and MailScanner Signature. This was achieved by setting a Thunderbird signature AND including the 'magic token' of '_SIGNATURE_' to let MailScanner put the rest in (like postal address, disclaimer, etc.) e.g. Firstname Surname Job Title Email Address _SIGNATURE_ So now, when my customer sends an email, Mozilla Thunderbird puts WHO it is from, and MailScanner puts WHERE+WHY it is from! It also means that when they move office, or want to change the disclaimer I don't need to go around changing 50 signatures! :-) Here is a link to the MailScanner conf page about it:- http://tinyurl.com/bp3t9vd Hope this helps you. Regards -- Paul Littlefield Telephone: 07801 125705 Facsimile: 08719 896021 Email: info at paully.co.uk Web: www.paully.co.uk Skype: paul_littlefield Twitter: paullittlefield Wiki: http://wiki.indie-it.com/index.php?title=Special:AllPages Blog: http://www.littlefield.info Paul Littlefield is environmentally responsible. Please consider the environment before printing this email. This email and any attachment is intended for the named addressee only, or person authorised to receive it on their behalf. The content should be treated as confidential and the recipient may not disclose this message or any attachment to anyone else without authorisation. If this transmission is received in error please notify the sender immediately and delete this message from your email system. All electronic transmissions to and from me are recorded and may be monitored. Finally, the recipient should check this email and any attachments for viruses. Paul Littlefield accepts no liability for any damage caused by any virus transmitted by this email. From info at paully.co.uk Mon Sep 3 13:38:52 2012 From: info at paully.co.uk (Paul Littlefield) Date: Mon, 03 Sep 2012 13:38:52 +0100 Subject: Adding Multiple Signatures In-Reply-To: References: <4FE466FD.4030406@paully.co.uk> Message-ID: <5044A4DC.9070100@paully.co.uk> On 03/09/12 00:47, Alex Neuman wrote: > Add the contents of the general signature to each one of the personal signatures. > > Rename inline.sig.txt to uselesscrap.txt, > > go to /opt/MailScanner/etc/reports/en/, > > for a in *.sig.txt; do cat uselesscrap.txt >> $a; done > > Then you can rename uselesscrap.txt back to inline.sig.txt. Thanks Alex, I have wiki'd this for next time! :-) Paully From alex at vidadigital.com.pa Mon Sep 3 16:49:22 2012 From: alex at vidadigital.com.pa (Alex Neuman) Date: Mon, 3 Sep 2012 10:49:22 -0500 Subject: Adding Multiple Signatures In-Reply-To: <5044A4DC.9070100@paully.co.uk> References: <4FE466FD.4030406@paully.co.uk> <5044A4DC.9070100@paully.co.uk> Message-ID: You're welcome! I'm sure there's a better way... But for now, this could work... On Mon, Sep 3, 2012 at 7:38 AM, Paul Littlefield wrote: > On 03/09/12 00:47, Alex Neuman wrote: >> Add the contents of the general signature to each one of the personal signatures. >> >> Rename inline.sig.txt to uselesscrap.txt, >> >> go to /opt/MailScanner/etc/reports/en/, >> >> for a in *.sig.txt; do cat uselesscrap.txt >> $a; done >> >> Then you can rename uselesscrap.txt back to inline.sig.txt. > > > Thanks Alex, I have wiki'd this for next time! > > :-) > > Paully > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital --- ABOUT THOSE "SAVE THE PLANET, DON'T PRINT THIS" GRAPHICS -- Before you include a useless, hypocritical embedded graphic advocating "saving trees by not printing", you should consider how much electricity and bandwidth was spent sending that unnecessary graphic. Millions of e-mails every day with worthless graphics like that make much more of an environmental impact than the rare occasion someone prints out an e-mail. In fact, with the cost of paper, ink and power, a lot of people avoid printing as much as possible not to save the planet, but to save their own wallets. -- ABOUT ANY "LEGAL" E-MAIL DISCLAIMERS -- They are not legally binding in most jurisdictions, and are usually internally inconsistent. Don't waste time, money and bandwidth by including "legal disclaimers", they are a waste of everyone's time and resources. From mgarcia at nettix.com.pe Wed Sep 5 09:10:57 2012 From: mgarcia at nettix.com.pe (Martin Garcia) Date: Wed, 05 Sep 2012 03:10:57 -0500 Subject: Forward to multiple email address Message-ID: <50470911.1060209@nettix.com.pe> Hey there, I would like to have a MailScanner instance to forward, to more than one email address, for example, if a spam is detected for xyz at domain.com then forward to spam at domain.com, if a spam is detected for abc at otherdomain.pe, then forward to spam at otherdomain.pe I was reading the documentation, and it says it forwards only to one email address, let me know if you have some tricks for it please, Thanks in advance, -- Cualquier duda o consulta estoy a su disposicion. Atentamente / Sincerely MARTIN GARCIA Consultor Linux y redes Nettix Peru EIRL telf: +(511)9-9735-4848 mailto:mgarcia at nettix.com.pe From Johan at double-l.nl Wed Sep 5 10:01:06 2012 From: Johan at double-l.nl (Johan Hendriks) Date: Wed, 5 Sep 2012 09:01:06 +0000 Subject: Forward to multiple email address In-Reply-To: <50470911.1060209@nettix.com.pe> References: <50470911.1060209@nettix.com.pe> Message-ID: <23D04C868D0C0349AAF928DCEE9C62E806CE1F7D@SRV01.neuteboom.local> >Hey there, >I would like to have a MailScanner instance to forward, to more than one email address, for example, if a spam is detected for xyz at domain.com then forward to >spam at domain.com, if a spam is detected for abc at otherdomain.pe, then forward to spam at otherdomain.pe >I was reading the documentation, and it says it forwards only to one email address, let me know if you have some tricks for it please, >Thanks in advance, Set the following in MailScanner.conf Spam Actions = /usr/local/etc/MailScanner/rules/spam.actions.rules I use the following in /usr/local/etc/MailScanner/rules/spam.actions.rules FromOrTo: domain1.nl delete forward spam at domain1.nl FromOrTo: otherdomain.nl delete forward spam at otherdomain.nl FromOrTo: yourdomain.com delete forward spam at yourdomain.com FromOrTo: default delete forward myspam at mydomain.com regards Johan Hendriks Neuteboom Automatisering From info at paully.co.uk Wed Sep 5 10:12:09 2012 From: info at paully.co.uk (Paul Littlefield) Date: Wed, 05 Sep 2012 10:12:09 +0100 Subject: Forward to multiple email address In-Reply-To: <50470911.1060209@nettix.com.pe> References: <50470911.1060209@nettix.com.pe> Message-ID: <50471769.5000200@paully.co.uk> On 05/09/12 09:10, Martin Garcia wrote: > I would like to have a MailScanner instance to forward, to more than one > email address, > for example, if a spam is detected forxyz at domain.com then forward to > spam at domain.com, > if a spam is detected forabc at otherdomain.pe, then forward to > spam at otherdomain.pe Does this cover it? http://www.mailscanner.info/MailScanner.conf.index.html#Spam%20Actions "forward" keywords ================== In an email address specified in the "forward" action, several keywords can be used which will be substituted with various properties of the message: _FROMUSER_ The left-hand side of the address of the sender. _FROMDOMAIN_ The right-hand side of the address of the sender. _TOUSER_ The left-hand side of each of the recipients in turn. _TODOMAIN_ The right-hand side of each of the recipients in turn. _DATE_ The date the message was received by MailScanner. _HOUR_ The hour the message was received by MailScanner. This means that you can forward messages to email addresses which show the original recipients of the message, which could be very useful when delivering into spam archive management systems. So you could set up a ruleset... ...shout back if you want more help. -- Paul Littlefield Telephone: 07801 125705 Facsimile: 08719 896021 Email: info at paully.co.uk Web: www.paully.co.uk Skype: paul_littlefield Twitter: paullittlefield Wiki: http://wiki.indie-it.com/index.php?title=Special:AllPages Blog: http://www.littlefield.info Paul Littlefield is environmentally responsible. Please consider the environment before printing this email. This email and any attachment is intended for the named addressee only, or person authorised to receive it on their behalf. The content should be treated as confidential and the recipient may not disclose this message or any attachment to anyone else without authorisation. If this transmission is received in error please notify the sender immediately and delete this message from your email system. All electronic transmissions to and from me are recorded and may be monitored. Finally, the recipient should check this email and any attachments for viruses. Paul Littlefield accepts no liability for any damage caused by any virus transmitted by this email. From mailscanner at joolee.nl Wed Sep 5 10:14:23 2012 From: mailscanner at joolee.nl (Joolee) Date: Wed, 5 Sep 2012 11:14:23 +0200 Subject: Forward to multiple email address In-Reply-To: <50470911.1060209@nettix.com.pe> References: <50470911.1060209@nettix.com.pe> Message-ID: http://www.mailscanner.info/MailScanner.conf.index.html#Archive%20Mail Use a ruleset, than you can do exactly what you want. If you want E-mail for a single domain or user (depends on what you enter in your ruleset file) to be forwarded to multiple E-mail addresses, find the 'mailinglist' or 'mailing group' documentation for your MTA. On 5 September 2012 10:10, Martin Garcia wrote: > Hey there, > > I would like to have a MailScanner instance to forward, to more than one > email address, > for example, if a spam is detected for xyz at domain.com then forward to > spam at domain.com, > if a spam is detected for abc at otherdomain.pe, then forward to > spam at otherdomain.pe > > I was reading the documentation, and it says it forwards only to one > email address, > let me know if you have some tricks for it please, > > Thanks in advance, > > -- > Cualquier duda o consulta estoy a su disposicion. > > Atentamente / Sincerely > > > MARTIN GARCIA > Consultor Linux y redes > Nettix Peru EIRL > telf: +(511)9-9735-4848 > > mailto:mgarcia at nettix.com.pe > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120905/5cd099a1/attachment.html From kens at kensnet.org Wed Sep 5 18:58:53 2012 From: kens at kensnet.org (Ken Smith) Date: Wed, 05 Sep 2012 18:58:53 +0100 Subject: Messages appearing to be lost Message-ID: <504792DD.5050500@kensnet.org> Hi All, Just joined the list but have been using MailScanner since late 2006 in soho applications. In one of these installations there are comments about messages not getting delivered. Logwatch for the machine says things like this:- MailScanner Status: 232 messages Scanned by MailScanner 23.3 Total MB 118 Spam messages detected by MailScanner 2 hits from MailScanner SpamAssassin cache 14 Content Problems found by MailScanner 165 Messages delivered by MailScanner The environment is Centos 5 and MailScanner-4.84.5-2 Whereas the others have Logwatch statuses (stati?) like this one, that is also Centos but MailScanner 4.75.11-1 MailScanner Status: 2659 messages Scanned by MailScanner 113.8 Total MB 1649 Spam messages detected by MailScanner 18 hits from MailScanner SpamAssassin cache 291 Content Problems found by MailScanner 2659 Messages delivered by MailScanner The general content of "grep MailScanner /var/log/maillog" is similar in the two machine. Is there something specific that I should be looking for to help trace this? Many thanks Ken -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Wed Sep 5 19:35:06 2012 From: ssilva at sgvwater.com (Scott Silva) Date: Wed, 05 Sep 2012 11:35:06 -0700 Subject: Messages appearing to be lost In-Reply-To: <504792DD.5050500@kensnet.org> References: <504792DD.5050500@kensnet.org> Message-ID: on 9/5/2012 10:58 AM Ken Smith spake the following: > Hi All, > > Just joined the list but have been using MailScanner since late 2006 in > soho applications. In one of these installations there are comments > about messages not getting delivered. > > Logwatch for the machine says things like this:- > > MailScanner Status: > 232 messages Scanned by MailScanner > 23.3 Total MB > 118 Spam messages detected by MailScanner > 2 hits from MailScanner SpamAssassin cache > 14 Content Problems found by MailScanner > 165 Messages delivered by MailScanner > > > The environment is Centos 5 and MailScanner-4.84.5-2 > > Whereas the others have Logwatch statuses (stati?) like this one, that > is also Centos but MailScanner 4.75.11-1 > > MailScanner Status: > 2659 messages Scanned by MailScanner > 113.8 Total MB > 1649 Spam messages detected by MailScanner > 18 hits from MailScanner SpamAssassin cache > 291 Content Problems found by MailScanner > 2659 Messages delivered by MailScanner > > The general content of "grep MailScanner /var/log/maillog" is similar > in the two machine. Is there something specific that I should be looking > for to help trace this? > > Many thanks > > Ken > > I will assume that the first is set to delete certain problem messages, while the second is set to tag and deliver everything... One of my systems reports as follows... MailScanner Status: 392 messages Scanned by MailScanner 48.3 Total MB 16 Spam messages detected by MailScanner 1 Spam messages with action(s) attachment,store,deliver,header 15 Spam messages with action(s) store 6 hits from MailScanner SpamAssassin cache 100 Content Problems found by MailScanner 377 Messages delivered by MailScanner 392 Messages logged to MailWatch database Mine shows that they were stored and not delivered. Maybe your mailscanner code in logwatch needs some more work? I can send you what I have if you want. From kens at kensnet.org Wed Sep 5 22:49:19 2012 From: kens at kensnet.org (Ken Smith) Date: Wed, 05 Sep 2012 22:49:19 +0100 Subject: Messages appearing to be lost In-Reply-To: References: <504792DD.5050500@kensnet.org> Message-ID: <5047C8DF.1000003@kensnet.org> Scott Silva wrote: > on 9/5/2012 10:58 AM Ken Smith spake the following: > >> {snip} >> >> The general content of "grep MailScanner /var/log/maillog" is similar >> in the two machine. Is there something specific that I should be looking >> for to help trace this? >> >> Many thanks >> >> Ken >> >> >> > I will assume that the first is set to delete certain problem messages, while > the second is set to tag and deliver everything... One of my systems reports > as follows... > > {snip} > Mine shows that they were stored and not delivered. Maybe your mailscanner > code in logwatch needs some more work? > > I can send you what I have if you want. > Now that I have checked, the anomalous one is storing high spam whereas the other is set to deliver it. Sorry to waste your time I should have checked that. The Logwatch settings are stock. Thanks Ken > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From cdekievit at gmail.com Thu Sep 6 05:24:08 2012 From: cdekievit at gmail.com (Christian De Kievit) Date: Thu, 6 Sep 2012 14:24:08 +1000 Subject: Issue with MailScanner version 4.84.5 on Ubuntu Message-ID: Hi, I've upgraded my version of MailScanner to test it out, but I'm having an issue with it processing spam messages. Consistently, any spam message will cause MailScanner to crash, meaning that I get error messages like the following mail.log Sep 6 14:15:51 skynet MailScanner[1397]: SpamAssassin cache hit for message 083CA60C95.AF127 Sep 6 14:15:51 skynet MailScanner[1397]: Spam Checks: Found 1 spam messages Sep 6 14:15:51 skynet MailScanner[1531]: MailScanner E-Mail Virus Scanner version 4.84.5 starting... Testing a spam message using MailScanner --debug gives the following output: In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 1 message. Insecure dependency in open while running with -T switch at /usr/lib/perl/5.12/IO/File.pm line 63. Any ideas on this one? Thanks, -- Christian De Kievit -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120906/642cde59/attachment.html From m.a.young at durham.ac.uk Fri Sep 7 12:33:05 2012 From: m.a.young at durham.ac.uk (M A Young) Date: Fri, 7 Sep 2012 12:33:05 +0100 (BST) Subject: Bug in baruwa mailscanner Message-ID: I am starting to use Baruwa's mailscanner package mailscanner-4.84.5-2.el6.noarch and I just noticed that spam viruses weren't being reflected in the spam assassin score (I was expecting an entry MS_FOUND_SPAMVIRUS 3.00 which wasn't there). The problem is that the package provides a symbolic link /etc/mail/spamassassin/spam.assassin.prefs.conf -> ../../MailScanner/spam.assassin.prefs.conf to get spamassassin to include the mailscanner specific configuration options. However this doesn't work as spamassassin only processes files ending in .pre or .cf so it is ignored, meaning that some options are omitted including the handling of the spam virus score. Traditional mailscanner had the link /etc/mail/spamassassin/mailscanner.cf -> /etc/MailScanner/spam.assassin.prefs.conf which does work. What is the best way to report this bug (assuming posting to this list isn't sufficient)? Michael Young From stephencoxmail at gmail.com Fri Sep 7 13:21:09 2012 From: stephencoxmail at gmail.com (Stephen Cox) Date: Fri, 7 Sep 2012 14:21:09 +0200 Subject: Bug in baruwa mailscanner In-Reply-To: References: Message-ID: On Fri, Sep 7, 2012 at 1:33 PM, M A Young wrote: > What is the best way to report this bug (assuming posting to this list > isn't sufficient)? > https://github.com/MailScanner/MailScanner/issues -- Stephen Cox -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120907/9b959b5a/attachment.html From jaearick at colby.edu Fri Sep 7 13:28:43 2012 From: jaearick at colby.edu (Jeff Earickson) Date: Fri, 7 Sep 2012 08:28:43 -0400 Subject: cdn.mailscanner.info flaked out? Message-ID: Gang, The services for ScamNailer and update_bad_phishing_sites seems to have an issue: Unable to retrieve http://cdn.mailscanner.info/.2012-365 :404 Not Found Failed to retrieve http://cdn.mailscanner.info/2012-365.1 at and Unable to retrieve http://cdn.mailscanner.info/emails..2012-365 :404 Not Found Unable to open base file (/var/cache/ScamNailer/cache//2012-365) Can somebody give it a kick in the shins please? Jeff Earickson Colby College From jhon.higgins at gmail.com Fri Sep 7 13:33:56 2012 From: jhon.higgins at gmail.com (Paul Ronald) Date: Fri, 7 Sep 2012 14:33:56 +0200 Subject: Error TNEF with MailScanner version 4.84.3 Message-ID: Hello, yesterday i get this error in my servers with postfix + MailScanner 4.84.3: Sep 6 14:04:10 server1 MailScanner[4548]: Expanding TNEF archive at /var/spool/MailScanner/incoming/4548/9C8DEC06E3.A1766/winmail.dat Sep 6 14:04:10 server1 MailScanner[4548]: Trying to unpack nwinmail.dat in message 9C8DEC06E3.A1766, could not create subdirectory 9C8DEC06E3.A1766//tnefmNPiVZ, failed to unpack TNEF message Sep 6 14:04:10 server1 MailScanner[4548]: Corrupt TNEF winmail.dat that cannot be analysed in message 9C8DEC06E3.A1766 somebody speak of a BUG in this version but i don not known where is the patch. Thak you -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120907/14146c43/attachment.html From andrew at topdog.za.net Fri Sep 7 14:43:04 2012 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Fri, 7 Sep 2012 15:43:04 +0200 Subject: Bug in baruwa mailscanner In-Reply-To: References: Message-ID: On 07 Sep 2012, at 1:33 PM, M A Young wrote: > What is the best way to report this bug (assuming posting to this list > isn't sufficient)? Post baruwa rpm specific issues (like this one) to the baruwa mailing list[1] MailScanner issues to the github issue tracking system[2] [1] http://lists.baruwa.org/ [2] https://github.com/MailScanner/MailScanner/issues -- www.baruwa.org From ravenpi at gmail.com Fri Sep 7 14:51:08 2012 From: ravenpi at gmail.com (Ken) Date: Fri, 7 Sep 2012 09:51:08 -0400 Subject: Infinite loop. Message-ID: Hi, all. I recently "upgraded" my Ubuntu server to Precise, and lo! Wasn't I surprised when I realized there was no MailScanner any more. I tried following the directions on the MailScanner site for doing an install from Debian sources, but that appears to be outdated and no longer valid. So I installed from source, and created a link from my old /etc/MailScanner directory to /opt/MailScanner/etc. And it *almost* works. But it doesn't. I get this: Sep 7 09:06:37 beacon MailScanner[480]: MailScanner E-Mail Virus Scanner version 4.84.5 starting... Sep 7 09:06:37 beacon MailScanner[480]: Could not read Custom Functions directory /etc/MailScanner/CustomFunctions Sep 7 09:06:37 beacon MailScanner[480]: Reading configuration file /opt/MailScanner/etc/MailScanner.conf Sep 7 09:06:37 beacon MailScanner[480]: Read 817 hostnames from the phishing whitelist Sep 7 09:06:38 beacon MailScanner[480]: Read 5141 hostnames from the phishing blacklists Sep 7 09:06:39 beacon MailScanner[480]: Using SpamAssassin results cache Sep 7 09:06:39 beacon MailScanner[480]: Connected to SpamAssassin cache database Sep 7 09:06:39 beacon MailScanner[480]: Enabling SpamAssassin auto-whitelist functionality... Sep 7 09:06:43 beacon MailScanner: waiting for children to die: Process did not exit cleanly, returned 255 with signal 0 Rinse and repeat. Eventually, my mail *does* seem to have made it through, except that I'm no longer filtering for spam: X--MailScanner-SpamCheck: notspam, spamassassin (sadisabled) Which is almost worse than not getting any at all. (One of my e-mail addresses has been around for a l-o-n-g time, and is probably on every damn spam list there is.) Suggestions on how to enable more debugging (Google came up surprisingly empty), or other things to look at/tweak? Thanks, -Ken -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120907/ddfe12ca/attachment.html From andrew at topdog.za.net Fri Sep 7 15:23:58 2012 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Fri, 7 Sep 2012 16:23:58 +0200 Subject: Infinite loop. In-Reply-To: References: Message-ID: <85FB1BB5-0C57-404D-B3FA-4EC44E30D048@topdog.za.net> On 07 Sep 2012, at 3:51 PM, Ken wrote: > Hi, all. I recently "upgraded" my Ubuntu server to Precise, and lo! Wasn't I surprised when I realized there was no MailScanner any more. I tried following the directions on the MailScanner site for doing an install from Debian sources, but that appears to be outdated and no longer valid. Have you tried the mailscanner precise packages from the Baruwa repo[1], they may save you some time an maintenance hustle. [1] http://apt.baruwa.org -- www.baruwa.org From ravenpi at gmail.com Fri Sep 7 17:13:32 2012 From: ravenpi at gmail.com (Ken) Date: Fri, 7 Sep 2012 12:13:32 -0400 Subject: Infinite loop. In-Reply-To: References: Message-ID: Well! I installed Baruwa -- don't even really know what it does, but it gave me a functioning package for MailScanner, so that was a plus. A minus, however, was the fact that MailScanner was pegging the CPU at 100%. A strace turned up this: write(2, "Use of uninitialized value $fam_listen in numeric ne (!=) at /usr/share/perl5/IO/Socket/INET6.pm line 182.\n", 107) = 107 Googling showed that others had had this issue with Spam Assassin and/or Amavis, and had fixed it by disabling IPV6. Unfortunately, that appeared not to work in this case. So I did A Bad Thing that will no doubt come and bite me some day. In /usr/share/perl5/IO/Socket/INET6.pm, I tweaked as follows: # next if $fam_listen != $family; next (My reasoning being that if it's undefined, it's also inequal, so just go and do it.) And lo! My mail, she now gets checked. However, I have a couple of issues with this: - This is a crazy bad thing to do on a package-managed system. (Thoughts of "chattr +i /usr/share/perl5/IO/Socket/INET6.pm" float through my head...) - What if I wanted to use IPv6... which I do? - Have I broken anything that's not IPv6 by ignoring that one line in NET6.pm? If anyone's got any ideas or insights they'd like to share, I'm all ears. Thanks, -Ken On Fri, Sep 7, 2012 at 9:51 AM, Ken wrote: > Hi, all. I recently "upgraded" my Ubuntu server to Precise, and lo! > Wasn't I surprised when I realized there was no MailScanner any more. I > tried following the directions on the MailScanner site for doing an install > from Debian sources, but that appears to be outdated and no longer valid. > So I installed from source, and created a link from my old > /etc/MailScanner directory to /opt/MailScanner/etc. And it *almost* works. > But it doesn't. I get this: > > Sep 7 09:06:37 beacon MailScanner[480]: MailScanner E-Mail Virus Scanner > version 4.84.5 starting... > Sep 7 09:06:37 beacon MailScanner[480]: Could not read Custom Functions > directory /etc/MailScanner/CustomFunctions > Sep 7 09:06:37 beacon MailScanner[480]: Reading configuration file > /opt/MailScanner/etc/MailScanner.conf > Sep 7 09:06:37 beacon MailScanner[480]: Read 817 hostnames from the > phishing whitelist > Sep 7 09:06:38 beacon MailScanner[480]: Read 5141 hostnames from the > phishing blacklists > Sep 7 09:06:39 beacon MailScanner[480]: Using SpamAssassin results cache > Sep 7 09:06:39 beacon MailScanner[480]: Connected to SpamAssassin cache > database > Sep 7 09:06:39 beacon MailScanner[480]: Enabling SpamAssassin > auto-whitelist functionality... > Sep 7 09:06:43 beacon MailScanner: waiting for children to die: Process > did not exit cleanly, returned 255 with signal 0 > > Rinse and repeat. > > Eventually, my mail *does* seem to have made it through, except that I'm > no longer filtering for spam: > X--MailScanner-SpamCheck: notspam, spamassassin (sadisabled) > > Which is almost worse than not getting any at all. (One of my e-mail > addresses has been around for a l-o-n-g time, and is probably on every damn > spam list there is.) > > Suggestions on how to enable more debugging (Google came up surprisingly > empty), or other things to look at/tweak? > > Thanks, > > -Ken > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120907/63dd04f9/attachment.html From dhe at cise.ufl.edu Tue Sep 11 16:01:30 2012 From: dhe at cise.ufl.edu (Dan H. Eicher) Date: Tue, 11 Sep 2012 11:01:30 -0400 Subject: ScamNailer False Positives Message-ID: <504F524A.8060208@cise.ufl.edu> I'm in the process of transitioning from: Solaris+amavisd+postfix+dovecot+procmail -to- Redhat 6.3+MailScanner+postfix+dovecot+procmail I thought I would try here, as sanesecurity points me to: scamnailer at ecs.soton.ac.uk - Julian Field for issues with Scamnailer. Almost all the emails I get from UFL's helpdesk are marked as: ?ScamNailer.Phish.helpdesk_AT_ufl.edu.UNOFFICIAL? and quarantined. I've been monitoring this situation and have been hand releasing the trapped emails with: ?amavisd-release file address.? What is the correct thing for a mail admin to ?do?, to get scamnailer to work ?more better?? Thanks, Dan From maxsec at gmail.com Tue Sep 11 20:26:14 2012 From: maxsec at gmail.com (Martin Hepworth) Date: Tue, 11 Sep 2012 20:26:14 +0100 Subject: ScamNailer False Positives In-Reply-To: <504F524A.8060208@cise.ufl.edu> References: <504F524A.8060208@cise.ufl.edu> Message-ID: Well amavisd is nothing to do with mailscanner or scamnailer. Id check the emails for incorrect urls , in the mean time you can add them to the phishing whitelist on your box Martin On Tuesday, 11 September 2012, Dan H. Eicher wrote: > I'm in the process of transitioning from: > Solaris+amavisd+postfix+dovecot+procmail -to- > Redhat 6.3+MailScanner+postfix+dovecot+procmail > > I thought I would try here, as sanesecurity points me to: > scamnailer at ecs.soton.ac.uk - Julian Field for issues with > Scamnailer. > > Almost all the emails I get from UFL's helpdesk are marked as: > ?ScamNailer.Phish.helpdesk_AT_ufl.edu.UNOFFICIAL? and quarantined. > > I've been monitoring this situation and have been hand releasing the > trapped emails with: > ?amavisd-release file address.? > > What is the correct thing for a mail admin to ?do?, to get scamnailer to > work ?more better?? > > Thanks, > Dan > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120911/586e555a/attachment.html From m.a.young at durham.ac.uk Wed Sep 12 11:19:09 2012 From: m.a.young at durham.ac.uk (M A Young) Date: Wed, 12 Sep 2012 11:19:09 +0100 (BST) Subject: ScamNailer False Positives In-Reply-To: <504F524A.8060208@cise.ufl.edu> References: <504F524A.8060208@cise.ufl.edu> Message-ID: On Tue, 11 Sep 2012, Dan H. Eicher wrote: > I'm in the process of transitioning from: > Solaris+amavisd+postfix+dovecot+procmail -to- > Redhat 6.3+MailScanner+postfix+dovecot+procmail > > I thought I would try here, as sanesecurity points me to: > scamnailer at ecs.soton.ac.uk - Julian Field for issues with Scamnailer. > > Almost all the emails I get from UFL's helpdesk are marked as: > ?ScamNailer.Phish.helpdesk_AT_ufl.edu.UNOFFICIAL? and quarantined. You need to work out what ScamNailer is objecting to, also whether the scamnailer version and the data you are working from is up to date. If an address is listed incorrectly, I believe the scamnailer data originates from http://code.google.com/p/anti-phishing-email-reply/ so you could look there to get false positives and no-longer-positives removed (Help Desk addresses can be used in spam so it might have been listed legitimately). Michael Young From steveb_clamav at sanesecurity.com Wed Sep 12 13:25:05 2012 From: steveb_clamav at sanesecurity.com (Steve Basford) Date: Wed, 12 Sep 2012 13:25:05 +0100 Subject: ScamNailer False Positives In-Reply-To: References: <504F524A.8060208@cise.ufl.edu> Message-ID: <0f610da52af51578cf283767a7ac8303.squirrel@sanesecurity.com> > On Tue, 11 Sep 2012, Dan H. Eicher wrote: > >> Almost all the emails I get from UFL's helpdesk are marked as: >> ?ScamNailer.Phish.helpdesk_AT_ufl.edu.UNOFFICIAL? and quarantined. > If an address is listed incorrectly, I believe the scamnailer data > originates from http://code.google.com/p/anti-phishing-email-reply/ so you > could look there to get false positives and no-longer-positives removed > (Help Desk addresses can be used in spam so it might have been listed > legitimately). I've also whitelisted the sig on the Sanesecurity mirrors, so if you normally grab the scamnailer.ndb file from the Sanesecurity mirrors (instead of directly) - the sig will be gone. ie: http://sanesecurity.co.uk/databases.htm But the better solution is to contact anti-phishing-email-reply-discuss AT googlegroups DOT com and ask for a removal. Cheers, Steve Sanesecurity From MailScanner at ecs.soton.ac.uk Wed Sep 12 13:43:40 2012 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed, 12 Sep 2012 13:43:40 +0100 Subject: ScamNailer False Positives In-Reply-To: References: <504F524A.8060208@cise.ufl.edu> <5050837C.6000705@ecs.soton.ac.uk> Message-ID: On 12/09/2012 11:19, M A Young wrote: > On Tue, 11 Sep 2012, Dan H. Eicher wrote: > >> I'm in the process of transitioning from: >> Solaris+amavisd+postfix+dovecot+procmail -to- >> Redhat 6.3+MailScanner+postfix+dovecot+procmail >> >> I thought I would try here, as sanesecurity points me to: >> scamnailer at ecs.soton.ac.uk - Julian Field for issues with Scamnailer. >> >> Almost all the emails I get from UFL's helpdesk are marked as: >> ?ScamNailer.Phish.helpdesk_AT_ufl.edu.UNOFFICIAL? and quarantined. > > You need to work out what ScamNailer is objecting to, also whether the > scamnailer version and the data you are working from is up to date. > > If an address is listed incorrectly, I believe the scamnailer data > originates from http://code.google.com/p/anti-phishing-email-reply/ so > you could look there to get false positives and no-longer-positives > removed (Help Desk addresses can be used in spam so it might have been > listed legitimately). Only a bit of the ScamNailer data comes from there. Most of it is derived elsewhere entirely. If you hit false positives, please report them to scamnailer at ecs.soton.ac.uk. Thanks! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM 'Teach a man to reason, and he will think for a lifetime.' - Phil Plait 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Sep 12 13:44:39 2012 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed, 12 Sep 2012 13:44:39 +0100 Subject: cdn.mailscanner.info flaked out? In-Reply-To: References: <505083B7.20304@ecs.soton.ac.uk> Message-ID: We had a whole string of power failures last week when I was on holiday, should be all back now. We can't afford big enough UPSes for the quality of our power feed. :-( Jules. On 07/09/2012 13:28, Jeff Earickson wrote: > Gang, > > The services for ScamNailer and update_bad_phishing_sites seems to > have an issue: > > Unable to retrieve http://cdn.mailscanner.info/.2012-365 :404 Not Found > Failed to retrieve http://cdn.mailscanner.info/2012-365.1 at > > and > > Unable to retrieve http://cdn.mailscanner.info/emails..2012-365 :404 Not Found > Unable to open base file (/var/cache/ScamNailer/cache//2012-365) > > Can somebody give it a kick in the shins please? > > Jeff Earickson > Colby College > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > Need help customising MailScanner? Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM > > 'Teach a man to reason, and he will think for a lifetime.' - Phil Plait > 'All programs have a desire to be useful' - Tron, 1982 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From brian.duncan at kattenlaw.com Fri Sep 14 20:28:36 2012 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Fri, 14 Sep 2012 19:28:36 +0000 Subject: MailScanner: Could not analyze message Message-ID: <946070139734074AA288505D2AD1D4CD037B1510@CHI-US-MAIL-1B.us.kmz.com> Can anyone help me out with a problem we have just started having people report? We don't use Mailscanner to scan for viruses, or for dangerous email, at least I did not think we were. We DO use the Spam features with Spam Assassin though through MailScanner. My versions are: mailscanner-4.83.5-1 spamassassin-3.3.1-3 My key settings that I believe might influence this that are from the main conf: Maximum processing Attempts = 0 Expand TNEF = no Use TNEF Contents = no Deliver Unparsable TNEF = yes Find UU-Encoded Files = no Maximum Message Size = 0 Maximum Attachment Size = -1 Minimum Attachment Size = 1 Maximum Archive Depth = 0 Finding Archives By Content = no Unpack Microsoft Documents = no Zip Attachments = no Add Text Of Doc = no Unzip Maximum Files Per Archive = 0 Virus Scanning = no Virus Scanners = none Still Deliver Silent Viruses = yes Block Encrypted Messages = no Block Unencrypted Messages = no Allow Password-Protected Archives = yes Check Filenames In Password-Protected Archives = no Dangerous Content Scanning = no Allow Partial Messages = yes Allow External Message Bodies = yes Find Phishing Fraud = no Allow IFrame Tags = disarm Allow Form Tags = disarm Allow Script Tags = disarm Allow WebBugs = disarm Allow Object Codebase Tags = disarm Convert Dangerous HTML To Text = no Convert HTML To Text = no I have recently begun having users complain that they are receiving messages from our Mailscanner system like this: From: xxxxx [xxxx at xxxx.com] Sent: Friday, September 14, 2012 3:31 AM To: Smith, John Subject: Online Content - September 2012 This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------------------- The original e-mail message contained potentially dangerous content, which has been removed for your safety. The content is dangerous as it is often used to spread viruses or to gain personal or confidential information from you, such as passwords or credit card numbers. Due to limitations placed on us by the Regulation of Investigatory Powers Act 2000, we were unable to keep a copy of the original attachment. The content filters found this: MailScanner: Could not analyze message -- Postmaster Katten Muchin Rosenman LLP www.kattenlaw.com All the logs show for the above message is: Sep 14 05:30:44 venus MailScanner[16268]: Cleaned: Delivered 1 cleaned messages Based on my settings in my mailscanner.conf file, I thought I had everything set to NOT have try to analyze messages for anything but Spam. I have narrowed it down to one host that this is happening with, but since I don't have a copy of any of these emails that cause this I have nothing to go on. Was more curious now if anyone know why this might trigger if I have everything turned off accept Spam scanning. This sender is a mailing list, that sends out mailing I believe for many organizations. So there are days when I have a couple hundred of these to many different people here. Thanks! BRIAN M. DUNCAN Data Security Administrator Katten Muchin Rosenman LLP 525 W. Monroe Street / Chicago, IL 60661-3693 p / (312) 577-8045 f / (312) 577-4490 brian.duncan at kattenlaw.com / www.kattenlaw.com =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120914/7d3f2ba1/attachment.html From maxsec at gmail.com Sat Sep 15 08:34:11 2012 From: maxsec at gmail.com (Martin Hepworth) Date: Sat, 15 Sep 2012 08:34:11 +0100 Subject: MailScanner: Could not analyze message In-Reply-To: <946070139734074AA288505D2AD1D4CD037B1510@CHI-US-MAIL-1B.us.kmz.com> References: <946070139734074AA288505D2AD1D4CD037B1510@CHI-US-MAIL-1B.us.kmz.com> Message-ID: Check the logs for any clues, but it could be sone sort of odd reaction from file on the content types. Anything in the header either post processing Ideally you need to get a sample message and run this in mailscanners debug mode On Friday, 14 September 2012, Duncan, Brian M. wrote > Can anyone help me out with a problem we have just started having people > report?**** > > ** ** > > We don?t use Mailscanner to scan for viruses, or for dangerous email, at > least I did not think we were. We DO use the Spam features with Spam > Assassin though through MailScanner.**** > > ** ** > > My versions are:**** > > ** ** > > mailscanner-4.83.5-1**** > > spamassassin-3.3.1-3**** > > ** ** > > ** ** > > My key settings that I believe might influence this that are from the > main conf:**** > > ** ** > > Maximum processing Attempts = 0**** > > Expand TNEF = no**** > > Use TNEF Contents = no**** > > Deliver Unparsable TNEF = yes**** > > Find UU-Encoded Files = no**** > > Maximum Message Size = 0**** > > Maximum Attachment Size = -1**** > > Minimum Attachment Size = 1**** > > Maximum Archive Depth = 0**** > > Finding Archives By Content = no**** > > Unpack Microsoft Documents = no**** > > Zip Attachments = no**** > > Add Text Of Doc = no**** > > Unzip Maximum Files Per Archive = 0**** > > Virus Scanning = no**** > > Virus Scanners = none**** > > Still Deliver Silent Viruses = yes**** > > Block Encrypted Messages = no**** > > Block Unencrypted Messages = no**** > > Allow Password-Protected Archives = yes**** > > Check Filenames In Password-Protected Archives = no**** > > Dangerous Content Scanning = no**** > > Allow Partial Messages = yes**** > > Allow External Message Bodies = yes**** > > Find Phishing Fraud = no**** > > Allow IFrame Tags = disarm**** > > Allow Form Tags = disarm**** > > Allow Script Tags = disarm**** > > Allow WebBugs = disarm**** > > Allow Object Codebase Tags = disarm**** > > Convert Dangerous HTML To Text = no**** > > Convert HTML To Text = no**** > > ** ** > > I have recently begun having users complain that they are receiving > messages from our Mailscanner system like this:**** > > ** ** > > From: xxxxx [xxxx at xxxx.com ] > Sent: Friday, September 14, 2012 3:31 AM > To: Smith, John > Subject: Online Content - September 2012 > > This is a message from the MailScanner E-Mail Virus Protection Service > ---------------------------------------------------------------------- > The original e-mail message contained potentially dangerous content, which > has been removed for your safety. > The content is dangerous as it is often used to spread viruses or to gain > personal or confidential information from you, such as passwords or credit > card numbers. > Due to limitations placed on us by the Regulation of Investigatory Powers > Act 2000, we were unable to keep a copy of the original attachment. > The content filters found this: > MailScanner: Could not analyze message > > -- > Postmaster > Katten Muchin Rosenman LLP > www.kattenlaw.com**** > > ** ** > > All the logs show for the above message is: Sep 14 05:30:44 venus > MailScanner[16268]: Cleaned: Delivered 1 cleaned messages**** > > ** ** > > Based on my settings in my mailscanner.conf file, I thought I had > everything set to NOT have try to analyze messages for anything but Spam.* > *** > > ** ** > > I have narrowed it down to one host that this is happening with, but since > I don?t have a copy of any of these emails that cause this I have nothing > to go on. **** > > ** ** > > Was more curious now if anyone know why this might trigger if I have > everything turned off accept Spam scanning. **** > > ** ** > > This sender is a mailing list, that sends out mailing I believe for many > organizations. So there are days when I have a couple hundred of these to > many different people here.**** > > ** ** > > Thanks!**** > > ** ** > > ** ** > > ** ** > > ** ** > > BRIAN M. DUNCAN > Data Security Administrator > Katten Muchin Rosenman LLP > 525 W. Monroe Street / Chicago, IL 60661-3693 > p / (312) 577-8045 f / (312) 577-4490 > brian.duncan at kattenlaw.com 'brian.duncan at kattenlaw.com');> / www.kattenlaw.com > **** > > ** ** > > =========================================================== > CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue > Service, any tax advice contained herein is not intended or written to be used and cannot be used > by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. > =========================================================== > CONFIDENTIALITY NOTICE: > This electronic mail message and any attached files contain information intended for the exclusive > use of the individual or entity to whom it is addressed and may contain information that is > proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or > distribution of this information may be subject to legal restriction or sanction. Please notify > the sender, by electronic mail or telephone, of any unintended recipients and delete the original > message without making any copies. > =========================================================== > NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has > elected to be governed by the Illinois Uniform Partnership Act (1997). > =========================================================== > > -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120915/ee1a6f9a/attachment.html From maxsec at gmail.com Sat Sep 15 18:39:36 2012 From: maxsec at gmail.com (Martin Hepworth) Date: Sat, 15 Sep 2012 18:39:36 +0100 Subject: Fwd: FYI: "End of an Era" - RFC-Ignorant.org is scheduling its own demise. In-Reply-To: <5054B47D.6050508@gmail.com> References: <5054B47D.6050508@gmail.com> Message-ID: Fyi ---------- Forwarded message ---------- From: *Axb* Date: Saturday, 15 September 2012 Subject: FYI: "End of an Era" - RFC-Ignorant.org is scheduling its own demise. To: users at spamassassin.apache.org See: http://rfc-ignorant.org/**endofanera.php All reference to rfc-ignorant.org will be removed from SA within 48hrs. Changes should show up within next couple of sa-updates If you're using rfc-ignorant.org in meta rules, please remove them to prevent lint/sa-update errors. Axb PS: Thanks to Atro Tossavainen for the heads up! -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120915/7b6d03ad/attachment.html From micoots at yahoo.com Sun Sep 16 03:10:19 2012 From: micoots at yahoo.com (Michael Mansour) Date: Sat, 15 Sep 2012 19:10:19 -0700 (PDT) Subject: Error TNEF with MailScanner version 4.84.3 In-Reply-To: References: Message-ID: <1347761419.85360.YahooMailNeo@web161903.mail.bf1.yahoo.com> I'm using 4.84.5-2 and encountered this problem when using the external TNEF expander (option "TNEF Expander"). The quick fix is to change it to: TNEF Expander = internal It may be that an external TNEF expander may support many more formats than the perl-based one, but after the change a couple of weeks ago I haven't seen any more required to be supported so it's of little concern. Regards, Michael. ________________________________ From: Paul Ronald To: mailscanner at lists.mailscanner.info Sent: Friday, 7 September 2012 10:33 PM Subject: Error TNEF with MailScanner version 4.84.3 Hello, yesterday i get this error in my servers with postfix + MailScanner 4.84.3: Sep? 6 14:04:10 server1 MailScanner[4548]: Expanding TNEF archive at /var/spool/MailScanner/incoming/4548/9C8DEC06E3.A1766/winmail.dat Sep? 6 14:04:10 server1 MailScanner[4548]: Trying to unpack nwinmail.dat in message 9C8DEC06E3.A1766, could not create subdirectory 9C8DEC06E3.A1766//tnefmNPiVZ, failed to unpack TNEF message Sep? 6 14:04:10 server1 MailScanner[4548]: Corrupt TNEF winmail.dat that cannot be analysed in message 9C8DEC06E3.A1766 somebody speak of a BUG in this version but i don not known where is the patch. Thak you -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120915/918e000e/attachment.html From dave at KD0YU.COM Sun Sep 16 14:25:32 2012 From: dave at KD0YU.COM (Dave Helton) Date: Sun, 16 Sep 2012 08:25:32 -0500 Subject: corporate spam Message-ID: <77F23E6E4DE9084BA33755BA403E53FCF00AAB215E@S8.KD0YU.COM> Lately I've been seeing a lot of spam out some IP's in the Netherlands, advertising Overstock, ADT, some ink vendors and a whole bunch of other crap. The messages average around 190k per email, and some are pushing over 250k. Not your small time spammer anymore. I set the "Max Spam Check Size" to 500k and added the following rule to my local.cf uri KD0YU_GOAWAY_26 /http\:\/\/.*\.us\/php\/off\/\d\d(\d)?\.\d\d\/(top|sub)\/.*/i describe KD0YU_GOAWAY_26 Overstock,ADT,or Ink, or whatever score KD0YU_GOAWAY_26 50 HTH's --Dave -- This message has been scanned for viruses and dangerous content by MailScanner at KD0YU.COM, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120916/bd3131d6/attachment.html From routerlinux at yahoo.es Sun Sep 16 15:41:27 2012 From: routerlinux at yahoo.es (Diego) Date: Sun, 16 Sep 2012 15:41:27 +0100 (BST) Subject: Mailscanner stuck in endless loop Message-ID: <1347806487.66902.YahooMailNeo@web132103.mail.ird.yahoo.com> USe Debian 6 and postfix and MailScanner Binary package hint: mailscanner Mailscanner is stuck in an endless loop; it scans the messages held in the postfix queue again and again and there are no "requeue" notices, like on a working server. In the mean time, server is incapable of processing mail, unless the scanner is disabled, and in my case, Postfix does not hold incoming messages. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120916/03d00738/attachment.html From roedie at roedie.nl Sun Sep 16 16:14:14 2012 From: roedie at roedie.nl (Sander Klein) Date: Sun, 16 Sep 2012 17:14:14 +0200 Subject: corporate spam In-Reply-To: <77F23E6E4DE9084BA33755BA403E53FCF00AAB215E@S8.KD0YU.COM> References: <77F23E6E4DE9084BA33755BA403E53FCF00AAB215E@S8.KD0YU.COM> Message-ID: Hi Dave, On 16.09.2012 15:25, Dave Helton wrote: > Lately I've been seeing a lot of spam out some IP's in the > Netherlands, advertising Overstock, ADT, I'm wondering if you could share some of the IP's (or the prefixes) with me. I'm just curious which providers they are from... Greets, Sander From maxsec at gmail.com Sun Sep 16 18:17:15 2012 From: maxsec at gmail.com (Martin Hepworth) Date: Sun, 16 Sep 2012 18:17:15 +0100 Subject: Mailscanner stuck in endless loop In-Reply-To: <1347806487.66902.YahooMailNeo@web132103.mail.ird.yahoo.com> References: <1347806487.66902.YahooMailNeo@web132103.mail.ird.yahoo.com> Message-ID: New install or something that was working Try running in debug mode for more info( see wiki for a how if youre not sure) Martin On Sunday, 16 September 2012, Diego wrote: > USe Debian 6 and postfix and MailScanner > > Binary package hint: mailscanner > Mailscanner is stuck in an endless loop; it scans the messages held in the > postfix queue again and again and there are no "requeue" notices, like on a > working server. In the mean time, server is incapable of processing mail, > unless the scanner is disabled, and in my case, Postfix does not hold > incoming messages. > > Thanks > -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120916/d0cd4790/attachment.html From dave at KD0YU.COM Sun Sep 16 20:41:58 2012 From: dave at KD0YU.COM (Dave Helton) Date: Sun, 16 Sep 2012 14:41:58 -0500 Subject: corporate spam In-Reply-To: References: <77F23E6E4DE9084BA33755BA403E53FCF00AAB215E@S8.KD0YU.COM> Message-ID: <77F23E6E4DE9084BA33755BA403E53FCF00AAB215F@S8.KD0YU.COM> 93.190.138.150, 93.190.138.148 (us CA spammer relaying thru a worldstream.nl acct) 109.236.88.129 (unbelievable... same guy) 217.23.6.218,217.23.6.236,217.23.6.238 (I'm sensing a pattern here) All above IP's resolved to this guy. Registrant ID: C370BF7D41DBD03F Registrant Name: Chris Michaels Registrant Organization: Viral Marketing LLC Registrant Address1: PO Box 1152 Registrant City: La Habra Registrant State/Province: CA Registrant Postal Code: 90633-1152 Registrant Country: United States Registrant Country Code: US Registrant Phone Number: +1.7143330560 Registrant Email: chris at viral-media.net Sander... thanks for pushing my button on this one. 'Bout time I did some research on where this junk was coming from, I just assumed it was a botnet. My servers are probably not his only targets, the rule I posted earlier should work for a while but might need some tweaking. Feel free to forward anything relevant to me. --Dave, KD0YU > -----Original Message----- > From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner- > bounces at lists.mailscanner.info] On Behalf Of Sander Klein > Sent: Sunday, September 16, 2012 10:14 AM > To: mailscanner at lists.mailscanner.info > Subject: Re: corporate spam > > Hi Dave, > > On 16.09.2012 15:25, Dave Helton wrote: > > Lately I've been seeing a lot of spam out some IP's in the > > Netherlands, advertising Overstock, ADT, > > I'm wondering if you could share some of the IP's (or the prefixes) with me. > I'm just curious which providers they are from... > -- This message has been scanned for viruses and dangerous content by MailScanner at KD0YU.COM, and is believed to be clean. From routerlinux at yahoo.es Sun Sep 16 21:27:15 2012 From: routerlinux at yahoo.es (Diego) Date: Sun, 16 Sep 2012 21:27:15 +0100 (BST) Subject: Mailscanner stuck in endless loop In-Reply-To: References: <1347806487.66902.YahooMailNeo@web132103.mail.ird.yahoo.com> Message-ID: <1347827235.76976.YahooMailNeo@web132103.mail.ird.yahoo.com> root at mail:/var/spool/MailScanner# MailScanner -debug Configuration: Failed to find any configuration files like /etc/MailScanner/conf.d/*, skipping them. at /usr/share/MailScanner//MailScanner/Config.pm line 2020 In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Insecure dependency in open while running with -T switch at /usr/share/MailScanner//MailScanner/Lock.pm line 358. ________________________________ De: Martin Hepworth Para: MailScanner discussion Enviado: Domingo 16 de septiembre de 2012 12:17 Asunto: Re: Mailscanner stuck in endless loop New install or something that was working Try running in debug mode for more info( see wiki for a how if youre not sure) Martin On Sunday, 16 September 2012, Diego wrote: USe Debian 6 and postfix and MailScanner > > >Binary package hint: mailscanner >Mailscanner is stuck in an endless loop; it scans the messages held in the postfix queue again and again and there are no "requeue" notices, like on a working server. In the mean time, server is incapable of processing mail, unless the scanner is disabled, and in my case, Postfix does not hold incoming messages. > > >Thanks > -- -- Martin Hepworth, CISSP Oxford, UK -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120916/b0b6951a/attachment.html From routerlinux at yahoo.es Sun Sep 16 21:30:42 2012 From: routerlinux at yahoo.es (Diego) Date: Sun, 16 Sep 2012 21:30:42 +0100 (BST) Subject: Mailscanner stuck in endless loop In-Reply-To: References: <1347806487.66902.YahooMailNeo@web132103.mail.ird.yahoo.com> Message-ID: <1347827442.52033.YahooMailNeo@web132105.mail.ird.yahoo.com> root at mail:/var/spool/MailScanner# MailScanner -lint Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Configuration: Failed to find any configuration files like /etc/MailScanner/conf.d/*, skipping them. at /usr/share/MailScanner//MailScanner/Config.pm line 2020 Read 858 hostnames from the phishing whitelist Read 5497 hostnames from the phishing blacklists Checking version numbers... Version number in MailScanner.conf (4.79.11) is correct. Unrar is not installed, it should be in /usr/bin/unrar. This is required for RAR archives to be read to check filenames and filetypes. Virus scanning is not affected. ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf ERROR: is not correct, it should match X-unconfigured-debian-site-MailScanner-From MailScanner setting GID to? (108) MailScanner setting UID to? (105) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database config: failed to parse line, skipping, in "/etc/MailScanner/spam.assassin.prefs.conf": use_auto_whitelist 0 SpamAssassin reported an error. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 0 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamd =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting ./1/eicar.com: Eicar-Test-Signature FOUND Virus Scanning: ClamAV found 1 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 1 viruses =========================================================================== If any of your virus scanners (clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. ---------------- root at mail:/var/spool/MailScanner# MailScanner -debug Configuration: Failed to find any configuration files like /etc/MailScanner/conf.d/*, skipping them. at /usr/share/MailScanner//MailScanner/Config.pm line 2020 In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Insecure dependency in open while running with -T switch at /usr/share/MailScanner//MailScanner/Lock.pm line 358. ________________________________ De: Martin Hepworth Para: MailScanner discussion Enviado: Domingo 16 de septiembre de 2012 12:17 Asunto: Re: Mailscanner stuck in endless loop New install or something that was working Try running in debug mode for more info( see wiki for a how if youre not sure) Martin On Sunday, 16 September 2012, Diego wrote: USe Debian 6 and postfix and MailScanner > > >Binary package hint: mailscanner >Mailscanner is stuck in an endless loop; it scans the messages held in the postfix queue again and again and there are no "requeue" notices, like on a working server. In the mean time, server is incapable of processing mail, unless the scanner is disabled, and in my case, Postfix does not hold incoming messages. > > >Thanks > -- -- Martin Hepworth, CISSP Oxford, UK -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120916/beaf694d/attachment.html From andrew at topdog.za.net Mon Sep 17 05:43:01 2012 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Mon, 17 Sep 2012 06:43:01 +0200 Subject: Mailscanner stuck in endless loop In-Reply-To: <1347806487.66902.YahooMailNeo@web132103.mail.ird.yahoo.com> References: <1347806487.66902.YahooMailNeo@web132103.mail.ird.yahoo.com> Message-ID: On 16 Sep 2012, at 4:41 PM, Diego wrote: > USe Debian 6 and postfix and MailScanner > > Binary package hint: mailscanner > Mailscanner is stuck in an endless loop; it scans the messages held in the postfix queue again and again and there are no "requeue" notices, like on a working server. In the mean time, server is incapable of processing mail, unless the scanner is disabled, and in my case, Postfix does not hold incoming messages. It could be this bug[1] that is causing your issue, you are still running 4.79, please upgrade to a more recent version as your issues may be fixed with in the later versions, if not resolved try running with -U [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649835 -- www.baruwa.org From maxsec at gmail.com Mon Sep 17 06:37:50 2012 From: maxsec at gmail.com (Martin Hepworth) Date: Mon, 17 Sep 2012 06:37:50 +0100 Subject: Mailscanner stuck in endless loop In-Reply-To: References: <1347806487.66902.YahooMailNeo@web132103.mail.ird.yahoo.com> Message-ID: Looks like andew beat me to it. Upgrade to latest and add in the -U flag if youre still seeing errors Martin On Monday, 17 September 2012, Andrew Colin Kissa wrote: > > On 16 Sep 2012, at 4:41 PM, Diego wrote: > > > USe Debian 6 and postfix and MailScanner > > > > Binary package hint: mailscanner > > Mailscanner is stuck in an endless loop; it scans the messages held in > the postfix queue again and again and there are no "requeue" notices, like > on a working server. In the mean time, server is incapable of processing > mail, unless the scanner is disabled, and in my case, Postfix does not hold > incoming messages. > > It could be this bug[1] that is causing your issue, you are still running > 4.79, please upgrade to a more recent version as your issues may be fixed > with in the later > versions, if not resolved try running with -U > > [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649835 > > -- > www.baruwa.org > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120917/e996ee0e/attachment.html From roedie at roedie.nl Mon Sep 17 07:56:24 2012 From: roedie at roedie.nl (Sander Klein) Date: Mon, 17 Sep 2012 08:56:24 +0200 Subject: Mailscanner stuck in endless loop In-Reply-To: References: <1347806487.66902.YahooMailNeo@web132103.mail.ird.yahoo.com> Message-ID: On 17.09.2012 06:43, Andrew Colin Kissa wrote: > On 16 Sep 2012, at 4:41 PM, Diego wrote: > >> USe Debian 6 and postfix and MailScanner >> >> Binary package hint: mailscanner >> Mailscanner is stuck in an endless loop; it scans the messages held >> in the postfix queue again and again and there are no "requeue" >> notices, like on a working server. In the mean time, server is >> incapable of processing mail, unless the scanner is disabled, and in >> my case, Postfix does not hold incoming messages. > > It could be this bug[1] that is causing your issue, you are still > running 4.79, please upgrade to a more recent version as your issues > may be fixed with in the later > versions, if not resolved try running with -U I you've upgraded to the latest version and see taint errors in file.pm then edit the file PFDiskstore.pm at the line ~629: sub CopyEntireMessage { my $this = shift; my($message, $targetdir, $targetfile, $uid, $gid, $changeowner) = @_; #print STDERR "Copying to $targetdir $targetfile\n"; if (MailScanner::Config::Value('storeentireasdfqf')) { change to: sub CopyEntireMessage { my $this = shift; my($message, $targetdir, $targetfile, $uid, $gid, $changeowner) = @_; $targetfile =~/([\w\d]{10}.[\w\d]{5})/; $targetfile = $1; #print STDERR "Copying to $targetdir $targetfile\n"; if (MailScanner::Config::Value('storeentireasdfqf')) { This way you don't have to disable the taint mode which is a bit safer. (I even created a debian package with this fix if you're interested) Greets, Sander From Sampson at p2sol.com Mon Sep 17 17:01:44 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Mon, 17 Sep 2012 16:01:44 +0000 Subject: Filter by IP Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam Assassin and Clamd and I have a Test server that I am trying to prevent from e-mailing anyone outside 2 certain domains. I have been trying to figure out the best way to set this up so that it does not interfere with the production servers or regular e-mails. But not really clear on the best way to set this up. I thought about trying to put something in whitelist.rules but want to have a clear plan of attack before I try anything to prevent disruption of normal e-mails. Wanting to do something like When From: ip.tst.srv.add Only Allow to send to: our.domain.com & this domain.com (and block anything not to that domain) Any thoughts would be greatly appreciated Aaron Sampson IT Department -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120917/dab2088d/attachment.html From alex at vidadigital.com.pa Mon Sep 17 18:41:24 2012 From: alex at vidadigital.com.pa (Alex Neuman) Date: Mon, 17 Sep 2012 12:41:24 -0500 Subject: Filter by IP In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> Message-ID: You can probably add the test server's IP to the spam whitelist, then add a "non-spam actions" ruleset that says something like: To:allowed.domain.com deliver To:allowed2.domain.com deliver From:xx.xx.xx.xx store That way, the first two domains "hit" and "deliver" the e-mails, while anything else from the test server will be "stored" - you could use "delete" but just in case use "store" so you can release them if necessary. On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron wrote: > I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam Assassin and > Clamd and I have a Test server that I am trying to prevent from e-mailing > anyone outside 2 certain domains. I have been trying to figure out the best > way to set this up so that it does not interfere with the production servers > or regular e-mails. But not really clear on the best way to set this up. > > I thought about trying to put something in whitelist.rules but want to have > a clear plan of attack before I try anything to prevent disruption of normal > e-mails. > > > > Wanting to do something like > > When From: ip.tst.srv.add Only Allow to send to: our.domain.com & > this domain.com (and block anything not to that domain) > > > > Any thoughts would be greatly appreciated > > > > > > Aaron Sampson > > IT Department > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital -- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either. From bjron.mork at gmail.com Mon Sep 17 19:02:12 2012 From: bjron.mork at gmail.com (Bjorn Mork) Date: Mon, 17 Sep 2012 23:02:12 +0500 Subject: Filter by IP In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> Message-ID: Yes, this is possible via MailScanner. We are working with these kind of rules via integration of MailWatch + MailScanner. Regards, B~Mork. On Mon, Sep 17, 2012 at 9:01 PM, Sampson, Aaron wrote: > I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam Assassin > and Clamd and I have a Test server that I am trying to prevent from > e-mailing anyone outside 2 certain domains. I have been trying to figure > out the best way to set this up so that it does not interfere with the > production servers or regular e-mails. But not really clear on the best > way to set this up.**** > > I thought about trying to put something in whitelist.rules but want to > have a clear plan of attack before I try anything to prevent disruption of > normal e-mails.**** > > ** ** > > Wanting to do something like**** > > When From: ip.tst.srv.add Only Allow to send to: our.domain.com& this > domain.com (and block anything not to that domain)**** > > ** ** > > Any thoughts would be greatly appreciated**** > > ** ** > > ** ** > > Aaron Sampson**** > > IT Department**** > > ** ** > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120917/a7c9e236/attachment.html From Sampson at p2sol.com Mon Sep 17 19:25:24 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Mon, 17 Sep 2012 18:25:24 +0000 Subject: Filter by IP In-Reply-To: References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FA88B@COMM1.p2sol.com> Interesting, I hadn't thought about that approach to this. It seems like that would do the trick while still allowing mail from other IP's /Domains to go through unaffected. Thank you for the suggestion and I will let you know how it works out -----Original Message----- From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, September 17, 2012 12:41 PM To: MailScanner discussion Subject: Re: Filter by IP You can probably add the test server's IP to the spam whitelist, then add a "non-spam actions" ruleset that says something like: To:allowed.domain.com deliver To:allowed2.domain.com deliver From:xx.xx.xx.xx store That way, the first two domains "hit" and "deliver" the e-mails, while anything else from the test server will be "stored" - you could use "delete" but just in case use "store" so you can release them if necessary. On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron wrote: > I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam > Assassin and Clamd and I have a Test server that I am trying to > prevent from e-mailing anyone outside 2 certain domains. I have been > trying to figure out the best way to set this up so that it does not > interfere with the production servers or regular e-mails. But not really clear on the best way to set this up. > > I thought about trying to put something in whitelist.rules but want to > have a clear plan of attack before I try anything to prevent > disruption of normal e-mails. > > > > Wanting to do something like > > When From: ip.tst.srv.add Only Allow to send to: our.domain.com & > this domain.com (and block anything not to that domain) > > > > Any thoughts would be greatly appreciated > > > > > > Aaron Sampson > > IT Department > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital -- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Sampson at p2sol.com Mon Sep 17 20:10:30 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Mon, 17 Sep 2012 19:10:30 +0000 Subject: Filter by IP In-Reply-To: References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FA8FD@COMM1.p2sol.com> Bjorn, I have not as of yet integrated MailWatch with our system. From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Bjorn Mork Sent: Monday, September 17, 2012 1:02 PM To: MailScanner discussion Subject: Re: Filter by IP Yes, this is possible via MailScanner. We are working with these kind of rules via integration of MailWatch + MailScanner. Regards, B~Mork. On Mon, Sep 17, 2012 at 9:01 PM, Sampson, Aaron > wrote: I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam Assassin and Clamd and I have a Test server that I am trying to prevent from e-mailing anyone outside 2 certain domains. I have been trying to figure out the best way to set this up so that it does not interfere with the production servers or regular e-mails. But not really clear on the best way to set this up. I thought about trying to put something in whitelist.rules but want to have a clear plan of attack before I try anything to prevent disruption of normal e-mails. Wanting to do something like When From: ip.tst.srv.add Only Allow to send to: our.domain.com & this domain.com (and block anything not to that domain) Any thoughts would be greatly appreciated Aaron Sampson IT Department -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120917/0d81b32a/attachment.html From Kevin_Miller at ci.juneau.ak.us Mon Sep 17 20:32:58 2012 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon, 17 Sep 2012 11:32:58 -0800 Subject: Filter by IP In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> Message-ID: <4A09477D575C2C4B86497161427DD94C279A68EC0B@city-exchange07> What I would do is set up DNS to handle mail to mxtest.DOMAIN for inbound mail. I presume you want to receive mail on this machine - NDRs and such at least. That will keep the test stuff on the production servers. After your satisfied, rename the mail server, and add it to the mix of MX records that handle real mail. Sendmail uses a file called access to control connectivity. I'm sure Postfix must as well. With it, you can specify who and what can send/relay/receive mail on that host. You should be able to tell it to only accept from specific IPs or subnets, email addresses or domains, etc. Let your MTA handle who it will talk to. When it is configured to send/receive from your specific domains, then route mail through that host and begin testing MailScanner. MailWatch is worth installing. HTH... ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357 From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Sampson, Aaron Sent: Monday, September 17, 2012 8:02 AM To: mailscanner at lists.mailscanner.info Subject: Filter by IP I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam Assassin and Clamd and I have a Test server that I am trying to prevent from e-mailing anyone outside 2 certain domains. I have been trying to figure out the best way to set this up so that it does not interfere with the production servers or regular e-mails. But not really clear on the best way to set this up. I thought about trying to put something in whitelist.rules but want to have a clear plan of attack before I try anything to prevent disruption of normal e-mails. Wanting to do something like When From: ip.tst.srv.add Only Allow to send to: our.domain.com & this domain.com (and block anything not to that domain) Any thoughts would be greatly appreciated Aaron Sampson IT Department -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120917/624ee86f/attachment.html From Sampson at p2sol.com Wed Sep 19 16:00:05 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Wed, 19 Sep 2012 15:00:05 +0000 Subject: Filter by IP In-Reply-To: References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com> Alex, So I tried out your suggestion and put in a a ruleset in the non-spam actions. rules that read to: *@domain1.com deliver to: *@domain2.com deliver from: ip.address store and then when that did not work added fromorTo: default deliver Still did not work and all e-mails coming into the company were lost (dang it) and I kept getting an error message saying Syntax error in "header" action in spam actions, missing ":" in etc/MailScanner/rules/non.spam.rules We have checked and rechecked the rule-set pattern to see if we missed something and have tried a few things and nothing has worked so far. We would like to not have to set up an additional smtp server to take care of this issue so any additional thoughts would be great, or let me know if you need/want any additional information -----Original Message----- From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, September 17, 2012 12:41 PM To: MailScanner discussion Subject: Re: Filter by IP You can probably add the test server's IP to the spam whitelist, then add a "non-spam actions" ruleset that says something like: To:allowed.domain.com deliver To:allowed2.domain.com deliver From:xx.xx.xx.xx store That way, the first two domains "hit" and "deliver" the e-mails, while anything else from the test server will be "stored" - you could use "delete" but just in case use "store" so you can release them if necessary. On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron wrote: > I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam > Assassin and Clamd and I have a Test server that I am trying to > prevent from e-mailing anyone outside 2 certain domains. I have been > trying to figure out the best way to set this up so that it does not > interfere with the production servers or regular e-mails. But not really clear on the best way to set this up. > > I thought about trying to put something in whitelist.rules but want to > have a clear plan of attack before I try anything to prevent > disruption of normal e-mails. > > > > Wanting to do something like > > When From: ip.tst.srv.add Only Allow to send to: our.domain.com & > this domain.com (and block anything not to that domain) > > > > Any thoughts would be greatly appreciated > > > > > > Aaron Sampson > > IT Department > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital -- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From maxsec at gmail.com Wed Sep 19 16:47:14 2012 From: maxsec at gmail.com (Martin Hepworth) Date: Wed, 19 Sep 2012 16:47:14 +0100 Subject: Filter by IP In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com> References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com> Message-ID: have you made sure there no tab's in that ruleset. check out the examples in the examples dir and here. http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=rules yes you'll need the default entry , try making sure the capitalisasion is consistent with the examples as welll. To: @domain1.com deliver To: @domain2.com deliver From: ip.address store FromOrTo: default deliver -- Martin Hepworth, CISSP Oxford, UK On 19 September 2012 16:00, Sampson, Aaron wrote: > Alex, > > So I tried out your suggestion and put in a a ruleset in the non-spam > actions. rules that read > to: *@domain1.com deliver > to: *@domain2.com deliver > from: ip.address store > and then when that did not work added > fromorTo: default deliver > > Still did not work and all e-mails coming into the company were lost (dang > it) and I kept getting an error message saying Syntax error in "header" > action in spam actions, > missing ":" in etc/MailScanner/rules/non.spam.rules > > We have checked and rechecked the rule-set pattern to see if we missed > something and have tried a few things and nothing has worked so far. We > would like to not have to set up an additional smtp server to take care of > this issue so any additional thoughts would be great, or let me know if you > need/want any additional information > > > -----Original Message----- > From: mailscanner-bounces at lists.mailscanner.info [mailto: > mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman > Sent: Monday, September 17, 2012 12:41 PM > To: MailScanner discussion > Subject: Re: Filter by IP > > You can probably add the test server's IP to the spam whitelist, then add > a "non-spam actions" ruleset that says something like: > > To:allowed.domain.com deliver > To:allowed2.domain.com deliver > From:xx.xx.xx.xx store > > That way, the first two domains "hit" and "deliver" the e-mails, while > anything else from the test server will be "stored" - you could use > "delete" but just in case use "store" so you can release them if necessary. > > > On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron > wrote: > > I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam > > Assassin and Clamd and I have a Test server that I am trying to > > prevent from e-mailing anyone outside 2 certain domains. I have been > > trying to figure out the best way to set this up so that it does not > > interfere with the production servers or regular e-mails. But not > really clear on the best way to set this up. > > > > I thought about trying to put something in whitelist.rules but want to > > have a clear plan of attack before I try anything to prevent > > disruption of normal e-mails. > > > > > > > > Wanting to do something like > > > > When From: ip.tst.srv.add Only Allow to send to: > our.domain.com & > > this domain.com (and block anything not to that domain) > > > > > > > > Any thoughts would be greatly appreciated > > > > > > > > > > > > Aaron Sampson > > > > IT Department > > > > > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > > -- > > Alex Neuman van der Hans > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > +507-6781-9505 > +507-832-6725 > +1-440-253-9789 (USA) > > Follow @AlexNeuman on Twitter > http://facebook.com/vidadigital > > > -- So-called "legal disclaimers" are not legally binding, so don't bother. > A cute graphic saying "save the planet, don't print this" can potentially > create more CO2, not less, so don't bother either. > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120919/c83a47e4/attachment.html From dave at KD0YU.COM Wed Sep 19 17:27:00 2012 From: dave at KD0YU.COM (Dave Helton) Date: Wed, 19 Sep 2012 11:27:00 -0500 Subject: Filter by IP In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com> References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com> Message-ID: <77F23E6E4DE9084BA33755BA403E53FCF00AAB2161@S8.KD0YU.COM> > > So I tried out your suggestion and put in a a ruleset in the non-spam actions. > rules that read > to: *@domain1.com deliver > to: *@domain2.com deliver > from: ip.address store > and then when that did not work added > fromorTo: default deliver Although case is not critical... consistency is a Good Thing (tm). > > Still did not work and all e-mails coming into the company were lost (dang it) > and I kept getting an error message saying Syntax error in "header" action in > spam actions, > missing ":" in etc/MailScanner/rules/non.spam.rules > Most programs are designed to deal with a liberal use of "whitespace" rather than the lack of it. > To:allowed.domain.com deliver > To:allowed2.domain.com deliver > From:xx.xx.xx.xx store > -- This message has been scanned for viruses and dangerous content by MailScanner at KD0YU.COM, and is believed to be clean. From Sampson at p2sol.com Wed Sep 19 19:25:56 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Wed, 19 Sep 2012 18:25:56 +0000 Subject: Filter by IP In-Reply-To: References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com> I did make sure that the capitalization was the same through it all and that everything was spaced out the same as well, still got the same error message. Did discover that everything seemed to be working properly with Mail Scanner until I attempted to send out an e-mail from one of the domains that I had listed. Once that e-mail attempted to go through the system the syntax error appeared. From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: Wednesday, September 19, 2012 10:47 AM To: MailScanner discussion Subject: Re: Filter by IP have you made sure there no tab's in that ruleset. check out the examples in the examples dir and here. http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=rules yes you'll need the default entry , try making sure the capitalisasion is consistent with the examples as welll. To: @domain1.com deliver To: @domain2.com deliver From: ip.address store FromOrTo: default deliver -- Martin Hepworth, CISSP Oxford, UK On 19 September 2012 16:00, Sampson, Aaron > wrote: Alex, So I tried out your suggestion and put in a a ruleset in the non-spam actions. rules that read to: *@domain1.com deliver to: *@domain2.com deliver from: ip.address store and then when that did not work added fromorTo: default deliver Still did not work and all e-mails coming into the company were lost (dang it) and I kept getting an error message saying Syntax error in "header" action in spam actions, missing ":" in etc/MailScanner/rules/non.spam.rules We have checked and rechecked the rule-set pattern to see if we missed something and have tried a few things and nothing has worked so far. We would like to not have to set up an additional smtp server to take care of this issue so any additional thoughts would be great, or let me know if you need/want any additional information -----Original Message----- From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, September 17, 2012 12:41 PM To: MailScanner discussion Subject: Re: Filter by IP You can probably add the test server's IP to the spam whitelist, then add a "non-spam actions" ruleset that says something like: To:allowed.domain.com deliver To:allowed2.domain.com deliver From:xx.xx.xx.xx store That way, the first two domains "hit" and "deliver" the e-mails, while anything else from the test server will be "stored" - you could use "delete" but just in case use "store" so you can release them if necessary. On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron > wrote: > I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam > Assassin and Clamd and I have a Test server that I am trying to > prevent from e-mailing anyone outside 2 certain domains. I have been > trying to figure out the best way to set this up so that it does not > interfere with the production servers or regular e-mails. But not really clear on the best way to set this up. > > I thought about trying to put something in whitelist.rules but want to > have a clear plan of attack before I try anything to prevent > disruption of normal e-mails. > > > > Wanting to do something like > > When From: ip.tst.srv.add Only Allow to send to: our.domain.com & > this domain.com (and block anything not to that domain) > > > > Any thoughts would be greatly appreciated > > > > > > Aaron Sampson > > IT Department > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital -- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120919/0e7e2ffa/attachment.html From Sampson at p2sol.com Wed Sep 19 19:35:13 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Wed, 19 Sep 2012 18:35:13 +0000 Subject: Filter by IP In-Reply-To: References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FBB33@COMM1.p2sol.com> Martin, What did you mean by no tabs? Like the rule-set should look like To: *@domain.com deliver instead of To: *@domain.com deliver It appears in the examples that there are tabs between each part like in the 2nd example listed above. I did refer to these examples when setting this rule up, but still no luck From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: Wednesday, September 19, 2012 10:47 AM To: MailScanner discussion Subject: Re: Filter by IP have you made sure there no tab's in that ruleset. check out the examples in the examples dir and here. http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=rules yes you'll need the default entry , try making sure the capitalisasion is consistent with the examples as welll. To: @domain1.com deliver To: @domain2.com deliver From: ip.address store FromOrTo: default deliver -- Martin Hepworth, CISSP Oxford, UK On 19 September 2012 16:00, Sampson, Aaron > wrote: Alex, So I tried out your suggestion and put in a a ruleset in the non-spam actions. rules that read to: *@domain1.com deliver to: *@domain2.com deliver from: ip.address store and then when that did not work added fromorTo: default deliver Still did not work and all e-mails coming into the company were lost (dang it) and I kept getting an error message saying Syntax error in "header" action in spam actions, missing ":" in etc/MailScanner/rules/non.spam.rules We have checked and rechecked the rule-set pattern to see if we missed something and have tried a few things and nothing has worked so far. We would like to not have to set up an additional smtp server to take care of this issue so any additional thoughts would be great, or let me know if you need/want any additional information -----Original Message----- From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, September 17, 2012 12:41 PM To: MailScanner discussion Subject: Re: Filter by IP You can probably add the test server's IP to the spam whitelist, then add a "non-spam actions" ruleset that says something like: To:allowed.domain.com deliver To:allowed2.domain.com deliver From:xx.xx.xx.xx store That way, the first two domains "hit" and "deliver" the e-mails, while anything else from the test server will be "stored" - you could use "delete" but just in case use "store" so you can release them if necessary. On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron > wrote: > I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam > Assassin and Clamd and I have a Test server that I am trying to > prevent from e-mailing anyone outside 2 certain domains. I have been > trying to figure out the best way to set this up so that it does not > interfere with the production servers or regular e-mails. But not really clear on the best way to set this up. > > I thought about trying to put something in whitelist.rules but want to > have a clear plan of attack before I try anything to prevent > disruption of normal e-mails. > > > > Wanting to do something like > > When From: ip.tst.srv.add Only Allow to send to: our.domain.com & > this domain.com (and block anything not to that domain) > > > > Any thoughts would be greatly appreciated > > > > > > Aaron Sampson > > IT Department > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital -- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120919/8a494418/attachment.html From campbell at cnpapers.com Wed Sep 19 20:01:17 2012 From: campbell at cnpapers.com (Steve Campbell) Date: Wed, 19 Sep 2012 15:01:17 -0400 Subject: Filter by IP In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com> References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com> Message-ID: <505A167D.1000203@cnpapers.com> Are you certain you didn't type ";" instead of ":" in you rule file? It sort of indicates that one of your lines needs that ":" in it steve campbell On 9/19/2012 2:25 PM, Sampson, Aaron wrote: > > I did make sure that the capitalization was the same through it all > and that everything was spaced out the same as well, still got the > same error message. Did discover that everything seemed to be working > properly with Mail Scanner until I attempted to send out an e-mail > from one of the domains that I had listed. Once that e-mail attempted > to go through the system the syntax error appeared. > > *From:*mailscanner-bounces at lists.mailscanner.info > [mailto:mailscanner-bounces at lists.mailscanner.info] *On Behalf Of > *Martin Hepworth > *Sent:* Wednesday, September 19, 2012 10:47 AM > *To:* MailScanner discussion > *Subject:* Re: Filter by IP > > have you made sure there no tab's in that ruleset. > check out the examples in the examples dir and here. > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=rules > > yes you'll need the default entry , try making sure the capitalisasion > is consistent with the examples as welll. > > To: @domain1.com deliver > To: @domain2.com deliver > From: ip.address store > FromOrTo: default deliver > > -- > Martin Hepworth, CISSP > Oxford, UK > > On 19 September 2012 16:00, Sampson, Aaron > wrote: > > Alex, > > So I tried out your suggestion and put in a a ruleset in the non-spam > actions. rules that read > to: *@domain1.com deliver > to: *@domain2.com deliver > from: ip.address store > and then when that did not work added > fromorTo: default deliver > > Still did not work and all e-mails coming into the company were lost > (dang it) and I kept getting an error message saying Syntax error in > "header" action in spam actions, > missing ":" in etc/MailScanner/rules/non.spam.rules > > We have checked and rechecked the rule-set pattern to see if we missed > something and have tried a few things and nothing has worked so far. > We would like to not have to set up an additional smtp server to take > care of this issue so any additional thoughts would be great, or let > me know if you need/want any additional information > > > > -----Original Message----- > From: mailscanner-bounces at lists.mailscanner.info > > [mailto:mailscanner-bounces at lists.mailscanner.info > ] On Behalf Of Alex > Neuman > Sent: Monday, September 17, 2012 12:41 PM > To: MailScanner discussion > Subject: Re: Filter by IP > > You can probably add the test server's IP to the spam whitelist, then > add a "non-spam actions" ruleset that says something like: > > To:allowed.domain.com deliver > To:allowed2.domain.com deliver > From:xx.xx.xx.xx store > > That way, the first two domains "hit" and "deliver" the e-mails, while > anything else from the test server will be "stored" - you could use > "delete" but just in case use "store" so you can release them if > necessary. > > > On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron > wrote: > > I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam > > Assassin and Clamd and I have a Test server that I am trying to > > prevent from e-mailing anyone outside 2 certain domains. I have been > > trying to figure out the best way to set this up so that it does not > > interfere with the production servers or regular e-mails. But not > really clear on the best way to set this up. > > > > I thought about trying to put something in whitelist.rules but want to > > have a clear plan of attack before I try anything to prevent > > disruption of normal e-mails. > > > > > > > > Wanting to do something like > > > > When From: ip.tst.srv.add Only Allow to send to: > our.domain.com & > > this domain.com (and block anything not to that > domain) > > > > > > > > Any thoughts would be greatly appreciated > > > > > > > > > > > > Aaron Sampson > > > > IT Department > > > > > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > > -- > > Alex Neuman van der Hans > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > +507-6781-9505 > +507-832-6725 > +1-440-253-9789 (USA) > > Follow @AlexNeuman on Twitter > http://facebook.com/vidadigital > > > -- So-called "legal disclaimers" are not legally binding, so don't > bother. A cute graphic saying "save the planet, don't print this" can > potentially create more CO2, not less, so don't bother either. > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > > Support MailScanner development - buy the book off the website! > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120919/9931e9d7/attachment.html From Sampson at p2sol.com Wed Sep 19 21:35:42 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Wed, 19 Sep 2012 20:35:42 +0000 Subject: Filter by IP In-Reply-To: <505A167D.1000203@cnpapers.com> References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com> <505A167D.1000203@cnpapers.com> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FBC44@COMM1.p2sol.com> Yes we double checked it several times and referred back to examples in the documentations to see if we had missed something. By what we can tell it should work but it seems to break every time an e-mail comes from one of those domains. From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steve Campbell Sent: Wednesday, September 19, 2012 2:01 PM To: mailscanner at lists.mailscanner.info Subject: Re: Filter by IP Are you certain you didn't type ";" instead of ":" in you rule file? It sort of indicates that one of your lines needs that ":" in it steve campbell On 9/19/2012 2:25 PM, Sampson, Aaron wrote: I did make sure that the capitalization was the same through it all and that everything was spaced out the same as well, still got the same error message. Did discover that everything seemed to be working properly with Mail Scanner until I attempted to send out an e-mail from one of the domains that I had listed. Once that e-mail attempted to go through the system the syntax error appeared. From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: Wednesday, September 19, 2012 10:47 AM To: MailScanner discussion Subject: Re: Filter by IP have you made sure there no tab's in that ruleset. check out the examples in the examples dir and here. http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=rules yes you'll need the default entry , try making sure the capitalisasion is consistent with the examples as welll. To: @domain1.com deliver To: @domain2.com deliver From: ip.address store FromOrTo: default deliver -- Martin Hepworth, CISSP Oxford, UK On 19 September 2012 16:00, Sampson, Aaron > wrote: Alex, So I tried out your suggestion and put in a a ruleset in the non-spam actions. rules that read to: *@domain1.com deliver to: *@domain2.com deliver from: ip.address store and then when that did not work added fromorTo: default deliver Still did not work and all e-mails coming into the company were lost (dang it) and I kept getting an error message saying Syntax error in "header" action in spam actions, missing ":" in etc/MailScanner/rules/non.spam.rules We have checked and rechecked the rule-set pattern to see if we missed something and have tried a few things and nothing has worked so far. We would like to not have to set up an additional smtp server to take care of this issue so any additional thoughts would be great, or let me know if you need/want any additional information -----Original Message----- From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, September 17, 2012 12:41 PM To: MailScanner discussion Subject: Re: Filter by IP You can probably add the test server's IP to the spam whitelist, then add a "non-spam actions" ruleset that says something like: To:allowed.domain.com deliver To:allowed2.domain.com deliver From:xx.xx.xx.xx store That way, the first two domains "hit" and "deliver" the e-mails, while anything else from the test server will be "stored" - you could use "delete" but just in case use "store" so you can release them if necessary. On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron > wrote: > I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam > Assassin and Clamd and I have a Test server that I am trying to > prevent from e-mailing anyone outside 2 certain domains. I have been > trying to figure out the best way to set this up so that it does not > interfere with the production servers or regular e-mails. But not really clear on the best way to set this up. > > I thought about trying to put something in whitelist.rules but want to > have a clear plan of attack before I try anything to prevent > disruption of normal e-mails. > > > > Wanting to do something like > > When From: ip.tst.srv.add Only Allow to send to: our.domain.com & > this domain.com (and block anything not to that domain) > > > > Any thoughts would be greatly appreciated > > > > > > Aaron Sampson > > IT Department > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital -- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120919/c8fd45e1/attachment-0001.html From alex at vidadigital.com.pa Thu Sep 20 02:39:49 2012 From: alex at vidadigital.com.pa (Alex Neuman) Date: Wed, 19 Sep 2012 20:39:49 -0500 Subject: Filter by IP In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FBC44@COMM1.p2sol.com> References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com> <505A167D.1000203@cnpapers.com> <4ACB6FBB6E06074DA18D653BD3155A663FBC44@COMM1.p2sol.com> Message-ID: It *does* say "syntax error", you just have to find out where you're typing it wrong, I guess. And the e-mails were probably not lost, since you have "store" - in fact, your defaults *should* be, specially when testing, "deliver store" so you *always* have a copy in the quarantine. On Wed, Sep 19, 2012 at 3:35 PM, Sampson, Aaron wrote: > Yes we double checked it several times and referred back to examples in the > documentations to see if we had missed something. By what we can tell it > should work but it seems to break every time an e-mail comes from one of > those domains. > > > > From: mailscanner-bounces at lists.mailscanner.info > [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steve > Campbell > Sent: Wednesday, September 19, 2012 2:01 PM > To: mailscanner at lists.mailscanner.info > > > Subject: Re: Filter by IP > > > > Are you certain you didn't type ";" instead of ":" in you rule file? It sort > of indicates that one of your lines needs that ":" in it > > steve campbell > > On 9/19/2012 2:25 PM, Sampson, Aaron wrote: > > I did make sure that the capitalization was the same through it all and that > everything was spaced out the same as well, still got the same error > message. Did discover that everything seemed to be working properly with > Mail Scanner until I attempted to send out an e-mail from one of the domains > that I had listed. Once that e-mail attempted to go through the system the > syntax error appeared. > > > > From: mailscanner-bounces at lists.mailscanner.info > [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Martin > Hepworth > Sent: Wednesday, September 19, 2012 10:47 AM > To: MailScanner discussion > Subject: Re: Filter by IP > > > > have you made sure there no tab's in that ruleset. > check out the examples in the examples dir and here. > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=rules > > yes you'll need the default entry , try making sure the capitalisasion is > consistent with the examples as welll. > > To: @domain1.com deliver > To: @domain2.com deliver > From: ip.address store > FromOrTo: default deliver > > -- > Martin Hepworth, CISSP > Oxford, UK > > > On 19 September 2012 16:00, Sampson, Aaron wrote: > > Alex, > > So I tried out your suggestion and put in a a ruleset in the non-spam > actions. rules that read > to: *@domain1.com deliver > to: *@domain2.com deliver > from: ip.address store > and then when that did not work added > fromorTo: default deliver > > Still did not work and all e-mails coming into the company were lost (dang > it) and I kept getting an error message saying Syntax error in "header" > action in spam actions, > missing ":" in etc/MailScanner/rules/non.spam.rules > > We have checked and rechecked the rule-set pattern to see if we missed > something and have tried a few things and nothing has worked so far. We > would like to not have to set up an additional smtp server to take care of > this issue so any additional thoughts would be great, or let me know if you > need/want any additional information > > > > -----Original Message----- > From: mailscanner-bounces at lists.mailscanner.info > [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman > Sent: Monday, September 17, 2012 12:41 PM > To: MailScanner discussion > Subject: Re: Filter by IP > > You can probably add the test server's IP to the spam whitelist, then add a > "non-spam actions" ruleset that says something like: > > To:allowed.domain.com deliver > To:allowed2.domain.com deliver > From:xx.xx.xx.xx store > > That way, the first two domains "hit" and "deliver" the e-mails, while > anything else from the test server will be "stored" - you could use "delete" > but just in case use "store" so you can release them if necessary. > > > On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron wrote: >> I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam >> Assassin and Clamd and I have a Test server that I am trying to >> prevent from e-mailing anyone outside 2 certain domains. I have been >> trying to figure out the best way to set this up so that it does not >> interfere with the production servers or regular e-mails. But not really >> clear on the best way to set this up. >> >> I thought about trying to put something in whitelist.rules but want to >> have a clear plan of attack before I try anything to prevent >> disruption of normal e-mails. >> >> >> >> Wanting to do something like >> >> When From: ip.tst.srv.add Only Allow to send to: our.domain.com >> & >> this domain.com (and block anything not to that domain) >> >> >> >> Any thoughts would be greatly appreciated >> >> >> >> >> >> Aaron Sampson >> >> IT Department >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > -- > > -- > > Alex Neuman van der Hans > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > +507-6781-9505 > +507-832-6725 > +1-440-253-9789 (USA) > > Follow @AlexNeuman on Twitter > http://facebook.com/vidadigital > > > -- So-called "legal disclaimers" are not legally binding, so don't bother. A > cute graphic saying "save the planet, don't print this" can potentially > create more CO2, not less, so don't bother either. > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital -- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either. From campbell at cnpapers.com Thu Sep 20 13:27:13 2012 From: campbell at cnpapers.com (Steve Campbell) Date: Thu, 20 Sep 2012 08:27:13 -0400 Subject: Filter by IP In-Reply-To: <505A167D.1000203@cnpapers.com> References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com> <505A167D.1000203@cnpapers.com> Message-ID: <505B0BA1.5060003@cnpapers.com> This isn't a DOS, instead of a UNIX file, perhaps? Was it created and modified on the server or did you copy it from a Windows machine? Do you need to run dos2unix on it? steve campbell On 9/19/2012 3:01 PM, Steve Campbell wrote: > Are you certain you didn't type ";" instead of ":" in you rule file? > It sort of indicates that one of your lines needs that ":" in it > > steve campbell > On 9/19/2012 2:25 PM, Sampson, Aaron wrote: >> >> I did make sure that the capitalization was the same through it all >> and that everything was spaced out the same as well, still got the >> same error message. Did discover that everything seemed to be >> working properly with Mail Scanner until I attempted to send out an >> e-mail from one of the domains that I had listed. Once that e-mail >> attempted to go through the system the syntax error appeared. >> >> *From:*mailscanner-bounces at lists.mailscanner.info >> [mailto:mailscanner-bounces at lists.mailscanner.info] *On Behalf Of >> *Martin Hepworth >> *Sent:* Wednesday, September 19, 2012 10:47 AM >> *To:* MailScanner discussion >> *Subject:* Re: Filter by IP >> >> have you made sure there no tab's in that ruleset. >> check out the examples in the examples dir and here. >> >> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=rules >> >> yes you'll need the default entry , try making sure the >> capitalisasion is consistent with the examples as welll. >> >> To: @domain1.com deliver >> To: @domain2.com deliver >> From: ip.address store >> FromOrTo: default deliver >> >> -- >> Martin Hepworth, CISSP >> Oxford, UK >> >> On 19 September 2012 16:00, Sampson, Aaron > > wrote: >> >> Alex, >> >> So I tried out your suggestion and put in a a ruleset in the non-spam >> actions. rules that read >> to: *@domain1.com deliver >> to: *@domain2.com deliver >> from: ip.address store >> and then when that did not work added >> fromorTo: default deliver >> >> Still did not work and all e-mails coming into the company were lost >> (dang it) and I kept getting an error message saying Syntax error >> in "header" action in spam actions, >> missing ":" in etc/MailScanner/rules/non.spam.rules >> >> We have checked and rechecked the rule-set pattern to see if we >> missed something and have tried a few things and nothing has worked >> so far. We would like to not have to set up an additional smtp >> server to take care of this issue so any additional thoughts would be >> great, or let me know if you need/want any additional information >> >> >> >> -----Original Message----- >> From: mailscanner-bounces at lists.mailscanner.info >> >> [mailto:mailscanner-bounces at lists.mailscanner.info >> ] On Behalf Of >> Alex Neuman >> Sent: Monday, September 17, 2012 12:41 PM >> To: MailScanner discussion >> Subject: Re: Filter by IP >> >> You can probably add the test server's IP to the spam whitelist, then >> add a "non-spam actions" ruleset that says something like: >> >> To:allowed.domain.com deliver >> To:allowed2.domain.com deliver >> From:xx.xx.xx.xx store >> >> That way, the first two domains "hit" and "deliver" the e-mails, >> while anything else from the test server will be "stored" - you could >> use "delete" but just in case use "store" so you can release them if >> necessary. >> >> >> On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron > > wrote: >> > I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam >> > Assassin and Clamd and I have a Test server that I am trying to >> > prevent from e-mailing anyone outside 2 certain domains. I have been >> > trying to figure out the best way to set this up so that it does not >> > interfere with the production servers or regular e-mails. But not >> really clear on the best way to set this up. >> > >> > I thought about trying to put something in whitelist.rules but want to >> > have a clear plan of attack before I try anything to prevent >> > disruption of normal e-mails. >> > >> > >> > >> > Wanting to do something like >> > >> > When From: ip.tst.srv.add Only Allow to send to: >> our.domain.com & >> > this domain.com (and block anything not to that >> domain) >> > >> > >> > >> > Any thoughts would be greatly appreciated >> > >> > >> > >> > >> > >> > Aaron Sampson >> > >> > IT Department >> > >> > >> > >> > >> > -- >> > MailScanner mailing list >> > mailscanner at lists.mailscanner.info >> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> >> > >> > Support MailScanner development - buy the book off the website! >> > >> >> >> >> -- >> >> -- >> >> Alex Neuman van der Hans >> Reliant Technologies / Vida Digital >> http://vidadigital.com.pa/ >> >> +507-6781-9505 >> +507-832-6725 >> +1-440-253-9789 (USA) >> >> Follow @AlexNeuman on Twitter >> http://facebook.com/vidadigital >> >> >> -- So-called "legal disclaimers" are not legally binding, so don't >> bother. A cute graphic saying "save the planet, don't print this" can >> potentially create more CO2, not less, so don't bother either. >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> >> Support MailScanner development - buy the book off the website! >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> >> Support MailScanner development - buy the book off the website! >> >> >> > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120920/a76337c2/attachment.html From Sampson at p2sol.com Thu Sep 20 14:15:06 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Thu, 20 Sep 2012 13:15:06 +0000 Subject: Filter by IP In-Reply-To: <505B0BA1.5060003@cnpapers.com> References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com> <505A167D.1000203@cnpapers.com> <505B0BA1.5060003@cnpapers.com> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com> No it was created on UNIX on the e-mail server From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steve Campbell Sent: Thursday, September 20, 2012 7:27 AM To: mailscanner at lists.mailscanner.info Subject: Re: Filter by IP This isn't a DOS, instead of a UNIX file, perhaps? Was it created and modified on the server or did you copy it from a Windows machine? Do you need to run dos2unix on it? steve campbell On 9/19/2012 3:01 PM, Steve Campbell wrote: Are you certain you didn't type ";" instead of ":" in you rule file? It sort of indicates that one of your lines needs that ":" in it steve campbell On 9/19/2012 2:25 PM, Sampson, Aaron wrote: I did make sure that the capitalization was the same through it all and that everything was spaced out the same as well, still got the same error message. Did discover that everything seemed to be working properly with Mail Scanner until I attempted to send out an e-mail from one of the domains that I had listed. Once that e-mail attempted to go through the system the syntax error appeared. From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: Wednesday, September 19, 2012 10:47 AM To: MailScanner discussion Subject: Re: Filter by IP have you made sure there no tab's in that ruleset. check out the examples in the examples dir and here. http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=rules yes you'll need the default entry , try making sure the capitalisasion is consistent with the examples as welll. To: @domain1.com deliver To: @domain2.com deliver From: ip.address store FromOrTo: default deliver -- Martin Hepworth, CISSP Oxford, UK On 19 September 2012 16:00, Sampson, Aaron > wrote: Alex, So I tried out your suggestion and put in a a ruleset in the non-spam actions. rules that read to: *@domain1.com deliver to: *@domain2.com deliver from: ip.address store and then when that did not work added fromorTo: default deliver Still did not work and all e-mails coming into the company were lost (dang it) and I kept getting an error message saying Syntax error in "header" action in spam actions, missing ":" in etc/MailScanner/rules/non.spam.rules We have checked and rechecked the rule-set pattern to see if we missed something and have tried a few things and nothing has worked so far. We would like to not have to set up an additional smtp server to take care of this issue so any additional thoughts would be great, or let me know if you need/want any additional information -----Original Message----- From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, September 17, 2012 12:41 PM To: MailScanner discussion Subject: Re: Filter by IP You can probably add the test server's IP to the spam whitelist, then add a "non-spam actions" ruleset that says something like: To:allowed.domain.com deliver To:allowed2.domain.com deliver From:xx.xx.xx.xx store That way, the first two domains "hit" and "deliver" the e-mails, while anything else from the test server will be "stored" - you could use "delete" but just in case use "store" so you can release them if necessary. On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron > wrote: > I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam > Assassin and Clamd and I have a Test server that I am trying to > prevent from e-mailing anyone outside 2 certain domains. I have been > trying to figure out the best way to set this up so that it does not > interfere with the production servers or regular e-mails. But not really clear on the best way to set this up. > > I thought about trying to put something in whitelist.rules but want to > have a clear plan of attack before I try anything to prevent > disruption of normal e-mails. > > > > Wanting to do something like > > When From: ip.tst.srv.add Only Allow to send to: our.domain.com & > this domain.com (and block anything not to that domain) > > > > Any thoughts would be greatly appreciated > > > > > > Aaron Sampson > > IT Department > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital -- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120920/c65327e5/attachment.html From john.clancy at businessworld.ie Thu Sep 20 14:33:17 2012 From: john.clancy at businessworld.ie (John Clancy) Date: Thu, 20 Sep 2012 14:33:17 +0100 Subject: Filter by IP References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com> <505B0BA1.5060003@cnpapers.com> <4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com> Message-ID: <014a01cd9734$7e0cbcf0$696078c1@JCSPC> I'm not an expert by any means but perhaps doing an 'od -c' on the file and posting it here might help someone to spot the problem. JC ----- Original Message ----- From: Sampson, Aaron To: MailScanner discussion Sent: Thursday, September 20, 2012 2:15 PM Subject: RE: Filter by IP No it was created on UNIX on the e-mail server From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steve Campbell Sent: Thursday, September 20, 2012 7:27 AM To: mailscanner at lists.mailscanner.info Subject: Re: Filter by IP This isn't a DOS, instead of a UNIX file, perhaps? Was it created and modified on the server or did you copy it from a Windows machine? Do you need to run dos2unix on it? steve campbell On 9/19/2012 3:01 PM, Steve Campbell wrote: Are you certain you didn't type ";" instead of ":" in you rule file? It sort of indicates that one of your lines needs that ":" in it steve campbell On 9/19/2012 2:25 PM, Sampson, Aaron wrote: I did make sure that the capitalization was the same through it all and that everything was spaced out the same as well, still got the same error message. Did discover that everything seemed to be working properly with Mail Scanner until I attempted to send out an e-mail from one of the domains that I had listed. Once that e-mail attempted to go through the system the syntax error appeared. From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: Wednesday, September 19, 2012 10:47 AM To: MailScanner discussion Subject: Re: Filter by IP have you made sure there no tab's in that ruleset. check out the examples in the examples dir and here. http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=rules yes you'll need the default entry , try making sure the capitalisasion is consistent with the examples as welll. To: @domain1.com deliver To: @domain2.com deliver From: ip.address store FromOrTo: default deliver -- Martin Hepworth, CISSP Oxford, UK On 19 September 2012 16:00, Sampson, Aaron wrote: Alex, So I tried out your suggestion and put in a a ruleset in the non-spam actions. rules that read to: *@domain1.com deliver to: *@domain2.com deliver from: ip.address store and then when that did not work added fromorTo: default deliver Still did not work and all e-mails coming into the company were lost (dang it) and I kept getting an error message saying Syntax error in "header" action in spam actions, missing ":" in etc/MailScanner/rules/non.spam.rules We have checked and rechecked the rule-set pattern to see if we missed something and have tried a few things and nothing has worked so far. We would like to not have to set up an additional smtp server to take care of this issue so any additional thoughts would be great, or let me know if you need/want any additional information -----Original Message----- From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, September 17, 2012 12:41 PM To: MailScanner discussion Subject: Re: Filter by IP You can probably add the test server's IP to the spam whitelist, then add a "non-spam actions" ruleset that says something like: To:allowed.domain.com deliver To:allowed2.domain.com deliver From:xx.xx.xx.xx store That way, the first two domains "hit" and "deliver" the e-mails, while anything else from the test server will be "stored" - you could use "delete" but just in case use "store" so you can release them if necessary. On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron wrote: > I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam > Assassin and Clamd and I have a Test server that I am trying to > prevent from e-mailing anyone outside 2 certain domains. I have been > trying to figure out the best way to set this up so that it does not > interfere with the production servers or regular e-mails. But not really clear on the best way to set this up. > > I thought about trying to put something in whitelist.rules but want to > have a clear plan of attack before I try anything to prevent > disruption of normal e-mails. > > > > Wanting to do something like > > When From: ip.tst.srv.add Only Allow to send to: our.domain.com & > this domain.com (and block anything not to that domain) > > > > Any thoughts would be greatly appreciated > > > > > > Aaron Sampson > > IT Department > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital -- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ------------------------------------------------------------------------------ -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120920/e87b03be/attachment.html From Sampson at p2sol.com Thu Sep 20 14:58:58 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Thu, 20 Sep 2012 13:58:58 +0000 Subject: Filter by IP In-Reply-To: References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com> <505A167D.1000203@cnpapers.com> <4ACB6FBB6E06074DA18D653BD3155A663FBC44@COMM1.p2sol.com> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FC36B@COMM1.p2sol.com> The problem comes in trying to figure out where I went wrong with it. I have more than triple checked it and also had another IT guy with WAY more experience has double checked everything as well. Think we are going to build a test system to play around with and see if we can get this to work, but please keep the ideas coming . -----Original Message----- From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Wednesday, September 19, 2012 8:40 PM To: MailScanner discussion Subject: Re: Filter by IP It *does* say "syntax error", you just have to find out where you're typing it wrong, I guess. And the e-mails were probably not lost, since you have "store" - in fact, your defaults *should* be, specially when testing, "deliver store" so you *always* have a copy in the quarantine. On Wed, Sep 19, 2012 at 3:35 PM, Sampson, Aaron wrote: > Yes we double checked it several times and referred back to examples > in the documentations to see if we had missed something. By what we > can tell it should work but it seems to break every time an e-mail > comes from one of those domains. > > > > From: mailscanner-bounces at lists.mailscanner.info > [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steve > Campbell > Sent: Wednesday, September 19, 2012 2:01 PM > To: mailscanner at lists.mailscanner.info > > > Subject: Re: Filter by IP > > > > Are you certain you didn't type ";" instead of ":" in you rule file? > It sort of indicates that one of your lines needs that ":" in it > > steve campbell > > On 9/19/2012 2:25 PM, Sampson, Aaron wrote: > > I did make sure that the capitalization was the same through it all > and that everything was spaced out the same as well, still got the > same error message. Did discover that everything seemed to be working > properly with Mail Scanner until I attempted to send out an e-mail > from one of the domains that I had listed. Once that e-mail attempted > to go through the system the syntax error appeared. > > > > From: mailscanner-bounces at lists.mailscanner.info > [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of > Martin Hepworth > Sent: Wednesday, September 19, 2012 10:47 AM > To: MailScanner discussion > Subject: Re: Filter by IP > > > > have you made sure there no tab's in that ruleset. > check out the examples in the examples dir and here. > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:r > ulesets:examples&s=rules > > yes you'll need the default entry , try making sure the capitalisasion > is consistent with the examples as welll. > > To: @domain1.com deliver > To: @domain2.com deliver > From: ip.address store > FromOrTo: default deliver > > -- > Martin Hepworth, CISSP > Oxford, UK > > > On 19 September 2012 16:00, Sampson, Aaron wrote: > > Alex, > > So I tried out your suggestion and put in a a ruleset in the non-spam > actions. rules that read > to: *@domain1.com deliver > to: *@domain2.com deliver > from: ip.address store > and then when that did not work added > fromorTo: default deliver > > Still did not work and all e-mails coming into the company were lost (dang > it) and I kept getting an error message saying Syntax error in "header" > action in spam actions, > missing ":" in etc/MailScanner/rules/non.spam.rules > > We have checked and rechecked the rule-set pattern to see if we missed > something and have tried a few things and nothing has worked so far. > We would like to not have to set up an additional smtp server to take > care of this issue so any additional thoughts would be great, or let > me know if you need/want any additional information > > > > -----Original Message----- > From: mailscanner-bounces at lists.mailscanner.info > [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex > Neuman > Sent: Monday, September 17, 2012 12:41 PM > To: MailScanner discussion > Subject: Re: Filter by IP > > You can probably add the test server's IP to the spam whitelist, then > add a "non-spam actions" ruleset that says something like: > > To:allowed.domain.com deliver > To:allowed2.domain.com deliver > From:xx.xx.xx.xx store > > That way, the first two domains "hit" and "deliver" the e-mails, while > anything else from the test server will be "stored" - you could use "delete" > but just in case use "store" so you can release them if necessary. > > > On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron wrote: >> I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam >> Assassin and Clamd and I have a Test server that I am trying to >> prevent from e-mailing anyone outside 2 certain domains. I have been >> trying to figure out the best way to set this up so that it does not >> interfere with the production servers or regular e-mails. But not >> really clear on the best way to set this up. >> >> I thought about trying to put something in whitelist.rules but want >> to have a clear plan of attack before I try anything to prevent >> disruption of normal e-mails. >> >> >> >> Wanting to do something like >> >> When From: ip.tst.srv.add Only Allow to send to: our.domain.com >> & >> this domain.com (and block anything not to that domain) >> >> >> >> Any thoughts would be greatly appreciated >> >> >> >> >> >> Aaron Sampson >> >> IT Department >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > -- > > -- > > Alex Neuman van der Hans > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > +507-6781-9505 > +507-832-6725 > +1-440-253-9789 (USA) > > Follow @AlexNeuman on Twitter > http://facebook.com/vidadigital > > > -- So-called "legal disclaimers" are not legally binding, so don't > bother. A cute graphic saying "save the planet, don't print this" can > potentially create more CO2, not less, so don't bother either. > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital -- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From campbell at cnpapers.com Thu Sep 20 15:29:38 2012 From: campbell at cnpapers.com (Steve Campbell) Date: Thu, 20 Sep 2012 10:29:38 -0400 Subject: Filter by IP In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FC36B@COMM1.p2sol.com> References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com> <505A167D.1000203@cnpapers.com> <4ACB6FBB6E06074DA18D653BD3155A663FBC44@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FC36B@COMM1.p2sol.com> Message-ID: <505B2852.3040901@cnpapers.com> Just a couple more suggestions, then I'll quit throwing out stupid ideas. Have you tried running "MailScanner --lint"? You may need to give it the full path and the -v option. Have you considered uploading your config file, along with your rules file, so that we may look at it? As Alex indicated, there seems to be a syntax error, and multiple pairs of eyes usually helps me find these types or errors. Actually, my own pair of eyes are so old, they really don't ever contribute much. steve On 9/20/2012 9:58 AM, Sampson, Aaron wrote: > The problem comes in trying to figure out where I went wrong with it. I have more than triple checked it and also had another IT guy with WAY more experience has double checked everything as well. Think we are going to build a test system to play around with and see if we can get this to work, but please keep the ideas coming > . -----Original Message----- > From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman > Sent: Wednesday, September 19, 2012 8:40 PM > To: MailScanner discussion > Subject: Re: Filter by IP > > It *does* say "syntax error", you just have to find out where you're typing it wrong, I guess. > > And the e-mails were probably not lost, since you have "store" - in fact, your defaults *should* be, specially when testing, "deliver store" so you *always* have a copy in the quarantine. > > On Wed, Sep 19, 2012 at 3:35 PM, Sampson, Aaron wrote: >> Yes we double checked it several times and referred back to examples >> in the documentations to see if we had missed something. By what we >> can tell it should work but it seems to break every time an e-mail >> comes from one of those domains. >> >> >> >> From: mailscanner-bounces at lists.mailscanner.info >> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steve >> Campbell >> Sent: Wednesday, September 19, 2012 2:01 PM >> To: mailscanner at lists.mailscanner.info >> >> >> Subject: Re: Filter by IP >> >> >> >> Are you certain you didn't type ";" instead of ":" in you rule file? >> It sort of indicates that one of your lines needs that ":" in it >> >> steve campbell >> >> On 9/19/2012 2:25 PM, Sampson, Aaron wrote: >> >> I did make sure that the capitalization was the same through it all >> and that everything was spaced out the same as well, still got the >> same error message. Did discover that everything seemed to be working >> properly with Mail Scanner until I attempted to send out an e-mail >> from one of the domains that I had listed. Once that e-mail attempted >> to go through the system the syntax error appeared. >> >> >> >> From: mailscanner-bounces at lists.mailscanner.info >> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of >> Martin Hepworth >> Sent: Wednesday, September 19, 2012 10:47 AM >> To: MailScanner discussion >> Subject: Re: Filter by IP >> >> >> >> have you made sure there no tab's in that ruleset. >> check out the examples in the examples dir and here. >> >> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:r >> ulesets:examples&s=rules >> >> yes you'll need the default entry , try making sure the capitalisasion >> is consistent with the examples as welll. >> >> To: @domain1.com deliver >> To: @domain2.com deliver >> From: ip.address store >> FromOrTo: default deliver >> >> -- >> Martin Hepworth, CISSP >> Oxford, UK >> >> >> On 19 September 2012 16:00, Sampson, Aaron wrote: >> >> Alex, >> >> So I tried out your suggestion and put in a a ruleset in the non-spam >> actions. rules that read >> to: *@domain1.com deliver >> to: *@domain2.com deliver >> from: ip.address store >> and then when that did not work added >> fromorTo: default deliver >> >> Still did not work and all e-mails coming into the company were lost (dang >> it) and I kept getting an error message saying Syntax error in "header" >> action in spam actions, >> missing ":" in etc/MailScanner/rules/non.spam.rules >> >> We have checked and rechecked the rule-set pattern to see if we missed >> something and have tried a few things and nothing has worked so far. >> We would like to not have to set up an additional smtp server to take >> care of this issue so any additional thoughts would be great, or let >> me know if you need/want any additional information >> >> >> >> -----Original Message----- >> From: mailscanner-bounces at lists.mailscanner.info >> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex >> Neuman >> Sent: Monday, September 17, 2012 12:41 PM >> To: MailScanner discussion >> Subject: Re: Filter by IP >> >> You can probably add the test server's IP to the spam whitelist, then >> add a "non-spam actions" ruleset that says something like: >> >> To:allowed.domain.com deliver >> To:allowed2.domain.com deliver >> From:xx.xx.xx.xx store >> >> That way, the first two domains "hit" and "deliver" the e-mails, while >> anything else from the test server will be "stored" - you could use "delete" >> but just in case use "store" so you can release them if necessary. >> >> >> On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron wrote: >>> I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam >>> Assassin and Clamd and I have a Test server that I am trying to >>> prevent from e-mailing anyone outside 2 certain domains. I have been >>> trying to figure out the best way to set this up so that it does not >>> interfere with the production servers or regular e-mails. But not >>> really clear on the best way to set this up. >>> >>> I thought about trying to put something in whitelist.rules but want >>> to have a clear plan of attack before I try anything to prevent >>> disruption of normal e-mails. >>> >>> >>> >>> Wanting to do something like >>> >>> When From: ip.tst.srv.add Only Allow to send to: our.domain.com >>> & >>> this domain.com (and block anything not to that domain) >>> >>> >>> >>> Any thoughts would be greatly appreciated >>> >>> >>> >>> >>> >>> Aaron Sampson >>> >>> IT Department >>> >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> -- >> >> -- >> >> Alex Neuman van der Hans >> Reliant Technologies / Vida Digital >> http://vidadigital.com.pa/ >> >> +507-6781-9505 >> +507-832-6725 >> +1-440-253-9789 (USA) >> >> Follow @AlexNeuman on Twitter >> http://facebook.com/vidadigital >> >> >> -- So-called "legal disclaimers" are not legally binding, so don't >> bother. A cute graphic saying "save the planet, don't print this" can >> potentially create more CO2, not less, so don't bother either. >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > From Sampson at p2sol.com Thu Sep 20 15:45:11 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Thu, 20 Sep 2012 14:45:11 +0000 Subject: Filter by IP In-Reply-To: <014a01cd9734$7e0cbcf0$696078c1@JCSPC> References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com> <505B0BA1.5060003@cnpapers.com> <4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com> <014a01cd9734$7e0cbcf0$696078c1@JCSPC> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com> To: *@allow.domain1.com deliver header "X-Spam-Status: No" To: *@allow.domain2.com deliver header "X-Spam-Status: No" From: 192.168.xxx.xxx delete From: 192.168.xxx.xxx delete From: 192.168.xxx.xxx delete FromOrTo: default deliver header "X-Spam-Status: No" Tried this with and without adding the deliver header "X-Spam-Status: No" From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of John Clancy Sent: Thursday, September 20, 2012 8:33 AM To: MailScanner discussion Subject: Re: Filter by IP I'm not an expert by any means but perhaps doing an 'od -c' on the file and posting it here might help someone to spot the problem. JC ----- Original Message ----- From: Sampson, Aaron To: MailScanner discussion Sent: Thursday, September 20, 2012 2:15 PM Subject: RE: Filter by IP No it was created on UNIX on the e-mail server From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steve Campbell Sent: Thursday, September 20, 2012 7:27 AM To: mailscanner at lists.mailscanner.info Subject: Re: Filter by IP This isn't a DOS, instead of a UNIX file, perhaps? Was it created and modified on the server or did you copy it from a Windows machine? Do you need to run dos2unix on it? steve campbell On 9/19/2012 3:01 PM, Steve Campbell wrote: Are you certain you didn't type ";" instead of ":" in you rule file? It sort of indicates that one of your lines needs that ":" in it steve campbell On 9/19/2012 2:25 PM, Sampson, Aaron wrote: I did make sure that the capitalization was the same through it all and that everything was spaced out the same as well, still got the same error message. Did discover that everything seemed to be working properly with Mail Scanner until I attempted to send out an e-mail from one of the domains that I had listed. Once that e-mail attempted to go through the system the syntax error appeared. From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: Wednesday, September 19, 2012 10:47 AM To: MailScanner discussion Subject: Re: Filter by IP have you made sure there no tab's in that ruleset. check out the examples in the examples dir and here. http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=rules yes you'll need the default entry , try making sure the capitalisasion is consistent with the examples as welll. To: @domain1.com deliver To: @domain2.com deliver From: ip.address store FromOrTo: default deliver -- Martin Hepworth, CISSP Oxford, UK On 19 September 2012 16:00, Sampson, Aaron > wrote: Alex, So I tried out your suggestion and put in a a ruleset in the non-spam actions. rules that read to: *@domain1.com deliver to: *@domain2.com deliver from: ip.address store and then when that did not work added fromorTo: default deliver Still did not work and all e-mails coming into the company were lost (dang it) and I kept getting an error message saying Syntax error in "header" action in spam actions, missing ":" in etc/MailScanner/rules/non.spam.rules We have checked and rechecked the rule-set pattern to see if we missed something and have tried a few things and nothing has worked so far. We would like to not have to set up an additional smtp server to take care of this issue so any additional thoughts would be great, or let me know if you need/want any additional information -----Original Message----- From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, September 17, 2012 12:41 PM To: MailScanner discussion Subject: Re: Filter by IP You can probably add the test server's IP to the spam whitelist, then add a "non-spam actions" ruleset that says something like: To:allowed.domain.com deliver To:allowed2.domain.com deliver From:xx.xx.xx.xx store That way, the first two domains "hit" and "deliver" the e-mails, while anything else from the test server will be "stored" - you could use "delete" but just in case use "store" so you can release them if necessary. On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron > wrote: > I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam > Assassin and Clamd and I have a Test server that I am trying to > prevent from e-mailing anyone outside 2 certain domains. I have been > trying to figure out the best way to set this up so that it does not > interfere with the production servers or regular e-mails. But not really clear on the best way to set this up. > > I thought about trying to put something in whitelist.rules but want to > have a clear plan of attack before I try anything to prevent > disruption of normal e-mails. > > > > Wanting to do something like > > When From: ip.tst.srv.add Only Allow to send to: our.domain.com & > this domain.com (and block anything not to that domain) > > > > Any thoughts would be greatly appreciated > > > > > > Aaron Sampson > > IT Department > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital -- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ________________________________ -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120920/21d0e01c/attachment-0001.html From andrew at topdog.za.net Thu Sep 20 19:05:58 2012 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Thu, 20 Sep 2012 20:05:58 +0200 Subject: Filter by IP In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com> References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com> <505B0BA1.5060003@cnpapers.com> <4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com> <014a01cd9734$7e0cbcf0$696078c1@JCSPC> <4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com> Message-ID: <54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net> On 20 Sep 2012, at 4:45 PM, Sampson, Aaron wrote: > To: *@allow.domain1.com deliver header "X-Spam-Status: No" > To: *@allow.domain2.com deliver header "X-Spam-Status: No" Your syntax error is because rulesets can only have 3 or 6 fields you can NOT have 2 actions for a rule like you have (deliver and header) - Andrew -- www.baruwa.org From campbell at cnpapers.com Thu Sep 20 20:02:30 2012 From: campbell at cnpapers.com (Steve Campbell) Date: Thu, 20 Sep 2012 15:02:30 -0400 Subject: Filter by IP In-Reply-To: <54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net> References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com> <505B0BA1.5060003@cnpapers.com> <4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com> <014a01cd9734$7e0cbcf0$696078c1@JCSPC> <4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com> <54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net> Message-ID: <505B6846.4090505@cnpapers.com> On 9/20/2012 2:05 PM, Andrew Colin Kissa wrote: > On 20 Sep 2012, at 4:45 PM, Sampson, Aaron wrote: > >> To: *@allow.domain1.com deliver header "X-Spam-Status: No" >> To: *@allow.domain2.com deliver header "X-Spam-Status: No" > Your syntax error is because rulesets can only have 3 or 6 fields > you can NOT have 2 actions for a rule like you have (deliver and header) > > - Andrew > -- > www.baruwa.org > Without testing this, are you sure this is correct, Andrew? My default from my configuration file has the following: Non Spam Actions = deliver header "X-Spam-Status: No" A ruleset typically has a qualifier at the beginning of each line, which would be his "To: *@...." part. The only way around this, if you're correct, would be to have a ruleset for the "Mail Header" line to insert the header part and the deliver part in another ruleset. As I said, I didn't test this, but just asking for clarification. steve > From Sampson at p2sol.com Thu Sep 20 20:36:01 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Thu, 20 Sep 2012 19:36:01 +0000 Subject: Filter by IP In-Reply-To: <54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net> References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com> <505B0BA1.5060003@cnpapers.com> <4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com> <014a01cd9734$7e0cbcf0$696078c1@JCSPC> <4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com> <54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FC59F@COMM1.p2sol.com> I tried it as just To: *@allow.domain1.com deliver To: *@allow.domain2.com deliver But still got the syntax error message. As a work around we created another smtp server and created transport rules to only allow mail to go to the domains listed -----Original Message----- From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Andrew Colin Kissa Sent: Thursday, September 20, 2012 1:06 PM To: MailScanner discussion Subject: Re: Filter by IP On 20 Sep 2012, at 4:45 PM, Sampson, Aaron wrote: > To: *@allow.domain1.com deliver header "X-Spam-Status: No" > To: *@allow.domain2.com deliver header "X-Spam-Status: No" Your syntax error is because rulesets can only have 3 or 6 fields you can NOT have 2 actions for a rule like you have (deliver and header) - Andrew -- www.baruwa.org -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From andrew at topdog.za.net Thu Sep 20 20:47:05 2012 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Thu, 20 Sep 2012 21:47:05 +0200 Subject: Filter by IP In-Reply-To: <505B6846.4090505@cnpapers.com> References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com> <505B0BA1.5060003@cnpapers.com> <4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com> <014a01cd9734$7e0cbcf0$696078c1@JCSPC> <4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com> <54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net> <505B6846.4090505@cnpapers.com> Message-ID: On 20 Sep 2012, at 9:02 PM, Steve Campbell wrote: > Without testing this, are you sure this is correct, Andrew? My default > from my configuration file has the following: > > Non Spam Actions = deliver header "X-Spam-Status: No" > > A ruleset typically has a qualifier at the beginning of each line, which > would be his "To: *@...." part. > > The only way around this, if you're correct, would be to have a ruleset > for the "Mail Header" line to insert the header part and the deliver > part in another ruleset. > > As I said, I didn't test this, but just asking for clarification When used with in MailScanner.conf, you can use deliver header "X-Spam-Status: No" you cannot do that within a ruleset https://github.com/akissa/MailScanner/blob/master/mailscanner/bin/MailScanner/Config.pm#L2691 https://github.com/akissa/MailScanner/blob/master/mailscanner/etc/rules/README#L15 - Andrew -- www.baruwa.org From andrew at topdog.za.net Thu Sep 20 21:06:00 2012 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Thu, 20 Sep 2012 22:06:00 +0200 Subject: Filter by IP In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FC59F@COMM1.p2sol.com> References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com> <505B0BA1.5060003@cnpapers.com> <4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com> <014a01cd9734$7e0cbcf0$696078c1@JCSPC> <4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com> <54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net> <4ACB6FBB6E06074DA18D653BD3155A663FC59F@COMM1.p2sol.com> Message-ID: <4E99A40C-1CEF-4B6C-AD95-ED0AA2777F0A@topdog.za.net> On 20 Sep 2012, at 9:36 PM, Sampson, Aaron wrote: > I tried it as just > To: *@allow.domain1.com deliver > To: *@allow.domain2.com deliver What is the actual error you are getting ? -- www.baruwa.org From Sampson at p2sol.com Thu Sep 20 22:31:25 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Thu, 20 Sep 2012 21:31:25 +0000 Subject: Filter by IP In-Reply-To: <4E99A40C-1CEF-4B6C-AD95-ED0AA2777F0A@topdog.za.net> References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com> <505B0BA1.5060003@cnpapers.com> <4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com> <014a01cd9734$7e0cbcf0$696078c1@JCSPC> <4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com> <54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net> <4ACB6FBB6E06074DA18D653BD3155A663FC59F@COMM1.p2sol.com> <4E99A40C-1CEF-4B6C-AD95-ED0AA2777F0A@topdog.za.net> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FC623@COMM1.p2sol.com> This was the actual error message Syntax error in "header" action in spam actions, missing ":" in etc/MailScanner/rules/non.spam.rules Also Have to agree with Steve on the deliver header that you posted about Andrew, we already had that in existing conf files and it works properly. Did just finish setting up another smtp sever to handle the issue for now so hopefully I will be able to devote some real time on figuring this out. -----Original Message----- From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Andrew Colin Kissa Sent: Thursday, September 20, 2012 3:06 PM To: MailScanner discussion Subject: Re: Filter by IP On 20 Sep 2012, at 9:36 PM, Sampson, Aaron wrote: > I tried it as just > To: *@allow.domain1.com deliver > To: *@allow.domain2.com deliver What is the actual error you are getting ? -- www.baruwa.org -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From andrew at topdog.za.net Fri Sep 21 05:05:21 2012 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Fri, 21 Sep 2012 06:05:21 +0200 Subject: Filter by IP In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FC623@COMM1.p2sol.com> References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com> <505B0BA1.5060003@cnpapers.com> <4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com> <014a01cd9734$7e0cbcf0$696078c1@JCSPC> <4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com> <54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net> <4ACB6FBB6E06074DA18D653BD3155A663FC59F@COMM1.p2sol.com> <4E99A40C-1CEF-4B6C-AD95-ED0AA2777F0A@topdog.za.net> <4ACB6FBB6E06074DA18D653BD3155A663FC623@COMM1.p2sol.com> Message-ID: On 20 Sep 2012, at 11:31 PM, Sampson, Aaron wrote: > Syntax error in "header" action in spam actions, missing ":" in etc/MailScanner/rules/non.spam.rules This is triggered by a misconfiguration of one of the actions, may be not 'Non Spam Actions' can you provide the output of: grep -E '^(Non Spam Actions|Spam Actions|High Scoring Spam Actions)' /etc/MailScanner/MailScanner.conf > Also Have to agree with Steve on the deliver header that you posted about Andrew, we already had that in existing conf files and it works properly. I think you failed to understand what am saying here, when used within a configuration file it is fine, but NOT when used in a rule set. Please refer to the links i posted earlier to clarify. -- www.baruwa.org From john at tradoc.fr Fri Sep 21 07:27:57 2012 From: john at tradoc.fr (John Wilcock) Date: Fri, 21 Sep 2012 08:27:57 +0200 Subject: Filter by IP In-Reply-To: References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com> <505B0BA1.5060003@cnpapers.com> <4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com> <014a01cd9734$7e0cbcf0$696078c1@JCSPC> <4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com> <54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net> <4ACB6FBB6E06074DA18D653BD3155A663FC59F@COMM1.p2sol.com> <4E99A40C-1CEF-4B6C-AD95-ED0AA2777F0A@topdog.za.net> <4ACB6FBB6E06074DA18D653BD3155A663FC623@COMM1.p2sol.com> Message-ID: <505C08ED.40809@tradoc.fr> Le 21/09/2012 06:05, Andrew Colin Kissa a ?crit : > I think you failed to understand what am saying here, when used within a configuration file it is fine, but NOT > when used in a rule set. Please refer to the links i posted earlier to clarify. It definitely does work within a rule set - try it! For that matter, tabs can be used as whitespace, too (except in filename and filetype rules IIRC). I have a Spam Actions ruleset that looks like this, for example: From: exception1.example.net store bounce From: exception2.example.net store bounce FromOrTo: default store deliver header "X-Spam-Flag: YES" John. -- -- Over 5000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From andrew at topdog.za.net Fri Sep 21 08:28:28 2012 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Fri, 21 Sep 2012 09:28:28 +0200 Subject: Filter by IP In-Reply-To: <505C08ED.40809@tradoc.fr> References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com> <505B0BA1.5060003@cnpapers.com> <4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com> <014a01cd9734$7e0cbcf0$696078c1@JCSPC> <4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com> <54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net> <4ACB6FBB6E06074DA18D653BD3155A663FC59F@COMM1.p2sol.com> <4E99A40C-1CEF-4B6C-AD95-ED0AA2777F0A@topdog.za.net> <4ACB6FBB6E06074DA18D653BD3155A663FC623@COMM1.p2sol.com> <505C08ED.40809@tradoc.fr> Message-ID: On 21 Sep 2012, at 8:27 AM, John Wilcock wrote: > It definitely does work within a rule set - try it! For that matter, > tabs can be used as whitespace, too (except in filename and filetype > rules IIRC). Yes you are right, tested and it does work. Should be a typo in his rules then. -- www.baruwa.org From mailscanner at joolee.nl Fri Sep 21 08:57:27 2012 From: mailscanner at joolee.nl (Joolee) Date: Fri, 21 Sep 2012 09:57:27 +0200 Subject: Filter by IP In-Reply-To: <505C08ED.40809@tradoc.fr> References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com> <505A167D.1000203@cnpapers.com> <505B0BA1.5060003@cnpapers.com> <4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com> <014a01cd9734$7e0cbcf0$696078c1@JCSPC> <4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com> <54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net> <4ACB6FBB6E06074DA18D653BD3155A663FC59F@COMM1.p2sol.com> <4E99A40C-1CEF-4B6C-AD95-ED0AA2777F0A@topdog.za.net> <4ACB6FBB6E06074DA18D653BD3155A663FC623@COMM1.p2sol.com> <505C08ED.40809@tradoc.fr> Message-ID: I can also confirm that it should be able to work like you are trying. My configuration for High spam action is: > FromOrTo: *@*.api.domain.nl store-spam deliver header > "X-CompanyName-Spam-Status: Yes" > FromOrTo: *@domain.org store-spam deliver header > "X-CompanyName-Spam-Status: Yes" > FromOrTo: *@domain.nl store-spam deliver header > "X-CompanyName-Spam-Status: Yes" > FromOrTo: *@domain.eu store-spam deliver header > "X-CompanyName-Spam-Status: Yes" > FromOrTo: *@domain.info store-spam deliver header > "X-CompanyName-Spam-Status: Yes" > FromOrTo: *@domain.nl store-spam deliver header > "X-CompanyName-Spam-Status: Yes" > FromOrTo: *@domain.nl store-spam deliver header > "X-CompanyName-Spam-Status: Yes" > FromOrTo: *@domain.com store-spam deliver header > "X-CompanyName-Spam-Status: Yes" > FromOrTo: *@domain.nl store-spam deliver header > "X-CompanyName-Spam-Status: Yes" > # Localhost > From: 127. store-spam deliver header > "X-CompanyName-Spam-Status: Yes" > > # Some customer > From: 89.123.123.123 store-spam deliver header > "X-CompanyName-Spam-Status: Yes" > > FromOrTo: default store-spam delete > *grep syntax /var/log/mail.log* doesn't give any results so I clearly don't suffer from a syntax error. The documentation Andrew links to in his E-mail clearly states that the last part of a rule consists of "Result value (or *values*)". The linked Regex also matches the rules provided. I have not looked at the further processing of the values but I can see from the logs that the actions are correctly parsed and applied. > Sep 21 09:36:56 giselle MailScanner[10385]: Spam Actions: message > 64747978.A51A5 actions are delete,store-spam > Sep 21 09:37:39 giselle MailScanner[11496]: Spam Actions: message > 57AED15A6.AAE13 actions are deliver,header,store-spam > On 21 September 2012 08:27, John Wilcock wrote: > Le 21/09/2012 06:05, Andrew Colin Kissa a ?crit : > > I think you failed to understand what am saying here, when used within a > configuration file it is fine, but NOT > > when used in a rule set. Please refer to the links i posted earlier to > clarify. > > It definitely does work within a rule set - try it! For that matter, > tabs can be used as whitespace, too (except in filename and filetype > rules IIRC). > > I have a Spam Actions ruleset that looks like this, for example: > > From: exception1.example.net store bounce > From: exception2.example.net store bounce > FromOrTo: default store deliver header "X-Spam-Flag: YES" > > > John. > > -- > -- Over 5000 webcams from ski resorts around the world - www.snoweye.com > -- Translate your technical documents and web pages - www.tradoc.fr > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120921/4ff7f266/attachment.html From campbell at cnpapers.com Fri Sep 21 13:10:58 2012 From: campbell at cnpapers.com (Steve Campbell) Date: Fri, 21 Sep 2012 08:10:58 -0400 Subject: Filter by IP In-Reply-To: References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com> <505B0BA1.5060003@cnpapers.com> <4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com> <014a01cd9734$7e0cbcf0$696078c1@JCSPC> <4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com> <54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net> <505B6846.4090505@cnpapers.com> Message-ID: <505C5952.1050600@cnpapers.com> On 9/20/2012 3:47 PM, Andrew Colin Kissa wrote: > On 20 Sep 2012, at 9:02 PM, Steve Campbell wrote: > >> Without testing this, are you sure this is correct, Andrew? My default >> from my configuration file has the following: >> >> Non Spam Actions = deliver header "X-Spam-Status: No" >> >> A ruleset typically has a qualifier at the beginning of each line, which >> would be his "To: *@...." part. >> >> The only way around this, if you're correct, would be to have a ruleset >> for the "Mail Header" line to insert the header part and the deliver >> part in another ruleset. >> >> As I said, I didn't test this, but just asking for clarification > When used with in MailScanner.conf, you can use deliver header "X-Spam-Status: No" > you cannot do that within a ruleset > > https://github.com/akissa/MailScanner/blob/master/mailscanner/bin/MailScanner/Config.pm#L2691 > https://github.com/akissa/MailScanner/blob/master/mailscanner/etc/rules/README#L15 > > - Andrew > > -- > www.baruwa.org > > > Andrew, Thanks for those links. Might help me later, but I don't know about helping Aaron for now since it seems the double entry would be the only solution. steve From dave at KD0YU.COM Fri Sep 21 13:30:01 2012 From: dave at KD0YU.COM (Dave Helton) Date: Fri, 21 Sep 2012 07:30:01 -0500 Subject: Filter by IP In-Reply-To: References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com> <505B0BA1.5060003@cnpapers.com> <4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com> <014a01cd9734$7e0cbcf0$696078c1@JCSPC> <4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com> <54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net> <4ACB6FBB6E06074DA18D653BD3155A663FC59F@COMM1.p2sol.com> <4E99A40C-1CEF-4B6C-AD95-ED0AA2777F0A@topdog.za.net> <4ACB6FBB6E06074DA18D653BD3155A663FC623@COMM1.p2sol.com> <505C08ED.40809@tradoc.fr> Message-ID: <77F23E6E4DE9084BA33755BA403E53FCF00AAB2162@S8.KD0YU.COM> There are many config options in MailScanner.conf that require a colon at the end... such as Mail Header = X-%org-name%-MailScanner: Spam Header = X-%org-name%-MailScanner-SpamCheck: Spam Score Header = X-%org-name%-MailScanner-SpamScore: Information Header = X-%org-name%-MailScanner-Information: is it possible you've lopped one off? It appears that if it's a Header declaration, the colon is required (deliniation). Message.pm and a few others have some regex's that deal specifically with that colon. it's possible one of these missing colons could be manifesting itself in your rule sets. Well... it's not much, but something to look at. --Dave, KD0YU -- This message has been scanned for viruses and dangerous content by MailScanner at KD0YU.COM, and is believed to be clean. From andrew at topdog.za.net Fri Sep 21 13:35:15 2012 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Fri, 21 Sep 2012 15:35:15 +0300 Subject: Filter by IP In-Reply-To: <505C5952.1050600@cnpapers.com> References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com> <505B0BA1.5060003@cnpapers.com> <4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com> <014a01cd9734$7e0cbcf0$696078c1@JCSPC> <4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com> <54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net> <505B6846.4090505@cnpapers.com> <505C5952.1050600@cnpapers.com> Message-ID: <9a7a3166f3fbe43236e8979f217390d7@topdog.za.net> On 2012-09-21 15:10, Steve Campbell wrote: > On 9/20/2012 3:47 PM, Andrew Colin Kissa wrote: >> On 20 Sep 2012, at 9:02 PM, Steve Campbell wrote: >> > > Thanks for those links. Might help me later, but I don't know about > helping Aaron for now since it seems the double entry would be the > only > solution. > It does actually work, seems the documentation was not updated. - Andrew From alex at vidadigital.com.pa Fri Sep 21 13:50:27 2012 From: alex at vidadigital.com.pa (Alex Neuman) Date: Fri, 21 Sep 2012 07:50:27 -0500 Subject: Filter by IP In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com> References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com> <505A167D.1000203@cnpapers.com> <505B0BA1.5060003@cnpapers.com> <4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com> <014a01cd9734$7e0cbcf0$696078c1@JCSPC> <4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com> Message-ID: I would try "store" instead of "delete" at least while we're testing. That way you can get stuff back. On Thu, Sep 20, 2012 at 9:45 AM, Sampson, Aaron wrote: > To: *@allow.domain1.com deliver header "X-Spam-Status: No" > > To: *@allow.domain2.com deliver header "X-Spam-Status: No" > > From: 192.168.xxx.xxx delete > > From: 192.168.xxx.xxx delete > > From: 192.168.xxx.xxx delete > > FromOrTo: default deliver header "X-Spam-Status: No" > > > > Tried this with and without adding the deliver header ?X-Spam-Status: No? > > > > > > From: mailscanner-bounces at lists.mailscanner.info > [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of John Clancy > Sent: Thursday, September 20, 2012 8:33 AM > > > To: MailScanner discussion > Subject: Re: Filter by IP > > > > I'm not an expert by any means but perhaps doing an 'od -c' on the file and > posting it here might help someone to spot the problem. > > > > JC > > ----- Original Message ----- > > From: Sampson, Aaron > > To: MailScanner discussion > > Sent: Thursday, September 20, 2012 2:15 PM > > Subject: RE: Filter by IP > > > > No it was created on UNIX on the e-mail server > > > > From: mailscanner-bounces at lists.mailscanner.info > [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steve > Campbell > Sent: Thursday, September 20, 2012 7:27 AM > To: mailscanner at lists.mailscanner.info > Subject: Re: Filter by IP > > > > This isn't a DOS, instead of a UNIX file, perhaps? Was it created and > modified on the server or did you copy it from a Windows machine? Do you > need to run dos2unix on it? > > steve campbell > > On 9/19/2012 3:01 PM, Steve Campbell wrote: > > Are you certain you didn't type ";" instead of ":" in you rule file? It sort > of indicates that one of your lines needs that ":" in it > > steve campbell > > On 9/19/2012 2:25 PM, Sampson, Aaron wrote: > > I did make sure that the capitalization was the same through it all and that > everything was spaced out the same as well, still got the same error > message. Did discover that everything seemed to be working properly with > Mail Scanner until I attempted to send out an e-mail from one of the domains > that I had listed. Once that e-mail attempted to go through the system the > syntax error appeared. > > > > From: mailscanner-bounces at lists.mailscanner.info > [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Martin > Hepworth > Sent: Wednesday, September 19, 2012 10:47 AM > To: MailScanner discussion > Subject: Re: Filter by IP > > > > have you made sure there no tab's in that ruleset. > check out the examples in the examples dir and here. > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=rules > > yes you'll need the default entry , try making sure the capitalisasion is > consistent with the examples as welll. > > To: @domain1.com deliver > To: @domain2.com deliver > From: ip.address store > FromOrTo: default deliver > > -- > Martin Hepworth, CISSP > Oxford, UK > > On 19 September 2012 16:00, Sampson, Aaron wrote: > > Alex, > > So I tried out your suggestion and put in a a ruleset in the non-spam > actions. rules that read > to: *@domain1.com deliver > to: *@domain2.com deliver > from: ip.address store > and then when that did not work added > fromorTo: default deliver > > Still did not work and all e-mails coming into the company were lost (dang > it) and I kept getting an error message saying Syntax error in "header" > action in spam actions, > missing ":" in etc/MailScanner/rules/non.spam.rules > > We have checked and rechecked the rule-set pattern to see if we missed > something and have tried a few things and nothing has worked so far. We > would like to not have to set up an additional smtp server to take care of > this issue so any additional thoughts would be great, or let me know if you > need/want any additional information > > > > -----Original Message----- > From: mailscanner-bounces at lists.mailscanner.info > [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman > Sent: Monday, September 17, 2012 12:41 PM > To: MailScanner discussion > Subject: Re: Filter by IP > > You can probably add the test server's IP to the spam whitelist, then add a > "non-spam actions" ruleset that says something like: > > To:allowed.domain.com deliver > To:allowed2.domain.com deliver > From:xx.xx.xx.xx store > > That way, the first two domains "hit" and "deliver" the e-mails, while > anything else from the test server will be "stored" - you could use "delete" > but just in case use "store" so you can release them if necessary. > > > On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron wrote: >> I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam >> Assassin and Clamd and I have a Test server that I am trying to >> prevent from e-mailing anyone outside 2 certain domains. I have been >> trying to figure out the best way to set this up so that it does not >> interfere with the production servers or regular e-mails. But not really >> clear on the best way to set this up. >> >> I thought about trying to put something in whitelist.rules but want to >> have a clear plan of attack before I try anything to prevent >> disruption of normal e-mails. >> >> >> >> Wanting to do something like >> >> When From: ip.tst.srv.add Only Allow to send to: our.domain.com >> & >> this domain.com (and block anything not to that domain) >> >> >> >> Any thoughts would be greatly appreciated >> >> >> >> >> >> Aaron Sampson >> >> IT Department >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > -- > > -- > > Alex Neuman van der Hans > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > +507-6781-9505 > +507-832-6725 > +1-440-253-9789 (USA) > > Follow @AlexNeuman on Twitter > http://facebook.com/vidadigital > > > -- So-called "legal disclaimers" are not legally binding, so don't bother. A > cute graphic saying "save the planet, don't print this" can potentially > create more CO2, not less, so don't bother either. > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > > > > > > ________________________________ > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital -- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either. From Sampson at p2sol.com Fri Sep 21 15:30:03 2012 From: Sampson at p2sol.com (Sampson, Aaron) Date: Fri, 21 Sep 2012 14:30:03 +0000 Subject: Filter by IP In-Reply-To: References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com> <4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com> <505A167D.1000203@cnpapers.com> <505B0BA1.5060003@cnpapers.com> <4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com> <014a01cd9734$7e0cbcf0$696078c1@JCSPC> <4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com> Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FCA12@COMM1.p2sol.com> @Alex I did have this set to store while testing. @Dave I will have to try setting it up again and ending with the : I do not believe we have any of the settings ending in that though, but I will have to go back and double check that. And I can't do MailScanner --lint or show the mail log since I had to undo all of the changes since it was not delivering mail to the entire company and I quickly had to put it back. I'm going to try to set up a couple of test servers today to recreate the problem (as long as I don't have any other fires to put out) and will post the info back on here. -----Original Message----- From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Friday, September 21, 2012 7:50 AM To: MailScanner discussion Subject: Re: Filter by IP I would try "store" instead of "delete" at least while we're testing. That way you can get stuff back. On Thu, Sep 20, 2012 at 9:45 AM, Sampson, Aaron wrote: > To: *@allow.domain1.com deliver header "X-Spam-Status: No" > > To: *@allow.domain2.com deliver header "X-Spam-Status: No" > > From: 192.168.xxx.xxx delete > > From: 192.168.xxx.xxx delete > > From: 192.168.xxx.xxx delete > > FromOrTo: default deliver header "X-Spam-Status: No" > > > > Tried this with and without adding the deliver header "X-Spam-Status: No" > > > > > > From: mailscanner-bounces at lists.mailscanner.info > [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of John > Clancy > Sent: Thursday, September 20, 2012 8:33 AM > > > To: MailScanner discussion > Subject: Re: Filter by IP > > > > I'm not an expert by any means but perhaps doing an 'od -c' on the > file and posting it here might help someone to spot the problem. > > > > JC > > ----- Original Message ----- > > From: Sampson, Aaron > > To: MailScanner discussion > > Sent: Thursday, September 20, 2012 2:15 PM > > Subject: RE: Filter by IP > > > > No it was created on UNIX on the e-mail server > > > > From: mailscanner-bounces at lists.mailscanner.info > [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steve > Campbell > Sent: Thursday, September 20, 2012 7:27 AM > To: mailscanner at lists.mailscanner.info > Subject: Re: Filter by IP > > > > This isn't a DOS, instead of a UNIX file, perhaps? Was it created and > modified on the server or did you copy it from a Windows machine? Do > you need to run dos2unix on it? > > steve campbell > > On 9/19/2012 3:01 PM, Steve Campbell wrote: > > Are you certain you didn't type ";" instead of ":" in you rule file? > It sort of indicates that one of your lines needs that ":" in it > > steve campbell > > On 9/19/2012 2:25 PM, Sampson, Aaron wrote: > > I did make sure that the capitalization was the same through it all > and that everything was spaced out the same as well, still got the > same error message. Did discover that everything seemed to be working > properly with Mail Scanner until I attempted to send out an e-mail > from one of the domains that I had listed. Once that e-mail attempted > to go through the system the syntax error appeared. > > > > From: mailscanner-bounces at lists.mailscanner.info > [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of > Martin Hepworth > Sent: Wednesday, September 19, 2012 10:47 AM > To: MailScanner discussion > Subject: Re: Filter by IP > > > > have you made sure there no tab's in that ruleset. > check out the examples in the examples dir and here. > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:r > ulesets:examples&s=rules > > yes you'll need the default entry , try making sure the capitalisasion > is consistent with the examples as welll. > > To: @domain1.com deliver > To: @domain2.com deliver > From: ip.address store > FromOrTo: default deliver > > -- > Martin Hepworth, CISSP > Oxford, UK > > On 19 September 2012 16:00, Sampson, Aaron wrote: > > Alex, > > So I tried out your suggestion and put in a a ruleset in the non-spam > actions. rules that read > to: *@domain1.com deliver > to: *@domain2.com deliver > from: ip.address store > and then when that did not work added > fromorTo: default deliver > > Still did not work and all e-mails coming into the company were lost (dang > it) and I kept getting an error message saying Syntax error in "header" > action in spam actions, > missing ":" in etc/MailScanner/rules/non.spam.rules > > We have checked and rechecked the rule-set pattern to see if we missed > something and have tried a few things and nothing has worked so far. > We would like to not have to set up an additional smtp server to take > care of this issue so any additional thoughts would be great, or let > me know if you need/want any additional information > > > > -----Original Message----- > From: mailscanner-bounces at lists.mailscanner.info > [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex > Neuman > Sent: Monday, September 17, 2012 12:41 PM > To: MailScanner discussion > Subject: Re: Filter by IP > > You can probably add the test server's IP to the spam whitelist, then > add a "non-spam actions" ruleset that says something like: > > To:allowed.domain.com deliver > To:allowed2.domain.com deliver > From:xx.xx.xx.xx store > > That way, the first two domains "hit" and "deliver" the e-mails, while > anything else from the test server will be "stored" - you could use "delete" > but just in case use "store" so you can release them if necessary. > > > On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron wrote: >> I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam >> Assassin and Clamd and I have a Test server that I am trying to >> prevent from e-mailing anyone outside 2 certain domains. I have been >> trying to figure out the best way to set this up so that it does not >> interfere with the production servers or regular e-mails. But not >> really clear on the best way to set this up. >> >> I thought about trying to put something in whitelist.rules but want >> to have a clear plan of attack before I try anything to prevent >> disruption of normal e-mails. >> >> >> >> Wanting to do something like >> >> When From: ip.tst.srv.add Only Allow to send to: our.domain.com >> & >> this domain.com (and block anything not to that domain) >> >> >> >> Any thoughts would be greatly appreciated >> >> >> >> >> >> Aaron Sampson >> >> IT Department >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > -- > > -- > > Alex Neuman van der Hans > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > +507-6781-9505 > +507-832-6725 > +1-440-253-9789 (USA) > > Follow @AlexNeuman on Twitter > http://facebook.com/vidadigital > > > -- So-called "legal disclaimers" are not legally binding, so don't > bother. A cute graphic saying "save the planet, don't print this" can > potentially create more CO2, not less, so don't bother either. > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > > > > > > ________________________________ > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital -- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mailscanner at pdscc.com Mon Sep 24 18:15:26 2012 From: mailscanner at pdscc.com (Harondel J. Sibble) Date: Mon, 24 Sep 2012 10:15:26 -0700 Subject: maillscanner/postfix saturates bandwidth :-( Message-ID: <20120924171534.693B55A1C82@sinclaire.sibble.net> Had an odd situation that started Friday night at one of my clients running a mailscanner/mailwatch mail relay for their internal Exchange 2007 server. Basically the dsl connection they share with another office was saturated when the office admin did a mailout on friday to about 2000 of their subscribers, each email was about 3.5mb total with conversion overhead. When I say saturated, I mean in both the upstream and downstream directions. According the admin who runs the multitenant network in this office, he was seeing a sustained 1.6mb/s INBOUND connection to my client's firewall while this was happening. I intially though that someone had hacked in and was injecting spam, but after upstream throttling of the connection and disabling all smtp traffic, I was able to review the messages in the postfix deferred queue and determine they were part of the mailout. At this point mailq was showing 14 messages with approx 100 recipients total, I could then re-enable smtp traffic (in/out) at the firewall level and emails would be fine sending and receiving, but if I did a postqueue -f, the connection would saturate again until I blocked the smtp traffic, then waited a couple minutes before re-enabling it and the messages went back to being deferred. I'm trying to figure out the best way to deal witih this moving forward, is there additional throttling I need to do at the postifx level or the mailscanner level or something else. I was also surprised as my understand of postfix is that it does connection throttling by default. -- Harondel J. Sibble Sibble Computer Consulting Creating Solutions for the small and medium business computer user. help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com Blog: http://www.pdscc.com/blog (604) 739-3709 (voice) From ian at 34sp.com Mon Sep 24 18:35:33 2012 From: ian at 34sp.com (Ian Knight) Date: Mon, 24 Sep 2012 18:35:33 +0100 Subject: maillscanner/postfix saturates bandwidth :-( In-Reply-To: <20120924171534.693B55A1C82@sinclaire.sibble.net> References: <20120924171534.693B55A1C82@sinclaire.sibble.net> Message-ID: <506099E5.7040201@34sp.com> On 24/09/12 18:15, Harondel J. Sibble wrote: > Had an odd situation that started Friday night at one of my clients running a > mailscanner/mailwatch mail relay for their internal Exchange 2007 server. > > Basically the dsl connection they share with another office was saturated > when the office admin did a mailout on friday to about 2000 of their > subscribers, each email was about 3.5mb total with conversion overhead. When > I say saturated, I mean in both the upstream and downstream directions. > According the admin who runs the multitenant network in this office, he was > seeing a sustained 1.6mb/s INBOUND connection to my client's firewall while > this was happening. > > I intially though that someone had hacked in and was injecting spam, but > after upstream throttling of the connection and disabling all smtp traffic, I > was able to review the messages in the postfix deferred queue and determine > they were part of the mailout. > > At this point mailq was showing 14 messages with approx 100 recipients total, > I could then re-enable smtp traffic (in/out) at the firewall level and emails > would be fine sending and receiving, but if I did a postqueue -f, the > connection would saturate again until I blocked the smtp traffic, then waited > a couple minutes before re-enabling it and the messages went back to being > deferred. > > I'm trying to figure out the best way to deal witih this moving forward, is > there additional throttling I need to do at the postifx level or the > mailscanner level or something else. I was also surprised as my understand > of postfix is that it does connection throttling by default. Just a thought if you have spam tests enabled this will be doing a lot of dns lookups on every email - this could be the cause of some of the bandwidth - installing a caching nameserver on the server will stop a lot of this happening - especially if its the same email going to 100 recipients (urghh!!!) emails imo should be individually addressed, using bcc/cc is not the way to send a mailshot - its got a very high chance of landing in spam/junk folders for not being personally addressed. From dave at KD0YU.COM Mon Sep 24 19:47:55 2012 From: dave at KD0YU.COM (Dave Helton) Date: Mon, 24 Sep 2012 13:47:55 -0500 Subject: maillscanner/postfix saturates bandwidth :-( In-Reply-To: <506099E5.7040201@34sp.com> References: <20120924171534.693B55A1C82@sinclaire.sibble.net> <506099E5.7040201@34sp.com> Message-ID: <77F23E6E4DE9084BA33755BA403E53FCF00E044CC3@S8.KD0YU.COM> > > I'm trying to figure out the best way to deal witih this moving > > forward, is there additional throttling I need to do at the postifx > > level or the mailscanner level or something else. I was also > > surprised as my understand of postfix is that it does connection throttling > by default. > Just a thought if you have spam tests enabled this will be doing a lot of dns > lookups on every email - this could be the cause of some of the bandwidth - > installing a caching nameserver on the server will stop a lot of this happening > - especially if its the same email going to 100 recipients (urghh!!!) emails imo > should be individually addressed, using bcc/cc is not the way to send a > mailshot - its got a very high chance of landing in spam/junk folders for not > being personally addressed. > I would agree with Ian here, plus a couple other points. Your router is probably your dns server for internal to external resolving, and since it doesn't have a lot of memory, it has to look up each domain on the fly. Not terribly bandwidth intensive for dsl, but it's still a lot of overhead... and slow. A caching dns server for the mail server would help a lot. Second, you are probably subject to one of our best anti-spam mechanisms... greylisting. That is, unless everyone on your mailing list has you on whitelist.... umm doubtful. Again, bandwidth intensive. Last, there are a lot of great mailing list programs out there that run specifically on an Apache server. Even MailMan would work. Both you and your customer could access the interface and you could do remote support for them, a nice selling point. This could also turn out to be one of those "the best laid plans" ordeal. So give it some thought. My point is, take everything out of the hands of that Exchange server and put it in a controlled environment, meaning throttling, reporting, and easily accessible to you. I would also try and convince your customer that a LookOut distribution list is not an adequate substitute for the real thing since they have 'evolved' beyond it ;-) --Dave, KD0YU > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner at KD0YU.COM, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner at KD0YU.COM, and is believed to be clean. From jlarsen at richweb.com Mon Sep 24 20:09:33 2012 From: jlarsen at richweb.com (C. Jon Larsen) Date: Mon, 24 Sep 2012 15:09:33 -0400 (EDT) Subject: maillscanner/postfix saturates bandwidth :-( In-Reply-To: <20120924171534.693B55A1C82@sinclaire.sibble.net> References: <20120924171534.693B55A1C82@sinclaire.sibble.net> Message-ID: On Mon, 24 Sep 2012, Harondel J. Sibble wrote: > Had an odd situation that started Friday night at one of my clients running a > mailscanner/mailwatch mail relay for their internal Exchange 2007 server. > > Basically the dsl connection they share with another office was saturated > when the office admin did a mailout on friday to about 2000 of their > subscribers, each email was about 3.5mb total with conversion overhead. When > I say saturated, I mean in both the upstream and downstream directions. > According the admin who runs the multitenant network in this office, he was > seeing a sustained 1.6mb/s INBOUND connection to my client's firewall while > this was happening. > > I intially though that someone had hacked in and was injecting spam, but > after upstream throttling of the connection and disabling all smtp traffic, I > was able to review the messages in the postfix deferred queue and determine > they were part of the mailout. > > At this point mailq was showing 14 messages with approx 100 recipients total, > I could then re-enable smtp traffic (in/out) at the firewall level and emails > would be fine sending and receiving, but if I did a postqueue -f, the > connection would saturate again until I blocked the smtp traffic, then waited > a couple minutes before re-enabling it and the messages went back to being > deferred. > > I'm trying to figure out the best way to deal witih this moving forward, is > there additional throttling I need to do at the postifx level or the > mailscanner level or something else. I was also surprised as my understand > of postfix is that it does connection throttling by default. You can play with variations of these settings in main.conf to control how much email is sent out - these go into main.conf local_destination_concurrency_limit = 2 default_destination_concurrency_limit = 2 initial_destination_concurrency = 2 smtpd_client_connection_count_limit = 10 default_destination_recipient_limit = 20 > -- > Harondel J. Sibble > Sibble Computer Consulting > Creating Solutions for the small and medium business computer user. > help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com > Blog: http://www.pdscc.com/blog > (604) 739-3709 (voice) > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From jlarsen at richweb.com Mon Sep 24 20:58:21 2012 From: jlarsen at richweb.com (C. Jon Larsen) Date: Mon, 24 Sep 2012 15:58:21 -0400 (EDT) Subject: maillscanner/postfix saturates bandwidth :-( In-Reply-To: References: <20120924171534.693B55A1C82@sinclaire.sibble.net> Message-ID: > You can play with variations of these settings in main.conf to control how > much email is sent out - these go into main.conf [Sorry, I meant to say main.cf] Also you can use generic os based or (if you dont want to touch the hosts involved) router based traffic shaping on outbound smtp. If you have a cisco router you can write an acl to match outbound smtp traffic and rate shape it as it passes an interface threshold. interface Gigabit0/0 ! uplink traffic-shape group 161 1250000 interface Gigabit0/1.101 ! downlink traffic-shape group 161 1250000 access-list 161 remark smtp traffic shaping access-list 161 permit tcp a.b.c.d 0.0.0.x any eq 25 access-list 161 permit tcp any eq 25 a.b.c.d 0.0.0.x x = 0 if you are matching a single host, or you can use say 0.0.0.7 if you need to match a /20 worth of mail servers. If you are natting between the interfaces you will also need to take that into acct on the acl. > local_destination_concurrency_limit = 2 > default_destination_concurrency_limit = 2 > initial_destination_concurrency = 2 > > smtpd_client_connection_count_limit = 10 > default_destination_recipient_limit = 20 From mailscanner at pdscc.com Mon Sep 24 21:08:36 2012 From: mailscanner at pdscc.com (Harondel J. Sibble) Date: Mon, 24 Sep 2012 13:08:36 -0700 Subject: maillscanner/postfix saturates bandwidth :-( In-Reply-To: <77F23E6E4DE9084BA33755BA403E53FCF00E044CC3@S8.KD0YU.COM> References: <20120924171534.693B55A1C82@sinclaire.sibble.net>, <506099E5.7040201@34sp.com>, <77F23E6E4DE9084BA33755BA403E53FCF00E044CC3@S8.KD0YU.COM> Message-ID: <20120924200844.096405A1C81@sinclaire.sibble.net> On 24 Sep 2012 at 13:47, Dave Helton wrote: > I would agree with Ian here, plus a couple other points. > Your router is probably your dns server for internal to external resolving, Why would you make that assumption? IME, that just leads to problems, we NEVER use the router as a DNS server for a lan. > and since it doesn't have a lot of memory, it has to look up each domain on > the fly. Not terribly bandwidth intensive for dsl, but it's still a lot of > overhead... and slow. A caching dns server for the mail server would help a > lot. I'm pretty sure I already have a caching nameserver on this mailscanner box, but I will verify. I have a vague recollection that a different but related problem came up and the solution was to install a caching nameserver, that's our normal policy now, but this machine's probably been deployed long enough that it was prior to the caching nameserver being SOP. > Second, you are probably subject to one of our best anti-spam mechanisms... > greylisting. That is, unless everyone on your mailing list has you on > whitelist.... umm doubtful. Again, bandwidth intensive. Correct, as I was watching this unfold in realtime, I was thinking to myself, they are getting seriously tarpitted. > Last, there are a lot of great mailing list programs out there that run > specifically on an Apache server. Even MailMan would work. Both you and your > customer could access the interface and you could do remote support for them, > a nice selling point. This could also turn out to be one of those "the best > laid plans" ordeal. So give it some thought. Good point > My point is, take everything out of the hands of that Exchange server and put > it in a controlled environment, meaning throttling, reporting, and easily > accessible to you. I would also try and convince your customer that a LookOut > distribution list is not an adequate substitute for the real thing since they > have 'evolved' beyond it ;-) They do like to have sent items records of the outgoing emails, but with proper setup a MLM can easily generate a nice report (kinda like a fax machine) to show what was successfully delivered and such, so that's a great idea. I actually don't know how they generated this on the Outlook side, they may even have been using some specialized application that plugs into outlook, I'll have a chat with them to determine that. -- Harondel J. Sibble Sibble Computer Consulting Creating Solutions for the small and medium business computer user. help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com Blog: http://www.pdscc.com/blog (604) 739-3709 (voice) From maxsec at gmail.com Mon Sep 24 21:53:03 2012 From: maxsec at gmail.com (Martin Hepworth) Date: Mon, 24 Sep 2012 21:53:03 +0100 Subject: maillscanner/postfix saturates bandwidth :-( In-Reply-To: <20120924171534.693B55A1C82@sinclaire.sibble.net> References: <20120924171534.693B55A1C82@sinclaire.sibble.net> Message-ID: Seriously ... a 3.5mb mailout! Drop the heavy content to a web server and point the html or downloadable pdf or whatever from that. Fixing the odd saturation is one thing but doing the job properly in the first place would be better Martin On Monday, 24 September 2012, Harondel J. Sibble wrote: > Had an odd situation that started Friday night at one of my clients > running a > mailscanner/mailwatch mail relay for their internal Exchange 2007 server. > > Basically the dsl connection they share with another office was saturated > when the office admin did a mailout on friday to about 2000 of their > subscribers, each email was about 3.5mb total with conversion overhead. > When > I say saturated, I mean in both the upstream and downstream directions. > According the admin who runs the multitenant network in this office, he was > seeing a sustained 1.6mb/s INBOUND connection to my client's firewall while > this was happening. > > I intially though that someone had hacked in and was injecting spam, but > after upstream throttling of the connection and disabling all smtp > traffic, I > was able to review the messages in the postfix deferred queue and determine > they were part of the mailout. > > At this point mailq was showing 14 messages with approx 100 recipients > total, > I could then re-enable smtp traffic (in/out) at the firewall level and > emails > would be fine sending and receiving, but if I did a postqueue -f, the > connection would saturate again until I blocked the smtp traffic, then > waited > a couple minutes before re-enabling it and the messages went back to being > deferred. > > I'm trying to figure out the best way to deal witih this moving forward, is > there additional throttling I need to do at the postifx level or the > mailscanner level or something else. I was also surprised as my understand > of postfix is that it does connection throttling by default. > -- > Harondel J. Sibble > Sibble Computer Consulting > Creating Solutions for the small and medium business computer user. > help at pdscc.com (use pgp keyid 0x3AD5C11D) > http://www.pdscc.com > Blog: http://www.pdscc.com/blog > (604) 739-3709 (voice) > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120924/7dfce0bf/attachment.html From Kevin_Miller at ci.juneau.ak.us Mon Sep 24 22:11:18 2012 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon, 24 Sep 2012 13:11:18 -0800 Subject: maillscanner/postfix saturates bandwidth :-( In-Reply-To: <20120924171534.693B55A1C82@sinclaire.sibble.net> References: <20120924171534.693B55A1C82@sinclaire.sibble.net> Message-ID: <4A09477D575C2C4B86497161427DD94C279A68EC2D@city-exchange07> Check the exchange server, and if there are any pending outbound monster sized messages in the queue still delete them. Be sure to notify your users, of course. Next delete them off the outbound postfix server so you can process normal mail uninpeeded. Then, as others have suggested, put the 3.5 mb file on a web server or use something like dropbox (or better yet, build yourself a zendto server) and have your user(s) just send a link to the URL instead of sending the mail out to 2000 folks. ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357 -----Original Message----- From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Harondel J. Sibble Sent: Monday, September 24, 2012 9:15 AM To: mailscanner at lists.mailscanner.info Subject: maillscanner/postfix saturates bandwidth :-( Had an odd situation that started Friday night at one of my clients running a mailscanner/mailwatch mail relay for their internal Exchange 2007 server. Basically the dsl connection they share with another office was saturated when the office admin did a mailout on friday to about 2000 of their subscribers, each email was about 3.5mb total with conversion overhead. When I say saturated, I mean in both the upstream and downstream directions. According the admin who runs the multitenant network in this office, he was seeing a sustained 1.6mb/s INBOUND connection to my client's firewall while this was happening. I intially though that someone had hacked in and was injecting spam, but after upstream throttling of the connection and disabling all smtp traffic, I was able to review the messages in the postfix deferred queue and determine they were part of the mailout. At this point mailq was showing 14 messages with approx 100 recipients total, I could then re-enable smtp traffic (in/out) at the firewall level and emails would be fine sending and receiving, but if I did a postqueue -f, the connection would saturate again until I blocked the smtp traffic, then waited a couple minutes before re-enabling it and the messages went back to being deferred. I'm trying to figure out the best way to deal witih this moving forward, is there additional throttling I need to do at the postifx level or the mailscanner level or something else. I was also surprised as my understand of postfix is that it does connection throttling by default. -- Harondel J. Sibble Sibble Computer Consulting Creating Solutions for the small and medium business computer user. help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com Blog: http://www.pdscc.com/blog (604) 739-3709 (voice) -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Tue Sep 25 12:02:51 2012 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue, 25 Sep 2012 13:02:51 +0200 Subject: maillscanner/postfix saturates bandwidth :-( In-Reply-To: <4A09477D575C2C4B86497161427DD94C279A68EC2D@city-exchange07> References: <20120924171534.693B55A1C82@sinclaire.sibble.net> <4A09477D575C2C4B86497161427DD94C279A68EC2D@city-exchange07> Message-ID: ... Antother thought.... 2000 recipients on a handcrafted list.... That might mean the usual amount of "normal" backscatter (think bounces, OoO and other less-than-well-working autoresponder schemes) would add significantly to the load on the dsl. All in all, a bad situation with only drastic measures to solve it. Cheers -- -- Glenn On 24 September 2012 23:11, Kevin Miller wrote: > Check the exchange server, and if there are any pending outbound monster sized messages in the queue still delete them. Be sure to notify your users, of course. Next delete them off the outbound postfix server so you can process normal mail uninpeeded. Then, as others have suggested, put the 3.5 mb file on a web server or use something like dropbox (or better yet, build yourself a zendto server) and have your user(s) just send a link to the URL instead of sending the mail out to 2000 folks. > > ...Kevin > -- > Kevin Miller > Network/email Administrator, CBJ MIS Dept. > 155 South Seward Street > Juneau, Alaska 99801 > Phone: (907) 586-0242, Fax: (907) 586-4500 > Registered Linux User No: 307357 > > -----Original Message----- > From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Harondel J. Sibble > Sent: Monday, September 24, 2012 9:15 AM > To: mailscanner at lists.mailscanner.info > Subject: maillscanner/postfix saturates bandwidth :-( > > Had an odd situation that started Friday night at one of my clients running a mailscanner/mailwatch mail relay for their internal Exchange 2007 server. > > Basically the dsl connection they share with another office was saturated when the office admin did a mailout on friday to about 2000 of their subscribers, each email was about 3.5mb total with conversion overhead. When I say saturated, I mean in both the upstream and downstream directions. > According the admin who runs the multitenant network in this office, he was seeing a sustained 1.6mb/s INBOUND connection to my client's firewall while this was happening. > > I intially though that someone had hacked in and was injecting spam, but after upstream throttling of the connection and disabling all smtp traffic, I was able to review the messages in the postfix deferred queue and determine they were part of the mailout. > > At this point mailq was showing 14 messages with approx 100 recipients total, I could then re-enable smtp traffic (in/out) at the firewall level and emails would be fine sending and receiving, but if I did a postqueue -f, the connection would saturate again until I blocked the smtp traffic, then waited a couple minutes before re-enabling it and the messages went back to being deferred. > > I'm trying to figure out the best way to deal witih this moving forward, is there additional throttling I need to do at the postifx level or the mailscanner level or something else. I was also surprised as my understand of postfix is that it does connection throttling by default. > -- > Harondel J. Sibble > Sibble Computer Consulting > Creating Solutions for the small and medium business computer user. > help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com > Blog: http://www.pdscc.com/blog > (604) 739-3709 (voice) > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From maillists at conactive.com Thu Sep 27 10:41:20 2012 From: maillists at conactive.com (Kai Schaetzl) Date: Thu, 27 Sep 2012 11:41:20 +0200 Subject: Correct format for allow.filename.conf Message-ID: I seem to be hitting some problem with the content of this file lately or may have just not recognized it earlier and may have been using a wrong format for some time. Locally released messages are caught although they are exempted by scan.messages.rules. It seems I have to exempt them in allow.filename.conf as well. Is something like this going to work? FromOrTo: 127.0.0.1 yes \.txt$ yes \.pdf$ yes \.bmp$ yes \.rel$ yes \.rels yes Do I need a default rule at the end? Thanks, Kai -- Get your web at Conactive Internet Services: http://www.conactive.com