From ravennaita at gmail.com  Sun Sep  2 08:56:45 2012
From: ravennaita at gmail.com (Ravenna Ita)
Date: Sun, 2 Sep 2012 14:56:45 +0700
Subject: Adding Multiple Signatures
In-Reply-To: <4FE466FD.4030406@paully.co.uk>
References: <4FE466FD.4030406@paully.co.uk>
Message-ID: <CAGmH14SsDk2WjKoM5EkHxFUOs=KzRn1jPR7TkqxC5PjNi_vbXg@mail.gmail.com>

On Fri, Jun 22, 2012 at 7:37 PM, Paul Littlefield <info at paully.co.uk> wrote:
> Hello.
>
> I would like to add 2 signatures to all outgoing messages.
>
> e.g.
>
> Personal Signature
>       +
> General Signature
>
> I have created the rules file
>
> From:   paul at domain.com   /opt/MailScanner/etc/reports/en/paul.sig.txt
> From:   itsupport at domain.com
> /opt/MailScanner/etc/reports/en/itsupport.sig.txt
> FromOrTo:   default   /opt/MailScanner/etc/reports/en/inline.sig.txt
>
> and MailScanner does add just ONE of the signatures correctly... the first
> one it matches.
>
> However, is there a way to get it to add both the name signature AND the
> default signature?
>
> i.e.
>
>  paul.sig.txt
>       +
> inline.sig.txt
>
> :-)
>
> Hope you can help.
>
> Regards
>
> Paully
> --



Hello Paully,

i am on the same situation with you, needing to add 2 signatures
could you share the solution in case you have found one

Ravenna Ita

From alex at vidadigital.com.pa  Mon Sep  3 00:47:40 2012
From: alex at vidadigital.com.pa (Alex Neuman)
Date: Sun, 2 Sep 2012 18:47:40 -0500
Subject: Adding Multiple Signatures
In-Reply-To: <CAGmH14SsDk2WjKoM5EkHxFUOs=KzRn1jPR7TkqxC5PjNi_vbXg@mail.gmail.com>
References: <4FE466FD.4030406@paully.co.uk>
	<CAGmH14SsDk2WjKoM5EkHxFUOs=KzRn1jPR7TkqxC5PjNi_vbXg@mail.gmail.com>
Message-ID: <CANyE0Po3NKD6Yft3Zwxa9HX9f6Y2Sd9pqsvhjKnbyeJY=t=QHw@mail.gmail.com>

Add the contents of the general signature to each one of the personal
signatures.

Rename inline.sig.txt to uselesscrap.txt,

go to /opt/MailScanner/etc/reports/en/,

for a in *.sig.txt; do cat uselesscrap.txt >> $a; done

Then you can rename uselesscrap.txt back to inline.sig.txt.

On Sun, Sep 2, 2012 at 2:56 AM, Ravenna Ita <ravennaita at gmail.com> wrote:

> On Fri, Jun 22, 2012 at 7:37 PM, Paul Littlefield <info at paully.co.uk>
> wrote:
> > Hello.
> >
> > I would like to add 2 signatures to all outgoing messages.
> >
> > e.g.
> >
> > Personal Signature
> >       +
> > General Signature
> >
> > I have created the rules file
> >
> > From:   paul at domain.com   /opt/MailScanner/etc/reports/en/paul.sig.txt
> > From:   itsupport at domain.com
> > /opt/MailScanner/etc/reports/en/itsupport.sig.txt
> > FromOrTo:   default   /opt/MailScanner/etc/reports/en/inline.sig.txt
> >
> > and MailScanner does add just ONE of the signatures correctly... the
> first
> > one it matches.
> >
> > However, is there a way to get it to add both the name signature AND the
> > default signature?
> >
> > i.e.
> >
> >  paul.sig.txt
> >       +
> > inline.sig.txt
> >
> > :-)
> >
> > Hope you can help.
> >
> > Regards
> >
> > Paully
> > --
>
>
>
> Hello Paully,
>
> i am on the same situation with you, needing to add 2 signatures
> could you share the solution in case you have found one
>
> Ravenna Ita
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



-- 

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital



--- ABOUT THOSE "SAVE THE PLANET, DON'T PRINT THIS GRAPHICS --
Before you include a useless, hypocritical embedded graphic advocating
"saving trees by not printing", you should consider how much electricity
and bandwidth was spent sending that unnecessary graphic. Millions of
e-mails every day with worthless graphics like that make much more of an
environmental impact than the rare occasion someone prints out an e-mail.
In fact, with the cost of paper, ink and power, a lot of people avoid
printing as much as possible not to save the planet, but to save their own
wallets.


-- ABOUT ANY "LEGAL" E-MAIL DISCLAIMERS --

They are not legally binding in most jurisdictions, and are usually
internally inconsistent. Don't waste time, money and bandwidth by including
"legal disclaimers", they are a waste of everyone's time and resources.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120902/3240782d/attachment.html 

From info at paully.co.uk  Mon Sep  3 13:37:13 2012
From: info at paully.co.uk (Paul Littlefield)
Date: Mon, 03 Sep 2012 13:37:13 +0100
Subject: Adding Multiple Signatures
In-Reply-To: <CAGmH14SsDk2WjKoM5EkHxFUOs=KzRn1jPR7TkqxC5PjNi_vbXg@mail.gmail.com>
References: <4FE466FD.4030406@paully.co.uk>
	<CAGmH14SsDk2WjKoM5EkHxFUOs=KzRn1jPR7TkqxC5PjNi_vbXg@mail.gmail.com>
Message-ID: <5044A479.9020201@paully.co.uk>

On 02/09/12 08:56, Ravenna Ita wrote:
> i am on the same situation with you, needing to add 2 signatures
> could you share the solution in case you have found one

Hi Ravenna

I could not find an easy solution to this, so in the end I used a combination of Client Signature and MailScanner Signature.

This was achieved by setting a Thunderbird signature AND including the 'magic token' of '_SIGNATURE_' to let MailScanner put the rest in (like postal address, disclaimer, etc.)

e.g.


Firstname Surname
Job Title
Email Address

_SIGNATURE_


So now, when my customer sends an email, Mozilla Thunderbird puts WHO it is from, and MailScanner puts WHERE+WHY it is from!

It also means that when they move office, or want to change the disclaimer I don't need to go around changing 50 signatures!

:-)

Here is a link to the MailScanner conf page about it:-
http://tinyurl.com/bp3t9vd

Hope this helps you.

Regards

-- 

Paul Littlefield

Telephone: 07801 125705
Facsimile: 08719 896021
Email: info at paully.co.uk
Web: www.paully.co.uk
Skype: paul_littlefield
Twitter: paullittlefield
Wiki: http://wiki.indie-it.com/index.php?title=Special:AllPages
Blog: http://www.littlefield.info

Paul Littlefield is environmentally responsible. Please consider the environment before printing this email. This email and any attachment is intended for the named addressee only, or person authorised to receive it on their behalf. The content should be treated as confidential and the recipient may not disclose this message or any attachment to anyone else without authorisation. If this transmission is received in error please notify the sender immediately and delete this message from your email system. All electronic transmissions to and from me are recorded and may be monitored. Finally, the recipient should check this email and any attachments for viruses. Paul Littlefield accepts no liability for any damage caused by any virus transmitted by this email.

From info at paully.co.uk  Mon Sep  3 13:38:52 2012
From: info at paully.co.uk (Paul Littlefield)
Date: Mon, 03 Sep 2012 13:38:52 +0100
Subject: Adding Multiple Signatures
In-Reply-To: <CANyE0Po3NKD6Yft3Zwxa9HX9f6Y2Sd9pqsvhjKnbyeJY=t=QHw@mail.gmail.com>
References: <4FE466FD.4030406@paully.co.uk>
	<CAGmH14SsDk2WjKoM5EkHxFUOs=KzRn1jPR7TkqxC5PjNi_vbXg@mail.gmail.com>
	<CANyE0Po3NKD6Yft3Zwxa9HX9f6Y2Sd9pqsvhjKnbyeJY=t=QHw@mail.gmail.com>
Message-ID: <5044A4DC.9070100@paully.co.uk>

On 03/09/12 00:47, Alex Neuman wrote:
> Add the contents of the general signature to each one of the personal signatures.
>
> Rename inline.sig.txt to uselesscrap.txt,
>
> go to /opt/MailScanner/etc/reports/en/,
>
> for a in *.sig.txt; do cat uselesscrap.txt >> $a; done
>
> Then you can rename uselesscrap.txt back to inline.sig.txt.


Thanks Alex, I have wiki'd this for next time!

:-)

Paully


From alex at vidadigital.com.pa  Mon Sep  3 16:49:22 2012
From: alex at vidadigital.com.pa (Alex Neuman)
Date: Mon, 3 Sep 2012 10:49:22 -0500
Subject: Adding Multiple Signatures
In-Reply-To: <5044A4DC.9070100@paully.co.uk>
References: <4FE466FD.4030406@paully.co.uk>
	<CAGmH14SsDk2WjKoM5EkHxFUOs=KzRn1jPR7TkqxC5PjNi_vbXg@mail.gmail.com>
	<CANyE0Po3NKD6Yft3Zwxa9HX9f6Y2Sd9pqsvhjKnbyeJY=t=QHw@mail.gmail.com>
	<5044A4DC.9070100@paully.co.uk>
Message-ID: <CANyE0PokrU9AjtXB6zJv=1_pb-Y+hVvCMR5Ns-UUQWyamDJ7Gg@mail.gmail.com>

You're welcome! I'm sure there's a better way... But for now, this could work...

On Mon, Sep 3, 2012 at 7:38 AM, Paul Littlefield <info at paully.co.uk> wrote:
> On 03/09/12 00:47, Alex Neuman wrote:
>> Add the contents of the general signature to each one of the personal signatures.
>>
>> Rename inline.sig.txt to uselesscrap.txt,
>>
>> go to /opt/MailScanner/etc/reports/en/,
>>
>> for a in *.sig.txt; do cat uselesscrap.txt >> $a; done
>>
>> Then you can rename uselesscrap.txt back to inline.sig.txt.
>
>
> Thanks Alex, I have wiki'd this for next time!
>
> :-)
>
> Paully
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!



-- 

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital



--- ABOUT THOSE "SAVE THE PLANET, DON'T PRINT THIS" GRAPHICS --
Before you include a useless, hypocritical embedded graphic advocating
"saving trees by not printing", you should consider how much
electricity and bandwidth was spent sending that unnecessary graphic.
Millions of e-mails every day with worthless graphics like that make
much more of an environmental impact than the rare occasion someone
prints out an e-mail. In fact, with the cost of paper, ink and power,
a lot of people avoid printing as much as possible not to save the
planet, but to save their own wallets.


-- ABOUT ANY "LEGAL" E-MAIL DISCLAIMERS --

They are not legally binding in most jurisdictions, and are usually
internally inconsistent. Don't waste time, money and bandwidth by
including "legal disclaimers", they are a waste of everyone's time and
resources.

From mgarcia at nettix.com.pe  Wed Sep  5 09:10:57 2012
From: mgarcia at nettix.com.pe (Martin Garcia)
Date: Wed, 05 Sep 2012 03:10:57 -0500
Subject: Forward to multiple email address
Message-ID: <50470911.1060209@nettix.com.pe>

Hey there,

I would like to have a MailScanner instance to forward, to more than one 
email address,
for example, if a spam is detected for xyz at domain.com then forward to 
spam at domain.com,
if a spam is detected for abc at otherdomain.pe, then forward to 
spam at otherdomain.pe

I was reading the documentation, and it says it forwards only to one 
email address,
let me know if you have some tricks for it please,

Thanks in advance,

-- 
Cualquier duda o consulta estoy a su disposicion.

      Atentamente / Sincerely


      MARTIN GARCIA
      Consultor Linux y redes
      Nettix Peru EIRL
      telf: +(511)9-9735-4848
      <http://www.nettix.com.pe>
      mailto:mgarcia at nettix.com.pe


From Johan at double-l.nl  Wed Sep  5 10:01:06 2012
From: Johan at double-l.nl (Johan Hendriks)
Date: Wed, 5 Sep 2012 09:01:06 +0000
Subject: Forward to multiple email address
In-Reply-To: <50470911.1060209@nettix.com.pe>
References: <50470911.1060209@nettix.com.pe>
Message-ID: <23D04C868D0C0349AAF928DCEE9C62E806CE1F7D@SRV01.neuteboom.local>


>Hey there,

>I would like to have a MailScanner instance to forward, to more than one email address, for example, if a spam is detected for xyz at domain.com then forward to >spam at domain.com, if a spam is detected for abc at otherdomain.pe, then forward to spam at otherdomain.pe

>I was reading the documentation, and it says it forwards only to one email address, let me know if you have some tricks for it please,

>Thanks in advance,

Set the following in MailScanner.conf
Spam Actions = /usr/local/etc/MailScanner/rules/spam.actions.rules

I use the following in /usr/local/etc/MailScanner/rules/spam.actions.rules

FromOrTo: domain1.nl     delete forward spam at domain1.nl
FromOrTo: otherdomain.nl delete forward spam at otherdomain.nl
FromOrTo: yourdomain.com delete forward spam at yourdomain.com
FromOrTo:    default     delete forward myspam at mydomain.com

regards
Johan Hendriks
Neuteboom Automatisering

From info at paully.co.uk  Wed Sep  5 10:12:09 2012
From: info at paully.co.uk (Paul Littlefield)
Date: Wed, 05 Sep 2012 10:12:09 +0100
Subject: Forward to multiple email address
In-Reply-To: <50470911.1060209@nettix.com.pe>
References: <50470911.1060209@nettix.com.pe>
Message-ID: <50471769.5000200@paully.co.uk>

On 05/09/12 09:10, Martin Garcia wrote:
> I would like to have a MailScanner instance to forward, to more than one
> email address,
> for example, if a spam is detected forxyz at domain.com  then forward to
> spam at domain.com,
> if a spam is detected forabc at otherdomain.pe, then forward to
> spam at otherdomain.pe


Does this cover it?

http://www.mailscanner.info/MailScanner.conf.index.html#Spam%20Actions

  "forward" keywords
  ==================
  In an email address specified in the "forward" action, several keywords can
  be used which will be substituted with various properties of the message:
  _FROMUSER_   The left-hand side of the address of the sender.
  _FROMDOMAIN_ The right-hand side of the address of the sender.
  _TOUSER_     The left-hand side of each of the recipients in turn.
  _TODOMAIN_   The right-hand side of each of the recipients in turn.
  _DATE_       The date the message was received by MailScanner.
  _HOUR_       The hour the message was received by MailScanner.
  This means that you can forward messages to email addresses which show the
  original recipients of the message, which could be very useful when
  delivering into spam archive management systems.


So you could set up a ruleset...

...shout back if you want more help.


-- 

Paul Littlefield

Telephone: 07801 125705
Facsimile: 08719 896021
Email: info at paully.co.uk
Web: www.paully.co.uk
Skype: paul_littlefield
Twitter: paullittlefield
Wiki: http://wiki.indie-it.com/index.php?title=Special:AllPages
Blog: http://www.littlefield.info

Paul Littlefield is environmentally responsible. Please consider the environment before printing this email. This email and any attachment is intended for the named addressee only, or person authorised to receive it on their behalf. The content should be treated as confidential and the recipient may not disclose this message or any attachment to anyone else without authorisation. If this transmission is received in error please notify the sender immediately and delete this message from your email system. All electronic transmissions to and from me are recorded and may be monitored. Finally, the recipient should check this email and any attachments for viruses. Paul Littlefield accepts no liability for any damage caused by any virus transmitted by this email.

From mailscanner at joolee.nl  Wed Sep  5 10:14:23 2012
From: mailscanner at joolee.nl (Joolee)
Date: Wed, 5 Sep 2012 11:14:23 +0200
Subject: Forward to multiple email address
In-Reply-To: <50470911.1060209@nettix.com.pe>
References: <50470911.1060209@nettix.com.pe>
Message-ID: <CA+Q-w8UGSrghLuuUt54LmSWDQSgYRWL-xijzcj9WO7kx8+kg1Q@mail.gmail.com>

http://www.mailscanner.info/MailScanner.conf.index.html#Archive%20Mail
Use a ruleset, than you can do exactly what you want.

If you want E-mail for a single domain or user (depends on what you enter
in your ruleset file) to be forwarded to multiple E-mail addresses, find
the 'mailinglist' or 'mailing group' documentation for your MTA.

On 5 September 2012 10:10, Martin Garcia <mgarcia at nettix.com.pe> wrote:

> Hey there,
>
> I would like to have a MailScanner instance to forward, to more than one
> email address,
> for example, if a spam is detected for xyz at domain.com then forward to
> spam at domain.com,
> if a spam is detected for abc at otherdomain.pe, then forward to
> spam at otherdomain.pe
>
> I was reading the documentation, and it says it forwards only to one
> email address,
> let me know if you have some tricks for it please,
>
> Thanks in advance,
>
> --
> Cualquier duda o consulta estoy a su disposicion.
>
>       Atentamente / Sincerely
>
>
>       MARTIN GARCIA
>       Consultor Linux y redes
>       Nettix Peru EIRL
>       telf: +(511)9-9735-4848
>       <http://www.nettix.com.pe>
>       mailto:mgarcia at nettix.com.pe
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120905/5cd099a1/attachment.html 

From kens at kensnet.org  Wed Sep  5 18:58:53 2012
From: kens at kensnet.org (Ken Smith)
Date: Wed, 05 Sep 2012 18:58:53 +0100
Subject: Messages appearing to be lost
Message-ID: <504792DD.5050500@kensnet.org>

Hi All,

Just joined the list but have been using MailScanner since late 2006 in 
soho applications. In one of these installations there are comments 
about messages not getting delivered.

Logwatch for the machine says things like this:-

MailScanner Status:
  	232 messages Scanned by MailScanner
  	23.3 Total MB
  	118 Spam messages detected by MailScanner
  		2 hits from MailScanner SpamAssassin cache
  	14 Content Problems found by MailScanner
  	165 Messages delivered by MailScanner


The environment is Centos 5 and MailScanner-4.84.5-2

Whereas the others have Logwatch statuses (stati?) like this one, that 
is also Centos but MailScanner 4.75.11-1

  MailScanner Status:
  	2659 messages Scanned by MailScanner
  	113.8 Total MB
  	1649 Spam messages detected by MailScanner
  		18 hits from MailScanner SpamAssassin cache
  	291 Content Problems found by MailScanner
  	2659 Messages delivered by MailScanner

The general content of "grep MailScanner /var/log/maillog"  is similar 
in the two machine. Is there something specific that I should be looking 
for to help trace this?

Many thanks

Ken


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


From ssilva at sgvwater.com  Wed Sep  5 19:35:06 2012
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed, 05 Sep 2012 11:35:06 -0700
Subject: Messages appearing to be lost
In-Reply-To: <504792DD.5050500@kensnet.org>
References: <504792DD.5050500@kensnet.org>
Message-ID: <k2860q$h6b$1@ger.gmane.org>

on 9/5/2012 10:58 AM Ken Smith spake the following:
> Hi All,
> 
> Just joined the list but have been using MailScanner since late 2006 in 
> soho applications. In one of these installations there are comments 
> about messages not getting delivered.
> 
> Logwatch for the machine says things like this:-
> 
> MailScanner Status:
>   	232 messages Scanned by MailScanner
>   	23.3 Total MB
>   	118 Spam messages detected by MailScanner
>   		2 hits from MailScanner SpamAssassin cache
>   	14 Content Problems found by MailScanner
>   	165 Messages delivered by MailScanner
> 
> 
> The environment is Centos 5 and MailScanner-4.84.5-2
> 
> Whereas the others have Logwatch statuses (stati?) like this one, that 
> is also Centos but MailScanner 4.75.11-1
> 
>   MailScanner Status:
>   	2659 messages Scanned by MailScanner
>   	113.8 Total MB
>   	1649 Spam messages detected by MailScanner
>   		18 hits from MailScanner SpamAssassin cache
>   	291 Content Problems found by MailScanner
>   	2659 Messages delivered by MailScanner
> 
> The general content of "grep MailScanner /var/log/maillog"  is similar 
> in the two machine. Is there something specific that I should be looking 
> for to help trace this?
> 
> Many thanks
> 
> Ken
> 
> 
I will assume that the first is set to delete certain problem messages, while
the second is set to tag and deliver everything... One of my systems reports
as follows...

 MailScanner Status:
 	392 messages Scanned by MailScanner
 	48.3 Total MB
 	16 Spam messages detected by MailScanner
 		1 Spam messages with action(s) attachment,store,deliver,header
 		15 Spam messages with action(s) store
 		6 hits from MailScanner SpamAssassin cache
 	100 Content Problems found by MailScanner
 	377 Messages delivered by MailScanner

 	392 Messages logged to MailWatch database

Mine shows that they were stored and not delivered. Maybe your mailscanner
code in logwatch needs some more work?

I can send you what I have if you want.




From kens at kensnet.org  Wed Sep  5 22:49:19 2012
From: kens at kensnet.org (Ken Smith)
Date: Wed, 05 Sep 2012 22:49:19 +0100
Subject: Messages appearing to be lost
In-Reply-To: <k2860q$h6b$1@ger.gmane.org>
References: <504792DD.5050500@kensnet.org> <k2860q$h6b$1@ger.gmane.org>
Message-ID: <5047C8DF.1000003@kensnet.org>


Scott Silva wrote:
> on 9/5/2012 10:58 AM Ken Smith spake the following:
>    
>> {snip}
>>
>> The general content of "grep MailScanner /var/log/maillog"  is similar
>> in the two machine. Is there something specific that I should be looking
>> for to help trace this?
>>
>> Many thanks
>>
>> Ken
>>
>>
>>      
> I will assume that the first is set to delete certain problem messages, while
> the second is set to tag and deliver everything... One of my systems reports
> as follows...
>
>   {snip}
> Mine shows that they were stored and not delivered. Maybe your mailscanner
> code in logwatch needs some more work?
>
> I can send you what I have if you want.
>    

Now that I have checked, the anomalous one is storing high spam whereas 
the other is set to deliver it. Sorry to waste your time I should have 
checked that.

The Logwatch settings are stock.

Thanks

Ken
>
>
>    

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


From cdekievit at gmail.com  Thu Sep  6 05:24:08 2012
From: cdekievit at gmail.com (Christian De Kievit)
Date: Thu, 6 Sep 2012 14:24:08 +1000
Subject: Issue with MailScanner version 4.84.5 on Ubuntu
Message-ID: <CAJduKL0BOOCXFH7uE4hedSBP2j2uvbfF5iD9vUX2MG25Ew=Jbg@mail.gmail.com>

Hi,

I've upgraded my version of MailScanner to test it out, but I'm having an
issue with it processing spam messages.

Consistently, any spam message will cause MailScanner to crash, meaning
that I get error messages like the following mail.log

Sep  6 14:15:51 skynet MailScanner[1397]: SpamAssassin cache hit for
message 083CA60C95.AF127
Sep  6 14:15:51 skynet MailScanner[1397]: Spam Checks: Found 1 spam messages
Sep  6 14:15:51 skynet MailScanner[1531]: MailScanner E-Mail Virus Scanner
version 4.84.5 starting...

Testing a spam message using MailScanner --debug gives the following output:

In Debugging mode, not forking...
Trying to setlogsock(unix)
Building a message batch to scan...
Have a batch of 1 message.
Insecure dependency in open while running with -T switch at
/usr/lib/perl/5.12/IO/File.pm line 63.

Any ideas on this one?

Thanks,
-- 
Christian De Kievit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120906/642cde59/attachment.html 

From m.a.young at durham.ac.uk  Fri Sep  7 12:33:05 2012
From: m.a.young at durham.ac.uk (M A Young)
Date: Fri, 7 Sep 2012 12:33:05 +0100 (BST)
Subject: Bug in baruwa mailscanner
Message-ID: <alpine.GSO.2.00.1209071221580.24700@algedi.dur.ac.uk>

I am starting to use Baruwa's mailscanner package 
mailscanner-4.84.5-2.el6.noarch and I just noticed that spam viruses 
weren't being reflected in the spam assassin score (I was expecting an 
entry MS_FOUND_SPAMVIRUS 3.00 which wasn't there).

The problem is that the package provides a symbolic link 
/etc/mail/spamassassin/spam.assassin.prefs.conf -> 
../../MailScanner/spam.assassin.prefs.conf
to get spamassassin to include the mailscanner specific configuration 
options. However this doesn't work as spamassassin only processes files 
ending in .pre or .cf so it is ignored, meaning that some options are 
omitted including the handling of the spam virus score. Traditional 
mailscanner had the link
/etc/mail/spamassassin/mailscanner.cf -> 
/etc/MailScanner/spam.assassin.prefs.conf
which does work.

What is the best way to report this bug (assuming posting to this list 
isn't sufficient)?

 	Michael Young

From stephencoxmail at gmail.com  Fri Sep  7 13:21:09 2012
From: stephencoxmail at gmail.com (Stephen Cox)
Date: Fri, 7 Sep 2012 14:21:09 +0200
Subject: Bug in baruwa mailscanner
In-Reply-To: <alpine.GSO.2.00.1209071221580.24700@algedi.dur.ac.uk>
References: <alpine.GSO.2.00.1209071221580.24700@algedi.dur.ac.uk>
Message-ID: <CAMgku6Ti5eCxOX0knWN4We-LM+03C+MBfy3-+bfOqBu97L2VTA@mail.gmail.com>

On Fri, Sep 7, 2012 at 1:33 PM, M A Young <m.a.young at durham.ac.uk> wrote:

> What is the best way to report this bug (assuming posting to this list
> isn't sufficient)?
>

https://github.com/MailScanner/MailScanner/issues

-- 
Stephen Cox
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120907/9b959b5a/attachment.html 

From jaearick at colby.edu  Fri Sep  7 13:28:43 2012
From: jaearick at colby.edu (Jeff Earickson)
Date: Fri, 7 Sep 2012 08:28:43 -0400
Subject: cdn.mailscanner.info flaked out?
Message-ID: <CADU1O-3NVihQ6hUFsF6fRYD3ZnBccvS2LrPhn14wznsYfy2VuA@mail.gmail.com>

Gang,

The services for ScamNailer and update_bad_phishing_sites seems to
have an issue:

Unable to retrieve http://cdn.mailscanner.info/.2012-365 :404 Not Found
Failed to retrieve http://cdn.mailscanner.info/2012-365.1 at

and

Unable to retrieve http://cdn.mailscanner.info/emails..2012-365 :404 Not Found
Unable to open base file (/var/cache/ScamNailer/cache//2012-365)

Can somebody give it a kick in the shins please?

Jeff Earickson
Colby College

From jhon.higgins at gmail.com  Fri Sep  7 13:33:56 2012
From: jhon.higgins at gmail.com (Paul Ronald)
Date: Fri, 7 Sep 2012 14:33:56 +0200
Subject: Error TNEF with MailScanner version 4.84.3
Message-ID: <CAK2HDopvCD44enZc0_J+GMDxq3WWqw+xKz6T2e3ki-ns2awCMQ@mail.gmail.com>

Hello,

yesterday i get this error in my servers with postfix + MailScanner 4.84.3:

Sep  6 14:04:10 server1 MailScanner[4548]: Expanding TNEF archive at
/var/spool/MailScanner/incoming/4548/9C8DEC06E3.A1766/winmail.dat
Sep  6 14:04:10 server1 MailScanner[4548]: Trying to unpack nwinmail.dat in
message 9C8DEC06E3.A1766, could not create subdirectory
9C8DEC06E3.A1766//tnefmNPiVZ, failed to unpack TNEF message
Sep  6 14:04:10 server1 MailScanner[4548]: Corrupt TNEF winmail.dat that
cannot be analysed in message 9C8DEC06E3.A1766


somebody speak of a BUG in this version but i don not known where is the
patch.


Thak you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120907/14146c43/attachment.html 

From andrew at topdog.za.net  Fri Sep  7 14:43:04 2012
From: andrew at topdog.za.net (Andrew Colin Kissa)
Date: Fri, 7 Sep 2012 15:43:04 +0200
Subject: Bug in baruwa mailscanner
In-Reply-To: <alpine.GSO.2.00.1209071221580.24700@algedi.dur.ac.uk>
References: <alpine.GSO.2.00.1209071221580.24700@algedi.dur.ac.uk>
Message-ID: <FCB747D6-409B-4E11-B1EE-3EB548B3560C@topdog.za.net>


On 07 Sep 2012, at 1:33 PM, M A Young wrote:

> What is the best way to report this bug (assuming posting to this list 
> isn't sufficient)?

Post baruwa rpm specific issues (like this one) to the baruwa mailing list[1]
MailScanner issues to the github issue tracking system[2]

[1] http://lists.baruwa.org/
[2] https://github.com/MailScanner/MailScanner/issues

--
www.baruwa.org




From ravenpi at gmail.com  Fri Sep  7 14:51:08 2012
From: ravenpi at gmail.com (Ken)
Date: Fri, 7 Sep 2012 09:51:08 -0400
Subject: Infinite loop.
Message-ID: <CAHw0J8h=atC8-BBw4Jhf1m_FoKhiRXK7n1inijsuqSDL7HCnZg@mail.gmail.com>

Hi, all.  I recently "upgraded" my Ubuntu server to Precise, and lo!
 Wasn't I surprised when I realized there was no MailScanner any more.  I
tried following the directions on the MailScanner site for doing an install
from Debian sources, but that appears to be outdated and no longer valid.
 So I installed from source, and created a link from my old
/etc/MailScanner directory to /opt/MailScanner/etc.  And it *almost* works.
 But it doesn't.  I get this:

Sep  7 09:06:37 beacon MailScanner[480]: MailScanner E-Mail Virus Scanner
version 4.84.5 starting...
Sep  7 09:06:37 beacon MailScanner[480]: Could not read Custom Functions
directory /etc/MailScanner/CustomFunctions
Sep  7 09:06:37 beacon MailScanner[480]: Reading configuration file
/opt/MailScanner/etc/MailScanner.conf
Sep  7 09:06:37 beacon MailScanner[480]: Read 817 hostnames from the
phishing whitelist
Sep  7 09:06:38 beacon MailScanner[480]: Read 5141 hostnames from the
phishing blacklists
Sep  7 09:06:39 beacon MailScanner[480]: Using SpamAssassin results cache
Sep  7 09:06:39 beacon MailScanner[480]: Connected to SpamAssassin cache
database
Sep  7 09:06:39 beacon MailScanner[480]: Enabling SpamAssassin
auto-whitelist functionality...
Sep  7 09:06:43 beacon MailScanner: waiting for children to die: Process
did not exit cleanly, returned 255 with signal 0

Rinse and repeat.

Eventually, my mail *does* seem to have made it through, except that I'm no
longer filtering for spam:
X--MailScanner-SpamCheck: notspam, spamassassin (sadisabled)

Which is almost worse than not getting any at all.  (One of my e-mail
addresses has been around for a l-o-n-g time, and is probably on every damn
spam list there is.)

Suggestions on how to enable more debugging (Google came up surprisingly
empty), or other things to look at/tweak?

Thanks,

-Ken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120907/ddfe12ca/attachment.html 

From andrew at topdog.za.net  Fri Sep  7 15:23:58 2012
From: andrew at topdog.za.net (Andrew Colin Kissa)
Date: Fri, 7 Sep 2012 16:23:58 +0200
Subject: Infinite loop.
In-Reply-To: <CAHw0J8h=atC8-BBw4Jhf1m_FoKhiRXK7n1inijsuqSDL7HCnZg@mail.gmail.com>
References: <CAHw0J8h=atC8-BBw4Jhf1m_FoKhiRXK7n1inijsuqSDL7HCnZg@mail.gmail.com>
Message-ID: <85FB1BB5-0C57-404D-B3FA-4EC44E30D048@topdog.za.net>


On 07 Sep 2012, at 3:51 PM, Ken wrote:

> Hi, all.  I recently "upgraded" my Ubuntu server to Precise, and lo!  Wasn't I surprised when I realized there was no MailScanner any more.  I tried following the directions on the MailScanner site for doing an install from Debian sources, but that appears to be outdated and no longer valid.

Have you tried the mailscanner precise packages from the Baruwa repo[1], they may save you some time an maintenance hustle.

[1] http://apt.baruwa.org

--
www.baruwa.org




From ravenpi at gmail.com  Fri Sep  7 17:13:32 2012
From: ravenpi at gmail.com (Ken)
Date: Fri, 7 Sep 2012 12:13:32 -0400
Subject: Infinite loop.
In-Reply-To: <CAHw0J8h=atC8-BBw4Jhf1m_FoKhiRXK7n1inijsuqSDL7HCnZg@mail.gmail.com>
References: <CAHw0J8h=atC8-BBw4Jhf1m_FoKhiRXK7n1inijsuqSDL7HCnZg@mail.gmail.com>
Message-ID: <CAHw0J8jMo7uuDLT+NKQ2SYZOaQQ_BoDh_kv-7ayN-5Kopto-1w@mail.gmail.com>

Well!  I installed Baruwa -- don't even really know what it does, but it
gave me a functioning package for MailScanner, so that was a plus.  A
minus, however, was the fact that MailScanner was pegging the CPU at 100%.
 A strace turned up this:

write(2, "Use of uninitialized value $fam_listen in numeric ne (!=) at
/usr/share/perl5/IO/Socket/INET6.pm line 182.\n", 107) = 107

Googling showed that others had had this issue with Spam Assassin and/or
Amavis, and had fixed it by disabling IPV6.  Unfortunately, that appeared
not to work in this case.  So I did A Bad Thing that will no doubt come and
bite me some day.  In /usr/share/perl5/IO/Socket/INET6.pm, I tweaked as
follows:

#       next if $fam_listen != $family;
        next

(My reasoning being that if it's undefined, it's also inequal, so just go
and do it.)  And lo!  My mail, she now gets checked.  However, I have a
couple of issues with this:
- This is a crazy bad thing to do on a package-managed system.  (Thoughts
of "chattr +i /usr/share/perl5/IO/Socket/INET6.pm" float through my head...)
- What if I wanted to use IPv6... which I do?
- Have I broken anything that's not IPv6 by ignoring that one line in
NET6.pm?

If anyone's got any ideas or insights they'd like to share, I'm all ears.

Thanks,

-Ken

On Fri, Sep 7, 2012 at 9:51 AM, Ken <ravenpi at gmail.com> wrote:

> Hi, all.  I recently "upgraded" my Ubuntu server to Precise, and lo!
>  Wasn't I surprised when I realized there was no MailScanner any more.  I
> tried following the directions on the MailScanner site for doing an install
> from Debian sources, but that appears to be outdated and no longer valid.
>  So I installed from source, and created a link from my old
> /etc/MailScanner directory to /opt/MailScanner/etc.  And it *almost* works.
>  But it doesn't.  I get this:
>
> Sep  7 09:06:37 beacon MailScanner[480]: MailScanner E-Mail Virus Scanner
> version 4.84.5 starting...
> Sep  7 09:06:37 beacon MailScanner[480]: Could not read Custom Functions
> directory /etc/MailScanner/CustomFunctions
> Sep  7 09:06:37 beacon MailScanner[480]: Reading configuration file
> /opt/MailScanner/etc/MailScanner.conf
> Sep  7 09:06:37 beacon MailScanner[480]: Read 817 hostnames from the
> phishing whitelist
> Sep  7 09:06:38 beacon MailScanner[480]: Read 5141 hostnames from the
> phishing blacklists
> Sep  7 09:06:39 beacon MailScanner[480]: Using SpamAssassin results cache
> Sep  7 09:06:39 beacon MailScanner[480]: Connected to SpamAssassin cache
> database
> Sep  7 09:06:39 beacon MailScanner[480]: Enabling SpamAssassin
> auto-whitelist functionality...
> Sep  7 09:06:43 beacon MailScanner: waiting for children to die: Process
> did not exit cleanly, returned 255 with signal 0
>
> Rinse and repeat.
>
> Eventually, my mail *does* seem to have made it through, except that I'm
> no longer filtering for spam:
> X--MailScanner-SpamCheck: notspam, spamassassin (sadisabled)
>
> Which is almost worse than not getting any at all.  (One of my e-mail
> addresses has been around for a l-o-n-g time, and is probably on every damn
> spam list there is.)
>
> Suggestions on how to enable more debugging (Google came up surprisingly
> empty), or other things to look at/tweak?
>
> Thanks,
>
> -Ken
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120907/63dd04f9/attachment.html 

From dhe at cise.ufl.edu  Tue Sep 11 16:01:30 2012
From: dhe at cise.ufl.edu (Dan H. Eicher)
Date: Tue, 11 Sep 2012 11:01:30 -0400
Subject: ScamNailer False Positives
Message-ID: <504F524A.8060208@cise.ufl.edu>

I'm in the process of transitioning from:
    Solaris+amavisd+postfix+dovecot+procmail   -to-
    Redhat 6.3+MailScanner+postfix+dovecot+procmail

I thought I would try here, as sanesecurity points me to:
scamnailer at ecs.soton.ac.uk -  Julian Field for issues with Scamnailer.

Almost all the emails I get from UFL's helpdesk are marked as:
?ScamNailer.Phish.helpdesk_AT_ufl.edu.UNOFFICIAL? and quarantined.

I've been monitoring this situation and have been hand releasing the 
trapped emails with:
?amavisd-release file address.?

What is the correct thing for a mail admin to ?do?, to get scamnailer to 
work ?more better??

Thanks,
Dan

From maxsec at gmail.com  Tue Sep 11 20:26:14 2012
From: maxsec at gmail.com (Martin Hepworth)
Date: Tue, 11 Sep 2012 20:26:14 +0100
Subject: ScamNailer False Positives
In-Reply-To: <504F524A.8060208@cise.ufl.edu>
References: <504F524A.8060208@cise.ufl.edu>
Message-ID: <CAGDKorJZAGLLmRaOfNLOvD2oU3XrSWptZRa5gUVCjug64E9mQA@mail.gmail.com>

Well amavisd is nothing to do with mailscanner or scamnailer.

Id check the emails for incorrect urls , in the mean time you can add them
to the phishing whitelist on your box

Martin

On Tuesday, 11 September 2012, Dan H. Eicher wrote:

> I'm in the process of transitioning from:
>     Solaris+amavisd+postfix+dovecot+procmail   -to-
>     Redhat 6.3+MailScanner+postfix+dovecot+procmail
>
> I thought I would try here, as sanesecurity points me to:
> scamnailer at ecs.soton.ac.uk <javascript:;> -  Julian Field for issues with
> Scamnailer.
>
> Almost all the emails I get from UFL's helpdesk are marked as:
> ?ScamNailer.Phish.helpdesk_AT_ufl.edu.UNOFFICIAL? and quarantined.
>
> I've been monitoring this situation and have been hand releasing the
> trapped emails with:
> ?amavisd-release file address.?
>
> What is the correct thing for a mail admin to ?do?, to get scamnailer to
> work ?more better??
>
> Thanks,
> Dan
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info <javascript:;>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>


-- 
-- 
Martin Hepworth, CISSP
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120911/586e555a/attachment.html 

From m.a.young at durham.ac.uk  Wed Sep 12 11:19:09 2012
From: m.a.young at durham.ac.uk (M A Young)
Date: Wed, 12 Sep 2012 11:19:09 +0100 (BST)
Subject: ScamNailer False Positives
In-Reply-To: <504F524A.8060208@cise.ufl.edu>
References: <504F524A.8060208@cise.ufl.edu>
Message-ID: <alpine.GSO.2.00.1209121110280.28439@algedi.dur.ac.uk>

On Tue, 11 Sep 2012, Dan H. Eicher wrote:

> I'm in the process of transitioning from:
>   Solaris+amavisd+postfix+dovecot+procmail   -to-
>   Redhat 6.3+MailScanner+postfix+dovecot+procmail
>
> I thought I would try here, as sanesecurity points me to:
> scamnailer at ecs.soton.ac.uk -  Julian Field for issues with Scamnailer.
>
> Almost all the emails I get from UFL's helpdesk are marked as:
> ?ScamNailer.Phish.helpdesk_AT_ufl.edu.UNOFFICIAL? and quarantined.

You need to work out what ScamNailer is objecting to, also whether the 
scamnailer version and the data you are working from is up to date.

If an address is listed incorrectly, I believe the scamnailer data 
originates from http://code.google.com/p/anti-phishing-email-reply/ so you 
could look there to get false positives and no-longer-positives removed 
(Help Desk addresses can be used in spam so it might have been listed 
legitimately).

 	Michael Young

From steveb_clamav at sanesecurity.com  Wed Sep 12 13:25:05 2012
From: steveb_clamav at sanesecurity.com (Steve Basford)
Date: Wed, 12 Sep 2012 13:25:05 +0100
Subject: ScamNailer False Positives
In-Reply-To: <alpine.GSO.2.00.1209121110280.28439@algedi.dur.ac.uk>
References: <504F524A.8060208@cise.ufl.edu>
	<alpine.GSO.2.00.1209121110280.28439@algedi.dur.ac.uk>
Message-ID: <0f610da52af51578cf283767a7ac8303.squirrel@sanesecurity.com>


> On Tue, 11 Sep 2012, Dan H. Eicher wrote:
>
>> Almost all the emails I get from UFL's helpdesk are marked as:
>> ?ScamNailer.Phish.helpdesk_AT_ufl.edu.UNOFFICIAL? and quarantined.

> If an address is listed incorrectly, I believe the scamnailer data
> originates from http://code.google.com/p/anti-phishing-email-reply/ so you
> could look there to get false positives and no-longer-positives removed
> (Help Desk addresses can be used in spam so it might have been listed
> legitimately).

I've also whitelisted the sig on the Sanesecurity mirrors, so if you
normally grab the scamnailer.ndb file from the Sanesecurity mirrors
(instead of directly) - the sig will be gone.

ie: http://sanesecurity.co.uk/databases.htm

But the better solution is to contact anti-phishing-email-reply-discuss AT
googlegroups DOT com and ask for a removal.

Cheers,

Steve
Sanesecurity


From MailScanner at ecs.soton.ac.uk  Wed Sep 12 13:43:40 2012
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Wed, 12 Sep 2012 13:43:40 +0100
Subject: ScamNailer False Positives
In-Reply-To: <alpine.GSO.2.00.1209121110280.28439@algedi.dur.ac.uk>
References: <504F524A.8060208@cise.ufl.edu>
	<alpine.GSO.2.00.1209121110280.28439@algedi.dur.ac.uk>
	<5050837C.6000705@ecs.soton.ac.uk>
Message-ID: <EMEW3|4640c91b744c8386afbb3dfe9d12c205o8BDhQ0bMailScanner|ecs.soton.ac.uk|5050837C.6000705@ecs.soton.ac.uk>


On 12/09/2012 11:19, M A Young wrote:
> On Tue, 11 Sep 2012, Dan H. Eicher wrote:
>
>> I'm in the process of transitioning from:
>> Solaris+amavisd+postfix+dovecot+procmail -to-
>> Redhat 6.3+MailScanner+postfix+dovecot+procmail
>>
>> I thought I would try here, as sanesecurity points me to:
>> scamnailer at ecs.soton.ac.uk - Julian Field for issues with Scamnailer.
>>
>> Almost all the emails I get from UFL's helpdesk are marked as:
>> ?ScamNailer.Phish.helpdesk_AT_ufl.edu.UNOFFICIAL? and quarantined.
>
> You need to work out what ScamNailer is objecting to, also whether the 
> scamnailer version and the data you are working from is up to date.
>
> If an address is listed incorrectly, I believe the scamnailer data 
> originates from http://code.google.com/p/anti-phishing-email-reply/ so 
> you could look there to get false positives and no-longer-positives 
> removed (Help Desk addresses can be used in spam so it might have been 
> listed legitimately).
Only a bit of the ScamNailer data comes from there. Most of it is 
derived elsewhere entirely.

If you hit false positives, please report them to 
scamnailer at ecs.soton.ac.uk.

Thanks!

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info

Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner? Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM

'Teach a man to reason, and he will think for a lifetime.' - Phil Plait
'All programs have a desire to be useful' - Tron, 1982


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


From MailScanner at ecs.soton.ac.uk  Wed Sep 12 13:44:39 2012
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Wed, 12 Sep 2012 13:44:39 +0100
Subject: cdn.mailscanner.info flaked out?
In-Reply-To: <CADU1O-3NVihQ6hUFsF6fRYD3ZnBccvS2LrPhn14wznsYfy2VuA@mail.gmail.com>
References: <CADU1O-3NVihQ6hUFsF6fRYD3ZnBccvS2LrPhn14wznsYfy2VuA@mail.gmail.com>
	<505083B7.20304@ecs.soton.ac.uk>
Message-ID: <EMEW3|367161cae90a946ad90b353edc58764do8BDiQ0bMailScanner|ecs.soton.ac.uk|505083B7.20304@ecs.soton.ac.uk>

We had a whole string of power failures last week when I was on holiday, 
should be all back now. We can't afford big enough UPSes for the quality 
of our power feed. :-(

Jules.

On 07/09/2012 13:28, Jeff Earickson wrote:
> Gang,
>
> The services for ScamNailer and update_bad_phishing_sites seems to
> have an issue:
>
> Unable to retrieve http://cdn.mailscanner.info/.2012-365 :404 Not Found
> Failed to retrieve http://cdn.mailscanner.info/2012-365.1 at
>
> and
>
> Unable to retrieve http://cdn.mailscanner.info/emails..2012-365 :404 Not Found
> Unable to open base file (/var/cache/ScamNailer/cache//2012-365)
>
> Can somebody give it a kick in the shins please?
>
> Jeff Earickson
> Colby College
>
> Jules
>
> -- 
> Julian Field MEng CITP CEng
> www.MailScanner.info
>
> Buy the MailScanner book at www.MailScanner.info/store
> Need help customising MailScanner? Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM
>
> 'Teach a man to reason, and he will think for a lifetime.' - Phil Plait
> 'All programs have a desire to be useful' - Tron, 1982

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


From brian.duncan at kattenlaw.com  Fri Sep 14 20:28:36 2012
From: brian.duncan at kattenlaw.com (Duncan, Brian M.)
Date: Fri, 14 Sep 2012 19:28:36 +0000
Subject: MailScanner: Could not analyze message
Message-ID: <946070139734074AA288505D2AD1D4CD037B1510@CHI-US-MAIL-1B.us.kmz.com>

Can anyone help me out with a problem we have just started having people report?

We don't use Mailscanner to scan for viruses, or for dangerous email, at least I did not think we were.  We DO use the Spam features with Spam Assassin though through MailScanner.

My versions are:

mailscanner-4.83.5-1
spamassassin-3.3.1-3


My key settings  that I believe might influence this that are from the main conf:

Maximum processing Attempts = 0
Expand TNEF =  no
Use TNEF Contents = no
Deliver Unparsable TNEF = yes
Find UU-Encoded Files = no
Maximum Message Size = 0
Maximum Attachment Size = -1
Minimum Attachment Size = 1
Maximum Archive  Depth = 0
Finding Archives By Content = no
Unpack Microsoft Documents = no
Zip Attachments = no
Add Text Of Doc = no
Unzip Maximum Files Per Archive = 0
Virus Scanning = no
Virus Scanners = none
Still Deliver Silent Viruses = yes
Block Encrypted Messages = no
Block Unencrypted Messages = no
Allow Password-Protected Archives = yes
Check Filenames In Password-Protected Archives = no
Dangerous Content Scanning = no
Allow Partial Messages = yes
Allow External Message Bodies = yes
Find Phishing Fraud = no
Allow IFrame Tags = disarm
Allow Form Tags = disarm
Allow Script Tags = disarm
Allow WebBugs = disarm
Allow Object Codebase Tags = disarm
Convert Dangerous HTML To Text = no
Convert HTML To Text = no

I have recently begun having users complain that they are receiving messages from our Mailscanner system like this:

From: xxxxx [xxxx at xxxx.com]
Sent: Friday, September 14, 2012 3:31 AM
To: Smith, John
Subject: Online Content - September 2012

This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail message contained potentially dangerous content, which has been removed for your safety.
The content is dangerous as it is often used to spread viruses or to gain personal or confidential information from you, such as passwords or credit card numbers.
Due to limitations placed on us by the Regulation of Investigatory Powers Act 2000, we were unable to keep a copy of the original attachment.
The content filters found this:
  MailScanner: Could not analyze message

--
Postmaster
Katten Muchin Rosenman LLP
www.kattenlaw.com<http://www.kattenlaw.com>

All the logs show for the above message is: Sep 14 05:30:44 venus MailScanner[16268]: Cleaned: Delivered 1 cleaned messages

Based on my settings in my mailscanner.conf file, I thought I had everything set to NOT have try to analyze messages for anything but Spam.

I have narrowed it down to one host that this is happening with, but since I don't have a copy of any of these emails that cause this I  have nothing to go on.

Was more curious now if anyone know why this might trigger if I have everything turned off accept Spam scanning.

This sender is a mailing list, that sends out mailing I believe for many organizations.  So there are days when I have a couple hundred of these to many different people here.

Thanks!




BRIAN M. DUNCAN
Data Security Administrator
Katten Muchin Rosenman LLP
525 W. Monroe Street / Chicago, IL 60661-3693
p / (312) 577-8045 f / (312) 577-4490
brian.duncan at kattenlaw.com / www.kattenlaw.com



===========================================================
CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue
Service, any tax advice contained herein is not intended or written to be used and cannot be used
by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer.
===========================================================
CONFIDENTIALITY NOTICE:
This electronic mail message and any attached files contain information intended for the exclusive
use of the individual or entity to whom it is addressed and may contain information that is
proprietary, privileged, confidential and/or exempt from disclosure under applicable law.  If you
are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or 
distribution of this information may be subject to legal restriction or sanction.  Please notify
the sender, by electronic mail or telephone, of any unintended recipients and delete the original 
message without making any copies.
===========================================================
NOTIFICATION:  Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has
elected to be governed by the Illinois Uniform Partnership Act (1997).
===========================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120914/7d3f2ba1/attachment.html 

From maxsec at gmail.com  Sat Sep 15 08:34:11 2012
From: maxsec at gmail.com (Martin Hepworth)
Date: Sat, 15 Sep 2012 08:34:11 +0100
Subject: MailScanner: Could not analyze message
In-Reply-To: <946070139734074AA288505D2AD1D4CD037B1510@CHI-US-MAIL-1B.us.kmz.com>
References: <946070139734074AA288505D2AD1D4CD037B1510@CHI-US-MAIL-1B.us.kmz.com>
Message-ID: <CAGDKor+p_CzzphhOLTr9-1Coi88Wx-o5gVnOLTg9uF1AijuEcA@mail.gmail.com>

Check the logs for any clues, but it could be sone sort of odd reaction
from file on the content types.

Anything in the header either post processing

Ideally you need to get a sample message and run this in mailscanners debug
mode

On Friday, 14 September 2012, Duncan, Brian M. wrote

>  Can anyone help me out with a problem we have just started having people
> report?****
>
> ** **
>
> We don?t use Mailscanner to scan for viruses, or for dangerous email, at
> least I did not think we were.  We DO use the Spam features with Spam
> Assassin though through MailScanner.****
>
> ** **
>
> My versions are:****
>
> ** **
>
> mailscanner-4.83.5-1****
>
> spamassassin-3.3.1-3****
>
> ** **
>
> ** **
>
> My key settings  that I believe might influence this that are from the
> main conf:****
>
> ** **
>
> Maximum processing Attempts = 0****
>
> Expand TNEF =  no****
>
> Use TNEF Contents = no****
>
> Deliver Unparsable TNEF = yes****
>
> Find UU-Encoded Files = no****
>
> Maximum Message Size = 0****
>
> Maximum Attachment Size = -1****
>
> Minimum Attachment Size = 1****
>
> Maximum Archive  Depth = 0****
>
> Finding Archives By Content = no****
>
> Unpack Microsoft Documents = no****
>
> Zip Attachments = no****
>
> Add Text Of Doc = no****
>
> Unzip Maximum Files Per Archive = 0****
>
> Virus Scanning = no****
>
> Virus Scanners = none****
>
> Still Deliver Silent Viruses = yes****
>
> Block Encrypted Messages = no****
>
> Block Unencrypted Messages = no****
>
> Allow Password-Protected Archives = yes****
>
> Check Filenames In Password-Protected Archives = no****
>
> Dangerous Content Scanning = no****
>
> Allow Partial Messages = yes****
>
> Allow External Message Bodies = yes****
>
> Find Phishing Fraud = no****
>
> Allow IFrame Tags = disarm****
>
> Allow Form Tags = disarm****
>
> Allow Script Tags = disarm****
>
> Allow WebBugs = disarm****
>
> Allow Object Codebase Tags = disarm****
>
> Convert Dangerous HTML To Text = no****
>
> Convert HTML To Text = no****
>
> ** **
>
> I have recently begun having users complain that they are receiving
> messages from our Mailscanner system like this:****
>
> ** **
>
> From: xxxxx [xxxx at xxxx.com <javascript:_e({}, 'cvml', 'xxxx at xxxx.com');>]
> Sent: Friday, September 14, 2012 3:31 AM
> To: Smith, John
> Subject: Online Content - September 2012
>
> This is a message from the MailScanner E-Mail Virus Protection Service
> ----------------------------------------------------------------------
> The original e-mail message contained potentially dangerous content, which
> has been removed for your safety.
> The content is dangerous as it is often used to spread viruses or to gain
> personal or confidential information from you, such as passwords or credit
> card numbers.
> Due to limitations placed on us by the Regulation of Investigatory Powers
> Act 2000, we were unable to keep a copy of the original attachment.
> The content filters found this:
>   MailScanner: Could not analyze message
>
> --
> Postmaster
> Katten Muchin Rosenman LLP
> www.kattenlaw.com****
>
> ** **
>
> All the logs show for the above message is: Sep 14 05:30:44 venus
> MailScanner[16268]: Cleaned: Delivered 1 cleaned messages****
>
> ** **
>
> Based on my settings in my mailscanner.conf file, I thought I had
> everything set to NOT have try to analyze messages for anything but Spam.*
> ***
>
> ** **
>
> I have narrowed it down to one host that this is happening with, but since
> I don?t have a copy of any of these emails that cause this I  have nothing
> to go on. ****
>
> ** **
>
> Was more curious now if anyone know why this might trigger if I have
> everything turned off accept Spam scanning.  ****
>
> ** **
>
> This sender is a mailing list, that sends out mailing I believe for many
> organizations.  So there are days when I have a couple hundred of these to
> many different people here.****
>
> ** **
>
> Thanks!****
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> BRIAN M. DUNCAN
> Data Security Administrator
> Katten Muchin Rosenman LLP
> 525 W. Monroe Street / Chicago, IL 60661-3693
> p / (312) 577-8045 f / (312) 577-4490
> brian.duncan at kattenlaw.com <javascript:_e({}, 'cvml',
> 'brian.duncan at kattenlaw.com');> / www.kattenlaw.com
>   ****
>
> ** **
>
> ===========================================================
> CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue
> Service, any tax advice contained herein is not intended or written to be used and cannot be used
> by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer.
> ===========================================================
> CONFIDENTIALITY NOTICE:
> This electronic mail message and any attached files contain information intended for the exclusive
> use of the individual or entity to whom it is addressed and may contain information that is
> proprietary, privileged, confidential and/or exempt from disclosure under applicable law.  If you
> are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or
> distribution of this information may be subject to legal restriction or sanction.  Please notify
> the sender, by electronic mail or telephone, of any unintended recipients and delete the original
> message without making any copies.
> ===========================================================
> NOTIFICATION:  Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has
> elected to be governed by the Illinois Uniform Partnership Act (1997).
> ===========================================================
>
>

-- 
-- 
Martin Hepworth, CISSP
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120915/ee1a6f9a/attachment.html 

From maxsec at gmail.com  Sat Sep 15 18:39:36 2012
From: maxsec at gmail.com (Martin Hepworth)
Date: Sat, 15 Sep 2012 18:39:36 +0100
Subject: Fwd: FYI: "End of an Era" - RFC-Ignorant.org is scheduling its own
	demise.
In-Reply-To: <5054B47D.6050508@gmail.com>
References: <5054B47D.6050508@gmail.com>
Message-ID: <CAGDKorKHDrWE+T-P7Z7k6fipvhrP5PCJez0B3+G0AtrfTy1g0A@mail.gmail.com>

Fyi

---------- Forwarded message ----------
From: *Axb*
Date: Saturday, 15 September 2012
Subject: FYI: "End of an Era" - RFC-Ignorant.org is scheduling its own
demise.
To: users at spamassassin.apache.org


See:

http://rfc-ignorant.org/**endofanera.php<http://rfc-ignorant.org/endofanera.php>

All reference to rfc-ignorant.org will be removed from SA within 48hrs.
Changes should show up within next couple of sa-updates

If you're using rfc-ignorant.org in meta rules, please remove them to
prevent lint/sa-update errors.

Axb
PS: Thanks to Atro Tossavainen for the heads up!




-- 
-- 
Martin Hepworth, CISSP
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120915/7b6d03ad/attachment.html 

From micoots at yahoo.com  Sun Sep 16 03:10:19 2012
From: micoots at yahoo.com (Michael Mansour)
Date: Sat, 15 Sep 2012 19:10:19 -0700 (PDT)
Subject: Error TNEF with MailScanner version 4.84.3
In-Reply-To: <CAK2HDopvCD44enZc0_J+GMDxq3WWqw+xKz6T2e3ki-ns2awCMQ@mail.gmail.com>
References: <CAK2HDopvCD44enZc0_J+GMDxq3WWqw+xKz6T2e3ki-ns2awCMQ@mail.gmail.com>
Message-ID: <1347761419.85360.YahooMailNeo@web161903.mail.bf1.yahoo.com>

I'm using 4.84.5-2 and encountered this problem when using the external TNEF expander (option "TNEF Expander"). 


The quick fix is to change it to:

TNEF Expander = internal

It may be that an external TNEF expander may support many more formats than the perl-based one, but after the change a couple of weeks ago I haven't seen any more required to be supported so it's of little concern.

Regards,


Michael.



________________________________
 From: Paul Ronald <jhon.higgins at gmail.com>
To: mailscanner at lists.mailscanner.info 
Sent: Friday, 7 September 2012 10:33 PM
Subject: Error TNEF with MailScanner version 4.84.3
 

Hello,

yesterday i get this error in my servers with postfix + MailScanner 4.84.3:

Sep? 6 14:04:10 server1 MailScanner[4548]: Expanding TNEF archive at /var/spool/MailScanner/incoming/4548/9C8DEC06E3.A1766/winmail.dat 

Sep? 6 14:04:10 server1 MailScanner[4548]: Trying to unpack nwinmail.dat 
in message 9C8DEC06E3.A1766, could not create subdirectory 
9C8DEC06E3.A1766//tnefmNPiVZ, failed to unpack TNEF message 
Sep? 6 14:04:10 server1 MailScanner[4548]: Corrupt TNEF winmail.dat that cannot be analysed in message 9C8DEC06E3.A1766


somebody speak of a BUG in this version but i don not known where is the patch.


Thak you

-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120915/918e000e/attachment.html 

From dave at KD0YU.COM  Sun Sep 16 14:25:32 2012
From: dave at KD0YU.COM (Dave Helton)
Date: Sun, 16 Sep 2012 08:25:32 -0500
Subject: corporate spam
Message-ID: <77F23E6E4DE9084BA33755BA403E53FCF00AAB215E@S8.KD0YU.COM>

Lately I've been seeing a lot of spam out some IP's in the Netherlands, advertising Overstock, ADT,
some ink vendors and a whole bunch of other crap.  The messages average around 190k per email,
and some are pushing over 250k.  Not your small time spammer anymore.

I set the "Max Spam Check Size" to 500k and added the following rule to my local.cf

uri                    KD0YU_GOAWAY_26            /http\:\/\/.*\.us\/php\/off\/\d\d(\d)?\.\d\d\/(top|sub)\/.*/i
describe        KD0YU_GOAWAY_26            Overstock,ADT,or Ink, or whatever
score              KD0YU_GOAWAY_26            50

HTH's

--Dave

-- 
This message has been scanned for viruses and dangerous content
by MailScanner at KD0YU.COM, and is believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120916/bd3131d6/attachment.html 

From routerlinux at yahoo.es  Sun Sep 16 15:41:27 2012
From: routerlinux at yahoo.es (Diego)
Date: Sun, 16 Sep 2012 15:41:27 +0100 (BST)
Subject: Mailscanner stuck in endless loop 
Message-ID: <1347806487.66902.YahooMailNeo@web132103.mail.ird.yahoo.com>

USe Debian 6 and postfix and MailScanner

Binary package hint: mailscanner
Mailscanner is stuck in an endless loop; it scans the messages held in the postfix queue again and again and there are no "requeue" notices, like on a working server. In the mean time, server is incapable of processing mail, unless the scanner is disabled, and in my case, Postfix does not hold incoming messages.

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120916/03d00738/attachment.html 

From roedie at roedie.nl  Sun Sep 16 16:14:14 2012
From: roedie at roedie.nl (Sander Klein)
Date: Sun, 16 Sep 2012 17:14:14 +0200
Subject: corporate spam
In-Reply-To: <77F23E6E4DE9084BA33755BA403E53FCF00AAB215E@S8.KD0YU.COM>
References: <77F23E6E4DE9084BA33755BA403E53FCF00AAB215E@S8.KD0YU.COM>
Message-ID: <e69830b0aa4cccfd79d4c5af981e8e3c@roedie.nl>

Hi Dave,

On 16.09.2012 15:25, Dave Helton wrote:
> Lately I've been seeing a lot of spam out some IP's in the
> Netherlands, advertising Overstock, ADT,

I'm wondering if you could share some of the IP's (or the prefixes) 
with me. I'm just curious which providers they are from...

Greets,

Sander

From maxsec at gmail.com  Sun Sep 16 18:17:15 2012
From: maxsec at gmail.com (Martin Hepworth)
Date: Sun, 16 Sep 2012 18:17:15 +0100
Subject: Mailscanner stuck in endless loop
In-Reply-To: <1347806487.66902.YahooMailNeo@web132103.mail.ird.yahoo.com>
References: <1347806487.66902.YahooMailNeo@web132103.mail.ird.yahoo.com>
Message-ID: <CAGDKor+RbYMZ8SMETX=FVA5-J5gHgRMjAGeMp3YhhLq88MpOBQ@mail.gmail.com>

New install or something that was working

Try running in debug mode for more info( see wiki for a how if youre not
sure)

Martin

On Sunday, 16 September 2012, Diego wrote:

> USe Debian 6 and postfix and MailScanner
>
> Binary package hint: mailscanner
> Mailscanner is stuck in an endless loop; it scans the messages held in the
> postfix queue again and again and there are no "requeue" notices, like on a
> working server. In the mean time, server is incapable of processing mail,
> unless the scanner is disabled, and in my case, Postfix does not hold
> incoming messages.
>
> Thanks
>


-- 
-- 
Martin Hepworth, CISSP
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120916/d0cd4790/attachment.html 

From dave at KD0YU.COM  Sun Sep 16 20:41:58 2012
From: dave at KD0YU.COM (Dave Helton)
Date: Sun, 16 Sep 2012 14:41:58 -0500
Subject: corporate spam
In-Reply-To: <e69830b0aa4cccfd79d4c5af981e8e3c@roedie.nl>
References: <77F23E6E4DE9084BA33755BA403E53FCF00AAB215E@S8.KD0YU.COM>
	<e69830b0aa4cccfd79d4c5af981e8e3c@roedie.nl>
Message-ID: <77F23E6E4DE9084BA33755BA403E53FCF00AAB215F@S8.KD0YU.COM>

93.190.138.150, 93.190.138.148
(us CA spammer relaying thru a worldstream.nl acct)
109.236.88.129
(unbelievable... same guy)
217.23.6.218,217.23.6.236,217.23.6.238
(I'm sensing a pattern here)

All above IP's resolved to this guy.

Registrant ID:                               C370BF7D41DBD03F
Registrant Name:                             Chris  Michaels
Registrant Organization:                     Viral Marketing LLC
Registrant Address1:                         PO Box 1152
Registrant City:                             La Habra
Registrant State/Province:                   CA
Registrant Postal Code:                      90633-1152
Registrant Country:                          United States
Registrant Country Code:                     US
Registrant Phone Number:                     +1.7143330560
Registrant Email:                            chris at viral-media.net

Sander... thanks for pushing my button on this one.
'Bout time I did some research on where this junk was coming from,
I just assumed it was a botnet.

My servers are probably not his only targets, the rule I posted earlier
should work for a while but might need some tweaking.  Feel free to
forward anything relevant to me.

--Dave, KD0YU

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Sander Klein
> Sent: Sunday, September 16, 2012 10:14 AM
> To: mailscanner at lists.mailscanner.info
> Subject: Re: corporate spam
>
> Hi Dave,
>
> On 16.09.2012 15:25, Dave Helton wrote:
> > Lately I've been seeing a lot of spam out some IP's in the
> > Netherlands, advertising Overstock, ADT,
>
> I'm wondering if you could share some of the IP's (or the prefixes) with me.
> I'm just curious which providers they are from...
>

-- 
This message has been scanned for viruses and dangerous content
by MailScanner at KD0YU.COM, and is believed to be clean.


From routerlinux at yahoo.es  Sun Sep 16 21:27:15 2012
From: routerlinux at yahoo.es (Diego)
Date: Sun, 16 Sep 2012 21:27:15 +0100 (BST)
Subject: Mailscanner stuck in endless loop
In-Reply-To: <CAGDKor+RbYMZ8SMETX=FVA5-J5gHgRMjAGeMp3YhhLq88MpOBQ@mail.gmail.com>
References: <1347806487.66902.YahooMailNeo@web132103.mail.ird.yahoo.com>
	<CAGDKor+RbYMZ8SMETX=FVA5-J5gHgRMjAGeMp3YhhLq88MpOBQ@mail.gmail.com>
Message-ID: <1347827235.76976.YahooMailNeo@web132103.mail.ird.yahoo.com>

root at mail:/var/spool/MailScanner# MailScanner -debug

Configuration: Failed to find any configuration files like /etc/MailScanner/conf.d/*, skipping them. at /usr/share/MailScanner//MailScanner/Config.pm line 2020

In Debugging mode, not forking...
Trying to setlogsock(unix)
Building a message batch to scan...
Insecure dependency in open while running with -T switch at /usr/share/MailScanner//MailScanner/Lock.pm line 358.



________________________________
 De: Martin Hepworth <maxsec at gmail.com>
Para: MailScanner discussion <mailscanner at lists.mailscanner.info> 
Enviado: Domingo 16 de septiembre de 2012 12:17
Asunto: Re: Mailscanner stuck in endless loop
 

New install or something that was working

Try running in debug mode for more info( see wiki for a how if youre not sure)

Martin

On Sunday, 16 September 2012, Diego  wrote:

USe Debian 6 and postfix and MailScanner
>
>
>Binary package hint: mailscanner
>Mailscanner is stuck in an endless loop; it scans the messages held in the postfix queue again and again and there are no "requeue" notices, like on a working server. In the mean time, server is incapable of processing mail, unless the scanner is disabled, and in my case, Postfix does not hold incoming messages.
>
>
>Thanks
>

-- 
-- 
Martin Hepworth, CISSP
Oxford, UK

-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120916/b0b6951a/attachment.html 

From routerlinux at yahoo.es  Sun Sep 16 21:30:42 2012
From: routerlinux at yahoo.es (Diego)
Date: Sun, 16 Sep 2012 21:30:42 +0100 (BST)
Subject: Mailscanner stuck in endless loop
In-Reply-To: <CAGDKor+RbYMZ8SMETX=FVA5-J5gHgRMjAGeMp3YhhLq88MpOBQ@mail.gmail.com>
References: <1347806487.66902.YahooMailNeo@web132103.mail.ird.yahoo.com>
	<CAGDKor+RbYMZ8SMETX=FVA5-J5gHgRMjAGeMp3YhhLq88MpOBQ@mail.gmail.com>
Message-ID: <1347827442.52033.YahooMailNeo@web132105.mail.ird.yahoo.com>

root at mail:/var/spool/MailScanner# MailScanner -lint 
Trying to setlogsock(unix)

Reading configuration file /etc/MailScanner/MailScanner.conf
Configuration: Failed to find any configuration files like /etc/MailScanner/conf.d/*, skipping them. at /usr/share/MailScanner//MailScanner/Config.pm line 2020
Read 858 hostnames from the phishing whitelist
Read 5497 hostnames from the phishing blacklists

Checking version numbers...
Version number in MailScanner.conf (4.79.11) is correct.

Unrar is not installed, it should be in /usr/bin/unrar.
This is required for RAR archives to be read to check
filenames and filetypes. Virus scanning is not affected.


ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf
ERROR: is not correct, it should match X-unconfigured-debian-site-MailScanner-From

MailScanner setting GID to? (108)
MailScanner setting UID to? (105)

Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
config: failed to parse line, skipping, in "/etc/MailScanner/spam.assassin.prefs.conf": use_auto_whitelist 0
SpamAssassin reported an error.
Connected to Processing Attempts Database
Created Processing Attempts Database successfully
There are 0 messages in the Processing Attempts Database
Using locktype = posix
MailScanner.conf says "Virus Scanners = clamav"
Found these virus scanners installed: clamd
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
./1/eicar.com: Eicar-Test-Signature FOUND

Virus Scanning: ClamAV found 1 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 1 viruses
===========================================================================

If any of your virus scanners (clamd)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.


----------------

root at mail:/var/spool/MailScanner# MailScanner -debug

Configuration: Failed to find any configuration files like /etc/MailScanner/conf.d/*, skipping them. at /usr/share/MailScanner//MailScanner/Config.pm line 2020

In Debugging mode, not forking...
Trying to setlogsock(unix)
Building a message batch to scan...
Insecure dependency in open while running with -T switch at /usr/share/MailScanner//MailScanner/Lock.pm line 358.



________________________________
 De: Martin Hepworth <maxsec at gmail.com>
Para: MailScanner discussion <mailscanner at lists.mailscanner.info> 
Enviado: Domingo 16 de septiembre de 2012 12:17
Asunto: Re: Mailscanner stuck in endless loop
 

New install or something that was working

Try running in debug mode for more info( see wiki for a how if youre not sure)

Martin

On Sunday, 16 September 2012, Diego  wrote:

USe Debian 6 and postfix and MailScanner
>
>
>Binary package hint: mailscanner
>Mailscanner is stuck in an endless loop; it scans the messages held in the postfix queue again and again and there are no "requeue" notices, like on a working server. In the mean time, server is incapable of processing mail, unless the scanner is disabled, and in my case, Postfix does not hold incoming messages.
>
>
>Thanks
>

-- 
-- 
Martin Hepworth, CISSP
Oxford, UK

-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120916/beaf694d/attachment.html 

From andrew at topdog.za.net  Mon Sep 17 05:43:01 2012
From: andrew at topdog.za.net (Andrew Colin Kissa)
Date: Mon, 17 Sep 2012 06:43:01 +0200
Subject: Mailscanner stuck in endless loop
In-Reply-To: <1347806487.66902.YahooMailNeo@web132103.mail.ird.yahoo.com>
References: <1347806487.66902.YahooMailNeo@web132103.mail.ird.yahoo.com>
Message-ID: <DF4405EE-8664-48CB-8276-456D124B50D9@topdog.za.net>


On 16 Sep 2012, at 4:41 PM, Diego wrote:

> USe Debian 6 and postfix and MailScanner
> 
> Binary package hint: mailscanner
> Mailscanner is stuck in an endless loop; it scans the messages held in the postfix queue again and again and there are no "requeue" notices, like on a working server. In the mean time, server is incapable of processing mail, unless the scanner is disabled, and in my case, Postfix does not hold incoming messages.

It could be this bug[1] that is causing your issue, you are still running 4.79, please upgrade to a more recent version as your issues may be fixed with in the later
versions, if not resolved try running with -U

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649835

--
www.baruwa.org




From maxsec at gmail.com  Mon Sep 17 06:37:50 2012
From: maxsec at gmail.com (Martin Hepworth)
Date: Mon, 17 Sep 2012 06:37:50 +0100
Subject: Mailscanner stuck in endless loop
In-Reply-To: <DF4405EE-8664-48CB-8276-456D124B50D9@topdog.za.net>
References: <1347806487.66902.YahooMailNeo@web132103.mail.ird.yahoo.com>
	<DF4405EE-8664-48CB-8276-456D124B50D9@topdog.za.net>
Message-ID: <CAGDKor+0dm0T-afFQY_tauKc30_sXMMOJKryJwADuV3jrDnj2g@mail.gmail.com>

Looks like andew beat me to it.

Upgrade to latest and add in the -U flag if youre still seeing errors

Martin

On Monday, 17 September 2012, Andrew Colin Kissa wrote:

>
> On 16 Sep 2012, at 4:41 PM, Diego wrote:
>
> > USe Debian 6 and postfix and MailScanner
> >
> > Binary package hint: mailscanner
> > Mailscanner is stuck in an endless loop; it scans the messages held in
> the postfix queue again and again and there are no "requeue" notices, like
> on a working server. In the mean time, server is incapable of processing
> mail, unless the scanner is disabled, and in my case, Postfix does not hold
> incoming messages.
>
> It could be this bug[1] that is causing your issue, you are still running
> 4.79, please upgrade to a more recent version as your issues may be fixed
> with in the later
> versions, if not resolved try running with -U
>
> [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649835
>
> --
> www.baruwa.org
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info <javascript:;>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>


-- 
-- 
Martin Hepworth, CISSP
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120917/e996ee0e/attachment.html 

From roedie at roedie.nl  Mon Sep 17 07:56:24 2012
From: roedie at roedie.nl (Sander Klein)
Date: Mon, 17 Sep 2012 08:56:24 +0200
Subject: Mailscanner stuck in endless loop
In-Reply-To: <DF4405EE-8664-48CB-8276-456D124B50D9@topdog.za.net>
References: <1347806487.66902.YahooMailNeo@web132103.mail.ird.yahoo.com>
	<DF4405EE-8664-48CB-8276-456D124B50D9@topdog.za.net>
Message-ID: <c18e1f8b481768182f79ccfc0a653c12@roedie.nl>

On 17.09.2012 06:43, Andrew Colin Kissa wrote:
> On 16 Sep 2012, at 4:41 PM, Diego wrote:
>
>> USe Debian 6 and postfix and MailScanner
>>
>> Binary package hint: mailscanner
>> Mailscanner is stuck in an endless loop; it scans the messages held 
>> in the postfix queue again and again and there are no "requeue" 
>> notices, like on a working server. In the mean time, server is 
>> incapable of processing mail, unless the scanner is disabled, and in 
>> my case, Postfix does not hold incoming messages.
>
> It could be this bug[1] that is causing your issue, you are still
> running 4.79, please upgrade to a more recent version as your issues
> may be fixed with in the later
> versions, if not resolved try running with -U

I you've upgraded to the latest version and see taint errors in file.pm 
then edit the file PFDiskstore.pm at the line ~629:

sub CopyEntireMessage {
   my $this = shift;
   my($message, $targetdir, $targetfile, $uid, $gid, $changeowner) = @_;

   #print STDERR "Copying to $targetdir $targetfile\n";
   if (MailScanner::Config::Value('storeentireasdfqf')) {

change to:

sub CopyEntireMessage {
   my $this = shift;
   my($message, $targetdir, $targetfile, $uid, $gid, $changeowner) = @_;

   $targetfile =~/([\w\d]{10}.[\w\d]{5})/;
   $targetfile = $1;

   #print STDERR "Copying to $targetdir $targetfile\n";
   if (MailScanner::Config::Value('storeentireasdfqf')) {

This way you don't have to disable the taint mode which is a bit safer. 
(I even created a debian package with this fix if you're interested)

Greets,

Sander

From Sampson at p2sol.com  Mon Sep 17 17:01:44 2012
From: Sampson at p2sol.com (Sampson, Aaron)
Date: Mon, 17 Sep 2012 16:01:44 +0000
Subject: Filter by IP
Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>

I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam Assassin and Clamd and I have a Test server that I am trying to prevent from e-mailing anyone outside 2 certain domains.  I have been trying to figure out the best way to set this up so that it does not interfere with the production servers or regular e-mails.  But not really clear on the best way to set this up.
I thought about trying to put something in whitelist.rules but want to have a clear plan of attack before I try anything to prevent disruption of normal e-mails.

Wanting to do something like
When From: ip.tst.srv.add           Only Allow to send to: our.domain.com & this domain.com (and block anything not to that domain)

Any thoughts would be greatly appreciated


Aaron Sampson
IT Department

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120917/dab2088d/attachment.html 

From alex at vidadigital.com.pa  Mon Sep 17 18:41:24 2012
From: alex at vidadigital.com.pa (Alex Neuman)
Date: Mon, 17 Sep 2012 12:41:24 -0500
Subject: Filter by IP
In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>
Message-ID: <CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com>

You can probably add the test server's IP to the spam whitelist, then
add a "non-spam actions" ruleset that says something like:

To:allowed.domain.com deliver
To:allowed2.domain.com deliver
From:xx.xx.xx.xx store

That way, the first two domains "hit" and "deliver" the e-mails, while
anything else from the test server will be "stored" - you could use
"delete" but just in case use "store" so you can release them if
necessary.


On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron <Sampson at p2sol.com> wrote:
> I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam Assassin and
> Clamd and I have a Test server that I am trying to prevent from e-mailing
> anyone outside 2 certain domains.  I have been trying to figure out the best
> way to set this up so that it does not interfere with the production servers
> or regular e-mails.  But not really clear on the best way to set this up.
>
> I thought about trying to put something in whitelist.rules but want to have
> a clear plan of attack before I try anything to prevent disruption of normal
> e-mails.
>
>
>
> Wanting to do something like
>
> When From: ip.tst.srv.add           Only Allow to send to: our.domain.com &
> this domain.com (and block anything not to that domain)
>
>
>
> Any thoughts would be greatly appreciated
>
>
>
>
>
> Aaron Sampson
>
> IT Department
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



-- 

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't
bother. A cute graphic saying "save the planet, don't print this" can
potentially create more CO2, not less, so don't bother either.

From bjron.mork at gmail.com  Mon Sep 17 19:02:12 2012
From: bjron.mork at gmail.com (Bjorn Mork)
Date: Mon, 17 Sep 2012 23:02:12 +0500
Subject: Filter by IP
In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>
Message-ID: <CAHh02P01+6zMrMVurXnqQxfbx-Zh9o_KWBWHnCHByK5jyMMpGw@mail.gmail.com>

Yes, this is possible via MailScanner. We are working with these kind of
rules via integration of MailWatch + MailScanner.


Regards,
B~Mork.


On Mon, Sep 17, 2012 at 9:01 PM, Sampson, Aaron <Sampson at p2sol.com> wrote:

>  I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam Assassin
> and Clamd and I have a Test server that I am trying to prevent from
> e-mailing anyone outside 2 certain domains.  I have been trying to figure
> out the best way to set this up so that it does not interfere with the
> production servers or regular e-mails.  But not really clear on the best
> way to set this up.****
>
> I thought about trying to put something in whitelist.rules but want to
> have a clear plan of attack before I try anything to prevent disruption of
> normal e-mails.****
>
> ** **
>
> Wanting to do something like****
>
> When From: ip.tst.srv.add           Only Allow to send to: our.domain.com& this
> domain.com (and block anything not to that domain)****
>
> ** **
>
> Any thoughts would be greatly appreciated****
>
> ** **
>
> ** **
>
> Aaron Sampson****
>
> IT Department****
>
> ** **
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120917/a7c9e236/attachment.html 

From Sampson at p2sol.com  Mon Sep 17 19:25:24 2012
From: Sampson at p2sol.com (Sampson, Aaron)
Date: Mon, 17 Sep 2012 18:25:24 +0000
Subject: Filter by IP
In-Reply-To: <CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>
	<CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com>
Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FA88B@COMM1.p2sol.com>

Interesting, I hadn't thought about that approach to this.  It seems like that would do the trick while still allowing mail from other IP's /Domains to go through unaffected.  Thank you for the suggestion and I will let you know how it works out


-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman
Sent: Monday, September 17, 2012 12:41 PM
To: MailScanner discussion
Subject: Re: Filter by IP

You can probably add the test server's IP to the spam whitelist, then add a "non-spam actions" ruleset that says something like:

To:allowed.domain.com deliver
To:allowed2.domain.com deliver
From:xx.xx.xx.xx store

That way, the first two domains "hit" and "deliver" the e-mails, while anything else from the test server will be "stored" - you could use "delete" but just in case use "store" so you can release them if necessary.


On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron <Sampson at p2sol.com> wrote:
> I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam 
> Assassin and Clamd and I have a Test server that I am trying to 
> prevent from e-mailing anyone outside 2 certain domains.  I have been 
> trying to figure out the best way to set this up so that it does not 
> interfere with the production servers or regular e-mails.  But not really clear on the best way to set this up.
>
> I thought about trying to put something in whitelist.rules but want to 
> have a clear plan of attack before I try anything to prevent 
> disruption of normal e-mails.
>
>
>
> Wanting to do something like
>
> When From: ip.tst.srv.add           Only Allow to send to: our.domain.com &
> this domain.com (and block anything not to that domain)
>
>
>
> Any thoughts would be greatly appreciated
>
>
>
>
>
> Aaron Sampson
>
> IT Department
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



-- 

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

From Sampson at p2sol.com  Mon Sep 17 20:10:30 2012
From: Sampson at p2sol.com (Sampson, Aaron)
Date: Mon, 17 Sep 2012 19:10:30 +0000
Subject: Filter by IP
In-Reply-To: <CAHh02P01+6zMrMVurXnqQxfbx-Zh9o_KWBWHnCHByK5jyMMpGw@mail.gmail.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>
	<CAHh02P01+6zMrMVurXnqQxfbx-Zh9o_KWBWHnCHByK5jyMMpGw@mail.gmail.com>
Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FA8FD@COMM1.p2sol.com>

Bjorn,

I have not as of yet integrated MailWatch with our system.

From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Bjorn Mork
Sent: Monday, September 17, 2012 1:02 PM
To: MailScanner discussion
Subject: Re: Filter by IP

Yes, this is possible via MailScanner. We are working with these kind of rules via integration of MailWatch + MailScanner.


Regards,
B~Mork.

On Mon, Sep 17, 2012 at 9:01 PM, Sampson, Aaron <Sampson at p2sol.com<mailto:Sampson at p2sol.com>> wrote:
I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam Assassin and Clamd and I have a Test server that I am trying to prevent from e-mailing anyone outside 2 certain domains.  I have been trying to figure out the best way to set this up so that it does not interfere with the production servers or regular e-mails.  But not really clear on the best way to set this up.
I thought about trying to put something in whitelist.rules but want to have a clear plan of attack before I try anything to prevent disruption of normal e-mails.

Wanting to do something like
When From: ip.tst.srv.add           Only Allow to send to: our.domain.com<http://our.domain.com> & this domain.com<http://domain.com> (and block anything not to that domain)

Any thoughts would be greatly appreciated


Aaron Sampson
IT Department


--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120917/0d81b32a/attachment.html 

From Kevin_Miller at ci.juneau.ak.us  Mon Sep 17 20:32:58 2012
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Mon, 17 Sep 2012 11:32:58 -0800
Subject: Filter by IP
In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>
Message-ID: <4A09477D575C2C4B86497161427DD94C279A68EC0B@city-exchange07>

What I would do is set up DNS to handle mail to mxtest.DOMAIN for inbound mail.  I presume you want to receive mail on this machine - NDRs and such at least.  That will keep the test stuff on the production servers.  After your satisfied, rename the mail server, and add it to the mix of MX records that handle real mail.

Sendmail uses a file called access to control connectivity.  I'm sure Postfix must as well.  With it, you can specify who and what can send/relay/receive mail on that host.  You should be able to tell it to only accept from specific IPs or subnets, email addresses or domains, etc.

Let your MTA handle who it will talk to.  When it is configured to send/receive from your specific domains, then route mail through that host and begin testing MailScanner.

MailWatch is worth installing.

HTH...

 ...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Sampson, Aaron
Sent: Monday, September 17, 2012 8:02 AM
To: mailscanner at lists.mailscanner.info
Subject: Filter by IP

I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam Assassin and Clamd and I have a Test server that I am trying to prevent from e-mailing anyone outside 2 certain domains.  I have been trying to figure out the best way to set this up so that it does not interfere with the production servers or regular e-mails.  But not really clear on the best way to set this up.
I thought about trying to put something in whitelist.rules but want to have a clear plan of attack before I try anything to prevent disruption of normal e-mails.

Wanting to do something like
When From: ip.tst.srv.add           Only Allow to send to: our.domain.com & this domain.com (and block anything not to that domain)

Any thoughts would be greatly appreciated


Aaron Sampson
IT Department

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120917/624ee86f/attachment.html 

From Sampson at p2sol.com  Wed Sep 19 16:00:05 2012
From: Sampson at p2sol.com (Sampson, Aaron)
Date: Wed, 19 Sep 2012 15:00:05 +0000
Subject: Filter by IP
In-Reply-To: <CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>
	<CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com>
Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com>

Alex,

So I tried out your suggestion and put in a a ruleset in the non-spam actions. rules that read 
to: *@domain1.com deliver
to: *@domain2.com deliver
from: ip.address	store
and then when that did not work added
fromorTo: default	deliver

Still did not work and all e-mails coming into the company were lost (dang it) and I kept getting an error message saying   Syntax error in "header" action in spam actions, 
missing ":" in etc/MailScanner/rules/non.spam.rules

We have checked and rechecked the rule-set pattern to see if we missed something and have tried a few things and nothing has worked so far.  We would like to not have to set up an additional smtp server to take care of this issue so any additional thoughts would be great, or let me know if you need/want any additional information


-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman
Sent: Monday, September 17, 2012 12:41 PM
To: MailScanner discussion
Subject: Re: Filter by IP

You can probably add the test server's IP to the spam whitelist, then add a "non-spam actions" ruleset that says something like:

To:allowed.domain.com deliver
To:allowed2.domain.com deliver
From:xx.xx.xx.xx store

That way, the first two domains "hit" and "deliver" the e-mails, while anything else from the test server will be "stored" - you could use "delete" but just in case use "store" so you can release them if necessary.


On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron <Sampson at p2sol.com> wrote:
> I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam 
> Assassin and Clamd and I have a Test server that I am trying to 
> prevent from e-mailing anyone outside 2 certain domains.  I have been 
> trying to figure out the best way to set this up so that it does not 
> interfere with the production servers or regular e-mails.  But not really clear on the best way to set this up.
>
> I thought about trying to put something in whitelist.rules but want to 
> have a clear plan of attack before I try anything to prevent 
> disruption of normal e-mails.
>
>
>
> Wanting to do something like
>
> When From: ip.tst.srv.add           Only Allow to send to: our.domain.com &
> this domain.com (and block anything not to that domain)
>
>
>
> Any thoughts would be greatly appreciated
>
>
>
>
>
> Aaron Sampson
>
> IT Department
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



-- 

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

From maxsec at gmail.com  Wed Sep 19 16:47:14 2012
From: maxsec at gmail.com (Martin Hepworth)
Date: Wed, 19 Sep 2012 16:47:14 +0100
Subject: Filter by IP
In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>
	<CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com>
Message-ID: <CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com>

have you made sure there no tab's in that ruleset.
check out the examples in the examples dir and here.

http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=rules

yes you'll need the default entry , try making sure the capitalisasion is
consistent with the examples as welll.

To: @domain1.com deliver
To: @domain2.com deliver
From: ip.address        store
FromOrTo: default       deliver

-- 
Martin Hepworth, CISSP
Oxford, UK


On 19 September 2012 16:00, Sampson, Aaron <Sampson at p2sol.com> wrote:

> Alex,
>
> So I tried out your suggestion and put in a a ruleset in the non-spam
> actions. rules that read
> to: *@domain1.com deliver
> to: *@domain2.com deliver
> from: ip.address        store
> and then when that did not work added
> fromorTo: default       deliver
>
> Still did not work and all e-mails coming into the company were lost (dang
> it) and I kept getting an error message saying   Syntax error in "header"
> action in spam actions,
> missing ":" in etc/MailScanner/rules/non.spam.rules
>
> We have checked and rechecked the rule-set pattern to see if we missed
> something and have tried a few things and nothing has worked so far.  We
> would like to not have to set up an additional smtp server to take care of
> this issue so any additional thoughts would be great, or let me know if you
> need/want any additional information
>
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:
> mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman
> Sent: Monday, September 17, 2012 12:41 PM
> To: MailScanner discussion
> Subject: Re: Filter by IP
>
> You can probably add the test server's IP to the spam whitelist, then add
> a "non-spam actions" ruleset that says something like:
>
> To:allowed.domain.com deliver
> To:allowed2.domain.com deliver
> From:xx.xx.xx.xx store
>
> That way, the first two domains "hit" and "deliver" the e-mails, while
> anything else from the test server will be "stored" - you could use
> "delete" but just in case use "store" so you can release them if necessary.
>
>
> On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron <Sampson at p2sol.com>
> wrote:
> > I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam
> > Assassin and Clamd and I have a Test server that I am trying to
> > prevent from e-mailing anyone outside 2 certain domains.  I have been
> > trying to figure out the best way to set this up so that it does not
> > interfere with the production servers or regular e-mails.  But not
> really clear on the best way to set this up.
> >
> > I thought about trying to put something in whitelist.rules but want to
> > have a clear plan of attack before I try anything to prevent
> > disruption of normal e-mails.
> >
> >
> >
> > Wanting to do something like
> >
> > When From: ip.tst.srv.add           Only Allow to send to:
> our.domain.com &
> > this domain.com (and block anything not to that domain)
> >
> >
> >
> > Any thoughts would be greatly appreciated
> >
> >
> >
> >
> >
> > Aaron Sampson
> >
> > IT Department
> >
> >
> >
> >
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >
>
>
>
> --
>
> --
>
> Alex Neuman van der Hans
> Reliant Technologies / Vida Digital
> http://vidadigital.com.pa/
>
> +507-6781-9505
> +507-832-6725
> +1-440-253-9789 (USA)
>
> Follow @AlexNeuman on Twitter
> http://facebook.com/vidadigital
>
>
> -- So-called "legal disclaimers" are not legally binding, so don't bother.
> A cute graphic saying "save the planet, don't print this" can potentially
> create more CO2, not less, so don't bother either.
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120919/c83a47e4/attachment.html 

From dave at KD0YU.COM  Wed Sep 19 17:27:00 2012
From: dave at KD0YU.COM (Dave Helton)
Date: Wed, 19 Sep 2012 11:27:00 -0500
Subject: Filter by IP
In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>
	<CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com>
Message-ID: <77F23E6E4DE9084BA33755BA403E53FCF00AAB2161@S8.KD0YU.COM>

>
> So I tried out your suggestion and put in a a ruleset in the non-spam actions.
> rules that read
> to: *@domain1.com deliver
> to: *@domain2.com deliver
> from: ip.address        store
> and then when that did not work added
> fromorTo: default       deliver

Although case is not critical... consistency is a Good Thing (tm).

>
> Still did not work and all e-mails coming into the company were lost (dang it)
> and I kept getting an error message saying   Syntax error in "header" action in
> spam actions,
> missing ":" in etc/MailScanner/rules/non.spam.rules
>

Most programs are designed to deal with a liberal use of "whitespace"
rather than the lack of it.

> To:allowed.domain.com deliver
> To:allowed2.domain.com deliver
> From:xx.xx.xx.xx store
>

-- 
This message has been scanned for viruses and dangerous content
by MailScanner at KD0YU.COM, and is believed to be clean.


From Sampson at p2sol.com  Wed Sep 19 19:25:56 2012
From: Sampson at p2sol.com (Sampson, Aaron)
Date: Wed, 19 Sep 2012 18:25:56 +0000
Subject: Filter by IP
In-Reply-To: <CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>
	<CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com>
	<CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com>
Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com>

I did make sure that the capitalization was the same through it all and that everything was spaced out the same as well, still got the same error message.  Did discover that everything seemed to be working properly with Mail Scanner until I attempted to send out an e-mail from one of the domains that I had listed.  Once that e-mail attempted to go through the system the syntax error appeared.

From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Martin Hepworth
Sent: Wednesday, September 19, 2012 10:47 AM
To: MailScanner discussion
Subject: Re: Filter by IP

have you made sure there no tab's in that ruleset.
check out the examples in the examples dir and here.

http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=rules

yes you'll need the default entry , try making sure the capitalisasion is consistent with the examples as welll.

To: @domain1.com<http://domain1.com> deliver
To: @domain2.com<http://domain2.com> deliver
From: ip.address        store
FromOrTo: default       deliver

--
Martin Hepworth, CISSP
Oxford, UK

On 19 September 2012 16:00, Sampson, Aaron <Sampson at p2sol.com<mailto:Sampson at p2sol.com>> wrote:
Alex,

So I tried out your suggestion and put in a a ruleset in the non-spam actions. rules that read
to: *@domain1.com<http://domain1.com> deliver
to: *@domain2.com<http://domain2.com> deliver
from: ip.address        store
and then when that did not work added
fromorTo: default       deliver

Still did not work and all e-mails coming into the company were lost (dang it) and I kept getting an error message saying   Syntax error in "header" action in spam actions,
missing ":" in etc/MailScanner/rules/non.spam.rules

We have checked and rechecked the rule-set pattern to see if we missed something and have tried a few things and nothing has worked so far.  We would like to not have to set up an additional smtp server to take care of this issue so any additional thoughts would be great, or let me know if you need/want any additional information


-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info>] On Behalf Of Alex Neuman
Sent: Monday, September 17, 2012 12:41 PM
To: MailScanner discussion
Subject: Re: Filter by IP
You can probably add the test server's IP to the spam whitelist, then add a "non-spam actions" ruleset that says something like:

To:allowed.domain.com<http://allowed.domain.com> deliver
To:allowed2.domain.com<http://allowed2.domain.com> deliver
From:xx.xx.xx.xx store

That way, the first two domains "hit" and "deliver" the e-mails, while anything else from the test server will be "stored" - you could use "delete" but just in case use "store" so you can release them if necessary.


On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron <Sampson at p2sol.com<mailto:Sampson at p2sol.com>> wrote:
> I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam
> Assassin and Clamd and I have a Test server that I am trying to
> prevent from e-mailing anyone outside 2 certain domains.  I have been
> trying to figure out the best way to set this up so that it does not
> interfere with the production servers or regular e-mails.  But not really clear on the best way to set this up.
>
> I thought about trying to put something in whitelist.rules but want to
> have a clear plan of attack before I try anything to prevent
> disruption of normal e-mails.
>
>
>
> Wanting to do something like
>
> When From: ip.tst.srv.add           Only Allow to send to: our.domain.com<http://our.domain.com> &
> this domain.com<http://domain.com> (and block anything not to that domain)
>
>
>
> Any thoughts would be greatly appreciated
>
>
>
>
>
> Aaron Sampson
>
> IT Department
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



--

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505<tel:%2B507-6781-9505>
+507-832-6725<tel:%2B507-832-6725>
+1-440-253-9789<tel:%2B1-440-253-9789> (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120919/0e7e2ffa/attachment.html 

From Sampson at p2sol.com  Wed Sep 19 19:35:13 2012
From: Sampson at p2sol.com (Sampson, Aaron)
Date: Wed, 19 Sep 2012 18:35:13 +0000
Subject: Filter by IP
In-Reply-To: <CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>
	<CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com>
	<CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com>
Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FBB33@COMM1.p2sol.com>

Martin,

What did you mean by no tabs? Like the rule-set should look like To: *@domain.com<mailto:*@domain.com> deliver instead of To:                *@domain.com<mailto:*@domain.com>                deliver
It appears in the examples that there are tabs between each part like in the 2nd example listed above.  I did refer to these examples when setting this rule up, but still no luck

From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Martin Hepworth
Sent: Wednesday, September 19, 2012 10:47 AM
To: MailScanner discussion
Subject: Re: Filter by IP

have you made sure there no tab's in that ruleset.
check out the examples in the examples dir and here.

http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=rules

yes you'll need the default entry , try making sure the capitalisasion is consistent with the examples as welll.

To: @domain1.com<http://domain1.com> deliver
To: @domain2.com<http://domain2.com> deliver
From: ip.address        store
FromOrTo: default       deliver

--
Martin Hepworth, CISSP
Oxford, UK

On 19 September 2012 16:00, Sampson, Aaron <Sampson at p2sol.com<mailto:Sampson at p2sol.com>> wrote:
Alex,

So I tried out your suggestion and put in a a ruleset in the non-spam actions. rules that read
to: *@domain1.com<http://domain1.com> deliver
to: *@domain2.com<http://domain2.com> deliver
from: ip.address        store
and then when that did not work added
fromorTo: default       deliver

Still did not work and all e-mails coming into the company were lost (dang it) and I kept getting an error message saying   Syntax error in "header" action in spam actions,
missing ":" in etc/MailScanner/rules/non.spam.rules

We have checked and rechecked the rule-set pattern to see if we missed something and have tried a few things and nothing has worked so far.  We would like to not have to set up an additional smtp server to take care of this issue so any additional thoughts would be great, or let me know if you need/want any additional information


-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info>] On Behalf Of Alex Neuman
Sent: Monday, September 17, 2012 12:41 PM
To: MailScanner discussion
Subject: Re: Filter by IP
You can probably add the test server's IP to the spam whitelist, then add a "non-spam actions" ruleset that says something like:

To:allowed.domain.com<http://allowed.domain.com> deliver
To:allowed2.domain.com<http://allowed2.domain.com> deliver
From:xx.xx.xx.xx store

That way, the first two domains "hit" and "deliver" the e-mails, while anything else from the test server will be "stored" - you could use "delete" but just in case use "store" so you can release them if necessary.


On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron <Sampson at p2sol.com<mailto:Sampson at p2sol.com>> wrote:
> I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam
> Assassin and Clamd and I have a Test server that I am trying to
> prevent from e-mailing anyone outside 2 certain domains.  I have been
> trying to figure out the best way to set this up so that it does not
> interfere with the production servers or regular e-mails.  But not really clear on the best way to set this up.
>
> I thought about trying to put something in whitelist.rules but want to
> have a clear plan of attack before I try anything to prevent
> disruption of normal e-mails.
>
>
>
> Wanting to do something like
>
> When From: ip.tst.srv.add           Only Allow to send to: our.domain.com<http://our.domain.com> &
> this domain.com<http://domain.com> (and block anything not to that domain)
>
>
>
> Any thoughts would be greatly appreciated
>
>
>
>
>
> Aaron Sampson
>
> IT Department
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



--

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505<tel:%2B507-6781-9505>
+507-832-6725<tel:%2B507-832-6725>
+1-440-253-9789<tel:%2B1-440-253-9789> (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120919/8a494418/attachment.html 

From campbell at cnpapers.com  Wed Sep 19 20:01:17 2012
From: campbell at cnpapers.com (Steve Campbell)
Date: Wed, 19 Sep 2012 15:01:17 -0400
Subject: Filter by IP
In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>
	<CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com>
	<CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com>
Message-ID: <505A167D.1000203@cnpapers.com>

Are you certain you didn't type ";" instead of ":" in you rule file? It 
sort of indicates that one of your lines needs that ":" in it

steve campbell
On 9/19/2012 2:25 PM, Sampson, Aaron wrote:
>
> I did make sure that the capitalization was the same through it all 
> and that everything was spaced out the same as well, still got the 
> same error message.  Did discover that everything seemed to be working 
> properly with Mail Scanner until I attempted to send out an e-mail 
> from one of the domains that I had listed.  Once that e-mail attempted 
> to go through the system the syntax error appeared.
>
> *From:*mailscanner-bounces at lists.mailscanner.info 
> [mailto:mailscanner-bounces at lists.mailscanner.info] *On Behalf Of 
> *Martin Hepworth
> *Sent:* Wednesday, September 19, 2012 10:47 AM
> *To:* MailScanner discussion
> *Subject:* Re: Filter by IP
>
> have you made sure there no tab's in that ruleset.
> check out the examples in the examples dir and here.
>
> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=rules
>
> yes you'll need the default entry , try making sure the capitalisasion 
> is consistent with the examples as welll.
>
> To: @domain1.com <http://domain1.com> deliver
> To: @domain2.com <http://domain2.com> deliver
> From: ip.address        store
> FromOrTo: default       deliver
>
> -- 
> Martin Hepworth, CISSP
> Oxford, UK
>
> On 19 September 2012 16:00, Sampson, Aaron <Sampson at p2sol.com 
> <mailto:Sampson at p2sol.com>> wrote:
>
> Alex,
>
> So I tried out your suggestion and put in a a ruleset in the non-spam 
> actions. rules that read
> to: *@domain1.com <http://domain1.com> deliver
> to: *@domain2.com <http://domain2.com> deliver
> from: ip.address        store
> and then when that did not work added
> fromorTo: default       deliver
>
> Still did not work and all e-mails coming into the company were lost 
> (dang it) and I kept getting an error message saying   Syntax error in 
> "header" action in spam actions,
> missing ":" in etc/MailScanner/rules/non.spam.rules
>
> We have checked and rechecked the rule-set pattern to see if we missed 
> something and have tried a few things and nothing has worked so far. 
>  We would like to not have to set up an additional smtp server to take 
> care of this issue so any additional thoughts would be great, or let 
> me know if you need/want any additional information
>
>
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info 
> <mailto:mailscanner-bounces at lists.mailscanner.info> 
> [mailto:mailscanner-bounces at lists.mailscanner.info 
> <mailto:mailscanner-bounces at lists.mailscanner.info>] On Behalf Of Alex 
> Neuman
> Sent: Monday, September 17, 2012 12:41 PM
> To: MailScanner discussion
> Subject: Re: Filter by IP
>
> You can probably add the test server's IP to the spam whitelist, then 
> add a "non-spam actions" ruleset that says something like:
>
> To:allowed.domain.com <http://allowed.domain.com> deliver
> To:allowed2.domain.com <http://allowed2.domain.com> deliver
> From:xx.xx.xx.xx store
>
> That way, the first two domains "hit" and "deliver" the e-mails, while 
> anything else from the test server will be "stored" - you could use 
> "delete" but just in case use "store" so you can release them if 
> necessary.
>
>
> On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron <Sampson at p2sol.com 
> <mailto:Sampson at p2sol.com>> wrote:
> > I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam
> > Assassin and Clamd and I have a Test server that I am trying to
> > prevent from e-mailing anyone outside 2 certain domains.  I have been
> > trying to figure out the best way to set this up so that it does not
> > interfere with the production servers or regular e-mails.  But not 
> really clear on the best way to set this up.
> >
> > I thought about trying to put something in whitelist.rules but want to
> > have a clear plan of attack before I try anything to prevent
> > disruption of normal e-mails.
> >
> >
> >
> > Wanting to do something like
> >
> > When From: ip.tst.srv.add           Only Allow to send to: 
> our.domain.com <http://our.domain.com> &
> > this domain.com <http://domain.com> (and block anything not to that 
> domain)
> >
> >
> >
> > Any thoughts would be greatly appreciated
> >
> >
> >
> >
> >
> > Aaron Sampson
> >
> > IT Department
> >
> >
> >
> >
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info 
> <mailto:mailscanner at lists.mailscanner.info>
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting 
> <http://wiki.mailscanner.info/posting>
> >
> > Support MailScanner development - buy the book off the website!
> >
>
>
>
> --
>
> --
>
> Alex Neuman van der Hans
> Reliant Technologies / Vida Digital
> http://vidadigital.com.pa/
>
> +507-6781-9505 <tel:%2B507-6781-9505>
> +507-832-6725 <tel:%2B507-832-6725>
> +1-440-253-9789 <tel:%2B1-440-253-9789> (USA)
>
> Follow @AlexNeuman on Twitter
> http://facebook.com/vidadigital
>
>
> -- So-called "legal disclaimers" are not legally binding, so don't 
> bother. A cute graphic saying "save the planet, don't print this" can 
> potentially create more CO2, not less, so don't bother either.
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info 
> <mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting 
> <http://wiki.mailscanner.info/posting>
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info 
> <mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting 
> <http://wiki.mailscanner.info/posting>
>
> Support MailScanner development - buy the book off the website!
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120919/9931e9d7/attachment.html 

From Sampson at p2sol.com  Wed Sep 19 21:35:42 2012
From: Sampson at p2sol.com (Sampson, Aaron)
Date: Wed, 19 Sep 2012 20:35:42 +0000
Subject: Filter by IP
In-Reply-To: <505A167D.1000203@cnpapers.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>
	<CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com>
	<CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com>
	<505A167D.1000203@cnpapers.com>
Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FBC44@COMM1.p2sol.com>

Yes we double checked it several times and referred back to examples in the documentations to see if we had missed something.  By what we can tell it should work but it seems to break every time an e-mail comes from one of those domains.

From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steve Campbell
Sent: Wednesday, September 19, 2012 2:01 PM
To: mailscanner at lists.mailscanner.info
Subject: Re: Filter by IP

Are you certain you didn't type ";" instead of ":" in you rule file? It sort of indicates that one of your lines needs that ":" in it

steve campbell
On 9/19/2012 2:25 PM, Sampson, Aaron wrote:
I did make sure that the capitalization was the same through it all and that everything was spaced out the same as well, still got the same error message.  Did discover that everything seemed to be working properly with Mail Scanner until I attempted to send out an e-mail from one of the domains that I had listed.  Once that e-mail attempted to go through the system the syntax error appeared.

From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Martin Hepworth
Sent: Wednesday, September 19, 2012 10:47 AM
To: MailScanner discussion
Subject: Re: Filter by IP

have you made sure there no tab's in that ruleset.
check out the examples in the examples dir and here.

http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=rules

yes you'll need the default entry , try making sure the capitalisasion is consistent with the examples as welll.

To: @domain1.com<http://domain1.com> deliver
To: @domain2.com<http://domain2.com> deliver
From: ip.address        store
FromOrTo: default       deliver

--
Martin Hepworth, CISSP
Oxford, UK


On 19 September 2012 16:00, Sampson, Aaron <Sampson at p2sol.com<mailto:Sampson at p2sol.com>> wrote:
Alex,

So I tried out your suggestion and put in a a ruleset in the non-spam actions. rules that read
to: *@domain1.com<http://domain1.com> deliver
to: *@domain2.com<http://domain2.com> deliver
from: ip.address        store
and then when that did not work added
fromorTo: default       deliver

Still did not work and all e-mails coming into the company were lost (dang it) and I kept getting an error message saying   Syntax error in "header" action in spam actions,
missing ":" in etc/MailScanner/rules/non.spam.rules

We have checked and rechecked the rule-set pattern to see if we missed something and have tried a few things and nothing has worked so far.  We would like to not have to set up an additional smtp server to take care of this issue so any additional thoughts would be great, or let me know if you need/want any additional information


-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info>] On Behalf Of Alex Neuman
Sent: Monday, September 17, 2012 12:41 PM
To: MailScanner discussion
Subject: Re: Filter by IP
You can probably add the test server's IP to the spam whitelist, then add a "non-spam actions" ruleset that says something like:

To:allowed.domain.com<http://allowed.domain.com> deliver
To:allowed2.domain.com<http://allowed2.domain.com> deliver
From:xx.xx.xx.xx store

That way, the first two domains "hit" and "deliver" the e-mails, while anything else from the test server will be "stored" - you could use "delete" but just in case use "store" so you can release them if necessary.


On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron <Sampson at p2sol.com<mailto:Sampson at p2sol.com>> wrote:
> I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam
> Assassin and Clamd and I have a Test server that I am trying to
> prevent from e-mailing anyone outside 2 certain domains.  I have been
> trying to figure out the best way to set this up so that it does not
> interfere with the production servers or regular e-mails.  But not really clear on the best way to set this up.
>
> I thought about trying to put something in whitelist.rules but want to
> have a clear plan of attack before I try anything to prevent
> disruption of normal e-mails.
>
>
>
> Wanting to do something like
>
> When From: ip.tst.srv.add           Only Allow to send to: our.domain.com<http://our.domain.com> &
> this domain.com<http://domain.com> (and block anything not to that domain)
>
>
>
> Any thoughts would be greatly appreciated
>
>
>
>
>
> Aaron Sampson
>
> IT Department
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



--

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505<tel:%2B507-6781-9505>
+507-832-6725<tel:%2B507-832-6725>
+1-440-253-9789<tel:%2B1-440-253-9789> (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120919/c8fd45e1/attachment-0001.html 

From alex at vidadigital.com.pa  Thu Sep 20 02:39:49 2012
From: alex at vidadigital.com.pa (Alex Neuman)
Date: Wed, 19 Sep 2012 20:39:49 -0500
Subject: Filter by IP
In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FBC44@COMM1.p2sol.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>
	<CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com>
	<CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com>
	<505A167D.1000203@cnpapers.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FBC44@COMM1.p2sol.com>
Message-ID: <CANyE0PpEOmZ1fxfjntN9KY2tX43MWfAJUuE3Eg7k8=i8nzo2Qw@mail.gmail.com>

It *does* say "syntax error", you just have to find out where you're
typing it wrong, I guess.

And the e-mails were probably not lost, since you have "store" - in
fact, your defaults *should* be, specially when testing, "deliver
store" so you *always* have a copy in the quarantine.

On Wed, Sep 19, 2012 at 3:35 PM, Sampson, Aaron <Sampson at p2sol.com> wrote:
> Yes we double checked it several times and referred back to examples in the
> documentations to see if we had missed something.  By what we can tell it
> should work but it seems to break every time an e-mail comes from one of
> those domains.
>
>
>
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steve
> Campbell
> Sent: Wednesday, September 19, 2012 2:01 PM
> To: mailscanner at lists.mailscanner.info
>
>
> Subject: Re: Filter by IP
>
>
>
> Are you certain you didn't type ";" instead of ":" in you rule file? It sort
> of indicates that one of your lines needs that ":" in it
>
> steve campbell
>
> On 9/19/2012 2:25 PM, Sampson, Aaron wrote:
>
> I did make sure that the capitalization was the same through it all and that
> everything was spaced out the same as well, still got the same error
> message.  Did discover that everything seemed to be working properly with
> Mail Scanner until I attempted to send out an e-mail from one of the domains
> that I had listed.  Once that e-mail attempted to go through the system the
> syntax error appeared.
>
>
>
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Martin
> Hepworth
> Sent: Wednesday, September 19, 2012 10:47 AM
> To: MailScanner discussion
> Subject: Re: Filter by IP
>
>
>
> have you made sure there no tab's in that ruleset.
> check out the examples in the examples dir and here.
>
> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=rules
>
> yes you'll need the default entry , try making sure the capitalisasion is
> consistent with the examples as welll.
>
> To: @domain1.com deliver
> To: @domain2.com deliver
> From: ip.address        store
> FromOrTo: default       deliver
>
> --
> Martin Hepworth, CISSP
> Oxford, UK
>
>
> On 19 September 2012 16:00, Sampson, Aaron <Sampson at p2sol.com> wrote:
>
> Alex,
>
> So I tried out your suggestion and put in a a ruleset in the non-spam
> actions. rules that read
> to: *@domain1.com deliver
> to: *@domain2.com deliver
> from: ip.address        store
> and then when that did not work added
> fromorTo: default       deliver
>
> Still did not work and all e-mails coming into the company were lost (dang
> it) and I kept getting an error message saying   Syntax error in "header"
> action in spam actions,
> missing ":" in etc/MailScanner/rules/non.spam.rules
>
> We have checked and rechecked the rule-set pattern to see if we missed
> something and have tried a few things and nothing has worked so far.  We
> would like to not have to set up an additional smtp server to take care of
> this issue so any additional thoughts would be great, or let me know if you
> need/want any additional information
>
>
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman
> Sent: Monday, September 17, 2012 12:41 PM
> To: MailScanner discussion
> Subject: Re: Filter by IP
>
> You can probably add the test server's IP to the spam whitelist, then add a
> "non-spam actions" ruleset that says something like:
>
> To:allowed.domain.com deliver
> To:allowed2.domain.com deliver
> From:xx.xx.xx.xx store
>
> That way, the first two domains "hit" and "deliver" the e-mails, while
> anything else from the test server will be "stored" - you could use "delete"
> but just in case use "store" so you can release them if necessary.
>
>
> On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron <Sampson at p2sol.com> wrote:
>> I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam
>> Assassin and Clamd and I have a Test server that I am trying to
>> prevent from e-mailing anyone outside 2 certain domains.  I have been
>> trying to figure out the best way to set this up so that it does not
>> interfere with the production servers or regular e-mails.  But not really
>> clear on the best way to set this up.
>>
>> I thought about trying to put something in whitelist.rules but want to
>> have a clear plan of attack before I try anything to prevent
>> disruption of normal e-mails.
>>
>>
>>
>> Wanting to do something like
>>
>> When From: ip.tst.srv.add           Only Allow to send to: our.domain.com
>> &
>> this domain.com (and block anything not to that domain)
>>
>>
>>
>> Any thoughts would be greatly appreciated
>>
>>
>>
>>
>>
>> Aaron Sampson
>>
>> IT Department
>>
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
>
>
> --
>
> --
>
> Alex Neuman van der Hans
> Reliant Technologies / Vida Digital
> http://vidadigital.com.pa/
>
> +507-6781-9505
> +507-832-6725
> +1-440-253-9789 (USA)
>
> Follow @AlexNeuman on Twitter
> http://facebook.com/vidadigital
>
>
> -- So-called "legal disclaimers" are not legally binding, so don't bother. A
> cute graphic saying "save the planet, don't print this" can potentially
> create more CO2, not less, so don't bother either.
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
>
>
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



-- 

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't
bother. A cute graphic saying "save the planet, don't print this" can
potentially create more CO2, not less, so don't bother either.

From campbell at cnpapers.com  Thu Sep 20 13:27:13 2012
From: campbell at cnpapers.com (Steve Campbell)
Date: Thu, 20 Sep 2012 08:27:13 -0400
Subject: Filter by IP
In-Reply-To: <505A167D.1000203@cnpapers.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>
	<CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com>
	<CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com>
	<505A167D.1000203@cnpapers.com>
Message-ID: <505B0BA1.5060003@cnpapers.com>

This isn't a DOS, instead of a UNIX file, perhaps? Was it created and 
modified on the server or did you copy it from a Windows machine? Do you 
need to run dos2unix on it?

steve campbell
On 9/19/2012 3:01 PM, Steve Campbell wrote:
> Are you certain you didn't type ";" instead of ":" in you rule file? 
> It sort of indicates that one of your lines needs that ":" in it
>
> steve campbell
> On 9/19/2012 2:25 PM, Sampson, Aaron wrote:
>>
>> I did make sure that the capitalization was the same through it all 
>> and that everything was spaced out the same as well, still got the 
>> same error message.  Did discover that everything seemed to be 
>> working properly with Mail Scanner until I attempted to send out an 
>> e-mail from one of the domains that I had listed.  Once that e-mail 
>> attempted to go through the system the syntax error appeared.
>>
>> *From:*mailscanner-bounces at lists.mailscanner.info 
>> [mailto:mailscanner-bounces at lists.mailscanner.info] *On Behalf Of 
>> *Martin Hepworth
>> *Sent:* Wednesday, September 19, 2012 10:47 AM
>> *To:* MailScanner discussion
>> *Subject:* Re: Filter by IP
>>
>> have you made sure there no tab's in that ruleset.
>> check out the examples in the examples dir and here.
>>
>> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=rules
>>
>> yes you'll need the default entry , try making sure the 
>> capitalisasion is consistent with the examples as welll.
>>
>> To: @domain1.com <http://domain1.com> deliver
>> To: @domain2.com <http://domain2.com> deliver
>> From: ip.address        store
>> FromOrTo: default       deliver
>>
>> -- 
>> Martin Hepworth, CISSP
>> Oxford, UK
>>
>> On 19 September 2012 16:00, Sampson, Aaron <Sampson at p2sol.com 
>> <mailto:Sampson at p2sol.com>> wrote:
>>
>> Alex,
>>
>> So I tried out your suggestion and put in a a ruleset in the non-spam 
>> actions. rules that read
>> to: *@domain1.com <http://domain1.com> deliver
>> to: *@domain2.com <http://domain2.com> deliver
>> from: ip.address        store
>> and then when that did not work added
>> fromorTo: default       deliver
>>
>> Still did not work and all e-mails coming into the company were lost 
>> (dang it) and I kept getting an error message saying   Syntax error 
>> in "header" action in spam actions,
>> missing ":" in etc/MailScanner/rules/non.spam.rules
>>
>> We have checked and rechecked the rule-set pattern to see if we 
>> missed something and have tried a few things and nothing has worked 
>> so far.  We would like to not have to set up an additional smtp 
>> server to take care of this issue so any additional thoughts would be 
>> great, or let me know if you need/want any additional information
>>
>>
>>
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info 
>> <mailto:mailscanner-bounces at lists.mailscanner.info> 
>> [mailto:mailscanner-bounces at lists.mailscanner.info 
>> <mailto:mailscanner-bounces at lists.mailscanner.info>] On Behalf Of 
>> Alex Neuman
>> Sent: Monday, September 17, 2012 12:41 PM
>> To: MailScanner discussion
>> Subject: Re: Filter by IP
>>
>> You can probably add the test server's IP to the spam whitelist, then 
>> add a "non-spam actions" ruleset that says something like:
>>
>> To:allowed.domain.com <http://allowed.domain.com> deliver
>> To:allowed2.domain.com <http://allowed2.domain.com> deliver
>> From:xx.xx.xx.xx store
>>
>> That way, the first two domains "hit" and "deliver" the e-mails, 
>> while anything else from the test server will be "stored" - you could 
>> use "delete" but just in case use "store" so you can release them if 
>> necessary.
>>
>>
>> On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron <Sampson at p2sol.com 
>> <mailto:Sampson at p2sol.com>> wrote:
>> > I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam
>> > Assassin and Clamd and I have a Test server that I am trying to
>> > prevent from e-mailing anyone outside 2 certain domains.  I have been
>> > trying to figure out the best way to set this up so that it does not
>> > interfere with the production servers or regular e-mails.  But not 
>> really clear on the best way to set this up.
>> >
>> > I thought about trying to put something in whitelist.rules but want to
>> > have a clear plan of attack before I try anything to prevent
>> > disruption of normal e-mails.
>> >
>> >
>> >
>> > Wanting to do something like
>> >
>> > When From: ip.tst.srv.add           Only Allow to send to: 
>> our.domain.com <http://our.domain.com> &
>> > this domain.com <http://domain.com> (and block anything not to that 
>> domain)
>> >
>> >
>> >
>> > Any thoughts would be greatly appreciated
>> >
>> >
>> >
>> >
>> >
>> > Aaron Sampson
>> >
>> > IT Department
>> >
>> >
>> >
>> >
>> > --
>> > MailScanner mailing list
>> > mailscanner at lists.mailscanner.info 
>> <mailto:mailscanner at lists.mailscanner.info>
>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >
>> > Before posting, read http://wiki.mailscanner.info/posting 
>> <http://wiki.mailscanner.info/posting>
>> >
>> > Support MailScanner development - buy the book off the website!
>> >
>>
>>
>>
>> --
>>
>> --
>>
>> Alex Neuman van der Hans
>> Reliant Technologies / Vida Digital
>> http://vidadigital.com.pa/
>>
>> +507-6781-9505 <tel:%2B507-6781-9505>
>> +507-832-6725 <tel:%2B507-832-6725>
>> +1-440-253-9789 <tel:%2B1-440-253-9789> (USA)
>>
>> Follow @AlexNeuman on Twitter
>> http://facebook.com/vidadigital
>>
>>
>> -- So-called "legal disclaimers" are not legally binding, so don't 
>> bother. A cute graphic saying "save the planet, don't print this" can 
>> potentially create more CO2, not less, so don't bother either.
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info 
>> <mailto:mailscanner at lists.mailscanner.info>
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting 
>> <http://wiki.mailscanner.info/posting>
>>
>> Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info 
>> <mailto:mailscanner at lists.mailscanner.info>
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting 
>> <http://wiki.mailscanner.info/posting>
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120920/a76337c2/attachment.html 

From Sampson at p2sol.com  Thu Sep 20 14:15:06 2012
From: Sampson at p2sol.com (Sampson, Aaron)
Date: Thu, 20 Sep 2012 13:15:06 +0000
Subject: Filter by IP
In-Reply-To: <505B0BA1.5060003@cnpapers.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>
	<CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com>
	<CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com>
	<505A167D.1000203@cnpapers.com> <505B0BA1.5060003@cnpapers.com>
Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com>

No it was created on UNIX on the e-mail server

From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steve Campbell
Sent: Thursday, September 20, 2012 7:27 AM
To: mailscanner at lists.mailscanner.info
Subject: Re: Filter by IP

This isn't a DOS, instead of a UNIX file, perhaps? Was it created and modified on the server or did you copy it from a Windows machine? Do you need to run dos2unix on it?

steve campbell
On 9/19/2012 3:01 PM, Steve Campbell wrote:
Are you certain you didn't type ";" instead of ":" in you rule file? It sort of indicates that one of your lines needs that ":" in it

steve campbell
On 9/19/2012 2:25 PM, Sampson, Aaron wrote:
I did make sure that the capitalization was the same through it all and that everything was spaced out the same as well, still got the same error message.  Did discover that everything seemed to be working properly with Mail Scanner until I attempted to send out an e-mail from one of the domains that I had listed.  Once that e-mail attempted to go through the system the syntax error appeared.

From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Martin Hepworth
Sent: Wednesday, September 19, 2012 10:47 AM
To: MailScanner discussion
Subject: Re: Filter by IP

have you made sure there no tab's in that ruleset.
check out the examples in the examples dir and here.

http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=rules

yes you'll need the default entry , try making sure the capitalisasion is consistent with the examples as welll.

To: @domain1.com<http://domain1.com> deliver
To: @domain2.com<http://domain2.com> deliver
From: ip.address        store
FromOrTo: default       deliver

--
Martin Hepworth, CISSP
Oxford, UK


On 19 September 2012 16:00, Sampson, Aaron <Sampson at p2sol.com<mailto:Sampson at p2sol.com>> wrote:
Alex,

So I tried out your suggestion and put in a a ruleset in the non-spam actions. rules that read
to: *@domain1.com<http://domain1.com> deliver
to: *@domain2.com<http://domain2.com> deliver
from: ip.address        store
and then when that did not work added
fromorTo: default       deliver

Still did not work and all e-mails coming into the company were lost (dang it) and I kept getting an error message saying   Syntax error in "header" action in spam actions,
missing ":" in etc/MailScanner/rules/non.spam.rules

We have checked and rechecked the rule-set pattern to see if we missed something and have tried a few things and nothing has worked so far.  We would like to not have to set up an additional smtp server to take care of this issue so any additional thoughts would be great, or let me know if you need/want any additional information


-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info>] On Behalf Of Alex Neuman
Sent: Monday, September 17, 2012 12:41 PM
To: MailScanner discussion
Subject: Re: Filter by IP
You can probably add the test server's IP to the spam whitelist, then add a "non-spam actions" ruleset that says something like:

To:allowed.domain.com<http://allowed.domain.com> deliver
To:allowed2.domain.com<http://allowed2.domain.com> deliver
From:xx.xx.xx.xx store

That way, the first two domains "hit" and "deliver" the e-mails, while anything else from the test server will be "stored" - you could use "delete" but just in case use "store" so you can release them if necessary.


On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron <Sampson at p2sol.com<mailto:Sampson at p2sol.com>> wrote:
> I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam
> Assassin and Clamd and I have a Test server that I am trying to
> prevent from e-mailing anyone outside 2 certain domains.  I have been
> trying to figure out the best way to set this up so that it does not
> interfere with the production servers or regular e-mails.  But not really clear on the best way to set this up.
>
> I thought about trying to put something in whitelist.rules but want to
> have a clear plan of attack before I try anything to prevent
> disruption of normal e-mails.
>
>
>
> Wanting to do something like
>
> When From: ip.tst.srv.add           Only Allow to send to: our.domain.com<http://our.domain.com> &
> this domain.com<http://domain.com> (and block anything not to that domain)
>
>
>
> Any thoughts would be greatly appreciated
>
>
>
>
>
> Aaron Sampson
>
> IT Department
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



--

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505<tel:%2B507-6781-9505>
+507-832-6725<tel:%2B507-832-6725>
+1-440-253-9789<tel:%2B1-440-253-9789> (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!







-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120920/c65327e5/attachment.html 

From john.clancy at businessworld.ie  Thu Sep 20 14:33:17 2012
From: john.clancy at businessworld.ie (John Clancy)
Date: Thu, 20 Sep 2012 14:33:17 +0100
Subject: Filter by IP
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com>
	<505B0BA1.5060003@cnpapers.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com>
Message-ID: <014a01cd9734$7e0cbcf0$696078c1@JCSPC>

I'm not an expert by any means but perhaps doing an 'od -c' on the file and posting it here might help someone to spot the problem.

JC
  ----- Original Message ----- 
  From: Sampson, Aaron 
  To: MailScanner discussion 
  Sent: Thursday, September 20, 2012 2:15 PM
  Subject: RE: Filter by IP


  No it was created on UNIX on the e-mail server 

   

  From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steve Campbell
  Sent: Thursday, September 20, 2012 7:27 AM
  To: mailscanner at lists.mailscanner.info
  Subject: Re: Filter by IP

   

  This isn't a DOS, instead of a UNIX file, perhaps? Was it created and modified on the server or did you copy it from a Windows machine? Do you need to run dos2unix on it?

  steve campbell

  On 9/19/2012 3:01 PM, Steve Campbell wrote:

    Are you certain you didn't type ";" instead of ":" in you rule file? It sort of indicates that one of your lines needs that ":" in it

    steve campbell

    On 9/19/2012 2:25 PM, Sampson, Aaron wrote:

      I did make sure that the capitalization was the same through it all and that everything was spaced out the same as well, still got the same error message.  Did discover that everything seemed to be working properly with Mail Scanner until I attempted to send out an e-mail from one of the domains that I had listed.  Once that e-mail attempted to go through the system the syntax error appeared.

       

      From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Martin Hepworth
      Sent: Wednesday, September 19, 2012 10:47 AM
      To: MailScanner discussion
      Subject: Re: Filter by IP

       

      have you made sure there no tab's in that ruleset.
      check out the examples in the examples dir and here.

      http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=rules

      yes you'll need the default entry , try making sure the capitalisasion is consistent with the examples as welll.

      To: @domain1.com deliver
      To: @domain2.com deliver
      From: ip.address        store
      FromOrTo: default       deliver

      -- 
      Martin Hepworth, CISSP
      Oxford, UK




      On 19 September 2012 16:00, Sampson, Aaron <Sampson at p2sol.com> wrote:

      Alex,

      So I tried out your suggestion and put in a a ruleset in the non-spam actions. rules that read
      to: *@domain1.com deliver
      to: *@domain2.com deliver
      from: ip.address        store
      and then when that did not work added
      fromorTo: default       deliver

      Still did not work and all e-mails coming into the company were lost (dang it) and I kept getting an error message saying   Syntax error in "header" action in spam actions,
      missing ":" in etc/MailScanner/rules/non.spam.rules

      We have checked and rechecked the rule-set pattern to see if we missed something and have tried a few things and nothing has worked so far.  We would like to not have to set up an additional smtp server to take care of this issue so any additional thoughts would be great, or let me know if you need/want any additional information



      -----Original Message-----
      From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman
      Sent: Monday, September 17, 2012 12:41 PM
      To: MailScanner discussion
      Subject: Re: Filter by IP

      You can probably add the test server's IP to the spam whitelist, then add a "non-spam actions" ruleset that says something like:

      To:allowed.domain.com deliver
      To:allowed2.domain.com deliver
      From:xx.xx.xx.xx store

      That way, the first two domains "hit" and "deliver" the e-mails, while anything else from the test server will be "stored" - you could use "delete" but just in case use "store" so you can release them if necessary.


      On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron <Sampson at p2sol.com> wrote:
      > I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam
      > Assassin and Clamd and I have a Test server that I am trying to
      > prevent from e-mailing anyone outside 2 certain domains.  I have been
      > trying to figure out the best way to set this up so that it does not
      > interfere with the production servers or regular e-mails.  But not really clear on the best way to set this up.
      >
      > I thought about trying to put something in whitelist.rules but want to
      > have a clear plan of attack before I try anything to prevent
      > disruption of normal e-mails.
      >
      >
      >
      > Wanting to do something like
      >
      > When From: ip.tst.srv.add           Only Allow to send to: our.domain.com &
      > this domain.com (and block anything not to that domain)
      >
      >
      >
      > Any thoughts would be greatly appreciated
      >
      >
      >
      >
      >
      > Aaron Sampson
      >
      > IT Department
      >
      >
      >
      >
      > --
      > MailScanner mailing list
      > mailscanner at lists.mailscanner.info
      > http://lists.mailscanner.info/mailman/listinfo/mailscanner
      >
      > Before posting, read http://wiki.mailscanner.info/posting
      >
      > Support MailScanner development - buy the book off the website!
      >



      --

      --

      Alex Neuman van der Hans
      Reliant Technologies / Vida Digital
      http://vidadigital.com.pa/

      +507-6781-9505
      +507-832-6725
      +1-440-253-9789 (USA)

      Follow @AlexNeuman on Twitter
      http://facebook.com/vidadigital


      -- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either.
      --
      MailScanner mailing list
      mailscanner at lists.mailscanner.info
      http://lists.mailscanner.info/mailman/listinfo/mailscanner

      Before posting, read http://wiki.mailscanner.info/posting

      Support MailScanner development - buy the book off the website!
      --
      MailScanner mailing list
      mailscanner at lists.mailscanner.info
      http://lists.mailscanner.info/mailman/listinfo/mailscanner

      Before posting, read http://wiki.mailscanner.info/posting

      Support MailScanner development - buy the book off the website!

       










   



------------------------------------------------------------------------------


  -- 
  MailScanner mailing list
  mailscanner at lists.mailscanner.info
  http://lists.mailscanner.info/mailman/listinfo/mailscanner

  Before posting, read http://wiki.mailscanner.info/posting

  Support MailScanner development - buy the book off the website! 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120920/e87b03be/attachment.html 

From Sampson at p2sol.com  Thu Sep 20 14:58:58 2012
From: Sampson at p2sol.com (Sampson, Aaron)
Date: Thu, 20 Sep 2012 13:58:58 +0000
Subject: Filter by IP
In-Reply-To: <CANyE0PpEOmZ1fxfjntN9KY2tX43MWfAJUuE3Eg7k8=i8nzo2Qw@mail.gmail.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>
	<CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com>
	<CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com>
	<505A167D.1000203@cnpapers.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FBC44@COMM1.p2sol.com>
	<CANyE0PpEOmZ1fxfjntN9KY2tX43MWfAJUuE3Eg7k8=i8nzo2Qw@mail.gmail.com>
Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FC36B@COMM1.p2sol.com>

The problem comes in trying to figure out where I went wrong with it.  I have more than triple checked it and also had another IT guy with WAY more experience has double checked everything as well.  Think we are going to build a test system to play around with and see if we can get this to work, but please keep the ideas coming
. -----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman
Sent: Wednesday, September 19, 2012 8:40 PM
To: MailScanner discussion
Subject: Re: Filter by IP

It *does* say "syntax error", you just have to find out where you're typing it wrong, I guess.

And the e-mails were probably not lost, since you have "store" - in fact, your defaults *should* be, specially when testing, "deliver store" so you *always* have a copy in the quarantine.

On Wed, Sep 19, 2012 at 3:35 PM, Sampson, Aaron <Sampson at p2sol.com> wrote:
> Yes we double checked it several times and referred back to examples 
> in the documentations to see if we had missed something.  By what we 
> can tell it should work but it seems to break every time an e-mail 
> comes from one of those domains.
>
>
>
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steve 
> Campbell
> Sent: Wednesday, September 19, 2012 2:01 PM
> To: mailscanner at lists.mailscanner.info
>
>
> Subject: Re: Filter by IP
>
>
>
> Are you certain you didn't type ";" instead of ":" in you rule file? 
> It sort of indicates that one of your lines needs that ":" in it
>
> steve campbell
>
> On 9/19/2012 2:25 PM, Sampson, Aaron wrote:
>
> I did make sure that the capitalization was the same through it all 
> and that everything was spaced out the same as well, still got the 
> same error message.  Did discover that everything seemed to be working 
> properly with Mail Scanner until I attempted to send out an e-mail 
> from one of the domains that I had listed.  Once that e-mail attempted 
> to go through the system the syntax error appeared.
>
>
>
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of 
> Martin Hepworth
> Sent: Wednesday, September 19, 2012 10:47 AM
> To: MailScanner discussion
> Subject: Re: Filter by IP
>
>
>
> have you made sure there no tab's in that ruleset.
> check out the examples in the examples dir and here.
>
> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:r
> ulesets:examples&s=rules
>
> yes you'll need the default entry , try making sure the capitalisasion 
> is consistent with the examples as welll.
>
> To: @domain1.com deliver
> To: @domain2.com deliver
> From: ip.address        store
> FromOrTo: default       deliver
>
> --
> Martin Hepworth, CISSP
> Oxford, UK
>
>
> On 19 September 2012 16:00, Sampson, Aaron <Sampson at p2sol.com> wrote:
>
> Alex,
>
> So I tried out your suggestion and put in a a ruleset in the non-spam 
> actions. rules that read
> to: *@domain1.com deliver
> to: *@domain2.com deliver
> from: ip.address        store
> and then when that did not work added
> fromorTo: default       deliver
>
> Still did not work and all e-mails coming into the company were lost (dang
> it) and I kept getting an error message saying   Syntax error in "header"
> action in spam actions,
> missing ":" in etc/MailScanner/rules/non.spam.rules
>
> We have checked and rechecked the rule-set pattern to see if we missed 
> something and have tried a few things and nothing has worked so far.  
> We would like to not have to set up an additional smtp server to take 
> care of this issue so any additional thoughts would be great, or let 
> me know if you need/want any additional information
>
>
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex 
> Neuman
> Sent: Monday, September 17, 2012 12:41 PM
> To: MailScanner discussion
> Subject: Re: Filter by IP
>
> You can probably add the test server's IP to the spam whitelist, then 
> add a "non-spam actions" ruleset that says something like:
>
> To:allowed.domain.com deliver
> To:allowed2.domain.com deliver
> From:xx.xx.xx.xx store
>
> That way, the first two domains "hit" and "deliver" the e-mails, while 
> anything else from the test server will be "stored" - you could use "delete"
> but just in case use "store" so you can release them if necessary.
>
>
> On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron <Sampson at p2sol.com> wrote:
>> I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam 
>> Assassin and Clamd and I have a Test server that I am trying to 
>> prevent from e-mailing anyone outside 2 certain domains.  I have been 
>> trying to figure out the best way to set this up so that it does not 
>> interfere with the production servers or regular e-mails.  But not 
>> really clear on the best way to set this up.
>>
>> I thought about trying to put something in whitelist.rules but want 
>> to have a clear plan of attack before I try anything to prevent 
>> disruption of normal e-mails.
>>
>>
>>
>> Wanting to do something like
>>
>> When From: ip.tst.srv.add           Only Allow to send to: our.domain.com
>> &
>> this domain.com (and block anything not to that domain)
>>
>>
>>
>> Any thoughts would be greatly appreciated
>>
>>
>>
>>
>>
>> Aaron Sampson
>>
>> IT Department
>>
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
>
>
> --
>
> --
>
> Alex Neuman van der Hans
> Reliant Technologies / Vida Digital
> http://vidadigital.com.pa/
>
> +507-6781-9505
> +507-832-6725
> +1-440-253-9789 (USA)
>
> Follow @AlexNeuman on Twitter
> http://facebook.com/vidadigital
>
>
> -- So-called "legal disclaimers" are not legally binding, so don't 
> bother. A cute graphic saying "save the planet, don't print this" can 
> potentially create more CO2, not less, so don't bother either.
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
>
>
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



-- 

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

From campbell at cnpapers.com  Thu Sep 20 15:29:38 2012
From: campbell at cnpapers.com (Steve Campbell)
Date: Thu, 20 Sep 2012 10:29:38 -0400
Subject: Filter by IP
In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FC36B@COMM1.p2sol.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>
	<CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com>
	<CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com>
	<505A167D.1000203@cnpapers.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FBC44@COMM1.p2sol.com>
	<CANyE0PpEOmZ1fxfjntN9KY2tX43MWfAJUuE3Eg7k8=i8nzo2Qw@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FC36B@COMM1.p2sol.com>
Message-ID: <505B2852.3040901@cnpapers.com>

Just a couple more suggestions, then I'll quit throwing out stupid ideas.

Have you tried running "MailScanner --lint"? You may need to give it the 
full path and the -v option.

Have you considered uploading your config file, along with your rules 
file, so that we may look at it?  As Alex indicated, there seems to be a 
syntax error, and multiple pairs of eyes usually helps me find these 
types or errors. Actually, my own pair of eyes are so old, they really 
don't ever contribute much.

steve


On 9/20/2012 9:58 AM, Sampson, Aaron wrote:
> The problem comes in trying to figure out where I went wrong with it.  I have more than triple checked it and also had another IT guy with WAY more experience has double checked everything as well.  Think we are going to build a test system to play around with and see if we can get this to work, but please keep the ideas coming
> . -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman
> Sent: Wednesday, September 19, 2012 8:40 PM
> To: MailScanner discussion
> Subject: Re: Filter by IP
>
> It *does* say "syntax error", you just have to find out where you're typing it wrong, I guess.
>
> And the e-mails were probably not lost, since you have "store" - in fact, your defaults *should* be, specially when testing, "deliver store" so you *always* have a copy in the quarantine.
>
> On Wed, Sep 19, 2012 at 3:35 PM, Sampson, Aaron <Sampson at p2sol.com> wrote:
>> Yes we double checked it several times and referred back to examples
>> in the documentations to see if we had missed something.  By what we
>> can tell it should work but it seems to break every time an e-mail
>> comes from one of those domains.
>>
>>
>>
>> From: mailscanner-bounces at lists.mailscanner.info
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steve
>> Campbell
>> Sent: Wednesday, September 19, 2012 2:01 PM
>> To: mailscanner at lists.mailscanner.info
>>
>>
>> Subject: Re: Filter by IP
>>
>>
>>
>> Are you certain you didn't type ";" instead of ":" in you rule file?
>> It sort of indicates that one of your lines needs that ":" in it
>>
>> steve campbell
>>
>> On 9/19/2012 2:25 PM, Sampson, Aaron wrote:
>>
>> I did make sure that the capitalization was the same through it all
>> and that everything was spaced out the same as well, still got the
>> same error message.  Did discover that everything seemed to be working
>> properly with Mail Scanner until I attempted to send out an e-mail
>> from one of the domains that I had listed.  Once that e-mail attempted
>> to go through the system the syntax error appeared.
>>
>>
>>
>> From: mailscanner-bounces at lists.mailscanner.info
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
>> Martin Hepworth
>> Sent: Wednesday, September 19, 2012 10:47 AM
>> To: MailScanner discussion
>> Subject: Re: Filter by IP
>>
>>
>>
>> have you made sure there no tab's in that ruleset.
>> check out the examples in the examples dir and here.
>>
>> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:r
>> ulesets:examples&s=rules
>>
>> yes you'll need the default entry , try making sure the capitalisasion
>> is consistent with the examples as welll.
>>
>> To: @domain1.com deliver
>> To: @domain2.com deliver
>> From: ip.address        store
>> FromOrTo: default       deliver
>>
>> --
>> Martin Hepworth, CISSP
>> Oxford, UK
>>
>>
>> On 19 September 2012 16:00, Sampson, Aaron <Sampson at p2sol.com> wrote:
>>
>> Alex,
>>
>> So I tried out your suggestion and put in a a ruleset in the non-spam
>> actions. rules that read
>> to: *@domain1.com deliver
>> to: *@domain2.com deliver
>> from: ip.address        store
>> and then when that did not work added
>> fromorTo: default       deliver
>>
>> Still did not work and all e-mails coming into the company were lost (dang
>> it) and I kept getting an error message saying   Syntax error in "header"
>> action in spam actions,
>> missing ":" in etc/MailScanner/rules/non.spam.rules
>>
>> We have checked and rechecked the rule-set pattern to see if we missed
>> something and have tried a few things and nothing has worked so far.
>> We would like to not have to set up an additional smtp server to take
>> care of this issue so any additional thoughts would be great, or let
>> me know if you need/want any additional information
>>
>>
>>
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex
>> Neuman
>> Sent: Monday, September 17, 2012 12:41 PM
>> To: MailScanner discussion
>> Subject: Re: Filter by IP
>>
>> You can probably add the test server's IP to the spam whitelist, then
>> add a "non-spam actions" ruleset that says something like:
>>
>> To:allowed.domain.com deliver
>> To:allowed2.domain.com deliver
>> From:xx.xx.xx.xx store
>>
>> That way, the first two domains "hit" and "deliver" the e-mails, while
>> anything else from the test server will be "stored" - you could use "delete"
>> but just in case use "store" so you can release them if necessary.
>>
>>
>> On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron <Sampson at p2sol.com> wrote:
>>> I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam
>>> Assassin and Clamd and I have a Test server that I am trying to
>>> prevent from e-mailing anyone outside 2 certain domains.  I have been
>>> trying to figure out the best way to set this up so that it does not
>>> interfere with the production servers or regular e-mails.  But not
>>> really clear on the best way to set this up.
>>>
>>> I thought about trying to put something in whitelist.rules but want
>>> to have a clear plan of attack before I try anything to prevent
>>> disruption of normal e-mails.
>>>
>>>
>>>
>>> Wanting to do something like
>>>
>>> When From: ip.tst.srv.add           Only Allow to send to: our.domain.com
>>> &
>>> this domain.com (and block anything not to that domain)
>>>
>>>
>>>
>>> Any thoughts would be greatly appreciated
>>>
>>>
>>>
>>>
>>>
>>> Aaron Sampson
>>>
>>> IT Department
>>>
>>>
>>>
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>
>>
>> --
>>
>> --
>>
>> Alex Neuman van der Hans
>> Reliant Technologies / Vida Digital
>> http://vidadigital.com.pa/
>>
>> +507-6781-9505
>> +507-832-6725
>> +1-440-253-9789 (USA)
>>
>> Follow @AlexNeuman on Twitter
>> http://facebook.com/vidadigital
>>
>>
>> -- So-called "legal disclaimers" are not legally binding, so don't
>> bother. A cute graphic saying "save the planet, don't print this" can
>> potentially create more CO2, not less, so don't bother either.
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
>


From Sampson at p2sol.com  Thu Sep 20 15:45:11 2012
From: Sampson at p2sol.com (Sampson, Aaron)
Date: Thu, 20 Sep 2012 14:45:11 +0000
Subject: Filter by IP
In-Reply-To: <014a01cd9734$7e0cbcf0$696078c1@JCSPC>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com>
	<505B0BA1.5060003@cnpapers.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com>
	<014a01cd9734$7e0cbcf0$696078c1@JCSPC>
Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com>

To: *@allow.domain1.com deliver header "X-Spam-Status: No"
To: *@allow.domain2.com deliver header "X-Spam-Status: No"
From: 192.168.xxx.xxx delete
From: 192.168.xxx.xxx delete
From: 192.168.xxx.xxx delete
FromOrTo: default deliver header "X-Spam-Status: No"

Tried this with and without adding the deliver header "X-Spam-Status: No"


From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of John Clancy
Sent: Thursday, September 20, 2012 8:33 AM
To: MailScanner discussion
Subject: Re: Filter by IP

I'm not an expert by any means but perhaps doing an 'od -c' on the file and posting it here might help someone to spot the problem.

JC
----- Original Message -----
From: Sampson, Aaron<mailto:Sampson at p2sol.com>
To: MailScanner discussion<mailto:mailscanner at lists.mailscanner.info>
Sent: Thursday, September 20, 2012 2:15 PM
Subject: RE: Filter by IP

No it was created on UNIX on the e-mail server

From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info]<mailto:[mailto:mailscanner-bounces at lists.mailscanner.info]> On Behalf Of Steve Campbell
Sent: Thursday, September 20, 2012 7:27 AM
To: mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
Subject: Re: Filter by IP

This isn't a DOS, instead of a UNIX file, perhaps? Was it created and modified on the server or did you copy it from a Windows machine? Do you need to run dos2unix on it?

steve campbell
On 9/19/2012 3:01 PM, Steve Campbell wrote:
Are you certain you didn't type ";" instead of ":" in you rule file? It sort of indicates that one of your lines needs that ":" in it

steve campbell
On 9/19/2012 2:25 PM, Sampson, Aaron wrote:
I did make sure that the capitalization was the same through it all and that everything was spaced out the same as well, still got the same error message.  Did discover that everything seemed to be working properly with Mail Scanner until I attempted to send out an e-mail from one of the domains that I had listed.  Once that e-mail attempted to go through the system the syntax error appeared.

From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Martin Hepworth
Sent: Wednesday, September 19, 2012 10:47 AM
To: MailScanner discussion
Subject: Re: Filter by IP

have you made sure there no tab's in that ruleset.
check out the examples in the examples dir and here.

http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=rules

yes you'll need the default entry , try making sure the capitalisasion is consistent with the examples as welll.

To: @domain1.com<http://domain1.com> deliver
To: @domain2.com<http://domain2.com> deliver
From: ip.address        store
FromOrTo: default       deliver

--
Martin Hepworth, CISSP
Oxford, UK

On 19 September 2012 16:00, Sampson, Aaron <Sampson at p2sol.com<mailto:Sampson at p2sol.com>> wrote:
Alex,

So I tried out your suggestion and put in a a ruleset in the non-spam actions. rules that read
to: *@domain1.com<http://domain1.com> deliver
to: *@domain2.com<http://domain2.com> deliver
from: ip.address        store
and then when that did not work added
fromorTo: default       deliver

Still did not work and all e-mails coming into the company were lost (dang it) and I kept getting an error message saying   Syntax error in "header" action in spam actions,
missing ":" in etc/MailScanner/rules/non.spam.rules

We have checked and rechecked the rule-set pattern to see if we missed something and have tried a few things and nothing has worked so far.  We would like to not have to set up an additional smtp server to take care of this issue so any additional thoughts would be great, or let me know if you need/want any additional information


-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info>] On Behalf Of Alex Neuman
Sent: Monday, September 17, 2012 12:41 PM
To: MailScanner discussion
Subject: Re: Filter by IP
You can probably add the test server's IP to the spam whitelist, then add a "non-spam actions" ruleset that says something like:

To:allowed.domain.com<http://allowed.domain.com> deliver
To:allowed2.domain.com<http://allowed2.domain.com> deliver
From:xx.xx.xx.xx store

That way, the first two domains "hit" and "deliver" the e-mails, while anything else from the test server will be "stored" - you could use "delete" but just in case use "store" so you can release them if necessary.


On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron <Sampson at p2sol.com<mailto:Sampson at p2sol.com>> wrote:
> I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam
> Assassin and Clamd and I have a Test server that I am trying to
> prevent from e-mailing anyone outside 2 certain domains.  I have been
> trying to figure out the best way to set this up so that it does not
> interfere with the production servers or regular e-mails.  But not really clear on the best way to set this up.
>
> I thought about trying to put something in whitelist.rules but want to
> have a clear plan of attack before I try anything to prevent
> disruption of normal e-mails.
>
>
>
> Wanting to do something like
>
> When From: ip.tst.srv.add           Only Allow to send to: our.domain.com<http://our.domain.com> &
> this domain.com<http://domain.com> (and block anything not to that domain)
>
>
>
> Any thoughts would be greatly appreciated
>
>
>
>
>
> Aaron Sampson
>
> IT Department
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



--

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505<tel:%2B507-6781-9505>
+507-832-6725<tel:%2B507-832-6725>
+1-440-253-9789<tel:%2B1-440-253-9789> (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!





________________________________
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120920/21d0e01c/attachment-0001.html 

From andrew at topdog.za.net  Thu Sep 20 19:05:58 2012
From: andrew at topdog.za.net (Andrew Colin Kissa)
Date: Thu, 20 Sep 2012 20:05:58 +0200
Subject: Filter by IP
In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com>
	<505B0BA1.5060003@cnpapers.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com>
	<014a01cd9734$7e0cbcf0$696078c1@JCSPC>
	<4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com>
Message-ID: <54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net>


On 20 Sep 2012, at 4:45 PM, Sampson, Aaron wrote:

> To: *@allow.domain1.com deliver header "X-Spam-Status: No"
> To: *@allow.domain2.com deliver header "X-Spam-Status: No"

Your syntax error is because rulesets can only have 3 or 6 fields
you can NOT have 2 actions for a rule like you have (deliver and header)

- Andrew

--
www.baruwa.org




From campbell at cnpapers.com  Thu Sep 20 20:02:30 2012
From: campbell at cnpapers.com (Steve Campbell)
Date: Thu, 20 Sep 2012 15:02:30 -0400
Subject: Filter by IP
In-Reply-To: <54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com>
	<505B0BA1.5060003@cnpapers.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com>
	<014a01cd9734$7e0cbcf0$696078c1@JCSPC>
	<4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com>
	<54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net>
Message-ID: <505B6846.4090505@cnpapers.com>


On 9/20/2012 2:05 PM, Andrew Colin Kissa wrote:
> On 20 Sep 2012, at 4:45 PM, Sampson, Aaron wrote:
>
>> To: *@allow.domain1.com deliver header "X-Spam-Status: No"
>> To: *@allow.domain2.com deliver header "X-Spam-Status: No"
> Your syntax error is because rulesets can only have 3 or 6 fields
> you can NOT have 2 actions for a rule like you have (deliver and header)
>
> - Andrew
> --
> www.baruwa.org
>
Without testing this, are you sure this is correct, Andrew? My default 
from my configuration file has the following:

Non Spam Actions = deliver header "X-Spam-Status: No"

A ruleset typically has a qualifier at the beginning of each line, which 
would be his "To: *@...." part.

The only way around this, if you're correct, would be to have a ruleset 
for the "Mail Header" line to insert the header part and the deliver 
part in another ruleset.

As I said, I didn't test this, but just asking for clarification.

steve
>


From Sampson at p2sol.com  Thu Sep 20 20:36:01 2012
From: Sampson at p2sol.com (Sampson, Aaron)
Date: Thu, 20 Sep 2012 19:36:01 +0000
Subject: Filter by IP
In-Reply-To: <54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com>
	<505B0BA1.5060003@cnpapers.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com>
	<014a01cd9734$7e0cbcf0$696078c1@JCSPC>
	<4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com>
	<54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net>
Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FC59F@COMM1.p2sol.com>

I tried it as just 
To: *@allow.domain1.com deliver
To: *@allow.domain2.com deliver

But still got the syntax error message.

As a work around we created another smtp server and created transport rules to only allow mail to go to the domains listed 

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Andrew Colin Kissa
Sent: Thursday, September 20, 2012 1:06 PM
To: MailScanner discussion
Subject: Re: Filter by IP


On 20 Sep 2012, at 4:45 PM, Sampson, Aaron wrote:

> To: *@allow.domain1.com deliver header "X-Spam-Status: No"
> To: *@allow.domain2.com deliver header "X-Spam-Status: No"

Your syntax error is because rulesets can only have 3 or 6 fields you can NOT have 2 actions for a rule like you have (deliver and header)

- Andrew

--
www.baruwa.org



--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

From andrew at topdog.za.net  Thu Sep 20 20:47:05 2012
From: andrew at topdog.za.net (Andrew Colin Kissa)
Date: Thu, 20 Sep 2012 21:47:05 +0200
Subject: Filter by IP
In-Reply-To: <505B6846.4090505@cnpapers.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com>
	<505B0BA1.5060003@cnpapers.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com>
	<014a01cd9734$7e0cbcf0$696078c1@JCSPC>
	<4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com>
	<54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net>
	<505B6846.4090505@cnpapers.com>
Message-ID: <C110AAE0-2CB8-489C-8676-B452DB61CE58@topdog.za.net>


On 20 Sep 2012, at 9:02 PM, Steve Campbell wrote:

> Without testing this, are you sure this is correct, Andrew? My default 
> from my configuration file has the following:
> 
> Non Spam Actions = deliver header "X-Spam-Status: No"
> 
> A ruleset typically has a qualifier at the beginning of each line, which 
> would be his "To: *@...." part.
> 
> The only way around this, if you're correct, would be to have a ruleset 
> for the "Mail Header" line to insert the header part and the deliver 
> part in another ruleset.
> 
> As I said, I didn't test this, but just asking for clarification

When used with in MailScanner.conf, you can use deliver header "X-Spam-Status: No"
you cannot do that within a ruleset

https://github.com/akissa/MailScanner/blob/master/mailscanner/bin/MailScanner/Config.pm#L2691
https://github.com/akissa/MailScanner/blob/master/mailscanner/etc/rules/README#L15

- Andrew

--
www.baruwa.org




From andrew at topdog.za.net  Thu Sep 20 21:06:00 2012
From: andrew at topdog.za.net (Andrew Colin Kissa)
Date: Thu, 20 Sep 2012 22:06:00 +0200
Subject: Filter by IP
In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FC59F@COMM1.p2sol.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com>
	<505B0BA1.5060003@cnpapers.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com>
	<014a01cd9734$7e0cbcf0$696078c1@JCSPC>
	<4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com>
	<54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net>
	<4ACB6FBB6E06074DA18D653BD3155A663FC59F@COMM1.p2sol.com>
Message-ID: <4E99A40C-1CEF-4B6C-AD95-ED0AA2777F0A@topdog.za.net>


On 20 Sep 2012, at 9:36 PM, Sampson, Aaron wrote:

> I tried it as just 
> To: *@allow.domain1.com deliver
> To: *@allow.domain2.com deliver

What is the actual error you are getting ?

--
www.baruwa.org




From Sampson at p2sol.com  Thu Sep 20 22:31:25 2012
From: Sampson at p2sol.com (Sampson, Aaron)
Date: Thu, 20 Sep 2012 21:31:25 +0000
Subject: Filter by IP
In-Reply-To: <4E99A40C-1CEF-4B6C-AD95-ED0AA2777F0A@topdog.za.net>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com>
	<505B0BA1.5060003@cnpapers.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com>
	<014a01cd9734$7e0cbcf0$696078c1@JCSPC>
	<4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com>
	<54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net>
	<4ACB6FBB6E06074DA18D653BD3155A663FC59F@COMM1.p2sol.com>
	<4E99A40C-1CEF-4B6C-AD95-ED0AA2777F0A@topdog.za.net>
Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FC623@COMM1.p2sol.com>

This was the actual error message 

Syntax error in "header" action in spam actions, missing ":" in etc/MailScanner/rules/non.spam.rules  

Also Have to agree with Steve on the deliver header that you posted about Andrew, we already had that in existing conf files and it works properly.  Did just finish setting up another smtp sever to handle the issue for now so hopefully I will be able to devote some real time on figuring this out.

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Andrew Colin Kissa
Sent: Thursday, September 20, 2012 3:06 PM
To: MailScanner discussion
Subject: Re: Filter by IP


On 20 Sep 2012, at 9:36 PM, Sampson, Aaron wrote:

> I tried it as just 
> To: *@allow.domain1.com deliver
> To: *@allow.domain2.com deliver

What is the actual error you are getting ?

--
www.baruwa.org



-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

From andrew at topdog.za.net  Fri Sep 21 05:05:21 2012
From: andrew at topdog.za.net (Andrew Colin Kissa)
Date: Fri, 21 Sep 2012 06:05:21 +0200
Subject: Filter by IP
In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FC623@COMM1.p2sol.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com>
	<505B0BA1.5060003@cnpapers.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com>
	<014a01cd9734$7e0cbcf0$696078c1@JCSPC>
	<4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com>
	<54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net>
	<4ACB6FBB6E06074DA18D653BD3155A663FC59F@COMM1.p2sol.com>
	<4E99A40C-1CEF-4B6C-AD95-ED0AA2777F0A@topdog.za.net>
	<4ACB6FBB6E06074DA18D653BD3155A663FC623@COMM1.p2sol.com>
Message-ID: <A27972A5-2B73-41F8-9B15-DBB4D8C37F18@topdog.za.net>


On 20 Sep 2012, at 11:31 PM, Sampson, Aaron wrote:

> Syntax error in "header" action in spam actions, missing ":" in etc/MailScanner/rules/non.spam.rules

This is triggered by a misconfiguration of one of the actions, may be not 'Non Spam Actions' can you
provide the output of:

grep -E '^(Non Spam Actions|Spam Actions|High Scoring Spam Actions)' /etc/MailScanner/MailScanner.conf

> Also Have to agree with Steve on the deliver header that you posted about Andrew, we already had that in existing conf files and it works properly.

I think you failed to understand what am saying here, when used within a configuration file it is fine, but NOT
when used in a rule set. Please refer to the links i posted earlier to clarify.



--
www.baruwa.org




From john at tradoc.fr  Fri Sep 21 07:27:57 2012
From: john at tradoc.fr (John Wilcock)
Date: Fri, 21 Sep 2012 08:27:57 +0200
Subject: Filter by IP
In-Reply-To: <A27972A5-2B73-41F8-9B15-DBB4D8C37F18@topdog.za.net>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com>
	<505B0BA1.5060003@cnpapers.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com>
	<014a01cd9734$7e0cbcf0$696078c1@JCSPC>
	<4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com>
	<54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net>
	<4ACB6FBB6E06074DA18D653BD3155A663FC59F@COMM1.p2sol.com>
	<4E99A40C-1CEF-4B6C-AD95-ED0AA2777F0A@topdog.za.net>
	<4ACB6FBB6E06074DA18D653BD3155A663FC623@COMM1.p2sol.com>
	<A27972A5-2B73-41F8-9B15-DBB4D8C37F18@topdog.za.net>
Message-ID: <505C08ED.40809@tradoc.fr>

Le 21/09/2012 06:05, Andrew Colin Kissa a ?crit :
> I think you failed to understand what am saying here, when used within a configuration file it is fine, but NOT
> when used in a rule set. Please refer to the links i posted earlier to clarify.

It definitely does work within a rule set - try it! For that matter, 
tabs can be used as whitespace, too (except in filename and filetype 
rules IIRC).

I have a Spam Actions ruleset that looks like this, for example:

From:   exception1.example.net store bounce
From:   exception2.example.net store bounce
FromOrTo:       default store deliver header "X-Spam-Flag: YES"


John.

-- 
-- Over 5000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr

From andrew at topdog.za.net  Fri Sep 21 08:28:28 2012
From: andrew at topdog.za.net (Andrew Colin Kissa)
Date: Fri, 21 Sep 2012 09:28:28 +0200
Subject: Filter by IP
In-Reply-To: <505C08ED.40809@tradoc.fr>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com>
	<505B0BA1.5060003@cnpapers.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com>
	<014a01cd9734$7e0cbcf0$696078c1@JCSPC>
	<4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com>
	<54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net>
	<4ACB6FBB6E06074DA18D653BD3155A663FC59F@COMM1.p2sol.com>
	<4E99A40C-1CEF-4B6C-AD95-ED0AA2777F0A@topdog.za.net>
	<4ACB6FBB6E06074DA18D653BD3155A663FC623@COMM1.p2sol.com>
	<A27972A5-2B73-41F8-9B15-DBB4D8C37F18@topdog.za.net>
	<505C08ED.40809@tradoc.fr>
Message-ID: <A2D2858F-E1DC-4FFE-96FD-CC87B1E60FC0@topdog.za.net>


On 21 Sep 2012, at 8:27 AM, John Wilcock wrote:

> It definitely does work within a rule set - try it! For that matter, 
> tabs can be used as whitespace, too (except in filename and filetype 
> rules IIRC).

Yes you are right, tested and it does work. Should be a typo in his
rules then.

--
www.baruwa.org




From mailscanner at joolee.nl  Fri Sep 21 08:57:27 2012
From: mailscanner at joolee.nl (Joolee)
Date: Fri, 21 Sep 2012 09:57:27 +0200
Subject: Filter by IP
In-Reply-To: <505C08ED.40809@tradoc.fr>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>
	<CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com>
	<CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com>
	<505A167D.1000203@cnpapers.com> <505B0BA1.5060003@cnpapers.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com>
	<014a01cd9734$7e0cbcf0$696078c1@JCSPC>
	<4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com>
	<54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net>
	<4ACB6FBB6E06074DA18D653BD3155A663FC59F@COMM1.p2sol.com>
	<4E99A40C-1CEF-4B6C-AD95-ED0AA2777F0A@topdog.za.net>
	<4ACB6FBB6E06074DA18D653BD3155A663FC623@COMM1.p2sol.com>
	<A27972A5-2B73-41F8-9B15-DBB4D8C37F18@topdog.za.net>
	<505C08ED.40809@tradoc.fr>
Message-ID: <CA+Q-w8Vose33XJvesHu=ps8MxD2t=9xrwcnJTCei2mLuaP+vzw@mail.gmail.com>

I can also confirm that it should be able to work like you are trying.
My configuration for High spam action is:

> FromOrTo:       *@*.api.domain.nl  store-spam deliver header
> "X-CompanyName-Spam-Status: Yes"
> FromOrTo:       *@domain.org store-spam deliver header
> "X-CompanyName-Spam-Status: Yes"
> FromOrTo:       *@domain.nl        store-spam deliver header
> "X-CompanyName-Spam-Status: Yes"
> FromOrTo:       *@domain.eu   store-spam deliver header
> "X-CompanyName-Spam-Status: Yes"
> FromOrTo:       *@domain.info store-spam deliver header
> "X-CompanyName-Spam-Status: Yes"
> FromOrTo:       *@domain.nl   store-spam deliver header
> "X-CompanyName-Spam-Status: Yes"
> FromOrTo:       *@domain.nl store-spam deliver header
> "X-CompanyName-Spam-Status: Yes"
> FromOrTo:       *@domain.com store-spam deliver header
> "X-CompanyName-Spam-Status: Yes"
> FromOrTo:       *@domain.nl     store-spam deliver header
> "X-CompanyName-Spam-Status: Yes"
> # Localhost
> From:   127.            store-spam deliver header
> "X-CompanyName-Spam-Status: Yes"
>
> # Some customer
> From:   89.123.123.123           store-spam deliver header
> "X-CompanyName-Spam-Status: Yes"
>
> FromOrTo:       default store-spam delete
>

*grep syntax /var/log/mail.log* doesn't give any results so I clearly don't
suffer from a syntax error.

The documentation Andrew links to in his E-mail clearly states that the
last part of a rule consists of "Result value (or *values*)". The linked
Regex also matches the rules provided. I have not looked at the further
processing of the values but I can see from the logs that the actions are
correctly parsed and applied.

> Sep 21 09:36:56 giselle MailScanner[10385]: Spam Actions: message
> 64747978.A51A5 actions are delete,store-spam
> Sep 21 09:37:39 giselle MailScanner[11496]: Spam Actions: message
> 57AED15A6.AAE13 actions are deliver,header,store-spam
>


On 21 September 2012 08:27, John Wilcock <john at tradoc.fr> wrote:

> Le 21/09/2012 06:05, Andrew Colin Kissa a ?crit :
> > I think you failed to understand what am saying here, when used within a
> configuration file it is fine, but NOT
> > when used in a rule set. Please refer to the links i posted earlier to
> clarify.
>
> It definitely does work within a rule set - try it! For that matter,
> tabs can be used as whitespace, too (except in filename and filetype
> rules IIRC).
>
> I have a Spam Actions ruleset that looks like this, for example:
>
> From:   exception1.example.net store bounce
> From:   exception2.example.net store bounce
> FromOrTo:       default store deliver header "X-Spam-Flag: YES"
>
>
> John.
>
> --
> -- Over 5000 webcams from ski resorts around the world - www.snoweye.com
> -- Translate your technical documents and web pages    - www.tradoc.fr
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120921/4ff7f266/attachment.html 

From campbell at cnpapers.com  Fri Sep 21 13:10:58 2012
From: campbell at cnpapers.com (Steve Campbell)
Date: Fri, 21 Sep 2012 08:10:58 -0400
Subject: Filter by IP
In-Reply-To: <C110AAE0-2CB8-489C-8676-B452DB61CE58@topdog.za.net>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com>
	<505B0BA1.5060003@cnpapers.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com>
	<014a01cd9734$7e0cbcf0$696078c1@JCSPC>
	<4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com>
	<54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net>
	<505B6846.4090505@cnpapers.com>
	<C110AAE0-2CB8-489C-8676-B452DB61CE58@topdog.za.net>
Message-ID: <505C5952.1050600@cnpapers.com>


On 9/20/2012 3:47 PM, Andrew Colin Kissa wrote:
> On 20 Sep 2012, at 9:02 PM, Steve Campbell wrote:
>
>> Without testing this, are you sure this is correct, Andrew? My default
>> from my configuration file has the following:
>>
>> Non Spam Actions = deliver header "X-Spam-Status: No"
>>
>> A ruleset typically has a qualifier at the beginning of each line, which
>> would be his "To: *@...." part.
>>
>> The only way around this, if you're correct, would be to have a ruleset
>> for the "Mail Header" line to insert the header part and the deliver
>> part in another ruleset.
>>
>> As I said, I didn't test this, but just asking for clarification
> When used with in MailScanner.conf, you can use deliver header "X-Spam-Status: No"
> you cannot do that within a ruleset
>
> https://github.com/akissa/MailScanner/blob/master/mailscanner/bin/MailScanner/Config.pm#L2691
> https://github.com/akissa/MailScanner/blob/master/mailscanner/etc/rules/README#L15
>
> - Andrew
>
> --
> www.baruwa.org
>
>
>
Andrew,

Thanks for those links. Might help me later, but I don't know about 
helping Aaron for now since it seems the double entry would be the only 
solution.

steve

From dave at KD0YU.COM  Fri Sep 21 13:30:01 2012
From: dave at KD0YU.COM (Dave Helton)
Date: Fri, 21 Sep 2012 07:30:01 -0500
Subject: Filter by IP
In-Reply-To: <A2D2858F-E1DC-4FFE-96FD-CC87B1E60FC0@topdog.za.net>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com>
	<505B0BA1.5060003@cnpapers.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com>
	<014a01cd9734$7e0cbcf0$696078c1@JCSPC>
	<4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com>
	<54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net>
	<4ACB6FBB6E06074DA18D653BD3155A663FC59F@COMM1.p2sol.com>
	<4E99A40C-1CEF-4B6C-AD95-ED0AA2777F0A@topdog.za.net>
	<4ACB6FBB6E06074DA18D653BD3155A663FC623@COMM1.p2sol.com>
	<A27972A5-2B73-41F8-9B15-DBB4D8C37F18@topdog.za.net>
	<505C08ED.40809@tradoc.fr>
	<A2D2858F-E1DC-4FFE-96FD-CC87B1E60FC0@topdog.za.net>
Message-ID: <77F23E6E4DE9084BA33755BA403E53FCF00AAB2162@S8.KD0YU.COM>

There are many config options in MailScanner.conf that require a colon
at the end... such as

Mail Header = X-%org-name%-MailScanner:
Spam Header = X-%org-name%-MailScanner-SpamCheck:
Spam Score Header = X-%org-name%-MailScanner-SpamScore:
 Information Header = X-%org-name%-MailScanner-Information:

is it possible you've lopped one off?  It appears that if it's a Header declaration,
the colon is required (deliniation).  Message.pm and a few others have some
regex's that deal specifically with that colon.

 it's possible one of these missing colons could be manifesting itself in your rule sets.

Well... it's not much, but something to look at.

--Dave, KD0YU


-- 
This message has been scanned for viruses and dangerous content
by MailScanner at KD0YU.COM, and is believed to be clean.


From andrew at topdog.za.net  Fri Sep 21 13:35:15 2012
From: andrew at topdog.za.net (Andrew Colin Kissa)
Date: Fri, 21 Sep 2012 15:35:15 +0300
Subject: Filter by IP
In-Reply-To: <505C5952.1050600@cnpapers.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com><CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com><CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com><4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com><505A167D.1000203@cnpapers.com>
	<505B0BA1.5060003@cnpapers.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com>
	<014a01cd9734$7e0cbcf0$696078c1@JCSPC>
	<4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com>
	<54BCA894-FD6F-498D-B335-29EA2ACBE4EE@topdog.za.net>
	<505B6846.4090505@cnpapers.com>
	<C110AAE0-2CB8-489C-8676-B452DB61CE58@topdog.za.net>
	<505C5952.1050600@cnpapers.com>
Message-ID: <9a7a3166f3fbe43236e8979f217390d7@topdog.za.net>

On 2012-09-21 15:10, Steve Campbell wrote:
> On 9/20/2012 3:47 PM, Andrew Colin Kissa wrote:
>> On 20 Sep 2012, at 9:02 PM, Steve Campbell wrote:
>>
>
> Thanks for those links. Might help me later, but I don't know about
> helping Aaron for now since it seems the double entry would be the 
> only
> solution.
>

It does actually work, seems the documentation was not updated.

- Andrew


From alex at vidadigital.com.pa  Fri Sep 21 13:50:27 2012
From: alex at vidadigital.com.pa (Alex Neuman)
Date: Fri, 21 Sep 2012 07:50:27 -0500
Subject: Filter by IP
In-Reply-To: <4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>
	<CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com>
	<CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com>
	<505A167D.1000203@cnpapers.com> <505B0BA1.5060003@cnpapers.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com>
	<014a01cd9734$7e0cbcf0$696078c1@JCSPC>
	<4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com>
Message-ID: <CANyE0PoppTu2O1Qy=2afi28OiouDVkZq7cRdnsLCxAfiHRMQWA@mail.gmail.com>

I would try "store" instead of "delete" at least while we're testing.
That way you can get stuff back.

On Thu, Sep 20, 2012 at 9:45 AM, Sampson, Aaron <Sampson at p2sol.com> wrote:
> To: *@allow.domain1.com deliver header "X-Spam-Status: No"
>
> To: *@allow.domain2.com deliver header "X-Spam-Status: No"
>
> From: 192.168.xxx.xxx delete
>
> From: 192.168.xxx.xxx delete
>
> From: 192.168.xxx.xxx delete
>
> FromOrTo: default deliver header "X-Spam-Status: No"
>
>
>
> Tried this with and without adding the deliver header ?X-Spam-Status: No?
>
>
>
>
>
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of John Clancy
> Sent: Thursday, September 20, 2012 8:33 AM
>
>
> To: MailScanner discussion
> Subject: Re: Filter by IP
>
>
>
> I'm not an expert by any means but perhaps doing an 'od -c' on the file and
> posting it here might help someone to spot the problem.
>
>
>
> JC
>
> ----- Original Message -----
>
> From: Sampson, Aaron
>
> To: MailScanner discussion
>
> Sent: Thursday, September 20, 2012 2:15 PM
>
> Subject: RE: Filter by IP
>
>
>
> No it was created on UNIX on the e-mail server
>
>
>
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steve
> Campbell
> Sent: Thursday, September 20, 2012 7:27 AM
> To: mailscanner at lists.mailscanner.info
> Subject: Re: Filter by IP
>
>
>
> This isn't a DOS, instead of a UNIX file, perhaps? Was it created and
> modified on the server or did you copy it from a Windows machine? Do you
> need to run dos2unix on it?
>
> steve campbell
>
> On 9/19/2012 3:01 PM, Steve Campbell wrote:
>
> Are you certain you didn't type ";" instead of ":" in you rule file? It sort
> of indicates that one of your lines needs that ":" in it
>
> steve campbell
>
> On 9/19/2012 2:25 PM, Sampson, Aaron wrote:
>
> I did make sure that the capitalization was the same through it all and that
> everything was spaced out the same as well, still got the same error
> message.  Did discover that everything seemed to be working properly with
> Mail Scanner until I attempted to send out an e-mail from one of the domains
> that I had listed.  Once that e-mail attempted to go through the system the
> syntax error appeared.
>
>
>
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Martin
> Hepworth
> Sent: Wednesday, September 19, 2012 10:47 AM
> To: MailScanner discussion
> Subject: Re: Filter by IP
>
>
>
> have you made sure there no tab's in that ruleset.
> check out the examples in the examples dir and here.
>
> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=rules
>
> yes you'll need the default entry , try making sure the capitalisasion is
> consistent with the examples as welll.
>
> To: @domain1.com deliver
> To: @domain2.com deliver
> From: ip.address        store
> FromOrTo: default       deliver
>
> --
> Martin Hepworth, CISSP
> Oxford, UK
>
> On 19 September 2012 16:00, Sampson, Aaron <Sampson at p2sol.com> wrote:
>
> Alex,
>
> So I tried out your suggestion and put in a a ruleset in the non-spam
> actions. rules that read
> to: *@domain1.com deliver
> to: *@domain2.com deliver
> from: ip.address        store
> and then when that did not work added
> fromorTo: default       deliver
>
> Still did not work and all e-mails coming into the company were lost (dang
> it) and I kept getting an error message saying   Syntax error in "header"
> action in spam actions,
> missing ":" in etc/MailScanner/rules/non.spam.rules
>
> We have checked and rechecked the rule-set pattern to see if we missed
> something and have tried a few things and nothing has worked so far.  We
> would like to not have to set up an additional smtp server to take care of
> this issue so any additional thoughts would be great, or let me know if you
> need/want any additional information
>
>
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman
> Sent: Monday, September 17, 2012 12:41 PM
> To: MailScanner discussion
> Subject: Re: Filter by IP
>
> You can probably add the test server's IP to the spam whitelist, then add a
> "non-spam actions" ruleset that says something like:
>
> To:allowed.domain.com deliver
> To:allowed2.domain.com deliver
> From:xx.xx.xx.xx store
>
> That way, the first two domains "hit" and "deliver" the e-mails, while
> anything else from the test server will be "stored" - you could use "delete"
> but just in case use "store" so you can release them if necessary.
>
>
> On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron <Sampson at p2sol.com> wrote:
>> I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam
>> Assassin and Clamd and I have a Test server that I am trying to
>> prevent from e-mailing anyone outside 2 certain domains.  I have been
>> trying to figure out the best way to set this up so that it does not
>> interfere with the production servers or regular e-mails.  But not really
>> clear on the best way to set this up.
>>
>> I thought about trying to put something in whitelist.rules but want to
>> have a clear plan of attack before I try anything to prevent
>> disruption of normal e-mails.
>>
>>
>>
>> Wanting to do something like
>>
>> When From: ip.tst.srv.add           Only Allow to send to: our.domain.com
>> &
>> this domain.com (and block anything not to that domain)
>>
>>
>>
>> Any thoughts would be greatly appreciated
>>
>>
>>
>>
>>
>> Aaron Sampson
>>
>> IT Department
>>
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
>
>
> --
>
> --
>
> Alex Neuman van der Hans
> Reliant Technologies / Vida Digital
> http://vidadigital.com.pa/
>
> +507-6781-9505
> +507-832-6725
> +1-440-253-9789 (USA)
>
> Follow @AlexNeuman on Twitter
> http://facebook.com/vidadigital
>
>
> -- So-called "legal disclaimers" are not legally binding, so don't bother. A
> cute graphic saying "save the planet, don't print this" can potentially
> create more CO2, not less, so don't bother either.
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
>
>
>
>
>
>
>
> ________________________________
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



-- 

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't
bother. A cute graphic saying "save the planet, don't print this" can
potentially create more CO2, not less, so don't bother either.

From Sampson at p2sol.com  Fri Sep 21 15:30:03 2012
From: Sampson at p2sol.com (Sampson, Aaron)
Date: Fri, 21 Sep 2012 14:30:03 +0000
Subject: Filter by IP
In-Reply-To: <CANyE0PoppTu2O1Qy=2afi28OiouDVkZq7cRdnsLCxAfiHRMQWA@mail.gmail.com>
References: <4ACB6FBB6E06074DA18D653BD3155A663FA77D@COMM1.p2sol.com>
	<CANyE0Pq+FPE_NfjoXg9bSBcDcrZgtaB_uVJKRxkmskq4WYkHwA@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FB959@COMM1.p2sol.com>
	<CAGDKorKEgX0mH2GR8dkbk=6r4cC_eb__igiL-jo97J0G6Vhseg@mail.gmail.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FBB08@COMM1.p2sol.com>
	<505A167D.1000203@cnpapers.com> <505B0BA1.5060003@cnpapers.com>
	<4ACB6FBB6E06074DA18D653BD3155A663FC310@COMM1.p2sol.com>
	<014a01cd9734$7e0cbcf0$696078c1@JCSPC>
	<4ACB6FBB6E06074DA18D653BD3155A663FC43F@COMM1.p2sol.com>
	<CANyE0PoppTu2O1Qy=2afi28OiouDVkZq7cRdnsLCxAfiHRMQWA@mail.gmail.com>
Message-ID: <4ACB6FBB6E06074DA18D653BD3155A663FCA12@COMM1.p2sol.com>

@Alex I did have this set to store while testing.
@Dave I will have to try setting it up again and ending with the : I do not believe we have any of the settings ending in that though, but I will have to go back and double check that.

And I can't do MailScanner --lint or show the mail log since I had to undo all of the changes since it was not delivering mail to the entire company and I quickly had to put it back.  I'm going to try to set up a couple of test servers today to recreate the problem (as long as I don't have any other fires to put out) and will post the info back on here.

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman
Sent: Friday, September 21, 2012 7:50 AM
To: MailScanner discussion
Subject: Re: Filter by IP

I would try "store" instead of "delete" at least while we're testing.
That way you can get stuff back.

On Thu, Sep 20, 2012 at 9:45 AM, Sampson, Aaron <Sampson at p2sol.com> wrote:
> To: *@allow.domain1.com deliver header "X-Spam-Status: No"
>
> To: *@allow.domain2.com deliver header "X-Spam-Status: No"
>
> From: 192.168.xxx.xxx delete
>
> From: 192.168.xxx.xxx delete
>
> From: 192.168.xxx.xxx delete
>
> FromOrTo: default deliver header "X-Spam-Status: No"
>
>
>
> Tried this with and without adding the deliver header "X-Spam-Status: No"
>
>
>
>
>
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of John 
> Clancy
> Sent: Thursday, September 20, 2012 8:33 AM
>
>
> To: MailScanner discussion
> Subject: Re: Filter by IP
>
>
>
> I'm not an expert by any means but perhaps doing an 'od -c' on the 
> file and posting it here might help someone to spot the problem.
>
>
>
> JC
>
> ----- Original Message -----
>
> From: Sampson, Aaron
>
> To: MailScanner discussion
>
> Sent: Thursday, September 20, 2012 2:15 PM
>
> Subject: RE: Filter by IP
>
>
>
> No it was created on UNIX on the e-mail server
>
>
>
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steve 
> Campbell
> Sent: Thursday, September 20, 2012 7:27 AM
> To: mailscanner at lists.mailscanner.info
> Subject: Re: Filter by IP
>
>
>
> This isn't a DOS, instead of a UNIX file, perhaps? Was it created and 
> modified on the server or did you copy it from a Windows machine? Do 
> you need to run dos2unix on it?
>
> steve campbell
>
> On 9/19/2012 3:01 PM, Steve Campbell wrote:
>
> Are you certain you didn't type ";" instead of ":" in you rule file? 
> It sort of indicates that one of your lines needs that ":" in it
>
> steve campbell
>
> On 9/19/2012 2:25 PM, Sampson, Aaron wrote:
>
> I did make sure that the capitalization was the same through it all 
> and that everything was spaced out the same as well, still got the 
> same error message.  Did discover that everything seemed to be working 
> properly with Mail Scanner until I attempted to send out an e-mail 
> from one of the domains that I had listed.  Once that e-mail attempted 
> to go through the system the syntax error appeared.
>
>
>
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of 
> Martin Hepworth
> Sent: Wednesday, September 19, 2012 10:47 AM
> To: MailScanner discussion
> Subject: Re: Filter by IP
>
>
>
> have you made sure there no tab's in that ruleset.
> check out the examples in the examples dir and here.
>
> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:r
> ulesets:examples&s=rules
>
> yes you'll need the default entry , try making sure the capitalisasion 
> is consistent with the examples as welll.
>
> To: @domain1.com deliver
> To: @domain2.com deliver
> From: ip.address        store
> FromOrTo: default       deliver
>
> --
> Martin Hepworth, CISSP
> Oxford, UK
>
> On 19 September 2012 16:00, Sampson, Aaron <Sampson at p2sol.com> wrote:
>
> Alex,
>
> So I tried out your suggestion and put in a a ruleset in the non-spam 
> actions. rules that read
> to: *@domain1.com deliver
> to: *@domain2.com deliver
> from: ip.address        store
> and then when that did not work added
> fromorTo: default       deliver
>
> Still did not work and all e-mails coming into the company were lost (dang
> it) and I kept getting an error message saying   Syntax error in "header"
> action in spam actions,
> missing ":" in etc/MailScanner/rules/non.spam.rules
>
> We have checked and rechecked the rule-set pattern to see if we missed 
> something and have tried a few things and nothing has worked so far.  
> We would like to not have to set up an additional smtp server to take 
> care of this issue so any additional thoughts would be great, or let 
> me know if you need/want any additional information
>
>
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex 
> Neuman
> Sent: Monday, September 17, 2012 12:41 PM
> To: MailScanner discussion
> Subject: Re: Filter by IP
>
> You can probably add the test server's IP to the spam whitelist, then 
> add a "non-spam actions" ruleset that says something like:
>
> To:allowed.domain.com deliver
> To:allowed2.domain.com deliver
> From:xx.xx.xx.xx store
>
> That way, the first two domains "hit" and "deliver" the e-mails, while 
> anything else from the test server will be "stored" - you could use "delete"
> but just in case use "store" so you can release them if necessary.
>
>
> On Mon, Sep 17, 2012 at 11:01 AM, Sampson, Aaron <Sampson at p2sol.com> wrote:
>> I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam 
>> Assassin and Clamd and I have a Test server that I am trying to 
>> prevent from e-mailing anyone outside 2 certain domains.  I have been 
>> trying to figure out the best way to set this up so that it does not 
>> interfere with the production servers or regular e-mails.  But not 
>> really clear on the best way to set this up.
>>
>> I thought about trying to put something in whitelist.rules but want 
>> to have a clear plan of attack before I try anything to prevent 
>> disruption of normal e-mails.
>>
>>
>>
>> Wanting to do something like
>>
>> When From: ip.tst.srv.add           Only Allow to send to: our.domain.com
>> &
>> this domain.com (and block anything not to that domain)
>>
>>
>>
>> Any thoughts would be greatly appreciated
>>
>>
>>
>>
>>
>> Aaron Sampson
>>
>> IT Department
>>
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
>
>
> --
>
> --
>
> Alex Neuman van der Hans
> Reliant Technologies / Vida Digital
> http://vidadigital.com.pa/
>
> +507-6781-9505
> +507-832-6725
> +1-440-253-9789 (USA)
>
> Follow @AlexNeuman on Twitter
> http://facebook.com/vidadigital
>
>
> -- So-called "legal disclaimers" are not legally binding, so don't 
> bother. A cute graphic saying "save the planet, don't print this" can 
> potentially create more CO2, not less, so don't bother either.
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
>
>
>
>
>
>
>
> ________________________________
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



-- 

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

From mailscanner at pdscc.com  Mon Sep 24 18:15:26 2012
From: mailscanner at pdscc.com (Harondel J. Sibble)
Date: Mon, 24 Sep 2012 10:15:26 -0700
Subject: maillscanner/postfix saturates bandwidth :-(
Message-ID: <20120924171534.693B55A1C82@sinclaire.sibble.net>

Had an odd situation that started Friday night at one of my clients running a 
mailscanner/mailwatch mail relay for their internal Exchange 2007 server.

Basically the dsl connection they share with another office was saturated 
when the office admin did a mailout on friday to about 2000 of their 
subscribers, each email was about 3.5mb total with conversion overhead.  When 
I say saturated, I mean in both the upstream and downstream directions.  
According the admin who runs the multitenant network in this office, he was 
seeing a sustained 1.6mb/s INBOUND connection to my client's firewall while 
this was happening.

I intially though that someone had hacked in and was injecting spam, but 
after upstream throttling of the connection and disabling all smtp traffic, I 
was able to review the messages in the postfix deferred queue and determine 
they were part of the mailout.

At this point mailq was showing 14 messages with approx 100 recipients total, 
I could then re-enable smtp traffic (in/out) at the firewall level and emails 
would be fine sending and receiving, but if I did a postqueue -f, the 
connection would saturate again until I blocked the smtp traffic, then waited 
a couple minutes before re-enabling it and the messages went back to being 
deferred.

I'm trying to figure out the best way to deal witih this moving forward, is 
there additional throttling I need to do at the postifx level or the 
mailscanner level or something else.  I was also surprised as my understand 
of postfix is that it does connection throttling by default.
-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating Solutions for the small and medium business computer user.
help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
Blog: http://www.pdscc.com/blog
(604) 739-3709 (voice)


From ian at 34sp.com  Mon Sep 24 18:35:33 2012
From: ian at 34sp.com (Ian Knight)
Date: Mon, 24 Sep 2012 18:35:33 +0100
Subject: maillscanner/postfix saturates bandwidth :-(
In-Reply-To: <20120924171534.693B55A1C82@sinclaire.sibble.net>
References: <20120924171534.693B55A1C82@sinclaire.sibble.net>
Message-ID: <506099E5.7040201@34sp.com>

On 24/09/12 18:15, Harondel J. Sibble wrote:
> Had an odd situation that started Friday night at one of my clients running a
> mailscanner/mailwatch mail relay for their internal Exchange 2007 server.
>
> Basically the dsl connection they share with another office was saturated
> when the office admin did a mailout on friday to about 2000 of their
> subscribers, each email was about 3.5mb total with conversion overhead.  When
> I say saturated, I mean in both the upstream and downstream directions.
> According the admin who runs the multitenant network in this office, he was
> seeing a sustained 1.6mb/s INBOUND connection to my client's firewall while
> this was happening.
>
> I intially though that someone had hacked in and was injecting spam, but
> after upstream throttling of the connection and disabling all smtp traffic, I
> was able to review the messages in the postfix deferred queue and determine
> they were part of the mailout.
>
> At this point mailq was showing 14 messages with approx 100 recipients total,
> I could then re-enable smtp traffic (in/out) at the firewall level and emails
> would be fine sending and receiving, but if I did a postqueue -f, the
> connection would saturate again until I blocked the smtp traffic, then waited
> a couple minutes before re-enabling it and the messages went back to being
> deferred.
>
> I'm trying to figure out the best way to deal witih this moving forward, is
> there additional throttling I need to do at the postifx level or the
> mailscanner level or something else.  I was also surprised as my understand
> of postfix is that it does connection throttling by default.
Just a thought if you have spam tests enabled this will be doing a lot 
of dns lookups on every email - this could be the cause of some of the 
bandwidth - installing a caching nameserver on the server will stop a 
lot of this happening - especially if its the same email going to 100 
recipients (urghh!!!) emails imo should be individually addressed, using 
bcc/cc is not the way to send a mailshot - its got a very high chance of 
landing in spam/junk folders for not being personally addressed.



From dave at KD0YU.COM  Mon Sep 24 19:47:55 2012
From: dave at KD0YU.COM (Dave Helton)
Date: Mon, 24 Sep 2012 13:47:55 -0500
Subject: maillscanner/postfix saturates bandwidth :-(
In-Reply-To: <506099E5.7040201@34sp.com>
References: <20120924171534.693B55A1C82@sinclaire.sibble.net>
	<506099E5.7040201@34sp.com>
Message-ID: <77F23E6E4DE9084BA33755BA403E53FCF00E044CC3@S8.KD0YU.COM>

> > I'm trying to figure out the best way to deal witih this moving
> > forward, is there additional throttling I need to do at the postifx
> > level or the mailscanner level or something else.  I was also
> > surprised as my understand of postfix is that it does connection throttling
> by default.
> Just a thought if you have spam tests enabled this will be doing a lot of dns
> lookups on every email - this could be the cause of some of the bandwidth -
> installing a caching nameserver on the server will stop a lot of this happening
> - especially if its the same email going to 100 recipients (urghh!!!) emails imo
> should be individually addressed, using bcc/cc is not the way to send a
> mailshot - its got a very high chance of landing in spam/junk folders for not
> being personally addressed.
>

I would agree with Ian here, plus a couple other points.
Your router is probably your dns server for internal to external resolving, and since
it doesn't have a lot of memory, it has to look up each domain on the fly.  Not
terribly bandwidth intensive for dsl, but it's still a lot of overhead... and slow.
A caching dns server for the mail server would help a lot.

Second, you are probably subject to one of our best anti-spam mechanisms...
greylisting.  That is, unless everyone on your mailing list has you on whitelist.... umm
doubtful.  Again, bandwidth intensive.

Last, there are a lot of great mailing list programs out there that run specifically on an
Apache server.  Even MailMan would work.  Both you and your customer could access
the interface and you could do remote support for them, a nice selling point.
This could also turn out to be one of those "the best laid plans" ordeal.  So give it some
thought.

My point is, take everything out of the hands of that Exchange server and put it in a
controlled environment, meaning throttling, reporting, and easily accessible to you.
I would also try and convince your customer that a LookOut distribution list is not an
adequate substitute for the real thing since they have 'evolved' beyond it  ;-)

--Dave, KD0YU

>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> --
> This message has been scanned for viruses and dangerous content by
> MailScanner at KD0YU.COM, and is believed to be clean.


-- 
This message has been scanned for viruses and dangerous content
by MailScanner at KD0YU.COM, and is believed to be clean.


From jlarsen at richweb.com  Mon Sep 24 20:09:33 2012
From: jlarsen at richweb.com (C. Jon Larsen)
Date: Mon, 24 Sep 2012 15:09:33 -0400 (EDT)
Subject: maillscanner/postfix saturates bandwidth :-(
In-Reply-To: <20120924171534.693B55A1C82@sinclaire.sibble.net>
References: <20120924171534.693B55A1C82@sinclaire.sibble.net>
Message-ID: <alpine.DEB.2.00.1209241508520.22615@sisler.hq.richweb.com>


On Mon, 24 Sep 2012, Harondel J. Sibble wrote:

> Had an odd situation that started Friday night at one of my clients running a
> mailscanner/mailwatch mail relay for their internal Exchange 2007 server.
>
> Basically the dsl connection they share with another office was saturated
> when the office admin did a mailout on friday to about 2000 of their
> subscribers, each email was about 3.5mb total with conversion overhead.  When
> I say saturated, I mean in both the upstream and downstream directions.
> According the admin who runs the multitenant network in this office, he was
> seeing a sustained 1.6mb/s INBOUND connection to my client's firewall while
> this was happening.
>
> I intially though that someone had hacked in and was injecting spam, but
> after upstream throttling of the connection and disabling all smtp traffic, I
> was able to review the messages in the postfix deferred queue and determine
> they were part of the mailout.
>
> At this point mailq was showing 14 messages with approx 100 recipients total,
> I could then re-enable smtp traffic (in/out) at the firewall level and emails
> would be fine sending and receiving, but if I did a postqueue -f, the
> connection would saturate again until I blocked the smtp traffic, then waited
> a couple minutes before re-enabling it and the messages went back to being
> deferred.
>
> I'm trying to figure out the best way to deal witih this moving forward, is
> there additional throttling I need to do at the postifx level or the
> mailscanner level or something else.  I was also surprised as my understand
> of postfix is that it does connection throttling by default.

You can play with variations of these settings in main.conf to control how 
much email is sent out - these go into main.conf

local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 2
initial_destination_concurrency = 2

smtpd_client_connection_count_limit = 10
default_destination_recipient_limit = 20



> -- 
> Harondel J. Sibble
> Sibble Computer Consulting
> Creating Solutions for the small and medium business computer user.
> help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
> Blog: http://www.pdscc.com/blog
> (604) 739-3709 (voice)
>
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>

From jlarsen at richweb.com  Mon Sep 24 20:58:21 2012
From: jlarsen at richweb.com (C. Jon Larsen)
Date: Mon, 24 Sep 2012 15:58:21 -0400 (EDT)
Subject: maillscanner/postfix saturates bandwidth :-(
In-Reply-To: <alpine.DEB.2.00.1209241508520.22615@sisler.hq.richweb.com>
References: <20120924171534.693B55A1C82@sinclaire.sibble.net>
	<alpine.DEB.2.00.1209241508520.22615@sisler.hq.richweb.com>
Message-ID: <alpine.DEB.2.00.1209241547500.22615@sisler.hq.richweb.com>


> You can play with variations of these settings in main.conf to control how
> much email is sent out - these go into main.conf

[Sorry, I meant to say main.cf]

Also you can use generic os based or (if you dont want to touch the 
hosts involved) router based traffic shaping on 
outbound smtp. If you have a cisco router you can write an acl to 
match outbound smtp traffic and rate shape it as it passes an interface 
threshold.

interface Gigabit0/0
  ! uplink
  traffic-shape group 161 1250000
interface Gigabit0/1.101
  ! downlink
  traffic-shape group 161 1250000

access-list 161 remark smtp traffic shaping
access-list 161 permit tcp a.b.c.d 0.0.0.x any eq 25
access-list 161 permit tcp any eq 25 a.b.c.d 0.0.0.x

x = 0 if you are matching a single host, or you can use say 0.0.0.7 if you 
need to match a /20 worth of mail servers.

If you are natting between the interfaces you will also need to take that 
into acct on the acl.



> local_destination_concurrency_limit = 2
> default_destination_concurrency_limit = 2
> initial_destination_concurrency = 2
>
> smtpd_client_connection_count_limit = 10
> default_destination_recipient_limit = 20


From mailscanner at pdscc.com  Mon Sep 24 21:08:36 2012
From: mailscanner at pdscc.com (Harondel J. Sibble)
Date: Mon, 24 Sep 2012 13:08:36 -0700
Subject: maillscanner/postfix saturates bandwidth :-(
In-Reply-To: <77F23E6E4DE9084BA33755BA403E53FCF00E044CC3@S8.KD0YU.COM>
References: <20120924171534.693B55A1C82@sinclaire.sibble.net>,
	<506099E5.7040201@34sp.com>,
	<77F23E6E4DE9084BA33755BA403E53FCF00E044CC3@S8.KD0YU.COM>
Message-ID: <20120924200844.096405A1C81@sinclaire.sibble.net>



On 24 Sep 2012 at 13:47, Dave Helton wrote:

> I would agree with Ian here, plus a couple other points.
> Your router is probably your dns server for internal to external resolving,

Why would you make that assumption?  IME, that just leads to problems, we 
NEVER use the router as a DNS server for a lan.

> and since it doesn't have a lot of memory, it has to look up each domain on
> the fly.  Not terribly bandwidth intensive for dsl, but it's still a lot of
> overhead... and slow. A caching dns server for the mail server would help a
> lot.

I'm pretty sure I already have a caching nameserver on this mailscanner box, 
but I will verify.  I have a vague recollection  that a different but related 
problem came up and the solution was to install a caching nameserver, that's 
our normal policy now, but this machine's probably been deployed long enough 
that it was prior to the caching nameserver being SOP.
 
> Second, you are probably subject to one of our best anti-spam mechanisms...
> greylisting.  That is, unless everyone on your mailing list has you on
> whitelist.... umm doubtful.  Again, bandwidth intensive.

Correct, as I was watching this unfold in realtime, I was thinking to myself, 
they are getting seriously tarpitted.
 
> Last, there are a lot of great mailing list programs out there that run
> specifically on an Apache server.  Even MailMan would work.  Both you and your
> customer could access the interface and you could do remote support for them,
> a nice selling point. This could also turn out to be one of those "the best
> laid plans" ordeal.  So give it some thought.

Good point
 
> My point is, take everything out of the hands of that Exchange server and put
> it in a controlled environment, meaning throttling, reporting, and easily
> accessible to you. I would also try and convince your customer that a LookOut
> distribution list is not an adequate substitute for the real thing since they
> have 'evolved' beyond it  ;-)

They do like to have sent items records of the outgoing emails, but with 
proper setup a MLM can easily generate a nice report (kinda like a fax 
machine) to show what was successfully delivered and such, so that's a great 
idea.

I actually don't know how they generated this on the Outlook side, they may 
even have been using some specialized application that plugs into outlook, 
I'll have a chat with them to determine that.
-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating Solutions for the small and medium business computer user.
help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
Blog: http://www.pdscc.com/blog
(604) 739-3709 (voice)


From maxsec at gmail.com  Mon Sep 24 21:53:03 2012
From: maxsec at gmail.com (Martin Hepworth)
Date: Mon, 24 Sep 2012 21:53:03 +0100
Subject: maillscanner/postfix saturates bandwidth :-(
In-Reply-To: <20120924171534.693B55A1C82@sinclaire.sibble.net>
References: <20120924171534.693B55A1C82@sinclaire.sibble.net>
Message-ID: <CAGDKorK4cWjsS54fn9FLQ-MM4H8o8457mSRaxK6QdBV-EwL5iA@mail.gmail.com>

Seriously ... a 3.5mb mailout!
Drop the heavy content to a web server and point the html or downloadable
pdf or whatever from that.


Fixing the odd saturation is one thing but doing the job properly in the
first place would be better


Martin

On Monday, 24 September 2012, Harondel J. Sibble wrote:

> Had an odd situation that started Friday night at one of my clients
> running a
> mailscanner/mailwatch mail relay for their internal Exchange 2007 server.
>
> Basically the dsl connection they share with another office was saturated
> when the office admin did a mailout on friday to about 2000 of their
> subscribers, each email was about 3.5mb total with conversion overhead.
>  When
> I say saturated, I mean in both the upstream and downstream directions.
> According the admin who runs the multitenant network in this office, he was
> seeing a sustained 1.6mb/s INBOUND connection to my client's firewall while
> this was happening.
>
> I intially though that someone had hacked in and was injecting spam, but
> after upstream throttling of the connection and disabling all smtp
> traffic, I
> was able to review the messages in the postfix deferred queue and determine
> they were part of the mailout.
>
> At this point mailq was showing 14 messages with approx 100 recipients
> total,
> I could then re-enable smtp traffic (in/out) at the firewall level and
> emails
> would be fine sending and receiving, but if I did a postqueue -f, the
> connection would saturate again until I blocked the smtp traffic, then
> waited
> a couple minutes before re-enabling it and the messages went back to being
> deferred.
>
> I'm trying to figure out the best way to deal witih this moving forward, is
> there additional throttling I need to do at the postifx level or the
> mailscanner level or something else.  I was also surprised as my understand
> of postfix is that it does connection throttling by default.
> --
> Harondel J. Sibble
> Sibble Computer Consulting
> Creating Solutions for the small and medium business computer user.
> help at pdscc.com <javascript:;> (use pgp keyid 0x3AD5C11D)
> http://www.pdscc.com
> Blog: http://www.pdscc.com/blog
> (604) 739-3709 (voice)
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info <javascript:;>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>


-- 
-- 
Martin Hepworth, CISSP
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120924/7dfce0bf/attachment.html 

From Kevin_Miller at ci.juneau.ak.us  Mon Sep 24 22:11:18 2012
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Mon, 24 Sep 2012 13:11:18 -0800
Subject: maillscanner/postfix saturates bandwidth :-(
In-Reply-To: <20120924171534.693B55A1C82@sinclaire.sibble.net>
References: <20120924171534.693B55A1C82@sinclaire.sibble.net>
Message-ID: <4A09477D575C2C4B86497161427DD94C279A68EC2D@city-exchange07>

Check the exchange server, and if there are any pending outbound monster sized messages in the queue still delete them.  Be sure to notify your users, of course.  Next delete them off the outbound postfix server so you can process normal mail uninpeeded.  Then, as others have suggested, put the 3.5 mb file on a web server or use something like dropbox (or better yet, build yourself a zendto server) and have your user(s) just send a link to the URL instead of sending the mail out  to 2000 folks.

 ...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Harondel J. Sibble
Sent: Monday, September 24, 2012 9:15 AM
To: mailscanner at lists.mailscanner.info
Subject: maillscanner/postfix saturates bandwidth :-(

Had an odd situation that started Friday night at one of my clients running a mailscanner/mailwatch mail relay for their internal Exchange 2007 server.

Basically the dsl connection they share with another office was saturated when the office admin did a mailout on friday to about 2000 of their subscribers, each email was about 3.5mb total with conversion overhead.  When I say saturated, I mean in both the upstream and downstream directions.  
According the admin who runs the multitenant network in this office, he was seeing a sustained 1.6mb/s INBOUND connection to my client's firewall while this was happening.

I intially though that someone had hacked in and was injecting spam, but after upstream throttling of the connection and disabling all smtp traffic, I was able to review the messages in the postfix deferred queue and determine they were part of the mailout.

At this point mailq was showing 14 messages with approx 100 recipients total, I could then re-enable smtp traffic (in/out) at the firewall level and emails would be fine sending and receiving, but if I did a postqueue -f, the connection would saturate again until I blocked the smtp traffic, then waited a couple minutes before re-enabling it and the messages went back to being deferred.

I'm trying to figure out the best way to deal witih this moving forward, is there additional throttling I need to do at the postifx level or the mailscanner level or something else.  I was also surprised as my understand of postfix is that it does connection throttling by default.
--
Harondel J. Sibble
Sibble Computer Consulting
Creating Solutions for the small and medium business computer user.
help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
Blog: http://www.pdscc.com/blog
(604) 739-3709 (voice)

--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

From glenn.steen at gmail.com  Tue Sep 25 12:02:51 2012
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue, 25 Sep 2012 13:02:51 +0200
Subject: maillscanner/postfix saturates bandwidth :-(
In-Reply-To: <4A09477D575C2C4B86497161427DD94C279A68EC2D@city-exchange07>
References: <20120924171534.693B55A1C82@sinclaire.sibble.net>
	<4A09477D575C2C4B86497161427DD94C279A68EC2D@city-exchange07>
Message-ID: <CAAug_B_96YMjrGhjZ=rbbc4YyVuSYUUp_-D+y=sjURtpj_bsjw@mail.gmail.com>

... Antother thought.... 2000 recipients on a handcrafted list....
That might mean the usual amount of "normal" backscatter (think
bounces, OoO and other less-than-well-working autoresponder schemes)
would add significantly to the load on the dsl. All in all, a bad
situation with only drastic measures to solve it.

Cheers
-- 
-- Glenn

On 24 September 2012 23:11, Kevin Miller <Kevin_Miller at ci.juneau.ak.us> wrote:
> Check the exchange server, and if there are any pending outbound monster sized messages in the queue still delete them.  Be sure to notify your users, of course.  Next delete them off the outbound postfix server so you can process normal mail uninpeeded.  Then, as others have suggested, put the 3.5 mb file on a web server or use something like dropbox (or better yet, build yourself a zendto server) and have your user(s) just send a link to the URL instead of sending the mail out  to 2000 folks.
>
>  ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242, Fax: (907) 586-4500
> Registered Linux User No: 307357
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Harondel J. Sibble
> Sent: Monday, September 24, 2012 9:15 AM
> To: mailscanner at lists.mailscanner.info
> Subject: maillscanner/postfix saturates bandwidth :-(
>
> Had an odd situation that started Friday night at one of my clients running a mailscanner/mailwatch mail relay for their internal Exchange 2007 server.
>
> Basically the dsl connection they share with another office was saturated when the office admin did a mailout on friday to about 2000 of their subscribers, each email was about 3.5mb total with conversion overhead.  When I say saturated, I mean in both the upstream and downstream directions.
> According the admin who runs the multitenant network in this office, he was seeing a sustained 1.6mb/s INBOUND connection to my client's firewall while this was happening.
>
> I intially though that someone had hacked in and was injecting spam, but after upstream throttling of the connection and disabling all smtp traffic, I was able to review the messages in the postfix deferred queue and determine they were part of the mailout.
>
> At this point mailq was showing 14 messages with approx 100 recipients total, I could then re-enable smtp traffic (in/out) at the firewall level and emails would be fine sending and receiving, but if I did a postqueue -f, the connection would saturate again until I blocked the smtp traffic, then waited a couple minutes before re-enabling it and the messages went back to being deferred.
>
> I'm trying to figure out the best way to deal witih this moving forward, is there additional throttling I need to do at the postifx level or the mailscanner level or something else.  I was also surprised as my understand of postfix is that it does connection throttling by default.
> --
> Harondel J. Sibble
> Sibble Computer Consulting
> Creating Solutions for the small and medium business computer user.
> help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
> Blog: http://www.pdscc.com/blog
> (604) 739-3709 (voice)
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!



-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

From maillists at conactive.com  Thu Sep 27 10:41:20 2012
From: maillists at conactive.com (Kai Schaetzl)
Date: Thu, 27 Sep 2012 11:41:20 +0200
Subject: Correct format for allow.filename.conf
Message-ID: <VA.00003f39.094045f4@news.conactive.com>

I seem to be hitting some problem with the content of this file lately or 
may have just not recognized it earlier and may have been using a wrong 
format for some time.
Locally released messages are caught although they are exempted by 
scan.messages.rules. It seems I have to exempt them in allow.filename.conf 
as well.

Is something like this going to work?

FromOrTo:   127.0.0.1   yes
\.txt$  yes
\.pdf$  yes
\.bmp$  yes
\.rel$  yes
\.rels  yes

Do I need a default rule at the end?

Thanks,

Kai

-- 
Get your web at Conactive Internet Services: http://www.conactive.com