From jaearick at colby.edu Mon Apr 1 13:09:15 2013 From: jaearick at colby.edu (Jeff Earickson) Date: Mon, 1 Apr 2013 08:09:15 -0400 Subject: cdn.mailscanner.info down? Message-ID: All, I went on vacation and came back to discover that ScamNailer updates and bad_phishing_sites downloads were no longer working. I check my firewall, the problem isn't there. Something broken? Down? IP number changed? ----------------------------------- Jeff A. Earickson, Ph.D Senior Server System Administrator Colby College, 4214 Mayflower Hill, Waterville ME, 04901-8842 207-859-4214 (fax 207-859-4186) Eastern Time Zone, USA ----------------------------------- From steveb_clamav at sanesecurity.com Mon Apr 1 18:12:18 2013 From: steveb_clamav at sanesecurity.com (Steve Basford) Date: Mon, 1 Apr 2013 18:12:18 +0100 Subject: cdn.mailscanner.info down? In-Reply-To: References: Message-ID: <01ceb33802a9e14eb68c56e0306531a3.squirrel@sanesecurity.com> > All, > > I went on vacation and came back to discover that ScamNailer updates > and bad_phishing_sites downloads were no longer working. > I check my firewall, the problem isn't there. Something broken? > Down? IP number changed? I grab scamnailer.ndb from mailscanner.eu and mirror on the Sanesecurity mirrors but this file seems to be still updated here too: http://www.mailscanner.eu/phishing.bad.sites.conf.master So maybe just an issue with cdn.mailscanner.info domain? Cheers, Steve Sanesecurity.com From jaearick at colby.edu Mon Apr 1 21:14:01 2013 From: jaearick at colby.edu (Jeff Earickson) Date: Mon, 1 Apr 2013 16:14:01 -0400 Subject: cdn.mailscanner.info down? In-Reply-To: <01ceb33802a9e14eb68c56e0306531a3.squirrel@sanesecurity.com> References: <01ceb33802a9e14eb68c56e0306531a3.squirrel@sanesecurity.com> Message-ID: Steve, Thanks, I changed to mailscanner.eu and things started working again. ----------------------------------- Jeff A. Earickson, Ph.D Senior Server System Administrator Colby College, 4214 Mayflower Hill, Waterville ME, 04901-8842 207-859-4214 (fax 207-859-4186) Eastern Time Zone, USA ----------------------------------- On Mon, Apr 1, 2013 at 1:12 PM, Steve Basford wrote: > >> All, >> >> I went on vacation and came back to discover that ScamNailer updates >> and bad_phishing_sites downloads were no longer working. >> I check my firewall, the problem isn't there. Something broken? >> Down? IP number changed? > > I grab scamnailer.ndb from mailscanner.eu and mirror on the Sanesecurity > mirrors but this file seems to be still updated here too: > > http://www.mailscanner.eu/phishing.bad.sites.conf.master > > So maybe just an issue with cdn.mailscanner.info domain? > > Cheers, > > Steve > Sanesecurity.com > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From phaleintx at gmail.com Mon Apr 1 23:05:52 2013 From: phaleintx at gmail.com (Phil Hale) Date: Mon, 01 Apr 2013 17:05:52 -0500 Subject: cdn.mailscanner.info down? In-Reply-To: References: <01ceb33802a9e14eb68c56e0306531a3.squirrel@sanesecurity.com> Message-ID: <515A04C0.3090003@gmail.com> All, Setting $urlbase to http://www.mailscanner.eu seems to work with ScamNailer as well as update_bad_phishing_sites scripts for me. Phil Phil Hale Systems Programmer II - Linux Systems Administrator Information Technology Texas A&M University-Corpus Christi On 04/01/2013 03:14 PM, Jeff Earickson wrote: > Steve, > > Thanks, I changed to mailscanner.eu and things started working again. > ----------------------------------- > Jeff A. Earickson, Ph.D > Senior Server System Administrator > Colby College, > 4214 Mayflower Hill, > Waterville ME, 04901-8842 > 207-859-4214 (fax 207-859-4186) > Eastern Time Zone, USA > ----------------------------------- > > > On Mon, Apr 1, 2013 at 1:12 PM, Steve Basford > wrote: >>> All, >>> >>> I went on vacation and came back to discover that ScamNailer updates >>> and bad_phishing_sites downloads were no longer working. >>> I check my firewall, the problem isn't there. Something broken? >>> Down? IP number changed? >> I grab scamnailer.ndb from mailscanner.eu and mirror on the Sanesecurity >> mirrors but this file seems to be still updated here too: >> >> http://www.mailscanner.eu/phishing.bad.sites.conf.master >> >> So maybe just an issue with cdn.mailscanner.info domain? >> >> Cheers, >> >> Steve >> Sanesecurity.com >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! From maillists at conactive.com Tue Apr 2 10:45:50 2013 From: maillists at conactive.com (Kai Schaetzl) Date: Tue, 02 Apr 2013 11:45:50 +0200 Subject: Bad phishing sites URL broken? In-Reply-To: References: Message-ID: same for the safe.phishing.sites. Thanks for the alert! Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From mark at msapiro.net Tue Apr 2 16:43:01 2013 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 02 Apr 2013 08:43:01 -0700 Subject: cdn.mailscanner.info down? In-Reply-To: <01ceb33802a9e14eb68c56e0306531a3.squirrel@sanesecurity.com> References: <01ceb33802a9e14eb68c56e0306531a3.squirrel@sanesecurity.com> Message-ID: <515AFC85.9010607@msapiro.net> Steve Basford wrote: > I grab scamnailer.ndb from mailscanner.eu and mirror on the Sanesecurity > mirrors but this file seems to be still updated here too: > > http://www.mailscanner.eu/phishing.bad.sites.conf.master > > So maybe just an issue with cdn.mailscanner.info domain? the server at cdn.mailscanner.info responds to ping, but hasn't been accepting port 80 connects since 27 March. Thanks for the tip about www.mailscanner.eu. I replaced cdn.mailscanner.info with www.mailscanner.eu in my ScamNailer script and in /usr/sbin/update_bad_phishing_sites and they are working now. Note that Kai Schaetzl's post in another thread about safe.phishing.sites (phishing.safe.sites ?) doesn't seem to apply to me as /usr/sbin/update_phishing_sites gets its data from http://www.mailscanner.info/phishing.safe.sites.conf.master which still works for me. Also note that the standard MailScanner configuration includes Web Bug Replacement = http://cdn.mailscanner.info/1x1spacer.gif which may cause issues with email that has a web bug disarmed. This too can be changed to Web Bug Replacement = http://www.mailscanner.eu/1x1spacer.gif or that can be put in a file in /etc/MailScanner/conf.d. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From matt.hampton.uk at gmail.com Tue Apr 2 17:47:07 2013 From: matt.hampton.uk at gmail.com (Matt Hampton) Date: Tue, 2 Apr 2013 17:47:07 +0100 Subject: cdn.mailscanner.info down? In-Reply-To: <515AFC85.9010607@msapiro.net> References: <01ceb33802a9e14eb68c56e0306531a3.squirrel@sanesecurity.com> <515AFC85.9010607@msapiro.net> Message-ID: All This should be rectified this evening. It appears that an over eager spam filter (not MailScanner) dropped the account warning messages. matt On 2 April 2013 16:43, Mark Sapiro wrote: > Steve Basford wrote: > > > I grab scamnailer.ndb from mailscanner.eu and mirror on the Sanesecurity > > mirrors but this file seems to be still updated here too: > > > > http://www.mailscanner.eu/phishing.bad.sites.conf.master > > > > So maybe just an issue with cdn.mailscanner.info domain? > > > the server at cdn.mailscanner.info responds to ping, but hasn't been > accepting port 80 connects since 27 March. > > Thanks for the tip about www.mailscanner.eu. I replaced > cdn.mailscanner.info with www.mailscanner.eu in my ScamNailer script and > in /usr/sbin/update_bad_phishing_sites and they are working now. > > Note that Kai Schaetzl's post in another thread about > safe.phishing.sites (phishing.safe.sites ?) doesn't seem to apply to me > as /usr/sbin/update_phishing_sites gets its data from > http://www.mailscanner.info/phishing.safe.sites.conf.master which still > works for me. > > Also note that the standard MailScanner configuration includes > > Web Bug Replacement = http://cdn.mailscanner.info/1x1spacer.gif > > which may cause issues with email that has a web bug disarmed. This too > can be changed to > > Web Bug Replacement = http://www.mailscanner.eu/1x1spacer.gif > > or that can be put in a file in /etc/MailScanner/conf.d. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130402/51b6a5e1/attachment.html From glenn.steen at gmail.com Fri Apr 5 09:54:22 2013 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri, 5 Apr 2013 10:54:22 +0200 Subject: Filetype Checks: No executables on Greek Emails In-Reply-To: <2EA68A4ECC41C14B9B45A730D7E95F731F250690@AMSPRD0611MB548.eurprd06.prod.outlook.com> References: <2EA68A4ECC41C14B9B45A730D7E95F731F250690@AMSPRD0611MB548.eurprd06.prod.outlook.com> Message-ID: I'm guessing that you have ClamAV Full Message Scan = yes set in MailScanner.conf ... This will make MailScanner "unpack" the body of the email as a file in the directory presented to ClamAV for scanning (other AVs don't seem to need this "help"). The goal is to catch malware that isn't "properly" encoded, but rather just dumped in the message body. For non-english locales, especially greek and russian locales, this can be ... less than fortunate, since the "body file" will be present when the file command is run on the directory, and the file command has some very naive one byte magic detection "strings" that will interprete common greek (or russion KOI-8) characters as being the start of an MS-DOS executable (COM-files et al). When the message is quarantined, the "whole message file" (including headers) is stored in the quarantine (not the file containing just the body), so a simplistic "file message" command will not show the root cause. You need make a copy of that file and manually remove all the headers (and the blank line separating the headers from the body), then run file (and file -i) command on that to see the gory details:). Provided one has the file -i column in filetypes.rules.conf (it is an optional fifth column, meaning that you likely don't have it and need add it yourself... The columns are -separated!), you can use the file -i commands "findings" in that column, for the line that triggers the blocking.... Having lines with file -i "syntax" will make the file -i take precedence ... I think, at least. The common practice of changing the "File Command = " setting to the file -i command is perhaps less work, but it is also less secure, since the string matching on the result may be even less reliable than usual. Then again, file type checking is more of an art than a science:-):-). As I'm sure you've noticed, this isn't a new problem, it has been with MailScanner for quite a few years (if not since the very begining). The methods for fixing the problem has varied over the years (editing the magic file, reporting it to the file command maintainers as a bug, using file -i straight up etc), but the interface Jules has provided is actually the very best imaginable, so do explore that... In a stock filetype.rules.conf file there is even an example for the DOS executables that file -i might find (hopefully a bit more securely than the plain file command... Though the commands are actually one and the same, the -i uses a different magic file, not just different descriptive strings). Changing the ClamAV setting shown above to "no" will make this problem a lot less common (read: go away completely:-), as well, so that might be another very viable option... If you use more than one AV, you don't lose that much security by doing so. Cheers! -- -- Glenn Den 22 mar 2013 16:40 skrev "Nikolaos Pavlidis" < Nikolaos.Pavlidis at beds.ac.uk>: > Hello all, > > I'm having an issue with Mailscanner which weirdly enough has been already > discussed here > > http://markmail.org/message/56fofuvh4tzde7hz#query:+page:1+mid:mu77m5qs6zjhh2jx+state:results > > The problem is: > > Mar 22 15:00:18 smtp1 MailScanner[17935]: Filetype Checks: No executables > (r2JAPluH011324 ) > Mar 22 15:00:46 smtp1 MailScanner[17935]: Saved entire message to > /var/spool/MailScanner/quarantine/20130322/r2JAPluH011324 > > And: > > [root at smtp1 r2JAPluH011324]# pwd > /var/spool/MailScanner/quarantine/20130322/r2JAPluH011324 > [root at smtp1 r2JAPluH011324]# ll > total 28K > -rw------- 1 root root 22K Mar 22 15:00 dfr2JAPluH011324 > -rw------- 1 root root 3.7K Mar 22 15:00 qfr2JAPluH011324 > [root at smtp1 r2JAPluH011324]# file -i * > dfr2JAPluH011324: text/plain; charset=us-ascii > qfr2JAPluH011324: text/plain; charset=unknown > > But I have also added the lines suggested in the previous thread so my > filetype.rules.conf looks like: > > > allow text - - > allow - text/plain - - > allow - text/x-mail - - > allow - message/rfc822 - - > allow \bscript - - > allow archive - - > allow postscript - - > deny self-extract No self-extracting archives No self-extracting > archives allowed > deny executable No executables No programs allowed > > > I have restarted mailscanner before re-queuing the message but always the > same result... > > Any ideas/recommendations would be much appreciated, > > Kind regards, > > Nik > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130405/49ac9118/attachment.html From glenn.steen at gmail.com Fri Apr 5 10:10:33 2013 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri, 5 Apr 2013 11:10:33 +0200 Subject: Filetype Checks: No executables on Greek Emails In-Reply-To: References: <2EA68A4ECC41C14B9B45A730D7E95F731F250690@AMSPRD0611MB548.eurprd06.prod.outlook.com> Message-ID: BTW, when stripping down the body, you may need "de-MIME" a bit as well, to get the actual thing that file sees... Can be a bit tricky:-). IIRC there is a common greek greeting phrase that will start with a character that is guaranteed to be interpreted as a DOS executable... so you might not need go through the trouble of the copy/edit thing, just put that greeting in a (text) file and run file/file -i on that... or just cut'n'paste from your MUA, or similar. I mentioned russion and greek specifically, but this has been reported for other non-english languages as well (french and some south east asian language, at least... for french the culprit was an ? or ? or similar). Cheers! -- -- Glenn On 5 April 2013 10:54, Glenn Steen wrote: > I'm guessing that you have > > ClamAV Full Message Scan = yes > set in MailScanner.conf ... This will make MailScanner "unpack" the body > of the email as a file in the directory presented to ClamAV for scanning > (other AVs don't seem to need this "help"). The goal is to catch malware > that isn't "properly" encoded, but rather just dumped in the message body. > For non-english locales, especially greek and russian locales, this can be > ... less than fortunate, since the "body file" will be present when the > file command is run on the directory, and the file command has some very > naive one byte magic detection "strings" that will interprete common greek > (or russion KOI-8) characters as being the start of an MS-DOS executable > (COM-files et al). > When the message is quarantined, the "whole message file" (including > headers) is stored in the quarantine (not the file containing just the > body), so a simplistic "file message" command will not show the root cause. > You need make a copy of that file and manually remove all the headers (and > the blank line separating the headers from the body), then run file (and > file -i) command on that to see the gory details:). > > Provided one has the file -i column in filetypes.rules.conf (it is an > optional fifth column, meaning that you likely don't have it and need add > it yourself... The columns are -separated!), you can use the file -i > commands "findings" in that column, for the line that triggers the > blocking.... Having lines with file -i "syntax" will make the file -i take > precedence ... I think, at least. > The common practice of changing the "File Command = " setting to the file > -i command is perhaps less work, but it is also less secure, since the > string matching on the result may be even less reliable than usual. Then > again, file type checking is more of an art than a science:-):-). > > As I'm sure you've noticed, this isn't a new problem, it has been with > MailScanner for quite a few years (if not since the very begining). The > methods for fixing the problem has varied over the years (editing the magic > file, reporting it to the file command maintainers as a bug, using file -i > straight up etc), but the interface Jules has provided is actually the very > best imaginable, so do explore that... In a stock filetype.rules.conf file > there is even an example for the DOS executables that file -i might find > (hopefully a bit more securely than the plain file command... Though the > commands are actually one and the same, the -i uses a different magic file, > not just different descriptive strings). > > Changing the ClamAV setting shown above to "no" will make this problem a > lot less common (read: go away completely:-), as well, so that might be > another very viable option... If you use more than one AV, you don't lose > that much security by doing so. > > Cheers! > -- > -- Glenn > > Den 22 mar 2013 16:40 skrev "Nikolaos Pavlidis" < > Nikolaos.Pavlidis at beds.ac.uk>: > > Hello all, >> >> I'm having an issue with Mailscanner which weirdly enough has been >> already discussed here >> >> http://markmail.org/message/56fofuvh4tzde7hz#query:+page:1+mid:mu77m5qs6zjhh2jx+state:results >> >> The problem is: >> >> Mar 22 15:00:18 smtp1 MailScanner[17935]: Filetype Checks: No executables >> (r2JAPluH011324 ) >> Mar 22 15:00:46 smtp1 MailScanner[17935]: Saved entire message to >> /var/spool/MailScanner/quarantine/20130322/r2JAPluH011324 >> >> And: >> >> [root at smtp1 r2JAPluH011324]# pwd >> /var/spool/MailScanner/quarantine/20130322/r2JAPluH011324 >> [root at smtp1 r2JAPluH011324]# ll >> total 28K >> -rw------- 1 root root 22K Mar 22 15:00 dfr2JAPluH011324 >> -rw------- 1 root root 3.7K Mar 22 15:00 qfr2JAPluH011324 >> [root at smtp1 r2JAPluH011324]# file -i * >> dfr2JAPluH011324: text/plain; charset=us-ascii >> qfr2JAPluH011324: text/plain; charset=unknown >> >> But I have also added the lines suggested in the previous thread so my >> filetype.rules.conf looks like: >> >> >> allow text - - >> allow - text/plain - - >> allow - text/x-mail - - >> allow - message/rfc822 - - >> allow \bscript - - >> allow archive - - >> allow postscript - - >> deny self-extract No self-extracting archives No >> self-extracting archives allowed >> deny executable No executables No programs allowed >> >> >> I have restarted mailscanner before re-queuing the message but always the >> same result... >> >> Any ideas/recommendations would be much appreciated, >> >> Kind regards, >> >> Nik >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130405/31a1bed6/attachment.html From Nikolaos.Pavlidis at beds.ac.uk Fri Apr 5 15:37:05 2013 From: Nikolaos.Pavlidis at beds.ac.uk (Nikolaos Pavlidis) Date: Fri, 5 Apr 2013 14:37:05 +0000 Subject: Filetype Checks: No executables on Greek Emails In-Reply-To: References: <2EA68A4ECC41C14B9B45A730D7E95F731F250690@AMSPRD0611MB548.eurprd06.prod.outlook.com> Message-ID: <2EA68A4ECC41C14B9B45A730D7E95F731F2A4278@AMSPRD0611MB548.eurprd06.prod.outlook.com> Hello all, Many thanks Glenn for the very detailed explanation! I have made the changes and I am holding my breath to see what happens.. after all.. I cannot test it with the email that is in the quarantine.. it is already buggered! Many thanks for all your help. Final question: Is disabling that option going to affect the http://www.inetmsg.com/pub/ unofficial signature databases I am using with ClamAV? Thanks again. Kind regards, Nik From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Glenn Steen Sent: 05 April 2013 10:11 To: MailScanner discussion Subject: Re: Filetype Checks: No executables on Greek Emails BTW, when stripping down the body, you may need "de-MIME" a bit as well, to get the actual thing that file sees... Can be a bit tricky:-). IIRC there is a common greek greeting phrase that will start with a character that is guaranteed to be interpreted as a DOS executable... so you might not need go through the trouble of the copy/edit thing, just put that greeting in a (text) file and run file/file -i on that... or just cut'n'paste from your MUA, or similar. I mentioned russion and greek specifically, but this has been reported for other non-english languages as well (french and some south east asian language, at least... for french the culprit was an ? or ? or similar). Cheers! -- -- Glenn On 5 April 2013 10:54, Glenn Steen > wrote: I'm guessing that you have ClamAV Full Message Scan = yes set in MailScanner.conf ... This will make MailScanner "unpack" the body of the email as a file in the directory presented to ClamAV for scanning (other AVs don't seem to need this "help"). The goal is to catch malware that isn't "properly" encoded, but rather just dumped in the message body. For non-english locales, especially greek and russian locales, this can be ... less than fortunate, since the "body file" will be present when the file command is run on the directory, and the file command has some very naive one byte magic detection "strings" that will interprete common greek (or russion KOI-8) characters as being the start of an MS-DOS executable (COM-files et al). When the message is quarantined, the "whole message file" (including headers) is stored in the quarantine (not the file containing just the body), so a simplistic "file message" command will not show the root cause. You need make a copy of that file and manually remove all the headers (and the blank line separating the headers from the body), then run file (and file -i) command on that to see the gory details:). Provided one has the file -i column in filetypes.rules.conf (it is an optional fifth column, meaning that you likely don't have it and need add it yourself... The columns are -separated!), you can use the file -i commands "findings" in that column, for the line that triggers the blocking.... Having lines with file -i "syntax" will make the file -i take precedence ... I think, at least. The common practice of changing the "File Command = " setting to the file -i command is perhaps less work, but it is also less secure, since the string matching on the result may be even less reliable than usual. Then again, file type checking is more of an art than a science:-):-). As I'm sure you've noticed, this isn't a new problem, it has been with MailScanner for quite a few years (if not since the very begining). The methods for fixing the problem has varied over the years (editing the magic file, reporting it to the file command maintainers as a bug, using file -i straight up etc), but the interface Jules has provided is actually the very best imaginable, so do explore that... In a stock filetype.rules.conf file there is even an example for the DOS executables that file -i might find (hopefully a bit more securely than the plain file command... Though the commands are actually one and the same, the -i uses a different magic file, not just different descriptive strings). Changing the ClamAV setting shown above to "no" will make this problem a lot less common (read: go away completely:-), as well, so that might be another very viable option... If you use more than one AV, you don't lose that much security by doing so. Cheers! -- -- Glenn Den 22 mar 2013 16:40 skrev "Nikolaos Pavlidis" >: Hello all, I'm having an issue with Mailscanner which weirdly enough has been already discussed here http://markmail.org/message/56fofuvh4tzde7hz#query:+page:1+mid:mu77m5qs6zjhh2jx+state:results The problem is: Mar 22 15:00:18 smtp1 MailScanner[17935]: Filetype Checks: No executables (r2JAPluH011324 ) Mar 22 15:00:46 smtp1 MailScanner[17935]: Saved entire message to /var/spool/MailScanner/quarantine/20130322/r2JAPluH011324 And: [root at smtp1 r2JAPluH011324]# pwd /var/spool/MailScanner/quarantine/20130322/r2JAPluH011324 [root at smtp1 r2JAPluH011324]# ll total 28K -rw------- 1 root root 22K Mar 22 15:00 dfr2JAPluH011324 -rw------- 1 root root 3.7K Mar 22 15:00 qfr2JAPluH011324 [root at smtp1 r2JAPluH011324]# file -i * dfr2JAPluH011324: text/plain; charset=us-ascii qfr2JAPluH011324: text/plain; charset=unknown But I have also added the lines suggested in the previous thread so my filetype.rules.conf looks like: allow text - - allow - text/plain - - allow - text/x-mail - - allow - message/rfc822 - - allow \bscript - - allow archive - - allow postscript - - deny self-extract No self-extracting archives No self-extracting archives allowed deny executable No executables No programs allowed I have restarted mailscanner before re-queuing the message but always the same result... Any ideas/recommendations would be much appreciated, Kind regards, Nik -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130405/49398a89/attachment.html From steveb_clamav at sanesecurity.com Fri Apr 5 19:30:15 2013 From: steveb_clamav at sanesecurity.com (Steve Basford) Date: Fri, 5 Apr 2013 19:30:15 +0100 Subject: Filetype Checks: No executables on Greek Emails In-Reply-To: <2EA68A4ECC41C14B9B45A730D7E95F731F2A4278@AMSPRD0611MB548.eurprd06.prod.outlook.com> References: <2EA68A4ECC41C14B9B45A730D7E95F731F250690@AMSPRD0611MB548.eurprd06.prod.outlook.com> <2EA68A4ECC41C14B9B45A730D7E95F731F2A4278@AMSPRD0611MB548.eurprd06.prod.outlook.com> Message-ID: <43b514b9f4ab316bc23f1ae201928ade.squirrel@sanesecurity.com> > Is disabling that option going to affect the http://www.inetmsg.com/pub/ > unofficial signature databases I am using with ClamAV? The InetMsg site is down, so if you need scripts, they are now here: http://sanesecurity.com/usage/linux-scripts/ > ClamAV Full Message Scan = yes In order to get the best out of the sigs, you do need this option enabled, ie; headers/body/attachments are all fed into ClamAV engine for scanning. Cheers, Steve Sanesecurity From jflowers at ezo.net Sun Apr 7 03:30:59 2013 From: jflowers at ezo.net (jflowers) Date: Sat, 6 Apr 2013 21:30:59 -0500 Subject: ScamNailer - Failed to retrieve valid current details Message-ID: <20130407022005.M20225@ezo.net> ScamNailer-2.10 perl v5.14.2 Doesn't like line 209. Remove the quotes. if ($text =~ /^"emails\.(.+)\.(.+)"$/) { -- Jim Flowers From Glenn.Steen at ap1.se Mon Apr 8 09:47:18 2013 From: Glenn.Steen at ap1.se (Steen, Glenn) Date: Mon, 8 Apr 2013 08:47:18 +0000 Subject: Filetype Checks: No executables on Greek Emails In-Reply-To: <2EA68A4ECC41C14B9B45A730D7E95F731F2A4278@AMSPRD0611MB548.eurprd06.prod.outlook.com> References: <2EA68A4ECC41C14B9B45A730D7E95F731F250690@AMSPRD0611MB548.eurprd06.prod.outlook.com> <2EA68A4ECC41C14B9B45A730D7E95F731F2A4278@AMSPRD0611MB548.eurprd06.prod.outlook.com> Message-ID: <1365410838.527.3.camel@ub2395.ap1.se> fre 2013-04-05 klockan 14:37 +0000 skrev Nikolaos Pavlidis: Hello all, Many thanks Glenn for the very detailed explanation! I have made the changes and I am holding my breath to see what happens.. after all.. I cannot test it with the email that is in the quarantine.. it is already buggered! Many thanks for all your help. Final question: Is disabling that option going to affect the http://www.inetmsg.com/pub/ unofficial signature databases I am using with ClamAV? Thanks again. Kind regards, Nik Sorry Nik (and Steve!)... I think I'm turning slightly senile:-)... Steve is right, that option is to dump the entire message *with headers* in there, which is likely harmless to the file command(s)... What I was thinking of, but remembering kind of wrong, was the Find UU-Encoded Files = setting ... If that one is "yes", change it to "no". Cheers -- -- Glenn From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Glenn Steen Sent: 05 April 2013 10:11 To: MailScanner discussion Subject: Re: Filetype Checks: No executables on Greek Emails BTW, when stripping down the body, you may need "de-MIME" a bit as well, to get the actual thing that file sees... Can be a bit tricky:-). IIRC there is a common greek greeting phrase that will start with a character that is guaranteed to be interpreted as a DOS executable... so you might not need go through the trouble of the copy/edit thing, just put that greeting in a (text) file and run file/file -i on that... or just cut'n'paste from your MUA, or similar. I mentioned russion and greek specifically, but this has been reported for other non-english languages as well (french and some south east asian language, at least... for french the culprit was an ? or ? or similar). Cheers! -- -- Glenn On 5 April 2013 10:54, Glenn Steen > wrote: I'm guessing that you have ClamAV Full Message Scan = yes set in MailScanner.conf ... This will make MailScanner "unpack" the body of the email as a file in the directory presented to ClamAV for scanning (other AVs don't seem to need this "help"). The goal is to catch malware that isn't "properly" encoded, but rather just dumped in the message body. For non-english locales, especially greek and russian locales, this can be ... less than fortunate, since the "body file" will be present when the file command is run on the directory, and the file command has some very naive one byte magic detection "strings" that will interprete common greek (or russion KOI-8) characters as being the start of an MS-DOS executable (COM-files et al). When the message is quarantined, the "whole message file" (including headers) is stored in the quarantine (not the file containing just the body), so a simplistic "file message" command will not show the root cause. You need make a copy of that file and manually remove all the headers (and the blank line separating the headers from the body), then run file (and file -i) command on that to see the gory details:). Provided one has the file -i column in filetypes.rules.conf (it is an optional fifth column, meaning that you likely don't have it and need add it yourself... The columns are -separated!), you can use the file -i commands "findings" in that column, for the line that triggers the blocking.... Having lines with file -i "syntax" will make the file -i take precedence ... I think, at least. The common practice of changing the "File Command = " setting to the file -i command is perhaps less work, but it is also less secure, since the string matching on the result may be even less reliable than usual. Then again, file type checking is more of an art than a science:-):-). As I'm sure you've noticed, this isn't a new problem, it has been with MailScanner for quite a few years (if not since the very begining). The methods for fixing the problem has varied over the years (editing the magic file, reporting it to the file command maintainers as a bug, using file -i straight up etc), but the interface Jules has provided is actually the very best imaginable, so do explore that... In a stock filetype.rules.conf file there is even an example for the DOS executables that file -i might find (hopefully a bit more securely than the plain file command... Though the commands are actually one and the same, the -i uses a different magic file, not just different descriptive strings). Changing the ClamAV setting shown above to "no" will make this problem a lot less common (read: go away completely:-), as well, so that might be another very viable option... If you use more than one AV, you don't lose that much security by doing so. Cheers! -- -- Glenn Den 22 mar 2013 16:40 skrev "Nikolaos Pavlidis" >: Hello all, I'm having an issue with Mailscanner which weirdly enough has been already discussed here http://markmail.org/message/56fofuvh4tzde7hz#query:+page:1+mid:mu77m5qs6zjhh2jx+state:results The problem is: Mar 22 15:00:18 smtp1 MailScanner[17935]: Filetype Checks: No executables (r2JAPluH011324 ) Mar 22 15:00:46 smtp1 MailScanner[17935]: Saved entire message to /var/spool/MailScanner/quarantine/20130322/r2JAPluH011324 And: [root at smtp1 r2JAPluH011324]# pwd /var/spool/MailScanner/quarantine/20130322/r2JAPluH011324 [root at smtp1 r2JAPluH011324]# ll total 28K -rw------- 1 root root 22K Mar 22 15:00 dfr2JAPluH011324 -rw------- 1 root root 3.7K Mar 22 15:00 qfr2JAPluH011324 [root at smtp1 r2JAPluH011324]# file -i * dfr2JAPluH011324: text/plain; charset=us-ascii qfr2JAPluH011324: text/plain; charset=unknown But I have also added the lines suggested in the previous thread so my filetype.rules.conf looks like: allow text - - allow - text/plain - - allow - text/x-mail - - allow - message/rfc822 - - allow \bscript - - allow archive - - allow postscript - - deny self-extract No self-extracting archives No self-extracting archives allowed deny executable No executables No programs allowed I have restarted mailscanner before re-queuing the message but always the same result... Any ideas/recommendations would be much appreciated, Kind regards, Nik -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130408/e6c36313/attachment.html From Nikolaos.Pavlidis at beds.ac.uk Mon Apr 8 11:06:05 2013 From: Nikolaos.Pavlidis at beds.ac.uk (Nikolaos Pavlidis) Date: Mon, 8 Apr 2013 10:06:05 +0000 Subject: Filetype Checks: No executables on Greek Emails In-Reply-To: <1365410838.527.3.camel@ub2395.ap1.se> References: <2EA68A4ECC41C14B9B45A730D7E95F731F250690@AMSPRD0611MB548.eurprd06.prod.outlook.com> <2EA68A4ECC41C14B9B45A730D7E95F731F2A4278@AMSPRD0611MB548.eurprd06.prod.outlook.com> <1365410838.527.3.camel@ub2395.ap1.se> Message-ID: <2EA68A4ECC41C14B9B45A730D7E95F731F2A5E39@AMSPRD0611MB548.eurprd06.prod.outlook.com> Hello all, So this should remain ClamAV Full Message Scan = yes ? Find UU-Encoded Files is set to ?no? though Kind regards, Nik From: Steen, Glenn [mailto:Glenn.Steen at ap1.se] Sent: 08 April 2013 09:47 To: Nikolaos Pavlidis Cc: mailscanner at lists.mailscanner.info Subject: RE: Filetype Checks: No executables on Greek Emails fre 2013-04-05 klockan 14:37 +0000 skrev Nikolaos Pavlidis: Hello all, Many thanks Glenn for the very detailed explanation! I have made the changes and I am holding my breath to see what happens.. after all.. I cannot test it with the email that is in the quarantine.. it is already buggered! Many thanks for all your help. Final question: Is disabling that option going to affect the http://www.inetmsg.com/pub/ unofficial signature databases I am using with ClamAV? Thanks again. Kind regards, Nik Sorry Nik (and Steve!)... I think I'm turning slightly senile:-)... Steve is right, that option is to dump the entire message *with headers* in there, which is likely harmless to the file command(s)... What I was thinking of, but remembering kind of wrong, was the Find UU-Encoded Files = setting ... If that one is "yes", change it to "no". Cheers -- -- Glenn From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Glenn Steen Sent: 05 April 2013 10:11 To: MailScanner discussion Subject: Re: Filetype Checks: No executables on Greek Emails BTW, when stripping down the body, you may need "de-MIME" a bit as well, to get the actual thing that file sees... Can be a bit tricky:-). IIRC there is a common greek greeting phrase that will start with a character that is guaranteed to be interpreted as a DOS executable... so you might not need go through the trouble of the copy/edit thing, just put that greeting in a (text) file and run file/file -i on that... or just cut'n'paste from your MUA, or similar. I mentioned russion and greek specifically, but this has been reported for other non-english languages as well (french and some south east asian language, at least... for french the culprit was an ? or ? or similar). Cheers! -- -- Glenn On 5 April 2013 10:54, Glenn Steen > wrote: I'm guessing that you have ClamAV Full Message Scan = yes set in MailScanner.conf ... This will make MailScanner "unpack" the body of the email as a file in the directory presented to ClamAV for scanning (other AVs don't seem to need this "help"). The goal is to catch malware that isn't "properly" encoded, but rather just dumped in the message body. For non-english locales, especially greek and russian locales, this can be ... less than fortunate, since the "body file" will be present when the file command is run on the directory, and the file command has some very naive one byte magic detection "strings" that will interprete common greek (or russion KOI-8) characters as being the start of an MS-DOS executable (COM-files et al). When the message is quarantined, the "whole message file" (including headers) is stored in the quarantine (not the file containing just the body), so a simplistic "file message" command will not show the root cause. You need make a copy of that file and manually remove all the headers (and the blank line separating the headers from the body), then run file (and file -i) command on that to see the gory details:). Provided one has the file -i column in filetypes.rules.conf (it is an optional fifth column, meaning that you likely don't have it and need add it yourself... The columns are -separated!), you can use the file -i commands "findings" in that column, for the line that triggers the blocking.... Having lines with file -i "syntax" will make the file -i take precedence ... I think, at least. The common practice of changing the "File Command = " setting to the file -i command is perhaps less work, but it is also less secure, since the string matching on the result may be even less reliable than usual. Then again, file type checking is more of an art than a science:-):-). As I'm sure you've noticed, this isn't a new problem, it has been with MailScanner for quite a few years (if not since the very begining). The methods for fixing the problem has varied over the years (editing the magic file, reporting it to the file command maintainers as a bug, using file -i straight up etc), but the interface Jules has provided is actually the very best imaginable, so do explore that... In a stock filetype.rules.conf file there is even an example for the DOS executables that file -i might find (hopefully a bit more securely than the plain file command... Though the commands are actually one and the same, the -i uses a different magic file, not just different descriptive strings). Changing the ClamAV setting shown above to "no" will make this problem a lot less common (read: go away completely:-), as well, so that might be another very viable option... If you use more than one AV, you don't lose that much security by doing so. Cheers! -- -- Glenn Den 22 mar 2013 16:40 skrev "Nikolaos Pavlidis" >: Hello all, I'm having an issue with Mailscanner which weirdly enough has been already discussed here http://markmail.org/message/56fofuvh4tzde7hz#query:+page:1+mid:mu77m5qs6zjhh2jx+state:results The problem is: Mar 22 15:00:18 smtp1 MailScanner[17935]: Filetype Checks: No executables (r2JAPluH011324 ) Mar 22 15:00:46 smtp1 MailScanner[17935]: Saved entire message to /var/spool/MailScanner/quarantine/20130322/r2JAPluH011324 And: [root at smtp1 r2JAPluH011324]# pwd /var/spool/MailScanner/quarantine/20130322/r2JAPluH011324 [root at smtp1 r2JAPluH011324]# ll total 28K -rw------- 1 root root 22K Mar 22 15:00 dfr2JAPluH011324 -rw------- 1 root root 3.7K Mar 22 15:00 qfr2JAPluH011324 [root at smtp1 r2JAPluH011324]# file -i * dfr2JAPluH011324: text/plain; charset=us-ascii qfr2JAPluH011324: text/plain; charset=unknown But I have also added the lines suggested in the previous thread so my filetype.rules.conf looks like: allow text - - allow - text/plain - - allow - text/x-mail - - allow - message/rfc822 - - allow \bscript - - allow archive - - allow postscript - - deny self-extract No self-extracting archives No self-extracting archives allowed deny executable No executables No programs allowed I have restarted mailscanner before re-queuing the message but always the same result... Any ideas/recommendations would be much appreciated, Kind regards, Nik -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130408/dab7cb58/attachment.html From q at snj.ca Mon Apr 8 18:55:47 2013 From: q at snj.ca (Quintin Giesbrecht) Date: Mon, 8 Apr 2013 17:55:47 +0000 Subject: Fedora 18 and MailScanner Message-ID: <7422D1030AB0A0479EE5090F3702AAF814756D@BUGATTI.snjlaw.local> I have searched the archives, googled, etc...I cannot find a solution to this, so if someone has already asked/solved this, please kindly point me to the artice or post. Thanks! I was a long time user of Mailscanner until about a year ago, when my firm bought an appliance - which I have grown to HATE (in respect to spam/anti-virus)...so, I am trying to setup a new MailScanner machine... I am getting an error when starting MailScanner. From the logs: Apr 8 12:40:57 localhost systemd[1]: Starting SYSV: MailScanner is an open-source E-Mail Gateway Virus Scanner.... Apr 8 12:40:58 localhost MailScanner[1906]: Starting MailScanner daemons: Apr 8 12:40:58 localhost MailScanner[1906]: incoming sendmail: [ OK ] Apr 8 12:40:58 localhost MailScanner[1906]: outgoing sendmail: [ OK ] Apr 8 12:40:59 localhost MailScanner[1906]: MailScanner: [ OK ] Apr 8 12:40:59 localhost systemd[1]: PID file /var/run/MailScanner.pid not readable (yet?) after start. Apr 8 12:42:15 localhost systemd[1]: MailScanner.service never wrote its PID file. Failing. Apr 8 12:42:15 localhost systemd[1]: Failed to start SYSV: MailScanner is an open-source E-Mail Gateway Virus Scanner.. Apr 8 12:42:15 localhost systemd[1]: Unit MailScanner.service entered failed state Apr 8 12:45:16 localhost chronyd[675]: Selected source 198.100.149.6 It is failing to write the PID file. Anyone run into this? Any ideas as to the issue, or how to solve? If you need more info, please ask. Thanks so much for any help. _______________________________________________________ Quintin Giesbrecht Smith Neufeld Jodoin LLP IT Manager q at snj.ca (204)346-5106 ________________________________ This communication, including its attachments, if any, is confidential and intended only for the person(s) to whom it is addressed, and may contain proprietary and/or privileged material. Any unauthorized review, disclosure, copying, other distribution of this communication or taking of any action in reliance on its contents is strictly prohibited. If you have received this message in error, please notify us immediately so that we may amend our records. Then, please delete this message, and its attachments, if any, without reading, copying or forwarding it to anyone. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130408/e9c21581/attachment.html From campbell at cnpapers.com Mon Apr 8 19:41:11 2013 From: campbell at cnpapers.com (Steve Campbell) Date: Mon, 08 Apr 2013 14:41:11 -0400 Subject: Fedora 18 and MailScanner In-Reply-To: <7422D1030AB0A0479EE5090F3702AAF814756D@BUGATTI.snjlaw.local> References: <7422D1030AB0A0479EE5090F3702AAF814756D@BUGATTI.snjlaw.local> Message-ID: <51630F47.8010700@cnpapers.com> Permissions on /var/run? Mine show /var/run owned by root with 755 on it. steve campbell On 4/8/2013 1:55 PM, Quintin Giesbrecht wrote: > > I have searched the archives, googled, etc...I cannot find a solution > to this, so if someone has already asked/solved this, please kindly > point me to the artice or post. Thanks! > > I was a long time user of Mailscanner until about a year ago, when my > firm bought an appliance -- which I have grown to HATE (in respect to > spam/anti-virus)...so, I am trying to setup a new MailScanner machine... > > I am getting an error when starting MailScanner. From the logs: > > Apr 8 12:40:57 localhost systemd[1]: Starting SYSV: MailScanner is an > open-source E-Mail Gateway Virus Scanner.... > > Apr 8 12:40:58 localhost MailScanner[1906]: Starting MailScanner daemons: > > Apr 8 12:40:58 localhost MailScanner[1906]: incoming sendmail: [ OK ] > > Apr 8 12:40:58 localhost MailScanner[1906]: outgoing sendmail: [ OK ] > > Apr 8 12:40:59 localhost MailScanner[1906]: MailScanner: [ OK ] > > Apr 8 12:40:59 localhost systemd[1]: PID file > /var/run/MailScanner.pid not readable (yet?) after start. > > Apr 8 12:42:15 localhost systemd[1]: MailScanner.service never wrote > its PID file. Failing. > > Apr 8 12:42:15 localhost systemd[1]: Failed to start SYSV: > MailScanner is an open-source E-Mail Gateway Virus Scanner.. > > Apr 8 12:42:15 localhost systemd[1]: Unit MailScanner.service entered > failed state > > Apr 8 12:45:16 localhost chronyd[675]: Selected source 198.100.149.6 > > It is failing to write the PID file. Anyone run into this? Any ideas > as to the issue, or how to solve? If you need more info, please ask. > > Thanks so much for any help. > > _______________________________________________________ > > Quintin Giesbrecht > > Smith Neufeld Jodoin LLP > > IT Manager > > q at snj.ca > > (204)346-5106 > > ------------------------------------------------------------------------ > This communication, including its attachments, if any, is confidential > and intended only for the person(s) to whom it is addressed, and may > contain proprietary and/or privileged material. Any unauthorized > review, disclosure, copying, other distribution of this communication > or taking of any action in reliance on its contents is strictly > prohibited. If you have received this message in error, please notify > us immediately so that we may amend our records. Then, please delete > this message, and its attachments, if any, without reading, copying or > forwarding it to anyone. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130408/d2bc127b/attachment.html From jerry.benton at mailborder.com Mon Apr 8 19:41:09 2013 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 8 Apr 2013 20:41:09 +0200 Subject: Fedora 18 and MailScanner In-Reply-To: <7422D1030AB0A0479EE5090F3702AAF814756D@BUGATTI.snjlaw.local> References: <7422D1030AB0A0479EE5090F3702AAF814756D@BUGATTI.snjlaw.local> Message-ID: Before I even look at any of those errors, I would suggest simply staying away from Fedora for a server platform. I do not support it with Mailborder due to its buggy nature and rapid deployment cycle. I would suggest sticking with CentOS (or RH proper) if you want to go with a RH clone. Jerry Benton www.mailborder.com On Mon, Apr 8, 2013 at 7:55 PM, Quintin Giesbrecht wrote: > I have searched the archives, googled, etc?I cannot find a solution to > this, so if someone has already asked/solved this, please kindly point me > to the artice or post. Thanks! > > > > I was a long time user of Mailscanner until about a year ago, when my firm > bought an appliance ? which I have grown to HATE (in respect to > spam/anti-virus)?so, I am trying to setup a new MailScanner machine? > > > > > > > > I am getting an error when starting MailScanner. From the logs: > > > > Apr 8 12:40:57 localhost systemd[1]: Starting SYSV: MailScanner is an > open-source E-Mail Gateway Virus Scanner.... > > Apr 8 12:40:58 localhost MailScanner[1906]: Starting MailScanner daemons: > > Apr 8 12:40:58 localhost MailScanner[1906]: incoming sendmail: [ OK ] > > Apr 8 12:40:58 localhost MailScanner[1906]: outgoing sendmail: [ OK ] > > Apr 8 12:40:59 localhost MailScanner[1906]: MailScanner: [ OK ] > > Apr 8 12:40:59 localhost systemd[1]: PID file /var/run/MailScanner.pid > not readable (yet?) after start. > > Apr 8 12:42:15 localhost systemd[1]: MailScanner.service never wrote its > PID file. Failing. > > Apr 8 12:42:15 localhost systemd[1]: Failed to start SYSV: MailScanner is > an open-source E-Mail Gateway Virus Scanner.. > > Apr 8 12:42:15 localhost systemd[1]: Unit MailScanner.service entered > failed state > > Apr 8 12:45:16 localhost chronyd[675]: Selected source 198.100.149.6 > > > > It is failing to write the PID file. Anyone run into this? Any ideas as > to the issue, or how to solve? If you need more info, please ask. > > > > Thanks so much for any help. > > > > _______________________________________________________ > > Quintin Giesbrecht > > Smith Neufeld Jodoin LLP > > IT Manager > > q at snj.ca > > (204)346-5106 > > > > ------------------------------ > This communication, including its attachments, if any, is confidential > and intended only for the person(s) to whom it is addressed, and may > contain proprietary and/or privileged material. Any unauthorized review, > disclosure, copying, other distribution of this communication or taking of > any action in reliance on its contents is strictly prohibited. If you have > received this message in error, please notify us immediately so that we may > amend our records. Then, please delete this message, and its attachments, > if any, without reading, copying or forwarding it to anyone. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- -- Jerry Benton Mailborder Systems www.mailborder.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130408/38222e12/attachment.html From jerry.benton at mailborder.com Mon Apr 8 19:42:05 2013 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 8 Apr 2013 20:42:05 +0200 Subject: Fedora 18 and MailScanner In-Reply-To: References: <7422D1030AB0A0479EE5090F3702AAF814756D@BUGATTI.snjlaw.local> Message-ID: And it is probably failing to write to the PID because the directory defined in the MailScanner.conf does not exists. On Mon, Apr 8, 2013 at 8:41 PM, Jerry Benton wrote: > Before I even look at any of those errors, I would suggest simply staying > away from Fedora for a server platform. I do not support it with Mailborder > due to its buggy nature and rapid deployment cycle. I would suggest > sticking with CentOS (or RH proper) if you want to go with a RH clone. > > Jerry Benton > www.mailborder.com > > > > On Mon, Apr 8, 2013 at 7:55 PM, Quintin Giesbrecht wrote: > >> I have searched the archives, googled, etc?I cannot find a solution to >> this, so if someone has already asked/solved this, please kindly point me >> to the artice or post. Thanks! >> >> >> >> I was a long time user of Mailscanner until about a year ago, when my >> firm bought an appliance ? which I have grown to HATE (in respect to >> spam/anti-virus)?so, I am trying to setup a new MailScanner machine? >> >> >> >> >> >> >> >> I am getting an error when starting MailScanner. From the logs: >> >> >> >> Apr 8 12:40:57 localhost systemd[1]: Starting SYSV: MailScanner is an >> open-source E-Mail Gateway Virus Scanner.... >> >> Apr 8 12:40:58 localhost MailScanner[1906]: Starting MailScanner daemons: >> >> Apr 8 12:40:58 localhost MailScanner[1906]: incoming sendmail: [ OK ] >> >> Apr 8 12:40:58 localhost MailScanner[1906]: outgoing sendmail: [ OK ] >> >> Apr 8 12:40:59 localhost MailScanner[1906]: MailScanner: [ OK ] >> >> Apr 8 12:40:59 localhost systemd[1]: PID file /var/run/MailScanner.pid >> not readable (yet?) after start. >> >> Apr 8 12:42:15 localhost systemd[1]: MailScanner.service never wrote its >> PID file. Failing. >> >> Apr 8 12:42:15 localhost systemd[1]: Failed to start SYSV: MailScanner >> is an open-source E-Mail Gateway Virus Scanner.. >> >> Apr 8 12:42:15 localhost systemd[1]: Unit MailScanner.service entered >> failed state >> >> Apr 8 12:45:16 localhost chronyd[675]: Selected source 198.100.149.6 >> >> >> >> It is failing to write the PID file. Anyone run into this? Any ideas as >> to the issue, or how to solve? If you need more info, please ask. >> >> >> >> Thanks so much for any help. >> >> >> >> _______________________________________________________ >> >> Quintin Giesbrecht >> >> Smith Neufeld Jodoin LLP >> >> IT Manager >> >> q at snj.ca >> >> (204)346-5106 >> >> >> >> ------------------------------ >> This communication, including its attachments, if any, is confidential >> and intended only for the person(s) to whom it is addressed, and may >> contain proprietary and/or privileged material. Any unauthorized review, >> disclosure, copying, other distribution of this communication or taking of >> any action in reliance on its contents is strictly prohibited. If you have >> received this message in error, please notify us immediately so that we may >> amend our records. Then, please delete this message, and its attachments, >> if any, without reading, copying or forwarding it to anyone. >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > -- > > -- > Jerry Benton > Mailborder Systems > www.mailborder.com > -- -- Jerry Benton Mailborder Systems www.mailborder.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130408/75bc069b/attachment.html From q at snj.ca Mon Apr 8 19:44:43 2013 From: q at snj.ca (Quintin Giesbrecht) Date: Mon, 8 Apr 2013 18:44:43 +0000 Subject: Fedora 18 and MailScanner In-Reply-To: <7422D1030AB0A0479EE5090F3702AAF814756D@BUGATTI.snjlaw.local> References: <7422D1030AB0A0479EE5090F3702AAF814756D@BUGATTI.snjlaw.local> Message-ID: <7422D1030AB0A0479EE5090F3702AAF8148656@BUGATTI.snjlaw.local> Got it working. I hadn't yet installed SpamAssassin - apparently MS won't start at all unless SA is installed?? Anyways, it looks like it is running now. Thanks! Q From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Quintin Giesbrecht Sent: April-08-13 12:56 PM To: mailscanner at lists.mailscanner.info Subject: Fedora 18 and MailScanner I have searched the archives, googled, etc...I cannot find a solution to this, so if someone has already asked/solved this, please kindly point me to the artice or post. Thanks! I was a long time user of Mailscanner until about a year ago, when my firm bought an appliance - which I have grown to HATE (in respect to spam/anti-virus)...so, I am trying to setup a new MailScanner machine... I am getting an error when starting MailScanner. From the logs: Apr 8 12:40:57 localhost systemd[1]: Starting SYSV: MailScanner is an open-source E-Mail Gateway Virus Scanner.... Apr 8 12:40:58 localhost MailScanner[1906]: Starting MailScanner daemons: Apr 8 12:40:58 localhost MailScanner[1906]: incoming sendmail: [ OK ] Apr 8 12:40:58 localhost MailScanner[1906]: outgoing sendmail: [ OK ] Apr 8 12:40:59 localhost MailScanner[1906]: MailScanner: [ OK ] Apr 8 12:40:59 localhost systemd[1]: PID file /var/run/MailScanner.pid not readable (yet?) after start. Apr 8 12:42:15 localhost systemd[1]: MailScanner.service never wrote its PID file. Failing. Apr 8 12:42:15 localhost systemd[1]: Failed to start SYSV: MailScanner is an open-source E-Mail Gateway Virus Scanner.. Apr 8 12:42:15 localhost systemd[1]: Unit MailScanner.service entered failed state Apr 8 12:45:16 localhost chronyd[675]: Selected source 198.100.149.6 It is failing to write the PID file. Anyone run into this? Any ideas as to the issue, or how to solve? If you need more info, please ask. Thanks so much for any help. _______________________________________________________ Quintin Giesbrecht Smith Neufeld Jodoin LLP IT Manager q at snj.ca (204)346-5106 ________________________________ This communication, including its attachments, if any, is confidential and intended only for the person(s) to whom it is addressed, and may contain proprietary and/or privileged material. Any unauthorized review, disclosure, copying, other distribution of this communication or taking of any action in reliance on its contents is strictly prohibited. If you have received this message in error, please notify us immediately so that we may amend our records. Then, please delete this message, and its attachments, if any, without reading, copying or forwarding it to anyone. ________________________________ This communication, including its attachments, if any, is confidential and intended only for the person(s) to whom it is addressed, and may contain proprietary and/or privileged material. Any unauthorized review, disclosure, copying, other distribution of this communication or taking of any action in reliance on its contents is strictly prohibited. If you have received this message in error, please notify us immediately so that we may amend our records. Then, please delete this message, and its attachments, if any, without reading, copying or forwarding it to anyone. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130408/f46897a4/attachment.html From maxsec at gmail.com Mon Apr 8 19:52:09 2013 From: maxsec at gmail.com (Martin Hepworth) Date: Mon, 8 Apr 2013 19:52:09 +0100 Subject: Fedora 18 and MailScanner In-Reply-To: <7422D1030AB0A0479EE5090F3702AAF814756D@BUGATTI.snjlaw.local> References: <7422D1030AB0A0479EE5090F3702AAF814756D@BUGATTI.snjlaw.local> Message-ID: I suggest use centos not something with a very small lifespan and bleeding edge like Fedora Also try running in debug mode and you dont say which MTA you are trying to use and how you installed (rpm, generic tar file..) -- Martin Hepworth, CISSP Oxford, UK On 8 April 2013 18:55, Quintin Giesbrecht wrote: > I have searched the archives, googled, etc?I cannot find a solution to > this, so if someone has already asked/solved this, please kindly point me > to the artice or post. Thanks! > > > > I was a long time user of Mailscanner until about a year ago, when my firm > bought an appliance ? which I have grown to HATE (in respect to > spam/anti-virus)?so, I am trying to setup a new MailScanner machine? > > > > > > > > I am getting an error when starting MailScanner. From the logs: > > > > Apr 8 12:40:57 localhost systemd[1]: Starting SYSV: MailScanner is an > open-source E-Mail Gateway Virus Scanner.... > > Apr 8 12:40:58 localhost MailScanner[1906]: Starting MailScanner daemons: > > Apr 8 12:40:58 localhost MailScanner[1906]: incoming sendmail: [ OK ] > > Apr 8 12:40:58 localhost MailScanner[1906]: outgoing sendmail: [ OK ] > > Apr 8 12:40:59 localhost MailScanner[1906]: MailScanner: [ OK ] > > Apr 8 12:40:59 localhost systemd[1]: PID file /var/run/MailScanner.pid > not readable (yet?) after start. > > Apr 8 12:42:15 localhost systemd[1]: MailScanner.service never wrote its > PID file. Failing. > > Apr 8 12:42:15 localhost systemd[1]: Failed to start SYSV: MailScanner is > an open-source E-Mail Gateway Virus Scanner.. > > Apr 8 12:42:15 localhost systemd[1]: Unit MailScanner.service entered > failed state > > Apr 8 12:45:16 localhost chronyd[675]: Selected source 198.100.149.6 > > > > It is failing to write the PID file. Anyone run into this? Any ideas as > to the issue, or how to solve? If you need more info, please ask. > > > > Thanks so much for any help. > > > > _______________________________________________________ > > Quintin Giesbrecht > > Smith Neufeld Jodoin LLP > > IT Manager > > q at snj.ca > > (204)346-5106 > > > > ------------------------------ > This communication, including its attachments, if any, is confidential > and intended only for the person(s) to whom it is addressed, and may > contain proprietary and/or privileged material. Any unauthorized review, > disclosure, copying, other distribution of this communication or taking of > any action in reliance on its contents is strictly prohibited. If you have > received this message in error, please notify us immediately so that we may > amend our records. Then, please delete this message, and its attachments, > if any, without reading, copying or forwarding it to anyone. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130408/911bd6d0/attachment-0001.html From jerry.benton at mailborder.com Mon Apr 8 20:30:41 2013 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 8 Apr 2013 21:30:41 +0200 Subject: Fedora 18 and MailScanner In-Reply-To: <51630F47.8010700@cnpapers.com> References: <7422D1030AB0A0479EE5090F3702AAF814756D@BUGATTI.snjlaw.local> <51630F47.8010700@cnpapers.com> Message-ID: No what I mean is there might not even be a /var/run. It may be /usr/lib/run on his system. Point is that he needs to check the path used in MailScanner.conf as the first step. On Mon, Apr 8, 2013 at 8:41 PM, Steve Campbell wrote: > Permissions on /var/run? Mine show /var/run owned by root with 755 on it. > > steve campbell > > On 4/8/2013 1:55 PM, Quintin Giesbrecht wrote: > > I have searched the archives, googled, etc?I cannot find a solution to > this, so if someone has already asked/solved this, please kindly point me > to the artice or post. Thanks! > > > > I was a long time user of Mailscanner until about a year ago, when my firm > bought an appliance ? which I have grown to HATE (in respect to > spam/anti-virus)?so, I am trying to setup a new MailScanner machine? > > > > > > > > I am getting an error when starting MailScanner. From the logs: > > > > Apr 8 12:40:57 localhost systemd[1]: Starting SYSV: MailScanner is an > open-source E-Mail Gateway Virus Scanner.... > > Apr 8 12:40:58 localhost MailScanner[1906]: Starting MailScanner daemons: > > Apr 8 12:40:58 localhost MailScanner[1906]: incoming sendmail: [ OK ] > > Apr 8 12:40:58 localhost MailScanner[1906]: outgoing sendmail: [ OK ] > > Apr 8 12:40:59 localhost MailScanner[1906]: MailScanner: [ OK ] > > Apr 8 12:40:59 localhost systemd[1]: PID file /var/run/MailScanner.pid > not readable (yet?) after start. > > Apr 8 12:42:15 localhost systemd[1]: MailScanner.service never wrote its > PID file. Failing. > > Apr 8 12:42:15 localhost systemd[1]: Failed to start SYSV: MailScanner is > an open-source E-Mail Gateway Virus Scanner.. > > Apr 8 12:42:15 localhost systemd[1]: Unit MailScanner.service entered > failed state > > Apr 8 12:45:16 localhost chronyd[675]: Selected source 198.100.149.6 > > > > It is failing to write the PID file. Anyone run into this? Any ideas as > to the issue, or how to solve? If you need more info, please ask. > > > > Thanks so much for any help. > > > > _______________________________________________________ > > Quintin Giesbrecht > > Smith Neufeld Jodoin LLP > > IT Manager > > q at snj.ca > > (204)346-5106 > > > > ------------------------------ > This communication, including its attachments, if any, is confidential > and intended only for the person(s) to whom it is addressed, and may > contain proprietary and/or privileged material. Any unauthorized review, > disclosure, copying, other distribution of this communication or taking of > any action in reliance on its contents is strictly prohibited. If you have > received this message in error, please notify us immediately so that we may > amend our records. Then, please delete this message, and its attachments, > if any, without reading, copying or forwarding it to anyone. > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- -- Jerry Benton Mailborder Systems www.mailborder.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130408/cbc90925/attachment.html From jerry.benton at mailborder.com Mon Apr 8 20:34:52 2013 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 8 Apr 2013 21:34:52 +0200 Subject: Fedora 18 and MailScanner In-Reply-To: <7422D1030AB0A0479EE5090F3702AAF8148656@BUGATTI.snjlaw.local> References: <7422D1030AB0A0479EE5090F3702AAF814756D@BUGATTI.snjlaw.local> <7422D1030AB0A0479EE5090F3702AAF8148656@BUGATTI.snjlaw.local> Message-ID: That's a better first step. Install everything :) On Mon, Apr 8, 2013 at 8:44 PM, Quintin Giesbrecht wrote: > Got it working. I hadn?t yet installed SpamAssassin ? apparently MS > won?t start at all unless SA is installed?? Anyways, it looks like it is > running now. > > > > > > Thanks! > > > > Q > > > > *From:* mailscanner-bounces at lists.mailscanner.info [mailto: > mailscanner-bounces at lists.mailscanner.info] *On Behalf Of *Quintin > Giesbrecht > *Sent:* April-08-13 12:56 PM > *To:* mailscanner at lists.mailscanner.info > *Subject:* Fedora 18 and MailScanner > > > > I have searched the archives, googled, etc?I cannot find a solution to > this, so if someone has already asked/solved this, please kindly point me > to the artice or post. Thanks! > > > > I was a long time user of Mailscanner until about a year ago, when my firm > bought an appliance ? which I have grown to HATE (in respect to > spam/anti-virus)?so, I am trying to setup a new MailScanner machine? > > > > > > > > I am getting an error when starting MailScanner. From the logs: > > > > Apr 8 12:40:57 localhost systemd[1]: Starting SYSV: MailScanner is an > open-source E-Mail Gateway Virus Scanner.... > > Apr 8 12:40:58 localhost MailScanner[1906]: Starting MailScanner daemons: > > Apr 8 12:40:58 localhost MailScanner[1906]: incoming sendmail: [ OK ] > > Apr 8 12:40:58 localhost MailScanner[1906]: outgoing sendmail: [ OK ] > > Apr 8 12:40:59 localhost MailScanner[1906]: MailScanner: [ OK ] > > Apr 8 12:40:59 localhost systemd[1]: PID file /var/run/MailScanner.pid > not readable (yet?) after start. > > Apr 8 12:42:15 localhost systemd[1]: MailScanner.service never wrote its > PID file. Failing. > > Apr 8 12:42:15 localhost systemd[1]: Failed to start SYSV: MailScanner is > an open-source E-Mail Gateway Virus Scanner.. > > Apr 8 12:42:15 localhost systemd[1]: Unit MailScanner.service entered > failed state > > Apr 8 12:45:16 localhost chronyd[675]: Selected source 198.100.149.6 > > > > It is failing to write the PID file. Anyone run into this? Any ideas as > to the issue, or how to solve? If you need more info, please ask. > > > > Thanks so much for any help. > > > > _______________________________________________________ > > Quintin Giesbrecht > > Smith Neufeld Jodoin LLP > > IT Manager > > q at snj.ca > > (204)346-5106 > > > > > ------------------------------ > > This communication, including its attachments, if any, is confidential and > intended only for the person(s) to whom it is addressed, and may contain > proprietary and/or privileged material. Any unauthorized review, > disclosure, copying, other distribution of this communication or taking of > any action in reliance on its contents is strictly prohibited. If you have > received this message in error, please notify us immediately so that we may > amend our records. Then, please delete this message, and its attachments, > if any, without reading, copying or forwarding it to anyone. > > ------------------------------ > This communication, including its attachments, if any, is confidential > and intended only for the person(s) to whom it is addressed, and may > contain proprietary and/or privileged material. Any unauthorized review, > disclosure, copying, other distribution of this communication or taking of > any action in reliance on its contents is strictly prohibited. If you have > received this message in error, please notify us immediately so that we may > amend our records. Then, please delete this message, and its attachments, > if any, without reading, copying or forwarding it to anyone. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- -- Jerry Benton Mailborder Systems www.mailborder.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130408/1190e149/attachment.html From campbell at cnpapers.com Mon Apr 8 20:44:11 2013 From: campbell at cnpapers.com (Steve Campbell) Date: Mon, 08 Apr 2013 15:44:11 -0400 Subject: Fedora 18 and MailScanner In-Reply-To: References: <7422D1030AB0A0479EE5090F3702AAF814756D@BUGATTI.snjlaw.local> <51630F47.8010700@cnpapers.com> Message-ID: <51631E0B.8090600@cnpapers.com> As I recall, you don't need Spamassassin to run Mailscanner, so I'd be a little careful when you deem it "fixed". I totally agree with Jerry here also. It has got to be easier to install Centos and maintain it that to use Fedora. steve campbell On 4/8/2013 3:30 PM, Jerry Benton wrote: > No what I mean is there might not even be a /var/run. It may be > /usr/lib/run on his system. Point is that he needs to check the path > used in MailScanner.conf as the first step. > > > On Mon, Apr 8, 2013 at 8:41 PM, Steve Campbell > wrote: > > Permissions on /var/run? Mine show /var/run owned by root with 755 > on it. > > steve campbell > > On 4/8/2013 1:55 PM, Quintin Giesbrecht wrote: >> >> I have searched the archives, googled, etc...I cannot find a >> solution to this, so if someone has already asked/solved this, >> please kindly point me to the artice or post. Thanks! >> >> I was a long time user of Mailscanner until about a year ago, >> when my firm bought an appliance -- which I have grown to HATE >> (in respect to spam/anti-virus)...so, I am trying to setup a new >> MailScanner machine... >> >> I am getting an error when starting MailScanner. From the logs: >> >> Apr 8 12:40:57 localhost systemd[1]: Starting SYSV: MailScanner >> is an open-source E-Mail Gateway Virus Scanner.... >> >> Apr 8 12:40:58 localhost MailScanner[1906]: Starting MailScanner >> daemons: >> >> Apr 8 12:40:58 localhost MailScanner[1906]: incoming sendmail: >> [ OK ] >> >> Apr 8 12:40:58 localhost MailScanner[1906]: outgoing sendmail: >> [ OK ] >> >> Apr 8 12:40:59 localhost MailScanner[1906]: MailScanner: >> [ OK ] >> >> Apr 8 12:40:59 localhost systemd[1]: PID file >> /var/run/MailScanner.pid not readable (yet?) after start. >> >> Apr 8 12:42:15 localhost systemd[1]: MailScanner.service never >> wrote its PID file. Failing. >> >> Apr 8 12:42:15 localhost systemd[1]: Failed to start SYSV: >> MailScanner is an open-source E-Mail Gateway Virus Scanner.. >> >> Apr 8 12:42:15 localhost systemd[1]: Unit MailScanner.service >> entered failed state >> >> Apr 8 12:45:16 localhost chronyd[675]: Selected source 198.100.149.6 >> >> It is failing to write the PID file. Anyone run into this? Any >> ideas as to the issue, or how to solve? If you need more info, >> please ask. >> >> Thanks so much for any help. >> >> _______________________________________________________ >> >> Quintin Giesbrecht >> >> Smith Neufeld Jodoin LLP >> >> IT Manager >> >> q at snj.ca >> >> (204)346-5106 >> >> ------------------------------------------------------------------------ >> This communication, including its attachments, if any, is >> confidential and intended only for the person(s) to whom it is >> addressed, and may contain proprietary and/or privileged >> material. Any unauthorized review, disclosure, copying, other >> distribution of this communication or taking of any action in >> reliance on its contents is strictly prohibited. If you have >> received this message in error, please notify us immediately so >> that we may amend our records. Then, please delete this message, >> and its attachments, if any, without reading, copying or >> forwarding it to anyone. >> >> > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > -- > > -- > Jerry Benton > Mailborder Systems > www.mailborder.com > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130408/e6797e45/attachment.html From m.a.young at durham.ac.uk Tue Apr 9 10:47:33 2013 From: m.a.young at durham.ac.uk (M A Young) Date: Tue, 9 Apr 2013 10:47:33 +0100 (BST) Subject: Fedora 18 and MailScanner In-Reply-To: References: <7422D1030AB0A0479EE5090F3702AAF814756D@BUGATTI.snjlaw.local> <51630F47.8010700@cnpapers.com> Message-ID: On Mon, 8 Apr 2013, Jerry Benton wrote: > No what I mean is there might not even be a /var/run. It may be /usr/lib/run > on his system. Point is that he needs to check the path used in > MailScanner.conf as the first step. On Fedora 18 /var/run is actually a symlink to /run which is a tmpfs file system, so it should work. You probably need to check selinux isn't getting in your way (setenforce 0 to stop it blocking anything until reboot, or set SELINUX=permissive or SELINUX=disabled in /etc/selinux/config to change the setting on reboot). I do agree with the others though that Fedora is a bad choice for a server as you will need to upgrade it at least once a year, and it is sometimes less stable than something like CentOS. Michael Young From garry at glendown.de Fri Apr 12 12:59:19 2013 From: garry at glendown.de (Garry Glendown) Date: Fri, 12 Apr 2013 13:59:19 +0200 Subject: Need conditional redirect Message-ID: <5167F717.4070903@glendown.de> Hi, in order to do some bug-hunting I need a mailserver to redirect any mail received from a certain internal sender address to a fixed destination, no matter what the recipient/recipient domain ... I've been looking through the config of MS, but could not find a feature that would help in this case ... I know "Non Spam Actions" would allow an additional copy to be forwarded, but I need the original message not to be delivered to the recipients ... Does anybody have an idea on how to implement this temporarily? Either in MS, or in Sendmail ... Thanks,Garry From dgottsc at emory.edu Fri Apr 12 15:00:31 2013 From: dgottsc at emory.edu (Gottschalk, David) Date: Fri, 12 Apr 2013 14:00:31 +0000 Subject: Need conditional redirect In-Reply-To: <5167F717.4070903@glendown.de> References: <5167F717.4070903@glendown.de> Message-ID: <29C400C10C01FA4C8405D52684332F694A26F09B@e14mbx15n.Enterprise.emory.net> I would think you could make a rule with SpamAssassin (assuming you are using it) to tag messages from that mailserver, then use an action within MailScanner to redirect that message. David Gottschalk Emory University UTS Messaging Team -----Original Message----- From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Garry Glendown Sent: Friday, April 12, 2013 7:59 AM To: mailscanner at lists.mailscanner.info Subject: Need conditional redirect Hi, in order to do some bug-hunting I need a mailserver to redirect any mail received from a certain internal sender address to a fixed destination, no matter what the recipient/recipient domain ... I've been looking through the config of MS, but could not find a feature that would help in this case ... I know "Non Spam Actions" would allow an additional copy to be forwarded, but I need the original message not to be delivered to the recipients ... Does anybody have an idea on how to implement this temporarily? Either in MS, or in Sendmail ... Thanks,Garry -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ________________________________ This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). From q at snj.ca Fri Apr 12 20:37:48 2013 From: q at snj.ca (Quintin Giesbrecht) Date: Fri, 12 Apr 2013 19:37:48 +0000 Subject: Could not parse Outlook Rich Text attachment Message-ID: <7422D1030AB0A0479EE5090F3702AAF814CAA2@BUGATTI.snjlaw.local> I am having the above appear, so far, in what seems like only when a read receipt is sent from any of our end users. I have applied the appropriate changes to MailScanner.conf, but it still generates these. User TNEF Contents = No Deliver Unparsable TNEF = Yes Any help would be appreciated. Thanks! _______________________________________________________ Quintin Giesbrecht Smith Neufeld Jodoin LLP IT Manager q at snj.ca (204)346-5106 ________________________________ This communication, including its attachments, if any, is confidential and intended only for the person(s) to whom it is addressed, and may contain proprietary and/or privileged material. Any unauthorized review, disclosure, copying, other distribution of this communication or taking of any action in reliance on its contents is strictly prohibited. If you have received this message in error, please notify us immediately so that we may amend our records. Then, please delete this message, and its attachments, if any, without reading, copying or forwarding it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130412/8ecbea73/attachment.html From jerry.benton at mailborder.com Fri Apr 12 21:19:46 2013 From: jerry.benton at mailborder.com (Jerry Benton) Date: Fri, 12 Apr 2013 22:19:46 +0200 Subject: Could not parse Outlook Rich Text attachment In-Reply-To: <7422D1030AB0A0479EE5090F3702AAF814CAA2@BUGATTI.snjlaw.local> References: <7422D1030AB0A0479EE5090F3702AAF814CAA2@BUGATTI.snjlaw.local> Message-ID: http://lists.mailscanner.info/pipermail/mailscanner/2013-March/thread.html On Fri, Apr 12, 2013 at 9:37 PM, Quintin Giesbrecht wrote: > I am having the above appear, so far, in what seems like only when a > read receipt is sent from any of our end users. > > > > I have applied the appropriate changes to MailScanner.conf, but it still > generates these. > > > > User TNEF Contents = No > > Deliver Unparsable TNEF = Yes > > > > Any help would be appreciated. > > > > Thanks! > > > > _______________________________________________________ > > Quintin Giesbrecht > > Smith Neufeld Jodoin LLP > > IT Manager > > q at snj.ca > > (204)346-5106 > > > > ------------------------------ > This communication, including its attachments, if any, is confidential > and intended only for the person(s) to whom it is addressed, and may > contain proprietary and/or privileged material. Any unauthorized review, > disclosure, copying, other distribution of this communication or taking of > any action in reliance on its contents is strictly prohibited. If you have > received this message in error, please notify us immediately so that we may > amend our records. Then, please delete this message, and its attachments, > if any, without reading, copying or forwarding it to anyone. > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- -- Jerry Benton Mailborder Systems www.mailborder.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130412/c0b8f652/attachment.html From alex at vidadigital.com.pa Fri Apr 12 22:01:16 2013 From: alex at vidadigital.com.pa (Alex Neuman) Date: Fri, 12 Apr 2013 16:01:16 -0500 Subject: Could not parse Outlook Rich Text attachment In-Reply-To: <7422D1030AB0A0479EE5090F3702AAF814CAA2@BUGATTI.snjlaw.local> References: <7422D1030AB0A0479EE5090F3702AAF814CAA2@BUGATTI.snjlaw.local> Message-ID: There is no setting called "User TNEF Contents". If you check your logs you'll probably see MailScanner complaining about it. Try adding: Expand TNEF=no Use TNEF Contents = no Deliver Unparsable TNEF = yes On Fri, Apr 12, 2013 at 2:37 PM, Quintin Giesbrecht wrote: > I am having the above appear, so far, in what seems like only when a > read receipt is sent from any of our end users. > > > > I have applied the appropriate changes to MailScanner.conf, but it still > generates these. > > > > User TNEF Contents = No > > Deliver Unparsable TNEF = Yes > > > > Any help would be appreciated. > > > > Thanks! > > > > _______________________________________________________ > > Quintin Giesbrecht > > Smith Neufeld Jodoin LLP > > IT Manager > > q at snj.ca > > (204)346-5106 > > > > ------------------------------ > This communication, including its attachments, if any, is confidential > and intended only for the person(s) to whom it is addressed, and may > contain proprietary and/or privileged material. Any unauthorized review, > disclosure, copying, other distribution of this communication or taking of > any action in reliance on its contents is strictly prohibited. If you have > received this message in error, please notify us immediately so that we may > amend our records. Then, please delete this message, and its attachments, > if any, without reading, copying or forwarding it to anyone. > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130412/7a86bbce/attachment.html From simon at kmun.gov.kw Sat Apr 13 12:58:59 2013 From: simon at kmun.gov.kw (simon at kmun.gov.kw) Date: Sat, 13 Apr 2013 14:58:59 +0300 Subject: mailscanner order installation Message-ID: <635fac867d5d1ba1702e92021f9ac01f.squirrel@webmail.baladia.gov.kw> dear All, I am sorry for this post maybe a immature question.. what is the right sequence for Mailscanner Installation. there are 2 packages on the official web site. MailScanner-4.84.5-3.rpm.tar.gz and install-Clam-SA-latest.tar.gz. do i need to install mailscanner first and then install clam SA or the other way I had installed mailscanner and then install clam-SA but MailScanner --lint was saying no antivirus found.. and spam assassin --lint was also reporting errors also do i have to install clamav separately from repositary or from the above package itself really would appreciate your help or a link which has info on the installation of above 2 packages regards simon -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at vidadigital.com.pa Sat Apr 13 14:10:33 2013 From: alex at vidadigital.com.pa (Alex Neuman) Date: Sat, 13 Apr 2013 08:10:33 -0500 Subject: mailscanner order installation In-Reply-To: <635fac867d5d1ba1702e92021f9ac01f.squirrel@webmail.baladia.gov.kw> References: <635fac867d5d1ba1702e92021f9ac01f.squirrel@webmail.baladia.gov.kw> Message-ID: The order doesn't matter as long as you read and configure /etc/MailScanner/Mailscanner.conf and/or /etc/MailScanner/conf.d/yoursettings.conf correctly. On Sat, Apr 13, 2013 at 6:58 AM, wrote: > dear All, > > I am sorry for this post maybe a immature question.. > what is the right sequence for Mailscanner Installation. > > there are 2 packages on the official web site. > > MailScanner-4.84.5-3.rpm.tar.gz > and > install-Clam-SA-latest.tar.gz. > > do i need to install mailscanner first and then install clam SA or the > other way > > I had installed mailscanner and then install clam-SA but MailScanner > --lint was saying no antivirus found.. > and spam assassin --lint was also reporting errors > > also do i have to install clamav separately from repositary or from the > above package itself > > really would appreciate your help or a link which has info on the > installation of above 2 packages > > regards > > simon > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130413/69053522/attachment.html From ka at pacific.net Sat Apr 13 16:03:32 2013 From: ka at pacific.net (Ken A) Date: Sat, 13 Apr 2013 10:03:32 -0500 Subject: Need conditional redirect In-Reply-To: <5167F717.4070903@glendown.de> References: <5167F717.4070903@glendown.de> Message-ID: <516973C4.1060808@pacific.net> Have you looked at milter.org for a possible solution? There are generic milters, like pymilter that might be of help. I think it's a simple problem, but there may not be a ready-made solution. Ken A. On 4/12/2013 6:59 AM, Garry Glendown wrote: > Hi, > > in order to do some bug-hunting I need a mailserver to redirect any mail > received from a certain internal sender address to a fixed destination, > no matter what the recipient/recipient domain ... I've been looking > through the config of MS, but could not find a feature that would help > in this case ... I know "Non Spam Actions" would allow an additional > copy to be forwarded, but I need the original message not to be > delivered to the recipients ... > > Does anybody have an idea on how to implement this temporarily? Either > in MS, or in Sendmail ... > > Thanks,Garry > -- Ken Anderson Pacific Internet - http://www.pacific.net From bonivart at opencsw.org Sat Apr 13 16:43:17 2013 From: bonivart at opencsw.org (Peter Bonivart) Date: Sat, 13 Apr 2013 17:43:17 +0200 Subject: Need conditional redirect In-Reply-To: <5167F717.4070903@glendown.de> References: <5167F717.4070903@glendown.de> Message-ID: On Fri, Apr 12, 2013 at 1:59 PM, Garry Glendown wrote: > Hi, > > in order to do some bug-hunting I need a mailserver to redirect any mail > received from a certain internal sender address to a fixed destination, > no matter what the recipient/recipient domain ... I've been looking > through the config of MS, but could not find a feature that would help > in this case ... I know "Non Spam Actions" would allow an additional > copy to be forwarded, but I need the original message not to be > delivered to the recipients ... Make a ruleset for Non Spam Actions (and possibly for Spam and High Scoring Spam if you want) where the default action is deliver. Add a line with from that server where the action is forward to the other destination, no deliver on that line. /peter From mejaz at cyberia.net.sa Sun Apr 14 09:39:35 2013 From: mejaz at cyberia.net.sa (Ejaz) Date: Sun, 14 Apr 2013 11:39:35 +0300 Subject: dictionary Message-ID: <21DAFB57179E4399A42971DBAEF4D58A@EJAZ> There is any way to control dictionary attack from the mailscanner. As we are receiving huge number of such Spam messages. Thanks in advance for the help. Regards, __________________ Mohammed Ejaz Sr,Systems Administrator Middle East Internet Company (CYBERIA) Riyadh, Saudi Arabia Phone: +966-1-4647114 Ext: 140 Mobile +966-562311787 Fax: +966-1-4654735 E-mail: mejaz at cyberia.net.sa -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130414/3189733e/attachment.html From jerry.benton at mailborder.com Sun Apr 14 11:16:41 2013 From: jerry.benton at mailborder.com (Jerry Benton) Date: Sun, 14 Apr 2013 12:16:41 +0200 Subject: dictionary In-Reply-To: <21DAFB57179E4399A42971DBAEF4D58A@EJAZ> References: <21DAFB57179E4399A42971DBAEF4D58A@EJAZ> Message-ID: You can use greylisting. http://www.postfix.org/SMTPD_POLICY_README.html#greylist On Sun, Apr 14, 2013 at 10:39 AM, Ejaz wrote: > ** ** ** > > There is any way to control dictionary attack from the mailscanner. As we > are receiving huge number of such Spam messages. **** > > ** ** > > Thanks in advance for the help. **** > > ** ** > > Regards, > __________________ > Mohammed Ejaz > Sr,Systems Administrator > Middle East Internet Company (CYBERIA) > ****Riyadh**, **Saudi Arabia**** > Phone: +966-1-4647114 Ext: 140 > Mobile +966-562311787 > Fax: +966-1-4654735 > E-mail: mejaz at cyberia.net.sa**** > > ** ** > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- -- Jerry Benton Mailborder Systems www.mailborder.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130414/a5ba0c4d/attachment.html From maxsec at gmail.com Sun Apr 14 18:03:04 2013 From: maxsec at gmail.com (Martin Hepworth) Date: Sun, 14 Apr 2013 18:03:04 +0100 Subject: dictionary In-Reply-To: <21DAFB57179E4399A42971DBAEF4D58A@EJAZ> References: <21DAFB57179E4399A42971DBAEF4D58A@EJAZ> Message-ID: Also reject non valid email addresses on the incoming mta On Sunday, 14 April 2013, Ejaz wrote: > ** ** ** > > There is any way to control dictionary attack from the mailscanner. As we > are receiving huge number of such Spam messages. **** > > ** ** > > Thanks in advance for the help. **** > > ** ** > > Regards, > __________________ > Mohammed Ejaz > Sr,Systems Administrator > Middle East Internet Company (CYBERIA) > ****Riyadh**, **Saudi Arabia**** > Phone: +966-1-4647114 Ext: 140 > Mobile +966-562311787 > Fax: +966-1-4654735 > E-mail: mejaz at cyberia.net.sa 'mejaz at cyberia.net.sa');>**** > > ** ** > -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130414/57c396be/attachment.html From jerry.benton at mailborder.com Sun Apr 14 18:45:04 2013 From: jerry.benton at mailborder.com (Jerry Benton) Date: Sun, 14 Apr 2013 19:45:04 +0200 Subject: dictionary In-Reply-To: References: <21DAFB57179E4399A42971DBAEF4D58A@EJAZ> Message-ID: Oh yeah. Forgot about that. Here is a video tutorial I made for recipient verification. This is postfix based. https://www.youtube.com/watch?feature=player_embedded&v=J2XfMbu7GfQ On Sun, Apr 14, 2013 at 7:03 PM, Martin Hepworth wrote: > Also reject non valid email addresses on the incoming mta > > > On Sunday, 14 April 2013, Ejaz wrote: > >> ** ** ** >> >> There is any way to control dictionary attack from the mailscanner. As we >> are receiving huge number of such Spam messages. **** >> >> ** ** >> >> Thanks in advance for the help. **** >> >> ** ** >> >> Regards, >> __________________ >> Mohammed Ejaz >> Sr,Systems Administrator >> Middle East Internet Company (CYBERIA) >> ****Riyadh**, **Saudi Arabia**** >> Phone: +966-1-4647114 Ext: 140 >> Mobile +966-562311787 >> Fax: +966-1-4654735 >> E-mail: mejaz at cyberia.net.sa**** >> >> ** ** >> > > > -- > -- > Martin Hepworth, CISSP > Oxford, UK > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- -- Jerry Benton Mailborder Systems www.mailborder.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130414/470e1696/attachment.html From alex at vidadigital.com.pa Sun Apr 14 20:29:44 2013 From: alex at vidadigital.com.pa (Alex Neuman) Date: Sun, 14 Apr 2013 14:29:44 -0500 Subject: dictionary In-Reply-To: References: <21DAFB57179E4399A42971DBAEF4D58A@EJAZ> Message-ID: Also look into using SMTP auth and fail2ban. On Sun, Apr 14, 2013 at 12:03 PM, Martin Hepworth wrote: > Also reject non valid email addresses on the incoming mta > > > On Sunday, 14 April 2013, Ejaz wrote: > >> ** ** ** >> >> There is any way to control dictionary attack from the mailscanner. As we >> are receiving huge number of such Spam messages. **** >> >> ** ** >> >> Thanks in advance for the help. **** >> >> ** ** >> >> Regards, >> __________________ >> Mohammed Ejaz >> Sr,Systems Administrator >> Middle East Internet Company (CYBERIA) >> ****Riyadh**, **Saudi Arabia**** >> Phone: +966-1-4647114 Ext: 140 >> Mobile +966-562311787 >> Fax: +966-1-4654735 >> E-mail: mejaz at cyberia.net.sa**** >> >> ** ** >> > > > -- > -- > Martin Hepworth, CISSP > Oxford, UK > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130414/0dc94568/attachment.html From garry at glendown.de Mon Apr 15 06:46:05 2013 From: garry at glendown.de (Garry Glendown) Date: Mon, 15 Apr 2013 07:46:05 +0200 Subject: Need conditional redirect In-Reply-To: <516973C4.1060808@pacific.net> References: <5167F717.4070903@glendown.de> <516973C4.1060808@pacific.net> Message-ID: <516B941D.1070801@glendown.de> On 13.04.2013 17:03, Ken A wrote: > Have you looked at milter.org for a possible solution? > There are generic milters, like pymilter that might be of help. > I think it's a simple problem, but there may not be a ready-made solution. Problem with milters is that I can't change the actual recipient ... AFAIK, a milter can only tell sendmail whether or not to actually process the mail, but not change the envelope information ... tnx, -garry From admin at lctn.org Mon Apr 15 14:43:54 2013 From: admin at lctn.org (Raymond Norton) Date: Mon, 15 Apr 2013 08:43:54 -0500 Subject: Bouncing messages with missing From: info Message-ID: <516C041A.4050502@lctn.org> I am using MailScanner 4.84.5 with postfix. I have one relay domain getting hit hard by non delivery notices which are missing any info in the "From" field. Is there a rule I can add to postfix that will bounce messages like this? Raymond From jerry.benton at mailborder.com Mon Apr 15 16:17:11 2013 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 15 Apr 2013 17:17:11 +0200 Subject: Bouncing messages with missing From: info In-Reply-To: <516C041A.4050502@lctn.org> References: <516C041A.4050502@lctn.org> Message-ID: NDRs are not supposed to have info in the From field according to RFC. That prevents emails bouncing around until the end of time. So, are these NDRs to real users? If not, you can use recipient verification. References: tools.ietf.org/html/rfc3834 tools.ietf.org/html/rfc2822 tools.ietf.org/html/rfc5321 tools.ietf.org/html/rfc6522 On Mon, Apr 15, 2013 at 3:43 PM, Raymond Norton wrote: > I am using MailScanner 4.84.5 with postfix. I have one relay domain > getting hit hard by non delivery notices which are missing any info in > the "From" field. > > Is there a rule I can add to postfix that will bounce messages like this? > > > Raymond > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Jerry Benton Mailborder Systems www.mailborder.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130415/b6d93245/attachment.html From mailscanner at joolee.nl Mon Apr 15 16:29:32 2013 From: mailscanner at joolee.nl (Joolee) Date: Mon, 15 Apr 2013 17:29:32 +0200 Subject: Bouncing messages with missing From: info In-Reply-To: <516C041A.4050502@lctn.org> References: <516C041A.4050502@lctn.org> Message-ID: From: ^[ \t]*$ Should be a rule you can use. On 15 April 2013 15:43, Raymond Norton wrote: > I am using MailScanner 4.84.5 with postfix. I have one relay domain > getting hit hard by non delivery notices which are missing any info in > the "From" field. > > Is there a rule I can add to postfix that will bounce messages like this? > > > Raymond > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130415/fc815c5f/attachment.html From admin at lctn.org Mon Apr 15 16:56:30 2013 From: admin at lctn.org (Raymond Norton) Date: Mon, 15 Apr 2013 10:56:30 -0500 Subject: Bouncing messages with missing From: info In-Reply-To: References: <516C041A.4050502@lctn.org> Message-ID: <516C232E.9060008@lctn.org> I have the following in main.cf: smtpd_restriction_classes = spf_policy, grey_policy, whitelist_policy verify_recipient, look_ahead Yet, the relay domain on my end is getting hammered with undeliverables to non-existant users. They are using Exchange 2010 and I have verified their server sends out a 550 message, but would like them not to have to deal with the messages in the first place. On 04/15/2013 10:17 AM, Jerry Benton wrote: > NDRs are not supposed to have info in the From field according to RFC. > That prevents emails bouncing around until the end of time. > > So, are these NDRs to real users? If not, you can use recipient > verification. > > References: > > tools.ietf.org/html/rfc3834 > > tools.ietf.org/html/rfc2822 > > tools.ietf.org/html/rfc5321 > > tools.ietf.org/html/rfc6522 > > > On Mon, Apr 15, 2013 at 3:43 PM, Raymond Norton > wrote: > > I am using MailScanner 4.84.5 with postfix. I have one relay domain > getting hit hard by non delivery notices which are missing any > info in > the "From" field. > > Is there a rule I can add to postfix that will bounce messages > like this? > > > Raymond > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > -- > > -- > Jerry Benton > Mailborder Systems > www.mailborder.com > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130415/e62403a0/attachment.html From steve.freegard at fsl.com Mon Apr 15 17:31:53 2013 From: steve.freegard at fsl.com (Steve Freegard) Date: Mon, 15 Apr 2013 17:31:53 +0100 Subject: Bouncing messages with missing From: info In-Reply-To: <516C232E.9060008@lctn.org> References: <516C041A.4050502@lctn.org> <516C232E.9060008@lctn.org> Message-ID: The Exchange default (really stupid) is not to reject non-existent users, so even if you are doing an SMTP call-ahead to verify recipients it won't do any good unless Exchange is configured to reject invalid users. See http://technet.microsoft.com/en-us/library/bb125187.aspx Also note that a From header is mandatory for all messages see RFC5322 section 3.6. For bounce messages the envelope sender is null to prevent mail loops, the from header is usually MAILER DAEMON or postmaster at generating.host.name. Regards, Steve. On 15/04/13 16:56, Raymond Norton wrote: > I have the following in main.cf: > > smtpd_restriction_classes = spf_policy, grey_policy, whitelist_policy > verify_recipient, look_ahead > > Yet, the relay domain on my end is getting hammered with undeliverables > to non-existant users. They are using Exchange 2010 and I have verified > their server sends out a 550 message, but would like them not to have to > deal with the messages in the first place. > > > > On 04/15/2013 10:17 AM, Jerry Benton wrote: >> NDRs are not supposed to have info in the From field according to RFC. >> That prevents emails bouncing around until the end of time. >> >> So, are these NDRs to real users? If not, you can use recipient >> verification. >> >> References: >> >> tools.ietf.org/html/rfc3834 >> >> tools.ietf.org/html/rfc2822 >> >> tools.ietf.org/html/rfc5321 >> >> tools.ietf.org/html/rfc6522 >> >> >> On Mon, Apr 15, 2013 at 3:43 PM, Raymond Norton > > wrote: >> >> I am using MailScanner 4.84.5 with postfix. I have one relay domain >> getting hit hard by non delivery notices which are missing any >> info in >> the "From" field. >> >> Is there a rule I can add to postfix that will bounce messages >> like this? >> >> >> Raymond >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> >> -- >> >> -- >> Jerry Benton >> Mailborder Systems >> www.mailborder.com >> >> -- >> This message has been scanned for viruses and >> dangerous content by *MailScanner* , and is >> believed to be clean. >> >> > > > From utisoft at gmail.com Mon Apr 15 17:32:20 2013 From: utisoft at gmail.com (Chris Rees) Date: Mon, 15 Apr 2013 17:32:20 +0100 Subject: Bouncing messages with missing From: info In-Reply-To: References: <516C041A.4050502@lctn.org> Message-ID: On 15 Apr 2013 17:03, "Joolee" wrote: > > From: ^[ \t]*$ > > Should be a rule you can use. From: [^ \t]*$ Instead perhaps? :) This also won't match name
form. From: Should match anything with an address. Chris > On 15 April 2013 15:43, Raymond Norton wrote: >> >> I am using MailScanner 4.84.5 with postfix. I have one relay domain >> getting hit hard by non delivery notices which are missing any info in >> the "From" field. >> >> Is there a rule I can add to postfix that will bounce messages like this? >> >> >> Raymond >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130415/9519f6a5/attachment.html From admin at lctn.org Mon Apr 15 19:25:43 2013 From: admin at lctn.org (Raymond Norton) Date: Mon, 15 Apr 2013 13:25:43 -0500 Subject: Bouncing messages with missing From: info In-Reply-To: References: <516C041A.4050502@lctn.org> Message-ID: <516C4627.5000501@lctn.org> > Should be a rule you can use. From: [^ \t]*$ Is that a spamassassin rule? Not sure how I would apply it. Raymond From mailscanner at joolee.nl Mon Apr 15 19:26:35 2013 From: mailscanner at joolee.nl (Joolee) Date: Mon, 15 Apr 2013 20:26:35 +0200 Subject: Bouncing messages with missing From: info In-Reply-To: References: <516C041A.4050502@lctn.org> Message-ID: The whole point was to match anything *without* an address wasn't it? Your version will match anything that does or doesn't have a space or tab at the end, that means, anything. On 15 April 2013 18:32, Chris Rees wrote: > > On 15 Apr 2013 17:03, "Joolee" wrote: > > > > From: ^[ \t]*$ > > > > Should be a rule you can use. > > From: [^ \t]*$ > > Instead perhaps? :) This also won't match name
form. > > From: > > Should match anything with an address. > > Chris > > > On 15 April 2013 15:43, Raymond Norton wrote: > >> > >> I am using MailScanner 4.84.5 with postfix. I have one relay domain > >> getting hit hard by non delivery notices which are missing any info in > >> the "From" field. > >> > >> Is there a rule I can add to postfix that will bounce messages like > this? > >> > >> > >> Raymond > >> -- > >> MailScanner mailing list > >> mailscanner at lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130415/132fed57/attachment.html From jerry.benton at mailborder.com Mon Apr 15 22:30:15 2013 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 15 Apr 2013 23:30:15 +0200 Subject: Bouncing messages with missing From: info In-Reply-To: References: <516C041A.4050502@lctn.org> Message-ID: i sent this out yesterday as well. It is a postfix + exchange video tutorial on recipient verification. This will prevent your client's exchange server from ever seeing the NDR. https://www.youtube.com/watch?feature=player_embedded&v=J2XfMbu7GfQ On Monday, April 15, 2013, Joolee wrote: > The whole point was to match anything *without* an address wasn't it? > Your version will match anything that does or doesn't have a space or tab > at the end, that means, anything. > > > On 15 April 2013 18:32, Chris Rees 'cvml', 'utisoft at gmail.com');>> wrote: > >> >> On 15 Apr 2013 17:03, "Joolee" > 'cvml', 'mailscanner at joolee.nl');>> wrote: >> > >> > From: ^[ \t]*$ >> > >> > Should be a rule you can use. >> >> From: [^ \t]*$ >> >> Instead perhaps? :) This also won't match name
form. >> >> From: >> >> Should match anything with an address. >> >> Chris >> >> > On 15 April 2013 15:43, Raymond Norton > >> wrote: >> >> >> >> I am using MailScanner 4.84.5 with postfix. I have one relay domain >> >> getting hit hard by non delivery notices which are missing any info in >> >> the "From" field. >> >> >> >> Is there a rule I can add to postfix that will bounce messages like >> this? >> >> >> >> >> >> Raymond >> >> -- >> >> MailScanner mailing list >> >> mailscanner at lists.mailscanner.info > 'mailscanner at lists.mailscanner.info');> >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> >> >> Support MailScanner development - buy the book off the website! >> > >> > >> > >> > -- >> > MailScanner mailing list >> > mailscanner at lists.mailscanner.info > 'mailscanner at lists.mailscanner.info');> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> > >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info > 'mailscanner at lists.mailscanner.info');> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > -- -- Jerry Benton Mailborder Systems www.mailborder.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130415/5206aa6f/attachment.html From admin at lctn.org Tue Apr 16 13:58:22 2013 From: admin at lctn.org (Raymond Norton) Date: Tue, 16 Apr 2013 07:58:22 -0500 Subject: Bouncing messages with missing From: info In-Reply-To: References: <516C041A.4050502@lctn.org> Message-ID: <516D4AEE.9@lctn.org> As I work with this issue, I see the problem is someone is spoofing one of our domains we relay to and we are getting all the bounces. Is there any way of dealing with this, or do we just have to deal with the bounced messages? On 04/15/2013 10:29 AM, Joolee wrote: > From: ^[ \t]*$ > > Should be a rule you can use. > > > On 15 April 2013 15:43, Raymond Norton > wrote: > > I am using MailScanner 4.84.5 with postfix. I have one relay domain > getting hit hard by non delivery notices which are missing any > info in > the "From" field. > > Is there a rule I can add to postfix that will bounce messages > like this? > > > Raymond > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130416/cd6a3ad4/attachment.html From steve.freegard at fsl.com Tue Apr 16 14:32:04 2013 From: steve.freegard at fsl.com (Steve Freegard) Date: Tue, 16 Apr 2013 14:32:04 +0100 Subject: Bouncing messages with missing From: info In-Reply-To: <516D4AEE.9@lctn.org> References: <516C041A.4050502@lctn.org> <516D4AEE.9@lctn.org> Message-ID: On 16/04/13 13:58, Raymond Norton wrote: > As I work with this issue, I see the problem is someone is spoofing one > of our domains we relay to and we are getting all the bounces. Is there > any way of dealing with this, or do we just have to deal with the > bounced messages? > You'll just have to deal with the bounces for now. Several ways you can do that - via the VBounce plug-in in SpamAssassin or by rejecting all bounces to the domain temporarily if the problem is bad enough. Going forward - setting up SPF on the domain in question (preferably with a -all hardfail) can dissuade spammers from spoofing your domains as it will affect their deliverability. Same with DKIM and DMARC. HTH, Steve. From jerry.benton at mailborder.com Tue Apr 16 14:42:34 2013 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 16 Apr 2013 15:42:34 +0200 Subject: Bouncing messages with missing From: info In-Reply-To: <516D4AEE.9@lctn.org> References: <516C041A.4050502@lctn.org> <516D4AEE.9@lctn.org> Message-ID: Raymond, The Youtube video I sent explains exactly how to do this with your setup while at the same time allowing legitimate NDRs. And no, there is nothing you can do about someone spoofing your domain and you getting the bounces. Jerry Benton On Tue, Apr 16, 2013 at 2:58 PM, Raymond Norton wrote: > As I work with this issue, I see the problem is someone is spoofing one > of our domains we relay to and we are getting all the bounces. Is there any > way of dealing with this, or do we just have to deal with the bounced > messages? > > > > > On 04/15/2013 10:29 AM, Joolee wrote: > > From: ^[ \t]*$ > > Should be a rule you can use. > > > On 15 April 2013 15:43, Raymond Norton wrote: > >> I am using MailScanner 4.84.5 with postfix. I have one relay domain >> getting hit hard by non delivery notices which are missing any info in >> the "From" field. >> >> Is there a rule I can add to postfix that will bounce messages like this? >> >> >> Raymond >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- -- Jerry Benton Mailborder Systems www.mailborder.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130416/35c546ae/attachment.html From admin at lctn.org Tue Apr 16 15:04:01 2013 From: admin at lctn.org (Raymond Norton) Date: Tue, 16 Apr 2013 09:04:01 -0500 Subject: Bouncing messages with missing From: info In-Reply-To: References: <516C041A.4050502@lctn.org> <516D4AEE.9@lctn.org> Message-ID: Thanks guys . Will look at the video and consider options when I get back to the office. On Apr 16, 2013, at 8:42 AM, Jerry Benton wrote: > Raymond, > > The Youtube video I sent explains exactly how to do this with your setup while at the same time allowing legitimate NDRs. And no, there is nothing you can do about someone spoofing your domain and you getting the bounces. > > Jerry Benton > > > > On Tue, Apr 16, 2013 at 2:58 PM, Raymond Norton wrote: >> As I work with this issue, I see the problem is someone is spoofing one of our domains we relay to and we are getting all the bounces. Is there any way of dealing with this, or do we just have to deal with the bounced messages? >> >> >> >> >> On 04/15/2013 10:29 AM, Joolee wrote: >>> From: ^[ \t]*$ >>> >>> Should be a rule you can use. >>> >>> >>> On 15 April 2013 15:43, Raymond Norton wrote: >>>> I am using MailScanner 4.84.5 with postfix. I have one relay domain >>>> getting hit hard by non delivery notices which are missing any info in >>>> the "From" field. >>>> >>>> Is there a rule I can add to postfix that will bounce messages like this? >>>> >>>> >>>> Raymond >>>> -- >>>> MailScanner mailing list >>>> mailscanner at lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > > -- > > -- > Jerry Benton > Mailborder Systems > www.mailborder.com > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130416/ffa86a74/attachment.html From jerry.benton at mailborder.com Tue Apr 16 15:11:38 2013 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 16 Apr 2013 16:11:38 +0200 Subject: Bouncing messages with missing From: info In-Reply-To: References: <516C041A.4050502@lctn.org> <516D4AEE.9@lctn.org> Message-ID: I agree. The only problem is that many organizations do not yet even utilize SPF much less DKIM. At least Google is helping by mandating it on Gmail. That will at least make a lot of orgnizations bring their mailers into contemporary times. On Tue, Apr 16, 2013 at 3:32 PM, Steve Freegard wrote: > On 16/04/13 13:58, Raymond Norton wrote: > > As I work with this issue, I see the problem is someone is spoofing one > > of our domains we relay to and we are getting all the bounces. Is there > > any way of dealing with this, or do we just have to deal with the > > bounced messages? > > > > You'll just have to deal with the bounces for now. Several ways you > can do that - via the VBounce plug-in in SpamAssassin or by rejecting > all bounces to the domain temporarily if the problem is bad enough. > > Going forward - setting up SPF on the domain in question (preferably > with a -all hardfail) can dissuade spammers from spoofing your domains > as it will affect their deliverability. Same with DKIM and DMARC. > > HTH, > Steve. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Jerry Benton Mailborder Systems www.mailborder.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130416/31af418c/attachment.html From philip.taffner at altmuehlnet.de Tue Apr 16 20:38:55 2013 From: philip.taffner at altmuehlnet.de (Philip Taffner) Date: Tue, 16 Apr 2013 21:38:55 +0200 Subject: Postfix 2.10 changes fifo to unix Message-ID: <516DA8CF.1010700@altmuehlnet.de> Hi, just wanted to let you know that I ran into a problem today after upgrading to Postfix 2.10.0. In this new version the master.cf has changed and unix instead of fifo is used for qmgr and pickup by default [0]. After the upgrade I noticed that incoming mails stayed in the incoming queue a long time before getting delivered. I checked the log and MailScanner was complaining: KickMessage failed as couldn't write to /var/spool/postfix/public/qmgr, No such device or address After changing the qmgr entry back to fifo in master.cf, everything works as before. I think this a MailScanner problem? If it is, probably it needs to be fixed in upcoming versions? [0] First entry: http://de.postfix.org/ftpmirror/official/postfix-2.10.0.RELEASE_NOTES Bye Philip From rcooper at dwford.com Wed Apr 17 02:11:53 2013 From: rcooper at dwford.com (Rick Cooper) Date: Tue, 16 Apr 2013 21:11:53 -0400 Subject: Bouncing messages with missing From: info In-Reply-To: <516C041A.4050502@lctn.org> References: <516C041A.4050502@lctn.org> Message-ID: Raymond Norton wrote: > I am using MailScanner 4.84.5 with postfix. I have one relay domain > getting hit hard by non delivery notices which are missing any info > in the "From" field. > > Is there a rule I can add to postfix that will bounce messages like > this? > > > Raymond You should not bounce or reject anything based on null senders as that prevents legitimate bounces. You do not state if the TO addresses are valid, if they are you will have to deal with it unless you see a pattern of valid users that are getting the bounces, in which case (I have had to do this in the past) we deny or redirect bounces to that/those users that also have a null sender. If they are invalid then you should be rejecting them at RCPT time. My philosophy is I NEVER bounce anything. Once accepted it's my problem and I do not accept non deliverable emails, or emails that are supposedly coming from my domain but not one of my servers or any Hard fail SPF result or failed DKIM, or other criteria. Once I take it it's my problem so I just don't take problems Rick From jerry.benton at mailborder.com Wed Apr 17 06:22:04 2013 From: jerry.benton at mailborder.com (Jerry Benton) Date: Wed, 17 Apr 2013 07:22:04 +0200 Subject: Bouncing messages with missing From: info In-Reply-To: References: <516C041A.4050502@lctn.org> Message-ID: Null sender is RFC standard for NDRs. On Wed, Apr 17, 2013 at 3:11 AM, Rick Cooper wrote: > Raymond Norton wrote: > > I am using MailScanner 4.84.5 with postfix. I have one relay domain > > getting hit hard by non delivery notices which are missing any info > > in the "From" field. > > > > Is there a rule I can add to postfix that will bounce messages like > > this? > > > > > > Raymond > > You should not bounce or reject anything based on null senders as that > prevents legitimate bounces. > You do not state if the TO addresses are valid, if they are you will have > to > deal with it unless you see a pattern of valid users that are getting the > bounces, in which case (I have had to do this in the past) we deny or > redirect bounces to that/those users that also have a null sender. If they > are invalid then you should be rejecting them at RCPT time. > > My philosophy is I NEVER bounce anything. Once accepted it's my problem and > I do not accept non deliverable emails, or emails that are supposedly > coming > from my domain but not one of my servers or any Hard fail SPF result or > failed DKIM, or other criteria. Once I take it it's my problem so I just > don't take problems > > Rick > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Jerry Benton Mailborder Systems www.mailborder.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130417/e0ed5867/attachment.html From rcooper at dwford.com Wed Apr 17 13:39:31 2013 From: rcooper at dwford.com (Rick Cooper) Date: Wed, 17 Apr 2013 08:39:31 -0400 Subject: Bouncing messages with missing From: info In-Reply-To: References: <516C041A.4050502@lctn.org> Message-ID: _____ From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: Wednesday, April 17, 2013 1:22 AM To: MailScanner discussion Subject: Re: Bouncing messages with missing From: info Null sender is RFC standard for NDRs. [Rick Cooper] Exactly hence the admonishment not to reject based on null sender. However I once got a huge mess of bounce spam directed at three specific, valid, users and set a rule that rejected emails to those users with a null sender until it seemed to cease (which took about a month). The thing that really pissed me off is we publish SPF with a hard fail so there was really not valid reason that either end should have had to deal with it, except the bouncing systems were to lazy to implement SPF checks on their end. IMHO even if you do not implement SPF on your end you should at least check SPF for inbound mails Rick On Wed, Apr 17, 2013 at 3:11 AM, Rick Cooper wrote: Raymond Norton wrote: > I am using MailScanner 4.84.5 with postfix. I have one relay domain > getting hit hard by non delivery notices which are missing any info > in the "From" field. > > Is there a rule I can add to postfix that will bounce messages like > this? > > > Raymond You should not bounce or reject anything based on null senders as that prevents legitimate bounces. You do not state if the TO addresses are valid, if they are you will have to deal with it unless you see a pattern of valid users that are getting the bounces, in which case (I have had to do this in the past) we deny or redirect bounces to that/those users that also have a null sender. If they are invalid then you should be rejecting them at RCPT time. My philosophy is I NEVER bounce anything. Once accepted it's my problem and I do not accept non deliverable emails, or emails that are supposedly coming from my domain but not one of my servers or any Hard fail SPF result or failed DKIM, or other criteria. Once I take it it's my problem so I just don't take problems Rick -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- -- Jerry Benton Mailborder Systems www.mailborder.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130417/9648f9f6/attachment.html From rlopezcnm at gmail.com Wed Apr 17 21:06:57 2013 From: rlopezcnm at gmail.com (Robert Lopez) Date: Wed, 17 Apr 2013 14:06:57 -0600 Subject: MailScanner + postfix Message-ID: Linux mgdev04 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Feb 20 12:17:37 EST 2013 x86_64 x86_64 x86_64 GNU/Linux This is Red Hat Enterprise Linux Server release 6.4 (Santiago) This is Perl version 5.010001 (5.10.1) This is MailScanner version 4.84.5 (postfix) mail_version = 2.10.0 Running with a single postfix. Two things concern me in the following. Logging suggesting two postfix. /etc/init.d/MailScanner does not handle postfix pid file. [root]# service MailScanner stop Shutting down MailScanner daemons: MailScanner: [ OK ] incoming postfix: [ OK ] outgoing postfix: [ OK ] [root]# service postfix status master dead but pid file exists [root]# service MailScanner start Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: [ OK ] Are these signs of errors? -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130417/1d2a92cb/attachment.html From rlopezcnm at gmail.com Wed Apr 17 22:11:59 2013 From: rlopezcnm at gmail.com (Robert Lopez) Date: Wed, 17 Apr 2013 15:11:59 -0600 Subject: Postfix 2.10 changes fifo to unix In-Reply-To: <516DA8CF.1010700@altmuehlnet.de> References: <516DA8CF.1010700@altmuehlnet.de> Message-ID: On Tue, Apr 16, 2013 at 1:38 PM, Philip Taffner < philip.taffner at altmuehlnet.de> wrote: > Hi, > > just wanted to let you know that I ran into a problem today after > upgrading to Postfix 2.10.0. In this new version the master.cf has > changed and unix instead of fifo is used for qmgr and pickup by default > [0]. > > After the upgrade I noticed that incoming mails stayed in the incoming > queue a long time before getting delivered. > > I checked the log and MailScanner was complaining: > > KickMessage failed as couldn't write to /var/spool/postfix/public/qmgr, > No such device or address > > After changing the qmgr entry back to fifo in master.cf, everything > works as before. > > I think this a MailScanner problem? If it is, probably it needs to be > fixed in upcoming versions? > > [0] First entry: > http://de.postfix.org/ftpmirror/official/postfix-2.10.0.RELEASE_NOTES > > Bye > Philip > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > I looked at the original master.cf from Postfix 2.10.0. [root originals]# grep -e qmgr -e pickup master.cf pickup fifo n - n 60 1 pickup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr Are you saying you believe Mailscanner changed the master.cf? Also I have these: [root originals]# ls -l /var/spool/postfix/public/ total 0 srw-rw-rw- 1 postfix postfix 0 Apr 17 13:56 cleanup srw-rw-rw- 1 postfix postfix 0 Apr 17 13:56 flush prw--w--w- 1 postfix postfix 0 Apr 17 15:10 pickup prw--w--w- 1 postfix postfix 0 Apr 17 15:10 qmgr srw-rw-rw- 1 postfix postfix 0 Apr 17 13:56 showq -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130417/ce633b5b/attachment.html From philip.taffner at altmuehlnet.de Wed Apr 17 23:34:17 2013 From: philip.taffner at altmuehlnet.de (Philip Taffner) Date: Thu, 18 Apr 2013 00:34:17 +0200 Subject: Postfix 2.10 changes fifo to unix In-Reply-To: References: <516DA8CF.1010700@altmuehlnet.de> Message-ID: <516F2369.4030702@altmuehlnet.de> > I looked at the original master.cf from Postfix 2.10.0. > [root originals]# grep -e qmgr -e pickup master.cf > pickup fifo n - n 60 1 pickup > qmgr fifo n - n 300 1 qmgr > #qmgr fifo n - n 300 1 oqmgr Look at (e.g.): http://de.postfix.org/ftpmirror/official/postfix-2.10.0.tar.gz Die master.cf contained in this archive uses unix instead of fifo. > Are you saying you believe Mailscanner changed the master.cf > ? Nope, Postfix changed it's defaults as it is saying in the release notes. From rlopezcnm at gmail.com Thu Apr 18 00:36:06 2013 From: rlopezcnm at gmail.com (Robert Lopez) Date: Wed, 17 Apr 2013 17:36:06 -0600 Subject: Postfix 2.10 changes fifo to unix In-Reply-To: <516F2369.4030702@altmuehlnet.de> References: <516DA8CF.1010700@altmuehlnet.de> <516F2369.4030702@altmuehlnet.de> Message-ID: On Wed, Apr 17, 2013 at 4:34 PM, Philip Taffner < philip.taffner at altmuehlnet.de> wrote: > > I looked at the original master.cf from Postfix > 2.10.0. > > [root originals]# grep -e qmgr -e pickup master.cf > > pickup fifo n - n 60 1 pickup > > qmgr fifo n - n 300 1 qmgr > > #qmgr fifo n - n 300 1 oqmgr > > Look at (e.g.): > http://de.postfix.org/ftpmirror/official/postfix-2.10.0.tar.gz > > Die master.cf contained in this archive uses unix instead of fifo. > > > Are you saying you believe Mailscanner changed the master.cf > > ? > Nope, Postfix changed it's defaults as it is saying in the release notes. > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Ahh! I can confirm what you are stating by looking at the master.cf in the distribution package. Apparently the original master.cf I preserved must have come from the postix that comes with RHEL 6.4. I replaced it with the newer Postix 2.10.0 but in the process the older configuration files were apparently preserved. -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130417/50b09ca3/attachment.html From q at snj.ca Thu Apr 18 19:10:04 2013 From: q at snj.ca (Quintin Giesbrecht) Date: Thu, 18 Apr 2013 18:10:04 +0000 Subject: ***POTENTIALLY SPAM*** Re: Fedora 18 and MailScanner In-Reply-To: <51631E0B.8090600@cnpapers.com> References: <7422D1030AB0A0479EE5090F3702AAF814756D@BUGATTI.snjlaw.local> <51630F47.8010700@cnpapers.com> <51631E0B.8090600@cnpapers.com> Message-ID: <7422D1030AB0A0479EE5090F3702AAF81533DD@BUGATTI.snjlaw.local> Well, I have it all running now, I have never used any distro other than RH, and then Fedora, so I stuck with what I know....is the general feeling that CentOS is the best distro for a MailScanner box? Thanks! Q From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steve Campbell Sent: April-08-13 2:44 PM To: MailScanner discussion Subject: ***POTENTIALLY SPAM*** Re: Fedora 18 and MailScanner As I recall, you don't need Spamassassin to run Mailscanner, so I'd be a little careful when you deem it "fixed". I totally agree with Jerry here also. It has got to be easier to install Centos and maintain it that to use Fedora. steve campbell On 4/8/2013 3:30 PM, Jerry Benton wrote: No what I mean is there might not even be a /var/run. It may be /usr/lib/run on his system. Point is that he needs to check the path used in MailScanner.conf as the first step. On Mon, Apr 8, 2013 at 8:41 PM, Steve Campbell > wrote: Permissions on /var/run? Mine show /var/run owned by root with 755 on it. steve campbell On 4/8/2013 1:55 PM, Quintin Giesbrecht wrote: I have searched the archives, googled, etc...I cannot find a solution to this, so if someone has already asked/solved this, please kindly point me to the artice or post. Thanks! I was a long time user of Mailscanner until about a year ago, when my firm bought an appliance - which I have grown to HATE (in respect to spam/anti-virus)...so, I am trying to setup a new MailScanner machine... I am getting an error when starting MailScanner. From the logs: Apr 8 12:40:57 localhost systemd[1]: Starting SYSV: MailScanner is an open-source E-Mail Gateway Virus Scanner.... Apr 8 12:40:58 localhost MailScanner[1906]: Starting MailScanner daemons: Apr 8 12:40:58 localhost MailScanner[1906]: incoming sendmail: [ OK ] Apr 8 12:40:58 localhost MailScanner[1906]: outgoing sendmail: [ OK ] Apr 8 12:40:59 localhost MailScanner[1906]: MailScanner: [ OK ] Apr 8 12:40:59 localhost systemd[1]: PID file /var/run/MailScanner.pid not readable (yet?) after start. Apr 8 12:42:15 localhost systemd[1]: MailScanner.service never wrote its PID file. Failing. Apr 8 12:42:15 localhost systemd[1]: Failed to start SYSV: MailScanner is an open-source E-Mail Gateway Virus Scanner.. Apr 8 12:42:15 localhost systemd[1]: Unit MailScanner.service entered failed state Apr 8 12:45:16 localhost chronyd[675]: Selected source 198.100.149.6 It is failing to write the PID file. Anyone run into this? Any ideas as to the issue, or how to solve? If you need more info, please ask. Thanks so much for any help. _______________________________________________________ Quintin Giesbrecht Smith Neufeld Jodoin LLP IT Manager q at snj.ca (204)346-5106 ________________________________ This communication, including its attachments, if any, is confidential and intended only for the person(s) to whom it is addressed, and may contain proprietary and/or privileged material. Any unauthorized review, disclosure, copying, other distribution of this communication or taking of any action in reliance on its contents is strictly prohibited. If you have received this message in error, please notify us immediately so that we may amend our records. Then, please delete this message, and its attachments, if any, without reading, copying or forwarding it to anyone. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- -- Jerry Benton Mailborder Systems www.mailborder.com ________________________________ This communication, including its attachments, if any, is confidential and intended only for the person(s) to whom it is addressed, and may contain proprietary and/or privileged material. Any unauthorized review, disclosure, copying, other distribution of this communication or taking of any action in reliance on its contents is strictly prohibited. If you have received this message in error, please notify us immediately so that we may amend our records. Then, please delete this message, and its attachments, if any, without reading, copying or forwarding it to anyone. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130418/f39a18b6/attachment.html From q at snj.ca Thu Apr 18 19:13:50 2013 From: q at snj.ca (Quintin Giesbrecht) Date: Thu, 18 Apr 2013 18:13:50 +0000 Subject: ***POTENTIALLY SPAM*** Re: Fedora 18 and MailScanner In-Reply-To: <51631E0B.8090600@cnpapers.com> References: <7422D1030AB0A0479EE5090F3702AAF814756D@BUGATTI.snjlaw.local> <51630F47.8010700@cnpapers.com> <51631E0B.8090600@cnpapers.com> Message-ID: <7422D1030AB0A0479EE5090F3702AAF81533FA@BUGATTI.snjlaw.local> And further to the CentOS question, do I want to run the 64bit version? Thanks for any advice. Q From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steve Campbell Sent: April-08-13 2:44 PM To: MailScanner discussion Subject: ***POTENTIALLY SPAM*** Re: Fedora 18 and MailScanner As I recall, you don't need Spamassassin to run Mailscanner, so I'd be a little careful when you deem it "fixed". I totally agree with Jerry here also. It has got to be easier to install Centos and maintain it that to use Fedora. steve campbell On 4/8/2013 3:30 PM, Jerry Benton wrote: No what I mean is there might not even be a /var/run. It may be /usr/lib/run on his system. Point is that he needs to check the path used in MailScanner.conf as the first step. On Mon, Apr 8, 2013 at 8:41 PM, Steve Campbell > wrote: Permissions on /var/run? Mine show /var/run owned by root with 755 on it. steve campbell On 4/8/2013 1:55 PM, Quintin Giesbrecht wrote: I have searched the archives, googled, etc...I cannot find a solution to this, so if someone has already asked/solved this, please kindly point me to the artice or post. Thanks! I was a long time user of Mailscanner until about a year ago, when my firm bought an appliance - which I have grown to HATE (in respect to spam/anti-virus)...so, I am trying to setup a new MailScanner machine... I am getting an error when starting MailScanner. From the logs: Apr 8 12:40:57 localhost systemd[1]: Starting SYSV: MailScanner is an open-source E-Mail Gateway Virus Scanner.... Apr 8 12:40:58 localhost MailScanner[1906]: Starting MailScanner daemons: Apr 8 12:40:58 localhost MailScanner[1906]: incoming sendmail: [ OK ] Apr 8 12:40:58 localhost MailScanner[1906]: outgoing sendmail: [ OK ] Apr 8 12:40:59 localhost MailScanner[1906]: MailScanner: [ OK ] Apr 8 12:40:59 localhost systemd[1]: PID file /var/run/MailScanner.pid not readable (yet?) after start. Apr 8 12:42:15 localhost systemd[1]: MailScanner.service never wrote its PID file. Failing. Apr 8 12:42:15 localhost systemd[1]: Failed to start SYSV: MailScanner is an open-source E-Mail Gateway Virus Scanner.. Apr 8 12:42:15 localhost systemd[1]: Unit MailScanner.service entered failed state Apr 8 12:45:16 localhost chronyd[675]: Selected source 198.100.149.6 It is failing to write the PID file. Anyone run into this? Any ideas as to the issue, or how to solve? If you need more info, please ask. Thanks so much for any help. _______________________________________________________ Quintin Giesbrecht Smith Neufeld Jodoin LLP IT Manager q at snj.ca (204)346-5106 ________________________________ This communication, including its attachments, if any, is confidential and intended only for the person(s) to whom it is addressed, and may contain proprietary and/or privileged material. Any unauthorized review, disclosure, copying, other distribution of this communication or taking of any action in reliance on its contents is strictly prohibited. If you have received this message in error, please notify us immediately so that we may amend our records. Then, please delete this message, and its attachments, if any, without reading, copying or forwarding it to anyone. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- -- Jerry Benton Mailborder Systems www.mailborder.com ________________________________ This communication, including its attachments, if any, is confidential and intended only for the person(s) to whom it is addressed, and may contain proprietary and/or privileged material. Any unauthorized review, disclosure, copying, other distribution of this communication or taking of any action in reliance on its contents is strictly prohibited. If you have received this message in error, please notify us immediately so that we may amend our records. Then, please delete this message, and its attachments, if any, without reading, copying or forwarding it to anyone. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130418/cfde4c6f/attachment.html From jerry.benton at mailborder.com Thu Apr 18 19:55:35 2013 From: jerry.benton at mailborder.com (Jerry Benton) Date: Thu, 18 Apr 2013 20:55:35 +0200 Subject: ***POTENTIALLY SPAM*** Re: Fedora 18 and MailScanner In-Reply-To: <7422D1030AB0A0479EE5090F3702AAF81533DD@BUGATTI.snjlaw.local> References: <7422D1030AB0A0479EE5090F3702AAF814756D@BUGATTI.snjlaw.local> <51630F47.8010700@cnpapers.com> <51631E0B.8090600@cnpapers.com> <7422D1030AB0A0479EE5090F3702AAF81533DD@BUGATTI.snjlaw.local> Message-ID: If you want to use a RH distro, then yes, CentOS or Red Hat proper. Fedora is nearly identical as far as CLI and file locations to CentOS and RH. On Thu, Apr 18, 2013 at 8:10 PM, Quintin Giesbrecht wrote: > Well, I have it all running now, I have never used any distro other than > RH, and then Fedora, so I stuck with what I know?.is the general feeling > that CentOS is the best distro for a MailScanner box? > > > > Thanks! > > > > Q > > > > *From:* mailscanner-bounces at lists.mailscanner.info [mailto: > mailscanner-bounces at lists.mailscanner.info] *On Behalf Of *Steve Campbell > *Sent:* April-08-13 2:44 PM > *To:* MailScanner discussion > *Subject:* ***POTENTIALLY SPAM*** Re: Fedora 18 and MailScanner > > > > As I recall, you don't need Spamassassin to run Mailscanner, so I'd be a > little careful when you deem it "fixed". I totally agree with Jerry here > also. It has got to be easier to install Centos and maintain it that to use > Fedora. > > steve campbell > > On 4/8/2013 3:30 PM, Jerry Benton wrote: > > No what I mean is there might not even be a /var/run. It may be > /usr/lib/run on his system. Point is that he needs to check the path used > in MailScanner.conf as the first step. > > > > On Mon, Apr 8, 2013 at 8:41 PM, Steve Campbell > wrote: > > Permissions on /var/run? Mine show /var/run owned by root with 755 on it. > > steve campbell > > > > On 4/8/2013 1:55 PM, Quintin Giesbrecht wrote: > > I have searched the archives, googled, etc?I cannot find a solution to > this, so if someone has already asked/solved this, please kindly point me > to the artice or post. Thanks! > > > > I was a long time user of Mailscanner until about a year ago, when my firm > bought an appliance ? which I have grown to HATE (in respect to > spam/anti-virus)?so, I am trying to setup a new MailScanner machine? > > > > > > > > I am getting an error when starting MailScanner. From the logs: > > > > Apr 8 12:40:57 localhost systemd[1]: Starting SYSV: MailScanner is an > open-source E-Mail Gateway Virus Scanner.... > > Apr 8 12:40:58 localhost MailScanner[1906]: Starting MailScanner daemons: > > Apr 8 12:40:58 localhost MailScanner[1906]: incoming sendmail: [ OK ] > > Apr 8 12:40:58 localhost MailScanner[1906]: outgoing sendmail: [ OK ] > > Apr 8 12:40:59 localhost MailScanner[1906]: MailScanner: [ OK ] > > Apr 8 12:40:59 localhost systemd[1]: PID file /var/run/MailScanner.pid > not readable (yet?) after start. > > Apr 8 12:42:15 localhost systemd[1]: MailScanner.service never wrote its > PID file. Failing. > > Apr 8 12:42:15 localhost systemd[1]: Failed to start SYSV: MailScanner is > an open-source E-Mail Gateway Virus Scanner.. > > Apr 8 12:42:15 localhost systemd[1]: Unit MailScanner.service entered > failed state > > Apr 8 12:45:16 localhost chronyd[675]: Selected source 198.100.149.6 > > > > It is failing to write the PID file. Anyone run into this? Any ideas as > to the issue, or how to solve? If you need more info, please ask. > > > > Thanks so much for any help. > > > > _______________________________________________________ > > Quintin Giesbrecht > > Smith Neufeld Jodoin LLP > > IT Manager > > q at snj.ca > > (204)346-5106 > > > > > ------------------------------ > > This communication, including its attachments, if any, is confidential and > intended only for the person(s) to whom it is addressed, and may contain > proprietary and/or privileged material. Any unauthorized review, > disclosure, copying, other distribution of this communication or taking of > any action in reliance on its contents is strictly prohibited. If you have > received this message in error, please notify us immediately so that we may > amend our records. Then, please delete this message, and its attachments, > if any, without reading, copying or forwarding it to anyone. > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > > -- > > > -- > > Jerry Benton > > Mailborder Systems > www.mailborder.com > > > > > > ------------------------------ > This communication, including its attachments, if any, is confidential > and intended only for the person(s) to whom it is addressed, and may > contain proprietary and/or privileged material. Any unauthorized review, > disclosure, copying, other distribution of this communication or taking of > any action in reliance on its contents is strictly prohibited. If you have > received this message in error, please notify us immediately so that we may > amend our records. Then, please delete this message, and its attachments, > if any, without reading, copying or forwarding it to anyone. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- -- Jerry Benton Mailborder Systems www.mailborder.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130418/a9f6cb02/attachment.html From jerry.benton at mailborder.com Thu Apr 18 19:57:58 2013 From: jerry.benton at mailborder.com (Jerry Benton) Date: Thu, 18 Apr 2013 20:57:58 +0200 Subject: ***POTENTIALLY SPAM*** Re: Fedora 18 and MailScanner In-Reply-To: <7422D1030AB0A0479EE5090F3702AAF81533FA@BUGATTI.snjlaw.local> References: <7422D1030AB0A0479EE5090F3702AAF814756D@BUGATTI.snjlaw.local> <51630F47.8010700@cnpapers.com> <51631E0B.8090600@cnpapers.com> <7422D1030AB0A0479EE5090F3702AAF81533FA@BUGATTI.snjlaw.local> Message-ID: I would say yes. On Thu, Apr 18, 2013 at 8:13 PM, Quintin Giesbrecht wrote: > And further to the CentOS question, do I want to run the 64bit version? > > > > Thanks for any advice. > > > > Q > > > > *From:* mailscanner-bounces at lists.mailscanner.info [mailto: > mailscanner-bounces at lists.mailscanner.info] *On Behalf Of *Steve Campbell > *Sent:* April-08-13 2:44 PM > *To:* MailScanner discussion > *Subject:* ***POTENTIALLY SPAM*** Re: Fedora 18 and MailScanner > > > > As I recall, you don't need Spamassassin to run Mailscanner, so I'd be a > little careful when you deem it "fixed". I totally agree with Jerry here > also. It has got to be easier to install Centos and maintain it that to use > Fedora. > > steve campbell > > On 4/8/2013 3:30 PM, Jerry Benton wrote: > > No what I mean is there might not even be a /var/run. It may be > /usr/lib/run on his system. Point is that he needs to check the path used > in MailScanner.conf as the first step. > > > > On Mon, Apr 8, 2013 at 8:41 PM, Steve Campbell > wrote: > > Permissions on /var/run? Mine show /var/run owned by root with 755 on it. > > steve campbell > > > > On 4/8/2013 1:55 PM, Quintin Giesbrecht wrote: > > I have searched the archives, googled, etc?I cannot find a solution to > this, so if someone has already asked/solved this, please kindly point me > to the artice or post. Thanks! > > > > I was a long time user of Mailscanner until about a year ago, when my firm > bought an appliance ? which I have grown to HATE (in respect to > spam/anti-virus)?so, I am trying to setup a new MailScanner machine? > > > > > > > > I am getting an error when starting MailScanner. From the logs: > > > > Apr 8 12:40:57 localhost systemd[1]: Starting SYSV: MailScanner is an > open-source E-Mail Gateway Virus Scanner.... > > Apr 8 12:40:58 localhost MailScanner[1906]: Starting MailScanner daemons: > > Apr 8 12:40:58 localhost MailScanner[1906]: incoming sendmail: [ OK ] > > Apr 8 12:40:58 localhost MailScanner[1906]: outgoing sendmail: [ OK ] > > Apr 8 12:40:59 localhost MailScanner[1906]: MailScanner: [ OK ] > > Apr 8 12:40:59 localhost systemd[1]: PID file /var/run/MailScanner.pid > not readable (yet?) after start. > > Apr 8 12:42:15 localhost systemd[1]: MailScanner.service never wrote its > PID file. Failing. > > Apr 8 12:42:15 localhost systemd[1]: Failed to start SYSV: MailScanner is > an open-source E-Mail Gateway Virus Scanner.. > > Apr 8 12:42:15 localhost systemd[1]: Unit MailScanner.service entered > failed state > > Apr 8 12:45:16 localhost chronyd[675]: Selected source 198.100.149.6 > > > > It is failing to write the PID file. Anyone run into this? Any ideas as > to the issue, or how to solve? If you need more info, please ask. > > > > Thanks so much for any help. > > > > _______________________________________________________ > > Quintin Giesbrecht > > Smith Neufeld Jodoin LLP > > IT Manager > > q at snj.ca > > (204)346-5106 > > > > > ------------------------------ > > This communication, including its attachments, if any, is confidential and > intended only for the person(s) to whom it is addressed, and may contain > proprietary and/or privileged material. Any unauthorized review, > disclosure, copying, other distribution of this communication or taking of > any action in reliance on its contents is strictly prohibited. If you have > received this message in error, please notify us immediately so that we may > amend our records. Then, please delete this message, and its attachments, > if any, without reading, copying or forwarding it to anyone. > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > > -- > > > -- > > Jerry Benton > > Mailborder Systems > www.mailborder.com > > > > > > ------------------------------ > This communication, including its attachments, if any, is confidential > and intended only for the person(s) to whom it is addressed, and may > contain proprietary and/or privileged material. Any unauthorized review, > disclosure, copying, other distribution of this communication or taking of > any action in reliance on its contents is strictly prohibited. If you have > received this message in error, please notify us immediately so that we may > amend our records. Then, please delete this message, and its attachments, > if any, without reading, copying or forwarding it to anyone. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- -- Jerry Benton Mailborder Systems www.mailborder.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130418/3f6ea09a/attachment.html From carlosla1987 at gmail.com Thu Apr 18 20:32:11 2013 From: carlosla1987 at gmail.com (=?ISO-8859-1?Q?Carlos_Ra=FAl_Laguna?=) Date: Thu, 18 Apr 2013 15:32:11 -0400 Subject: Lots of mail on Hold Message-ID: Hi aim using mailscanner 4.84.5-4 on ubuntu 12.04.2 an after some check MailScanner --lint give no error back, however when i run in debug mode i get this LibClamAV Error: cli_scanhtml: Can't create temporary directory /var/spool/MailScanner/incoming/SpamAssassin-Temp/fileZu9PiO/clamav-dfeb188c6d93ac33695b6db46175629e LibClamAV Error: cli_scanhtml: Can't create temporary directory /var/spool/MailScanner/incoming/SpamAssassin-Temp/fileZu9PiO/clamav-0973cd1b961c3f9d0c42a72a271a3579 plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create lockfile /var/lib/MailScanner/bayes.mutex: Permission denied plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create lockfile /var/lib/MailScanner/bayes.mutex: Permission denied It looks like permission issue but no enteraly shure about that had change the user from where runnig clamav without any good outcome grep -i postfix MailScanner.conf | grep -v ^# Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming MTA = postfix Any help here would be really appreciated. Thanks for your time. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130418/6590b2ab/attachment.html From q at snj.ca Thu Apr 18 20:39:35 2013 From: q at snj.ca (Quintin Giesbrecht) Date: Thu, 18 Apr 2013 19:39:35 +0000 Subject: ***POTENTIALLY SPAM*** Re: Fedora 18 and MailScanner In-Reply-To: References: <7422D1030AB0A0479EE5090F3702AAF814756D@BUGATTI.snjlaw.local> <51630F47.8010700@cnpapers.com> <51631E0B.8090600@cnpapers.com> <7422D1030AB0A0479EE5090F3702AAF81533FA@BUGATTI.snjlaw.local> Message-ID: <7422D1030AB0A0479EE5090F3702AAF815368F@BUGATTI.snjlaw.local> Thanks for your advice. Q From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: April-18-13 1:58 PM To: MailScanner discussion Subject: Re: ***POTENTIALLY SPAM*** Re: Fedora 18 and MailScanner I would say yes. On Thu, Apr 18, 2013 at 8:13 PM, Quintin Giesbrecht > wrote: And further to the CentOS question, do I want to run the 64bit version? Thanks for any advice. Q From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steve Campbell Sent: April-08-13 2:44 PM To: MailScanner discussion Subject: ***POTENTIALLY SPAM*** Re: Fedora 18 and MailScanner As I recall, you don't need Spamassassin to run Mailscanner, so I'd be a little careful when you deem it "fixed". I totally agree with Jerry here also. It has got to be easier to install Centos and maintain it that to use Fedora. steve campbell On 4/8/2013 3:30 PM, Jerry Benton wrote: No what I mean is there might not even be a /var/run. It may be /usr/lib/run on his system. Point is that he needs to check the path used in MailScanner.conf as the first step. On Mon, Apr 8, 2013 at 8:41 PM, Steve Campbell > wrote: Permissions on /var/run? Mine show /var/run owned by root with 755 on it. steve campbell On 4/8/2013 1:55 PM, Quintin Giesbrecht wrote: I have searched the archives, googled, etc...I cannot find a solution to this, so if someone has already asked/solved this, please kindly point me to the artice or post. Thanks! I was a long time user of Mailscanner until about a year ago, when my firm bought an appliance - which I have grown to HATE (in respect to spam/anti-virus)...so, I am trying to setup a new MailScanner machine... I am getting an error when starting MailScanner. >From the logs: Apr 8 12:40:57 localhost systemd[1]: Starting SYSV: MailScanner is an open-source E-Mail Gateway Virus Scanner.... Apr 8 12:40:58 localhost MailScanner[1906]: Starting MailScanner daemons: Apr 8 12:40:58 localhost MailScanner[1906]: incoming sendmail: [ OK ] Apr 8 12:40:58 localhost MailScanner[1906]: outgoing sendmail: [ OK ] Apr 8 12:40:59 localhost MailScanner[1906]: MailScanner: [ OK ] Apr 8 12:40:59 localhost systemd[1]: PID file /var/run/MailScanner.pid not readable (yet?) after start. Apr 8 12:42:15 localhost systemd[1]: MailScanner.service never wrote its PID file. Failing. Apr 8 12:42:15 localhost systemd[1]: Failed to start SYSV: MailScanner is an open-source E-Mail Gateway Virus Scanner.. Apr 8 12:42:15 localhost systemd[1]: Unit MailScanner.service entered failed state Apr 8 12:45:16 localhost chronyd[675]: Selected source 198.100.149.6 It is failing to write the PID file. Anyone run into this? Any ideas as to the issue, or how to solve? If you need more info, please ask. Thanks so much for any help. _______________________________________________________ Quintin Giesbrecht Smith Neufeld Jodoin LLP IT Manager q at snj.ca (204)346-5106 ________________________________ This communication, including its attachments, if any, is confidential and intended only for the person(s) to whom it is addressed, and may contain proprietary and/or privileged material. Any unauthorized review, disclosure, copying, other distribution of this communication or taking of any action in reliance on its contents is strictly prohibited. If you have received this message in error, please notify us immediately so that we may amend our records. Then, please delete this message, and its attachments, if any, without reading, copying or forwarding it to anyone. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- -- Jerry Benton Mailborder Systems www.mailborder.com ________________________________ This communication, including its attachments, if any, is confidential and intended only for the person(s) to whom it is addressed, and may contain proprietary and/or privileged material. Any unauthorized review, disclosure, copying, other distribution of this communication or taking of any action in reliance on its contents is strictly prohibited. If you have received this message in error, please notify us immediately so that we may amend our records. Then, please delete this message, and its attachments, if any, without reading, copying or forwarding it to anyone. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- -- Jerry Benton Mailborder Systems www.mailborder.com ________________________________ This communication, including its attachments, if any, is confidential and intended only for the person(s) to whom it is addressed, and may contain proprietary and/or privileged material. Any unauthorized review, disclosure, copying, other distribution of this communication or taking of any action in reliance on its contents is strictly prohibited. If you have received this message in error, please notify us immediately so that we may amend our records. Then, please delete this message, and its attachments, if any, without reading, copying or forwarding it to anyone. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130418/f12739ff/attachment.html From maxsec at gmail.com Thu Apr 18 21:13:47 2013 From: maxsec at gmail.com (Martin Hepworth) Date: Thu, 18 Apr 2013 21:13:47 +0100 Subject: Lots of mail on Hold In-Reply-To: References: Message-ID: Make youve turned off selinux Also run the debug as the postfix user Martin On Thursday, 18 April 2013, Carlos Ra?l Laguna wrote: > > Hi aim using mailscanner 4.84.5-4 on ubuntu 12.04.2 an after some check > MailScanner --lint give no error back, however when i run in debug mode i > get this > > LibClamAV Error: cli_scanhtml: Can't create temporary directory > /var/spool/MailScanner/incoming/SpamAssassin-Temp/fileZu9PiO/clamav-dfeb188c6d93ac33695b6db46175629e > LibClamAV Error: cli_scanhtml: Can't create temporary directory > /var/spool/MailScanner/incoming/SpamAssassin-Temp/fileZu9PiO/clamav-0973cd1b961c3f9d0c42a72a271a3579 > > plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create > lockfile /var/lib/MailScanner/bayes.mutex: Permission denied > plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create > lockfile /var/lib/MailScanner/bayes.mutex: Permission denied > > It looks like permission issue but no enteraly shure about that had change > the user from where runnig clamav without any good outcome > > grep -i postfix MailScanner.conf | grep -v ^# > Run As User = postfix > Run As Group = postfix > Incoming Queue Dir = /var/spool/postfix/hold > Outgoing Queue Dir = /var/spool/postfix/incoming > MTA = postfix > > Any help here would be really appreciated. Thanks for your time. > -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130418/2c649896/attachment-0001.html From jerry.benton at mailborder.com Thu Apr 18 21:15:26 2013 From: jerry.benton at mailborder.com (Jerry Benton) Date: Thu, 18 Apr 2013 22:15:26 +0200 Subject: Lots of mail on Hold In-Reply-To: References: Message-ID: There is a problem with MailScanner and the newer versions of perl. I have been able to correct it by: # ensure MailScanner works with newer versions of perl sed -i 's:#!/usr/bin/perl -I:#!/usr/bin/perl -U -I:g' /usr/sbin/MailScanner In short, add the -U option. On Thu, Apr 18, 2013 at 9:32 PM, Carlos Ra?l Laguna wrote: > > Hi aim using mailscanner 4.84.5-4 on ubuntu 12.04.2 an after some check > MailScanner --lint give no error back, however when i run in debug mode i > get this > > LibClamAV Error: cli_scanhtml: Can't create temporary directory > /var/spool/MailScanner/incoming/SpamAssassin-Temp/fileZu9PiO/clamav-dfeb188c6d93ac33695b6db46175629e > LibClamAV Error: cli_scanhtml: Can't create temporary directory > /var/spool/MailScanner/incoming/SpamAssassin-Temp/fileZu9PiO/clamav-0973cd1b961c3f9d0c42a72a271a3579 > > plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create > lockfile /var/lib/MailScanner/bayes.mutex: Permission denied > plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create > lockfile /var/lib/MailScanner/bayes.mutex: Permission denied > > It looks like permission issue but no enteraly shure about that had change > the user from where runnig clamav without any good outcome > > grep -i postfix MailScanner.conf | grep -v ^# > Run As User = postfix > Run As Group = postfix > Incoming Queue Dir = /var/spool/postfix/hold > Outgoing Queue Dir = /var/spool/postfix/incoming > MTA = postfix > > Any help here would be really appreciated. Thanks for your time. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- -- Jerry Benton Mailborder Systems www.mailborder.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130418/af501f14/attachment.html From carlosla1987 at gmail.com Thu Apr 18 21:49:31 2013 From: carlosla1987 at gmail.com (=?ISO-8859-1?Q?Carlos_Ra=FAl_Laguna?=) Date: Thu, 18 Apr 2013 16:49:31 -0400 Subject: Lots of mail on Hold In-Reply-To: References: Message-ID: Thanks for the fast reply all i get is Can't call method "close" on an undefined value at /usr/sbin/mailscanner_create_locks line 47. Error: Attempt to create locks in /var/lock/MailScanner failed! Can't set GID 33 at /usr/sbin/MailScanner line 1541. 2013/4/18 Martin Hepworth > Make youve turned off selinux > > Also run the debug as the postfix user > > > Martin > > On Thursday, 18 April 2013, Carlos Ra?l Laguna wrote: > >> >> Hi aim using mailscanner 4.84.5-4 on ubuntu 12.04.2 an after some check >> MailScanner --lint give no error back, however when i run in debug mode i >> get this >> >> LibClamAV Error: cli_scanhtml: Can't create temporary directory >> /var/spool/MailScanner/incoming/SpamAssassin-Temp/fileZu9PiO/clamav-dfeb188c6d93ac33695b6db46175629e >> LibClamAV Error: cli_scanhtml: Can't create temporary directory >> /var/spool/MailScanner/incoming/SpamAssassin-Temp/fileZu9PiO/clamav-0973cd1b961c3f9d0c42a72a271a3579 >> >> plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create >> lockfile /var/lib/MailScanner/bayes.mutex: Permission denied >> plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create >> lockfile /var/lib/MailScanner/bayes.mutex: Permission denied >> >> It looks like permission issue but no enteraly shure about that had >> change the user from where runnig clamav without any good outcome >> >> grep -i postfix MailScanner.conf | grep -v ^# >> Run As User = postfix >> Run As Group = postfix >> Incoming Queue Dir = /var/spool/postfix/hold >> Outgoing Queue Dir = /var/spool/postfix/incoming >> MTA = postfix >> >> Any help here would be really appreciated. Thanks for your time. >> > > > -- > -- > Martin Hepworth, CISSP > Oxford, UK > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130418/c0608d65/attachment.html From carlosla1987 at gmail.com Thu Apr 18 21:56:14 2013 From: carlosla1987 at gmail.com (=?ISO-8859-1?Q?Carlos_Ra=FAl_Laguna?=) Date: Thu, 18 Apr 2013 16:56:14 -0400 Subject: Lots of mail on Hold In-Reply-To: References: Message-ID: Did what you ask no difference do 2013/4/18 Carlos Ra?l Laguna > Thanks for the fast reply > all i get is > > Can't call method "close" on an undefined value at > /usr/sbin/mailscanner_create_locks line 47. > Error: Attempt to create locks in /var/lock/MailScanner failed! > Can't set GID 33 at /usr/sbin/MailScanner line 1541. > > > > > 2013/4/18 Martin Hepworth > >> Make youve turned off selinux >> >> Also run the debug as the postfix user >> >> >> Martin >> >> On Thursday, 18 April 2013, Carlos Ra?l Laguna wrote: >> >>> >>> Hi aim using mailscanner 4.84.5-4 on ubuntu 12.04.2 an after some check >>> MailScanner --lint give no error back, however when i run in debug mode i >>> get this >>> >>> LibClamAV Error: cli_scanhtml: Can't create temporary directory >>> /var/spool/MailScanner/incoming/SpamAssassin-Temp/fileZu9PiO/clamav-dfeb188c6d93ac33695b6db46175629e >>> LibClamAV Error: cli_scanhtml: Can't create temporary directory >>> /var/spool/MailScanner/incoming/SpamAssassin-Temp/fileZu9PiO/clamav-0973cd1b961c3f9d0c42a72a271a3579 >>> >>> plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create >>> lockfile /var/lib/MailScanner/bayes.mutex: Permission denied >>> plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create >>> lockfile /var/lib/MailScanner/bayes.mutex: Permission denied >>> >>> It looks like permission issue but no enteraly shure about that had >>> change the user from where runnig clamav without any good outcome >>> >>> grep -i postfix MailScanner.conf | grep -v ^# >>> Run As User = postfix >>> Run As Group = postfix >>> Incoming Queue Dir = /var/spool/postfix/hold >>> Outgoing Queue Dir = /var/spool/postfix/incoming >>> MTA = postfix >>> >>> Any help here would be really appreciated. Thanks for your time. >>> >> >> >> -- >> -- >> Martin Hepworth, CISSP >> Oxford, UK >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130418/db54b5a2/attachment.html From carlosla1987 at gmail.com Thu Apr 18 21:57:18 2013 From: carlosla1987 at gmail.com (=?ISO-8859-1?Q?Carlos_Ra=FAl_Laguna?=) Date: Thu, 18 Apr 2013 16:57:18 -0400 Subject: Lots of mail on Hold In-Reply-To: References: Message-ID: Did what you ask no difference do #!/usr/bin/perl -U -I/usr/share/MailScanner/ an't call method "close" on an undefined value at /usr/sbin/mailscanner_create_locks line 47. Error: Attempt to create locks in /var/lock/MailScanner failed! Can't set GID 33 at /usr/sbin/MailScanner line 1541. 2013/4/18 Carlos Ra?l Laguna > Did what you ask no difference do > > > > 2013/4/18 Carlos Ra?l Laguna > >> Thanks for the fast reply >> all i get is >> >> Can't call method "close" on an undefined value at >> /usr/sbin/mailscanner_create_locks line 47. >> Error: Attempt to create locks in /var/lock/MailScanner failed! >> Can't set GID 33 at /usr/sbin/MailScanner line 1541. >> >> >> >> >> 2013/4/18 Martin Hepworth >> >>> Make youve turned off selinux >>> >>> Also run the debug as the postfix user >>> >>> >>> Martin >>> >>> On Thursday, 18 April 2013, Carlos Ra?l Laguna wrote: >>> >>>> >>>> Hi aim using mailscanner 4.84.5-4 on ubuntu 12.04.2 an after some check >>>> MailScanner --lint give no error back, however when i run in debug mode i >>>> get this >>>> >>>> LibClamAV Error: cli_scanhtml: Can't create temporary directory >>>> /var/spool/MailScanner/incoming/SpamAssassin-Temp/fileZu9PiO/clamav-dfeb188c6d93ac33695b6db46175629e >>>> LibClamAV Error: cli_scanhtml: Can't create temporary directory >>>> /var/spool/MailScanner/incoming/SpamAssassin-Temp/fileZu9PiO/clamav-0973cd1b961c3f9d0c42a72a271a3579 >>>> >>>> plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create >>>> lockfile /var/lib/MailScanner/bayes.mutex: Permission denied >>>> plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create >>>> lockfile /var/lib/MailScanner/bayes.mutex: Permission denied >>>> >>>> It looks like permission issue but no enteraly shure about that had >>>> change the user from where runnig clamav without any good outcome >>>> >>>> grep -i postfix MailScanner.conf | grep -v ^# >>>> Run As User = postfix >>>> Run As Group = postfix >>>> Incoming Queue Dir = /var/spool/postfix/hold >>>> Outgoing Queue Dir = /var/spool/postfix/incoming >>>> MTA = postfix >>>> >>>> Any help here would be really appreciated. Thanks for your time. >>>> >>> >>> >>> -- >>> -- >>> Martin Hepworth, CISSP >>> Oxford, UK >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130418/fe3e68cb/attachment.html From steve.freegard at fsl.com Thu Apr 18 22:54:30 2013 From: steve.freegard at fsl.com (Steve Freegard) Date: Thu, 18 Apr 2013 22:54:30 +0100 Subject: Lots of mail on Hold In-Reply-To: References: Message-ID: How about AppArmour as you're on Ubuntu. sudo /etc/init.d/apparmor stop Does that fix it? Regards, Steve. On 18/04/13 21:57, Carlos Ra?l Laguna wrote: > Did what you ask no difference do > > #!/usr/bin/perl -U -I/usr/share/MailScanner/ > > an't call method "close" on an undefined value at > /usr/sbin/mailscanner_create_locks line 47. > Error: Attempt to create locks in /var/lock/MailScanner failed! > Can't set GID 33 at /usr/sbin/MailScanner line 1541. > > > 2013/4/18 Carlos Ra?l Laguna > > > Did what you ask no difference do > > > > 2013/4/18 Carlos Ra?l Laguna > > > Thanks for the fast reply > all i get is > > Can't call method "close" on an undefined value at > /usr/sbin/mailscanner_create_locks line 47. > Error: Attempt to create locks in /var/lock/MailScanner failed! > Can't set GID 33 at /usr/sbin/MailScanner line 1541. > > > > > 2013/4/18 Martin Hepworth > > > Make youve turned off selinux > > Also run the debug as the postfix user > > Martin > > On Thursday, 18 April 2013, Carlos Ra?l Laguna wrote: > > > Hi aim using mailscanner 4.84.5-4 on ubuntu 12.04.2 an > after some check MailScanner --lint give no error back, > however when i run in debug mode i get this > > LibClamAV Error: cli_scanhtml: Can't create temporary > directory > /var/spool/MailScanner/incoming/SpamAssassin-Temp/fileZu9PiO/clamav-dfeb188c6d93ac33695b6db46175629e > LibClamAV Error: cli_scanhtml: Can't create temporary > directory > /var/spool/MailScanner/incoming/SpamAssassin-Temp/fileZu9PiO/clamav-0973cd1b961c3f9d0c42a72a271a3579 > > plugin: eval failed: bayes: (in learn) locker: > safe_lock: cannot create lockfile > /var/lib/MailScanner/bayes.mutex: Permission denied > plugin: eval failed: bayes: (in learn) locker: > safe_lock: cannot create lockfile > /var/lib/MailScanner/bayes.mutex: Permission denied > > It looks like permission issue but no enteraly shure > about that had change the user from where runnig clamav > without any good outcome > > grep -i postfix MailScanner.conf | grep -v ^# > Run As User = postfix > Run As Group = postfix > Incoming Queue Dir = /var/spool/postfix/hold > Outgoing Queue Dir = /var/spool/postfix/incoming > MTA = postfix > > Any help here would be really appreciated. Thanks for > your time. > > > > -- > -- > Martin Hepworth, CISSP > Oxford, UK > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > > From jerry.benton at mailborder.com Thu Apr 18 23:44:27 2013 From: jerry.benton at mailborder.com (Jerry Benton) Date: Fri, 19 Apr 2013 00:44:27 +0200 Subject: Lots of mail on Hold In-Reply-To: References: Message-ID: Ok so ... I have no idea how you setup permissions, so I will just show you what is doen in the Mailborder install scripts. In short, I create a special group and add postfix, clamav, and any other required user to that group. I then set the MailScanner quarantine, postfix processing, etc. as being owned by that group. I then set the below permissions, which is essentially group read and write (0660) # set permissions # chown root:mtagroup /etc/postfix/main.cf chmod 0664 /etc/postfix/main.cf chown -R root:mtagroup /etc/MailScanner/reports/ chown postfix:mtagroup /var/spool/MailScanner chown postfix:mtagroup /var/spool/MailScanner/incoming chown postfix:mtagroup /var/spool/MailScanner/quarantine chown postfix.mtagroup /var/spool/MailScanner/spamassassin chown postfix:mtagroup /var/spool/postfix chown postfix:mtagroup /var/spool/postfix/incoming find /etc/MailScanner/reports/ -type d -exec chmod 0655 {} \; find /etc/MailScanner/reports/ -type f -exec chmod 0664 {} \; chmod g+w /var/spool/MailScanner/* touch /var/spool/MailScanner/incoming/SpamAssassin.cache.db chown postfix:mtagroup /var/spool/MailScanner/incoming/SpamAssassin.cache.db touch /var/spool/MailScanner/incoming/Processing.db chown postfix:mtagroup /var/spool/MailScanner/incoming/Processing.db On Thu, Apr 18, 2013 at 11:54 PM, Steve Freegard wrote: > How about AppArmour as you're on Ubuntu. > > sudo /etc/init.d/apparmor stop > > Does that fix it? > > Regards, > Steve. > > > On 18/04/13 21:57, Carlos Ra?l Laguna wrote: > > Did what you ask no difference do > > > > #!/usr/bin/perl -U -I/usr/share/MailScanner/ > > > > an't call method "close" on an undefined value at > > /usr/sbin/mailscanner_create_locks line 47. > > Error: Attempt to create locks in /var/lock/MailScanner failed! > > Can't set GID 33 at /usr/sbin/MailScanner line 1541. > > > > > > 2013/4/18 Carlos Ra?l Laguna > > > > > > Did what you ask no difference do > > > > > > > > 2013/4/18 Carlos Ra?l Laguna > > > > > > Thanks for the fast reply > > all i get is > > > > Can't call method "close" on an undefined value at > > /usr/sbin/mailscanner_create_locks line 47. > > Error: Attempt to create locks in /var/lock/MailScanner failed! > > Can't set GID 33 at /usr/sbin/MailScanner line 1541. > > > > > > > > > > 2013/4/18 Martin Hepworth > > > > > > Make youve turned off selinux > > > > Also run the debug as the postfix user > > > > Martin > > > > On Thursday, 18 April 2013, Carlos Ra?l Laguna wrote: > > > > > > Hi aim using mailscanner 4.84.5-4 on ubuntu 12.04.2 an > > after some check MailScanner --lint give no error back, > > however when i run in debug mode i get this > > > > LibClamAV Error: cli_scanhtml: Can't create temporary > > directory > > > /var/spool/MailScanner/incoming/SpamAssassin-Temp/fileZu9PiO/clamav-dfeb188c6d93ac33695b6db46175629e > > LibClamAV Error: cli_scanhtml: Can't create temporary > > directory > > > /var/spool/MailScanner/incoming/SpamAssassin-Temp/fileZu9PiO/clamav-0973cd1b961c3f9d0c42a72a271a3579 > > > > plugin: eval failed: bayes: (in learn) locker: > > safe_lock: cannot create lockfile > > /var/lib/MailScanner/bayes.mutex: Permission denied > > plugin: eval failed: bayes: (in learn) locker: > > safe_lock: cannot create lockfile > > /var/lib/MailScanner/bayes.mutex: Permission denied > > > > It looks like permission issue but no enteraly shure > > about that had change the user from where runnig clamav > > without any good outcome > > > > grep -i postfix MailScanner.conf | grep -v ^# > > Run As User = postfix > > Run As Group = postfix > > Incoming Queue Dir = /var/spool/postfix/hold > > Outgoing Queue Dir = /var/spool/postfix/incoming > > MTA = postfix > > > > Any help here would be really appreciated. Thanks for > > your time. > > > > > > > > -- > > -- > > Martin Hepworth, CISSP > > Oxford, UK > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the > website! > > > > > > > > > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Jerry Benton Mailborder Systems www.mailborder.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130419/88770661/attachment.html From jerry.benton at mailborder.com Thu Apr 18 23:49:44 2013 From: jerry.benton at mailborder.com (Jerry Benton) Date: Fri, 19 Apr 2013 00:49:44 +0200 Subject: Lots of mail on Hold In-Reply-To: References: Message-ID: Forgot to mention ... I do this with the mtagroup because both postfix and clamav need access to these files. If you read the MailScanner docs you see where Julian lays out the logic. I just extended upon that with an enitrely new group because the Mailborder servers have a lot more going on. If you are still having huge problems, you could always run clamd as root, but that is not recommended. However, it is a valid short term solution to clear out your queues with email being time sensitive and all. On Fri, Apr 19, 2013 at 12:44 AM, Jerry Benton wrote: > Ok so ... I have no idea how you setup permissions, so I will just show > you what is doen in the Mailborder install scripts. In short, I create a > special group and add postfix, clamav, and any other required user to that > group. I then set the MailScanner quarantine, postfix processing, etc. as > being owned by that group. I then set the below permissions, which is > essentially group read and write (0660) > > > # set permissions > # > chown root:mtagroup /etc/postfix/main.cf > chmod 0664 /etc/postfix/main.cf > chown -R root:mtagroup /etc/MailScanner/reports/ > chown postfix:mtagroup /var/spool/MailScanner > chown postfix:mtagroup /var/spool/MailScanner/incoming > chown postfix:mtagroup /var/spool/MailScanner/quarantine > chown postfix.mtagroup /var/spool/MailScanner/spamassassin > chown postfix:mtagroup /var/spool/postfix > chown postfix:mtagroup /var/spool/postfix/incoming > find /etc/MailScanner/reports/ -type d -exec chmod 0655 {} \; > find /etc/MailScanner/reports/ -type f -exec chmod 0664 {} \; > chmod g+w /var/spool/MailScanner/* > touch /var/spool/MailScanner/incoming/SpamAssassin.cache.db > chown postfix:mtagroup > /var/spool/MailScanner/incoming/SpamAssassin.cache.db > touch /var/spool/MailScanner/incoming/Processing.db > chown postfix:mtagroup /var/spool/MailScanner/incoming/Processing.db > > > > On Thu, Apr 18, 2013 at 11:54 PM, Steve Freegard wrote: > >> How about AppArmour as you're on Ubuntu. >> >> sudo /etc/init.d/apparmor stop >> >> Does that fix it? >> >> Regards, >> Steve. >> >> >> On 18/04/13 21:57, Carlos Ra?l Laguna wrote: >> > Did what you ask no difference do >> > >> > #!/usr/bin/perl -U -I/usr/share/MailScanner/ >> > >> > an't call method "close" on an undefined value at >> > /usr/sbin/mailscanner_create_locks line 47. >> > Error: Attempt to create locks in /var/lock/MailScanner failed! >> > Can't set GID 33 at /usr/sbin/MailScanner line 1541. >> > >> > >> > 2013/4/18 Carlos Ra?l Laguna > > > >> > >> > Did what you ask no difference do >> > >> > >> > >> > 2013/4/18 Carlos Ra?l Laguna > > > >> > >> > Thanks for the fast reply >> > all i get is >> > >> > Can't call method "close" on an undefined value at >> > /usr/sbin/mailscanner_create_locks line 47. >> > Error: Attempt to create locks in /var/lock/MailScanner failed! >> > Can't set GID 33 at /usr/sbin/MailScanner line 1541. >> > >> > >> > >> > >> > 2013/4/18 Martin Hepworth > > > >> > >> > Make youve turned off selinux >> > >> > Also run the debug as the postfix user >> > >> > Martin >> > >> > On Thursday, 18 April 2013, Carlos Ra?l Laguna wrote: >> > >> > >> > Hi aim using mailscanner 4.84.5-4 on ubuntu 12.04.2 an >> > after some check MailScanner --lint give no error back, >> > however when i run in debug mode i get this >> > >> > LibClamAV Error: cli_scanhtml: Can't create temporary >> > directory >> > >> /var/spool/MailScanner/incoming/SpamAssassin-Temp/fileZu9PiO/clamav-dfeb188c6d93ac33695b6db46175629e >> > LibClamAV Error: cli_scanhtml: Can't create temporary >> > directory >> > >> /var/spool/MailScanner/incoming/SpamAssassin-Temp/fileZu9PiO/clamav-0973cd1b961c3f9d0c42a72a271a3579 >> > >> > plugin: eval failed: bayes: (in learn) locker: >> > safe_lock: cannot create lockfile >> > /var/lib/MailScanner/bayes.mutex: Permission denied >> > plugin: eval failed: bayes: (in learn) locker: >> > safe_lock: cannot create lockfile >> > /var/lib/MailScanner/bayes.mutex: Permission denied >> > >> > It looks like permission issue but no enteraly shure >> > about that had change the user from where runnig clamav >> > without any good outcome >> > >> > grep -i postfix MailScanner.conf | grep -v ^# >> > Run As User = postfix >> > Run As Group = postfix >> > Incoming Queue Dir = /var/spool/postfix/hold >> > Outgoing Queue Dir = /var/spool/postfix/incoming >> > MTA = postfix >> > >> > Any help here would be really appreciated. Thanks for >> > your time. >> > >> > >> > >> > -- >> > -- >> > Martin Hepworth, CISSP >> > Oxford, UK >> > >> > -- >> > MailScanner mailing list >> > mailscanner at lists.mailscanner.info >> > >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the >> website! >> > >> > >> > >> > >> > >> > >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > -- > > -- > Jerry Benton > Mailborder Systems > www.mailborder.com > -- -- Jerry Benton Mailborder Systems www.mailborder.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130419/41544888/attachment.html From jerry.benton at mailborder.com Thu Apr 18 23:52:45 2013 From: jerry.benton at mailborder.com (Jerry Benton) Date: Fri, 19 Apr 2013 00:52:45 +0200 Subject: Lots of mail on Hold In-Reply-To: References: Message-ID: And you can also change the scanner to clamav (istead of clamd) in MailScanner.conf. This also solves the problem, but is a performance hit. I am sure I will think of something else in a minunte so I can email 500 people again something they don't want to read. On Fri, Apr 19, 2013 at 12:49 AM, Jerry Benton wrote: > Forgot to mention ... > > I do this with the mtagroup because both postfix and clamav need access to > these files. If you read the MailScanner docs you see where Julian lays out > the logic. I just extended upon that with an enitrely new group because the > Mailborder servers have a lot more going on. > > If you are still having huge problems, you could always run clamd as root, > but that is not recommended. However, it is a valid short term solution to > clear out your queues with email being time sensitive and all. > > > > > On Fri, Apr 19, 2013 at 12:44 AM, Jerry Benton < > jerry.benton at mailborder.com> wrote: > >> Ok so ... I have no idea how you setup permissions, so I will just show >> you what is doen in the Mailborder install scripts. In short, I create a >> special group and add postfix, clamav, and any other required user to that >> group. I then set the MailScanner quarantine, postfix processing, etc. as >> being owned by that group. I then set the below permissions, which is >> essentially group read and write (0660) >> >> >> # set permissions >> # >> chown root:mtagroup /etc/postfix/main.cf >> chmod 0664 /etc/postfix/main.cf >> chown -R root:mtagroup /etc/MailScanner/reports/ >> chown postfix:mtagroup /var/spool/MailScanner >> chown postfix:mtagroup /var/spool/MailScanner/incoming >> chown postfix:mtagroup /var/spool/MailScanner/quarantine >> chown postfix.mtagroup /var/spool/MailScanner/spamassassin >> chown postfix:mtagroup /var/spool/postfix >> chown postfix:mtagroup /var/spool/postfix/incoming >> find /etc/MailScanner/reports/ -type d -exec chmod 0655 {} \; >> find /etc/MailScanner/reports/ -type f -exec chmod 0664 {} \; >> chmod g+w /var/spool/MailScanner/* >> touch /var/spool/MailScanner/incoming/SpamAssassin.cache.db >> chown postfix:mtagroup >> /var/spool/MailScanner/incoming/SpamAssassin.cache.db >> touch /var/spool/MailScanner/incoming/Processing.db >> chown postfix:mtagroup /var/spool/MailScanner/incoming/Processing.db >> >> >> >> On Thu, Apr 18, 2013 at 11:54 PM, Steve Freegard > > wrote: >> >>> How about AppArmour as you're on Ubuntu. >>> >>> sudo /etc/init.d/apparmor stop >>> >>> Does that fix it? >>> >>> Regards, >>> Steve. >>> >>> >>> On 18/04/13 21:57, Carlos Ra?l Laguna wrote: >>> > Did what you ask no difference do >>> > >>> > #!/usr/bin/perl -U -I/usr/share/MailScanner/ >>> > >>> > an't call method "close" on an undefined value at >>> > /usr/sbin/mailscanner_create_locks line 47. >>> > Error: Attempt to create locks in /var/lock/MailScanner failed! >>> > Can't set GID 33 at /usr/sbin/MailScanner line 1541. >>> > >>> > >>> > 2013/4/18 Carlos Ra?l Laguna >> > > >>> > >>> > Did what you ask no difference do >>> > >>> > >>> > >>> > 2013/4/18 Carlos Ra?l Laguna >> > > >>> > >>> > Thanks for the fast reply >>> > all i get is >>> > >>> > Can't call method "close" on an undefined value at >>> > /usr/sbin/mailscanner_create_locks line 47. >>> > Error: Attempt to create locks in /var/lock/MailScanner failed! >>> > Can't set GID 33 at /usr/sbin/MailScanner line 1541. >>> > >>> > >>> > >>> > >>> > 2013/4/18 Martin Hepworth >> > > >>> > >>> > Make youve turned off selinux >>> > >>> > Also run the debug as the postfix user >>> > >>> > Martin >>> > >>> > On Thursday, 18 April 2013, Carlos Ra?l Laguna wrote: >>> > >>> > >>> > Hi aim using mailscanner 4.84.5-4 on ubuntu 12.04.2 an >>> > after some check MailScanner --lint give no error back, >>> > however when i run in debug mode i get this >>> > >>> > LibClamAV Error: cli_scanhtml: Can't create temporary >>> > directory >>> > >>> /var/spool/MailScanner/incoming/SpamAssassin-Temp/fileZu9PiO/clamav-dfeb188c6d93ac33695b6db46175629e >>> > LibClamAV Error: cli_scanhtml: Can't create temporary >>> > directory >>> > >>> /var/spool/MailScanner/incoming/SpamAssassin-Temp/fileZu9PiO/clamav-0973cd1b961c3f9d0c42a72a271a3579 >>> > >>> > plugin: eval failed: bayes: (in learn) locker: >>> > safe_lock: cannot create lockfile >>> > /var/lib/MailScanner/bayes.mutex: Permission denied >>> > plugin: eval failed: bayes: (in learn) locker: >>> > safe_lock: cannot create lockfile >>> > /var/lib/MailScanner/bayes.mutex: Permission denied >>> > >>> > It looks like permission issue but no enteraly shure >>> > about that had change the user from where runnig clamav >>> > without any good outcome >>> > >>> > grep -i postfix MailScanner.conf | grep -v ^# >>> > Run As User = postfix >>> > Run As Group = postfix >>> > Incoming Queue Dir = /var/spool/postfix/hold >>> > Outgoing Queue Dir = /var/spool/postfix/incoming >>> > MTA = postfix >>> > >>> > Any help here would be really appreciated. Thanks for >>> > your time. >>> > >>> > >>> > >>> > -- >>> > -- >>> > Martin Hepworth, CISSP >>> > Oxford, UK >>> > >>> > -- >>> > MailScanner mailing list >>> > mailscanner at lists.mailscanner.info >>> > >>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> > >>> > Before posting, read http://wiki.mailscanner.info/posting >>> > >>> > Support MailScanner development - buy the book off the >>> website! >>> > >>> > >>> > >>> > >>> > >>> > >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> >> -- >> >> -- >> Jerry Benton >> Mailborder Systems >> www.mailborder.com >> > > > > -- > > -- > Jerry Benton > Mailborder Systems > www.mailborder.com > -- -- Jerry Benton Mailborder Systems www.mailborder.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130419/dacbdaea/attachment.html From carlosla1987 at gmail.com Fri Apr 19 00:21:08 2013 From: carlosla1987 at gmail.com (=?ISO-8859-1?Q?Carlos_Ra=FAl_Laguna?=) Date: Thu, 18 Apr 2013 19:21:08 -0400 Subject: Lots of mail on Hold In-Reply-To: References: Message-ID: Actually this is a PVS openvz so no apparmor for me,at the moment i found this thread http://lists.mailscanner.info/pipermail/mailscanner/2011-November/098798.html and as hi did i comentout: *TempDir=$(mktemp) || { echo "$0: Cannot make name for temporary dir" >&2; exit 1; }* * * and add *TempDir=$(mktemp -d ) || { echo "$0: Cannot make name for temporary dir" >&2; exit 1; }* seems to workout for me too the queue amount is decreasing as we speak. Thanks 2013/4/18 Steve Freegard > How about AppArmour as you're on Ubuntu. > > sudo /etc/init.d/apparmor stop > > Does that fix it? > > Regards, > Steve. > > > On 18/04/13 21:57, Carlos Ra?l Laguna wrote: > > Did what you ask no difference do > > > > #!/usr/bin/perl -U -I/usr/share/MailScanner/ > > > > an't call method "close" on an undefined value at > > /usr/sbin/mailscanner_create_locks line 47. > > Error: Attempt to create locks in /var/lock/MailScanner failed! > > Can't set GID 33 at /usr/sbin/MailScanner line 1541. > > > > > > 2013/4/18 Carlos Ra?l Laguna > > > > > > Did what you ask no difference do > > > > > > > > 2013/4/18 Carlos Ra?l Laguna > > > > > > Thanks for the fast reply > > all i get is > > > > Can't call method "close" on an undefined value at > > /usr/sbin/mailscanner_create_locks line 47. > > Error: Attempt to create locks in /var/lock/MailScanner failed! > > Can't set GID 33 at /usr/sbin/MailScanner line 1541. > > > > > > > > > > 2013/4/18 Martin Hepworth > > > > > > Make youve turned off selinux > > > > Also run the debug as the postfix user > > > > Martin > > > > On Thursday, 18 April 2013, Carlos Ra?l Laguna wrote: > > > > > > Hi aim using mailscanner 4.84.5-4 on ubuntu 12.04.2 an > > after some check MailScanner --lint give no error back, > > however when i run in debug mode i get this > > > > LibClamAV Error: cli_scanhtml: Can't create temporary > > directory > > > /var/spool/MailScanner/incoming/SpamAssassin-Temp/fileZu9PiO/clamav-dfeb188c6d93ac33695b6db46175629e > > LibClamAV Error: cli_scanhtml: Can't create temporary > > directory > > > /var/spool/MailScanner/incoming/SpamAssassin-Temp/fileZu9PiO/clamav-0973cd1b961c3f9d0c42a72a271a3579 > > > > plugin: eval failed: bayes: (in learn) locker: > > safe_lock: cannot create lockfile > > /var/lib/MailScanner/bayes.mutex: Permission denied > > plugin: eval failed: bayes: (in learn) locker: > > safe_lock: cannot create lockfile > > /var/lib/MailScanner/bayes.mutex: Permission denied > > > > It looks like permission issue but no enteraly shure > > about that had change the user from where runnig clamav > > without any good outcome > > > > grep -i postfix MailScanner.conf | grep -v ^# > > Run As User = postfix > > Run As Group = postfix > > Incoming Queue Dir = /var/spool/postfix/hold > > Outgoing Queue Dir = /var/spool/postfix/incoming > > MTA = postfix > > > > Any help here would be really appreciated. Thanks for > > your time. > > > > > > > > -- > > -- > > Martin Hepworth, CISSP > > Oxford, UK > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the > website! > > > > > > > > > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130418/25050c58/attachment-0001.html From Amelein at dantumadiel.eu Fri Apr 19 08:15:27 2013 From: Amelein at dantumadiel.eu (Arjan Melein) Date: Fri, 19 Apr 2013 09:15:27 +0200 Subject: Betr.: RE: ***POTENTIALLY SPAM*** Re: Fedora 18 and MailScanner In-Reply-To: <7422D1030AB0A0479EE5090F3702AAF815368F@BUGATTI.snjlaw.local> References: <7422D1030AB0A0479EE5090F3702AAF814756D@BUGATTI.snjlaw.local> <51630F47.8010700@cnpapers.com> <51631E0B.8090600@cnpapers.com> <7422D1030AB0A0479EE5090F3702AAF81533FA@BUGATTI.snjlaw.local> <7422D1030AB0A0479EE5090F3702AAF815368F@BUGATTI.snjlaw.local> Message-ID: <51710B2F0200008E00023B35@GroupWise.Dantumadiel.eu> I'm running MS on Fedora for the simple fact that CentOS is rather outdated with its packages that I had trouble getting the required minimal versions of some packages (i forgot which unfortunately). This is the 'problem' with all enterprise distributions as they are made for stability and not bleeding edge, and IMO bleeding edge is what you need in the fight against spam. That's why I took the time to get it running on Fedora, which indeed costs more time and comes with a few quirks and core changes that occasionally make me facepalm. - Arjan From mejaz at cyberia.net.sa Mon Apr 22 10:57:47 2013 From: mejaz at cyberia.net.sa (Ejaz) Date: Mon, 22 Apr 2013 12:57:47 +0300 Subject: support Message-ID: How can I get an official support from MailScanner. Regards, __________________ Mohammed Ejaz Sr,Systems Administrator -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130422/ed3b0a14/attachment.html From mikael at syska.dk Mon Apr 22 12:08:25 2013 From: mikael at syska.dk (Mikael Syska) Date: Mon, 22 Apr 2013 13:08:25 +0200 Subject: support In-Reply-To: References: Message-ID: Hi, On Mon, Apr 22, 2013 at 11:57 AM, Ejaz wrote: > How can I get an official support from MailScanner. > Read the MailScanner site ... http://mailscanner.info/support.html#commercial > **** > > ** ** > > ** ** > > ** ** > > Regards, > __________________ > Mohammed Ejaz > Sr,Systems Administrator > > **** > > ** ** > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > mvh Mikael Syska -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130422/6c4c92c2/attachment.html From maxsec at gmail.com Mon Apr 22 12:36:25 2013 From: maxsec at gmail.com (Martin Hepworth) Date: Mon, 22 Apr 2013 12:36:25 +0100 Subject: support In-Reply-To: References: Message-ID: fsl.com do a nice service and are probably the nearest thing you'll get to anything official as the project doesnt have a commercial arm. -- Martin Hepworth, CISSP Oxford, UK On 22 April 2013 10:57, Ejaz wrote: > How can I get an official support from MailScanner. **** > > ** ** > > ** ** > > ** ** > > Regards, > __________________ > Mohammed Ejaz > Sr,Systems Administrator > > **** > > ** ** > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130422/00e67851/attachment.html From magiza83 at hotmail.com Wed Apr 24 16:05:44 2013 From: magiza83 at hotmail.com (=?iso-8859-1?B?TWFuZWwgR2ltZW5vIFphcmFnb3rh?=) Date: Wed, 24 Apr 2013 17:05:44 +0200 Subject: mailscanner + exim release from out queue Message-ID: Hello, I'm working on a proyect using exim + mailscanner. I've followed the installation guide from http://www.mailscanner.info/exim.html and now exim + mailscanner is almost working, the only problem i've found is to release the mails from exim out queue. Reading the documentation I've not found any way to do it, so I create a cron to do it every minute. Is this the way to do it? My conf file looks like: Mailscanner.conf ... Run As User = exim Run As Group = exim Incoming Queue Dir = /var/spool/exim.in/input Outgoing Queue Dir = /var/spool/exim/input MTA = exim Sendmail = /usr/sbin/exim -C /etc/exim/exim.conf.out -oMr MailScanner Sendmail2 = /usr/sbin/exim -C /etc/exim/exim.conf.out -oMr MailScanner Quarantine User = exim ... Thanks & Regards. Manel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130424/b2dde150/attachment.html From maxsec at gmail.com Thu Apr 25 11:54:57 2013 From: maxsec at gmail.com (Martin Hepworth) Date: Thu, 25 Apr 2013 11:54:57 +0100 Subject: mailscanner + exim release from out queue In-Reply-To: References: Message-ID: In that case maybe you've noy got the two exim instances running. check you've started both Exim processes. Also the Outgoing queue in MailScanner.conf is wrong, this should the queue dir that the 'outgoing' exim process is reading. The main architecture of MailScanner is that it sits between two MTA queues and moves 'good' email from one queue to another. So you need to make sure yo've got the incoming queue that just holds onto the email for MaiLScanner to grab and the outgoing queue that MailScanner will drop scanned email into for onward delivery -- Martin Hepworth, CISSP Oxford, UK On 24 April 2013 16:05, Manel Gimeno Zaragoz? wrote: > Hello, > > I'm working on a proyect using exim + mailscanner. I've followed the > installation guide from http://www.mailscanner.info/exim.html and now > exim + mailscanner is almost working, the only problem i've found is to > release the mails from exim out queue. > > Reading the documentation I've not found any way to do it, so I create a > cron to do it every minute. > > Is this the way to do it? > My conf file looks like: > > Mailscanner.conf > ... > Run As User = exim > Run As Group = exim > Incoming Queue Dir = /var/spool/exim.in/input > Outgoing Queue Dir = /var/spool/exim/input > MTA = exim > Sendmail = /usr/sbin/exim -C /etc/exim/exim.conf.out -oMr MailScanner > Sendmail2 = /usr/sbin/exim -C /etc/exim/exim.conf.out -oMr MailScanner > Quarantine User = exim > ... > > Thanks & Regards. > > Manel > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130425/5f86aa68/attachment.html From kocisky at autistici.org Fri Apr 26 18:00:52 2013 From: kocisky at autistici.org (Kocisky) Date: Fri, 26 Apr 2013 13:00:52 -0400 Subject: Spamassassin not well configured Message-ID: Hi, i've been strugling with spam messages, i have 2 servers, the first one runs MailScanner/Postfix/Spamassassin/Clamav/Postgrey and the second once Zimbra. I dont understand why the same spam message on the first servers gets: MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=2.38, required 3, HTML_MESSAGE 0.00, MIME_HTML_ONLY 1.10, RDNS_NONE 1.27) while on Zimbra: score=6.29 tagged_above=-10 required=6.6 tests=[BAYES_50=0.8, DEAR_EMAIL=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RDNS_NONE=0.793, SUBJ_YOUR_DEBT=0.987, T_URIBL_BLACK_OVERLAP=0.01, URIBL_BLACK=1.725, URIBL_JP_SURBL=1.25] autolearn=no what am i missing? it seems MailScanner/Spamassassin by default is not well configured, how do i check which rules are considered for each message? thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130426/630ef40d/attachment.html From rcooper at dwford.com Fri Apr 26 19:47:47 2013 From: rcooper at dwford.com (Rick Cooper) Date: Fri, 26 Apr 2013 14:47:47 -0400 Subject: Spamassassin not well configured In-Reply-To: References: Message-ID: You need to turn the rbls on if you want the used (biggest diff between the two) as well as BAYS. MS nor SpamAssassin make generalized guess as to how you are going to run your servers. For instance I do zero black list checks after the mail is recieved (I do them during smpt before rctp phase) and I use custom rules that allow me to turn off other stock checks. Read the conf file and think about how you want it _____ From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Kocisky Sent: Friday, April 26, 2013 1:01 PM To: MailScanner discussion Subject: Spamassassin not well configured Hi, i've been strugling with spam messages, i have 2 servers, the first one runs MailScanner/Postfix/Spamassassin/Clamav/Postgrey and the second once Zimbra. I dont understand why the same spam message on the first servers gets: MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=2.38, required 3, HTML_MESSAGE 0.00, MIME_HTML_ONLY 1.10, RDNS_NONE 1.27) while on Zimbra: score=6.29 tagged_above=-10 required=6.6 tests=[BAYES_50=0.8, DEAR_EMAIL=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RDNS_NONE=0.793, SUBJ_YOUR_DEBT=0.987, T_URIBL_BLACK_OVERLAP=0.01, URIBL_BLACK=1.725, URIBL_JP_SURBL=1.25] autolearn=no what am i missing? it seems MailScanner/Spamassassin by default is not well configured, how do i check which rules are considered for each message? thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130426/4497d4da/attachment.html From alex at vidadigital.com.pa Sat Apr 27 16:57:50 2013 From: alex at vidadigital.com.pa (Alex Neuman) Date: Sat, 27 Apr 2013 10:57:50 -0500 Subject: mailscanner + exim release from out queue In-Reply-To: References: Message-ID: Just for informational purposes - I'm not judging - I'd like to know why you've chosen Exim over Sendmail or Postfix, for example. If it's too "off topic" it's ok to answer off-list - y en espa?ol si te es m?s f?cil :D On Thu, Apr 25, 2013 at 5:54 AM, Martin Hepworth wrote: > In that case maybe you've noy got the two exim instances running. check > you've started both Exim processes. > > Also the Outgoing queue in MailScanner.conf is wrong, this should the queue > dir that the 'outgoing' exim process is reading. > > The main architecture of MailScanner is that it sits between two MTA queues > and moves 'good' email from one queue to another. So you need to make sure > yo've got the incoming queue that just holds onto the email for MaiLScanner > to grab and the outgoing queue that MailScanner will drop scanned email into > for onward delivery > > > -- > Martin Hepworth, CISSP > Oxford, UK > > > On 24 April 2013 16:05, Manel Gimeno Zaragoz? wrote: >> >> Hello, >> >> I'm working on a proyect using exim + mailscanner. I've followed the >> installation guide from http://www.mailscanner.info/exim.html and now exim + >> mailscanner is almost working, the only problem i've found is to release the >> mails from exim out queue. >> >> Reading the documentation I've not found any way to do it, so I create a >> cron to do it every minute. >> >> Is this the way to do it? >> My conf file looks like: >> >> Mailscanner.conf >> ... >> Run As User = exim >> Run As Group = exim >> Incoming Queue Dir = /var/spool/exim.in/input >> Outgoing Queue Dir = /var/spool/exim/input >> MTA = exim >> Sendmail = /usr/sbin/exim -C /etc/exim/exim.conf.out -oMr MailScanner >> Sendmail2 = /usr/sbin/exim -C /etc/exim/exim.conf.out -oMr MailScanner >> Quarantine User = exim >> ... >> >> Thanks & Regards. >> >> Manel >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital From alex at vidadigital.com.pa Sat Apr 27 16:59:10 2013 From: alex at vidadigital.com.pa (Alex Neuman) Date: Sat, 27 Apr 2013 10:59:10 -0500 Subject: Spamassassin not well configured In-Reply-To: References: Message-ID: You need to check your spamassassin prerequisites, read through the .pre files in the configuration directory. You can also consider implementing things like razor, pyzor and dcc while you're at it. On Fri, Apr 26, 2013 at 12:00 PM, Kocisky wrote: > Hi, > > i've been strugling with spam messages, i have 2 servers, the first one runs > MailScanner/Postfix/Spamassassin/Clamav/Postgrey and the second once Zimbra. > I dont understand why the same spam message on the first servers gets: > > MailScanner-SpamCheck: not spam, SpamAssassin (not cached, > score=2.38, required 3, HTML_MESSAGE 0.00, MIME_HTML_ONLY 1.10, > RDNS_NONE 1.27) > > while on Zimbra: > > score=6.29 tagged_above=-10 required=6.6 > tests=[BAYES_50=0.8, DEAR_EMAIL=0.001, HTML_MESSAGE=0.001, > MIME_HTML_ONLY=0.723, RDNS_NONE=0.793, SUBJ_YOUR_DEBT=0.987, > T_URIBL_BLACK_OVERLAP=0.01, URIBL_BLACK=1.725, URIBL_JP_SURBL=1.25] > autolearn=no > > > what am i missing? it seems MailScanner/Spamassassin by default is not well > configured, how do i check which rules are considered for each message? > > > thanks! > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital From mark at msapiro.net Sun Apr 28 17:09:48 2013 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 28 Apr 2013 09:09:48 -0700 Subject: ScamNailer info not updated Message-ID: <517D49CC.3070102@msapiro.net> At this writing, it appears the latest Scamnailer data files are emails.2013-166 and emails.2013-166.15, but the DNS TXT record is still emails.msupdate.greylist.bastionmail.com. 3600 IN TXT "emails.2013-164.6" which points to data from 2 days ago. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From jonas at vrt.dk Mon Apr 29 11:16:41 2013 From: jonas at vrt.dk (Jonas Akrouh Larsen) Date: Mon, 29 Apr 2013 10:16:41 +0000 Subject: SV: mailscanner + exim release from out queue In-Reply-To: References: Message-ID: Hi Alex We use exim as well, the reasoning was that since we use debian, and exim is default in dbian, it would be the most obvious choice. Also exim is extremely modular/expandable/customizable. While postfix might be possible to expand customize as well, my impression is that it's not as simple as exim. We've been using exim+mailscanner for 5+ years with great results. My only caveat to the setup, is that we can't do the scanning at smtp time like amavisd does. Best regards Jonas Larsen -----Oprindelig meddelelse----- Fra: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] P? vegne af Alex Neuman Sendt: 27. april 2013 17:58 Til: MailScanner discussion Emne: Re: mailscanner + exim release from out queue Just for informational purposes - I'm not judging - I'd like to know why you've chosen Exim over Sendmail or Postfix, for example. If it's too "off topic" it's ok to answer off-list - y en espa?ol si te es m?s f?cil :D From max at inmindlabs.com Mon Apr 29 13:12:31 2013 From: max at inmindlabs.com (Max Kipness) Date: Mon, 29 Apr 2013 07:12:31 -0500 Subject: Remote Image Spam Message-ID: <11375BD8FE838A409E10DB32B9BFFE9B74193F@addc01.assuredata.local> Hello, Does anyone know how you can raise the score on test T_REMOTE_IMAGE that is part of SpamAssassin? I see where you can raise the score of other tests, but can't find this one. I'm getting bombarded by all kinds of remote image spam. Nothing else is catching it, and it keeps getting low Bayes scores even after learning from them, resetting Bayes, etc. DCC, Pyzor, Razor, blacklists, just nothing seems to be on the score of these blueberry extract, saffron extract, etc spam that has been hitting the last week. Thanks in advance. Thanks, Max Kipness 214-919-9047 From glenn.steen at gmail.com Mon Apr 29 13:30:57 2013 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon, 29 Apr 2013 14:30:57 +0200 Subject: mailscanner + exim release from out queue In-Reply-To: References: Message-ID: Hello Jonas, That MailScanner doesn't operate at SMTP-time is exactly what sets it apart... It is the fundamental difference that make MailScanner perform so much better, and suffer from so much less risk of DoS:ing, than amavisd ... Sure, you cannot do "on the fly rejections", but ... AV/Anti-UCE scanning is to expensive at that stage anyway (IMO)... apart from the simple things you can do in the MTA, that is (recipient verification, rfc strictness, graylisting etc). But the benefits of not doing it in one go, as amavisd does, far outweigh that drawback. If one were to somehow wrangle MailScanner into action during SMTP... one could as well use amavisd instead;-). As for choice of MTA, one should always stick with the one one is most comfortable with ... You're far less likely to foobar things if you know what you're doing:-). If one starts from scratch, taking into account what happens to be the default on the system you use seem like a very sound strategy:-). Cheers! -- -- Glenn On 29 April 2013 12:16, Jonas Akrouh Larsen wrote: > Hi Alex > > We use exim as well, the reasoning was that since we use debian, and exim > is default in dbian, it would be the most obvious choice. Also exim is > extremely modular/expandable/customizable. While postfix might be possible > to expand customize as well, my impression is that it's not as simple as > exim. > > We've been using exim+mailscanner for 5+ years with great results. > > My only caveat to the setup, is that we can't do the scanning at smtp time > like amavisd does. > > Best regards > > Jonas Larsen > > -----Oprindelig meddelelse----- > Fra: mailscanner-bounces at lists.mailscanner.info [mailto: > mailscanner-bounces at lists.mailscanner.info] P? vegne af Alex Neuman > Sendt: 27. april 2013 17:58 > Til: MailScanner discussion > Emne: Re: mailscanner + exim release from out queue > > Just for informational purposes - I'm not judging - I'd like to know why > you've chosen Exim over Sendmail or Postfix, for example. If it's too "off > topic" it's ok to answer off-list - y en espa?ol si te es m?s f?cil :D > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130429/b2749a94/attachment.html From Denis.Beauchemin at usherbrooke.ca Mon Apr 29 13:33:05 2013 From: Denis.Beauchemin at usherbrooke.ca (Denis Beauchemin) Date: Mon, 29 Apr 2013 12:33:05 +0000 Subject: Remote Image Spam In-Reply-To: <11375BD8FE838A409E10DB32B9BFFE9B74193F@addc01.assuredata.local> References: <11375BD8FE838A409E10DB32B9BFFE9B74193F@addc01.assuredata.local> Message-ID: Max, Use: score T_REMOTE_IMAGE 5.0 # or the score that suits you You can put this in your /etc/MailScanner/spam.assassin.prefs.conf or /etc/mail/spamassassin/mailscanner.cf (they should be the same). Then reload MailScanner. Denis -----Message d'origine----- De?: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Max Kipness Envoy??: 29 avril 2013 08:21 ??: mailscanner at lists.mailscanner.info Objet?: Remote Image Spam Hello, Does anyone know how you can raise the score on test T_REMOTE_IMAGE that is part of SpamAssassin? I see where you can raise the score of other tests, but can't find this one. I'm getting bombarded by all kinds of remote image spam. Nothing else is catching it, and it keeps getting low Bayes scores even after learning from them, resetting Bayes, etc. DCC, Pyzor, Razor, blacklists, just nothing seems to be on the score of these blueberry extract, saffron extract, etc spam that has been hitting the last week. Thanks in advance. Thanks, Max Kipness 214-919-9047 -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From nick at threadgroup.com Mon Apr 29 14:16:54 2013 From: nick at threadgroup.com (Nicholas Craig) Date: Mon, 29 Apr 2013 13:16:54 +0000 Subject: Remote Image Spam In-Reply-To: References: Message-ID: You can add it to your local.cf (/etc/spamassassin/local.cf) Just add a new line with "score T_REMOTE_IMAGE XX" with XX being your new score you should see a few other rules that have other overrides down at the bottom of that file. -----Original Message----- From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Max Kipness Sent: Monday, April 29, 2013 8:13 AM To: mailscanner at lists.mailscanner.info Subject: Remote Image Spam Hello, Does anyone know how you can raise the score on test T_REMOTE_IMAGE that is part of SpamAssassin? I see where you can raise the score of other tests, but can't find this one. I'm getting bombarded by all kinds of remote image spam. Nothing else is catching it, and it keeps getting low Bayes scores even after learning from them, resetting Bayes, etc. DCC, Pyzor, Razor, blacklists, just nothing seems to be on the score of these blueberry extract, saffron extract, etc spam that has been hitting the last week. Thanks in advance. Thanks, Max Kipness 214-919-9047 -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From maxsec at gmail.com Mon Apr 29 14:22:55 2013 From: maxsec at gmail.com (Martin Hepworth) Date: Mon, 29 Apr 2013 14:22:55 +0100 Subject: mailscanner + exim release from out queue In-Reply-To: References: Message-ID: Also amavis is rcommended to use one MTA (Postfix), but by NOT scanning at MTA and forming a sandwich between two MTA queue's MailScanner is much more MTA agnostic. from the amavis-new docs.. ***** supported MTA configurations: - Postfix supported and thoroughly tested (advanced content filtering model); - dual-sendmail and other dual-MTA configurations (any MTA type including qmail) with *amavisd-new* relaying between them (SMTP) is the recommended setup (for speed and flexibility) with other mailers; ***** So even amavis recommend dual MTA for systems where you don't run the preferred MTA (postfix). Martin -- Martin Hepworth, CISSP Oxford, UK On 29 April 2013 13:30, Glenn Steen wrote: > Hello Jonas, > > That MailScanner doesn't operate at SMTP-time is exactly what sets it > apart... It is the fundamental difference that make MailScanner perform so > much better, and suffer from so much less risk of DoS:ing, than amavisd ... > Sure, you cannot do "on the fly rejections", but ... AV/Anti-UCE scanning > is to expensive at that stage anyway (IMO)... apart from the simple things > you can do in the MTA, that is (recipient verification, rfc strictness, > graylisting etc). But the benefits of not doing it in one go, as amavisd > does, far outweigh that drawback. > If one were to somehow wrangle MailScanner into action during SMTP... one > could as well use amavisd instead;-). > > As for choice of MTA, one should always stick with the one one is most > comfortable with ... You're far less likely to foobar things if you know > what you're doing:-). If one starts from scratch, taking into account what > happens to be the default on the system you use seem like a very sound > strategy:-). > > Cheers! > -- > -- Glenn > > > On 29 April 2013 12:16, Jonas Akrouh Larsen wrote: > >> Hi Alex >> >> We use exim as well, the reasoning was that since we use debian, and exim >> is default in dbian, it would be the most obvious choice. Also exim is >> extremely modular/expandable/customizable. While postfix might be possible >> to expand customize as well, my impression is that it's not as simple as >> exim. >> >> We've been using exim+mailscanner for 5+ years with great results. >> >> My only caveat to the setup, is that we can't do the scanning at smtp >> time like amavisd does. >> >> Best regards >> >> Jonas Larsen >> >> -----Oprindelig meddelelse----- >> Fra: mailscanner-bounces at lists.mailscanner.info [mailto: >> mailscanner-bounces at lists.mailscanner.info] P? vegne af Alex Neuman >> Sendt: 27. april 2013 17:58 >> Til: MailScanner discussion >> Emne: Re: mailscanner + exim release from out queue >> >> Just for informational purposes - I'm not judging - I'd like to know why >> you've chosen Exim over Sendmail or Postfix, for example. If it's too "off >> topic" it's ok to answer off-list - y en espa?ol si te es m?s f?cil :D >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130429/be7749e9/attachment.html From maxsec at gmail.com Mon Apr 29 14:25:37 2013 From: maxsec at gmail.com (Martin Hepworth) Date: Mon, 29 Apr 2013 14:25:37 +0100 Subject: Remote Image Spam In-Reply-To: References: <11375BD8FE838A409E10DB32B9BFFE9B74193F@addc01.assuredata.local> Message-ID: Could also be hitting above your max spam scan size.. check what rules are actually getting hit but altering these settings in MailScanner.conf Spam Score Number Format = %5.2f Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = yes Spam Score Number Format = %5.2f Martin -- Martin Hepworth, CISSP Oxford, UK On 29 April 2013 13:33, Denis Beauchemin wrote: > Max, > > Use: > score T_REMOTE_IMAGE 5.0 # or the score that suits you > > You can put this in your /etc/MailScanner/spam.assassin.prefs.conf or > /etc/mail/spamassassin/mailscanner.cf (they should be the same). Then > reload MailScanner. > > Denis > > > -----Message d'origine----- > De : mailscanner-bounces at lists.mailscanner.info [mailto: > mailscanner-bounces at lists.mailscanner.info] De la part de Max Kipness > Envoy? : 29 avril 2013 08:21 > ? : mailscanner at lists.mailscanner.info > Objet : Remote Image Spam > > Hello, > > Does anyone know how you can raise the score on test T_REMOTE_IMAGE that > is part of SpamAssassin? I see where you can raise the score of other > tests, but can't find this one. > > I'm getting bombarded by all kinds of remote image spam. Nothing else is > catching it, and it keeps getting low Bayes scores even after learning from > them, resetting Bayes, etc. DCC, Pyzor, Razor, blacklists, just nothing > seems to be on the score of these blueberry extract, saffron extract, etc > spam that has been hitting the last week. > > Thanks in advance. > > Thanks, > Max Kipness > > 214-919-9047 > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130429/82d48cb8/attachment.html From rcooper at dwford.com Mon Apr 29 14:32:31 2013 From: rcooper at dwford.com (Rick Cooper) Date: Mon, 29 Apr 2013 09:32:31 -0400 Subject: mailscanner + exim release from out queue In-Reply-To: References: Message-ID: <4B15548095F94A80B8B61554B29032F2@SAHOMELT> Jonas Akrouh Larsen wrote: > Hi Alex > > We use exim as well, the reasoning was that since we use debian, and > exim is default in dbian, it would be the most obvious choice. Also > exim is extremely modular/expandable/customizable. While postfix > might be possible to expand customize as well, my impression is that > it's not as simple as exim. > > We've been using exim+mailscanner for 5+ years with great results. > > My only caveat to the setup, is that we can't do the scanning at smtp > time like amavisd does. > I do both SA and Virus scanning at smtp (exim all the way) time so I am curious what you mean by this statement? Rick Cooper > Best regards > > Jonas Larsen > > -----Oprindelig meddelelse----- > Fra: mailscanner-bounces at lists.mailscanner.info > [mailto:mailscanner-bounces at lists.mailscanner.info] P? vegne af Alex > Neuman > Sendt: 27. april 2013 17:58 > Til: MailScanner discussion > Emne: Re: mailscanner + exim release from out queue > > Just for informational purposes - I'm not judging - I'd like to know > why you've chosen Exim over Sendmail or Postfix, for example. If it's > too "off topic" it's ok to answer off-list - y en espa?ol si te es > m?s f?cil :D From matt.hampton.uk at gmail.com Mon Apr 29 16:07:20 2013 From: matt.hampton.uk at gmail.com (Matt Hampton) Date: Mon, 29 Apr 2013 16:07:20 +0100 Subject: ScamNailer info not updated In-Reply-To: <517D49CC.3070102@msapiro.net> References: <517D49CC.3070102@msapiro.net> Message-ID: On it DNS provider reset api keys On 28 April 2013 17:09, Mark Sapiro wrote: > At this writing, it appears the latest Scamnailer data files are > emails.2013-166 and emails.2013-166.15, but the DNS TXT record is still > > emails.msupdate.greylist.bastionmail.com. 3600 IN TXT "emails.2013-164.6" > > which points to data from 2 days ago. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130429/75119e39/attachment.html From jonas at vrt.dk Tue Apr 30 08:41:17 2013 From: jonas at vrt.dk (Jonas Akrouh Larsen) Date: Tue, 30 Apr 2013 07:41:17 +0000 Subject: SV: mailscanner + exim release from out queue In-Reply-To: <4B15548095F94A80B8B61554B29032F2@SAHOMELT> References: <4B15548095F94A80B8B61554B29032F2@SAHOMELT> Message-ID: > > >I do both SA and Virus scanning at smtp (exim all the way) time so I am curious what you mean by this statement? > >Rick Cooper Hi Rick Well you're doing it independently of MailScanner then. That's ofcourse also an option. But if you do both AV and SA in exim, whats the point of having MS behind it? And do you then AV and SA scan the incoming mail again inside MS? Always interesting to see how other people are doing it :) Med venlig hilsen / Best regards ? Jonas Akrouh Larsen ? TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S ? Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax:??? 7020 0978 Web: www.techbiz.dk From jonas at vrt.dk Tue Apr 30 08:49:39 2013 From: jonas at vrt.dk (Jonas Akrouh Larsen) Date: Tue, 30 Apr 2013 07:49:39 +0000 Subject: SV: mailscanner + exim release from out queue In-Reply-To: References: Message-ID: Hi Glenn >That MailScanner doesn't operate at SMTP-time is exactly what sets it apart... It is the fundamental difference that make MailScanner perform so >much better, and suffer from so much less risk of DoS:ing, than amavisd ... >Sure, you cannot do "on the fly rejections", but ... AV/Anti-UCE scanning is to expensive at that stage anyway (IMO)... apart from the simple >things you can do in the MTA, that is (recipient verification, rfc strictness, graylisting etc). But the benefits of not doing it in one go, as amavisd >does, far outweigh that drawback. >If one were to somehow wrangle MailScanner into action during SMTP... one could as well use amavisd instead;-). > >As for choice of MTA, one should always stick with the one one is most comfortable with ... You're far less likely to foobar things if you know >what you're doing:-). If one starts from scratch, taking into account what happens to be the default on the system you use seem like a very sound >strategy:-). I've stuck with exim+MS for 5 years so I guess I must be liking it for the most part :) However I do find it annoying not being able to scan at smtp time, it would be much simpler for bounces and such, and rid my outgoing queue of mails I can't return to sender because it was forged etc. Also it shouldn't run in parallel, so it's no more expensive than running it post smtp, since you don't spam scan a virus, you don't virusscan something listed on rbl etc. But thanks for the comments :) Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130430/be902bb1/attachment.html From maxsec at gmail.com Tue Apr 30 10:18:11 2013 From: maxsec at gmail.com (Martin Hepworth) Date: Tue, 30 Apr 2013 10:18:11 +0100 Subject: mailscanner + exim release from out queue In-Reply-To: References: Message-ID: don't bounce emails that are selected as spam, no reason to anyway. Check for valid recipients on inbound at the MTA and use that to reject the connection, using a decent delay on initial connection and use greylisting are all easy reasons to reject at MTA. But after that it can quite a job to process the email for spam/malware so doing post 'acceptance' is still fine IMHO -- Martin Hepworth, CISSP Oxford, UK On 30 April 2013 08:49, Jonas Akrouh Larsen wrote: > Hi Glenn**** > > ** ** > > >That MailScanner doesn't operate at SMTP-time is exactly what sets it > apart... It is the fundamental difference that make MailScanner perform so > >much better, and suffer from so much less risk of DoS:ing, than amavisd ... > **** > > >Sure, you cannot do "on the fly rejections", but ... AV/Anti-UCE scanning > is to expensive at that stage anyway (IMO)... apart from the simple >things > you can do in the MTA, that is (recipient verification, rfc strictness, > graylisting etc). But the benefits of not doing it in one go, as amavisd > >does, far outweigh that drawback.**** > > >If one were to somehow wrangle MailScanner into action during SMTP... one > could as well use amavisd instead;-).**** > > >** ** > > >As for choice of MTA, one should always stick with the one one is most > comfortable with ... You're far less likely to foobar things if you know > >what you're doing:-). If one starts from scratch, taking into account what > happens to be the default on the system you use seem like a very sound > >strategy:-).**** > > ** ** > > I?ve stuck with exim+MS for 5 years so I guess I must be liking it for the > most part J**** > > ** ** > > However I do find it annoying not being able to scan at smtp time, it > would be much simpler for bounces and such, and rid my outgoing queue of > mails I can?t return to sender because it was forged etc.**** > > ** ** > > Also it shouldn?t run in parallel, so it?s no more expensive than running > it post smtp, since you don?t spam scan a virus, you don?t virusscan > something listed on rbl etc.**** > > ** ** > > But thanks for the comments J**** > > ** ** > > ** ** > > Med venlig hilsen / Best regards**** > > **** > > Jonas Akrouh Larsen**** > > **** > > TechBiz ApS**** > > Laplandsgade 4, 2. sal**** > > 2300 K?benhavn S**** > > **** > > Office: 7020 0979**** > > Direct: 3336 9974**** > > Mobile: 5120 1096**** > > Fax: 7020 0978**** > > Web: www.techbiz.dk**** > > ** ** > > ** ** > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130430/acb9f73f/attachment.html From rcooper at dwford.com Tue Apr 30 13:21:17 2013 From: rcooper at dwford.com (Rick Cooper) Date: Tue, 30 Apr 2013 08:21:17 -0400 Subject: mailscanner + exim release from out queue In-Reply-To: References: <4B15548095F94A80B8B61554B29032F2@SAHOMELT> Message-ID: Jonas Akrouh Larsen wrote: >> I do both SA and Virus scanning at smtp (exim all the way) time so >> I am curious what you mean by this statement? >> >> Rick Cooper > > Hi Rick > > Well you're doing it independently of MailScanner then. That's > ofcourse also an option. But if you do both AV and SA in exim, whats > the point of having MS behind it? And do you then AV and SA scan the > incoming mail again inside MS? The SA conf is much stripped down for exim and MailScanner does not do the virus scanning since it has been handled via exim. However I do have MS redo the SA scanning with a complete+custom rule set if the message makes it past exim. Technically exim could easily do everything that MailScanner does but it's easier to let MS handle the quarantine and use the MailWatch interface for users. Now I would not think this setup would work well for installations that have a large amount of mail incoming. Bear in mind we see maybe 1000 emails per day per site and that is all. I would say more than 90% of spam is dropped at smtp for various reasons and of that 90% at least 70% is dropped before data. There are various triggers that prevent an email from being scanned by spamd at smtp time because they are likely ok but, if they are not white listed, they are then scanned by MailScanner in the backend just in case. > > Always interesting to see how other people are doing it :) > > Med venlig hilsen / Best regards > > Jonas Akrouh Larsen > > TechBiz ApS > Laplandsgade 4, 2. sal > 2300 K?benhavn S > > Office: 7020 0979 > Direct: 3336 9974 > Mobile: 5120 1096 > Fax:??? 7020 0978 > Web: www.techbiz.dk From rcooper at dwford.com Tue Apr 30 13:56:14 2013 From: rcooper at dwford.com (Rick Cooper) Date: Tue, 30 Apr 2013 08:56:14 -0400 Subject: mailscanner + exim release from out queue In-Reply-To: References: Message-ID: <05A74EF22B314932B390479BC0C175E6@SAHOMELT> Sorry for top posting but this html is horrible to quote I NEVER bounce anything , ever. Once it is accepted it's my problem. Below is a partial (fairly complete) list of checks I do before we even get to the data phase or any scanning and the first thing done during data is domainkey/dkim checks Helo: 1. Attempting to helo as part of one of my domains and is not 2. Non fqdn or ip literals properly formatted in brackets ([192.168.2.2]) 3. specific domains that should not be used such as local/internal/localdomain 4. invalid hostnames such as localhost 5. blank (e)helo 6. my own server name 7. couple more special cases Rcpt : 1. black listed hosts or domains 2. missing both A and MX records ( not due to dns failure) 3. spf hard fail 4. Not authenticated from a local user (unless from a valid, internal relay) 5. from or to user that is never used from or to external host (root, ftp, wheel, etc) that is coming from external source 6. specific countries we never do business with but stats show very high percentage of spam (to our servers) 7. invalid domain parts 8. above a certain threshold of invalid recipients 9. Too many recipients if not an authenticated user 10. Several rbls 11. invalid local part (invalid user) doing the checks before data stops the most part before we have to waste time spooling, and many of these rules result in being added (for various periods of time) to the firewall so there is no second chance for hours/days/weeks. Rick _____ From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jonas Akrouh Larsen Sent: Tuesday, April 30, 2013 3:50 AM To: MailScanner discussion Subject: SV: mailscanner + exim release from out queue Hi Glenn >That MailScanner doesn't operate at SMTP-time is exactly what sets it apart... It is the fundamental difference that make MailScanner perform so >much better, and suffer from so much less risk of DoS:ing, than amavisd ... >Sure, you cannot do "on the fly rejections", but ... AV/Anti-UCE scanning is to expensive at that stage anyway (IMO)... apart from the simple >things you can do in the MTA, that is (recipient verification, rfc strictness, graylisting etc). But the benefits of not doing it in one go, as amavisd >does, far outweigh that drawback. >If one were to somehow wrangle MailScanner into action during SMTP... one could as well use amavisd instead;-). > >As for choice of MTA, one should always stick with the one one is most comfortable with ... You're far less likely to foobar things if you know >what you're doing:-). If one starts from scratch, taking into account what happens to be the default on the system you use seem like a very sound >strategy:-). I?ve stuck with exim+MS for 5 years so I guess I must be liking it for the most part J However I do find it annoying not being able to scan at smtp time, it would be much simpler for bounces and such, and rid my outgoing queue of mails I can?t return to sender because it was forged etc. Also it shouldn?t run in parallel, so it?s no more expensive than running it post smtp, since you don?t spam scan a virus, you don?t virusscan something listed on rbl etc. But thanks for the comments J Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130430/2f3eac17/attachment.html From jonas at vrt.dk Tue Apr 30 14:04:23 2013 From: jonas at vrt.dk (Jonas Akrouh Larsen) Date: Tue, 30 Apr 2013 13:04:23 +0000 Subject: SV: mailscanner + exim release from out queue In-Reply-To: References: Message-ID: Hi Martin We do not bounce spam (since we do not deliver it), and we do validate recipients before accepting. However we scan for multiple backend systems. And let's say the system is down or unreachable we can't validate the recipient (since we do it live) and have to accept to be on the safe side. However even ham generates bounces for a number of reasons. So while we keep the problem to a minimum (about 20-40 mails in the outgoing queue at any time, that can't be bounced/delivered) I do not think its too bad considering we have about 20k mails per day passing through our system (not counting greylisting mta rbl's etc) Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk Fra: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] P? vegne af Martin Hepworth Sendt: 30. april 2013 11:18 Til: MailScanner discussion Emne: Re: mailscanner + exim release from out queue don't bounce emails that are selected as spam, no reason to anyway. Check for valid recipients on inbound at the MTA and use that to reject the connection, using a decent delay on initial connection and use greylisting are all easy reasons to reject at MTA. But after that it can quite a job to process the email for spam/malware so doing post 'acceptance' is still fine IMHO -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130430/80518617/attachment.html From max at inmindlabs.com Tue Apr 30 14:16:02 2013 From: max at inmindlabs.com (Max Kipness) Date: Tue, 30 Apr 2013 08:16:02 -0500 Subject: Remote Image Spam Message-ID: <11375BD8FE838A409E10DB32B9BFFE9B741959@addc01.assuredata.local> Thanks guys. I think I had read that you could override scores that way but had forgotten. Worked like a charm, and made a night and day difference in spam detection. Max -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130430/41e9c37b/attachment.html From alex at vidadigital.com.pa Tue Apr 30 14:25:05 2013 From: alex at vidadigital.com.pa (Alex Neuman) Date: Tue, 30 Apr 2013 08:25:05 -0500 Subject: mailscanner + exim release from out queue In-Reply-To: References: Message-ID: Also, be sure to implement SPF and MailScanner's message signing in order to decrease the number of bounces to forged senders... On Tue, Apr 30, 2013 at 4:18 AM, Martin Hepworth wrote: > don't bounce emails that are selected as spam, no reason to anyway. > Check for valid recipients on inbound at the MTA and use that to reject the > connection, using a decent delay on initial connection and use greylisting > are all easy reasons to reject at MTA. > > But after that it can quite a job to process the email for spam/malware so > doing post 'acceptance' is still fine IMHO > > -- > Martin Hepworth, CISSP > Oxford, UK > > > On 30 April 2013 08:49, Jonas Akrouh Larsen wrote: >> >> Hi Glenn >> >> >> >> >That MailScanner doesn't operate at SMTP-time is exactly what sets it >> > apart... It is the fundamental difference that make MailScanner perform so >> > >much better, and suffer from so much less risk of DoS:ing, than amavisd ... >> >> >Sure, you cannot do "on the fly rejections", but ... AV/Anti-UCE scanning >> > is to expensive at that stage anyway (IMO)... apart from the simple >things >> > you can do in the MTA, that is (recipient verification, rfc strictness, >> > graylisting etc). But the benefits of not doing it in one go, as amavisd >> > >does, far outweigh that drawback. >> >> >If one were to somehow wrangle MailScanner into action during SMTP... one >> > could as well use amavisd instead;-). >> >> > >> >> >As for choice of MTA, one should always stick with the one one is most >> > comfortable with ... You're far less likely to foobar things if you know >> > >what you're doing:-). If one starts from scratch, taking into account what >> > happens to be the default on the system you use seem like a very sound >> > >strategy:-). >> >> >> >> I?ve stuck with exim+MS for 5 years so I guess I must be liking it for the >> most part J >> >> >> >> However I do find it annoying not being able to scan at smtp time, it >> would be much simpler for bounces and such, and rid my outgoing queue of >> mails I can?t return to sender because it was forged etc. >> >> >> >> Also it shouldn?t run in parallel, so it?s no more expensive than running >> it post smtp, since you don?t spam scan a virus, you don?t virusscan >> something listed on rbl etc. >> >> >> >> But thanks for the comments J >> >> >> >> >> >> Med venlig hilsen / Best regards >> >> >> >> Jonas Akrouh Larsen >> >> >> >> TechBiz ApS >> >> Laplandsgade 4, 2. sal >> >> 2300 K?benhavn S >> >> >> >> Office: 7020 0979 >> >> Direct: 3336 9974 >> >> Mobile: 5120 1096 >> >> Fax: 7020 0978 >> >> Web: www.techbiz.dk >> >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital From carlosla1987 at gmail.com Tue Apr 30 23:18:50 2013 From: carlosla1987 at gmail.com (=?ISO-8859-1?Q?Carlos_Ra=FAl_Laguna?=) Date: Tue, 30 Apr 2013 18:18:50 -0400 Subject: MailScanner stop checking mail Message-ID: Hi everyone after a few hour trying to figureout what went wrong i am here both of my server with mailscanner dosent process any mail anymore the server start and then it sit there waiting postfix 5555 0.0 1.2 188364 33268 ? SNs 17:39 0:00 MailScanner: starting child postfix 11024 5.1 3.3 259944 87880 ? SN 17:59 0:51 MailScanner: waiting for messages I see no log in mail.log or what so ever that actually pointme somewhere to look MailScanner --debug i freeze in In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... and that it any idea what is goin on ? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130430/f57fb922/attachment.html