From jonathanmhorne at outlook.com Fri Aug 2 22:37:50 2013 From: jonathanmhorne at outlook.com (Jonathan Horne) Date: Fri, 2 Aug 2013 14:37:50 -0700 Subject: is not spam default behaviors Message-ID: i use my mailscanner server to just scan mails and then deliver on to an exchange server, thus there is no local delivery at all. i tried to set my Non Spam Actions to = deliver quantine header "X-Spam-Status: No", but this caused no emails to be delivered to my exchange server. if i could have my way, id deliver to my exchange server and also keep a quarantined copy of each mail, because having a quarantined copy still on the mailscanner server make spamlearning easier due to my exchange/outlook environment (and just let the normal quarantine cleanup run as usual) i had to set it back to Non Spam Actions = deliver header "X-Spam-Status: No" is what i want possible? forwarding to exchange for delivery, and keeping a quarantined copy on the server? thank you, jonathan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130802/3c88b6bf/attachment.html From bonivart at opencsw.org Fri Aug 2 23:31:58 2013 From: bonivart at opencsw.org (Peter Bonivart) Date: Sat, 3 Aug 2013 00:31:58 +0200 Subject: is not spam default behaviors In-Reply-To: References: Message-ID: On Fri, Aug 2, 2013 at 11:37 PM, Jonathan Horne wrote: > i use my mailscanner server to just scan mails and then deliver on to an > exchange server, thus there is no local delivery at all. > > i tried to set my Non Spam Actions to = deliver quantine header > "X-Spam-Status: No", but this caused no emails to be delivered to my > exchange server. if i could have my way, id deliver to my exchange server > and also keep a quarantined copy of each mail, because having a quarantined > copy still on the mailscanner server make spamlearning easier due to my > exchange/outlook environment (and just let the normal quarantine cleanup run > as usual) > > i had to set it back to Non Spam Actions = deliver header "X-Spam-Status: > No" > > is what i want possible? forwarding to exchange for delivery, and keeping a > quarantined copy on the server? Quarantine isn't a valid option for Non Spam Actions, take a look here or in your MailScanner.conf-file: http://www.mailscanner.info/MailScanner.conf.index.html#Non Spam Actions Use the Store actions or look into the separate archiving feature. /peter From jonathanmhorne at outlook.com Sat Aug 3 13:35:27 2013 From: jonathanmhorne at outlook.com (Jonathan Horne) Date: Sat, 3 Aug 2013 05:35:27 -0700 Subject: is not spam default behaviors In-Reply-To: References: , Message-ID: > From: bonivart at opencsw.org > Date: Sat, 3 Aug 2013 00:31:58 +0200 > Subject: Re: is not spam default behaviors > To: mailscanner at lists.mailscanner.info > > On Fri, Aug 2, 2013 at 11:37 PM, Jonathan Horne > wrote: > > i use my mailscanner server to just scan mails and then deliver on to an > > exchange server, thus there is no local delivery at all. > > > > i tried to set my Non Spam Actions to = deliver quantine header > > "X-Spam-Status: No", but this caused no emails to be delivered to my > > exchange server. if i could have my way, id deliver to my exchange server > > and also keep a quarantined copy of each mail, because having a quarantined > > copy still on the mailscanner server make spamlearning easier due to my > > exchange/outlook environment (and just let the normal quarantine cleanup run > > as usual) > > > > i had to set it back to Non Spam Actions = deliver header "X-Spam-Status: > > No" > > > > is what i want possible? forwarding to exchange for delivery, and keeping a > > quarantined copy on the server? > > Quarantine isn't a valid option for Non Spam Actions, take a look here > or in your MailScanner.conf-file: > > http://www.mailscanner.info/MailScanner.conf.index.html#Non Spam Actions > > Use the Store actions or look into the separate archiving feature. > > /peter > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! yes, that quarantine was a typo, i did mean to write store, (i think i meant that the action was store the non-spam quarantine). either way, when i use the config (which this time i copy pasted :) Non Spam Actions = deliver store header "X-Spam-Status: No" the maillog says delivered, but the email ends up in [root at dlp-centos64 ~]# locate 11CC9C7E /var/spool/MailScanner/incoming/20218/11CC9C7E.AF899.header /var/spool/MailScanner/incoming/20220/11CC9C7E.AF899.header /var/spool/MailScanner/incoming/20223/11CC9C7E.AF899.header /var/spool/postfix/hold/11CC9C7E and not forwarded to my exchange server. if i pull the out store, and reload, new mail items are then delivered to my exchange server as before. is there a correct way of setting up "store *and* deliver" with MailScanner? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130803/73e130c7/attachment.html From Antony.Stone at mailscanner.open.source.it Sat Aug 3 14:25:55 2013 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Sat, 3 Aug 2013 15:25:55 +0200 Subject: is not spam default behaviors In-Reply-To: References: Message-ID: <201308031525.56033.Antony.Stone@mailscanner.open.source.it> On Saturday 03 August 2013 at 14:35:27, Jonathan Horne wrote: > either way, when i use the config (which this time i copy pasted :) > > Non Spam Actions = deliver store header "X-Spam-Status: No" > > the maillog says delivered, but the email ends up in > > [root at dlp-centos64 ~]# locate 11CC9C7E > /var/spool/MailScanner/incoming/20218/11CC9C7E.AF899.header > /var/spool/MailScanner/incoming/20220/11CC9C7E.AF899.header > /var/spool/MailScanner/incoming/20223/11CC9C7E.AF899.header > /var/spool/postfix/hold/11CC9C7E > > and not forwarded to my exchange server. if i pull the out store, and > reload, new mail items are then delivered to my exchange server as before. > > is there a correct way of setting up "store *and* deliver" with > MailScanner? Can you try: 1. grep -i deliver /path/to/your/mailscanner.conf 2. Check the content of the above files to see whether the "X-Spam-Status: No" header got added by your rule? 3. Checking the "Archive Mail" feature of Mailscanner to see if that would do what you need instead? Hope this helps, Antony. -- This sentence contains exactly threee erors. Please reply to the list; please don't CC me. From steve at fsl.com Sat Aug 3 21:10:56 2013 From: steve at fsl.com (Stephen Swaney) Date: Sat, 03 Aug 2013 16:10:56 -0400 Subject: is not spam default behaviors In-Reply-To: References: <201308031525.56033.Antony.Stone@mailscanner.open.source.it> <51FD63D0.8000107@fsl.com> Message-ID: Anthony, Try: store deliver header "X-Spam-Status: No" Once you deliver the message, it's hard to store it. Best regards, Steve -- Steve Swaney steve at fsl.com www.fsl.com The most accurate and cost effective anti-spam solutions available On 8/3/13 9:25 AM, Antony Stone wrote: > On Saturday 03 August 2013 at 14:35:27, Jonathan Horne wrote: > >> either way, when i use the config (which this time i copy pasted :) >> >> Non Spam Actions = deliver store header "X-Spam-Status: No" >> >> the maillog says delivered, but the email ends up in >> >> [root at dlp-centos64 ~]# locate 11CC9C7E >> /var/spool/MailScanner/incoming/20218/11CC9C7E.AF899.header >> /var/spool/MailScanner/incoming/20220/11CC9C7E.AF899.header >> /var/spool/MailScanner/incoming/20223/11CC9C7E.AF899.header >> /var/spool/postfix/hold/11CC9C7E >> >> and not forwarded to my exchange server. if i pull the out store, and >> reload, new mail items are then delivered to my exchange server as before. >> >> is there a correct way of setting up "store *and* deliver" with >> MailScanner? > Can you try: > > 1. grep -i deliver /path/to/your/mailscanner.conf > > 2. Check the content of the above files to see whether the "X-Spam-Status: No" > header got added by your rule? > > 3. Checking the "Archive Mail" feature of Mailscanner to see if that would do > what you need instead? > > > Hope this helps, > > > Antony. > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130803/60359294/attachment.html From jonathanmhorne at outlook.com Tue Aug 6 18:00:33 2013 From: jonathanmhorne at outlook.com (Jonathan Horne) Date: Tue, 6 Aug 2013 10:00:33 -0700 Subject: antivirus options Message-ID: clamav is pretty good, but i am still seeing quite a few trojan attachments (in .zip) getting thru. is there another recommended alternative to use with/inlieu of clamav? thanks, jonathan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130806/93e2a628/attachment.html From Kevin_Miller at ci.juneau.ak.us Tue Aug 6 18:23:45 2013 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue, 6 Aug 2013 09:23:45 -0800 Subject: antivirus options In-Reply-To: References: Message-ID: I use f-secure as well as clamav on my mail gateways. If one doesn't get it the other may. I also use Sophos internally, so the files have been scanned three times by the time the user sees them. I also disallow password protected archives, but have a rule file to allow trusted sites to protect a zip file for the few exceptions. ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357 From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jonathan Horne Sent: Tuesday, August 06, 2013 9:01 AM To: mailscanner at lists.mailscanner.info Subject: antivirus options clamav is pretty good, but i am still seeing quite a few trojan attachments (in .zip) getting thru. is there another recommended alternative to use with/inlieu of clamav? thanks, jonathan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130806/aef9a132/attachment.html From jonathanmhorne at outlook.com Tue Aug 6 19:06:35 2013 From: jonathanmhorne at outlook.com (Jonathan Horne) Date: Tue, 6 Aug 2013 11:06:35 -0700 Subject: antivirus options In-Reply-To: References: , Message-ID: hi kevin, thanks for your reply. i was looking at sophos today, but i couldnt see a free opensource download. do you know if this is indeed free/opensource for linux? From: Kevin_Miller at ci.juneau.ak.us To: mailscanner at lists.mailscanner.info Date: Tue, 6 Aug 2013 09:23:45 -0800 Subject: RE: antivirus options I use f-secure as well as clamav on my mail gateways. If one doesn?t get it the other may. I also use Sophos internally, so the files have been scanned three times by the time the user sees them. I also disallow password protected archives, but have a rule file to allow trusted sites to protect a zip file for the few exceptions. ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357 From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jonathan Horne Sent: Tuesday, August 06, 2013 9:01 AM To: mailscanner at lists.mailscanner.info Subject: antivirus options clamav is pretty good, but i am still seeing quite a few trojan attachments (in .zip) getting thru. is there another recommended alternative to use with/inlieu of clamav? thanks, jonathan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130806/bb2e0850/attachment.html From Kevin_Miller at ci.juneau.ak.us Tue Aug 6 19:25:27 2013 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue, 6 Aug 2013 10:25:27 -0800 Subject: antivirus options In-Reply-To: References: , Message-ID: I think clamav is the only free/opensource antivirus out there. We pay for Sophos and F-secure. ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357 From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jonathan Horne Sent: Tuesday, August 06, 2013 10:07 AM To: MailScanner discussion Subject: RE: antivirus options hi kevin, thanks for your reply. i was looking at sophos today, but i couldnt see a free opensource download. do you know if this is indeed free/opensource for linux? ________________________________ From: Kevin_Miller at ci.juneau.ak.us To: mailscanner at lists.mailscanner.info Date: Tue, 6 Aug 2013 09:23:45 -0800 Subject: RE: antivirus options I use f-secure as well as clamav on my mail gateways. If one doesn't get it the other may. I also use Sophos internally, so the files have been scanned three times by the time the user sees them. I also disallow password protected archives, but have a rule file to allow trusted sites to protect a zip file for the few exceptions. ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357 From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jonathan Horne Sent: Tuesday, August 06, 2013 9:01 AM To: mailscanner at lists.mailscanner.info Subject: antivirus options clamav is pretty good, but i am still seeing quite a few trojan attachments (in .zip) getting thru. is there another recommended alternative to use with/inlieu of clamav? thanks, jonathan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130806/2ce39943/attachment.html From steveb_clamav at sanesecurity.com Tue Aug 6 21:00:26 2013 From: steveb_clamav at sanesecurity.com (Steve Basford) Date: Tue, 6 Aug 2013 21:00:26 +0100 Subject: antivirus options In-Reply-To: References: Message-ID: <46e29c6e75762877784ec2d606829457.squirrel@sanesecurity.com> > clamav is pretty good, but i am still seeing quite a few trojan > attachments (in .zip) getting thru. is there another recommended > alternative to use with/inlieu of clamav? Hi, Not sure if you've added in Sanesecurity sigs to ClamAV... If you are having malware issues... add in: phish.ndb, rogue.hdb For double extensions in zips/rars/7z use: foxhole_generic.cdb More signature info here: http://sanesecurity.com/usage/signatures/ Download scripts here: http://sanesecurity.com/usage/linux-scripts/ Cheers, Steve Sanesecurity From chris at chrisbailey.au.com Tue Aug 6 22:00:03 2013 From: chris at chrisbailey.au.com (Christopher M. Bailey) Date: Wed, 7 Aug 2013 07:00:03 +1000 Subject: antivirus options In-Reply-To: References: , Message-ID: <882990710E834BD6AAB18FBBF174FA30@ORIOLE> Hi Kevin, I've been using AVG along with ClamAV for years and never had a major issue, I still get the occasional nasty sneak through, but that's just the nature of the beast. Cheers, Chris From: Jonathan Horne Sent: Wednesday, August 7, 2013 4:06 AM To: MailScanner discussion Subject: RE: antivirus options hi kevin, thanks for your reply. i was looking at sophos today, but i couldnt see a free opensource download. do you know if this is indeed free/opensource for linux? From: Kevin_Miller at ci.juneau.ak.us To: mailscanner at lists.mailscanner.info Date: Tue, 6 Aug 2013 09:23:45 -0800 Subject: RE: antivirus options I use f-secure as well as clamav on my mail gateways. If one doesn?t get it the other may. I also use Sophos internally, so the files have been scanned three times by the time the user sees them. I also disallow password protected archives, but have a rule file to allow trusted sites to protect a zip file for the few exceptions. ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357 From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jonathan Horne Sent: Tuesday, August 06, 2013 9:01 AM To: mailscanner at lists.mailscanner.info Subject: antivirus options clamav is pretty good, but i am still seeing quite a few trojan attachments (in .zip) getting thru. is there another recommended alternative to use with/inlieu of clamav? thanks, jonathan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mogens at fumlersoft.dk Tue Aug 6 22:45:25 2013 From: mogens at fumlersoft.dk (Mogens Melander) Date: Tue, 6 Aug 2013 23:45:25 +0200 (CEST) Subject: antivirus options In-Reply-To: References: , Message-ID: <10631.dfcc6c2f.1375825525.nsm@mail.trader-internet.dk> What about: http://download.avgfree.com/filedir/inst/avg2013flx-r3115-a6155.i386.tar.gz On Tue, August 6, 2013 20:25, Kevin Miller wrote: > I think clamav is the only free/opensource antivirus out there. We pay > for Sophos and F-secure. > > ...Kevin > -- > Kevin Miller > Sent: Tuesday, August 06, 2013 10:07 AM > To: MailScanner discussion > Subject: RE: antivirus options > > hi kevin, thanks for your reply. i was looking at sophos today, but i > couldnt see a free opensource download. do you know if this is indeed > free/opensource for linux? > > ________________________________ > From: Kevin_Miller at ci.juneau.ak.us > To: > mailscanner at lists.mailscanner.info > Date: Tue, 6 Aug 2013 09:23:45 -0800 > Subject: RE: antivirus options > I use f-secure as well as clamav on my mail gateways. If one doesn't get > it the other may. I also use Sophos internally, so the files have been > scanned three times by the time the user sees them. > > I also disallow password protected archives, but have a rule file to allow > trusted sites to protect a zip file for the few exceptions. > > ...Kevin > -- > Kevin Miller > Network/email Administrator, CBJ MIS Dept. > 155 South Seward Street > Juneau, Alaska 99801 > Phone: (907) 586-0242, Fax: (907) 586-4500 > Registered Linux User No: 307357 > From: > mailscanner-bounces at lists.mailscanner.info > [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jonathan > Horne > Sent: Tuesday, August 06, 2013 9:01 AM > To: > mailscanner at lists.mailscanner.info > Subject: antivirus options > > clamav is pretty good, but i am still seeing quite a few trojan > attachments (in .zip) getting thru. is there another recommended > alternative to use with/inlieu of clamav? > > thanks, > jonathan > -- Mogens Melander +66 8701 33224 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From stef at aoc-uk.com Wed Aug 7 15:26:11 2013 From: stef at aoc-uk.com (Stef Morrell) Date: Wed, 7 Aug 2013 14:26:11 +0000 Subject: Required perl modules Message-ID: <92665C7597419742B19470DFA3D5BEA244914E@vonLipwig.aoc-uk.com> Hello List, It's been a while since I did a MailScanner install. In those days the "current" PERL was 5.8 Today, we're at 5.18! I followed the familiar procedure, downloading the tarball for "other" unix and running install.sh, but it does appear that the changes made in the base PERL install have brought in a lot of problems with the modules shipped with MS. Looking at http://www.mailscanner.info/perl.html I can see the same rather elderly set of perl module versions. Can I simply install latest versions of all of these manually, or are there specific versions I need to be looking at? I've included a zipped copy of the install log for your delectation. As you can see, most of the included modules do install quite happily, but there are some that don't, sometimes something (more) complicated (than I can work out), sometimes something as simple as a deprecated feature. The failures include HMTL-Parser, which is obviously crucial. I am also slightly worried about other server roles which may depend on perl (even Nagios client needs some modules) needing more up to date versions and possible conflicts. I suppose the same question should be applied in terms of the "install-clam-sa" tarball. The clam version is certainly out of date. Is that simply a collection of sa dependancies and in that case is it fine to just install the appropriate modules as indicated in the SA documentation. As for clam, I guess I can rip the configure command out of the script and build that manually with little trouble. -- Stefan Morrell????????? | Operations Director Tel: 0843 4532820?????? | Alpha Omega Computers Ltd Fax: 0843 4532830?????? | Incorporating Level 5 Internet stef at aoc-uk.com???????? | stef at l5net.net ? Standard Disclaimer: http://www.aoc-uk.com/aoc_email_terms.html ? Alpha Omega Computers Ltd, Batley Business Park, Grange Road, Batley, WF17 6ER. Registered in England No. 3867142.? VAT No. GB734421454 -------------- next part -------------- A non-text attachment was scrubbed... Name: install.log.zip Type: application/x-zip-compressed Size: 21072 bytes Desc: install.log.zip Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130807/b5869e84/attachment.bin From cickumqt at gmail.com Wed Aug 7 16:30:21 2013 From: cickumqt at gmail.com (Christopher Meng) Date: Wed, 7 Aug 2013 23:30:21 +0800 Subject: Required perl modules In-Reply-To: <92665C7597419742B19470DFA3D5BEA244914E@vonLipwig.aoc-uk.com> References: <92665C7597419742B19470DFA3D5BEA244914E@vonLipwig.aoc-uk.com> Message-ID: Upstream think older is more stable... ;) I may try packaging it into modern systems like Fedora later. Maybe more issues are still hidden... Sent from Note I -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130807/842064ed/attachment.html From stef at aoc-uk.com Wed Aug 7 16:40:30 2013 From: stef at aoc-uk.com (Stef Morrell) Date: Wed, 7 Aug 2013 15:40:30 +0000 Subject: Required perl modules In-Reply-To: <47e855bb-e4df-4055-93e6-d4dd2831a2c8@VONLIPWIG.aoc-uk.com> References: <92665C7597419742B19470DFA3D5BEA244914E@vonLipwig.aoc-uk.com> <47e855bb-e4df-4055-93e6-d4dd2831a2c8@VONLIPWIG.aoc-uk.com> Message-ID: <92665C7597419742B19470DFA3D5BEA2449225@vonLipwig.aoc-uk.com> On 07 August 2013 16:30 Christopher Meng wrote: > Upstream think older is more stable...? ;) Older PERL version, or PERL modules? I have experienced a massive performance drop off with 5.16.2 which I hope might be cured with 5.18. I can't really go back to 5.8 as other applications (like that pesky nagios client) require modules which hate 5.8, so I'm stuck really. Maybe I could try 5.10 or 5.12. From barryc at rjlsystems.com Wed Aug 7 17:50:36 2013 From: barryc at rjlsystems.com (Barry Callahan) Date: Wed, 07 Aug 2013 12:50:36 -0400 Subject: ***SPAM*** Re: Required perl modules In-Reply-To: <92665C7597419742B19470DFA3D5BEA244914E@vonLipwig.aoc-uk.com> References: <92665C7597419742B19470DFA3D5BEA244914E@vonLipwig.aoc-uk.com> Message-ID: I did. Stef Morrell wrote: >Hello List, > >Can I simply install latest versions of all of these manually, or are >there specific versions I need to be looking at? > -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. From m.a.young at durham.ac.uk Thu Aug 8 10:34:58 2013 From: m.a.young at durham.ac.uk (M A Young) Date: Thu, 8 Aug 2013 10:34:58 +0100 (BST) Subject: Required perl modules In-Reply-To: <92665C7597419742B19470DFA3D5BEA244914E@vonLipwig.aoc-uk.com> References: <92665C7597419742B19470DFA3D5BEA244914E@vonLipwig.aoc-uk.com> Message-ID: On Wed, 7 Aug 2013, Stef Morrell wrote: > It's been a while since I did a MailScanner install. In those days the > "current" PERL was 5.8 > > ... > > Can I simply install latest versions of all of these manually, or are > there specific versions I need to be looking at? We don't use any of the RPMs in the install tarball except mailscanner on our CentOS 6 servers, using instead ones shipped with CentOS, or from EPEL or rpmforge. We also stopped running the install.sh script and just install the RPMs directly. Michael Young From bonivart at opencsw.org Thu Aug 8 11:23:11 2013 From: bonivart at opencsw.org (Peter Bonivart) Date: Thu, 8 Aug 2013 12:23:11 +0200 Subject: Required perl modules In-Reply-To: <92665C7597419742B19470DFA3D5BEA244914E@vonLipwig.aoc-uk.com> References: <92665C7597419742B19470DFA3D5BEA244914E@vonLipwig.aoc-uk.com> Message-ID: On Wed, Aug 7, 2013 at 4:26 PM, Stef Morrell wrote: > Can I simply install latest versions of all of these manually, or are there specific versions I need to be looking at? For Solaris I just used the tarball and installed the latest available version of the required modules. No problems at all. From cickumqt at gmail.com Thu Aug 8 11:25:51 2013 From: cickumqt at gmail.com (Christopher Meng) Date: Thu, 8 Aug 2013 18:25:51 +0800 Subject: Required perl modules In-Reply-To: References: <92665C7597419742B19470DFA3D5BEA244914E@vonLipwig.aoc-uk.com> Message-ID: ? 2013-8-8 PM6:07?"M A Young" ??? > We don't use any of the RPMs in the install tarball except mailscanner on > our CentOS 6 servers, using instead ones shipped with CentOS, or from EPEL > or rpmforge. We also stopped running the install.sh script and just > install the RPMs directly. Can it work correctly? I'm preparing packages for Fedora 20+ and RHEL6,7. Sent from Note I -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130808/40d5486d/attachment.html From jason at theedes.co.uk Fri Aug 9 17:04:01 2013 From: jason at theedes.co.uk (Jason Ede) Date: Fri, 9 Aug 2013 17:04:01 +0100 Subject: Odd problem with signatures Message-ID: <004801ce951a$1060f100$3122d300$@theedes.co.uk> I've an odd problem on a new MailScanner server I'm setting up. Signatures are not appended to the email at all. If I try to force it to append the signatures using Sign Messages Already Prcocesed = yes then it seems to just lose the message. I can see the message being scanned, and MailScanner says it is clean, but then the message just disappears. If I change the already processed to No then the email comes through ok but with no signature on it. Any ideas what I can check? I'm using rule files to determine the signing, but these have worked fine till now on other servers. Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130809/cdf8f6c8/attachment.html From jason at theedes.co.uk Fri Aug 9 19:47:18 2013 From: jason at theedes.co.uk (Jason Ede) Date: Fri, 9 Aug 2013 19:47:18 +0100 Subject: Odd problem with signatures In-Reply-To: <004801ce951a$1060f100$3122d300$@theedes.co.uk> References: <004801ce951a$1060f100$3122d300$@theedes.co.uk> Message-ID: <8623463E-C5D3-4F3F-B180-6209B16082C3@theedes.co.uk> It looks like it was a taint problem. Missed the -U on command line. Added that and all happy again... Sent from my iPad On 9 Aug 2013, at 17:04, "Jason Ede" wrote: > I?ve an odd problem on a new MailScanner server I?m setting up? > > Signatures are not appended to the email at all? > > If I try to force it to append the signatures using Sign Messages Already Prcocesed = yes then it seems to just lose the message? I can see the message being scanned, and MailScanner says it is clean, but then the message just disappears? > > If I change the already processed to No then the email comes through ok but with no signature on it. > > Any ideas what I can check? > > I?m using rule files to determine the signing, but these have worked fine till now on other servers? > > Jason > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130809/bb64066a/attachment.html From jonathanmhorne at outlook.com Tue Aug 13 16:28:02 2013 From: jonathanmhorne at outlook.com (Jonathan Horne) Date: Tue, 13 Aug 2013 08:28:02 -0700 Subject: emails that attempt to kill mailscanner Message-ID: i didnt try it yet... but if i set the number of attempts to 0 what will happen? i would like to just delete these emails immeidately, i dont see a need to retry it after 5 minutes. if 0 is not the right way to accomplish this, what is the correct way to dump emails that attempt to kill the process? thanks, jonathan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130813/912fcadd/attachment.html From maxsec at gmail.com Tue Aug 13 17:06:50 2013 From: maxsec at gmail.com (Martin Hepworth) Date: Tue, 13 Aug 2013 17:06:50 +0100 Subject: emails that attempt to kill mailscanner In-Reply-To: References: Message-ID: this problem is normally caused by config issues, like not having the -U switch set in the main MailScanner executable. -- Martin Hepworth, CISSP Oxford, UK On 13 August 2013 16:28, Jonathan Horne wrote: > i didnt try it yet... but if i set the number of attempts to 0 what will > happen? i would like to just delete these emails immeidately, i dont see a > need to retry it after 5 minutes. > > if 0 is not the right way to accomplish this, what is the correct way to > dump emails that attempt to kill the process? > > thanks, > jonathan > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130813/0b7608e3/attachment.html From jonathanmhorne at outlook.com Tue Aug 13 18:28:18 2013 From: jonathanmhorne at outlook.com (Jonathan Horne) Date: Tue, 13 Aug 2013 10:28:18 -0700 Subject: emails that attempt to kill mailscanner In-Reply-To: References: , Message-ID: hmmm, its only some emails, not all of them (and its always emails that i would never accept anyway, high scoring spam). taking a look at hte mailscanner.conf file, i dont see offhand where to add a -U. any tips? jonathan Date: Tue, 13 Aug 2013 17:06:50 +0100 Subject: Re: emails that attempt to kill mailscanner From: maxsec at gmail.com To: mailscanner at lists.mailscanner.info this problem is normally caused by config issues, like not having the -U switch set in the main MailScanner executable. -- Martin Hepworth, CISSP Oxford, UK On 13 August 2013 16:28, Jonathan Horne wrote: i didnt try it yet... but if i set the number of attempts to 0 what will happen? i would like to just delete these emails immeidately, i dont see a need to retry it after 5 minutes. if 0 is not the right way to accomplish this, what is the correct way to dump emails that attempt to kill the process? thanks, jonathan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130813/477c9e24/attachment.html From maxsec at gmail.com Tue Aug 13 19:38:26 2013 From: maxsec at gmail.com (Martin Hepworth) Date: Tue, 13 Aug 2013 19:38:26 +0100 Subject: emails that attempt to kill mailscanner In-Reply-To: References: Message-ID: You need to put the -U at the first line on the MailScanner perl script On Tuesday, 13 August 2013, Jonathan Horne wrote: > hmmm, its only some emails, not all of them (and its always emails that i > would never accept anyway, high scoring spam). > > taking a look at hte mailscanner.conf file, i dont see offhand where to > add a -U. any tips? > > jonathan > > ------------------------------ > Date: Tue, 13 Aug 2013 17:06:50 +0100 > Subject: Re: emails that attempt to kill mailscanner > From: maxsec at gmail.com > To: mailscanner at lists.mailscanner.info 'mailscanner at lists.mailscanner.info');> > > this problem is normally caused by config issues, like not having the -U > switch set in the main MailScanner executable. > > -- > Martin Hepworth, CISSP > Oxford, UK > > > On 13 August 2013 16:28, Jonathan Horne > > wrote: > > i didnt try it yet... but if i set the number of attempts to 0 what will > happen? i would like to just delete these emails immeidately, i dont see a > need to retry it after 5 minutes. > > if 0 is not the right way to accomplish this, what is the correct way to > dump emails that attempt to kill the process? > > thanks, > jonathan > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info 'mailscanner at lists.mailscanner.info');> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > -- MailScanner mailing list mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner Before > posting, read http://wiki.mailscanner.info/posting Support MailScanner > development - buy the book off the website! > -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130813/9f30f4e7/attachment.html From Jason at theedes.co.uk Tue Aug 13 19:41:20 2013 From: Jason at theedes.co.uk (Jason Ede) Date: Tue, 13 Aug 2013 19:41:20 +0100 Subject: emails that attempt to kill mailscanner Message-ID: At the top of the file called MailScanner normally in /usr/sbin on rh based systems. Jonathan Horne wrote: >-- >MailScanner mailing list >mailscanner at lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130813/453f4968/attachment.html From rpf at marinesoftware.co.uk Wed Aug 14 09:17:14 2013 From: rpf at marinesoftware.co.uk (Ritchie P. Fraser) Date: Wed, 14 Aug 2013 08:17:14 +0000 Subject: emails that attempt to kill mailscanner {Scanned} In-Reply-To: References: Message-ID: <7F5CCC2656447841A7BDF64811DEA91610C39D03@Bart1.MarineSoftware.EXT> At the end of the first line in /usr/sbin/MailScanner... like so... #!/usr/bin/perl -I/usr/lib/MailScanner -U Ritchie From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: 13 August 2013 19:38 To: MailScanner discussion Subject: Re: emails that attempt to kill mailscanner {Scanned} You need to put the -U at the first line on the MailScanner perl script On Tuesday, 13 August 2013, Jonathan Horne wrote: hmmm, its only some emails, not all of them (and its always emails that i would never accept anyway, high scoring spam). taking a look at hte mailscanner.conf file, i dont see offhand where to add a -U. any tips? jonathan ________________________________ Date: Tue, 13 Aug 2013 17:06:50 +0100 Subject: Re: emails that attempt to kill mailscanner From: maxsec at gmail.com To: mailscanner at lists.mailscanner.info this problem is normally caused by config issues, like not having the -U switch set in the main MailScanner executable. -- Martin Hepworth, CISSP Oxford, UK On 13 August 2013 16:28, Jonathan Horne > wrote: i didnt try it yet... but if i set the number of attempts to 0 what will happen? i would like to just delete these emails immeidately, i dont see a need to retry it after 5 minutes. if 0 is not the right way to accomplish this, what is the correct way to dump emails that attempt to kill the process? thanks, jonathan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- -- Martin Hepworth, CISSP Oxford, UK -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130814/85ca0acf/attachment.html From richard at fastnet.co.uk Wed Aug 14 11:27:23 2013 From: richard at fastnet.co.uk (Richard Mealing) Date: Wed, 14 Aug 2013 10:27:23 +0000 Subject: emails that attempt to kill mailscanner {Scanned} In-Reply-To: <7F5CCC2656447841A7BDF64811DEA91610C39D03@Bart1.MarineSoftware.EXT> References: <7F5CCC2656447841A7BDF64811DEA91610C39D03@Bart1.MarineSoftware.EXT> Message-ID: <6EE47AF64C339A4F8F7F50507241B3795E9200D9@BTN-EXCHANGE-V1.fastnet.local> This issue only happens to me when my server is over loaded. Once I gave it more CPU's and RAM I've not had this problem again. I find that running spamassassin as daemon and restarting that sometimes helps. The -U switch didn't do anything for me. I'm using FreeBSD. You should look at installing fail2ban or RBL's on the MTA and check the server loan / swap information. I do have a lot of mail coming my way, so I might be way off the mark here.. Rich From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Ritchie P. Fraser Sent: 14 August 2013 09:17 To: MailScanner discussion Subject: RE: emails that attempt to kill mailscanner {Scanned} At the end of the first line in /usr/sbin/MailScanner... like so... #!/usr/bin/perl -I/usr/lib/MailScanner -U Ritchie From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: 13 August 2013 19:38 To: MailScanner discussion Subject: Re: emails that attempt to kill mailscanner {Scanned} You need to put the -U at the first line on the MailScanner perl script On Tuesday, 13 August 2013, Jonathan Horne wrote: hmmm, its only some emails, not all of them (and its always emails that i would never accept anyway, high scoring spam). taking a look at hte mailscanner.conf file, i dont see offhand where to add a -U. any tips? jonathan ________________________________ Date: Tue, 13 Aug 2013 17:06:50 +0100 Subject: Re: emails that attempt to kill mailscanner From: maxsec at gmail.com To: mailscanner at lists.mailscanner.info this problem is normally caused by config issues, like not having the -U switch set in the main MailScanner executable. -- Martin Hepworth, CISSP Oxford, UK On 13 August 2013 16:28, Jonathan Horne > wrote: i didnt try it yet... but if i set the number of attempts to 0 what will happen? i would like to just delete these emails immeidately, i dont see a need to retry it after 5 minutes. if 0 is not the right way to accomplish this, what is the correct way to dump emails that attempt to kill the process? thanks, jonathan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- -- Martin Hepworth, CISSP Oxford, UK -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130814/c9b0e6c2/attachment.html From jonathanmhorne at outlook.com Wed Aug 14 14:35:10 2013 From: jonathanmhorne at outlook.com (Jonathan Horne) Date: Wed, 14 Aug 2013 06:35:10 -0700 Subject: emails that attempt to kill mailscanner In-Reply-To: References: Message-ID: I tried the -U in /usr/sbin/MailScanner. like this: [jhorne at dlp-centos64 ~]$ head /usr/sbin/MailScanner #!/usr/bin/perl -I/usr/lib/MailScanner -U # # MailScanner - SMTP E-Mail Virus Scanner # Copyright (C) 2002 Julian Field # # $Id: mailscanner.sbin 5120 2013-06-17 13:49:45Z sysjkf $ # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or i didnt get time to inspect the entire process operation, but i have it configured to not append the "mailscaner checked this email for virus and believed to be clean" at the bottom of emails. after i added the -U, this started appearing. for fear that other settings that i specified might also be ignored, i removed the -U until i can get a better handle on what it is doing. i dont see offhand in the man page what exactly the -U does... can someone point me to where i can read about this switch? thanks, jonathan Date: Tue, 13 Aug 2013 19:41:20 +0100 Subject: RE: emails that attempt to kill mailscanner From: Jason at theedes.co.uk To: mailscanner at lists.mailscanner.info At the top of the file called MailScanner normally in /usr/sbin on rh based systems. Jonathan Horne wrote: hmmm, its only some emails, not all of them (and its always emails that i would never accept anyway, high scoring spam). taking a look at hte mailscanner.conf file, i dont see offhand where to add a -U. any tips? jonathan Date: Tue, 13 Aug 2013 17:06:50 +0100 Subject: Re: emails that attempt to kill mailscanner From: maxsec at gmail.com To: mailscanner at lists.mailscanner.info this problem is normally caused by config issues, like not having the -U switch set in the main MailScanner executable. -- Martin Hepworth, CISSP Oxford, UK On 13 August 2013 16:28, Jonathan Horne wrote: i didnt try it yet... but if i set the number of attempts to 0 what will happen? i would like to just delete these emails immeidately, i dont see a need to retry it after 5 minutes. if 0 is not the right way to accomplish this, what is the correct way to dump emails that attempt to kill the process? thanks, jonathan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130814/ceb2b10b/attachment.html From jonathanmhorne at outlook.com Wed Aug 14 14:43:10 2013 From: jonathanmhorne at outlook.com (Jonathan Horne) Date: Wed, 14 Aug 2013 06:43:10 -0700 Subject: emails that attempt to kill mailscanner {Scanned} In-Reply-To: <6EE47AF64C339A4F8F7F50507241B3795E9200D9@BTN-EXCHANGE-V1.fastnet.local> References: , , , , <7F5CCC2656447841A7BDF64811DEA91610C39D03@Bart1.MarineSoftware.EXT>, <6EE47AF64C339A4F8F7F50507241B3795E9200D9@BTN-EXCHANGE-V1.fastnet.local> Message-ID: Hi richard, thanks for your reply. personally, i dont have much mail traffic thru my server, i just have my one email domain, and an average day i process about 150 on a heavy day, 120 or so of which will be spam. my server doesnt even hit a 1.0 load average. i did install fail2ban, and i built some pretty effective regex to keep the repeaters from continually sending more spam to my server, but its these strange emails that try to kill mailscanner process that i see every day all day. as i mentioned, they seem to be always high scoring spams anyway, i just wonder if there is malicious code in the emails that i doing this. since my last /var/log/messages turn over, its happened 170 times. thanks, Jonathan From: richard at fastnet.co.uk To: mailscanner at lists.mailscanner.info Subject: RE: emails that attempt to kill mailscanner {Scanned} Date: Wed, 14 Aug 2013 10:27:23 +0000 This issue only happens to me when my server is over loaded. Once I gave it more CPU?s and RAM I?ve not had this problem again. I find that running spamassassin as daemon and restarting that sometimes helps. The ?U switch didn?t do anything for me. I?m using FreeBSD. You should look at installing fail2ban or RBL?s on the MTA and check the server loan / swap information. I do have a lot of mail coming my way, so I might be way off the mark here.. Rich From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Ritchie P. Fraser Sent: 14 August 2013 09:17 To: MailScanner discussion Subject: RE: emails that attempt to kill mailscanner {Scanned} At the end of the first line in /usr/sbin/MailScanner? like so? #!/usr/bin/perl -I/usr/lib/MailScanner -U Ritchie From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: 13 August 2013 19:38 To: MailScanner discussion Subject: Re: emails that attempt to kill mailscanner {Scanned} You need to put the -U at the first line on the MailScanner perl script On Tuesday, 13 August 2013, Jonathan Horne wrote: hmmm, its only some emails, not all of them (and its always emails that i would never accept anyway, high scoring spam). taking a look at hte mailscanner.conf file, i dont see offhand where to add a -U. any tips? jonathan Date: Tue, 13 Aug 2013 17:06:50 +0100 Subject: Re: emails that attempt to kill mailscanner From: maxsec at gmail.com To: mailscanner at lists.mailscanner.info this problem is normally caused by config issues, like not having the -U switch set in the main MailScanner executable. -- Martin Hepworth, CISSP Oxford, UK On 13 August 2013 16:28, Jonathan Horne wrote: i didnt try it yet... but if i set the number of attempts to 0 what will happen? i would like to just delete these emails immeidately, i dont see a need to retry it after 5 minutes. if 0 is not the right way to accomplish this, what is the correct way to dump emails that attempt to kill the process? thanks, jonathan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- -- Martin Hepworth, CISSP Oxford, UK -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130814/77268f16/attachment.html From Jean-Francois.Masson at USherbrooke.ca Wed Aug 14 15:48:43 2013 From: Jean-Francois.Masson at USherbrooke.ca (Jean-Francois Masson) Date: Wed, 14 Aug 2013 10:48:43 -0400 Subject: Clamd INFECTED but the mail still delivered Message-ID: <520B98CB.8050801@USherbrooke.ca> Hi, I have a question about Clamd and MailScanner. All my "Clamd INFECTED" mail are saved to my quarantine folder as the following logs. *Aug 14 10:07:21 10.32.33.25 MailScanner[23474]: Clamd::INFECTED:: Sanesecurity.Junk.19693.UNOFFICIAL :: ./r7EE79MK022851/ *Aug 14 10:07:21 10.32.33.25 MailScanner[23474]: Infected message r7EE79MK022851 came from 95.158.131.135 *Aug 14 10:07:21 10.32.33.25 MailScanner[23474]: Saved entire message to /quarantaine/usherbrooke/20130814/r7EE79MK022851 I received a suspicious mail and i looked at the logs. I saw that the mail was reported INFECTED by Clamd but it was still delivered and do not move in quarantine folder. And not placed in the quarantine folder. I would like to know witch configuration or file permit me to change this option? Thanks. *Aug 12 19:53:11 10.32.33.25 sendmail[13327]: r7CNrB6J013327: Milter (milter-limit): init success to negotiate *Aug 12 19:53:11 10.32.33.25 sendmail[13327]: r7CNrB6J013327: Milter: connect to filters *Aug 12 19:53:11 10.32.33.25 sendmail[13327]: r7CNrB6J013327: milter=milter-limit, action=connect, continue *Aug 12 19:53:22 10.32.33.25 sendmail[13327]: r7CNrB6J013327: milter=milter-limit, action=mail, continue *Aug 12 19:53:22 10.32.33.25 sendmail[13327]: r7CNrB6J013327: milter=milter-limit, action=rcpt, continue *Aug 12 19:53:22 10.32.33.25 sendmail[13327]: r7CNrB6J013327: from=, size=1317, class=0, nrcpts=4, msgid=, bodytype=8BITMIME, proto=ESMTP, daemon=MTA, relay=gaia.gi.ee [193.40.102.14] *Aug 12 19:53:22 10.32.33.25 sendmail[13327]: r7CNrB6J013327: Milter accept: message *Aug 12 19:53:24 10.32.33.25 clamd[4457]: /var/spool/MailScanner/incoming/13799/r7CNrB6J013327.header: ScamNailer.Phish.info_AT_webmaster.fr.UNOFFICIAL FOUND *Aug 12 19:53:24 10.32.33.25 clamd[4457]: /var/spool/MailScanner/incoming/13799/r7CNrB6J013327.message: ScamNailer.Phish.info_AT_webmaster.fr.UNOFFICIAL FOUND *Aug 12 19:53:24 10.32.33.25 MailScanner[13799]: *Clamd::INFECTED:: ScamNailer.Phish.info_AT_webmaster.fr.UNOFFICIAL* :: ./r7CNrB6J013327/ *Aug 12 19:53:24 10.32.33.25 MailScanner[13799]: Found spam-virus ScamNailer.Phish.info_AT_webmaster.fr.UNOFFICIAL in r7CNrB6J013327 *Aug 12 19:53:24 10.32.33.25 MailScanner[13799]: Found spam-virus ScamNailer.Phish.info_AT_webmaster.fr.UNOFFICIAL in r7CNrB6J013327 *Aug 12 19:53:33 10.32.33.25 MailScanner[13799]: Message r7CNrB6J013327 from 193.40.102.14 (info at webmaster.fr) to usherbrooke.ca is n'est pas un polluriel, SpamAssassin (not cached, score=5.747, requis 6.5, BAYES_50 0.80, DCC_CHECK 1.10, RCVD_IN_BL_SPAMCOP_NET 1.35, RCVD_IN_PSBL 1.00, RCVD_IN_UCE_PFSM_1 1.50) *Aug 12 19:53:34 10.32.33.25 sendmail[13374]: r7CNrB6J013327: to=, delay=00:00:12, xdelay=00:00:00, mailer=smtp, pri=211317, relay=[132.210.6.44] [132.210.6.44], dsn=2.0.0, *stat=Sent* (r7CNrXDo006114 Message accepted for delivery) * Jean-Francois Masson*, Technicien en syst?mes ordin?s /Section Infrastructure des serveurs/ Service des technologies de l'information Universit? de Sherbrooke T?l.: 819 821-8000, poste 61987 Courriel: Jean-Francois.Masson at USherbrooke.ca -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130814/8dd8a473/attachment.html From mark at msapiro.net Wed Aug 14 19:11:25 2013 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 14 Aug 2013 11:11:25 -0700 Subject: update_bad_phishing_sites broken (again) In-Reply-To: References: Message-ID: <520BC84D.7040808@msapiro.net> On 07/29/2013 07:39 AM, Jeff Earickson wrote: > Gang, > > The script MailScanner/bin/update_bad_phishing_sites has been spitting > up errors all weekend: > > (57)> ./update_bad_phishing_sites > Reading status from /var/spool/MailScanner/quarantine/phishingupdate/status > Checking that > /var/spool/MailScanner/quarantine/phishingupdate/cache/2013-164 exists... ok > Checking that > /var/spool/MailScanner/quarantine/phishingupdate/cache/2013-164.52 > exists... ok > Failed to retrieve valid current details > > I tried the following urls: > > http://cdn.mailscanner.info/ > http://mailscanner.eu/ These URLs are both good, but that isn't the problem. This has been broken for some time. Even though it may not die, it doesn't update. The current problem appears to be that there is no DNS TXT record at all for emails.msupdate.greylist.bastionmail.com. See the thread at . The patch at will work around this problem. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From jason at theedes.co.uk Thu Aug 15 12:03:52 2013 From: jason at theedes.co.uk (Jason Ede) Date: Thu, 15 Aug 2013 12:03:52 +0100 Subject: Sign message multiple times Message-ID: <003601ce99a7$20a3b1b0$61eb1510$@theedes.co.uk> I'm trying to get MailScanner to insert a signature multiple times in an email wherever it detects the _SIGNATURE_ tag. However, it seems to only add it once. The scenario is a mail is forwarded multiple times internally and then sent externally and we want all the _SIGNATURE_ bits expanded. I've enabled the multiple html sigs in the config file, but it doesn't seem to be that. Any ideas? I've found the relevant code in message.pm, but my perl isn't great. Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130815/86d79f23/attachment.html From rlopezcnm at gmail.com Fri Aug 16 00:50:09 2013 From: rlopezcnm at gmail.com (Robert Lopez) Date: Thu, 15 Aug 2013 17:50:09 -0600 Subject: emails that attempt to kill mailscanner In-Reply-To: References: Message-ID: Jonathan Horne wrote: > i dont see offhand in the man page what exactly the -U does... can someone point me to where i can read about this switch? man perlrun -- Robert Lopez From stef at aoc-uk.com Fri Aug 16 13:37:03 2013 From: stef at aoc-uk.com (Stef Morrell) Date: Fri, 16 Aug 2013 12:37:03 +0000 Subject: emails that attempt to kill mailscanner {Scanned} In-Reply-To: References: <7F5CCC2656447841A7BDF64811DEA91610C39D03@Bart1.MarineSoftware.EXT> Message-ID: <92665C7597419742B19470DFA3D5BEA246A14C@vonLipwig.aoc-uk.com> On 14 August 2013 11:27 Richard Mealing wrote: > This issue only happens to me when my server is over loaded. Once I gave > it more CPU's and RAM I've not had this problem again. > I find that running spamassassin as daemon and restarting that sometimes > helps. The -U switch didn't do anything for me. I'm using FreeBSD. I get something very similar. For whatever reason MS gets upset with a particular email and requeues it for multiple further attempts at scanning, finally dumping it with a "tried to kill me" error. I've got a process watching the logfile looking for "attempt 4" (whatever the wording is). If it sees that, then it kills MS, clears the processing database and restarts. This will normally cure the problem. This may be due to an obscure bug hiding somewhere in the depths of MS, but it happens so rarely it would be hard to pin down. Certainly the load on the machine is a factor, but that load is dramatically dropped by restarting MS in this circumstance, then doesn't ramp up again when processing the same email queue. In any event, my workaround is very satisfactory for me and removes the headache in my case. Stef From richard at fastnet.co.uk Mon Aug 19 11:43:31 2013 From: richard at fastnet.co.uk (Richard Mealing) Date: Mon, 19 Aug 2013 10:43:31 +0000 Subject: emails that attempt to kill mailscanner {Scanned} In-Reply-To: References: , , , , <7F5CCC2656447841A7BDF64811DEA91610C39D03@Bart1.MarineSoftware.EXT>, <6EE47AF64C339A4F8F7F50507241B3795E9200D9@BTN-EXCHANGE-V1.fastnet.local> Message-ID: <6EE47AF64C339A4F8F7F50507241B3795E9225C3@BTN-EXCHANGE-V1.fastnet.local> Hi Jonathan, Has --debug or --lint shown you anything? Thanks, Rich From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jonathan Horne Sent: 14 August 2013 14:43 To: MailScanner discussion Subject: RE: emails that attempt to kill mailscanner {Scanned} Hi richard, thanks for your reply. personally, i dont have much mail traffic thru my server, i just have my one email domain, and an average day i process about 150 on a heavy day, 120 or so of which will be spam. my server doesnt even hit a 1.0 load average. i did install fail2ban, and i built some pretty effective regex to keep the repeaters from continually sending more spam to my server, but its these strange emails that try to kill mailscanner process that i see every day all day. as i mentioned, they seem to be always high scoring spams anyway, i just wonder if there is malicious code in the emails that i doing this. since my last /var/log/messages turn over, its happened 170 times. thanks, Jonathan ________________________________ From: richard at fastnet.co.uk To: mailscanner at lists.mailscanner.info Subject: RE: emails that attempt to kill mailscanner {Scanned} Date: Wed, 14 Aug 2013 10:27:23 +0000 This issue only happens to me when my server is over loaded. Once I gave it more CPU's and RAM I've not had this problem again. I find that running spamassassin as daemon and restarting that sometimes helps. The -U switch didn't do anything for me. I'm using FreeBSD. You should look at installing fail2ban or RBL's on the MTA and check the server loan / swap information. I do have a lot of mail coming my way, so I might be way off the mark here.. Rich From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Ritchie P. Fraser Sent: 14 August 2013 09:17 To: MailScanner discussion Subject: RE: emails that attempt to kill mailscanner {Scanned} At the end of the first line in /usr/sbin/MailScanner... like so... #!/usr/bin/perl -I/usr/lib/MailScanner -U Ritchie From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: 13 August 2013 19:38 To: MailScanner discussion Subject: Re: emails that attempt to kill mailscanner {Scanned} You need to put the -U at the first line on the MailScanner perl script On Tuesday, 13 August 2013, Jonathan Horne wrote: hmmm, its only some emails, not all of them (and its always emails that i would never accept anyway, high scoring spam). taking a look at hte mailscanner.conf file, i dont see offhand where to add a -U. any tips? jonathan ________________________________ Date: Tue, 13 Aug 2013 17:06:50 +0100 Subject: Re: emails that attempt to kill mailscanner From: maxsec at gmail.com To: mailscanner at lists.mailscanner.info this problem is normally caused by config issues, like not having the -U switch set in the main MailScanner executable. -- Martin Hepworth, CISSP Oxford, UK On 13 August 2013 16:28, Jonathan Horne > wrote: i didnt try it yet... but if i set the number of attempts to 0 what will happen? i would like to just delete these emails immeidately, i dont see a need to retry it after 5 minutes. if 0 is not the right way to accomplish this, what is the correct way to dump emails that attempt to kill the process? thanks, jonathan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- -- Martin Hepworth, CISSP Oxford, UK -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130819/81fbb8f3/attachment.html From noel.butler at ausics.net Mon Aug 19 12:19:53 2013 From: noel.butler at ausics.net (Noel Butler) Date: Mon, 19 Aug 2013 21:19:53 +1000 Subject: update_bad_phishing_sites broken (again) In-Reply-To: <520BC84D.7040808@msapiro.net> References: <520BC84D.7040808@msapiro.net> Message-ID: <1376911193.10645.2.camel@tardis> On Wed, 2013-08-14 at 11:11 -0700, Mark Sapiro wrote: > > This has been broken for some time. Even though it may not die, it > doesn't update. I think its dangerous to use something like this which is not updating, given its purpose, it may be penalising countless hosts that have been cleaned up months ago. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130819/508c36c7/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130819/508c36c7/attachment.bin From maillists at conactive.com Mon Aug 19 13:49:18 2013 From: maillists at conactive.com (Kai Schaetzl) Date: Mon, 19 Aug 2013 14:49:18 +0200 Subject: Required perl modules In-Reply-To: References: <92665C7597419742B19470DFA3D5BEA244914E@vonLipwig.aoc-uk.com> Message-ID: Christopher Meng wrote on Thu, 8 Aug 2013 18:25:51 +0800: > Can it work correctly? Sure. I've been doing this for years. Just install the mailscanner*.rpm. Anything else can be used from the system. Same for SA and clamav. Some modules need to be updated versions than the base system, of course. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From cickumqt at gmail.com Mon Aug 19 15:49:43 2013 From: cickumqt at gmail.com (Christopher Meng) Date: Mon, 19 Aug 2013 22:49:43 +0800 Subject: Required perl modules In-Reply-To: References: <92665C7597419742B19470DFA3D5BEA244914E@vonLipwig.aoc-uk.com> Message-ID: ? 2013-8-19 PM9:33?"Kai Schaetzl" ??? > Sure. I've been doing this for years. Just install the mailscanner*.rpm. > Anything else can be used from the system. Same for SA and clamav. Some > modules need to be updated versions than the base system, of course. Thanks, I'll get ms into Fedora/EPEL soon. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130819/cbbd5cae/attachment.html From christian at tssb.com.my Tue Aug 20 09:42:34 2013 From: christian at tssb.com.my (TSSB Sdn Bhd) Date: Tue, 20 Aug 2013 16:42:34 +0800 Subject: Vacation message issue Message-ID: Dear Sir.Mdm, I have a problem with my auto reply vacation message. 1. I did a test email to someone at company.domain.com 2. I received a vacation message that has MIME on top of my vacation message. 3. How do I remove this MIME message on my auto-reply message. de.com.my>?= MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Language: en Content-Type: text/plain; charset="ISO-8859-1" Thanks & Regards, TSSB Sdn Bhd 35-1, Jalan Tanjung SD 13/2, Bandar Sri Damansara, 52200 Kuala Lumpur. TEL: 603 6276 7910 FAX: 603 6276 0912 EMAIL: hdesk at tssb.com.my -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130820/dc4554ce/attachment.html From rd at vladville.com Sun Aug 25 01:33:51 2013 From: rd at vladville.com (Vlad Mazek) Date: Sat, 24 Aug 2013 20:33:51 -0400 Subject: CMAE Message-ID: Has anybody ran into this issue? We're deploying CMAE with MailScanner Running it through spamassassin --lint -D and MailScanner -debug-sa the test shows up and scores as expected but during actual MailScanner processing it doesnt appear to be scoring the same message(s) that it scored during the test submissions via lin/debug etc. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130824/70e51861/attachment.html From jgao at veecall.com Thu Aug 29 21:35:44 2013 From: jgao at veecall.com (J Gao) Date: Thu, 29 Aug 2013 13:35:44 -0700 Subject: Allow a trusted sender to send any type of file Message-ID: <521FB0A0.8060301@veecall.com> Hi, We have a trusted developer send us binary files from time to time. MailScanner always blocked these file so as administrator I have to retrieve those files manually. How can I allow the email with any type of attachment from this developer to deliver to the recipient? Thanks. Gao -- __ _|==|_ ('')__/ >--(`^^') (`^'^'`) `======' From alex at vidadigital.com.pa Thu Aug 29 23:34:08 2013 From: alex at vidadigital.com.pa (Alex Neuman) Date: Thu, 29 Aug 2013 17:34:08 -0500 Subject: Allow a trusted sender to send any type of file In-Reply-To: <521FB0A0.8060301@veecall.com> References: <521FB0A0.8060301@veecall.com> Message-ID: <521FCC60.4000602@vidadigital.com.pa> On 8/29/2013 3:35 PM, J Gao wrote: > Hi, > > We have a trusted developer send us binary files from time to time. > MailScanner always blocked these file so as administrator I have to > retrieve those files manually. > > How can I allow the email with any type of attachment from this > developer to deliver to the recipient? > > Thanks. > > Gao > You can try "scan messages" using a ruleset that says "no" for e-mails from that user. -- Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ +507-6781-9505 +507-832-6725 +1-440-253-9789 (USA) Follow @AlexNeuman on Twitter http://facebook.com/vidadigital From rlopezcnm at gmail.com Fri Aug 30 19:23:11 2013 From: rlopezcnm at gmail.com (Robert Lopez) Date: Fri, 30 Aug 2013 12:23:11 -0600 Subject: Allow a trusted sender to send any type of file In-Reply-To: <521FB0A0.8060301@veecall.com> References: <521FB0A0.8060301@veecall.com> Message-ID: On Thu, Aug 29, 2013 at 2:35 PM, J Gao wrote: > Hi, > > We have a trusted developer send us binary files from time to time. > MailScanner always blocked these file so as administrator I have to > retrieve those files manually. > > How can I allow the email with any type of attachment from this > developer to deliver to the recipient? > > Thanks. > > Gao > -- > __ > _|==|_ > ('')__/ > >--(`^^') > (`^'^'`) > `======' > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! As Alex stated. Another way is put them in a file. For example... Make certain you have a "rules" directory in your MailScanner directory, probably already have it. In MailScanner.conf:Scan Messages = %rules-dir%/scan.messages.rules You may already have the file in your rules dir (version depending). If not create it and put something like this into it to help you get started: # The purpose of this file is to establish a rule set # to be used to tell MailScanner if an email should be # scanned or not. # # The question is: # "Should an email having this pattern be scanned?" # # An answer of yes causes it to be scanned. # An answer of no causes it to by pass all scanning. # # The line format is "ruleset pattern answer" # # A sample ruleset would look like this: # From: ignore.domain.com no # From: trusted.email.address no # FromOrTo: default yes From: yourtrustedemailaddress.their.domain no -- Robert Lopez