From pparsons at techeez.com  Fri Feb  1 16:18:23 2013
From: pparsons at techeez.com (Philip Parsons)
Date: Fri, 1 Feb 2013 16:18:23 +0000
Subject: Question about whitelists
In-Reply-To: <11D8E491D9562549A61FD3186F36342001B43B0887@exchange.techeez.com>
References: <11D8E491D9562549A61FD3186F36342001B43B0887@exchange.techeez.com>
Message-ID: <11D8E491D9562549A61FD3186F36342001B43B1187@exchange.techeez.com>

Hey List

I am setting up to install MailScanner at a new location and they just dropped on me that they want to add over 20,000 white list emails.  I have never had to do anything that size and wanted to know if anyone else has their list getting to that point ? and how it affects MailScanner if at all ?


Thank you.
Philip Parsons
IT and Telecommunication Specialist
Techeez IT Consulting
250-818-2879
Skype ID: techeez
www.techeez.com<http://www.techeez.com> "Making IT easy"

IMPORTANT NOTICE
This e-mail is confidential, may be legally privileged, and is for the intended recipient only. Access, disclosure, copying and distribution or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and e-mail confirmation to the sender.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130201/ab3b496c/attachment.html 

From alex at vidadigital.com.pa  Fri Feb  1 20:14:55 2013
From: alex at vidadigital.com.pa (Alex Neuman)
Date: Fri, 1 Feb 2013 15:14:55 -0500
Subject: Question about whitelists
In-Reply-To: <11D8E491D9562549A61FD3186F36342001B43B1187@exchange.techeez.com>
References: <11D8E491D9562549A61FD3186F36342001B43B0887@exchange.techeez.com>
	<11D8E491D9562549A61FD3186F36342001B43B1187@exchange.techeez.com>
Message-ID: <CANyE0PpD8XWo9GE46a+_n1AMFHy8m9F1Y5h-L8LizMwwStNCLw@mail.gmail.com>

Sounds like a job for SQL.

On Fri, Feb 1, 2013 at 11:18 AM, Philip Parsons <pparsons at techeez.com>wrote:

>  Hey List****
>
> ** **
>
> I am setting up to install MailScanner at a new location and they just
> dropped on me that they want to add over 20,000 white list emails.  I have
> never had to do anything that size and wanted to know if anyone else has
> their list getting to that point ? and how it affects MailScanner if at all
> ?****
>
> ** **
>
> ** **
>
> Thank you.
> Philip Parsons
> IT and Telecommunication Specialist****
>
> Techeez IT Consulting****
>
> 250-818-2879****
>
> Skype ID: techeez
> www.techeez.com "Making IT easy"****
>
> ** **
>
> IMPORTANT NOTICE
> This e-mail is confidential, may be legally privileged, and is for the
> intended recipient only. Access, disclosure, copying and distribution or
> reliance on any of it by anyone else is prohibited and may be a criminal
> offence. Please delete if obtained in error and e-mail confirmation to the
> sender.****
>
> ** **
>
> ** **
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>


-- 

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother.
A cute graphic saying "save the planet, don't print this" can potentially
create more CO2, not less, so don't bother either.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130201/1558143e/attachment.html 

From terry at graybell.net  Fri Feb  1 20:22:47 2013
From: terry at graybell.net (Terry Hulen Jr)
Date: Fri, 01 Feb 2013 15:22:47 -0500
Subject: Domain Administrator Question
Message-ID: <5a6b9c94920e49c8b6541ed8b3b4a5df@graybell.net>

 

All, 

I have done a lot of searching through the archives and I
have not seen any answers to "[Mailwatch-users] Not filter messages by
domain" on 6-12-2012 or no one else has asked the question. 

I am
running mailwatch 1.1.5.1 and mailScanner-4.84.3-1. What I am trying to
do is allow a domain administrator to log in from the Mailwatch
interface and only see his domain's mail, add white and black list
entries, release messages, and run reports. 

When an account is created
in users as a domain administrator he is able to log in and see the last
50 messages only from his domain. When he clicks on list it says
"Username is not in the correct format to use this utility". When he
clicks on Quarantine the request takes forever (I assume because it is
selecting every message from SQL with his domain name in the To:). When
he clicks on Reports he is able to go through the filter process but
nothing is actually filtered. It continues to show the entire domain's
mail. 

Here is the output of the two tables I thought we were supposed
to use for this type of setup: http://pastebin.com/GZbyA2uW 

Let me
know if anyone else uses this type of function and is working. I could
really use your input on getting this to work. 
-- 

Thank you,

Terry
Hulen Jr
terry at graybell.net

E-mail me for pricing on web and e-mail
hosting. I can also help keeping spam or other unwanted mail from your
inbox. 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130201/c6e319a8/attachment.html 

From mikael at syska.dk  Fri Feb  1 22:08:00 2013
From: mikael at syska.dk (Mikael Syska)
Date: Fri, 1 Feb 2013 23:08:00 +0100
Subject: Domain Administrator Question
In-Reply-To: <5a6b9c94920e49c8b6541ed8b3b4a5df@graybell.net>
References: <5a6b9c94920e49c8b6541ed8b3b4a5df@graybell.net>
Message-ID: <CAJYT2X=4tuynFKK-J3oUMtsufDDbBG_+XsQWrC_bV87vRE7RFg@mail.gmail.com>

Hi,

This seems like the wrong list to that question since its a MW related issue.

I'm not sure a domain name as a login is valid. Try creating a
username like "user at domain.com" and make him domain admin.

I also think that domains his the admin of his able to see. So make
him the owner of the domains.

Hope this helps.

mvh
Mikael Syska

On Fri, Feb 1, 2013 at 9:22 PM, Terry Hulen Jr <terry at graybell.net> wrote:
> All,
>
>
> I have done a lot of searching through the archives and I have not seen any
> answers to "[Mailwatch-users] Not filter messages by domain" on 6-12-2012 or
> no one else has asked the question.
>
>
> I am running mailwatch 1.1.5.1 and mailScanner-4.84.3-1.  What I am trying
> to do is allow a domain administrator to log in from the Mailwatch interface
> and only see his domain's mail, add white and black list entries, release
> messages, and run reports.
>
> When an account is created in users as a domain administrator he is able to
> log in and see the last 50 messages only from his domain.  When he clicks on
> list it says "Username is not in the correct format to use this utility".
> When he clicks on Quarantine the request takes forever (I assume because it
> is selecting every message from SQL with his domain name in the To:).  When
> he clicks on Reports he is able to go through the filter process but nothing
> is actually filtered.  It continues to show the entire domain's mail.
>
>
> Here is the output of the two tables I thought we were supposed to use for
> this type of setup:  http://pastebin.com/GZbyA2uW
>
> Let me know if anyone else uses this type of function and is working.  I
> could really use your input on getting this to work.
>
> --
>
> Thank you,
>
> Terry Hulen Jr
> terry at graybell.net
>
> E-mail me for pricing on web and e-mail hosting.  I can also help keeping
> spam or other unwanted mail from your inbox.
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

From mikael at syska.dk  Fri Feb  1 22:12:41 2013
From: mikael at syska.dk (Mikael Syska)
Date: Fri, 1 Feb 2013 23:12:41 +0100
Subject: Question about whitelists
In-Reply-To: <11D8E491D9562549A61FD3186F36342001B43B1187@exchange.techeez.com>
References: <11D8E491D9562549A61FD3186F36342001B43B0887@exchange.techeez.com>
	<11D8E491D9562549A61FD3186F36342001B43B1187@exchange.techeez.com>
Message-ID: <CAJYT2XkVrXZki+StAEwJ=1n98Kwf4pL3jEo3AuUXSp=SNMYfWw@mail.gmail.com>

Hi,

Since the whitelist table is fairly simple I see no problem in doing
so. Just import them. I think they are loaded up front and them doing
a hash lookup so its quick.

I see no problem in doing it, but its an amazing large list ... I sure
hope they know how it would affect the system, since spam sent from
these addresses would get skiped by MS.

Why even have whitelist unless these 20k addresses sends mails that
contains something that would otherwise get filtered by the spam
scanning engine in MS(SpamAssassin or other rules)

mvh
Mikael Syska

On Fri, Feb 1, 2013 at 5:18 PM, Philip Parsons <pparsons at techeez.com> wrote:
> Hey List
>
>
>
> I am setting up to install MailScanner at a new location and they just
> dropped on me that they want to add over 20,000 white list emails.  I have
> never had to do anything that size and wanted to know if anyone else has
> their list getting to that point ? and how it affects MailScanner if at all
> ?
>
>
>
>
>
> Thank you.
> Philip Parsons
> IT and Telecommunication Specialist
>
> Techeez IT Consulting
>
> 250-818-2879
>
> Skype ID: techeez
> www.techeez.com "Making IT easy"
>
>
>
> IMPORTANT NOTICE
> This e-mail is confidential, may be legally privileged, and is for the
> intended recipient only. Access, disclosure, copying and distribution or
> reliance on any of it by anyone else is prohibited and may be a criminal
> offence. Please delete if obtained in error and e-mail confirmation to the
> sender.
>
>
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

From terry at graybell.net  Sat Feb  2 01:07:54 2013
From: terry at graybell.net (Terry Hulen Jr)
Date: Fri, 01 Feb 2013 20:07:54 -0500
Subject: Domain Administrator Question
In-Reply-To: <CAJYT2X=4tuynFKK-J3oUMtsufDDbBG_+XsQWrC_bV87vRE7RFg@mail.gmail.com>
References: <5a6b9c94920e49c8b6541ed8b3b4a5df@graybell.net>
	<CAJYT2X=4tuynFKK-J3oUMtsufDDbBG_+XsQWrC_bV87vRE7RFg@mail.gmail.com>
Message-ID: <4a611f5d3862f56ea98cf5dd69957bd7@graybell.net>

 

I am sorry, wrong list. That is almost as bad as leaving your
out-of-office reply on a mailing list e-mail. I will move to the
appropriate one. 

On 2013-02-01 17:08, Mikael Syska wrote: 

> Hi,
> 
>
This seems like the wrong list to that question since its a MW related
issue.
> 
> I'm not sure a domain name as a login is valid. Try creating
a
> username like "user at domain.com" and make him domain admin.
> 
> I
also think that domains his the admin of his able to see. So make
> him
the owner of the domains.
> 
> Hope this helps.
> 
> mvh
> Mikael
Syska
> 
> On Fri, Feb 1, 2013 at 9:22 PM, Terry Hulen Jr
<terry at graybell.net> wrote:
> 
>> All, I have done a lot of searching
through the archives and I have not seen any answers to
"[Mailwatch-users] Not filter messages by domain" on 6-12-2012 or no one
else has asked the question. I am running mailwatch 1.1.5.1 and
mailScanner-4.84.3-1. What I am trying to do is allow a domain
administrator to log in from the Mailwatch interface and only see his
domain's mail, add white and black list entries, release messages, and
run reports. When an account is created in users as a domain
administrator he is able to log in and see the last 50 messages only
from his domain. When he clicks on list it says "Username is not in the
correct format to use this utility". When he clicks on Quarantine the
request takes forever (I assume because it is selecting every message
from SQL with his domain name in the To:). When he clicks on Reports he
is able to go through the filter process but nothing is actually
filtered. It continues to show the entire domain's mail. Here is the
output of the two tables I thought we were supposed to use for this type
of setup: http://pastebin.com/GZbyA2uW [1] Let me know if anyone else
uses this type of function and is working. I could really use your input
on getting this to work. -- Thank you, Terry Hulen Jr terry at graybell.net
E-mail me for pricing on web and e-mail hosting. I can also help keeping
spam or other unwanted mail from your inbox. -- MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner [2] Before
posting, read http://wiki.mailscanner.info/posting [3] Support
MailScanner development - buy the book off the website!
> 
> -- 
>
MailScanner mailing list
> mailscanner at lists.mailscanner.info
>
http://lists.mailscanner.info/mailman/listinfo/mailscanner [2]
> 
>
Before posting, read http://wiki.mailscanner.info/posting [3]
> 
>
Support MailScanner development - buy the book off the website!



Links:
------
[1] http://pastebin.com/GZbyA2uW
[2]
http://lists.mailscanner.info/mailman/listinfo/mailscanner
[3]
http://wiki.mailscanner.info/posting
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130201/e0d40838/attachment.html 

From email at ace.net.au  Sat Feb  2 11:34:45 2013
From: email at ace.net.au (Peter Nitschke)
Date: Sat, 02 Feb 2013 22:04:45 +1030
Subject: Question about whitelists
In-Reply-To: <11D8E491D9562549A61FD3186F36342001B43B1187@exchange.techeez.com>
References: <11D8E491D9562549A61FD3186F36342001B43B0887@exchange.techeez.com>
	<11D8E491D9562549A61FD3186F36342001B43B1187@exchange.techeez.com>
Message-ID: <201302022204450546.136B7D5A@web.ace.net.au>

Apart from anything else, the maintenance will be an issue as email
addresses come and go.

Is it possible that it's a large number of users from a smaller number of
domains, and that just while listing domains might work?



*********** REPLY SEPARATOR  ***********

On 1/02/2013 at 4:18 PM Philip Parsons wrote:

>Hey List
>
>I am setting up to install MailScanner at a new location and they just
>dropped on me that they want to add over 20,000 white list emails.  I have
>never had to do anything that size and wanted to know if anyone else has
>their list getting to that point ? and how it affects MailScanner if at
>all ?
>
>
>Thank you.
>Philip Parsons
>IT and Telecommunication Specialist
>Techeez IT Consulting
>250-818-2879
>Skype ID: techeez
>www.techeez.com<http://www.techeez.com> "Making IT easy"
>
>IMPORTANT NOTICE
>This e-mail is confidential, may be legally privileged, and is for the
>intended recipient only. Access, disclosure, copying and distribution or
>reliance on any of it by anyone else is prohibited and may be a criminal
>offence. Please delete if obtained in error and e-mail confirmation to the
>sender.
>
>
>
>-- 
>MailScanner mailing list
>mailscanner at lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>Before posting, read http://wiki.mailscanner.info/posting
>
>Support MailScanner development - buy the book off the website!




From admin at lctn.org  Mon Feb  4 17:16:48 2013
From: admin at lctn.org (Raymond Norton)
Date: Mon, 04 Feb 2013 11:16:48 -0600
Subject: Help with init.d scrip (Ubuntu)
Message-ID: <510FED00.9010404@lctn.org>



I'm setting up a new relay scanner with MailScanner v4.84.5. I'm using 
an init script from a tutorial, but it is erring out . Although 
Mailscanner is already running I get the following err when attempting 
to restart:

/etc/init.d/mailscanner restart
  * Restarting mail spam/virus scanner MailScanner              No 
MailScanner found running; none killed.
Can't set GID 119 at /opt/MailScanner/bin/MailScanner line 1541.


Any idea what I should be looking for to fix this.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130204/c4c93d8f/attachment.html 

From mailscanner at joolee.nl  Mon Feb  4 18:04:33 2013
From: mailscanner at joolee.nl (Joolee)
Date: Mon, 4 Feb 2013 19:04:33 +0100
Subject: Help with init.d scrip (Ubuntu)
In-Reply-To: <510FED00.9010404@lctn.org>
References: <510FED00.9010404@lctn.org>
Message-ID: <CA+Q-w8UR6j8UymL72LT=jQN_21id+Ocr7sFashpR_F49VLOuWA@mail.gmail.com>

The error is not with the init script but with the Mailscanner
configuration. It is set to change the group running Mailscanner to one
with id 119 but Mailscanner is not able to do it. It could be you are
calling the init script with an account that doesn't have enough
permissions or the group just doesn't exist.

*I'm not a Linux expert so I can be wrong about this :P

On 4 February 2013 18:16, Raymond Norton <admin at lctn.org> wrote:

> **
>
>
> I'm setting up a new relay scanner with MailScanner v4.84.5. I'm using an
> init script from a tutorial, but it is erring out . Although Mailscanner is
> already running I get the following err when attempting to restart:
>
> /etc/init.d/mailscanner restart
>  * Restarting mail spam/virus scanner MailScanner              No
> MailScanner found running; none killed.
> Can't set GID 119 at /opt/MailScanner/bin/MailScanner line 1541.
>
>
> Any idea what I should be looking for to fix this.
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130204/28d9ddeb/attachment.html 

From admin at lctn.org  Mon Feb  4 18:52:01 2013
From: admin at lctn.org (Raymond Norton)
Date: Mon, 04 Feb 2013 12:52:01 -0600
Subject: Help with init.d scrip (Ubuntu)
In-Reply-To: <CA+Q-w8UR6j8UymL72LT=jQN_21id+Ocr7sFashpR_F49VLOuWA@mail.gmail.com>
References: <510FED00.9010404@lctn.org>
	<CA+Q-w8UR6j8UymL72LT=jQN_21id+Ocr7sFashpR_F49VLOuWA@mail.gmail.com>
Message-ID: <51100351.70007@lctn.org>

You are correct about the error. If I change the group from Debian-exim 
to root, the init script works. Obviously, I don't want to run a 
production server this way. What do I need to change so it will work 
with Run As Group= Debian-exim?




On 02/04/2013 12:04 PM, Joolee wrote:
> The error is not with the init script but with the Mailscanner 
> configuration. It is set to change the group running Mailscanner to 
> one with id 119 but Mailscanner is not able to do it. It could be you 
> are calling the init script with an account that doesn't have enough 
> permissions or the group just doesn't exist.
>
> *I'm not a Linux expert so I can be wrong about this :P
>
> On 4 February 2013 18:16, Raymond Norton <admin at lctn.org 
> <mailto:admin at lctn.org>> wrote:
>
>
>
>     I'm setting up a new relay scanner with MailScanner v4.84.5. I'm
>     using an init script from a tutorial, but it is erring out .
>     Although Mailscanner is already running I get the following err
>     when attempting to restart:
>
>     /etc/init.d/mailscanner restart
>      * Restarting mail spam/virus scanner MailScanner              No
>     MailScanner found running; none killed.
>     Can't set GID 119 at /opt/MailScanner/bin/MailScanner line 1541.
>
>
>     Any idea what I should be looking for to fix this.
>
>     --
>     MailScanner mailing list
>     mailscanner at lists.mailscanner.info
>     <mailto:mailscanner at lists.mailscanner.info>
>     http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>     Before posting, read http://wiki.mailscanner.info/posting
>
>     Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130204/faf629cd/attachment.html 

From sbanderson at impromed.com  Mon Feb  4 19:46:08 2013
From: sbanderson at impromed.com (Scott B. Anderson)
Date: Mon, 4 Feb 2013 19:46:08 +0000
Subject: Help with init.d scrip (Ubuntu)
In-Reply-To: <51100351.70007@lctn.org>
References: <510FED00.9010404@lctn.org>
	<CA+Q-w8UR6j8UymL72LT=jQN_21id+Ocr7sFashpR_F49VLOuWA@mail.gmail.com>
	<51100351.70007@lctn.org>
Message-ID: <7D95F4DE708E0948892128F41A2507385EF389F7@es3.impromed.com>

I found that sendmail on Ubuntu (I'm running 12.10) at least uses a nonstandard config file.  /etc/mail/sendmail.conf  (not the sendmail.mc / sendmail.cf file mind you) that contains the command line args for sendmail that the default sendmail init.d script will call.  So in my case, adding -bd -OprivacyOptions=noetrn -ODeliveryMode=queueonly =OQueueDirectory=/var/spool/mqueue.in to the DAEMON_PARMS line in the sendmail.conf file fixed 90% of it.  Then I had to fix permisisons like you, I don't mind sticky bitting the files as root as long as the mail processes aren't running as root, so I got a bit lazy.  If you figure out how to change the user / file perms correctly, let me know, I'd rather do it correctly.

Scott


-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Raymond Norton
Sent: Monday, February 04, 2013 12:52 PM
To: mailscanner at lists.mailscanner.info
Subject: Re: Help with init.d scrip (Ubuntu)

You are correct about the error. If I change the group from Debian-exim to root, the init script works. Obviously, I don't want to run a production server this way. What do I need to change so it will work with Run As Group= Debian-exim?




On 02/04/2013 12:04 PM, Joolee wrote:
> The error is not with the init script but with the Mailscanner
> configuration. It is set to change the group running Mailscanner to
> one with id 119 but Mailscanner is not able to do it. It could be you
> are calling the init script with an account that doesn't have enough
> permissions or the group just doesn't exist.
>
> *I'm not a Linux expert so I can be wrong about this :P
>
> On 4 February 2013 18:16, Raymond Norton <admin at lctn.org
> <mailto:admin at lctn.org>> wrote:
>
>
>
>     I'm setting up a new relay scanner with MailScanner v4.84.5. I'm
>     using an init script from a tutorial, but it is erring out .
>     Although Mailscanner is already running I get the following err
>     when attempting to restart:
>
>     /etc/init.d/mailscanner restart
>      * Restarting mail spam/virus scanner MailScanner              No
>     MailScanner found running; none killed.
>     Can't set GID 119 at /opt/MailScanner/bin/MailScanner line 1541.
>
>
>     Any idea what I should be looking for to fix this.
>
>     --
>     MailScanner mailing list
>     mailscanner at lists.mailscanner.info
>     <mailto:mailscanner at lists.mailscanner.info>
>     http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>     Before posting, read http://wiki.mailscanner.info/posting
>
>     Support MailScanner development - buy the book off the website!
>
>
...

-- 
ImproMed LLC
--


From admin at lctn.org  Mon Feb  4 22:19:23 2013
From: admin at lctn.org (Raymond Norton)
Date: Mon, 04 Feb 2013 16:19:23 -0600
Subject: exim permissions
Message-ID: <511033EB.60401@lctn.org>

Trouble shooting an install (MailScanner 4.84.5 exim 4.77 and baruwa on 
Ubuntu 12.0.4).

Are the proper owners for the following folders to be set to 
Debian-exim.Debian.exim?

Incoming Queue Dir = /var/spool/exim.in/input
Outgoing Queue Dir = /var/spool/exim/input

I see documentation indicating this for exim.in/input, but not finding 
info on /exim/input

From aberndt at studio-hamburg.de  Tue Feb  5 17:13:48 2013
From: aberndt at studio-hamburg.de (Berndt, Achim)
Date: Tue, 5 Feb 2013 17:13:48 +0000
Subject: winmail.dat problem in version 4.84.5
Message-ID: <A442BE4F5F31CA449604DD9493743240320A56@EX11.extern.studio-hamburg.de>

Hello,

we made last week an update of our mail-gateways. We have now the OS-Version openSUSE12.2 and the
MailScanner-Version 4.84.5 (from 4.81.4). Unfortunately there is now a problem with scanning of winmail.dat
attachments?! If there is a mail with 2 recipients and a winmail.dat attachment, MailScanner split the mail
and try to scan it two times. The first scan is successfull, but the second one not?! Do you have an explanation
for the problem?

Mail-Log:
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3G032743: from=<alex at bdo.de<mailto:alex at bdo.de>>, size=274800, class=0, nrcpts=1, msgid=<86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de<mailto:86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de>>, proto=ESMTP, daemon=MTA, relay=mx01.bdo.de [194.76.208.111]
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3G032743: to=<peter at studio-hamburg.de<mailto:peter at studio-hamburg.de>>, delay=00:00:01, mailer=esmtp, pri=304800, stat=queued
Feb  4 16:12:14 mxi2 MailScanner[26355]: New Batch: Scanning 1 messages, 275339 bytes
Feb  4 16:12:14 mxi2 MailScanner[26355]: Virus and Content Scanning: Starting
Feb  4 16:12:14 mxi2 MailScanner[26355]: Message r14FCB3G032743 from 194.76.208.111 (alex at bdo.de<mailto:alex at bdo.de>) to studio-hamburg.de is too big for spam checks (275339 > 200000 bytes)
Feb  4 16:12:14 mxi2 MailScanner[26355]: Uninfected: Delivered 1 messages
Feb  4 16:12:14 mxi2 MailScanner[26355]: Deleted 1 messages from processing-database
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3H032743: from=<alex at bdo.de<mailto:alex at bdo.de>>, size=282469, class=0, nrcpts=1, msgid=<86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de<mailto:86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de>>, proto=ESMTP, daemon=MTA, relay=mx01.bdo.de [194.76.208.111]
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3H032743: to=<waller at studio-hamburg.de<mailto:waller at studio-hamburg.de>>, delay=00:00:00, mailer=esmtp, pri=312469, stat=queued
Feb  4 16:12:15 mxi2 MailScanner[26300]: New Batch: Scanning 1 messages, 283011 bytes
Feb  4 16:12:15 mxi2 MailScanner[26300]: Expanding TNEF archive at /var/spool/MailScanner/incoming/26300/r14FCB3H032743/winmail.dat
Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat in message r14FCB3H032743, could not create subdirectory r14FCB3H032743//tnefgKmhWJ, failed to unpack TNEF message
Feb  4 16:12:15 mxi2 MailScanner[26300]: Corrupt TNEF winmail.dat that cannot be analysed in message r14FCB3H032743
Feb  4 16:12:15 mxi2 MailScanner[26300]: Virus and Content Scanning: Starting
Feb  4 16:12:15 mxi2 MailScanner[26300]: Message r14FCB3H032743 from 194.76.208.111 (alex at bdo.de<mailto:alex at bdo.de>) to studio-hamburg.de is too big for spam checks (283011 > 200000 bytes)
Feb  4 16:12:15 mxi2 MailScanner[26300]: Cleaned: Delivered 1 cleaned messages

Regards
Achim

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130205/09c44717/attachment.html 

From Denis.Beauchemin at usherbrooke.ca  Tue Feb  5 19:24:44 2013
From: Denis.Beauchemin at usherbrooke.ca (Denis Beauchemin)
Date: Tue, 5 Feb 2013 19:24:44 +0000
Subject: MailScanner RPM
Message-ID: <E4CD9F6A1A6FF745BCABA56BBD1008D574C9F04C@XMBX03.sti.usherbrooke.ca>

Hello all,

I need to install a new MS host. Last time I did this I used Julian's mailscanner.info site to get the latest stable RedHat rpm tarball. Now I think it has moved somewhere else. Could someone point me in the right direction? I've looked at github.com but what I see in the "Files" box seems to be what Julian put there more than a year ago.

Thanks for your help.

Denis


From rlopezcnm at gmail.com  Tue Feb  5 19:42:51 2013
From: rlopezcnm at gmail.com (Robert Lopez)
Date: Tue, 5 Feb 2013 12:42:51 -0700
Subject: Email to Scamnailer failing...
Message-ID: <CAAJHbAqFKuit7hhwjwUvj0ccZ+gaDGcUSuq6rxYZFdjScXgCzw@mail.gmail.com>

I am having difficulty sending email to scamnailer at ecs.soton.ac.uk.
The email has to do with false matches of names to existing entries in the
scamnailer files that are down loaded every day.  This is the fail to
deliver information:


Delivery to the following recipient failed permanently:

     scamnailer at ecs.soton.ac.uk

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for
the recipient domain ecs.soton.ac.uk by mx2.ecs.soton.ac.uk.
[2001:630:d0:f102::25c].

The error that the other server returned was:
550 5.7.1 message p14J7S2332024782LP is INFECTED with ScamNailer.Phish.
arademachernee_AT_cnm.edu.UNOFFICIAL  #208 (p14J7S233202478200)



That name arademachernee was one of four names in the body of my email.


-- 
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130205/23536c32/attachment.html 

From alex at vidadigital.com.pa  Tue Feb  5 19:50:02 2013
From: alex at vidadigital.com.pa (Alex Neuman)
Date: Tue, 5 Feb 2013 14:50:02 -0500
Subject: winmail.dat problem in version 4.84.5
In-Reply-To: <A442BE4F5F31CA449604DD9493743240320A56@EX11.extern.studio-hamburg.de>
References: <A442BE4F5F31CA449604DD9493743240320A56@EX11.extern.studio-hamburg.de>
Message-ID: <CANyE0Po=2WDvSQSyNTVUH-7hSO9uSd=E7T0AmrcRAOVb=jvJmA@mail.gmail.com>

Splitting mail is something you have to *do things* for it to happen. If
you undo the changes you made to split the e-mails (how to do this depends
on which MTA you're using, I'm assuming sendmail from the logs), you should
be able to avoid the problem.

Do you know why splitting e-mails to multiple recipients was needed in the
first place? Did whoever installed this prior to you taking over document
it? The procedure is detailed here:

http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:split_mails_per_recipient

You can also try changing which method you use to process winmail.dat
files, or not to process them at all. The risk is minimal. Check your
mailscanner.conf settings, there is more information in the comments.

On Tue, Feb 5, 2013 at 12:13 PM, Berndt, Achim <aberndt at studio-hamburg.de>wrote:

>  Hello,****
>
> ** **
>
> we made last week an update of our mail-gateways. We have now the
> OS-Version openSUSE12.2 and the****
>
> MailScanner-Version 4.84.5 (from 4.81.4). Unfortunately there is now a
> problem with scanning of winmail.dat****
>
> attachments?! If there is a mail with 2 recipients and a winmail.dat
> attachment, MailScanner split the mail****
>
> and try to scan it two times. The first scan is successfull, but the
> second one not?! Do you have an explanation****
>
> for the problem?****
>
> ** **
>
> Mail-Log:****
>
> Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3G032743: from=<alex at bdo.de>,
> size=274800, class=0, nrcpts=1, msgid=<
> 86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de>,
> proto=ESMTP, daemon=MTA, relay=mx01.bdo.de [194.76.208.111]****
>
> Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3G032743: to=<
> peter at studio-hamburg.de>, delay=00:00:01, mailer=esmtp, pri=304800,
> stat=queued****
>
> Feb  4 16:12:14 mxi2 MailScanner[26355]: New Batch: Scanning 1 messages,
> 275339 bytes****
>
> Feb  4 16:12:14 mxi2 MailScanner[26355]: Virus and Content Scanning:
> Starting****
>
> Feb  4 16:12:14 mxi2 MailScanner[26355]: Message r14FCB3G032743 from
> 194.76.208.111 (alex at bdo.de) to studio-hamburg.de is too big for spam
> checks (275339 > 200000 bytes)****
>
> Feb  4 16:12:14 mxi2 MailScanner[26355]: Uninfected: Delivered 1 messages*
> ***
>
> Feb  4 16:12:14 mxi2 MailScanner[26355]: Deleted 1 messages from
> processing-database****
>
> Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3H032743: from=<alex at bdo.de>,
> size=282469, class=0, nrcpts=1, msgid=<
> 86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de>,
> proto=ESMTP, daemon=MTA, relay=mx01.bdo.de [194.76.208.111]****
>
> Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3H032743: to=<
> waller at studio-hamburg.de>, delay=00:00:00, mailer=esmtp, pri=312469,
> stat=queued****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: New Batch: Scanning 1 messages,
> 283011 bytes****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Expanding TNEF archive at
> /var/spool/MailScanner/incoming/26300/r14FCB3H032743/winmail.dat****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat in
> message r14FCB3H032743, could not create subdirectory
> r14FCB3H032743//tnefgKmhWJ, failed to unpack TNEF message****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Corrupt TNEF winmail.dat that
> cannot be analysed in message r14FCB3H032743****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Virus and Content Scanning:
> Starting****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Message r14FCB3H032743 from
> 194.76.208.111 (alex at bdo.de) to studio-hamburg.de is too big for spam
> checks (283011 > 200000 bytes)****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Cleaned: Delivered 1 cleaned
> messages****
>
> ** **
>
> Regards****
>
> Achim****
>
> ** **
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>


-- 

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother.
A cute graphic saying "save the planet, don't print this" can potentially
create more CO2, not less, so don't bother either.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130205/cab7402e/attachment.html 

From alex at vidadigital.com.pa  Tue Feb  5 20:36:07 2013
From: alex at vidadigital.com.pa (Alex Neuman)
Date: Tue, 5 Feb 2013 15:36:07 -0500
Subject: MailScanner RPM
In-Reply-To: <E4CD9F6A1A6FF745BCABA56BBD1008D574C9F04C@XMBX03.sti.usherbrooke.ca>
References: <E4CD9F6A1A6FF745BCABA56BBD1008D574C9F04C@XMBX03.sti.usherbrooke.ca>
Message-ID: <CANyE0PqdmAdJ+6vhb0mOAx=GFSLGqOZ15B1osBpHnP6_RgEbrg@mail.gmail.com>

Version 4.84.5-3 for RedHat, CentOS, and Fedora Linux (and other RPM-based
Linux distributions)<http://mailscanner.info/files/4/rpm/MailScanner-4.84.5-3.rpm.tar.gz>

On Tue, Feb 5, 2013 at 2:24 PM, Denis Beauchemin <
Denis.Beauchemin at usherbrooke.ca> wrote:

> Hello all,
>
> I need to install a new MS host. Last time I did this I used Julian's
> mailscanner.info site to get the latest stable RedHat rpm tarball. Now I
> think it has moved somewhere else. Could someone point me in the right
> direction? I've looked at github.com but what I see in the "Files" box
> seems to be what Julian put there more than a year ago.
>
> Thanks for your help.
>
> Denis
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



-- 

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother.
A cute graphic saying "save the planet, don't print this" can potentially
create more CO2, not less, so don't bother either.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130205/febd49d8/attachment.html 

From mailborder at gmail.com  Tue Feb  5 23:00:29 2013
From: mailborder at gmail.com (Mailborder at Gmail)
Date: Wed, 6 Feb 2013 00:00:29 +0100
Subject: MailScanner RPM
In-Reply-To: <E4CD9F6A1A6FF745BCABA56BBD1008D574C9F04C@XMBX03.sti.usherbrooke.ca>
References: <E4CD9F6A1A6FF745BCABA56BBD1008D574C9F04C@XMBX03.sti.usherbrooke.ca>
Message-ID: <CANK23U3b_mpTWDjCH-gbdsbYLfsKBuurMEy9kF5D_NNzvoCHRQ@mail.gmail.com>

http://www.mailscanner.info/files/4/rpm/MailScanner-4.84.5-3.rpm.tar.gz


On Tue, Feb 5, 2013 at 8:24 PM, Denis Beauchemin <
Denis.Beauchemin at usherbrooke.ca> wrote:

> Hello all,
>
> I need to install a new MS host. Last time I did this I used Julian's
> mailscanner.info site to get the latest stable RedHat rpm tarball. Now I
> think it has moved somewhere else. Could someone point me in the right
> direction? I've looked at github.com but what I see in the "Files" box
> seems to be what Julian put there more than a year ago.
>
> Thanks for your help.
>
> Denis
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130206/291b83ce/attachment.html 

From aberndt at studio-hamburg.de  Wed Feb  6 07:29:41 2013
From: aberndt at studio-hamburg.de (Berndt, Achim)
Date: Wed, 6 Feb 2013 07:29:41 +0000
Subject: AW: winmail.dat problem in version 4.84.5
In-Reply-To: <CANyE0Po=2WDvSQSyNTVUH-7hSO9uSd=E7T0AmrcRAOVb=jvJmA@mail.gmail.com>
References: <A442BE4F5F31CA449604DD9493743240320A56@EX11.extern.studio-hamburg.de>
	<CANyE0Po=2WDvSQSyNTVUH-7hSO9uSd=E7T0AmrcRAOVb=jvJmA@mail.gmail.com>
Message-ID: <A442BE4F5F31CA449604DD949374324032288D@EX11.extern.studio-hamburg.de>

Hi Alex,

thanks for your answer.
Splitting of the mails is not the problem, because there are the same failures with single-recipient mails also.
MailScanner can't create a sub-directory sometimes, but I don't know why?!
Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat in message r14FCB3H032743, could not create subdirectory r14FCB3H032743//tnefgKmhWJ, failed to unpack TNEF message
Is the option "not to scan winmail.dat files" really an option?

Regards
Achim

Von: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] Im Auftrag von Alex Neuman
Gesendet: Dienstag, 5. Februar 2013 20:50
An: MailScanner discussion
Betreff: Re: winmail.dat problem in version 4.84.5

Splitting mail is something you have to *do things* for it to happen. If you undo the changes you made to split the e-mails (how to do this depends on which MTA you're using, I'm assuming sendmail from the logs), you should be able to avoid the problem.

Do you know why splitting e-mails to multiple recipients was needed in the first place? Did whoever installed this prior to you taking over document it? The procedure is detailed here:

http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:split_mails_per_recipient

You can also try changing which method you use to process winmail.dat files, or not to process them at all. The risk is minimal. Check your mailscanner.conf settings, there is more information in the comments.
On Tue, Feb 5, 2013 at 12:13 PM, Berndt, Achim <aberndt at studio-hamburg.de<mailto:aberndt at studio-hamburg.de>> wrote:
Hello,

we made last week an update of our mail-gateways. We have now the OS-Version openSUSE12.2 and the
MailScanner-Version 4.84.5 (from 4.81.4). Unfortunately there is now a problem with scanning of winmail.dat
attachments?! If there is a mail with 2 recipients and a winmail.dat attachment, MailScanner split the mail
and try to scan it two times. The first scan is successfull, but the second one not?! Do you have an explanation
for the problem?

Mail-Log:
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3G032743: from=<alex at bdo.de<mailto:alex at bdo.de>>, size=274800, class=0, nrcpts=1, msgid=<86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de<mailto:86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de>>, proto=ESMTP, daemon=MTA, relay=mx01.bdo.de<http://mx01.bdo.de> [194.76.208.111<tel:%5B194.76.208.111>]
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3G032743: to=<peter at studio-hamburg.de<mailto:peter at studio-hamburg.de>>, delay=00:00:01, mailer=esmtp, pri=304800, stat=queued
Feb  4 16:12:14 mxi2 MailScanner[26355]: New Batch: Scanning 1 messages, 275339 bytes
Feb  4 16:12:14 mxi2 MailScanner[26355]: Virus and Content Scanning: Starting
Feb  4 16:12:14 mxi2 MailScanner[26355]: Message r14FCB3G032743 from 194.76.208.111 (alex at bdo.de<mailto:alex at bdo.de>) to studio-hamburg.de<http://studio-hamburg.de> is too big for spam checks (275339 > 200000 bytes)
Feb  4 16:12:14 mxi2 MailScanner[26355]: Uninfected: Delivered 1 messages
Feb  4 16:12:14 mxi2 MailScanner[26355]: Deleted 1 messages from processing-database
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3H032743: from=<alex at bdo.de<mailto:alex at bdo.de>>, size=282469, class=0, nrcpts=1, msgid=<86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de<mailto:86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de>>, proto=ESMTP, daemon=MTA, relay=mx01.bdo.de<http://mx01.bdo.de> [194.76.208.111<tel:%5B194.76.208.111>]
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3H032743: to=<waller at studio-hamburg.de<mailto:waller at studio-hamburg.de>>, delay=00:00:00, mailer=esmtp, pri=312469, stat=queued
Feb  4 16:12:15 mxi2 MailScanner[26300]: New Batch: Scanning 1 messages, 283011 bytes
Feb  4 16:12:15 mxi2 MailScanner[26300]: Expanding TNEF archive at /var/spool/MailScanner/incoming/26300/r14FCB3H032743/winmail.dat
Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat in message r14FCB3H032743, could not create subdirectory r14FCB3H032743//tnefgKmhWJ, failed to unpack TNEF message
Feb  4 16:12:15 mxi2 MailScanner[26300]: Corrupt TNEF winmail.dat that cannot be analysed in message r14FCB3H032743
Feb  4 16:12:15 mxi2 MailScanner[26300]: Virus and Content Scanning: Starting
Feb  4 16:12:15 mxi2 MailScanner[26300]: Message r14FCB3H032743 from 194.76.208.111 (alex at bdo.de<mailto:alex at bdo.de>) to studio-hamburg.de<http://studio-hamburg.de> is too big for spam checks (283011 > 200000 bytes)
Feb  4 16:12:15 mxi2 MailScanner[26300]: Cleaned: Delivered 1 cleaned messages

Regards
Achim


--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!



--

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130206/e08925ff/attachment.html 

From andrew at topdog.za.net  Wed Feb  6 08:04:15 2013
From: andrew at topdog.za.net (Andrew Colin Kissa)
Date: Wed, 6 Feb 2013 10:04:15 +0200
Subject: winmail.dat problem in version 4.84.5
In-Reply-To: <A442BE4F5F31CA449604DD949374324032288D@EX11.extern.studio-hamburg.de>
References: <A442BE4F5F31CA449604DD9493743240320A56@EX11.extern.studio-hamburg.de>
	<CANyE0Po=2WDvSQSyNTVUH-7hSO9uSd=E7T0AmrcRAOVb=jvJmA@mail.gmail.com>
	<A442BE4F5F31CA449604DD949374324032288D@EX11.extern.studio-hamburg.de>
Message-ID: <AC26A0CF-D8F9-42C7-83F0-2A854F3A64A1@topdog.za.net>

Hi Achim,

On 06 Feb 2013, at 9:29 AM, Berndt, Achim wrote:

> thanks for your answer.
> Splitting of the mails is not the problem, because there are the same failures with single-recipient mails also.
> MailScanner can?t create a sub-directory sometimes, but I don?t know why?!
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat in message r14FCB3H032743, could not create subdirectory r14FCB3H032743//tnefgKmhWJ, failed to unpack TNEF message
> Is the option ?not to scan winmail.dat files? really an option?

The is a bug files for this at the moment, will try and look at it this weekend.

- Andrew

--
www.baruwa.org




From aberndt at studio-hamburg.de  Wed Feb  6 09:01:52 2013
From: aberndt at studio-hamburg.de (Berndt, Achim)
Date: Wed, 6 Feb 2013 09:01:52 +0000
Subject: AW: winmail.dat problem in version 4.84.5
In-Reply-To: <AC26A0CF-D8F9-42C7-83F0-2A854F3A64A1@topdog.za.net>
References: <A442BE4F5F31CA449604DD9493743240320A56@EX11.extern.studio-hamburg.de>
	<CANyE0Po=2WDvSQSyNTVUH-7hSO9uSd=E7T0AmrcRAOVb=jvJmA@mail.gmail.com>
	<A442BE4F5F31CA449604DD949374324032288D@EX11.extern.studio-hamburg.de>
	<AC26A0CF-D8F9-42C7-83F0-2A854F3A64A1@topdog.za.net>
Message-ID: <A442BE4F5F31CA449604DD949374324032290B@EX11.extern.studio-hamburg.de>

...thanks for the info.

-----Urspr?ngliche Nachricht-----
Von: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] Im Auftrag von Andrew Colin Kissa
Gesendet: Mittwoch, 6. Februar 2013 09:04
An: MailScanner discussion
Betreff: Re: winmail.dat problem in version 4.84.5

Hi Achim,

On 06 Feb 2013, at 9:29 AM, Berndt, Achim wrote:

> thanks for your answer.
> Splitting of the mails is not the problem, because there are the same failures with single-recipient mails also.
> MailScanner can't create a sub-directory sometimes, but I don't know why?!
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat 
> in message r14FCB3H032743, could not create subdirectory r14FCB3H032743//tnefgKmhWJ, failed to unpack TNEF message Is the option "not to scan winmail.dat files" really an option?

The is a bug files for this at the moment, will try and look at it this weekend.

- Andrew

--
www.baruwa.org



--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

From w.halsall at farn-ct.ac.uk  Wed Feb  6 09:28:39 2013
From: w.halsall at farn-ct.ac.uk (Will Halsall)
Date: Wed, 6 Feb 2013 09:28:39 +0000
Subject: winmail.dat problem in version 4.84.5
In-Reply-To: <A442BE4F5F31CA449604DD949374324032290B@EX11.extern.studio-hamburg.de>
References: <A442BE4F5F31CA449604DD9493743240320A56@EX11.extern.studio-hamburg.de>
	<CANyE0Po=2WDvSQSyNTVUH-7hSO9uSd=E7T0AmrcRAOVb=jvJmA@mail.gmail.com>
	<A442BE4F5F31CA449604DD949374324032288D@EX11.extern.studio-hamburg.de>
	<AC26A0CF-D8F9-42C7-83F0-2A854F3A64A1@topdog.za.net>
	<A442BE4F5F31CA449604DD949374324032290B@EX11.extern.studio-hamburg.de>
Message-ID: <2F8E61E3CE7E414D8D7F243C8EE0AC4F546241DE@Exchange.college.farnborough>

Try

http://lists.mailscanner.info/pipermail/mailscanner/2012-February/099131.html


I installed this patch and everything has been Ok since

TTFN


WillH

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Berndt, Achim
Sent: 06 February 2013 09:02
To: MailScanner discussion
Subject: AW: winmail.dat problem in version 4.84.5

...thanks for the info.

-----Urspr?ngliche Nachricht-----
Von: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] Im Auftrag von Andrew Colin Kissa
Gesendet: Mittwoch, 6. Februar 2013 09:04
An: MailScanner discussion
Betreff: Re: winmail.dat problem in version 4.84.5

Hi Achim,

On 06 Feb 2013, at 9:29 AM, Berndt, Achim wrote:

> thanks for your answer.
> Splitting of the mails is not the problem, because there are the same failures with single-recipient mails also.
> MailScanner can't create a sub-directory sometimes, but I don't know why?!
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat 
> in message r14FCB3H032743, could not create subdirectory r14FCB3H032743//tnefgKmhWJ, failed to unpack TNEF message Is the option "not to scan winmail.dat files" really an option?

The is a bug files for this at the moment, will try and look at it this weekend.

- Andrew

--
www.baruwa.org



--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 




**********************************************************************
This message is intended only for the use of the person(s) to
whom it is addressed, and may contain privileged and confidential information.
If it has come to you in error, please contact the sender as soon as possible,
and note that you must take no action based on the content, nor must you copy,
distribute, or show the content to any other person.


In accordance with its legal obligations, Farnborough College of
Technology reserves the right to monitor the content of e-mails sent and
received, but will not do so routinely.
**********************************************************************

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.


From richard.coombe at taffhousing.co.uk  Wed Feb  6 13:33:50 2013
From: richard.coombe at taffhousing.co.uk (Richard Coombe)
Date: Wed, 6 Feb 2013 13:33:50 +0000
Subject: winmail.dat problem in version 4.84.5 (
Message-ID: <0427164E24A7BE458A5A26E2F4EA73572DAE3613@taff-mail2.taffhousing.local>

From: Will Halsall <w.halsall at farn-ct.ac.uk> Date: Wed, 6 Feb 2013 09:28:39 +0000

> Try
>
> http://lists.mailscanner.info/pipermail/mailscanner/2012-February/099131.html
>
>
> I installed this patch and everything has been Ok since

I had exactly the same problem (2 recipients; one gets attachment, the other gets winmail.dat).

The above patch solved it for me too.

Richard

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Berndt, Achim
Sent: 06 February 2013 09:02
To: MailScanner discussion
Subject: AW: winmail.dat problem in version 4.84.5

...thanks for the info.

-----Urspr?ngliche Nachricht-----
Von: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] Im Auftrag von Andrew Colin Kissa
Gesendet: Mittwoch, 6. Februar 2013 09:04
An: MailScanner discussion
Betreff: Re: winmail.dat problem in version 4.84.5

Hi Achim,

On 06 Feb 2013, at 9:29 AM, Berndt, Achim wrote:

> thanks for your answer.
> Splitting of the mails is not the problem, because there are the same failures with single-recipient mails also.
> MailScanner can't create a sub-directory sometimes, but I don't know why?!
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat

IT Manager

Cyfeiriad       Address Alexandra House
307-315 Cowbridge Road East
Cardiff
CF5 1JD
Ffon    Phone   02920259182
07966807318
Ffacs   Fax     02920259199
Safle We        Web     [http://www.taffhousing.co.uk/sites/default/files/taff/twitter.jpg] <http://www.twitter.com/taffhousing>   [http://www.taffhousing.co.uk/sites/default/files/taff/fb.gif] <www.facebook.com/taffhousing>   [http://www.taffhousing.co.uk/sites/default/files/taff/www.gif] <www.taffhousing.co.uk>

[http://www.taffhousing.co.uk/sites/default/files/taff/wag.gif]    [http://www.taffhousing.co.uk/sites/default/files/taff/pad.gif]   [http://www.taffhousing.co.uk/sites/default/files/taff/sw.gif]   [http://www.taffhousing.co.uk/sites/default/files/taff/iipg.gif]
[http://www.taffhousing.co.uk/sites/default/files/taff/gptw11.gif]  [http://www.taffhousing.co.uk/sites/default/files/taff/gptw.gif]   [http://www.taffhousing.co.uk/sites/default/files/taff/gd.gif]   [http://www.taffhousing.co.uk/sites/default/files/taff/iipg_w.gif]
MEDDYLIWCH CYN I CHI ARGRAFFU! - THINK BEFORE YOU PRINT!


________________________________
This message is private and confidential. If you have received this message in error, please notify us and remove it from your system.
Please consider the environment before printing this email.

Any views or other information in this message which do not relate to our business are not authorised by us, nor does this message form part of any contract unless so stated.

Taff Housing Association - www.taffhousing.co.uk - A Charitable Housing Association registered under the Industrial and Provident Societies Acts 1965 No. 21408R. Registered by The National Assembly for Wales No. L009. Registered address: Alexandra House, 307-315 Cowbridge Road East, Cardiff CF5 1JD. VAT Registration Number: 869 8405 65.

From alex at vidadigital.com.pa  Wed Feb  6 16:07:52 2013
From: alex at vidadigital.com.pa (Alex Neuman)
Date: Wed, 6 Feb 2013 11:07:52 -0500
Subject: winmail.dat problem in version 4.84.5
In-Reply-To: <A442BE4F5F31CA449604DD949374324032288D@EX11.extern.studio-hamburg.de>
References: <A442BE4F5F31CA449604DD9493743240320A56@EX11.extern.studio-hamburg.de>
	<CANyE0Po=2WDvSQSyNTVUH-7hSO9uSd=E7T0AmrcRAOVb=jvJmA@mail.gmail.com>
	<A442BE4F5F31CA449604DD949374324032288D@EX11.extern.studio-hamburg.de>
Message-ID: <CANyE0PqnxVLmOBBxW3mVkmwjV2+tWhGOEe7S7WJVLHDri4a2Gg@mail.gmail.com>

On Wed, Feb 6, 2013 at 2:29 AM, Berndt, Achim <aberndt at studio-hamburg.de>wrote:

>  Hi Alex,****
>
> ** **
>
> thanks for your answer.
>
You're welcome!

> ****
>
> Splitting of the mails is not the problem, because there are the same
> failures with single-recipient mails also.
>
You mentioned it.

> ****
>
> MailScanner can?t create a sub-directory sometimes, but I don?t know why?!
>
When a program "can't create" subdirectories or folders, it usually means
it doesn't have permission to.

> ****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat in
> message r14FCB3H032743, could not create subdirectory
> r14FCB3H032743//tnefgKmhWJ, failed to unpack TNEF message
>
That appears to be caused by the user MailScanner is running as not having
permission to create the file. It could also be that the disk is full (not
likely) or that it ran out of inodes (also not likely).

> ****
>
> Is the option ?not to scan winmail.dat files? really an option?
>
If you look for winmail.dat in the MailScanner.conf and read the comments
therein, you'll find options such as:
Expand TNEF = yes
... which has this as its comment:
# Expand TNEF attachments using an external program (or a Perl module)?
# This should be "yes" unless the scanner you are using (Sophos, McAfee) has
# the facility built-in. However, if you set it to "no", then the filenames
# within the TNEF attachment will not be checked against the filename rules.

If you set it to "no" TNEF messages (those containing winmail.dat) will not
be unpacked. Depending on your particular situation, most antivirus
programs will still be able to detect viruses inside.

You will *not*, however, be able to limit the type of files included, so
that if you've forbidden people from sending .mov files and they send them
in a TNEF-encoded message they will still (probably) go through.

> ****
>
> ** **
>
> Regards****
>
> Achim****
>
> ** **
>
> *Von:* mailscanner-bounces at lists.mailscanner.info [mailto:
> mailscanner-bounces at lists.mailscanner.info] *Im Auftrag von *Alex Neuman
> *Gesendet:* Dienstag, 5. Februar 2013 20:50
> *An:* MailScanner discussion
> *Betreff:* Re: winmail.dat problem in version 4.84.5****
>
> ** **
>
> Splitting mail is something you have to *do things* for it to happen. If
> you undo the changes you made to split the e-mails (how to do this depends
> on which MTA you're using, I'm assuming sendmail from the logs), you should
> be able to avoid the problem.****
>
> ** **
>
> Do you know why splitting e-mails to multiple recipients was needed in the
> first place? Did whoever installed this prior to you taking over document
> it? The procedure is detailed here:****
>
> ** **
>
>
> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:split_mails_per_recipient
> ****
>
> ** **
>
> You can also try changing which method you use to process winmail.dat
> files, or not to process them at all. The risk is minimal. Check your
> mailscanner.conf settings, there is more information in the comments.****
>
> On Tue, Feb 5, 2013 at 12:13 PM, Berndt, Achim <aberndt at studio-hamburg.de>
> wrote:****
>
> Hello,****
>
>  ****
>
> we made last week an update of our mail-gateways. We have now the
> OS-Version openSUSE12.2 and the****
>
> MailScanner-Version 4.84.5 (from 4.81.4). Unfortunately there is now a
> problem with scanning of winmail.dat****
>
> attachments?! If there is a mail with 2 recipients and a winmail.dat
> attachment, MailScanner split the mail****
>
> and try to scan it two times. The first scan is successfull, but the
> second one not?! Do you have an explanation****
>
> for the problem?****
>
>  ****
>
> Mail-Log:****
>
> Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3G032743: from=<alex at bdo.de>,
> size=274800, class=0, nrcpts=1, msgid=<
> 86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de>,
> proto=ESMTP, daemon=MTA, relay=mx01.bdo.de [194.76.208.111]****
>
> Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3G032743: to=<
> peter at studio-hamburg.de>, delay=00:00:01, mailer=esmtp, pri=304800,
> stat=queued****
>
> Feb  4 16:12:14 mxi2 MailScanner[26355]: New Batch: Scanning 1 messages,
> 275339 bytes****
>
> Feb  4 16:12:14 mxi2 MailScanner[26355]: Virus and Content Scanning:
> Starting****
>
> Feb  4 16:12:14 mxi2 MailScanner[26355]: Message r14FCB3G032743 from
> 194.76.208.111 (alex at bdo.de) to studio-hamburg.de is too big for spam
> checks (275339 > 200000 bytes)****
>
> Feb  4 16:12:14 mxi2 MailScanner[26355]: Uninfected: Delivered 1 messages*
> ***
>
> Feb  4 16:12:14 mxi2 MailScanner[26355]: Deleted 1 messages from
> processing-database****
>
> Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3H032743: from=<alex at bdo.de>,
> size=282469, class=0, nrcpts=1, msgid=<
> 86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de>,
> proto=ESMTP, daemon=MTA, relay=mx01.bdo.de [194.76.208.111]****
>
> Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3H032743: to=<
> waller at studio-hamburg.de>, delay=00:00:00, mailer=esmtp, pri=312469,
> stat=queued****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: New Batch: Scanning 1 messages,
> 283011 bytes****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Expanding TNEF archive at
> /var/spool/MailScanner/incoming/26300/r14FCB3H032743/winmail.dat****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat in
> message r14FCB3H032743, could not create subdirectory
> r14FCB3H032743//tnefgKmhWJ, failed to unpack TNEF message****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Corrupt TNEF winmail.dat that
> cannot be analysed in message r14FCB3H032743****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Virus and Content Scanning:
> Starting****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Message r14FCB3H032743 from
> 194.76.208.111 (alex at bdo.de) to studio-hamburg.de is too big for spam
> checks (283011 > 200000 bytes)****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Cleaned: Delivered 1 cleaned
> messages****
>
>  ****
>
> Regards****
>
> Achim****
>
>  ****
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!****
>
>
>
> ****
>
> ** **
>
> --
>
> --
>
> Alex Neuman van der Hans
> Reliant Technologies / Vida Digital
> http://vidadigital.com.pa/
>
> +507-6781-9505
> +507-832-6725
> +1-440-253-9789 (USA)
>
> Follow @AlexNeuman on Twitter
> http://facebook.com/vidadigital
>
>
> -- So-called "legal disclaimers" are not legally binding, so don't bother.
> A cute graphic saying "save the planet, don't print this" can potentially
> create more CO2, not less, so don't bother either. ****
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>


-- 

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother.
A cute graphic saying "save the planet, don't print this" can potentially
create more CO2, not less, so don't bother either.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130206/c9ee5b9d/attachment.html 

From mailborder at gmail.com  Wed Feb  6 18:45:52 2013
From: mailborder at gmail.com (Mailborder at Gmail)
Date: Wed, 6 Feb 2013 19:45:52 +0100
Subject: Mailborder for Ubuntu 12.04 LTS
Message-ID: <CANK23U0_WnBYTb4GU3u-pjvbxot=qttkvQVELJPfsci=_mk0Bg@mail.gmail.com>

*Ubuntu 12.04 LTS Support*
Mailborder v3.3.0 has been released, which includes support for Ubuntu
12.04 LTS. The latest version of MailScanner (4.84.5-3) is included with
Mailborder v3.3.0. This version also includes some added feature requests,
bug fixes, and optimization. Additional feature requests from the community
will be included in the next minor release. Ubuntu 12.04 LTS is supported
for both master and child servers. If you already have a cluster installed,
v3.3.0 is compatible with a v3.2.x cluster.

*Upgrade*
The upgrade for v3.2.x installations of Mailborder will be released within
the next week. You will be able to upgrade to Mailborder v3.3.0 without
upgrading the server OS. (Only Red Hat / CentOS v5.8 is supported in v3.2.x)

*Red Hat / CentOS v5.8*
The install scripts for Mailborder v3.3.0 for Red Hat / CentOS v5.8  will
be released within the next week.

*Upcoming Support*
- Debian 6 support is near completion
- RedHat / CentOS 6.3 support is in testing
- openSUSE is on the drawing board

*Licensing*
Licensing is free. There will always be a free version.

*Download*
https://www.mailborder.com

See the Install menu option. I have added a short Architecture Overview
article under the Install menu.

*General Use*
Even if you don't want to use Mailborder, the install scripts can be freely
used to quickly deploy MailScanner. Just edit the scripts and remove the
Mailborder specific items.


Jerry Benton
www.mailborder.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130206/e4d7a7a9/attachment.html 

From mailborder at gmail.com  Wed Feb  6 19:19:17 2013
From: mailborder at gmail.com (Mailborder at Gmail)
Date: Wed, 6 Feb 2013 20:19:17 +0100
Subject: Clamav Read Errors
Message-ID: <CANK23U0+qxe2ybc96nydwNwPRu5MTTnM-DE_=hpGwndOCv2JWg@mail.gmail.com>

I posted this question back in November to this list. I was wondering if
anyone may have come across this error as well?

http://lists.mailscanner.info/pipermail/mailscanner/2012-November/100081.html

>From what I hashed out in the lab, it revolves around clamd vs clamav. If I
define clamd as the virus scanner in MailScanner.conf, there are situations
(quarantine) where I see read errors. If I change to clamav, no problems.
The service clamd runs as the clamav user, and MailScanner is running as
the user postfix. However, both are in the same group, and the entire
directory and file structure (/var/spool/MsilScanner)  are group writable.

On CentOS v5.8 there are no problems. Ever. Both clamd and clamav work
fine.
On CentOS v6.3 this is a problem. clamd for sure. I am still testing the
clamav.
On Ubuntu 12.04 LTS this is a problem. clamd for sure. clamav works fine.

Ideas?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130206/7bbda546/attachment.html 

From terry at graybell.net  Thu Feb  7 02:55:03 2013
From: terry at graybell.net (Terry Hulen Jr.)
Date: Wed, 6 Feb 2013 21:55:03 -0500
Subject: Clamav Read Errors
In-Reply-To: <CANK23U0+qxe2ybc96nydwNwPRu5MTTnM-DE_=hpGwndOCv2JWg@mail.gmail.com>
References: <CANK23U0+qxe2ybc96nydwNwPRu5MTTnM-DE_=hpGwndOCv2JWg@mail.gmail.com>
Message-ID: <76BA3C5D-2ECD-4A52-9467-F12948781429@graybell.net>

What does your clamd app armor profile look like?  I had this problem and I had to add my MailScanner dirs to this profile.



On Feb 6, 2013, at 2:19 PM, Mailborder at Gmail <mailborder at gmail.com> wrote:

> I posted this question back in November to this list. I was wondering if anyone may have come across this error as well?
> 
> http://lists.mailscanner.info/pipermail/mailscanner/2012-November/100081.html
> 
> From what I hashed out in the lab, it revolves around clamd vs clamav. If I define clamd as the virus scanner in MailScanner.conf, there are situations (quarantine) where I see read errors. If I change to clamav, no problems. The service clamd runs as the clamav user, and MailScanner is running as the user postfix. However, both are in the same group, and the entire directory and file structure (/var/spool/MsilScanner)  are group writable. 
> 
> On CentOS v5.8 there are no problems. Ever. Both clamd and clamav work fine.  
> On CentOS v6.3 this is a problem. clamd for sure. I am still testing the clamav.
> On Ubuntu 12.04 LTS this is a problem. clamd for sure. clamav works fine.
> 
> Ideas?
> 
> 
> -- 
> This message has been scanned for viruses and 
> dangerous content and is believed to be clean.
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130206/12998afa/attachment.html 

From mailborder at gmail.com  Thu Feb  7 06:12:43 2013
From: mailborder at gmail.com (Mailborder at Gmail)
Date: Thu, 7 Feb 2013 07:12:43 +0100
Subject: Clamav Read Errors
In-Reply-To: <76BA3C5D-2ECD-4A52-9467-F12948781429@graybell.net>
References: <CANK23U0+qxe2ybc96nydwNwPRu5MTTnM-DE_=hpGwndOCv2JWg@mail.gmail.com>
	<76BA3C5D-2ECD-4A52-9467-F12948781429@graybell.net>
Message-ID: <CANK23U120m3H9ZTvsZCFOhh33N=UZPeUXahK=V9g+na1OGfRNA@mail.gmail.com>

I'll check the appamror later tonight, but I have already checked the
selilnux on the CentOS 6.3 box. Even with selinux totally disabled I still
get the same errors.



On Thu, Feb 7, 2013 at 3:55 AM, Terry Hulen Jr. <terry at graybell.net> wrote:

> What does your clamd app armor profile look like?  I had this problem and
> I had to add my MailScanner dirs to this profile.
>
>
>
> On Feb 6, 2013, at 2:19 PM, Mailborder at Gmail <mailborder at gmail.com>
> wrote:
>
> I posted this question back in November to this list. I was wondering if
> anyone may have come across this error as well?
>
>
> http://lists.mailscanner.info/pipermail/mailscanner/2012-November/100081.html
>
> From what I hashed out in the lab, it revolves around clamd vs clamav. If
> I define clamd as the virus scanner in MailScanner.conf, there are
> situations (quarantine) where I see read errors. If I change to clamav, no
> problems. The service clamd runs as the clamav user, and MailScanner is
> running as the user postfix. However, both are in the same group, and the
> entire directory and file structure (/var/spool/MsilScanner)  are group
> writable.
>
> On CentOS v5.8 there are no problems. Ever. Both clamd and clamav work
> fine.
> On CentOS v6.3 this is a problem. clamd for sure. I am still testing the
> clamav.
> On Ubuntu 12.04 LTS this is a problem. clamd for sure. clamav works fine.
>
> Ideas?
>
>
> --
> This message has been scanned for viruses and
> dangerous content and is believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130207/340ebf87/attachment.html 

From aberndt at studio-hamburg.de  Thu Feb  7 08:02:37 2013
From: aberndt at studio-hamburg.de (Berndt, Achim)
Date: Thu, 7 Feb 2013 08:02:37 +0000
Subject: AW: winmail.dat problem in version 4.84.5
In-Reply-To: <CANyE0PqnxVLmOBBxW3mVkmwjV2+tWhGOEe7S7WJVLHDri4a2Gg@mail.gmail.com>
References: <A442BE4F5F31CA449604DD9493743240320A56@EX11.extern.studio-hamburg.de>
	<CANyE0Po=2WDvSQSyNTVUH-7hSO9uSd=E7T0AmrcRAOVb=jvJmA@mail.gmail.com>
	<A442BE4F5F31CA449604DD949374324032288D@EX11.extern.studio-hamburg.de>
	<CANyE0PqnxVLmOBBxW3mVkmwjV2+tWhGOEe7S7WJVLHDri4a2Gg@mail.gmail.com>
Message-ID: <A442BE4F5F31CA449604DD9493743240322BFE@EX11.extern.studio-hamburg.de>

Hello,

it might be a 1 year old bug in the TNEF decoder from previous version of MailScanner.
Is there a new fix for the MailScanner Version 4.84.5-3, or can I use the old one?
Can I download the TNEF.pm file from anywhere, or should I change the lines inside myself?
If so, which lines I need to  change?

Regards
Achim


Von: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] Im Auftrag von Alex Neuman
Gesendet: Mittwoch, 6. Februar 2013 17:08
An: MailScanner discussion
Betreff: Re: winmail.dat problem in version 4.84.5


On Wed, Feb 6, 2013 at 2:29 AM, Berndt, Achim <aberndt at studio-hamburg.de<mailto:aberndt at studio-hamburg.de>> wrote:
Hi Alex,

thanks for your answer.
You're welcome!
Splitting of the mails is not the problem, because there are the same failures with single-recipient mails also.
You mentioned it.
MailScanner can't create a sub-directory sometimes, but I don't know why?!
When a program "can't create" subdirectories or folders, it usually means it doesn't have permission to.
Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat in message r14FCB3H032743, could not create subdirectory r14FCB3H032743//tnefgKmhWJ, failed to unpack TNEF message
That appears to be caused by the user MailScanner is running as not having permission to create the file. It could also be that the disk is full (not likely) or that it ran out of inodes (also not likely).
Is the option "not to scan winmail.dat files" really an option?
If you look for winmail.dat in the MailScanner.conf and read the comments therein, you'll find options such as:
Expand TNEF = yes
... which has this as its comment:
# Expand TNEF attachments using an external program (or a Perl module)?
# This should be "yes" unless the scanner you are using (Sophos, McAfee) has
# the facility built-in. However, if you set it to "no", then the filenames
# within the TNEF attachment will not be checked against the filename rules.

If you set it to "no" TNEF messages (those containing winmail.dat) will not be unpacked. Depending on your particular situation, most antivirus programs will still be able to detect viruses inside.

You will *not*, however, be able to limit the type of files included, so that if you've forbidden people from sending .mov files and they send them in a TNEF-encoded message they will still (probably) go through.

Regards
Achim

Von: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info>] Im Auftrag von Alex Neuman
Gesendet: Dienstag, 5. Februar 2013 20:50
An: MailScanner discussion
Betreff: Re: winmail.dat problem in version 4.84.5

Splitting mail is something you have to *do things* for it to happen. If you undo the changes you made to split the e-mails (how to do this depends on which MTA you're using, I'm assuming sendmail from the logs), you should be able to avoid the problem.

Do you know why splitting e-mails to multiple recipients was needed in the first place? Did whoever installed this prior to you taking over document it? The procedure is detailed here:

http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:split_mails_per_recipient

You can also try changing which method you use to process winmail.dat files, or not to process them at all. The risk is minimal. Check your mailscanner.conf settings, there is more information in the comments.
On Tue, Feb 5, 2013 at 12:13 PM, Berndt, Achim <aberndt at studio-hamburg.de<mailto:aberndt at studio-hamburg.de>> wrote:
Hello,

we made last week an update of our mail-gateways. We have now the OS-Version openSUSE12.2 and the
MailScanner-Version 4.84.5 (from 4.81.4). Unfortunately there is now a problem with scanning of winmail.dat
attachments?! If there is a mail with 2 recipients and a winmail.dat attachment, MailScanner split the mail
and try to scan it two times. The first scan is successfull, but the second one not?! Do you have an explanation
for the problem?

Mail-Log:
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3G032743: from=<alex at bdo.de<mailto:alex at bdo.de>>, size=274800, class=0, nrcpts=1, msgid=<86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de<mailto:86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de>>, proto=ESMTP, daemon=MTA, relay=mx01.bdo.de<http://mx01.bdo.de> [194.76.208.111<tel:%5B194.76.208.111>]
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3G032743: to=<peter at studio-hamburg.de<mailto:peter at studio-hamburg.de>>, delay=00:00:01, mailer=esmtp, pri=304800, stat=queued
Feb  4 16:12:14 mxi2 MailScanner[26355]: New Batch: Scanning 1 messages, 275339 bytes
Feb  4 16:12:14 mxi2 MailScanner[26355]: Virus and Content Scanning: Starting
Feb  4 16:12:14 mxi2 MailScanner[26355]: Message r14FCB3G032743 from 194.76.208.111 (alex at bdo.de<mailto:alex at bdo.de>) to studio-hamburg.de<http://studio-hamburg.de> is too big for spam checks (275339 > 200000 bytes)
Feb  4 16:12:14 mxi2 MailScanner[26355]: Uninfected: Delivered 1 messages
Feb  4 16:12:14 mxi2 MailScanner[26355]: Deleted 1 messages from processing-database
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3H032743: from=<alex at bdo.de<mailto:alex at bdo.de>>, size=282469, class=0, nrcpts=1, msgid=<86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de<mailto:86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de>>, proto=ESMTP, daemon=MTA, relay=mx01.bdo.de<http://mx01.bdo.de> [194.76.208.111<tel:%5B194.76.208.111>]
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3H032743: to=<waller at studio-hamburg.de<mailto:waller at studio-hamburg.de>>, delay=00:00:00, mailer=esmtp, pri=312469, stat=queued
Feb  4 16:12:15 mxi2 MailScanner[26300]: New Batch: Scanning 1 messages, 283011 bytes
Feb  4 16:12:15 mxi2 MailScanner[26300]: Expanding TNEF archive at /var/spool/MailScanner/incoming/26300/r14FCB3H032743/winmail.dat
Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat in message r14FCB3H032743, could not create subdirectory r14FCB3H032743//tnefgKmhWJ, failed to unpack TNEF message
Feb  4 16:12:15 mxi2 MailScanner[26300]: Corrupt TNEF winmail.dat that cannot be analysed in message r14FCB3H032743
Feb  4 16:12:15 mxi2 MailScanner[26300]: Virus and Content Scanning: Starting
Feb  4 16:12:15 mxi2 MailScanner[26300]: Message r14FCB3H032743 from 194.76.208.111 (alex at bdo.de<mailto:alex at bdo.de>) to studio-hamburg.de<http://studio-hamburg.de> is too big for spam checks (283011 > 200000 bytes)
Feb  4 16:12:15 mxi2 MailScanner[26300]: Cleaned: Delivered 1 cleaned messages

Regards
Achim


--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!



--

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505<tel:%2B507-6781-9505>
+507-832-6725<tel:%2B507-832-6725>
+1-440-253-9789<tel:%2B1-440-253-9789> (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either.

--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!



--

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130207/0be98a79/attachment.html 

From aberndt at studio-hamburg.de  Thu Feb  7 10:44:36 2013
From: aberndt at studio-hamburg.de (Berndt, Achim)
Date: Thu, 7 Feb 2013 10:44:36 +0000
Subject: AW: winmail.dat problem in version 4.84.5
In-Reply-To: <CANyE0PqnxVLmOBBxW3mVkmwjV2+tWhGOEe7S7WJVLHDri4a2Gg@mail.gmail.com>
References: <A442BE4F5F31CA449604DD9493743240320A56@EX11.extern.studio-hamburg.de>
	<CANyE0Po=2WDvSQSyNTVUH-7hSO9uSd=E7T0AmrcRAOVb=jvJmA@mail.gmail.com>
	<A442BE4F5F31CA449604DD949374324032288D@EX11.extern.studio-hamburg.de>
	<CANyE0PqnxVLmOBBxW3mVkmwjV2+tWhGOEe7S7WJVLHDri4a2Gg@mail.gmail.com>
Message-ID: <A442BE4F5F31CA449604DD949374324032300A@EX11.extern.studio-hamburg.de>

Hello again

Should I change the TNEF.pm
from
MailScanner 4.85.5-3 (original):
  my ($tmpfh, $unpackdir) = tempfile("tnefXXXXXX", TMPDIR => $dir, UNLINK => 0);
  $dir =~ s,^.*/,,;
  $unpackdir = $message->MakeNameSafe($unpackdir, $dir);
  unless (mkdir "$dir/$unpackdir", 0777) {
    MailScanner::Log::WarnLog("Trying to unpack %s in message %s, could not create subdirectory %s, failed to unpack TNEF message", $tnefname, $message->{id},
                              "$dir/$unpackdir");
    return 0;

to
    MailScanner 4.85.5-3 (new):
  my $unpackdir = tempdir("tnefXXXXXX");
  $unpackdir = $message->MakeNameSafe($unpackdir, $dir);
  unless (mkdir "$dir/$unpackdir", 0777) {
   MailScanner::Log::WarnLog("Trying to unpack %s in message %s, could not cre create subdirectory %s, failed to unpack TNEF message", $tnefname, $message->{id},
                             "$dir/$unpackdir");
   return 0;

regards
Achim

Von: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] Im Auftrag von Alex Neuman
Gesendet: Mittwoch, 6. Februar 2013 17:08
An: MailScanner discussion
Betreff: Re: winmail.dat problem in version 4.84.5


On Wed, Feb 6, 2013 at 2:29 AM, Berndt, Achim <aberndt at studio-hamburg.de<mailto:aberndt at studio-hamburg.de>> wrote:
Hi Alex,

thanks for your answer.
You're welcome!
Splitting of the mails is not the problem, because there are the same failures with single-recipient mails also.
You mentioned it.
MailScanner can't create a sub-directory sometimes, but I don't know why?!
When a program "can't create" subdirectories or folders, it usually means it doesn't have permission to.
Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat in message r14FCB3H032743, could not create subdirectory r14FCB3H032743//tnefgKmhWJ, failed to unpack TNEF message
That appears to be caused by the user MailScanner is running as not having permission to create the file. It could also be that the disk is full (not likely) or that it ran out of inodes (also not likely).
Is the option "not to scan winmail.dat files" really an option?
If you look for winmail.dat in the MailScanner.conf and read the comments therein, you'll find options such as:
Expand TNEF = yes
... which has this as its comment:
# Expand TNEF attachments using an external program (or a Perl module)?
# This should be "yes" unless the scanner you are using (Sophos, McAfee) has
# the facility built-in. However, if you set it to "no", then the filenames
# within the TNEF attachment will not be checked against the filename rules.

If you set it to "no" TNEF messages (those containing winmail.dat) will not be unpacked. Depending on your particular situation, most antivirus programs will still be able to detect viruses inside.

You will *not*, however, be able to limit the type of files included, so that if you've forbidden people from sending .mov files and they send them in a TNEF-encoded message they will still (probably) go through.

Regards
Achim

Von: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info>] Im Auftrag von Alex Neuman
Gesendet: Dienstag, 5. Februar 2013 20:50
An: MailScanner discussion
Betreff: Re: winmail.dat problem in version 4.84.5

Splitting mail is something you have to *do things* for it to happen. If you undo the changes you made to split the e-mails (how to do this depends on which MTA you're using, I'm assuming sendmail from the logs), you should be able to avoid the problem.

Do you know why splitting e-mails to multiple recipients was needed in the first place? Did whoever installed this prior to you taking over document it? The procedure is detailed here:

http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:split_mails_per_recipient

You can also try changing which method you use to process winmail.dat files, or not to process them at all. The risk is minimal. Check your mailscanner.conf settings, there is more information in the comments.
On Tue, Feb 5, 2013 at 12:13 PM, Berndt, Achim <aberndt at studio-hamburg.de<mailto:aberndt at studio-hamburg.de>> wrote:
Hello,

we made last week an update of our mail-gateways. We have now the OS-Version openSUSE12.2 and the
MailScanner-Version 4.84.5 (from 4.81.4). Unfortunately there is now a problem with scanning of winmail.dat
attachments?! If there is a mail with 2 recipients and a winmail.dat attachment, MailScanner split the mail
and try to scan it two times. The first scan is successfull, but the second one not?! Do you have an explanation
for the problem?

Mail-Log:
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3G032743: from=<alex at bdo.de<mailto:alex at bdo.de>>, size=274800, class=0, nrcpts=1, msgid=<86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de<mailto:86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de>>, proto=ESMTP, daemon=MTA, relay=mx01.bdo.de<http://mx01.bdo.de> [194.76.208.111<tel:%5B194.76.208.111>]
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3G032743: to=<peter at studio-hamburg.de<mailto:peter at studio-hamburg.de>>, delay=00:00:01, mailer=esmtp, pri=304800, stat=queued
Feb  4 16:12:14 mxi2 MailScanner[26355]: New Batch: Scanning 1 messages, 275339 bytes
Feb  4 16:12:14 mxi2 MailScanner[26355]: Virus and Content Scanning: Starting
Feb  4 16:12:14 mxi2 MailScanner[26355]: Message r14FCB3G032743 from 194.76.208.111 (alex at bdo.de<mailto:alex at bdo.de>) to studio-hamburg.de<http://studio-hamburg.de> is too big for spam checks (275339 > 200000 bytes)
Feb  4 16:12:14 mxi2 MailScanner[26355]: Uninfected: Delivered 1 messages
Feb  4 16:12:14 mxi2 MailScanner[26355]: Deleted 1 messages from processing-database
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3H032743: from=<alex at bdo.de<mailto:alex at bdo.de>>, size=282469, class=0, nrcpts=1, msgid=<86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de<mailto:86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de>>, proto=ESMTP, daemon=MTA, relay=mx01.bdo.de<http://mx01.bdo.de> [194.76.208.111<tel:%5B194.76.208.111>]
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3H032743: to=<waller at studio-hamburg.de<mailto:waller at studio-hamburg.de>>, delay=00:00:00, mailer=esmtp, pri=312469, stat=queued
Feb  4 16:12:15 mxi2 MailScanner[26300]: New Batch: Scanning 1 messages, 283011 bytes
Feb  4 16:12:15 mxi2 MailScanner[26300]: Expanding TNEF archive at /var/spool/MailScanner/incoming/26300/r14FCB3H032743/winmail.dat
Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat in message r14FCB3H032743, could not create subdirectory r14FCB3H032743//tnefgKmhWJ, failed to unpack TNEF message
Feb  4 16:12:15 mxi2 MailScanner[26300]: Corrupt TNEF winmail.dat that cannot be analysed in message r14FCB3H032743
Feb  4 16:12:15 mxi2 MailScanner[26300]: Virus and Content Scanning: Starting
Feb  4 16:12:15 mxi2 MailScanner[26300]: Message r14FCB3H032743 from 194.76.208.111 (alex at bdo.de<mailto:alex at bdo.de>) to studio-hamburg.de<http://studio-hamburg.de> is too big for spam checks (283011 > 200000 bytes)
Feb  4 16:12:15 mxi2 MailScanner[26300]: Cleaned: Delivered 1 cleaned messages

Regards
Achim


--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!



--

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505<tel:%2B507-6781-9505>
+507-832-6725<tel:%2B507-832-6725>
+1-440-253-9789<tel:%2B1-440-253-9789> (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either.

--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!



--

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130207/e6d74427/attachment.html 

From phil.randal at hoopleltd.co.uk  Thu Feb  7 12:37:47 2013
From: phil.randal at hoopleltd.co.uk (Randal, Phil)
Date: Thu, 7 Feb 2013 12:37:47 +0000
Subject: winmail.dat problem in version 4.84.5
In-Reply-To: <A442BE4F5F31CA449604DD949374324032300A@EX11.extern.studio-hamburg.de>
References: <A442BE4F5F31CA449604DD9493743240320A56@EX11.extern.studio-hamburg.de>
	<CANyE0Po=2WDvSQSyNTVUH-7hSO9uSd=E7T0AmrcRAOVb=jvJmA@mail.gmail.com>
	<A442BE4F5F31CA449604DD949374324032288D@EX11.extern.studio-hamburg.de>
	<CANyE0PqnxVLmOBBxW3mVkmwjV2+tWhGOEe7S7WJVLHDri4a2Gg@mail.gmail.com>
	<A442BE4F5F31CA449604DD949374324032300A@EX11.extern.studio-hamburg.de>
Message-ID: <7CA580B59C1ABD45B4614ED90D4C7B854176E9FA@HC-EXMBX03.herefordshire.gov.uk>

There's a build of TNEF.pm in the MailScanner Git repo:

https://github.com/MailScanner/MailScanner/blob/master/mailscanner/bin/MailScanner/TNEF.pm

With this version(and latest MailScanner)  I'm seeing temporary directories of form tnefxxxxxx being created in /var/spool/mqueue.in

Cheers,

Phil

--
Phil Randal
Infrastructure Engineer
Hoople Ltd | Thorn Office Centre | Hereford HR2 6JT
Tel: 01432 260415 | Email: phil.randal at hoopleltd.co.uk<mailto:phil.randal at hoopleltd.co.uk>

From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Berndt, Achim
Sent: 07 February 2013 10:45
To: MailScanner discussion
Subject: AW: winmail.dat problem in version 4.84.5

Hello again

Should I change the TNEF.pm
from
MailScanner 4.85.5-3 (original):
  my ($tmpfh, $unpackdir) = tempfile("tnefXXXXXX", TMPDIR => $dir, UNLINK => 0);
  $dir =~ s,^.*/,,;
  $unpackdir = $message->MakeNameSafe($unpackdir, $dir);
  unless (mkdir "$dir/$unpackdir", 0777) {
    MailScanner::Log::WarnLog("Trying to unpack %s in message %s, could not create subdirectory %s, failed to unpack TNEF message", $tnefname, $message->{id},
                              "$dir/$unpackdir");
    return 0;

to
    MailScanner 4.85.5-3 (new):
  my $unpackdir = tempdir("tnefXXXXXX");
  $unpackdir = $message->MakeNameSafe($unpackdir, $dir);
  unless (mkdir "$dir/$unpackdir", 0777) {
   MailScanner::Log::WarnLog("Trying to unpack %s in message %s, could not cre create subdirectory %s, failed to unpack TNEF message", $tnefname, $message->{id},
                             "$dir/$unpackdir");
   return 0;

regards
Achim

Von: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info] Im Auftrag von Alex Neuman
Gesendet: Mittwoch, 6. Februar 2013 17:08
An: MailScanner discussion
Betreff: Re: winmail.dat problem in version 4.84.5


On Wed, Feb 6, 2013 at 2:29 AM, Berndt, Achim <aberndt at studio-hamburg.de<mailto:aberndt at studio-hamburg.de>> wrote:
Hi Alex,

thanks for your answer.
You're welcome!
Splitting of the mails is not the problem, because there are the same failures with single-recipient mails also.
You mentioned it.
MailScanner can't create a sub-directory sometimes, but I don't know why?!
When a program "can't create" subdirectories or folders, it usually means it doesn't have permission to.
Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat in message r14FCB3H032743, could not create subdirectory r14FCB3H032743//tnefgKmhWJ, failed to unpack TNEF message
That appears to be caused by the user MailScanner is running as not having permission to create the file. It could also be that the disk is full (not likely) or that it ran out of inodes (also not likely).
Is the option "not to scan winmail.dat files" really an option?
If you look for winmail.dat in the MailScanner.conf and read the comments therein, you'll find options such as:
Expand TNEF = yes
... which has this as its comment:
# Expand TNEF attachments using an external program (or a Perl module)?
# This should be "yes" unless the scanner you are using (Sophos, McAfee) has
# the facility built-in. However, if you set it to "no", then the filenames
# within the TNEF attachment will not be checked against the filename rules.

If you set it to "no" TNEF messages (those containing winmail.dat) will not be unpacked. Depending on your particular situation, most antivirus programs will still be able to detect viruses inside.

You will *not*, however, be able to limit the type of files included, so that if you've forbidden people from sending .mov files and they send them in a TNEF-encoded message they will still (probably) go through.

Regards
Achim

Von: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info>] Im Auftrag von Alex Neuman
Gesendet: Dienstag, 5. Februar 2013 20:50
An: MailScanner discussion
Betreff: Re: winmail.dat problem in version 4.84.5

Splitting mail is something you have to *do things* for it to happen. If you undo the changes you made to split the e-mails (how to do this depends on which MTA you're using, I'm assuming sendmail from the logs), you should be able to avoid the problem.

Do you know why splitting e-mails to multiple recipients was needed in the first place? Did whoever installed this prior to you taking over document it? The procedure is detailed here:

http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:split_mails_per_recipient

You can also try changing which method you use to process winmail.dat files, or not to process them at all. The risk is minimal. Check your mailscanner.conf settings, there is more information in the comments.
On Tue, Feb 5, 2013 at 12:13 PM, Berndt, Achim <aberndt at studio-hamburg.de<mailto:aberndt at studio-hamburg.de>> wrote:
Hello,

we made last week an update of our mail-gateways. We have now the OS-Version openSUSE12.2 and the
MailScanner-Version 4.84.5 (from 4.81.4). Unfortunately there is now a problem with scanning of winmail.dat
attachments?! If there is a mail with 2 recipients and a winmail.dat attachment, MailScanner split the mail
and try to scan it two times. The first scan is successfull, but the second one not?! Do you have an explanation
for the problem?

Mail-Log:
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3G032743: from=<alex at bdo.de<mailto:alex at bdo.de>>, size=274800, class=0, nrcpts=1, msgid=<86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de<mailto:86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de>>, proto=ESMTP, daemon=MTA, relay=mx01.bdo.de<http://mx01.bdo.de> [194.76.208.111<tel:%5B194.76.208.111>]
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3G032743: to=<peter at studio-hamburg.de<mailto:peter at studio-hamburg.de>>, delay=00:00:01, mailer=esmtp, pri=304800, stat=queued
Feb  4 16:12:14 mxi2 MailScanner[26355]: New Batch: Scanning 1 messages, 275339 bytes
Feb  4 16:12:14 mxi2 MailScanner[26355]: Virus and Content Scanning: Starting
Feb  4 16:12:14 mxi2 MailScanner[26355]: Message r14FCB3G032743 from 194.76.208.111 (alex at bdo.de<mailto:alex at bdo.de>) to studio-hamburg.de<http://studio-hamburg.de> is too big for spam checks (275339 > 200000 bytes)
Feb  4 16:12:14 mxi2 MailScanner[26355]: Uninfected: Delivered 1 messages
Feb  4 16:12:14 mxi2 MailScanner[26355]: Deleted 1 messages from processing-database
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3H032743: from=<alex at bdo.de<mailto:alex at bdo.de>>, size=282469, class=0, nrcpts=1, msgid=<86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de<mailto:86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de>>, proto=ESMTP, daemon=MTA, relay=mx01.bdo.de<http://mx01.bdo.de> [194.76.208.111<tel:%5B194.76.208.111>]
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3H032743: to=<waller at studio-hamburg.de<mailto:waller at studio-hamburg.de>>, delay=00:00:00, mailer=esmtp, pri=312469, stat=queued
Feb  4 16:12:15 mxi2 MailScanner[26300]: New Batch: Scanning 1 messages, 283011 bytes
Feb  4 16:12:15 mxi2 MailScanner[26300]: Expanding TNEF archive at /var/spool/MailScanner/incoming/26300/r14FCB3H032743/winmail.dat
Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat in message r14FCB3H032743, could not create subdirectory r14FCB3H032743//tnefgKmhWJ, failed to unpack TNEF message
Feb  4 16:12:15 mxi2 MailScanner[26300]: Corrupt TNEF winmail.dat that cannot be analysed in message r14FCB3H032743
Feb  4 16:12:15 mxi2 MailScanner[26300]: Virus and Content Scanning: Starting
Feb  4 16:12:15 mxi2 MailScanner[26300]: Message r14FCB3H032743 from 194.76.208.111 (alex at bdo.de<mailto:alex at bdo.de>) to studio-hamburg.de<http://studio-hamburg.de> is too big for spam checks (283011 > 200000 bytes)
Feb  4 16:12:15 mxi2 MailScanner[26300]: Cleaned: Delivered 1 cleaned messages

Regards
Achim


--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!



--

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505<tel:%2B507-6781-9505>
+507-832-6725<tel:%2B507-832-6725>
+1-440-253-9789<tel:%2B1-440-253-9789> (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either.

--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!



--

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either.
"Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130207/438c687b/attachment.html 

From sbanderson at impromed.com  Thu Feb  7 16:19:43 2013
From: sbanderson at impromed.com (Scott B. Anderson)
Date: Thu, 7 Feb 2013 16:19:43 +0000
Subject: MySQL create table script for SQLLogging using mysql 5.5
Message-ID: <7D95F4DE708E0948892128F41A2507385EF3C85F@es3.impromed.com>

It took me some time to figure out why the default scripts for creating the tables for @SQLLogging was failing on ERROR 1064 when trying to source the SQL script.

Eventually I learned that since MySQL 4.1, TIMESTAMP type ignores the (14) size declaration, but starting with 5.5, it will throw an error and fail.

Also, TYPE=MyISAM is not compatible anymore, so you will need to replace it with ENGINE=InnoDB  to get the script to work.
After these changes, the three table creation definitions that will work with MySQL 5.5 and up look like this:

CREATE TABLE maillog_mail (
  id int(10) unsigned NOT NULL auto_increment,
  time timestamp NOT NULL,
  msg_id varchar(15) binary default NULL,
  size bigint(20) default NULL,
  from_user varchar(35) default NULL,

  from_domain varchar(35) default NULL,

  subject text,

  clientip text,

  archives text,
  isspam int(1) default NULL,
  ishighspam int(1) default NULL,
  sascore decimal(7,2) default NULL,
  spamreport text,
  PRIMARY KEY  (id),
  KEY msg_id (msg_id),
  KEY from_domain (from_domain,from_user)
) ENGINE=InnoDB;

CREATE TABLE maillog_recipient (
  id bigint(20) NOT NULL auto_increment,
  msg_id varchar(15) binary default NULL,
  to_user varchar(35) default NULL,
  to_domain varchar(35) default NULL,
  PRIMARY KEY  (id),
  KEY msg_id (msg_id),
  KEY to_domain (to_domain,to_user)
) ENGINE=InnoDB;


CREATE TABLE maillog_report (
  id bigint(20) NOT NULL auto_increment,
  msg_id varchar(15) binary default NULL,
  filename text,
  filereport text,
  PRIMARY KEY  (id),
  KEY msg_id (msg_id)
) ENGINE=InnoDB;




I mostly posted this to help out the next person that upgrades from an old server running MySQL 3.x to one running 5.x

If someone would like to verify, critique, or comment, that would be great as well.  The FAQs and READMEs should probably get updated as well.


Scott Anderson
IT Administrator

...

-- 
ImproMed LLC
--


From dlee.aus at gmail.com  Thu Feb  7 22:52:50 2013
From: dlee.aus at gmail.com (David Lee)
Date: Fri, 8 Feb 2013 09:22:50 +1030
Subject: winmail.dat problem in version 4.84.5
In-Reply-To: <A442BE4F5F31CA449604DD9493743240322BFE@EX11.extern.studio-hamburg.de>
References: <A442BE4F5F31CA449604DD9493743240320A56@EX11.extern.studio-hamburg.de>
	<CANyE0Po=2WDvSQSyNTVUH-7hSO9uSd=E7T0AmrcRAOVb=jvJmA@mail.gmail.com>
	<A442BE4F5F31CA449604DD949374324032288D@EX11.extern.studio-hamburg.de>
	<CANyE0PqnxVLmOBBxW3mVkmwjV2+tWhGOEe7S7WJVLHDri4a2Gg@mail.gmail.com>
	<A442BE4F5F31CA449604DD9493743240322BFE@EX11.extern.studio-hamburg.de>
Message-ID: <CAOy9RE=zXfnJDcVmxqsJ-UdpjPuDCo51271EKGwu1h5B2dSk-g@mail.gmail.com>

Hi,

I've had a look at this problem a little while ago and found an issue with
the creation of the
temporary directory into which the TNEF file is unpacked
(https://github.com/MailScanner/MailScanner/issues/7).

I've 'hacked' at temporary solution which seems to have fixed these
problems.
I made the following changes to the
'/usr/lib/MailScanner/mailScanner/TNEF.pm' file:

232,233c232,239
<   my ($tmpfh, $unpackdir) = tempfile("tnefXXXXXX", TMPDIR => $dir, UNLINK
=> 0);
<   $dir =~ s,^.*/,,;
---
>   #my ($tmpfh, $unpackdir) = tempfile("tnefXXXXXX", TMPDIR => $dir,
UNLINK => 0);
>   #$dir =~ s,^.*/,,;
>
>   my @a = map { chr } (48..57, 65..90, 97..122); # printable ASCII chars
>   my $ranstring;
>   $ranstring .= $a[rand(@a)] for 1..6;
>   my $unpackdir = "tnef" . $ranstring;

I've also changed the permissions applied to the unpack directory. Ideally
these
should be changed to the appropriate values as specified in the MailScanner
config file.

240c246,247
<   chmod 0700, "$dir/$unpackdir";
---
>   chmod 0750, "$dir/$unpackdir";
>   chown $owner, $group, "$dir/$unpackdir";

Note that I do not have a very good working knowledge of the MailScanner
code, so these
code changes may be not the best way to fix the problems.

Regards
David

On Thu, Feb 7, 2013 at 6:32 PM, Berndt, Achim <aberndt at studio-hamburg.de>wrote:

>  Hello,****
>
> ** **
>
> it might be a 1 year old bug in the TNEF decoder from previous version of
> MailScanner.****
>
> Is there a new fix for the MailScanner Version 4.84.5-3, or can I use the
> old one?****
>
> Can I download the TNEF.pm file from anywhere, or should I change the
> lines inside myself?****
>
> If so, which lines I need to  change?****
>
> ** **
>
> Regards****
>
> Achim****
>
> ** **
>
> ** **
>
> *Von:* mailscanner-bounces at lists.mailscanner.info [mailto:
> mailscanner-bounces at lists.mailscanner.info] *Im Auftrag von *Alex Neuman
> *Gesendet:* Mittwoch, 6. Februar 2013 17:08
> *An:* MailScanner discussion
> *Betreff:* Re: winmail.dat problem in version 4.84.5****
>
> ** **
>
> ** **
>
> On Wed, Feb 6, 2013 at 2:29 AM, Berndt, Achim <aberndt at studio-hamburg.de>
> wrote:****
>
> Hi Alex,****
>
>  ****
>
> thanks for your answer. ****
>
> You're welcome! ****
>
>  Splitting of the mails is not the problem, because there are the same
> failures with single-recipient mails also.****
>
>  You mentioned it. ****
>
>  MailScanner can?t create a sub-directory sometimes, but I don?t know
> why?!****
>
>  When a program "can't create" subdirectories or folders, it usually
> means it doesn't have permission to. ****
>
>  Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat
> in message r14FCB3H032743, could not create subdirectory
> r14FCB3H032743//tnefgKmhWJ, failed to unpack TNEF message****
>
>  That appears to be caused by the user MailScanner is running as not
> having permission to create the file. It could also be that the disk is
> full (not likely) or that it ran out of inodes (also not likely). ****
>
>  Is the option ?not to scan winmail.dat files? really an option?****
>
>  If you look for winmail.dat in the MailScanner.conf and read the
> comments therein, you'll find options such as:
> Expand TNEF = yes
> ... which has this as its comment:
> # Expand TNEF attachments using an external program (or a Perl module)?
> # This should be "yes" unless the scanner you are using (Sophos, McAfee)
> has
> # the facility built-in. However, if you set it to "no", then the filenames
> # within the TNEF attachment will not be checked against the filename
> rules.
>
> If you set it to "no" TNEF messages (those containing winmail.dat) will
> not be unpacked. Depending on your particular situation, most antivirus
> programs will still be able to detect viruses inside.
>
> You will *not*, however, be able to limit the type of files included, so
> that if you've forbidden people from sending .mov files and they send them
> in a TNEF-encoded message they will still (probably) go through.****
>
>   ****
>
> Regards****
>
> Achim****
>
>  ****
>
> *Von:* mailscanner-bounces at lists.mailscanner.info [mailto:
> mailscanner-bounces at lists.mailscanner.info] *Im Auftrag von *Alex Neuman
> *Gesendet:* Dienstag, 5. Februar 2013 20:50
> *An:* MailScanner discussion
> *Betreff:* Re: winmail.dat problem in version 4.84.5****
>
>  ****
>
> Splitting mail is something you have to *do things* for it to happen. If
> you undo the changes you made to split the e-mails (how to do this depends
> on which MTA you're using, I'm assuming sendmail from the logs), you should
> be able to avoid the problem.****
>
>  ****
>
> Do you know why splitting e-mails to multiple recipients was needed in the
> first place? Did whoever installed this prior to you taking over document
> it? The procedure is detailed here:****
>
>  ****
>
>
> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:split_mails_per_recipient
> ****
>
>  ****
>
> You can also try changing which method you use to process winmail.dat
> files, or not to process them at all. The risk is minimal. Check your
> mailscanner.conf settings, there is more information in the comments.****
>
> On Tue, Feb 5, 2013 at 12:13 PM, Berndt, Achim <aberndt at studio-hamburg.de>
> wrote:****
>
> Hello,****
>
>  ****
>
> we made last week an update of our mail-gateways. We have now the
> OS-Version openSUSE12.2 and the****
>
> MailScanner-Version 4.84.5 (from 4.81.4). Unfortunately there is now a
> problem with scanning of winmail.dat****
>
> attachments?! If there is a mail with 2 recipients and a winmail.dat
> attachment, MailScanner split the mail****
>
> and try to scan it two times. The first scan is successfull, but the
> second one not?! Do you have an explanation****
>
> for the problem?****
>
>  ****
>
> Mail-Log:****
>
> Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3G032743: from=<alex at bdo.de>,
> size=274800, class=0, nrcpts=1, msgid=<
> 86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de>,
> proto=ESMTP, daemon=MTA, relay=mx01.bdo.de [194.76.208.111]****
>
> Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3G032743: to=<
> peter at studio-hamburg.de>, delay=00:00:01, mailer=esmtp, pri=304800,
> stat=queued****
>
> Feb  4 16:12:14 mxi2 MailScanner[26355]: New Batch: Scanning 1 messages,
> 275339 bytes****
>
> Feb  4 16:12:14 mxi2 MailScanner[26355]: Virus and Content Scanning:
> Starting****
>
> Feb  4 16:12:14 mxi2 MailScanner[26355]: Message r14FCB3G032743 from
> 194.76.208.111 (alex at bdo.de) to studio-hamburg.de is too big for spam
> checks (275339 > 200000 bytes)****
>
> Feb  4 16:12:14 mxi2 MailScanner[26355]: Uninfected: Delivered 1 messages*
> ***
>
> Feb  4 16:12:14 mxi2 MailScanner[26355]: Deleted 1 messages from
> processing-database****
>
> Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3H032743: from=<alex at bdo.de>,
> size=282469, class=0, nrcpts=1, msgid=<
> 86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de>,
> proto=ESMTP, daemon=MTA, relay=mx01.bdo.de [194.76.208.111]****
>
> Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3H032743: to=<
> waller at studio-hamburg.de>, delay=00:00:00, mailer=esmtp, pri=312469,
> stat=queued****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: New Batch: Scanning 1 messages,
> 283011 bytes****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Expanding TNEF archive at
> /var/spool/MailScanner/incoming/26300/r14FCB3H032743/winmail.dat****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat in
> message r14FCB3H032743, could not create subdirectory
> r14FCB3H032743//tnefgKmhWJ, failed to unpack TNEF message****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Corrupt TNEF winmail.dat that
> cannot be analysed in message r14FCB3H032743****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Virus and Content Scanning:
> Starting****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Message r14FCB3H032743 from
> 194.76.208.111 (alex at bdo.de) to studio-hamburg.de is too big for spam
> checks (283011 > 200000 bytes)****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Cleaned: Delivered 1 cleaned
> messages****
>
>  ****
>
> Regards****
>
> Achim****
>
>  ****
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!****
>
>
>
> ****
>
>  ****
>
> --
>
> --
>
> Alex Neuman van der Hans
> Reliant Technologies / Vida Digital
> http://vidadigital.com.pa/
>
> +507-6781-9505
> +507-832-6725
> +1-440-253-9789 (USA)
>
> Follow @AlexNeuman on Twitter
> http://facebook.com/vidadigital
>
>
> -- So-called "legal disclaimers" are not legally binding, so don't bother.
> A cute graphic saying "save the planet, don't print this" can potentially
> create more CO2, not less, so don't bother either. ****
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!****
>
>
>
>
> --
>
> --
>
> Alex Neuman van der Hans
> Reliant Technologies / Vida Digital
> http://vidadigital.com.pa/
>
> +507-6781-9505
> +507-832-6725
> +1-440-253-9789 (USA)
>
> Follow @AlexNeuman on Twitter
> http://facebook.com/vidadigital
>
>
> -- So-called "legal disclaimers" are not legally binding, so don't bother.
> A cute graphic saying "save the planet, don't print this" can potentially
> create more CO2, not less, so don't bother either. ****
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130208/b692b576/attachment-0001.html 

From ling at unimelb.edu.au  Sun Feb 10 23:55:06 2013
From: ling at unimelb.edu.au (Ling Shi)
Date: Mon, 11 Feb 2013 10:55:06 +1100
Subject: MailScanner fail to detect any attachment on RHEL6.3
Message-ID: <5118335A.4000807@unimelb.edu.au>

Hi,

I recently moved our mail server (RHEL4.9/Postfix 2.2.10/MailScanner 
4.74.16) to a new machine (RHEL6.3/Postfix 2.6.6/MailScanner 4.84.5). 
After that, MailScanner fails to detect any attachment, ie no 
Filename/Filetype check at all.

By closely looking at /var/spool/MailScanner/incoming/<pid>, I found 
there're only <message-id>, <message-id>.header files, but empty 
<message-id> subdirectory, which means MIME::Parser doesn't work.

`MailScanner -v` output:

-----------------------------
# MailScanner -v
Running on
Linux selene.ms.unimelb.edu.au 2.6.32-279.22.1.el6.x86_64 #1 SMP Sun Jan 
13 09:21:40 EST 2013 x86_64 x86_64 x86_64 GNU/Linux
This is Red Hat Enterprise Linux Server release 6.3 (Santiago)
This is Perl version 5.010001 (5.10.1)

This is MailScanner version 4.84.5
Module versions are:
1.00    AnyDBM_File
1.30    Archive::Zip
   :
3.08    MIME::Base64
5.504   MIME::Decoder
5.504   MIME::Decoder::UU
5.504   MIME::Head
5.504   MIME::Parser
3.08    MIME::QuotedPrint
5.504   MIME::Tools
   :
-----------------------------

I've tried to feed Postfix queue file (take from 
/var/spool/postfix/hold) to MailScanner on the old RHEL4 server, which 
generates correct <message-id>/<attachment-file>. So Postfix isn't the 
problem.

I also tried feed the queue file to

-----------------------------
#! /usr/bin/perl
use MIME::Parser;
my $parser = new MIME::Parser;
$parser->parse(\*STDIN)};
-----------------------------

but that didn't work, sure my perl knowledge is very basic.

Could someone please help write me a perl script, which is similar to 
sub Explode {} in MailScanner::Message? The script takes Postfix queue 
file as import, the output will be like those in 
/var/spool/MailScanner/incoming/<pid>, ie

<message-id>/<attachment>  (if any)
<message-id>
<message-id>.header

I'll use this script on both RHEL4 and RHEL6, hoping generate different 
result, so I can ask Redhat support team whether RHEL6's perl is at fault.

Thank you.

-- 
Regards,
Ling Shi
(UnixSysad, MS, UniMelb)

From ling at unimelb.edu.au  Mon Feb 11 00:12:40 2013
From: ling at unimelb.edu.au (Ling Shi)
Date: Mon, 11 Feb 2013 11:12:40 +1100
Subject: handling of spam-virus
Message-ID: <51183778.5070400@unimelb.edu.au>

Hi,

I found these in our mailscanner.log:

-----------------------------------------
Feb 10 15:00:41 selene MailScanner[3726]: New Batch: Scanning 1 
messages, 3501 bytes
Feb 10 15:00:41 selene MailScanner[3726]: Virus and Content Scanning: 
Starting
Feb 10 15:00:45 selene MailScanner[3726]: 47798200154.AD398.message: 
Email.Phishing.Webmail-28 FOUND
Feb 10 15:00:45 selene MailScanner[3726]: Found spam-virus 
Email.Phishing.Webmail-28 in 47798200154.AD398
Feb 10 15:00:45 selene MailScanner[3726]: Virus Scanning completed at 
811 bytes per second
Feb 10 15:00:45 selene MailScanner[3726]: Spam Checks: Starting
Feb 10 15:00:47 selene MailScanner[3726]: Message 47798200154.AD398 from 
80.95.217.246 (icb.alert at e-mail.ua) to ms.unimelb.edu.au is spam, 
SpamAssassin (not cached, score=32.473, required 5, autolearn=spam, 
ADVANCE_FEE_3_NEW 3.50, ADVANCE_FEE_3_NEW_MONEY 0.00, ADVANCE_FEE_4_NEW 
2.08, ADVANCE_FEE_4_NEW_MONEY 0.00, ADVANCE_FEE_5_NEW 1.54, 
ADVANCE_FEE_5_NEW_MONEY 0.00, AXB_XMAILER_MIMEOLE_OL_024C2 2.99, 
BAYES_99 3.50, FORGED_MUA_OUTLOOK 1.93, FSL_NEW_HELO_USER 2.10, 
LOTS_OF_MONEY 0.00, MISSING_HEADERS 1.02, MONEY_FRAUD_3 0.43, 
MONEY_FRAUD_5 2.18, MONEY_FROM_41 2.00, NSL_RCVD_FROM_USER 0.57, 
RCVD_IN_BRBL_LASTEXT 1.45, RCVD_IN_SORBS_WEB 0.77, RDNS_NONE 0.79, 
REPLYTO_WITHOUT_TO_CC 1.55, TO_NO_BRKTS_MSFT 3.50, URG_BIZ 0.57)
Feb 10 15:00:47 selene MailScanner[3726]: Spam Checks: Found 1 spam messages
Feb 10 15:00:47 selene MailScanner[3726]: Spam Actions: message 
47798200154.AD398 actions are delete
Feb 10 15:00:47 selene MailScanner[3726]: Spam Checks completed at 1609 
bytes per second
Feb 10 15:00:47 selene MailScanner[3726]: Deleted 1 messages from 
processing-database
Feb 10 15:00:47 selene MailScanner[3726]: Batch completed at 539 bytes 
per second (3501 / 6)
Feb 10 15:00:47 selene MailScanner[3726]: Batch (1 message) processed in 
6.49 seconds
-----------------------------------------

It looks although the mail is detected having a virus (spam-virus), it's 
still checked for spam.

Compare with non spam-virus:

-----------------------------------------
Feb  4 18:52:31 selene MailScanner[14634]: New Batch: Scanning 1 
messages, 9081 bytes
Feb  4 18:52:31 selene MailScanner[14634]: Virus and Content Scanning: 
Starting
Feb  4 18:52:35 selene MailScanner[14634]: 8480A200158.A6BCA.message: 
Email.Trojan-428 FOUND
Feb  4 18:52:36 selene MailScanner[14634]: Virus Scanning: ClamAV found 
1 infections
Feb  4 18:52:36 selene MailScanner[14634]: Infected message 
8480A200158.A6BCA came from 95.39.12.43
Feb  4 18:52:36 selene MailScanner[14634]: Virus Scanning: Found 1 viruses
Feb  4 18:52:36 selene MailScanner[14634]: Virus Scanning completed at 
2080 bytes per second
Feb  4 18:52:36 selene MailScanner[14634]: Saved entire message to 
/var/spool/mail/MailScanner/quarantine/20130204/8480A200158.A6BCA
Feb  4 18:52:36 selene MailScanner[14634]: Spam Checks: Starting
Feb  4 18:52:36 selene MailScanner[14634]: Notices: Warned about 1 messages
Feb  4 18:52:36 selene MailScanner[14634]: Virus Processing completed at 
103302 bytes per second
Feb  4 18:52:36 selene MailScanner[14634]: Deleted 1 messages from 
processing-database
Feb  4 18:52:36 selene MailScanner[14634]: Batch completed at 2035 bytes 
per second (9081 / 4)
Feb  4 18:52:36 selene MailScanner[14634]: Batch (1 message) processed 
in 4.46 seconds
-----------------------------------------

-- 
Regards,
Ling Shi
(UnixSysad, MS, UniMelb)

From aberndt at studio-hamburg.de  Mon Feb 11 11:40:59 2013
From: aberndt at studio-hamburg.de (Berndt, Achim)
Date: Mon, 11 Feb 2013 11:40:59 +0000
Subject: AW: winmail.dat problem in version 4.84.5
In-Reply-To: <7CA580B59C1ABD45B4614ED90D4C7B854176E9FA@HC-EXMBX03.herefordshire.gov.uk>
References: <A442BE4F5F31CA449604DD9493743240320A56@EX11.extern.studio-hamburg.de>
	<CANyE0Po=2WDvSQSyNTVUH-7hSO9uSd=E7T0AmrcRAOVb=jvJmA@mail.gmail.com>
	<A442BE4F5F31CA449604DD949374324032288D@EX11.extern.studio-hamburg.de>
	<CANyE0PqnxVLmOBBxW3mVkmwjV2+tWhGOEe7S7WJVLHDri4a2Gg@mail.gmail.com>
	<A442BE4F5F31CA449604DD949374324032300A@EX11.extern.studio-hamburg.de>
	<7CA580B59C1ABD45B4614ED90D4C7B854176E9FA@HC-EXMBX03.herefordshire.gov.uk>
Message-ID: <A442BE4F5F31CA449604DD9493743240324E7A@EX11.extern.studio-hamburg.de>

Hello,

the TNEF.pm from
https://github.com/MailScanner/MailScanner/blob/master/mailscanner/bin/MailScanner/TNEF.pm
works for me.

Many thanks for all.

Regards
Achim

Von: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] Im Auftrag von Randal, Phil
Gesendet: Donnerstag, 7. Februar 2013 13:38
An: MailScanner discussion
Betreff: RE: winmail.dat problem in version 4.84.5

There's a build of TNEF.pm in the MailScanner Git repo:

https://github.com/MailScanner/MailScanner/blob/master/mailscanner/bin/MailScanner/TNEF.pm

With this version(and latest MailScanner)  I'm seeing temporary directories of form tnefxxxxxx being created in /var/spool/mqueue.in

Cheers,

Phil

--
Phil Randal
Infrastructure Engineer
Hoople Ltd | Thorn Office Centre | Hereford HR2 6JT
Tel: 01432 260415 | Email: phil.randal at hoopleltd.co.uk<mailto:phil.randal at hoopleltd.co.uk>

From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Berndt, Achim
Sent: 07 February 2013 10:45
To: MailScanner discussion
Subject: AW: winmail.dat problem in version 4.84.5

Hello again

Should I change the TNEF.pm
from
MailScanner 4.85.5-3 (original):
  my ($tmpfh, $unpackdir) = tempfile("tnefXXXXXX", TMPDIR => $dir, UNLINK => 0);
  $dir =~ s,^.*/,,;
  $unpackdir = $message->MakeNameSafe($unpackdir, $dir);
  unless (mkdir "$dir/$unpackdir", 0777) {
    MailScanner::Log::WarnLog("Trying to unpack %s in message %s, could not create subdirectory %s, failed to unpack TNEF message", $tnefname, $message->{id},
                              "$dir/$unpackdir");
    return 0;

to
    MailScanner 4.85.5-3 (new):
  my $unpackdir = tempdir("tnefXXXXXX");
  $unpackdir = $message->MakeNameSafe($unpackdir, $dir);
  unless (mkdir "$dir/$unpackdir", 0777) {
   MailScanner::Log::WarnLog("Trying to unpack %s in message %s, could not cre create subdirectory %s, failed to unpack TNEF message", $tnefname, $message->{id},
                             "$dir/$unpackdir");
   return 0;

regards
Achim

Von: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info] Im Auftrag von Alex Neuman
Gesendet: Mittwoch, 6. Februar 2013 17:08
An: MailScanner discussion
Betreff: Re: winmail.dat problem in version 4.84.5


On Wed, Feb 6, 2013 at 2:29 AM, Berndt, Achim <aberndt at studio-hamburg.de<mailto:aberndt at studio-hamburg.de>> wrote:
Hi Alex,

thanks for your answer.
You're welcome!
Splitting of the mails is not the problem, because there are the same failures with single-recipient mails also.
You mentioned it.
MailScanner can't create a sub-directory sometimes, but I don't know why?!
When a program "can't create" subdirectories or folders, it usually means it doesn't have permission to.
Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat in message r14FCB3H032743, could not create subdirectory r14FCB3H032743//tnefgKmhWJ, failed to unpack TNEF message
That appears to be caused by the user MailScanner is running as not having permission to create the file. It could also be that the disk is full (not likely) or that it ran out of inodes (also not likely).
Is the option "not to scan winmail.dat files" really an option?
If you look for winmail.dat in the MailScanner.conf and read the comments therein, you'll find options such as:
Expand TNEF = yes
... which has this as its comment:
# Expand TNEF attachments using an external program (or a Perl module)?
# This should be "yes" unless the scanner you are using (Sophos, McAfee) has
# the facility built-in. However, if you set it to "no", then the filenames
# within the TNEF attachment will not be checked against the filename rules.

If you set it to "no" TNEF messages (those containing winmail.dat) will not be unpacked. Depending on your particular situation, most antivirus programs will still be able to detect viruses inside.

You will *not*, however, be able to limit the type of files included, so that if you've forbidden people from sending .mov files and they send them in a TNEF-encoded message they will still (probably) go through.

Regards
Achim

Von: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info>] Im Auftrag von Alex Neuman
Gesendet: Dienstag, 5. Februar 2013 20:50
An: MailScanner discussion
Betreff: Re: winmail.dat problem in version 4.84.5

Splitting mail is something you have to *do things* for it to happen. If you undo the changes you made to split the e-mails (how to do this depends on which MTA you're using, I'm assuming sendmail from the logs), you should be able to avoid the problem.

Do you know why splitting e-mails to multiple recipients was needed in the first place? Did whoever installed this prior to you taking over document it? The procedure is detailed here:

http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:split_mails_per_recipient

You can also try changing which method you use to process winmail.dat files, or not to process them at all. The risk is minimal. Check your mailscanner.conf settings, there is more information in the comments.
On Tue, Feb 5, 2013 at 12:13 PM, Berndt, Achim <aberndt at studio-hamburg.de<mailto:aberndt at studio-hamburg.de>> wrote:
Hello,

we made last week an update of our mail-gateways. We have now the OS-Version openSUSE12.2 and the
MailScanner-Version 4.84.5 (from 4.81.4). Unfortunately there is now a problem with scanning of winmail.dat
attachments?! If there is a mail with 2 recipients and a winmail.dat attachment, MailScanner split the mail
and try to scan it two times. The first scan is successfull, but the second one not?! Do you have an explanation
for the problem?

Mail-Log:
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3G032743: from=<alex at bdo.de<mailto:alex at bdo.de>>, size=274800, class=0, nrcpts=1, msgid=<86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de<mailto:86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de>>, proto=ESMTP, daemon=MTA, relay=mx01.bdo.de<http://mx01.bdo.de> [194.76.208.111<tel:%5B194.76.208.111>]
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3G032743: to=<peter at studio-hamburg.de<mailto:peter at studio-hamburg.de>>, delay=00:00:01, mailer=esmtp, pri=304800, stat=queued
Feb  4 16:12:14 mxi2 MailScanner[26355]: New Batch: Scanning 1 messages, 275339 bytes
Feb  4 16:12:14 mxi2 MailScanner[26355]: Virus and Content Scanning: Starting
Feb  4 16:12:14 mxi2 MailScanner[26355]: Message r14FCB3G032743 from 194.76.208.111 (alex at bdo.de<mailto:alex at bdo.de>) to studio-hamburg.de<http://studio-hamburg.de> is too big for spam checks (275339 > 200000 bytes)
Feb  4 16:12:14 mxi2 MailScanner[26355]: Uninfected: Delivered 1 messages
Feb  4 16:12:14 mxi2 MailScanner[26355]: Deleted 1 messages from processing-database
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3H032743: from=<alex at bdo.de<mailto:alex at bdo.de>>, size=282469, class=0, nrcpts=1, msgid=<86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de<mailto:86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de>>, proto=ESMTP, daemon=MTA, relay=mx01.bdo.de<http://mx01.bdo.de> [194.76.208.111<tel:%5B194.76.208.111>]
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3H032743: to=<waller at studio-hamburg.de<mailto:waller at studio-hamburg.de>>, delay=00:00:00, mailer=esmtp, pri=312469, stat=queued
Feb  4 16:12:15 mxi2 MailScanner[26300]: New Batch: Scanning 1 messages, 283011 bytes
Feb  4 16:12:15 mxi2 MailScanner[26300]: Expanding TNEF archive at /var/spool/MailScanner/incoming/26300/r14FCB3H032743/winmail.dat
Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat in message r14FCB3H032743, could not create subdirectory r14FCB3H032743//tnefgKmhWJ, failed to unpack TNEF message
Feb  4 16:12:15 mxi2 MailScanner[26300]: Corrupt TNEF winmail.dat that cannot be analysed in message r14FCB3H032743
Feb  4 16:12:15 mxi2 MailScanner[26300]: Virus and Content Scanning: Starting
Feb  4 16:12:15 mxi2 MailScanner[26300]: Message r14FCB3H032743 from 194.76.208.111 (alex at bdo.de<mailto:alex at bdo.de>) to studio-hamburg.de<http://studio-hamburg.de> is too big for spam checks (283011 > 200000 bytes)
Feb  4 16:12:15 mxi2 MailScanner[26300]: Cleaned: Delivered 1 cleaned messages

Regards
Achim


--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!



--

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505<tel:%2B507-6781-9505>
+507-832-6725<tel:%2B507-832-6725>
+1-440-253-9789<tel:%2B1-440-253-9789> (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either.

--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!



--

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either.
"Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130211/6c20adfb/attachment.html 

From eric.le.corre at voila.fr  Mon Feb 11 14:13:24 2013
From: eric.le.corre at voila.fr (eric.le.corre at voila.fr)
Date: Mon, 11 Feb 2013 15:13:24 +0100 (CET)
Subject: out of office and non-delivery message don t pass trough
	mailscanner/spamassassin
Message-ID: <1030121018.107461360592004398.JavaMail.www@wwinf7132>

Hello,

i have still problems with Out of office and non delivery message send from my exchange 2010.
I have mailscanner/spamassasin (version 3.3.2)/postfix as Gateway for my exchange.

All my out of office message and non-delivery send from exchange are catched as spam !

I put in local.cf (spamassassin) :
trusted_networks IP_my_exchange
whitelist_bounce_relays Host_name_my_exchange

but not better, it doesn t pass trough

i don t know how to do.

here, one example of Out of office block :
D?tails de l'analyse du message: (7.9 points, 5.0 requis)
-0.0 NO_RELAYS Informational: message was not relayed via SMTP
0.9 MISSING_HEADERS Le message ne comporte pas l'en-t?te To:
0.5 NULL_IN_BODY FULL: Message has NUL (ASCII 0) byte in message
0.6 MISSING_MID Missing Message-Id: header
0.0 MISSING_SUBJECT Missing Subject: header
2.2 EMPTY_MESSAGE Message appears to have no textual parts and no
Subject: text
1.0 MISSING_FROM Missing From: header
-0.0 NO_RECEIVED Informational: message has no Received headers
2.7 MISSING_DATE En-t?te "Date:" absent
0.0 NO_HEADERS_MESSAGE Message appears to be missing most RFC-822 headers

___________________________________________________________
Cadeaux pour la Saint-Valentin ? prix sold?s ! Bagues, bracelets, montres sont ? visiter sur Voila.fr http://shopping.voila.fr/vitrine/bijoux-montres

From mailscanner at joolee.nl  Mon Feb 11 14:55:57 2013
From: mailscanner at joolee.nl (Joolee)
Date: Mon, 11 Feb 2013 15:55:57 +0100
Subject: out of office and non-delivery message don t pass trough
	mailscanner/spamassassin
In-Reply-To: <1030121018.107461360592004398.JavaMail.www@wwinf7132>
References: <1030121018.107461360592004398.JavaMail.www@wwinf7132>
Message-ID: <CA+Q-w8XD-=x5uoY6u8rhKY=OuBGMNO6hwzVvZjNeO4B=WsiXKw@mail.gmail.com>

Your out of office messages are pretty malformed seeing the rules that it
hits. Best solution, of course, would be to fix the messages themselves.
Most E-mail packages don't give you that option though. Another solution is
to dig in the headers of the messages, find a (few) unique characteristics
and make a (meta) rule with a negative score. This won't solve your problem
on other Spamfilters though.

On 11 February 2013 15:13, <eric.le.corre at voila.fr> wrote:

> Hello,
>
> i have still problems with Out of office and non delivery message send
> from my exchange 2010.
> I have mailscanner/spamassasin (version 3.3.2)/postfix as Gateway for my
> exchange.
>
> All my out of office message and non-delivery send from exchange are
> catched as spam !
>
> I put in local.cf (spamassassin) :
> trusted_networks IP_my_exchange
> whitelist_bounce_relays Host_name_my_exchange
>
> but not better, it doesn t pass trough
>
> i don t know how to do.
>
> here, one example of Out of office block :
> D?tails de l'analyse du message: (7.9 points, 5.0 requis)
> -0.0 NO_RELAYS Informational: message was not relayed via SMTP
> 0.9 MISSING_HEADERS Le message ne comporte pas l'en-t?te To:
> 0.5 NULL_IN_BODY FULL: Message has NUL (ASCII 0) byte in message
> 0.6 MISSING_MID Missing Message-Id: header
> 0.0 MISSING_SUBJECT Missing Subject: header
> 2.2 EMPTY_MESSAGE Message appears to have no textual parts and no
> Subject: text
> 1.0 MISSING_FROM Missing From: header
> -0.0 NO_RECEIVED Informational: message has no Received headers
> 2.7 MISSING_DATE En-t?te "Date:" absent
> 0.0 NO_HEADERS_MESSAGE Message appears to be missing most RFC-822 headers
>
> ___________________________________________________________
> Cadeaux pour la Saint-Valentin ? prix sold?s ! Bagues, bracelets, montres
> sont ? visiter sur Voila.fr
> http://shopping.voila.fr/vitrine/bijoux-montres
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130211/516e35cc/attachment.html 

From jerry.benton at mailborder.com  Mon Feb 11 15:01:18 2013
From: jerry.benton at mailborder.com (Jerry Benton)
Date: Mon, 11 Feb 2013 16:01:18 +0100
Subject: out of office and non-delivery message don t pass trough
	mailscanner/spamassassin
In-Reply-To: <1030121018.107461360592004398.JavaMail.www@wwinf7132>
References: <1030121018.107461360592004398.JavaMail.www@wwinf7132>
Message-ID: <CAED3VzB8SuWJbJawXQLr81z4hAkajZDpFZs+M=LwScvcFtVUdQ@mail.gmail.com>

Try this. Since I know you are using Mailborder, I will build the
capability into the next major release of Mailborder.

http://www.configserver.com/techfaq/faqlist.php?catid=5&faqid=18&page=2




On Mon, Feb 11, 2013 at 3:13 PM, <eric.le.corre at voila.fr> wrote:

> Hello,
>
> i have still problems with Out of office and non delivery message send
> from my exchange 2010.
> I have mailscanner/spamassasin (version 3.3.2)/postfix as Gateway for my
> exchange.
>
> All my out of office message and non-delivery send from exchange are
> catched as spam !
>
> I put in local.cf (spamassassin) :
> trusted_networks IP_my_exchange
> whitelist_bounce_relays Host_name_my_exchange
>
> but not better, it doesn t pass trough
>
> i don t know how to do.
>
> here, one example of Out of office block :
> D?tails de l'analyse du message: (7.9 points, 5.0 requis)
> -0.0 NO_RELAYS Informational: message was not relayed via SMTP
> 0.9 MISSING_HEADERS Le message ne comporte pas l'en-t?te To:
> 0.5 NULL_IN_BODY FULL: Message has NUL (ASCII 0) byte in message
> 0.6 MISSING_MID Missing Message-Id: header
> 0.0 MISSING_SUBJECT Missing Subject: header
> 2.2 EMPTY_MESSAGE Message appears to have no textual parts and no
> Subject: text
> 1.0 MISSING_FROM Missing From: header
> -0.0 NO_RECEIVED Informational: message has no Received headers
> 2.7 MISSING_DATE En-t?te "Date:" absent
> 0.0 NO_HEADERS_MESSAGE Message appears to be missing most RFC-822 headers
>
> ___________________________________________________________
> Cadeaux pour la Saint-Valentin ? prix sold?s ! Bagues, bracelets, montres
> sont ? visiter sur Voila.fr
> http://shopping.voila.fr/vitrine/bijoux-montres
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130211/94aaee74/attachment.html 

From maxsec at gmail.com  Mon Feb 11 15:58:35 2013
From: maxsec at gmail.com (Martin Hepworth)
Date: Mon, 11 Feb 2013 15:58:35 +0000
Subject: MailScanner fail to detect any attachment on RHEL6.3
In-Reply-To: <5118335A.4000807@unimelb.edu.au>
References: <5118335A.4000807@unimelb.edu.au>
Message-ID: <CAGDKorLdDnkAZ4snOZETL6GfVUK9HiZtb9p8Cj+s0RcwWno9sA@mail.gmail.com>

coule of things..

is Selinux off
Have you put the -U flag at the the top of the mailscanner script?


-- 
Martin Hepworth, CISSP
Oxford, UK


On 10 February 2013 23:55, Ling Shi <ling at unimelb.edu.au> wrote:

> Hi,
>
> I recently moved our mail server (RHEL4.9/Postfix 2.2.10/MailScanner
> 4.74.16) to a new machine (RHEL6.3/Postfix 2.6.6/MailScanner 4.84.5).
> After that, MailScanner fails to detect any attachment, ie no
> Filename/Filetype check at all.
>
> By closely looking at /var/spool/MailScanner/incoming/<pid>, I found
> there're only <message-id>, <message-id>.header files, but empty
> <message-id> subdirectory, which means MIME::Parser doesn't work.
>
> `MailScanner -v` output:
>
> -----------------------------
> # MailScanner -v
> Running on
> Linux selene.ms.unimelb.edu.au 2.6.32-279.22.1.el6.x86_64 #1 SMP Sun Jan
> 13 09:21:40 EST 2013 x86_64 x86_64 x86_64 GNU/Linux
> This is Red Hat Enterprise Linux Server release 6.3 (Santiago)
> This is Perl version 5.010001 (5.10.1)
>
> This is MailScanner version 4.84.5
> Module versions are:
> 1.00    AnyDBM_File
> 1.30    Archive::Zip
>    :
> 3.08    MIME::Base64
> 5.504   MIME::Decoder
> 5.504   MIME::Decoder::UU
> 5.504   MIME::Head
> 5.504   MIME::Parser
> 3.08    MIME::QuotedPrint
> 5.504   MIME::Tools
>    :
> -----------------------------
>
> I've tried to feed Postfix queue file (take from
> /var/spool/postfix/hold) to MailScanner on the old RHEL4 server, which
> generates correct <message-id>/<attachment-file>. So Postfix isn't the
> problem.
>
> I also tried feed the queue file to
>
> -----------------------------
> #! /usr/bin/perl
> use MIME::Parser;
> my $parser = new MIME::Parser;
> $parser->parse(\*STDIN)};
> -----------------------------
>
> but that didn't work, sure my perl knowledge is very basic.
>
> Could someone please help write me a perl script, which is similar to
> sub Explode {} in MailScanner::Message? The script takes Postfix queue
> file as import, the output will be like those in
> /var/spool/MailScanner/incoming/<pid>, ie
>
> <message-id>/<attachment>  (if any)
> <message-id>
> <message-id>.header
>
> I'll use this script on both RHEL4 and RHEL6, hoping generate different
> result, so I can ask Redhat support team whether RHEL6's perl is at fault.
>
> Thank you.
>
> --
> Regards,
> Ling Shi
> (UnixSysad, MS, UniMelb)
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130211/04210653/attachment.html 

From campbell at cnpapers.com  Mon Feb 11 18:06:06 2013
From: campbell at cnpapers.com (Steve Campbell)
Date: Mon, 11 Feb 2013 13:06:06 -0500
Subject: Disappearing email - could be OT
Message-ID: <5119330E.2080701@cnpapers.com>

I'm seeing a problem from a couple of my servers. I have a primary 
server for one of our domains, but I see emails coming through a 
secondary server for this domain. The email that gets sent through the 
secondary is relayed to the primary just fine.

The problem is that the primary accepts the email and then disappears. I 
see a line in my sendmail logs like the following:

On the secondary:
sendmail[17339]: r1BGGT8J017339: from=<xxxxxx at yyyyy.
com>, size=0, class=0, nrcpts=1, proto=ESMTP, daemon=MTA, 
relay=173-219-91-250.s
ta.suddenlink.net [173.219.91.250] (may be forged)

On the primary (relayed from the secondary above):
sendmail[31249]: r1BGGZCZ031249: from=<debbie at kcprc.com>, size=0, 
class=0, nrcpts=1, proto=SMTP, daemon=MTA, 
relay=mailserver1.cnpapers.net [10.0.0.103]

The logs above are for the same message. This is the only entries I see 
for this email in both logs. The email isn't delivered, logged through 
Mailscanner, and doesn't exist in the mqueue or mqueue.in directory.

Has anyone seen this type of problem before? How did it get solved? Any 
reason to believe there's a problem in  the processing database and how 
do I discover this?

thanks

steve campbell

Thanks for any

From ka at pacific.net  Mon Feb 11 18:53:23 2013
From: ka at pacific.net (Ken A)
Date: Mon, 11 Feb 2013 12:53:23 -0600
Subject: Disappearing email - could be OT
In-Reply-To: <5119330E.2080701@cnpapers.com>
References: <5119330E.2080701@cnpapers.com>
Message-ID: <51193E23.5040504@pacific.net>

Hi Steve,

It doesn't look unusual if the secondary checks for valid recipients
with the primary. What you may be seeing is just a broken smtp session
where the client disconnected at DATA or something upstream intercepted
it (another anti-spam system?).

If the secondary doesn't check with the primary to validate recipients,
then there must be more logs on the secondary.
"grep r1BGGT8J017339 /var/log/maillog" ?

Ken


On 2/11/2013 12:06 PM, Steve Campbell wrote:
> I'm seeing a problem from a couple of my servers. I have a primary 
> server for one of our domains, but I see emails coming through a 
> secondary server for this domain. The email that gets sent through the 
> secondary is relayed to the primary just fine.
> 
> The problem is that the primary accepts the email and then disappears. I 
> see a line in my sendmail logs like the following:
> 
> On the secondary:
> sendmail[17339]: r1BGGT8J017339: from=<xxxxxx at yyyyy.
> com>, size=0, class=0, nrcpts=1, proto=ESMTP, daemon=MTA, 
> relay=173-219-91-250.s
> ta.suddenlink.net [173.219.91.250] (may be forged)
> 
> On the primary (relayed from the secondary above):
> sendmail[31249]: r1BGGZCZ031249: from=<debbie at kcprc.com>, size=0, 
> class=0, nrcpts=1, proto=SMTP, daemon=MTA, 
> relay=mailserver1.cnpapers.net [10.0.0.103]
> 
> The logs above are for the same message. This is the only entries I see 
> for this email in both logs. The email isn't delivered, logged through 
> Mailscanner, and doesn't exist in the mqueue or mqueue.in directory.
> 
> Has anyone seen this type of problem before? How did it get solved? Any 
> reason to believe there's a problem in  the processing database and how 
> do I discover this?
> 
> thanks
> 
> steve campbell
> 
> Thanks for any
> 

-- 
Ken Anderson
Pacific Internet - http://www.pacific.net
Latest Pacific.Net Status - http://twitter.com/pacnetstatus

From mailscanner at pdscc.com  Mon Feb 11 19:11:02 2013
From: mailscanner at pdscc.com (Harondel J. Sibble)
Date: Mon, 11 Feb 2013 11:11:02 -0800
Subject: strange blocking behaviour with zen.spamhaus.org
Message-ID: <20130211191106.C68A45A1C81@sinclaire.sibble.net>

Anyone using zen.spamhaus.org rbl in MS and at the MTA level, noticing 
weirdness over the past say week or so?

Here's a couple of MTA level examples I've been seeing

    Feb 11 06:07:14 ranger1 postfix/smtpd[13327]: NOQUEUE: reject: RCPT from 
    alias8.phx2-aud-mta-out5.cnet.com[216.239.122.68]: 554 5.7.1 Service 
    unavailable; Client host [216.239.122.68] blocked using zen.spamhaus.org; 
    from=<newsletters at zdnet.online.com> to=<zdnet at pdscc.com> proto=ESMTP 
    helo=<alias8.phx2-aud-mta-out5.cnet.com>

    Feb 11 07:56:19 ranger1 postfix/smtpd[16391]: NOQUEUE: reject: RCPT from 
    lists.freeswitch.org[198.22.64.215]: 554 5.7.1 Service unavailable; Client 
    host [198.22.64.215] blocked using zen.spamhaus.org; 
    from=<freeswitch-users-bounces at lists.freeswitch.org> to=<help at pdscc.com> 
    proto=ESMTP helo=<lists.freeswitch.org>

These are from mailing lists primarily, and if I check the ip address noted 
in the mxtoolbox blacklist check or enter the ip at the spamhaus site, there 
is no listing, WTF????

-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating Solutions for the small and medium business computer user.
help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
Blog: http://www.pdscc.com/blog
(604) 739-3709 (voice)


From campbell at cnpapers.com  Mon Feb 11 19:27:35 2013
From: campbell at cnpapers.com (Steve Campbell)
Date: Mon, 11 Feb 2013 14:27:35 -0500
Subject: Disappearing email - could be OT
In-Reply-To: <51193E23.5040504@pacific.net>
References: <5119330E.2080701@cnpapers.com> <51193E23.5040504@pacific.net>
Message-ID: <51194627.5070300@cnpapers.com>

Nope, there's nothing more than the two log entries, one from each server.

I've found two thing that's strange, though. Whenever an email comes 
from that email address, a log entry shows up first in the primary 
server, and later a second log entry shows up on the primary from the 
secondary.

You may be right on there with the broken smtp session - firstly a 
broken session on the primary and then an attempt from the secondary to 
the primary.

The second thing is no matter where the connection is made, the size 
always seems to be zero, which might indicate the broken session.

I get other emails from the same sending IP just fine, it's mostly this 
user. Could it be her client?

Thanks Ken

steve
On 2/11/2013 1:53 PM, Ken A wrote:
> Hi Steve,
>
> It doesn't look unusual if the secondary checks for valid recipients
> with the primary. What you may be seeing is just a broken smtp session
> where the client disconnected at DATA or something upstream intercepted
> it (another anti-spam system?).
>
> If the secondary doesn't check with the primary to validate recipients,
> then there must be more logs on the secondary.
> "grep r1BGGT8J017339 /var/log/maillog" ?
>
> Ken
>
>
> On 2/11/2013 12:06 PM, Steve Campbell wrote:
>> I'm seeing a problem from a couple of my servers. I have a primary
>> server for one of our domains, but I see emails coming through a
>> secondary server for this domain. The email that gets sent through the
>> secondary is relayed to the primary just fine.
>>
>> The problem is that the primary accepts the email and then disappears. I
>> see a line in my sendmail logs like the following:
>>
>> On the secondary:
>> sendmail[17339]: r1BGGT8J017339: from=<xxxxxx at yyyyy.
>> com>, size=0, class=0, nrcpts=1, proto=ESMTP, daemon=MTA,
>> relay=173-219-91-250.s
>> ta.suddenlink.net [173.219.91.250] (may be forged)
>>
>> On the primary (relayed from the secondary above):
>> sendmail[31249]: r1BGGZCZ031249: from=<debbie at kcprc.com>, size=0,
>> class=0, nrcpts=1, proto=SMTP, daemon=MTA,
>> relay=mailserver1.cnpapers.net [10.0.0.103]
>>
>> The logs above are for the same message. This is the only entries I see
>> for this email in both logs. The email isn't delivered, logged through
>> Mailscanner, and doesn't exist in the mqueue or mqueue.in directory.
>>
>> Has anyone seen this type of problem before? How did it get solved? Any
>> reason to believe there's a problem in  the processing database and how
>> do I discover this?
>>
>> thanks
>>
>> steve campbell
>>
>> Thanks for any
>>


From alex at vidadigital.com.pa  Mon Feb 11 19:36:23 2013
From: alex at vidadigital.com.pa (Alex Neuman)
Date: Mon, 11 Feb 2013 14:36:23 -0500
Subject: Disappearing email - could be OT
In-Reply-To: <5119330E.2080701@cnpapers.com>
References: <5119330E.2080701@cnpapers.com>
Message-ID: <CANyE0PpGHo19Z-FwEk3HsV_H36JEwZKZ6QmV2b63CQ3g56ZDvg@mail.gmail.com>

Could be a .procmailrc issue. Does it happen to *all* e-mails, regardless
of recipient?

On Mon, Feb 11, 2013 at 1:06 PM, Steve Campbell <campbell at cnpapers.com>wrote:

> I'm seeing a problem from a couple of my servers. I have a primary
> server for one of our domains, but I see emails coming through a
> secondary server for this domain. The email that gets sent through the
> secondary is relayed to the primary just fine.
>
> The problem is that the primary accepts the email and then disappears. I
> see a line in my sendmail logs like the following:
>
> On the secondary:
> sendmail[17339]: r1BGGT8J017339: from=<xxxxxx at yyyyy.
> com>, size=0, class=0, nrcpts=1, proto=ESMTP, daemon=MTA,
> relay=173-219-91-250.s
> ta.suddenlink.net [173.219.91.250] (may be forged)
>
> On the primary (relayed from the secondary above):
> sendmail[31249]: r1BGGZCZ031249: from=<debbie at kcprc.com>, size=0,
> class=0, nrcpts=1, proto=SMTP, daemon=MTA,
> relay=mailserver1.cnpapers.net [10.0.0.103]
>
> The logs above are for the same message. This is the only entries I see
> for this email in both logs. The email isn't delivered, logged through
> Mailscanner, and doesn't exist in the mqueue or mqueue.in directory.
>
> Has anyone seen this type of problem before? How did it get solved? Any
> reason to believe there's a problem in  the processing database and how
> do I discover this?
>
> thanks
>
> steve campbell
>
> Thanks for any
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



-- 

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother.
A cute graphic saying "save the planet, don't print this" can potentially
create more CO2, not less, so don't bother either.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130211/c499e323/attachment.html 

From raymond at prolocation.net  Mon Feb 11 20:02:22 2013
From: raymond at prolocation.net (Raymond Dijkxhoorn)
Date: Mon, 11 Feb 2013 21:02:22 +0100
Subject: strange blocking behaviour with zen.spamhaus.org
In-Reply-To: <20130211191106.C68A45A1C81@sinclaire.sibble.net>
References: <20130211191106.C68A45A1C81@sinclaire.sibble.net>
Message-ID: <67A443D5-BB1B-461D-9091-7CEEBAFAC0E6@prolocation.net>

Hai!

My bet is that you use opendns as dns server? Correct? 

Thanks,
Raymond Dijkxhoorn, Prolocation

Op 11 feb. 2013 om 20:11 heeft "Harondel J. Sibble" <mailscanner at pdscc.com> het volgende geschreven:

> Anyone using zen.spamhaus.org rbl in MS and at the MTA level, noticing 
> weirdness over the past say week or so?
> 
> Here's a couple of MTA level examples I've been seeing
> 
>    Feb 11 06:07:14 ranger1 postfix/smtpd[13327]: NOQUEUE: reject: RCPT from 
>    alias8.phx2-aud-mta-out5.cnet.com[216.239.122.68]: 554 5.7.1 Service 
>    unavailable; Client host [216.239.122.68] blocked using zen.spamhaus.org; 
>    from=<newsletters at zdnet.online.com> to=<zdnet at pdscc.com> proto=ESMTP 
>    helo=<alias8.phx2-aud-mta-out5.cnet.com>
> 
>    Feb 11 07:56:19 ranger1 postfix/smtpd[16391]: NOQUEUE: reject: RCPT from 
>    lists.freeswitch.org[198.22.64.215]: 554 5.7.1 Service unavailable; Client 
>    host [198.22.64.215] blocked using zen.spamhaus.org; 
>    from=<freeswitch-users-bounces at lists.freeswitch.org> to=<help at pdscc.com> 
>    proto=ESMTP helo=<lists.freeswitch.org>
> 
> These are from mailing lists primarily, and if I check the ip address noted 
> in the mxtoolbox blacklist check or enter the ip at the spamhaus site, there 
> is no listing, WTF????
> 
> -- 
> Harondel J. Sibble 
> Sibble Computer Consulting
> Creating Solutions for the small and medium business computer user.
> help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
> Blog: http://www.pdscc.com/blog
> (604) 739-3709 (voice)
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

From campbell at cnpapers.com  Mon Feb 11 20:33:40 2013
From: campbell at cnpapers.com (Steve Campbell)
Date: Mon, 11 Feb 2013 15:33:40 -0500
Subject: Disappearing email - could be OT
In-Reply-To: <CANyE0PpGHo19Z-FwEk3HsV_H36JEwZKZ6QmV2b63CQ3g56ZDvg@mail.gmail.com>
References: <5119330E.2080701@cnpapers.com>
	<CANyE0PpGHo19Z-FwEk3HsV_H36JEwZKZ6QmV2b63CQ3g56ZDvg@mail.gmail.com>
Message-ID: <511955A4.2060105@cnpapers.com>

Nope. Different senders from the same domain come through fine. I can't 
say whether different senders to the same recipient varies any.

We actually receive emails from the same server (with the same IP) that 
go through normally from other addresses of that domain.

Which procmailrc file are you referring to? I don't have any installed 
under any user.

Thanks, Alex

steve


On 2/11/2013 2:36 PM, Alex Neuman wrote:
> Could be a .procmailrc issue. Does it happen to *all* e-mails, 
> regardless of recipient?
>
> On Mon, Feb 11, 2013 at 1:06 PM, Steve Campbell <campbell at cnpapers.com 
> <mailto:campbell at cnpapers.com>> wrote:
>
>     I'm seeing a problem from a couple of my servers. I have a primary
>     server for one of our domains, but I see emails coming through a
>     secondary server for this domain. The email that gets sent through the
>     secondary is relayed to the primary just fine.
>
>     The problem is that the primary accepts the email and then
>     disappears. I
>     see a line in my sendmail logs like the following:
>
>     On the secondary:
>     sendmail[17339]: r1BGGT8J017339: from=<xxxxxx at yyyyy.
>     com>, size=0, class=0, nrcpts=1, proto=ESMTP, daemon=MTA,
>     relay=173-219-91-250.s
>     ta.suddenlink.net <http://ta.suddenlink.net> [173.219.91.250] (may
>     be forged)
>
>     On the primary (relayed from the secondary above):
>     sendmail[31249]: r1BGGZCZ031249: from=<debbie at kcprc.com
>     <mailto:debbie at kcprc.com>>, size=0,
>     class=0, nrcpts=1, proto=SMTP, daemon=MTA,
>     relay=mailserver1.cnpapers.net <http://mailserver1.cnpapers.net>
>     [10.0.0.103]
>
>     The logs above are for the same message. This is the only entries
>     I see
>     for this email in both logs. The email isn't delivered, logged through
>     Mailscanner, and doesn't exist in the mqueue or mqueue.in
>     <http://mqueue.in> directory.
>
>     Has anyone seen this type of problem before? How did it get
>     solved? Any
>     reason to believe there's a problem in  the processing database
>     and how
>     do I discover this?
>
>     thanks
>
>     steve campbell
>
>     Thanks for any
>     --
>     MailScanner mailing list
>     mailscanner at lists.mailscanner.info
>     <mailto:mailscanner at lists.mailscanner.info>
>     http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>     Before posting, read http://wiki.mailscanner.info/posting
>
>     Support MailScanner development - buy the book off the website!
>
>
>
>
> -- 
>
> --
>
> Alex Neuman van der Hans
> Reliant Technologies / Vida Digital
> http://vidadigital.com.pa/
>
> +507-6781-9505
> +507-832-6725
> +1-440-253-9789 (USA)
>
> Follow @AlexNeuman on Twitter
> http://facebook.com/vidadigital
>
>
> -- So-called "legal disclaimers" are not legally binding, so don't 
> bother. A cute graphic saying "save the planet, don't print this" can 
> potentially create more CO2, not less, so don't bother either.
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130211/362f0a58/attachment.html 

From jerry.benton at mailborder.com  Mon Feb 11 20:44:05 2013
From: jerry.benton at mailborder.com (Jerry Benton)
Date: Mon, 11 Feb 2013 21:44:05 +0100
Subject: strange blocking behaviour with zen.spamhaus.org
In-Reply-To: <67A443D5-BB1B-461D-9091-7CEEBAFAC0E6@prolocation.net>
References: <20130211191106.C68A45A1C81@sinclaire.sibble.net>
	<67A443D5-BB1B-461D-9091-7CEEBAFAC0E6@prolocation.net>
Message-ID: <CAED3VzD55EJ4tVGacC+z3gijSgs4=MHbJwdJqZbEY3f8kg=GPw@mail.gmail.com>

I was thinking along similar lines. Not a specific DNS server solution, but
more along the lines of a DNS or connectivity interruption.

On Monday, February 11, 2013, Raymond Dijkxhoorn <raymond at prolocation.net>
wrote:
> Hai!
>
> My bet is that you use opendns as dns server? Correct?
>
> Thanks,
> Raymond Dijkxhoorn, Prolocation
>
> Op 11 feb. 2013 om 20:11 heeft "Harondel J. Sibble" <mailscanner at pdscc.com>
het volgende geschreven:
>
>> Anyone using zen.spamhaus.org rbl in MS and at the MTA level, noticing
>> weirdness over the past say week or so?
>>
>> Here's a couple of MTA level examples I've been seeing
>>
>>    Feb 11 06:07:14 ranger1 postfix/smtpd[13327]: NOQUEUE: reject: RCPT
from
>>    alias8.phx2-aud-mta-out5.cnet.com[216.239.122.68]: 554 5.7.1 Service
>>    unavailable; Client host [216.239.122.68] blocked using
zen.spamhaus.org;
>>    from=<newsletters at zdnet.online.com> to=<zdnet at pdscc.com> proto=ESMTP
>>    helo=<alias8.phx2-aud-mta-out5.cnet.com>
>>
>>    Feb 11 07:56:19 ranger1 postfix/smtpd[16391]: NOQUEUE: reject: RCPT
from
>>    lists.freeswitch.org[198.22.64.215]: 554 5.7.1 Service unavailable;
Client
>>    host [198.22.64.215] blocked using zen.spamhaus.org;
>>    from=<freeswitch-users-bounces at lists.freeswitch.org> to=<
help at pdscc.com>
>>    proto=ESMTP helo=<lists.freeswitch.org>
>>
>> These are from mailing lists primarily, and if I check the ip address
noted
>> in the mxtoolbox blacklist check or enter the ip at the spamhaus site,
there
>> is no listing, WTF????
>>
>> --
>> Harondel J. Sibble
>> Sibble Computer Consulting
>> Creating Solutions for the small and medium business computer user.
>> help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
>> Blog: http://www.pdscc.com/blog
>> (604) 739-3709 (voice)
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130211/81d4e7bb/attachment.html 

From raymond at prolocation.net  Mon Feb 11 21:08:07 2013
From: raymond at prolocation.net (Raymond Dijkxhoorn)
Date: Mon, 11 Feb 2013 22:08:07 +0100 (CET)
Subject: strange blocking behaviour with zen.spamhaus.org
In-Reply-To: <CAED3VzD55EJ4tVGacC+z3gijSgs4=MHbJwdJqZbEY3f8kg=GPw@mail.gmail.com>
References: <20130211191106.C68A45A1C81@sinclaire.sibble.net>
	<67A443D5-BB1B-461D-9091-7CEEBAFAC0E6@prolocation.net>
	<CAED3VzD55EJ4tVGacC+z3gijSgs4=MHbJwdJqZbEY3f8kg=GPw@mail.gmail.com>
Message-ID: <alpine.LFD.2.00.1302112207190.6365@noc.prolocation.net>

Hi!

> I was thinking along similar lines. Not a specific DNS server solution, 
> but more along the lines of a DNS or connectivity interruption.

> > My bet is that you use opendns as dns server? Correct?

If you use OpenDNS thats the case, 100%. Conformed from various sources.
They have issues with RBL lookups there and give back random results.

Bye,
Raymond.

From alex at vidadigital.com.pa  Mon Feb 11 21:53:00 2013
From: alex at vidadigital.com.pa (Alex Neuman)
Date: Mon, 11 Feb 2013 16:53:00 -0500
Subject: strange blocking behaviour with zen.spamhaus.org
In-Reply-To: <CAED3VzD55EJ4tVGacC+z3gijSgs4=MHbJwdJqZbEY3f8kg=GPw@mail.gmail.com>
References: <20130211191106.C68A45A1C81@sinclaire.sibble.net>
	<67A443D5-BB1B-461D-9091-7CEEBAFAC0E6@prolocation.net>
	<CAED3VzD55EJ4tVGacC+z3gijSgs4=MHbJwdJqZbEY3f8kg=GPw@mail.gmail.com>
Message-ID: <CANyE0PpG-Kn67O0RmyDzzgZorNLw-WNsUWow9uN2oDjn3SYUvA@mail.gmail.com>

Sounds about right. I tend to avoid using Norton DNS, OpenDNS or any other
non-compliant DNS service on mail gateways. They're ok for home setups and
web proxies, sometimes. Mail servers require more adherence to standards.

On Mon, Feb 11, 2013 at 3:44 PM, Jerry Benton
<jerry.benton at mailborder.com>wrote:

> I was thinking along similar lines. Not a specific DNS server solution,
> but more along the lines of a DNS or connectivity interruption.
>
> On Monday, February 11, 2013, Raymond Dijkxhoorn <raymond at prolocation.net>
> wrote:
> > Hai!
> >
> > My bet is that you use opendns as dns server? Correct?
> >
> > Thanks,
> > Raymond Dijkxhoorn, Prolocation
> >
> > Op 11 feb. 2013 om 20:11 heeft "Harondel J. Sibble" <
> mailscanner at pdscc.com> het volgende geschreven:
> >
> >> Anyone using zen.spamhaus.org rbl in MS and at the MTA level, noticing
> >> weirdness over the past say week or so?
> >>
> >> Here's a couple of MTA level examples I've been seeing
> >>
> >>    Feb 11 06:07:14 ranger1 postfix/smtpd[13327]: NOQUEUE: reject: RCPT
> from
> >>    alias8.phx2-aud-mta-out5.cnet.com[216.239.122.68]: 554 5.7.1 Service
> >>    unavailable; Client host [216.239.122.68] blocked using
> zen.spamhaus.org;
> >>    from=<newsletters at zdnet.online.com> to=<zdnet at pdscc.com> proto=ESMTP
> >>    helo=<alias8.phx2-aud-mta-out5.cnet.com>
> >>
> >>    Feb 11 07:56:19 ranger1 postfix/smtpd[16391]: NOQUEUE: reject: RCPT
> from
> >>    lists.freeswitch.org[198.22.64.215]: 554 5.7.1 Service unavailable;
> Client
> >>    host [198.22.64.215] blocked using zen.spamhaus.org;
> >>    from=<freeswitch-users-bounces at lists.freeswitch.org> to=<
> help at pdscc.com>
> >>    proto=ESMTP helo=<lists.freeswitch.org>
> >>
> >> These are from mailing lists primarily, and if I check the ip address
> noted
> >> in the mxtoolbox blacklist check or enter the ip at the spamhaus site,
> there
> >> is no listing, WTF????
> >>
> >> --
> >> Harondel J. Sibble
> >> Sibble Computer Consulting
> >> Creating Solutions for the small and medium business computer user.
> >> help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
> >> Blog: http://www.pdscc.com/blog
> >> (604) 739-3709 (voice)
> >>
> >> --
> >> MailScanner mailing list
> >> mailscanner at lists.mailscanner.info
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>
> >> Before posting, read http://wiki.mailscanner.info/posting
> >>
> >> Support MailScanner development - buy the book off the website!
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>


-- 

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother.
A cute graphic saying "save the planet, don't print this" can potentially
create more CO2, not less, so don't bother either.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130211/f81e4174/attachment.html 

From alex at vidadigital.com.pa  Mon Feb 11 21:53:41 2013
From: alex at vidadigital.com.pa (Alex Neuman)
Date: Mon, 11 Feb 2013 16:53:41 -0500
Subject: Disappearing email - could be OT
In-Reply-To: <511955A4.2060105@cnpapers.com>
References: <5119330E.2080701@cnpapers.com>
	<CANyE0PpGHo19Z-FwEk3HsV_H36JEwZKZ6QmV2b63CQ3g56ZDvg@mail.gmail.com>
	<511955A4.2060105@cnpapers.com>
Message-ID: <CANyE0PpBFANwuZCH0DUO6rEfaHCH10DeOFn=omQpOMwHxiSP8Q@mail.gmail.com>

There's a system-wide procmailrc file, and there are individual .procmailrc
files for different users. Check the man page for details.

On Mon, Feb 11, 2013 at 3:33 PM, Steve Campbell <campbell at cnpapers.com>wrote:

>  Nope. Different senders from the same domain come through fine. I can't
> say whether different senders to the same recipient varies any.
>
> We actually receive emails from the same server (with the same IP) that go
> through normally from other addresses of that domain.
>
> Which procmailrc file are you referring to? I don't have any installed
> under any user.
>
> Thanks, Alex
>
> steve
>
>
> On 2/11/2013 2:36 PM, Alex Neuman wrote:
>
> Could be a .procmailrc issue. Does it happen to *all* e-mails, regardless
> of recipient?
>
> On Mon, Feb 11, 2013 at 1:06 PM, Steve Campbell <campbell at cnpapers.com>wrote:
>
>> I'm seeing a problem from a couple of my servers. I have a primary
>> server for one of our domains, but I see emails coming through a
>> secondary server for this domain. The email that gets sent through the
>> secondary is relayed to the primary just fine.
>>
>> The problem is that the primary accepts the email and then disappears. I
>> see a line in my sendmail logs like the following:
>>
>> On the secondary:
>> sendmail[17339]: r1BGGT8J017339: from=<xxxxxx at yyyyy.
>> com>, size=0, class=0, nrcpts=1, proto=ESMTP, daemon=MTA,
>> relay=173-219-91-250.s
>> ta.suddenlink.net [173.219.91.250] (may be forged)
>>
>> On the primary (relayed from the secondary above):
>> sendmail[31249]: r1BGGZCZ031249: from=<debbie at kcprc.com>, size=0,
>> class=0, nrcpts=1, proto=SMTP, daemon=MTA,
>> relay=mailserver1.cnpapers.net [10.0.0.103]
>>
>> The logs above are for the same message. This is the only entries I see
>> for this email in both logs. The email isn't delivered, logged through
>> Mailscanner, and doesn't exist in the mqueue or mqueue.in directory.
>>
>> Has anyone seen this type of problem before? How did it get solved? Any
>> reason to believe there's a problem in  the processing database and how
>> do I discover this?
>>
>> thanks
>>
>> steve campbell
>>
>> Thanks for any
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
>
>
>  --
>
> --
>
> Alex Neuman van der Hans
> Reliant Technologies / Vida Digital
> http://vidadigital.com.pa/
>
> +507-6781-9505
> +507-832-6725
> +1-440-253-9789 (USA)
>
> Follow @AlexNeuman on Twitter
> http://facebook.com/vidadigital
>
>
> -- So-called "legal disclaimers" are not legally binding, so don't bother.
> A cute graphic saying "save the planet, don't print this" can potentially
> create more CO2, not less, so don't bother either.
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>


-- 

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother.
A cute graphic saying "save the planet, don't print this" can potentially
create more CO2, not less, so don't bother either.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130211/440a65eb/attachment.html 

From ling at unimelb.edu.au  Mon Feb 11 22:40:14 2013
From: ling at unimelb.edu.au (Ling Shi)
Date: Tue, 12 Feb 2013 09:40:14 +1100
Subject: MailScanner fail to detect any attachment on RHEL6.3
In-Reply-To: <CAGDKorLdDnkAZ4snOZETL6GfVUK9HiZtb9p8Cj+s0RcwWno9sA@mail.gmail.com>
References: <5118335A.4000807@unimelb.edu.au>
	<CAGDKorLdDnkAZ4snOZETL6GfVUK9HiZtb9p8Cj+s0RcwWno9sA@mail.gmail.com>
Message-ID: <5119734E.7050302@unimelb.edu.au>


Thanks Martin!

Selinux doesn't matter. It was "permissive" and then "disabled", which 
made no difference.

But "-U" worked. Thank you.

-----------------------------------
Feb 12 09:21:22 selene MailScanner[2854]: New Batch: Scanning 1 
messages, 478011 bytes
Feb 12 09:21:22 selene MailScanner[2854]: Filename Checks: Blocked 
Filename Detected (A4A95200159.A23FF test.exe)
Feb 12 09:21:22 selene MailScanner[2854]: Other Checks: Found 1 problems
    :
Feb 12 09:21:30 selene MailScanner[2850]: New Batch: Scanning 1 
messages, 147076 bytes
Feb 12 09:21:30 selene MailScanner[2850]: Filename Checks: Windows/DOS 
Executable (2B2A820015C.AAA62 eFax_message.exe)
Feb 12 09:21:30 selene MailScanner[2850]: Filetype Checks: No 
executables (2B2A820015C.AAA62 eFax_message.exe)
Feb 12 09:21:30 selene MailScanner[2850]: Other Checks: Found 2 problems
-----------------------------------

Now the next question (sorry my perl knowledge), MailScanner runs as 
user "postfix", so the only problem is that when MailScanner uses setuid 
programs. What setuid programs MailScanner uses? Does "-U" cause other 
problem, like security issue?

-----------------------------------
-U   allows Perl to do unsafe operations.  Currently the only "unsafe"
      operations are attempting to unlink directories while running as
      superuser, and running setuid programs with fatal taint checks
      turned into warnings.  Note that the -w switch (or the $^W
      variable) must be used along with this option to actually generate
      the taint-check warnings.
-----------------------------------


On 12/02/2013 2:58 AM, Martin Hepworth wrote:
> coule of things..
>
> is Selinux off
> Have you put the -U flag at the the top of the mailscanner script?
>
>
> --
> Martin Hepworth, CISSP
> Oxford, UK
>
>
> On 10 February 2013 23:55, Ling Shi <ling at unimelb.edu.au
> <mailto:ling at unimelb.edu.au>> wrote:
>
>     Hi,
>
>     I recently moved our mail server (RHEL4.9/Postfix 2.2.10/MailScanner
>     4.74.16) to a new machine (RHEL6.3/Postfix 2.6.6/MailScanner 4.84.5).
>     After that, MailScanner fails to detect any attachment, ie no
>     Filename/Filetype check at all.
>
>     By closely looking at /var/spool/MailScanner/incoming/<pid>, I found
>     there're only <message-id>, <message-id>.header files, but empty
>     <message-id> subdirectory, which means MIME::Parser doesn't work.
>
>     `MailScanner -v` output:
>
>     -----------------------------
>     # MailScanner -v
>     Running on
>     Linux selene.ms.unimelb.edu.au <http://selene.ms.unimelb.edu.au>
>     2.6.32-279.22.1.el6.x86_64 #1 SMP Sun Jan
>     13 09:21:40 EST 2013 x86_64 x86_64 x86_64 GNU/Linux
>     This is Red Hat Enterprise Linux Server release 6.3 (Santiago)
>     This is Perl version 5.010001 (5.10.1)
>
>     This is MailScanner version 4.84.5
>     Module versions are:
>     1.00    AnyDBM_File
>     1.30    Archive::Zip
>         :
>     3.08    MIME::Base64
>     5.504   MIME::Decoder
>     5.504   MIME::Decoder::UU
>     5.504   MIME::Head
>     5.504   MIME::Parser
>     3.08    MIME::QuotedPrint
>     5.504   MIME::Tools
>         :
>     -----------------------------
>
>     I've tried to feed Postfix queue file (take from
>     /var/spool/postfix/hold) to MailScanner on the old RHEL4 server, which
>     generates correct <message-id>/<attachment-file>. So Postfix isn't the
>     problem.
>
>     I also tried feed the queue file to
>
>     -----------------------------
>     #! /usr/bin/perl
>     use MIME::Parser;
>     my $parser = new MIME::Parser;
>     $parser->parse(\*STDIN)};
>     -----------------------------
>
>     but that didn't work, sure my perl knowledge is very basic.
>
>     Could someone please help write me a perl script, which is similar to
>     sub Explode {} in MailScanner::Message? The script takes Postfix queue
>     file as import, the output will be like those in
>     /var/spool/MailScanner/incoming/<pid>, ie
>
>     <message-id>/<attachment>  (if any)
>     <message-id>
>     <message-id>.header
>
>     I'll use this script on both RHEL4 and RHEL6, hoping generate different
>     result, so I can ask Redhat support team whether RHEL6's perl is at
>     fault.
>
>     Thank you.
>
>     --
>     Regards,
>     Ling Shi
>     (UnixSysad, MS, UniMelb)
>     --
>     MailScanner mailing list
>     mailscanner at lists.mailscanner.info
>     <mailto:mailscanner at lists.mailscanner.info>
>     http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>     Before posting, read http://wiki.mailscanner.info/posting
>
>     Support MailScanner development - buy the book off the website!
>
>
>
>


-- 
Regards,
Ling Shi
(UnixSysad, MS, UniMelb)

From campbell at cnpapers.com  Tue Feb 12 13:02:33 2013
From: campbell at cnpapers.com (Steve Campbell)
Date: Tue, 12 Feb 2013 08:02:33 -0500
Subject: Disappearing email - could be OT
In-Reply-To: <CANyE0PpBFANwuZCH0DUO6rEfaHCH10DeOFn=omQpOMwHxiSP8Q@mail.gmail.com>
References: <5119330E.2080701@cnpapers.com>
	<CANyE0PpGHo19Z-FwEk3HsV_H36JEwZKZ6QmV2b63CQ3g56ZDvg@mail.gmail.com>
	<511955A4.2060105@cnpapers.com>
	<CANyE0PpBFANwuZCH0DUO6rEfaHCH10DeOFn=omQpOMwHxiSP8Q@mail.gmail.com>
Message-ID: <511A3D69.7000702@cnpapers.com>

I read that, and didn't see a lot on the system wide file. A lot of 
references to the $HOME one though.

Anyway, what might cause this one particular sender to have such a 
problem? As I mentioned, I receive emails from other senders of their 
domain through the same sending server (based on IP address). I hate to 
say this, because it usually bite the one who says it, but nothing has 
changed. It appears to have started happening for this sender about 3 
months ago. I love it when they wait that long to alert me.

Thanks for all the ideas so far.

steve
On 2/11/2013 4:53 PM, Alex Neuman wrote:
> There's a system-wide procmailrc file, and there are individual 
> .procmailrc files for different users. Check the man page for details.
>
> On Mon, Feb 11, 2013 at 3:33 PM, Steve Campbell <campbell at cnpapers.com 
> <mailto:campbell at cnpapers.com>> wrote:
>
>     Nope. Different senders from the same domain come through fine. I
>     can't say whether different senders to the same recipient varies any.
>
>     We actually receive emails from the same server (with the same IP)
>     that go through normally from other addresses of that domain.
>
>     Which procmailrc file are you referring to? I don't have any
>     installed under any user.
>
>     Thanks, Alex
>
>     steve
>
>
>     On 2/11/2013 2:36 PM, Alex Neuman wrote:
>>     Could be a .procmailrc issue. Does it happen to *all* e-mails,
>>     regardless of recipient?
>>
>>     On Mon, Feb 11, 2013 at 1:06 PM, Steve Campbell
>>     <campbell at cnpapers.com <mailto:campbell at cnpapers.com>> wrote:
>>
>>         I'm seeing a problem from a couple of my servers. I have a
>>         primary
>>         server for one of our domains, but I see emails coming through a
>>         secondary server for this domain. The email that gets sent
>>         through the
>>         secondary is relayed to the primary just fine.
>>
>>         The problem is that the primary accepts the email and then
>>         disappears. I
>>         see a line in my sendmail logs like the following:
>>
>>         On the secondary:
>>         sendmail[17339]: r1BGGT8J017339: from=<xxxxxx at yyyyy.
>>         com>, size=0, class=0, nrcpts=1, proto=ESMTP, daemon=MTA,
>>         relay=173-219-91-250.s
>>         ta.suddenlink.net <http://ta.suddenlink.net> [173.219.91.250]
>>         (may be forged)
>>
>>         On the primary (relayed from the secondary above):
>>         sendmail[31249]: r1BGGZCZ031249: from=<debbie at kcprc.com
>>         <mailto:debbie at kcprc.com>>, size=0,
>>         class=0, nrcpts=1, proto=SMTP, daemon=MTA,
>>         relay=mailserver1.cnpapers.net
>>         <http://mailserver1.cnpapers.net> [10.0.0.103]
>>
>>         The logs above are for the same message. This is the only
>>         entries I see
>>         for this email in both logs. The email isn't delivered,
>>         logged through
>>         Mailscanner, and doesn't exist in the mqueue or mqueue.in
>>         <http://mqueue.in> directory.
>>
>>         Has anyone seen this type of problem before? How did it get
>>         solved? Any
>>         reason to believe there's a problem in  the processing
>>         database and how
>>         do I discover this?
>>
>>         thanks
>>
>>         steve campbell
>>
>>         Thanks for any
>>         --
>>         MailScanner mailing list
>>         mailscanner at lists.mailscanner.info
>>         <mailto:mailscanner at lists.mailscanner.info>
>>         http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>         Before posting, read http://wiki.mailscanner.info/posting
>>
>>         Support MailScanner development - buy the book off the website!
>>
>>
>>
>>
>>     -- 
>>
>>     --
>>
>>     Alex Neuman van der Hans
>>     Reliant Technologies / Vida Digital
>>     http://vidadigital.com.pa/
>>
>>     +507-6781-9505 <tel:%2B507-6781-9505>
>>     +507-832-6725 <tel:%2B507-832-6725>
>>     +1-440-253-9789 <tel:%2B1-440-253-9789> (USA)
>>
>>     Follow @AlexNeuman on Twitter
>>     http://facebook.com/vidadigital
>>
>>
>>     -- So-called "legal disclaimers" are not legally binding, so
>>     don't bother. A cute graphic saying "save the planet, don't print
>>     this" can potentially create more CO2, not less, so don't bother
>>     either.
>>
>>
>
>
>     --
>     MailScanner mailing list
>     mailscanner at lists.mailscanner.info
>     <mailto:mailscanner at lists.mailscanner.info>
>     http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>     Before posting, read http://wiki.mailscanner.info/posting
>
>     Support MailScanner development - buy the book off the website!
>
>
>
>
> -- 
>
> --
>
> Alex Neuman van der Hans
> Reliant Technologies / Vida Digital
> http://vidadigital.com.pa/
>
> +507-6781-9505
> +507-832-6725
> +1-440-253-9789 (USA)
>
> Follow @AlexNeuman on Twitter
> http://facebook.com/vidadigital
>
>
> -- So-called "legal disclaimers" are not legally binding, so don't 
> bother. A cute graphic saying "save the planet, don't print this" can 
> potentially create more CO2, not less, so don't bother either.
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130212/1a633517/attachment.html 

From campbell at cnpapers.com  Tue Feb 12 13:50:35 2013
From: campbell at cnpapers.com (Steve Campbell)
Date: Tue, 12 Feb 2013 08:50:35 -0500
Subject: Disappearing email - could be OT
In-Reply-To: <511A3D69.7000702@cnpapers.com>
References: <5119330E.2080701@cnpapers.com>
	<CANyE0PpGHo19Z-FwEk3HsV_H36JEwZKZ6QmV2b63CQ3g56ZDvg@mail.gmail.com>
	<511955A4.2060105@cnpapers.com>
	<CANyE0PpBFANwuZCH0DUO6rEfaHCH10DeOFn=omQpOMwHxiSP8Q@mail.gmail.com>
	<511A3D69.7000702@cnpapers.com>
Message-ID: <511A48AB.7050804@cnpapers.com>

I'm starting to see some clues now.

I received a few emails with very simple text from a sender of the 
domain. The header from the sender seems to be very basic, with no To: 
and Subject: header lines in the header. I'm guessing that an attachment 
would cause the zero size emails that are being sent, for some reason.

Hopefully, a request to their administrator will get things started 
towards solving this problem.

Thanks
steve
On 2/12/2013 8:02 AM, Steve Campbell wrote:
> I read that, and didn't see a lot on the system wide file. A lot of 
> references to the $HOME one though.
>
> Anyway, what might cause this one particular sender to have such a 
> problem? As I mentioned, I receive emails from other senders of their 
> domain through the same sending server (based on IP address). I hate 
> to say this, because it usually bite the one who says it, but nothing 
> has changed. It appears to have started happening for this sender 
> about 3 months ago. I love it when they wait that long to alert me.
>
> Thanks for all the ideas so far.
>
> steve
> On 2/11/2013 4:53 PM, Alex Neuman wrote:
>> There's a system-wide procmailrc file, and there are individual 
>> .procmailrc files for different users. Check the man page for details.
>>
>> On Mon, Feb 11, 2013 at 3:33 PM, Steve Campbell 
>> <campbell at cnpapers.com <mailto:campbell at cnpapers.com>> wrote:
>>
>>     Nope. Different senders from the same domain come through fine. I
>>     can't say whether different senders to the same recipient varies any.
>>
>>     We actually receive emails from the same server (with the same
>>     IP) that go through normally from other addresses of that domain.
>>
>>     Which procmailrc file are you referring to? I don't have any
>>     installed under any user.
>>
>>     Thanks, Alex
>>
>>     steve
>>
>>
>>     On 2/11/2013 2:36 PM, Alex Neuman wrote:
>>>     Could be a .procmailrc issue. Does it happen to *all* e-mails,
>>>     regardless of recipient?
>>>
>>>     On Mon, Feb 11, 2013 at 1:06 PM, Steve Campbell
>>>     <campbell at cnpapers.com <mailto:campbell at cnpapers.com>> wrote:
>>>
>>>         I'm seeing a problem from a couple of my servers. I have a
>>>         primary
>>>         server for one of our domains, but I see emails coming through a
>>>         secondary server for this domain. The email that gets sent
>>>         through the
>>>         secondary is relayed to the primary just fine.
>>>
>>>         The problem is that the primary accepts the email and then
>>>         disappears. I
>>>         see a line in my sendmail logs like the following:
>>>
>>>         On the secondary:
>>>         sendmail[17339]: r1BGGT8J017339: from=<xxxxxx at yyyyy.
>>>         com>, size=0, class=0, nrcpts=1, proto=ESMTP, daemon=MTA,
>>>         relay=173-219-91-250.s
>>>         ta.suddenlink.net <http://ta.suddenlink.net>
>>>         [173.219.91.250] (may be forged)
>>>
>>>         On the primary (relayed from the secondary above):
>>>         sendmail[31249]: r1BGGZCZ031249: from=<debbie at kcprc.com
>>>         <mailto:debbie at kcprc.com>>, size=0,
>>>         class=0, nrcpts=1, proto=SMTP, daemon=MTA,
>>>         relay=mailserver1.cnpapers.net
>>>         <http://mailserver1.cnpapers.net> [10.0.0.103]
>>>
>>>         The logs above are for the same message. This is the only
>>>         entries I see
>>>         for this email in both logs. The email isn't delivered,
>>>         logged through
>>>         Mailscanner, and doesn't exist in the mqueue or mqueue.in
>>>         <http://mqueue.in> directory.
>>>
>>>         Has anyone seen this type of problem before? How did it get
>>>         solved? Any
>>>         reason to believe there's a problem in  the processing
>>>         database and how
>>>         do I discover this?
>>>
>>>         thanks
>>>
>>>         steve campbell
>>>
>>>         Thanks for any
>>>         --
>>>         MailScanner mailing list
>>>         mailscanner at lists.mailscanner.info
>>>         <mailto:mailscanner at lists.mailscanner.info>
>>>         http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>>         Before posting, read http://wiki.mailscanner.info/posting
>>>
>>>         Support MailScanner development - buy the book off the website!
>>>
>>>
>>>
>>>
>>>     -- 
>>>
>>>     --
>>>
>>>     Alex Neuman van der Hans
>>>     Reliant Technologies / Vida Digital
>>>     http://vidadigital.com.pa/
>>>
>>>     +507-6781-9505 <tel:%2B507-6781-9505>
>>>     +507-832-6725 <tel:%2B507-832-6725>
>>>     +1-440-253-9789 <tel:%2B1-440-253-9789> (USA)
>>>
>>>     Follow @AlexNeuman on Twitter
>>>     http://facebook.com/vidadigital
>>>
>>>
>>>     -- So-called "legal disclaimers" are not legally binding, so
>>>     don't bother. A cute graphic saying "save the planet, don't
>>>     print this" can potentially create more CO2, not less, so don't
>>>     bother either.
>>>
>>>
>>
>>
>>     --
>>     MailScanner mailing list
>>     mailscanner at lists.mailscanner.info
>>     <mailto:mailscanner at lists.mailscanner.info>
>>     http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>     Before posting, read http://wiki.mailscanner.info/posting
>>
>>     Support MailScanner development - buy the book off the website!
>>
>>
>>
>>
>> -- 
>>
>> --
>>
>> Alex Neuman van der Hans
>> Reliant Technologies / Vida Digital
>> http://vidadigital.com.pa/
>>
>> +507-6781-9505
>> +507-832-6725
>> +1-440-253-9789 (USA)
>>
>> Follow @AlexNeuman on Twitter
>> http://facebook.com/vidadigital
>>
>>
>> -- So-called "legal disclaimers" are not legally binding, so don't 
>> bother. A cute graphic saying "save the planet, don't print this" can 
>> potentially create more CO2, not less, so don't bother either.
>>
>>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130212/828f532f/attachment.html 

From ian at 34sp.com  Tue Feb 12 14:15:01 2013
From: ian at 34sp.com (Ian Knight)
Date: Tue, 12 Feb 2013 14:15:01 +0000
Subject: debugging a email.
Message-ID: <511A4E65.4080909@34sp.com>

Am i doing something silly here.

got just simple things like microsoft test messages not getting through 
mailscanner:

From: Microsoft Outlook <email at address>
To: =?utf-8?B?Qnlyb24gUHVsbA==?= <email at address>
Subject: =?utf-8?B?TWljcm9zb2Z0IE91dGxvb2sgVGVzdCBNZXNzYWdl?=
MIME-Version: 1.0
Content-Type: text/html;
     charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Authenticated-As: domain
X-OriginalSMTPIP: IP
Smarthost: IP

This is an e-mail message sent automatically by Microsoft Outlook while 
testing the settings for your account.


The above is the full message - the last 3 headers are once our smtp 
authentication array add in.

The user gets a bounce back with

Subject: Warning: E-mail error detected


If i do the following from:
/var/spool/MailScanner/quarantine/20130207/D4E051314.AFA80
[root at 6 D4E051314.AFA80]# cp message 
/var/spool/postfix/active/D4E051314.AFA80
[root at 6 D4E051314.AFA80]# MailScanner --debug --id=D4E051314.AFA80
In Debugging mode, not forking...
Trying to setlogsock(unix)
Building a message batch to scan...
(it just sits here - doesnt actually do anything else - this is a 
postfix installation)

Thanks for any help.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130212/cb03a820/attachment.html 

From mailscanner at pdscc.com  Tue Feb 12 15:51:01 2013
From: mailscanner at pdscc.com (Harondel J. Sibble)
Date: Tue, 12 Feb 2013 07:51:01 -0800
Subject: strange blocking behaviour with zen.spamhaus.org
In-Reply-To: <alpine.LFD.2.00.1302112207190.6365@noc.prolocation.net>
References: <20130211191106.C68A45A1C81@sinclaire.sibble.net>,
	<CAED3VzD55EJ4tVGacC+z3gijSgs4=MHbJwdJqZbEY3f8kg=GPw@mail.gmail.com>,
	<alpine.LFD.2.00.1302112207190.6365@noc.prolocation.net>
Message-ID: <20130212155107.1F0405A1C81@sinclaire.sibble.net>

Sigh <lovely>

well switching back to my ISP dns servers for now then.

I'm surprised it's only happening recently, literally last week people 
started complaining that mail was bouncing to me and that's when I started 
monitoring the logs in more depth.

This has worked flawlessly for years until last week, nothing has changed on 
my MS box.

Most of what I am getting while googling about this issue is old, as in 
serveral years in some cases, I am not finding anything current so far.

On 11 Feb 2013 at 22:08, Raymond Dijkxhoorn wrote:

> Hi!
> 
> > I was thinking along similar lines. Not a specific DNS server solution, but
> > more along the lines of a DNS or connectivity interruption.
> 
> > > My bet is that you use opendns as dns server? Correct?
> 
> If you use OpenDNS thats the case, 100%. Conformed from various sources.
> They have issues with RBL lookups there and give back random results.
> 
> Bye,
> Raymond.
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 


-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating Solutions for the small and medium business computer user.
help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
Blog: http://www.pdscc.com/blog
(604) 739-3709 (voice)


From steve at fsl.com  Tue Feb 12 15:51:47 2013
From: steve at fsl.com (Stephen Swaney)
Date: Tue, 12 Feb 2013 11:51:47 -0400
Subject: strange blocking behaviour with zen.spamhaus.org
In-Reply-To: <WM!dbdd138dafdd92921b9fef0869c7ff9e3b04f910fd1f09622154ba82ec89ba5442f5344b9a709809f37aac9fd04142c07f179db16635838bda7e5ddfb15d691738d3ab6b271f8240cb109e86e1828e77!@mail1-ec2.fsl.com>
References: <LISTHINT!ee8e03d103dc4a25d75b0f6641ea215d92b98b1750e1001d7c99b9c31e025974219285b7b96a4cebba1db98901c24da1a32a0560390e3a9a582b4e5760c1748675b854b471ee0eb9a4ad5a9407219169!@mail1-ec2.fsl.com>
	<20130211191106.C68A45A1C81@sinclaire.sibble.net>
	<WM!dbdd138dafdd92921b9fef0869c7ff9e3b04f910fd1f09622154ba82ec89ba5442f5344b9a709809f37aac9fd04142c07f179db16635838bda7e5ddfb15d691738d3ab6b271f8240cb109e86e1828e77!@mail1-ec2.fsl.com>
	<511A6513.7030909@fsl.com>
Message-ID: <WM!eab71c4c692fa62e3a1f625b7d08744b47cbe62a91a9b61c48670402c59aaae923fc972d27e4fc0058c17dfa0551e048!@mail1-ec2.fsl.com>

Spamhaus is a subscription server for commercial sites. Please see

On 2/11/13 3:11 PM, Harondel J. Sibble wrote:
> Anyone using zen.spamhaus.org rbl in MS and at the MTA level, n1oticing
> weirdness over the past say week or so?
>
> Here's a couple of MTA level examples I've been seeing
>
>      Feb 11 06:07:14 ranger1 postfix/smtpd[13327]: NOQUEUE: reject: RCPT from
>      alias8.phx2-aud-mta-out5.cnet.com[216.239.122.68]: 554 5.7.1 Service
>      unavailable; Client host [216.239.122.68] blocked using zen.spamhaus.org;
>      from=<newsletters at zdnet.online.com> to=<zdnet at pdscc.com> proto=ESMTP
>      helo=<alias8.phx2-aud-mta-out5.cnet.com>
>
>      Feb 11 07:56:19 ranger1 postfix/smtpd[16391]: NOQUEUE: reject: RCPT from
>      lists.freeswitch.org[198.22.64.215]: 554 5.7.1 Service unavailable; Client
>      host [198.22.64.215] blocked using zen.spamhaus.org;
>      from=<freeswitch-users-bounces at lists.freeswitch.org> to=<help at pdscc.com>
>      proto=ESMTP helo=<lists.freeswitch.org>
>
> These are from mailing lists primarily, and if I check the ip address noted
> in the mxtoolbox blacklist check or enter the ip at the spamhaus site, there
> is no listing, WTF????
>


From jerry.benton at mailborder.com  Tue Feb 12 15:59:32 2013
From: jerry.benton at mailborder.com (Jerry Benton)
Date: Tue, 12 Feb 2013 16:59:32 +0100
Subject: debugging a email.
In-Reply-To: <511A4E65.4080909@34sp.com>
References: <511A4E65.4080909@34sp.com>
Message-ID: <CAED3VzCZBAVoev-4ZrsW6odTRne51VuiEqGvHk1n2O4YdgKyLQ@mail.gmail.com>

Try this to eliminate you exchange server from the equation:

http://mxtoolbox.com/diagnostic.aspx


On Tuesday, February 12, 2013, Ian Knight <ian at 34sp.com> wrote:
> Am i doing something silly here.
>
> got just simple things like microsoft test messages not getting through
mailscanner:
>
> From: Microsoft Outlook <email at address>
> To: =?utf-8?B?Qnlyb24gUHVsbA==?= <email at address>
> Subject: =?utf-8?B?TWljcm9zb2Z0IE91dGxvb2sgVGVzdCBNZXNzYWdl?=
> MIME-Version: 1.0
> Content-Type: text/html;
>     charset="utf-8"
> Content-Transfer-Encoding: 8bit
> X-Authenticated-As: domain
> X-OriginalSMTPIP: IP
> Smarthost: IP
>
> This is an e-mail message sent automatically by Microsoft Outlook while
testing the settings for your account.
>
>
> The above is the full message - the last 3 headers are once our smtp
authentication array add in.
>
> The user gets a bounce back with
>
> Subject: Warning: E-mail error detected
>
>
> If i do the following from:
> /var/spool/MailScanner/quarantine/20130207/D4E051314.AFA80
> [root at 6 D4E051314.AFA80]# cp message
/var/spool/postfix/active/D4E051314.AFA80
> [root at 6 D4E051314.AFA80]# MailScanner --debug --id=D4E051314.AFA80
> In Debugging mode, not forking...
> Trying to setlogsock(unix)
> Building a message batch to scan...
> (it just sits here - doesnt actually do anything else - this is a postfix
installation)
>
> Thanks for any help.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130212/4700de9e/attachment.html 

From steve at fsl.com  Tue Feb 12 16:45:06 2013
From: steve at fsl.com (Stephen Swaney)
Date: Tue, 12 Feb 2013 12:45:06 -0400
Subject: strange blocking behaviour with zen.spamhaus.org
In-Reply-To: <WM!81275ce5bb697ea3d3a71f5d89a9e3a55b1d6d1cb040a6e41714e5c33cc8b4b0039f917eb67bbf0d3868434e2470c5b5!@mail1-ec2.fsl.com>
References: <LISTHINT!ee8e03d103dc4a25d75b0f6641ea215d92b98b1750e1001d7c99b9c31e025974219285b7b96a4cebba1db98901c24da1a32a0560390e3a9a582b4e5760c1748675b854b471ee0eb9a4ad5a9407219169!@mail1-ec2.fsl.com>
	<LISTHINT!ee8e03d103dc4a25d75b0f6641ea215d92b98b1750e1001d7c99b9c31e025974219285b7b96a4cebba1db98901c24da1a32a0560390e3a9a582b4e5760c1748675b854b471ee0eb9a4ad5a9407219169!@mail1-ec2.fsl.com>	<20130211191106.C68A45A1C81@sinclaire.sibble.net>	<WM!dbdd138dafdd92921b9fef0869c7ff9e3b04f910fd1f09622154ba82ec89ba5442f5344b9a709809f37aac9fd04142c07f179db16635838bda7e5ddfb15d691738d3ab6b271f8240cb109e86e1828e77!@mail1-ec2.fsl.com>	<511A6513.7030909@fsl.com>
	<WM!eab71c4c692fa62e3a1f625b7d08744b47cbe62a91a9b61c48670402c59aaae923fc972d27e4fc0058c17dfa0551e048!@mail1-ec2.fsl.com>
	<WM!81275ce5bb697ea3d3a71f5d89a9e3a55b1d6d1cb040a6e41714e5c33cc8b4b0039f917eb67bbf0d3868434e2470c5b5!@mail1-ec2.fsl.com>
Message-ID: <511A7192.8030503@fsl.com>

Sorry I hit send too soon. I  was trying  to say:

Spamhaus is a subscription service for commercial sites. Please see:

             http://www.spamhaus.org/organization/dnsblusage/
or
             http://www.fortantispam.com/pdf/readme_rbl_use_bmx.pdf

Steve
--
Steve Swaney
steve at fsl.com
www.fsl.com


On 2/12/2013 11:51 AM, Stephen Swaney wrote:
> Spamhaus is a subscription server for commercial sites. Please see
>
> On 2/11/13 3:11 PM, Harondel J. Sibble wrote:
>> Anyone using zen.spamhaus.org rbl in MS and at the MTA level, n1oticing
>> weirdness over the past say week or so?
>>
>> Here's a couple of MTA level examples I've been seeing
>>
>>       Feb 11 06:07:14 ranger1 postfix/smtpd[13327]: NOQUEUE: reject: RCPT from
>>       alias8.phx2-aud-mta-out5.cnet.com[216.239.122.68]: 554 5.7.1 Service
>>       unavailable; Client host [216.239.122.68] blocked using zen.spamhaus.org;
>>       from=<newsletters at zdnet.online.com>  to=<zdnet at pdscc.com>  proto=ESMTP
>>       helo=<alias8.phx2-aud-mta-out5.cnet.com>
>>
>>       Feb 11 07:56:19 ranger1 postfix/smtpd[16391]: NOQUEUE: reject: RCPT from
>>       lists.freeswitch.org[198.22.64.215]: 554 5.7.1 Service unavailable; Client
>>       host [198.22.64.215] blocked using zen.spamhaus.org;
>>       from=<freeswitch-users-bounces at lists.freeswitch.org>  to=<help at pdscc.com>
>>       proto=ESMTP helo=<lists.freeswitch.org>
>>
>> These are from mailing lists primarily, and if I check the ip address noted
>> in the mxtoolbox blacklist check or enter the ip at the spamhaus site, there
>> is no listing, WTF????
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130212/10ac4f14/attachment.html 

From ian at 34sp.com  Wed Feb 13 10:16:20 2013
From: ian at 34sp.com (Ian Knight)
Date: Wed, 13 Feb 2013 10:16:20 +0000
Subject: debugging a email.
In-Reply-To: <CAED3VzCZBAVoev-4ZrsW6odTRne51VuiEqGvHk1n2O4YdgKyLQ@mail.gmail.com>
References: <511A4E65.4080909@34sp.com>
	<CAED3VzCZBAVoev-4ZrsW6odTRne51VuiEqGvHk1n2O4YdgKyLQ@mail.gmail.com>
Message-ID: <511B67F4.9020004@34sp.com>

On 12/02/13 15:59, Jerry Benton wrote:
> Try this to eliminate you exchange server from the equation:
>
> http://mxtoolbox.com/diagnostic.aspx
>
>
>
There is no exchange server in this.

This is  a user using smtp authentication sending to our authentication 
servers (exim) - if all goes through ok - it goes to our delivery 
servers (postfix + mailscanner) its here that the issue is happening, we 
have several thousand people using this with no issues, just from time 
to time get issues like this for no reason with no real explanation in 
the logs.

Thanks.




From jonas at vrt.dk  Tue Feb 19 08:39:44 2013
From: jonas at vrt.dk (Jonas Akrouh Larsen)
Date: Tue, 19 Feb 2013 08:39:44 +0000
Subject: Outgoing scanning
Message-ID: <BBE3159426E3CD4F88DBE4753B2C90BAB26548@SCTSBS11.sct.dk>

Hi all

I've recently setup my MS setup to act as an outgoing smarthost filter as well as scanning incoming mails.

However I've run into a problem. Obviously I would like the outgoing mails to be both spam and virus scanned no issue there, they are by default.

However big difference in how I want mailscanner to react depending on if a mail is incoming or outgoing.

I would prefer to simply bounce the email if it is considered spam. This is allowed for normal scoring spam but not for high scoring spam.

Somebody tried to make an argument for it a couple of years ago on the list, but it seems nobody really understood what he wanted to do, but simply kept on with the "never bounce spam"

Since quarantining or deleting outgoing mail without ever letting the sender know makes no sense to me, im curious as to what tohers are doing?

Are you simply whitelisting all outgoing mail?
Only virus scanning it, but not spam scanning it?
Maybe you are spam scanning it but with a much higher score limit?

Since we can't scan at smtp time, I see no other good reason than to bounce the spam back to the user, WHEN ITS OUTGOING.

This means this is only for internal users, hence I don't see how the normal policy about not bouncing spam applies.

Also it's a bit weird that its allowed for normal scoring spam and not high scoring.

Hope somebody have some insights to share :)


Med venlig hilsen / Best regards

Jonas Akrouh Larsen

TechBiz ApS
Laplandsgade 4, 2. sal
2300 K?benhavn S

Office: 7020 0979
Direct: 3336 9974
Mobile: 5120 1096
Fax:    7020 0978
Web: www.techbiz.dk<http://www.techbiz.dk>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130219/95c4c124/attachment.html 

From jerry.benton at mailborder.com  Tue Feb 19 10:08:27 2013
From: jerry.benton at mailborder.com (Jerry Benton)
Date: Tue, 19 Feb 2013 11:08:27 +0100
Subject: Mandiant Report
Message-ID: <CAED3VzArD30b0uwizk6H_G8eG9qZkDXBtXHka2Gq6gkmgDEW_w@mail.gmail.com>

I thought that many on this list would be interested in a report released
yesterday by Mandiant. If you work with MailScanner, I would assume you
have some interest in computer security. This information in this report is
invaluable and unprecedented.

http://www.mandiant.com/apt1

I highly recommend reviewing this report. This is especially true if you
organization generates any information related to technology, engineering,
or aerospace.


Jerry Benton
www.mailborder.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130219/faf9f450/attachment.html 

From alex at vidadigital.com.pa  Tue Feb 19 13:30:04 2013
From: alex at vidadigital.com.pa (Alex Neuman)
Date: Tue, 19 Feb 2013 08:30:04 -0500
Subject: Outgoing scanning
In-Reply-To: <BBE3159426E3CD4F88DBE4753B2C90BAB26548@SCTSBS11.sct.dk>
References: <BBE3159426E3CD4F88DBE4753B2C90BAB26548@SCTSBS11.sct.dk>
Message-ID: <CANyE0PrEq7Xk8dGRfGyhryp7ODAkCAmMJRK9abwYpWM6vxp-gw@mail.gmail.com>

If you *absolutely* must have this, you should make sure you enable
authentication and SPF for your outgoing users. Otherwise, someone
could "bounce" messages off of you to spam a third party.

For example, if I send you a message "from"
thirdparty at someonelseesserver.com "to" jonas at vrt.dk and you determine
it's spam, it'll be bounced "to" thirdparty at someoneelsesserver.com.

Also if I send a message purporting to be "from" jonas at vrt.dk "to"
jonas at vrt.dk it'll get to you anyways, since it'll be "bounced" to
you, even if *I* was the one who actually sent it.

If you do all of this you can change:
Spam Actions = deliver header "X-Spam-Status: Yes"
to
Spam Actions = bounce

... knowing that you're setting yourself up to be blacklisted if
anything fails. If you do it at the SMTP transaction level (which
you've stated you don't want to do) the responsibility falls upon the
sender. If you do it *after the fact*, it becomes *your*
responsibility.

On Tue, Feb 19, 2013 at 3:39 AM, Jonas Akrouh Larsen <jonas at vrt.dk> wrote:
> Hi all
>
>
>
> I?ve recently setup my MS setup to act as an outgoing smarthost filter as
> well as scanning incoming mails.
>
>
>
> However I?ve run into a problem. Obviously I would like the outgoing mails
> to be both spam and virus scanned no issue there, they are by default.
>
>
>
> However big difference in how I want mailscanner to react depending on if a
> mail is incoming or outgoing.
>
>
>
> I would prefer to simply bounce the email if it is considered spam. This is
> allowed for normal scoring spam but not for high scoring spam.
>
>
>
> Somebody tried to make an argument for it a couple of years ago on the list,
> but it seems nobody really understood what he wanted to do, but simply kept
> on with the ?never bounce spam?
>
>
>
> Since quarantining or deleting outgoing mail without ever letting the sender
> know makes no sense to me, im curious as to what tohers are doing?
>
>
>
> Are you simply whitelisting all outgoing mail?
>
> Only virus scanning it, but not spam scanning it?
>
> Maybe you are spam scanning it but with a much higher score limit?
>
>
>
> Since we can?t scan at smtp time, I see no other good reason than to bounce
> the spam back to the user, WHEN ITS OUTGOING.
>
>
>
> This means this is only for internal users, hence I don?t see how the normal
> policy about not bouncing spam applies.
>
>
>
> Also it?s a bit weird that its allowed for normal scoring spam and not high
> scoring.
>
>
>
> Hope somebody have some insights to share J
>
>
>
>
>
> Med venlig hilsen / Best regards
>
>
>
> Jonas Akrouh Larsen
>
>
>
> TechBiz ApS
>
> Laplandsgade 4, 2. sal
>
> 2300 K?benhavn S
>
>
>
> Office: 7020 0979
>
> Direct: 3336 9974
>
> Mobile: 5120 1096
>
> Fax:    7020 0978
>
> Web: www.techbiz.dk
>
>
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



-- 

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't
bother. A cute graphic saying "save the planet, don't print this" can
potentially create more CO2, not less, so don't bother either.

From Denis.Beauchemin at usherbrooke.ca  Tue Feb 19 13:33:28 2013
From: Denis.Beauchemin at usherbrooke.ca (Denis Beauchemin)
Date: Tue, 19 Feb 2013 13:33:28 +0000
Subject: Outgoing scanning
In-Reply-To: <BBE3159426E3CD4F88DBE4753B2C90BAB26548@SCTSBS11.sct.dk>
References: <BBE3159426E3CD4F88DBE4753B2C90BAB26548@SCTSBS11.sct.dk>
Message-ID: <E4CD9F6A1A6FF745BCABA56BBD1008D574CB3E27@XMBX03.sti.usherbrooke.ca>

Jonas,

We have incoming and outgoing MailScanner servers. The incoming ones have stricter rules and do not bounce any email. The outgoing ones have more permissive rules but will bounce spam back to its sender. The outgoing servers will only accept emails from our networks. We've had this setup for years and it is working pretty well.

At one point I tried to configure a single MailScanner for both incoming and outgoing purposes but I ran into problems and abandoned the idea. We now run dual outgoing, triple incoming and dual special outgoing (mostly for mailing lists and bulk emails). Having more than one server for one purpose has benefits such as being able to upgrade one server while the other is still processing emails.

Denis

De?: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Jonas Akrouh Larsen
Envoy??: 19 f?vrier 2013 03:49
??: mailscanner at lists.mailscanner.info
Objet?: Outgoing scanning

Hi all

I?ve recently setup my MS setup to act as an outgoing smarthost filter as well as scanning incoming mails.

However I?ve run into a problem. Obviously I would like the outgoing mails to be both spam and virus scanned no issue there, they are by default.

However big difference in how I want mailscanner to react depending on if a mail is incoming or outgoing.

I would prefer to simply bounce the email if it is considered spam. This is allowed for normal scoring spam but not for high scoring spam.

Somebody tried to make an argument for it a couple of years ago on the list, but it seems nobody really understood what he wanted to do, but simply kept on with the ?never bounce spam?

Since quarantining or deleting outgoing mail without ever letting the sender know makes no sense to me, im curious as to what tohers are doing?

Are you simply whitelisting all outgoing mail?
Only virus scanning it, but not spam scanning it?
Maybe you are spam scanning it but with a much higher score limit?

Since we can?t scan at smtp time, I see no other good reason than to bounce the spam back to the user, WHEN ITS OUTGOING.

This means this is only for internal users, hence I don?t see how the normal policy about not bouncing spam applies.

Also it?s a bit weird that its allowed for normal scoring spam and not high scoring.

Hope somebody have some insights to share ?


Med venlig hilsen / Best regards
?
Jonas Akrouh Larsen
?
TechBiz ApS
Laplandsgade 4, 2. sal
2300 K?benhavn S
?
Office: 7020 0979
Direct: 3336 9974
Mobile: 5120 1096
Fax:??? 7020 0978
Web: www.techbiz.dk



From mailscanner at joolee.nl  Tue Feb 19 13:35:55 2013
From: mailscanner at joolee.nl (Joolee)
Date: Tue, 19 Feb 2013 14:35:55 +0100
Subject: Outgoing scanning
In-Reply-To: <BBE3159426E3CD4F88DBE4753B2C90BAB26548@SCTSBS11.sct.dk>
References: <BBE3159426E3CD4F88DBE4753B2C90BAB26548@SCTSBS11.sct.dk>
Message-ID: <CA+Q-w8VpahGnVJWo92XUh+fZwozwR148fvz1B2P8ydau9VX7jw@mail.gmail.com>

The best option for this is to install 2 separate spamfilters. I'm also
running both in and outbound filtering through the same filter but there
are also other issues you will run into.

On 19 February 2013 09:39, Jonas Akrouh Larsen <jonas at vrt.dk> wrote:

>  Hi all****
>
> ** **
>
> I?ve recently setup my MS setup to act as an outgoing smarthost filter as
> well as scanning incoming mails.****
>
> ** **
>
> However I?ve run into a problem. Obviously I would like the outgoing mails
> to be both spam and virus scanned no issue there, they are by default.****
>
> ** **
>
> However big difference in how I want mailscanner to react depending on if
> a mail is incoming or outgoing.****
>
> ** **
>
> I would prefer to simply bounce the email if it is considered spam. This
> is allowed for normal scoring spam but not for high scoring spam.****
>
> ** **
>
> Somebody tried to make an argument for it a couple of years ago on the
> list, but it seems nobody really understood what he wanted to do, but
> simply kept on with the ?never bounce spam?****
>
> ** **
>
> Since quarantining or deleting outgoing mail without ever letting the
> sender know makes no sense to me, im curious as to what tohers are doing?*
> ***
>
> ** **
>
> Are you simply whitelisting all outgoing mail?****
>
> Only virus scanning it, but not spam scanning it?****
>
> Maybe you are spam scanning it but with a much higher score limit?****
>
> ** **
>
> Since we can?t scan at smtp time, I see no other good reason than to
> bounce the spam back to the user, WHEN ITS OUTGOING.****
>
> ** **
>
> This means this is only for internal users, hence I don?t see how the
> normal policy about not bouncing spam applies.****
>
> ** **
>
> Also it?s a bit weird that its allowed for normal scoring spam and not
> high scoring.****
>
> ** **
>
> Hope somebody have some insights to share J****
>
> ** **
>
> ** **
>
> Med venlig hilsen / Best regards****
>
>  ****
>
> Jonas Akrouh Larsen****
>
>  ****
>
> TechBiz ApS****
>
> Laplandsgade 4, 2. sal****
>
> 2300 K?benhavn S****
>
>  ****
>
> Office: 7020 0979****
>
> Direct: 3336 9974****
>
> Mobile: 5120 1096****
>
> Fax:    7020 0978****
>
> Web: www.techbiz.dk****
>
> ** **
>
> ** **
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130219/a4fa723a/attachment.html 

From jonas at vrt.dk  Tue Feb 19 14:59:04 2013
From: jonas at vrt.dk (Jonas Akrouh Larsen)
Date: Tue, 19 Feb 2013 14:59:04 +0000
Subject: Outgoing scanning
In-Reply-To: <CANyE0PrEq7Xk8dGRfGyhryp7ODAkCAmMJRK9abwYpWM6vxp-gw@mail.gmail.com>
References: <BBE3159426E3CD4F88DBE4753B2C90BAB26548@SCTSBS11.sct.dk>
	<CANyE0PrEq7Xk8dGRfGyhryp7ODAkCAmMJRK9abwYpWM6vxp-gw@mail.gmail.com>
Message-ID: <BBE3159426E3CD4F88DBE4753B2C90BAB26618@SCTSBS11.sct.dk>

Hi Alex, thanks for responding

> If you *absolutely* must have this, you should make sure you enable
> authentication and SPF for your outgoing users. Otherwise, someone could
> "bounce" messages off of you to spam a third party.
> 
> For example, if I send you a message "from"
> thirdparty at someonelseesserver.com "to" jonas at vrt.dk and you determine
> it's spam, it'll be bounced "to" thirdparty at someoneelsesserver.com.
> 
> Also if I send a message purporting to be "from" jonas at vrt.dk "to"
> jonas at vrt.dk it'll get to you anyways, since it'll be "bounced" to you, even if
> *I* was the one who actually sent it.
> 
> If you do all of this you can change:
> Spam Actions = deliver header "X-Spam-Status: Yes"
> to
> Spam Actions = bounce
> 

2 things about what you write: 

1/ I would obviously only consider authenticated mails as outgoing so I would never be in a situation where i bounce spam to innocent users, only internal users as I wrote in my post.

2/ setting the spam actions to bounce doesn't help me if the internal mail is considered a high scoring spam, hence why I posted - There is no bounce command for high scoring spam, so my internal users would NOT know that the email they send never left the our own servers.

> ... knowing that you're setting yourself up to be blacklisted if anything fails. If
> you do it at the SMTP transaction level (which you've stated you don't want
> to do) the responsibility falls upon the sender. If you do it *after the fact*, it
> becomes *your* responsibility.
> 
> On Tue, Feb 19, 2013 at 3:39 AM, Jonas Akrouh Larsen <jonas at vrt.dk>
> wrote:
> > Hi all
> >
> >
> >
> > I've recently setup my MS setup to act as an outgoing smarthost filter
> > as well as scanning incoming mails.
> >
> >
> >
> > However I've run into a problem. Obviously I would like the outgoing
> > mails to be both spam and virus scanned no issue there, they are by
> default.
> >
> >
> >
> > However big difference in how I want mailscanner to react depending on
> > if a mail is incoming or outgoing.
> >
> >
> >
> > I would prefer to simply bounce the email if it is considered spam.
> > This is allowed for normal scoring spam but not for high scoring spam.
> >
> >
> >
> > Somebody tried to make an argument for it a couple of years ago on the
> > list, but it seems nobody really understood what he wanted to do, but
> > simply kept on with the "never bounce spam"
> >
> >
> >
> > Since quarantining or deleting outgoing mail without ever letting the
> > sender know makes no sense to me, im curious as to what tohers are
> doing?
> >
> >
> >
> > Are you simply whitelisting all outgoing mail?
> >
> > Only virus scanning it, but not spam scanning it?
> >
> > Maybe you are spam scanning it but with a much higher score limit?
> >
> >
> >
> > Since we can't scan at smtp time, I see no other good reason than to
> > bounce the spam back to the user, WHEN ITS OUTGOING.
> >
> >
> >
> > This means this is only for internal users, hence I don't see how the
> > normal policy about not bouncing spam applies.
> >
> >
> >
> > Also it's a bit weird that its allowed for normal scoring spam and not
> > high scoring.
> >
> >
> >
> > Hope somebody have some insights to share J
> >
> >
> >
> >
> >
> > Med venlig hilsen / Best regards
> >
> >
> >
> > Jonas Akrouh Larsen
> >
> >
> >
> > TechBiz ApS
> >
> > Laplandsgade 4, 2. sal
> >
> > 2300 K?benhavn S
> >
> >
> >
> > Office: 7020 0979
> >
> > Direct: 3336 9974
> >
> > Mobile: 5120 1096
> >
> > Fax:    7020 0978
> >
> > Web: www.techbiz.dk
> >
> >
> >
> >
> >
> >
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >
> 
> 
> 
> --
> 
> --
> 
> Alex Neuman van der Hans
> Reliant Technologies / Vida Digital
> http://vidadigital.com.pa/
> 
> +507-6781-9505
> +507-832-6725
> +1-440-253-9789 (USA)
> 
> Follow @AlexNeuman on Twitter
> http://facebook.com/vidadigital
> 
> 
> -- So-called "legal disclaimers" are not legally binding, so don't bother. A cute
> graphic saying "save the planet, don't print this" can potentially create more
> CO2, not less, so don't bother either.
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!

From jonas at vrt.dk  Tue Feb 19 15:01:05 2013
From: jonas at vrt.dk (Jonas Akrouh Larsen)
Date: Tue, 19 Feb 2013 15:01:05 +0000
Subject: Outgoing scanning
In-Reply-To: <E4CD9F6A1A6FF745BCABA56BBD1008D574CB3E27@XMBX03.sti.usherbrooke.ca>
References: <BBE3159426E3CD4F88DBE4753B2C90BAB26548@SCTSBS11.sct.dk>
	<E4CD9F6A1A6FF745BCABA56BBD1008D574CB3E27@XMBX03.sti.usherbrooke.ca>
Message-ID: <BBE3159426E3CD4F88DBE4753B2C90BAB26624@SCTSBS11.sct.dk>

Hi Dennis Thanks for responding

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Denis Beauchemin
> Sent: 19. februar 2013 14:33
> To: MailScanner discussion
> Subject: RE: Outgoing scanning
> 
> Jonas,
> 
> We have incoming and outgoing MailScanner servers. The incoming ones
> have stricter rules and do not bounce any email. The outgoing ones have
> more permissive rules but will bounce spam back to its sender. The outgoing
> servers will only accept emails from our networks. We've had this setup for
> years and it is working pretty well.
> 
> At one point I tried to configure a single MailScanner for both incoming and
> outgoing purposes but I ran into problems and abandoned the idea. We now
> run dual outgoing, triple incoming and dual special outgoing (mostly for
> mailing lists and bulk emails). Having more than one server for one purpose
> has benefits such as being able to upgrade one server while the other is still
> processing emails.
> 

Hmm I did consider setting up a dedicated outgoing scanning pair, but couldn't really see why I should have any problems distinguishing between incoming and outgoing. Can you elaborate on what problems you ran into?

Also are you sure your high scoring spam is bounce in your setup? As far as I can see mailscanner only allows you to bounce spam, not high scoring spam.

Although I guess if the setup is dedicated for outgoing, you can just mark all spam as normal spam, and none as high scoring..

> 
> I would prefer to simply bounce the email if it is considered spam. This is
> allowed for normal scoring spam but not for high scoring spam.
> 
> Somebody tried to make an argument for it a couple of years ago on the list,
> but it seems nobody really understood what he wanted to do, but simply
> kept on with the ?never bounce spam?
> 
> Since quarantining or deleting outgoing mail without ever letting the sender
> know makes no sense to me, im curious as to what tohers are doing?
> 
> Are you simply whitelisting all outgoing mail?
> Only virus scanning it, but not spam scanning it?
> Maybe you are spam scanning it but with a much higher score limit?
> 
> Since we can?t scan at smtp time, I see no other good reason than to bounce
> the spam back to the user, WHEN ITS OUTGOING.
> 
> This means this is only for internal users, hence I don?t see how the normal
> policy about not bouncing spam applies.
> 
> Also it?s a bit weird that its allowed for normal scoring spam and not high
> scoring.
> 
> Hope somebody have some insights to share ?
> 
> 
> Med venlig hilsen / Best regards
> 
> Jonas Akrouh Larsen
> 
> TechBiz ApS
> Laplandsgade 4, 2. sal
> 2300 K?benhavn S
> 
> Office: 7020 0979
> Direct: 3336 9974
> Mobile: 5120 1096
> Fax:??? 7020 0978
> Web: www.techbiz.dk
> 
> 
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at usherbrooke.ca  Tue Feb 19 15:33:26 2013
From: Denis.Beauchemin at usherbrooke.ca (Denis Beauchemin)
Date: Tue, 19 Feb 2013 15:33:26 +0000
Subject: Outgoing scanning
In-Reply-To: <BBE3159426E3CD4F88DBE4753B2C90BAB26624@SCTSBS11.sct.dk>
References: <BBE3159426E3CD4F88DBE4753B2C90BAB26548@SCTSBS11.sct.dk>
	<E4CD9F6A1A6FF745BCABA56BBD1008D574CB3E27@XMBX03.sti.usherbrooke.ca>
	<BBE3159426E3CD4F88DBE4753B2C90BAB26624@SCTSBS11.sct.dk>
Message-ID: <E4CD9F6A1A6FF745BCABA56BBD1008D574CB4067@XMBX03.sti.usherbrooke.ca>

Jonas,

I use "High SpamAssassin Score = 75" on my outgoing servers, while it is at 12 on my incoming servers. You are right about high-scoring spam not being bounced. This takes care of it.

As for having both incoming/outgoing on the same server I had problems with multiple MS instances in separate directories. Too complex to set up and support.

Denis


-----Message d'origine-----
De?: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Jonas Akrouh Larsen
Envoy??: 19 f?vrier 2013 10:13
??: MailScanner discussion
Objet?: RE: Outgoing scanning

Hi Dennis Thanks for responding

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner- 
> bounces at lists.mailscanner.info] On Behalf Of Denis Beauchemin
> Sent: 19. februar 2013 14:33
> To: MailScanner discussion
> Subject: RE: Outgoing scanning
> 
> Jonas,
> 
> We have incoming and outgoing MailScanner servers. The incoming ones 
> have stricter rules and do not bounce any email. The outgoing ones 
> have more permissive rules but will bounce spam back to its sender. 
> The outgoing servers will only accept emails from our networks. We've 
> had this setup for years and it is working pretty well.
> 
> At one point I tried to configure a single MailScanner for both 
> incoming and outgoing purposes but I ran into problems and abandoned 
> the idea. We now run dual outgoing, triple incoming and dual special 
> outgoing (mostly for mailing lists and bulk emails). Having more than 
> one server for one purpose has benefits such as being able to upgrade 
> one server while the other is still processing emails.
> 

Hmm I did consider setting up a dedicated outgoing scanning pair, but couldn't really see why I should have any problems distinguishing between incoming and outgoing. Can you elaborate on what problems you ran into?

Also are you sure your high scoring spam is bounce in your setup? As far as I can see mailscanner only allows you to bounce spam, not high scoring spam.

Although I guess if the setup is dedicated for outgoing, you can just mark all spam as normal spam, and none as high scoring..

> 
> I would prefer to simply bounce the email if it is considered spam. 
> This is allowed for normal scoring spam but not for high scoring spam.
> 
> Somebody tried to make an argument for it a couple of years ago on the 
> list, but it seems nobody really understood what he wanted to do, but 
> simply kept on with the ?never bounce spam?
> 
> Since quarantining or deleting outgoing mail without ever letting the 
> sender know makes no sense to me, im curious as to what tohers are doing?
> 
> Are you simply whitelisting all outgoing mail?
> Only virus scanning it, but not spam scanning it?
> Maybe you are spam scanning it but with a much higher score limit?
> 
> Since we can?t scan at smtp time, I see no other good reason than to 
> bounce the spam back to the user, WHEN ITS OUTGOING.
> 
> This means this is only for internal users, hence I don?t see how the 
> normal policy about not bouncing spam applies.
> 
> Also it?s a bit weird that its allowed for normal scoring spam and not 
> high scoring.
> 
> Hope somebody have some insights to share ?
> 
> 
> Med venlig hilsen / Best regards
> 
> Jonas Akrouh Larsen
> 
> TechBiz ApS
> Laplandsgade 4, 2. sal
> 2300 K?benhavn S
> 
> Office: 7020 0979
> Direct: 3336 9974
> Mobile: 5120 1096
> Fax:??? 7020 0978
> Web: www.techbiz.dk
> 
> 
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

From jonas at vrt.dk  Wed Feb 20 08:49:56 2013
From: jonas at vrt.dk (Jonas Akrouh Larsen)
Date: Wed, 20 Feb 2013 08:49:56 +0000
Subject: Outgoing scanning
In-Reply-To: <E4CD9F6A1A6FF745BCABA56BBD1008D574CB4067@XMBX03.sti.usherbrooke.ca>
References: <BBE3159426E3CD4F88DBE4753B2C90BAB26548@SCTSBS11.sct.dk>
	<E4CD9F6A1A6FF745BCABA56BBD1008D574CB3E27@XMBX03.sti.usherbrooke.ca>
	<BBE3159426E3CD4F88DBE4753B2C90BAB26624@SCTSBS11.sct.dk>
	<E4CD9F6A1A6FF745BCABA56BBD1008D574CB4067@XMBX03.sti.usherbrooke.ca>
Message-ID: <BBE3159426E3CD4F88DBE4753B2C90BAB26711@SCTSBS11.sct.dk>

> Jonas,
> 
> I use "High SpamAssassin Score = 75" on my outgoing servers, while it is at 12
> on my incoming servers. You are right about high-scoring spam not being
> bounced. This takes care of it.
> 
> As for having both incoming/outgoing on the same server I had problems
> with multiple MS instances in separate directories. Too complex to set up and
> support.
> 
> Denis

Yep I completely see where you are coming from Denis, what you are saying makes a lot of sense.


I will ponder if its worth setting up a new ms cluster to get outbound scanning.

Thank you for your input.



Med venlig hilsen / Best regards
?
Jonas Akrouh Larsen
?
TechBiz ApS
Laplandsgade 4, 2. sal
2300 K?benhavn S
?
Office: 7020 0979
Direct: 3336 9974
Mobile: 5120 1096
Fax:??? 7020 0978
Web: www.techbiz.dk



From maxsec at gmail.com  Wed Feb 20 19:14:14 2013
From: maxsec at gmail.com (Martin Hepworth)
Date: Wed, 20 Feb 2013 19:14:14 +0000
Subject: Outgoing scanning
In-Reply-To: <BBE3159426E3CD4F88DBE4753B2C90BAB26711@SCTSBS11.sct.dk>
References: <BBE3159426E3CD4F88DBE4753B2C90BAB26548@SCTSBS11.sct.dk>
	<E4CD9F6A1A6FF745BCABA56BBD1008D574CB3E27@XMBX03.sti.usherbrooke.ca>
	<BBE3159426E3CD4F88DBE4753B2C90BAB26624@SCTSBS11.sct.dk>
	<E4CD9F6A1A6FF745BCABA56BBD1008D574CB4067@XMBX03.sti.usherbrooke.ca>
	<BBE3159426E3CD4F88DBE4753B2C90BAB26711@SCTSBS11.sct.dk>
Message-ID: <CAGDKorK3CyCBpyGkaJ+V4a9-xc09sZ1WKDbuVFSp4EYaMtPrXg@mail.gmail.com>

Better to Use is def not spam settinh against the intetnfal ip-address of
the internal email server/relay that folks have to authsmyp againsy

On Wednesday, 20 February 2013, Jonas Akrouh Larsen wrote:

> > Jonas,
> >
> > I use "High SpamAssassin Score = 75" on my outgoing servers, while it is
> at 12
> > on my incoming servers. You are right about high-scoring spam not being
> > bounced. This takes care of it.
> >
> > As for having both incoming/outgoing on the same server I had problems
> > with multiple MS instances in separate directories. Too complex to set
> up and
> > support.
> >
> > Denis
>
> Yep I completely see where you are coming from Denis, what you are saying
> makes a lot of sense.
>
>
> I will ponder if its worth setting up a new ms cluster to get outbound
> scanning.
>
> Thank you for your input.
>
>
>
> Med venlig hilsen / Best regards
>
> Jonas Akrouh Larsen
>
> TechBiz ApS
> Laplandsgade 4, 2. sal
> 2300 K?benhavn S
>
> Office: 7020 0979
> Direct: 3336 9974
> Mobile: 5120 1096
> Fax:    7020 0978
> Web: www.techbiz.dk
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info <javascript:;>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>


-- 
-- 
Martin Hepworth, CISSP
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130220/da4b90f2/attachment.html 

From mailborder at gmail.com  Sun Feb 24 00:27:02 2013
From: mailborder at gmail.com (Mailborder at Gmail)
Date: Sun, 24 Feb 2013 01:27:02 +0100
Subject: Mailborder for RedHat 63 and Debian 6
Message-ID: <CANK23U1ObbnDM1jmFR9tsRK9LRhAed-BnzP94pMheVRDLACrDw@mail.gmail.com>

*v3.3.1 Released*
*
*
Mailborder v3.3.1 has been released, which includes support for Red Hat /
CentOS v6.3 and Debian 6. This version includes a few bug fixes and
architecture enhancements. An upgrade for v3.3.0 to v3.3.1 will be released
in the next few days.

Thanks to Peter, Ling, and Toux for their help testing and identification
for this version.


*Currently Supported OSs*

- Debian 6
- Red Hat / CentOS v5.3
- Red Hat / CentOS v6.3
- Ubuntu 12.04 LTS



Jerry Benton
www.mailborder.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130224/df7836d5/attachment.html