From tiago at tiagoti.com.br  Sat Feb  1 13:39:22 2014
From: tiago at tiagoti.com.br (Tiago Eduardo Zacarias)
Date: Sat, 01 Feb 2014 11:39:22 -0200
Subject: MailScanner Digest, Vol 98, Issue 1
In-Reply-To: <mailman.1.1391256001.20401.mailscanner@lists.mailscanner.info>
References: <mailman.1.1391256001.20401.mailscanner@lists.mailscanner.info>
Message-ID: <52ECF90A.6060902@tiagoti.com.br>

Good morning Martin Hepworth


Restarted the service mailscanner and yet the policy described in 
/etc/mailscanner/files- types.conf not and applied as observed in test 
with attachments and compressed files pure. Example executables files 
when attached in the policy even deny the mailscanner does not block, 
already put debug in order to see something but does not return 
anything, so that was checked informs entered the path of the program 
/usr/bin/file now and then forwards it to the clamav anti-virus.

What may be you could give me a light, do not know if I can forward my 
list to facilitate mailscanner.conf.

I thank you for your attention.

Att

Tiago Eduardo Zacarias
LPIC-1

Em 01-02-2014 10:00, mailscanner-request at lists.mailscanner.info escreveu:
> Send MailScanner mailing list submissions to
> 	mailscanner at lists.mailscanner.info
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.mailscanner.info/mailman/listinfo/mailscanner
> or, via email, send a message with subject or body 'help' to
> 	mailscanner-request at lists.mailscanner.info
>
> You can reach the person managing the list at
> 	mailscanner-owner at lists.mailscanner.info
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of MailScanner digest..."
>
>
> Today's Topics:
>
>     1. Filter-Files (Tiago Eduardo Zacarias)
>     2. Re: Filter-Files (Martin Hepworth)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 31 Jan 2014 13:09:53 -0200
> From: Tiago Eduardo Zacarias <tiago at tiagoti.com.br>
> Subject: Filter-Files
> To: mailscanner at lists.mailscanner.info
> Message-ID: <52EBBCC1.80600 at tiagoti.com.br>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Good Morning List MailScanner,
>
> I ha a few days trying to accomplish in the file filter mailscanner
> unsuccessfully already realized reinstalling it with all dependencies,
> and even by setting the parameters to allow and deny files to the files
> filetypes but I can not perform the filter in mailscanner if I send out
> direct aqruivo example executable type attached zipped or not the
> mailscanner blocks, like a support to this problem.
>
>
> Attached the file mailscanner.
>
>
> Thank you.
>
> CPU = Pentium 4  3 Ghz
> Postfix Version: 2.6.6-2.2
> MailScanner Version:  4.84.6-1
>
>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 31 Jan 2014 16:15:14 +0000
> From: Martin Hepworth <maxsec at gmail.com>
> Subject: Re: Filter-Files
> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> Message-ID:
> 	<CAGDKorLiogMp8QTGuHhbFcXaaotBVd4qh1LNHpgESU7nYvOMEg at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> What have you tried with the filetypes thats doesnt work and did you start
> and stop MailScanner after the change?
>


From tiago at tiagoti.com.br  Sat Feb  1 13:49:36 2014
From: tiago at tiagoti.com.br (Tiago Eduardo Zacarias)
Date: Sat, 01 Feb 2014 11:49:36 -0200
Subject: MailScanner Digest, Vol 98, Issue 1
In-Reply-To: <mailman.1.1391256001.20401.mailscanner@lists.mailscanner.info>
References: <mailman.1.1391256001.20401.mailscanner@lists.mailscanner.info>
Message-ID: <52ECFB70.5040309@tiagoti.com.br>

Good morning Martin Hepworth


Restarted the service mailscanner and yet the policy described in / etc 
/ mailscanner / files - not types.conf and applied as observed in test 
with attachments and compressed files pure . Example executables files 
when attached in the policy even deny the mailscanner does not block , 
already put debug in order to see something but does not return anything 
, so that was checked informs entered the path of the program / ??usr / 
bin / file now and then forwards it to the clamav anti -virus .

Example of policy

Contet of /etc/mailscanner/files-types.conf :

# To disable this feature , set this to just " Filetype Rules = " or 
September
# The location of the file command to a blank string .
Filetype Rules = % etc -dir % / filetype.rules.conf

Content of / filetype.rules.conf :

allow text -
allow \ bscript -
allow archive -
allow postscript -
deny self -extract No self-extracting archives Self-extracting archives 
The allowed
deny executable No executables No programs allowed
# EXAMPLE : deny - x - dosexec In DOS executables No DOS programs allowed
deny ELF No executables No programs allowed
rename Registry Windows Registry entries ( renamed ) Windows Registry 
files ( renamed )

I thank you for your attention .

Att

Tiago Eduardo Zacarias
LPIC-1

Em 01-02-2014 10:00, mailscanner-request at lists.mailscanner.info escreveu:
> Send MailScanner mailing list submissions to
> 	mailscanner at lists.mailscanner.info
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.mailscanner.info/mailman/listinfo/mailscanner
> or, via email, send a message with subject or body 'help' to
> 	mailscanner-request at lists.mailscanner.info
>
> You can reach the person managing the list at
> 	mailscanner-owner at lists.mailscanner.info
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of MailScanner digest..."
>
>
> Today's Topics:
>
>     1. Filter-Files (Tiago Eduardo Zacarias)
>     2. Re: Filter-Files (Martin Hepworth)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 31 Jan 2014 13:09:53 -0200
> From: Tiago Eduardo Zacarias <tiago at tiagoti.com.br>
> Subject: Filter-Files
> To: mailscanner at lists.mailscanner.info
> Message-ID: <52EBBCC1.80600 at tiagoti.com.br>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Good Morning List MailScanner,
>
> I ha a few days trying to accomplish in the file filter mailscanner
> unsuccessfully already realized reinstalling it with all dependencies,
> and even by setting the parameters to allow and deny files to the files
> filetypes but I can not perform the filter in mailscanner if I send out
> direct aqruivo example executable type attached zipped or not the
> mailscanner blocks, like a support to this problem.
>
>
> Attached the file mailscanner.
>
>
> Thank you.
>
> CPU = Pentium 4  3 Ghz
> Postfix Version: 2.6.6-2.2
> MailScanner Version:  4.84.6-1
>
>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 31 Jan 2014 16:15:14 +0000
> From: Martin Hepworth <maxsec at gmail.com>
> Subject: Re: Filter-Files
> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> Message-ID:
> 	<CAGDKorLiogMp8QTGuHhbFcXaaotBVd4qh1LNHpgESU7nYvOMEg at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> What have you tried with the filetypes thats doesnt work and did you start
> and stop MailScanner after the change?
>


From mark at msapiro.net  Sun Feb  2 02:59:16 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 01 Feb 2014 18:59:16 -0800
Subject: Filter-Files
In-Reply-To: <52ECFB70.5040309@tiagoti.com.br>
References: <mailman.1.1391256001.20401.mailscanner@lists.mailscanner.info>
	<52ECFB70.5040309@tiagoti.com.br>
Message-ID: <52EDB484.7070809@msapiro.net>

On 02/01/2014 05:49 AM, Tiago Eduardo Zacarias wrote:
> 
> Restarted the service mailscanner and yet the policy described in / etc 
> / mailscanner / files - not types.conf and applied as observed in test 
> with attachments and compressed files pure . Example executables files 
> when attached in the policy even deny the mailscanner does not block , 
> already put debug in order to see something but does not return anything 
> , so that was checked informs entered the path of the program / ??usr / 
> bin / file now and then forwards it to the clamav anti -virus .


It is very difficult for me to understand exactly what you are trying to
say, but in your MailScanner.conf file do you have

File Command = /usr/bin/file

or some other path? what do you get when you invoke /usr/bin/file or
whatever path it is on the 'executable' file that is not blocked by
MailScanner?

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mejaz at cyberia.net.sa  Tue Feb  4 13:26:02 2014
From: mejaz at cyberia.net.sa (Ejaz)
Date: Tue, 4 Feb 2014 16:26:02 +0300
Subject: qurantine-message
Message-ID: <9BB1465EF62444C0B66F5326C7202A2F@EJAZ>

When attempting to release the quarantine messages from the MailScanner
quarantine folder, keeps receiving the below warning, although made white
listed all the local IPs and  "local host" .  Any suggestion would be great.


 

Warning: This message has had one or more attachments removed
(MOV_8600.mp4.mov). Please read the "-Attachment-Warning.txt" attachment(s)
for more information.

 

 

Regards, 
__________________
Mohammed Ejaz 
Systems Head.
Middle East Internet Company (CYBERIA)
Riyadh, Saudi Arabia
Phone: +966-1-4647114  Ext: 140
Mobile +966-562311787
Fax: +966-1-4654735
E-mail: mejaz at cyberia.net.sa

 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140204/008ecf8b/attachment.html 

From alex at vidadigital.com.pa  Tue Feb  4 14:57:13 2014
From: alex at vidadigital.com.pa (Alex Neuman)
Date: Tue, 4 Feb 2014 09:57:13 -0500
Subject: qurantine-message
In-Reply-To: <9BB1465EF62444C0B66F5326C7202A2F@EJAZ>
References: <9BB1465EF62444C0B66F5326C7202A2F@EJAZ>
Message-ID: <CANyE0PrehugXd5xCgaFOvROd0fRNT6c6rRJg9G_Ca=ViOPbc5Q@mail.gmail.com>

Check your rules to make sure you're not checking localhost attachments.
On Feb 4, 2014 9:44 AM, "Ejaz" <mejaz at cyberia.net.sa> wrote:

>     When attempting to release the quarantine messages from the
> MailScanner quarantine folder, keeps receiving the below warning, although
> made white listed all the local IPs and  "local host" .  Any suggestion
> would be great.
>
>
>
> *Warning: This message has had one or more attachments removed
> (MOV_8600.mp4.mov). Please read the "-Attachment-Warning.txt" attachment(s)
> for more information.*
>
>
>
>
>
> Regards,
> __________________
> Mohammed Ejaz
> Systems Head.
> Middle East Internet Company (CYBERIA)
> Riyadh, Saudi Arabia
> Phone: +966-1-4647114  Ext: 140
> Mobile +966-562311787
> Fax: +966-1-4654735
> E-mail: mejaz at cyberia.net.sa
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140204/286f2052/attachment.html 

From tiago at tiagoti.com.br  Tue Feb  4 23:00:58 2014
From: tiago at tiagoti.com.br (Tiago Eduardo Zacarias)
Date: Tue, 04 Feb 2014 21:00:58 -0200
Subject: MailScanner Digest, Vol 98, Issue 2
In-Reply-To: <mailman.1.1391342402.29539.mailscanner@lists.mailscanner.info>
References: <mailman.1.1391342402.29539.mailscanner@lists.mailscanner.info>
Message-ID: <52F1712A.2010201@tiagoti.com.br>

nobody ?

Em 02-02-2014 10:00, mailscanner-request at lists.mailscanner.info escreveu:
> Send MailScanner mailing list submissions to
> 	mailscanner at lists.mailscanner.info
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.mailscanner.info/mailman/listinfo/mailscanner
> or, via email, send a message with subject or body 'help' to
> 	mailscanner-request at lists.mailscanner.info
>
> You can reach the person managing the list at
> 	mailscanner-owner at lists.mailscanner.info
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of MailScanner digest..."
>
>
> Today's Topics:
>
>     1. Re: MailScanner Digest, Vol 98, Issue 1 (Tiago Eduardo Zacarias)
>     2. Re: MailScanner Digest, Vol 98, Issue 1 (Tiago Eduardo Zacarias)
>     3. Re: Filter-Files (Mark Sapiro)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 01 Feb 2014 11:39:22 -0200
> From: Tiago Eduardo Zacarias <tiago at tiagoti.com.br>
> Subject: Re: MailScanner Digest, Vol 98, Issue 1
> To: mailscanner at lists.mailscanner.info
> Message-ID: <52ECF90A.6060902 at tiagoti.com.br>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Good morning Martin Hepworth
>
>
> Restarted the service mailscanner and yet the policy described in
> /etc/mailscanner/files- types.conf not and applied as observed in test
> with attachments and compressed files pure. Example executables files
> when attached in the policy even deny the mailscanner does not block,
> already put debug in order to see something but does not return
> anything, so that was checked informs entered the path of the program
> /usr/bin/file now and then forwards it to the clamav anti-virus.
>
> What may be you could give me a light, do not know if I can forward my
> list to facilitate mailscanner.conf.
>
> I thank you for your attention.
>
> Att
>
> Tiago Eduardo Zacarias
> LPIC-1
>
> Em 01-02-2014 10:00, mailscanner-request at lists.mailscanner.info escreveu:
>> Send MailScanner mailing list submissions to
>> 	mailscanner at lists.mailscanner.info
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>> 	http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> or, via email, send a message with subject or body 'help' to
>> 	mailscanner-request at lists.mailscanner.info
>>
>> You can reach the person managing the list at
>> 	mailscanner-owner at lists.mailscanner.info
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of MailScanner digest..."
>>
>>
>> Today's Topics:
>>
>>      1. Filter-Files (Tiago Eduardo Zacarias)
>>      2. Re: Filter-Files (Martin Hepworth)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Fri, 31 Jan 2014 13:09:53 -0200
>> From: Tiago Eduardo Zacarias <tiago at tiagoti.com.br>
>> Subject: Filter-Files
>> To: mailscanner at lists.mailscanner.info
>> Message-ID: <52EBBCC1.80600 at tiagoti.com.br>
>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>
>> Good Morning List MailScanner,
>>
>> I ha a few days trying to accomplish in the file filter mailscanner
>> unsuccessfully already realized reinstalling it with all dependencies,
>> and even by setting the parameters to allow and deny files to the files
>> filetypes but I can not perform the filter in mailscanner if I send out
>> direct aqruivo example executable type attached zipped or not the
>> mailscanner blocks, like a support to this problem.
>>
>>
>> Attached the file mailscanner.
>>
>>
>> Thank you.
>>
>> CPU = Pentium 4  3 Ghz
>> Postfix Version: 2.6.6-2.2
>> MailScanner Version:  4.84.6-1
>>
>>
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Fri, 31 Jan 2014 16:15:14 +0000
>> From: Martin Hepworth <maxsec at gmail.com>
>> Subject: Re: Filter-Files
>> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
>> Message-ID:
>> 	<CAGDKorLiogMp8QTGuHhbFcXaaotBVd4qh1LNHpgESU7nYvOMEg at mail.gmail.com>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>> What have you tried with the filetypes thats doesnt work and did you start
>> and stop MailScanner after the change?
>>
>
>
> ------------------------------
>
> Message: 2
> Date: Sat, 01 Feb 2014 11:49:36 -0200
> From: Tiago Eduardo Zacarias <tiago at tiagoti.com.br>
> Subject: Re: MailScanner Digest, Vol 98, Issue 1
> To: mailscanner at lists.mailscanner.info
> Message-ID: <52ECFB70.5040309 at tiagoti.com.br>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> Good morning Martin Hepworth
>
>
> Restarted the service mailscanner and yet the policy described in / etc
> / mailscanner / files - not types.conf and applied as observed in test
> with attachments and compressed files pure . Example executables files
> when attached in the policy even deny the mailscanner does not block ,
> already put debug in order to see something but does not return anything
> , so that was checked informs entered the path of the program / ??usr /
> bin / file now and then forwards it to the clamav anti -virus .
>
> Example of policy
>
> Contet of /etc/mailscanner/files-types.conf :
>
> # To disable this feature , set this to just " Filetype Rules = " or
> September
> # The location of the file command to a blank string .
> Filetype Rules = % etc -dir % / filetype.rules.conf
>
> Content of / filetype.rules.conf :
>
> allow text -
> allow \ bscript -
> allow archive -
> allow postscript -
> deny self -extract No self-extracting archives Self-extracting archives
> The allowed
> deny executable No executables No programs allowed
> # EXAMPLE : deny - x - dosexec In DOS executables No DOS programs allowed
> deny ELF No executables No programs allowed
> rename Registry Windows Registry entries ( renamed ) Windows Registry
> files ( renamed )
>
> I thank you for your attention .
>
> Att
>
> Tiago Eduardo Zacarias
> LPIC-1
>
> Em 01-02-2014 10:00, mailscanner-request at lists.mailscanner.info escreveu:
>> Send MailScanner mailing list submissions to
>> 	mailscanner at lists.mailscanner.info
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>> 	http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> or, via email, send a message with subject or body 'help' to
>> 	mailscanner-request at lists.mailscanner.info
>>
>> You can reach the person managing the list at
>> 	mailscanner-owner at lists.mailscanner.info
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of MailScanner digest..."
>>
>>
>> Today's Topics:
>>
>>      1. Filter-Files (Tiago Eduardo Zacarias)
>>      2. Re: Filter-Files (Martin Hepworth)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Fri, 31 Jan 2014 13:09:53 -0200
>> From: Tiago Eduardo Zacarias <tiago at tiagoti.com.br>
>> Subject: Filter-Files
>> To: mailscanner at lists.mailscanner.info
>> Message-ID: <52EBBCC1.80600 at tiagoti.com.br>
>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>
>> Good Morning List MailScanner,
>>
>> I ha a few days trying to accomplish in the file filter mailscanner
>> unsuccessfully already realized reinstalling it with all dependencies,
>> and even by setting the parameters to allow and deny files to the files
>> filetypes but I can not perform the filter in mailscanner if I send out
>> direct aqruivo example executable type attached zipped or not the
>> mailscanner blocks, like a support to this problem.
>>
>>
>> Attached the file mailscanner.
>>
>>
>> Thank you.
>>
>> CPU = Pentium 4  3 Ghz
>> Postfix Version: 2.6.6-2.2
>> MailScanner Version:  4.84.6-1
>>
>>
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Fri, 31 Jan 2014 16:15:14 +0000
>> From: Martin Hepworth <maxsec at gmail.com>
>> Subject: Re: Filter-Files
>> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
>> Message-ID:
>> 	<CAGDKorLiogMp8QTGuHhbFcXaaotBVd4qh1LNHpgESU7nYvOMEg at mail.gmail.com>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>> What have you tried with the filetypes thats doesnt work and did you start
>> and stop MailScanner after the change?
>>
>
>
> ------------------------------
>
> Message: 3
> Date: Sat, 01 Feb 2014 18:59:16 -0800
> From: Mark Sapiro <mark at msapiro.net>
> Subject: Re: Filter-Files
> To: mailscanner at lists.mailscanner.info
> Message-ID: <52EDB484.7070809 at msapiro.net>
> Content-Type: text/plain; charset=UTF-8
>
> On 02/01/2014 05:49 AM, Tiago Eduardo Zacarias wrote:
>> Restarted the service mailscanner and yet the policy described in / etc
>> / mailscanner / files - not types.conf and applied as observed in test
>> with attachments and compressed files pure . Example executables files
>> when attached in the policy even deny the mailscanner does not block ,
>> already put debug in order to see something but does not return anything
>> , so that was checked informs entered the path of the program / ??usr /
>> bin / file now and then forwards it to the clamav anti -virus .
>
> It is very difficult for me to understand exactly what you are trying to
> say, but in your MailScanner.conf file do you have
>
> File Command = /usr/bin/file
>
> or some other path? what do you get when you invoke /usr/bin/file or
> whatever path it is on the 'executable' file that is not blocked by
> MailScanner?
>


From mark at msapiro.net  Tue Feb  4 23:31:51 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 04 Feb 2014 15:31:51 -0800
Subject: Filter-Files
In-Reply-To: <52F1712A.2010201@tiagoti.com.br>
References: <mailman.1.1391342402.29539.mailscanner@lists.mailscanner.info>
	<52F1712A.2010201@tiagoti.com.br>
Message-ID: <52F17867.7060800@msapiro.net>

On 02/04/2014 03:00 PM, Tiago Eduardo Zacarias wrote:
> nobody ?


Please don't repost entire digests with digest subjects. Please quote
only that which is needed to establish the context of your reply and
provide a relevant subject

I asked:

>> It is very difficult for me to understand exactly what you are trying to
>> say, but in your MailScanner.conf file do you have
>>
>> File Command = /usr/bin/file
>>
>> or some other path? what do you get when you invoke /usr/bin/file or
>> whatever path it is on the 'executable' file that is not blocked by
>> MailScanner?


What is your response to that?

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From tiago at tiagoti.com.br  Wed Feb  5 00:59:30 2014
From: tiago at tiagoti.com.br (Tiago Eduardo Zacarias)
Date: Tue, 04 Feb 2014 22:59:30 -0200
Subject: MailScanner Digest, Vol 98, Issue 2
In-Reply-To: <mailman.1.1391342402.29539.mailscanner@lists.mailscanner.info>
References: <mailman.1.1391342402.29539.mailscanner@lists.mailscanner.info>
Message-ID: <52F18CF2.7000404@tiagoti.com.br>

And personal'm starting to see this mailscanner with other eyes, always 
admired resources, but now I am faced with a problem that seems to be up 
purposeful.

Em 02-02-2014 10:00, mailscanner-request at lists.mailscanner.info escreveu:
> Send MailScanner mailing list submissions to
> 	mailscanner at lists.mailscanner.info
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.mailscanner.info/mailman/listinfo/mailscanner
> or, via email, send a message with subject or body 'help' to
> 	mailscanner-request at lists.mailscanner.info
>
> You can reach the person managing the list at
> 	mailscanner-owner at lists.mailscanner.info
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of MailScanner digest..."
>
>
> Today's Topics:
>
>     1. Re: MailScanner Digest, Vol 98, Issue 1 (Tiago Eduardo Zacarias)
>     2. Re: MailScanner Digest, Vol 98, Issue 1 (Tiago Eduardo Zacarias)
>     3. Re: Filter-Files (Mark Sapiro)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 01 Feb 2014 11:39:22 -0200
> From: Tiago Eduardo Zacarias <tiago at tiagoti.com.br>
> Subject: Re: MailScanner Digest, Vol 98, Issue 1
> To: mailscanner at lists.mailscanner.info
> Message-ID: <52ECF90A.6060902 at tiagoti.com.br>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Good morning Martin Hepworth
>
>
> Restarted the service mailscanner and yet the policy described in
> /etc/mailscanner/files- types.conf not and applied as observed in test
> with attachments and compressed files pure. Example executables files
> when attached in the policy even deny the mailscanner does not block,
> already put debug in order to see something but does not return
> anything, so that was checked informs entered the path of the program
> /usr/bin/file now and then forwards it to the clamav anti-virus.
>
> What may be you could give me a light, do not know if I can forward my
> list to facilitate mailscanner.conf.
>
> I thank you for your attention.
>
> Att
>
> Tiago Eduardo Zacarias
> LPIC-1
>
> Em 01-02-2014 10:00, mailscanner-request at lists.mailscanner.info escreveu:
>> Send MailScanner mailing list submissions to
>> 	mailscanner at lists.mailscanner.info
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>> 	http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> or, via email, send a message with subject or body 'help' to
>> 	mailscanner-request at lists.mailscanner.info
>>
>> You can reach the person managing the list at
>> 	mailscanner-owner at lists.mailscanner.info
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of MailScanner digest..."
>>
>>
>> Today's Topics:
>>
>>      1. Filter-Files (Tiago Eduardo Zacarias)
>>      2. Re: Filter-Files (Martin Hepworth)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Fri, 31 Jan 2014 13:09:53 -0200
>> From: Tiago Eduardo Zacarias <tiago at tiagoti.com.br>
>> Subject: Filter-Files
>> To: mailscanner at lists.mailscanner.info
>> Message-ID: <52EBBCC1.80600 at tiagoti.com.br>
>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>
>> Good Morning List MailScanner,
>>
>> I ha a few days trying to accomplish in the file filter mailscanner
>> unsuccessfully already realized reinstalling it with all dependencies,
>> and even by setting the parameters to allow and deny files to the files
>> filetypes but I can not perform the filter in mailscanner if I send out
>> direct aqruivo example executable type attached zipped or not the
>> mailscanner blocks, like a support to this problem.
>>
>>
>> Attached the file mailscanner.
>>
>>
>> Thank you.
>>
>> CPU = Pentium 4  3 Ghz
>> Postfix Version: 2.6.6-2.2
>> MailScanner Version:  4.84.6-1
>>
>>
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Fri, 31 Jan 2014 16:15:14 +0000
>> From: Martin Hepworth <maxsec at gmail.com>
>> Subject: Re: Filter-Files
>> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
>> Message-ID:
>> 	<CAGDKorLiogMp8QTGuHhbFcXaaotBVd4qh1LNHpgESU7nYvOMEg at mail.gmail.com>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>> What have you tried with the filetypes thats doesnt work and did you start
>> and stop MailScanner after the change?
>>
>
>
> ------------------------------
>
> Message: 2
> Date: Sat, 01 Feb 2014 11:49:36 -0200
> From: Tiago Eduardo Zacarias <tiago at tiagoti.com.br>
> Subject: Re: MailScanner Digest, Vol 98, Issue 1
> To: mailscanner at lists.mailscanner.info
> Message-ID: <52ECFB70.5040309 at tiagoti.com.br>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> Good morning Martin Hepworth
>
>
> Restarted the service mailscanner and yet the policy described in / etc
> / mailscanner / files - not types.conf and applied as observed in test
> with attachments and compressed files pure . Example executables files
> when attached in the policy even deny the mailscanner does not block ,
> already put debug in order to see something but does not return anything
> , so that was checked informs entered the path of the program / ??usr /
> bin / file now and then forwards it to the clamav anti -virus .
>
> Example of policy
>
> Contet of /etc/mailscanner/files-types.conf :
>
> # To disable this feature , set this to just " Filetype Rules = " or
> September
> # The location of the file command to a blank string .
> Filetype Rules = % etc -dir % / filetype.rules.conf
>
> Content of / filetype.rules.conf :
>
> allow text -
> allow \ bscript -
> allow archive -
> allow postscript -
> deny self -extract No self-extracting archives Self-extracting archives
> The allowed
> deny executable No executables No programs allowed
> # EXAMPLE : deny - x - dosexec In DOS executables No DOS programs allowed
> deny ELF No executables No programs allowed
> rename Registry Windows Registry entries ( renamed ) Windows Registry
> files ( renamed )
>
> I thank you for your attention .
>
> Att
>
> Tiago Eduardo Zacarias
> LPIC-1
>
> Em 01-02-2014 10:00, mailscanner-request at lists.mailscanner.info escreveu:
>> Send MailScanner mailing list submissions to
>> 	mailscanner at lists.mailscanner.info
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>> 	http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> or, via email, send a message with subject or body 'help' to
>> 	mailscanner-request at lists.mailscanner.info
>>
>> You can reach the person managing the list at
>> 	mailscanner-owner at lists.mailscanner.info
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of MailScanner digest..."
>>
>>
>> Today's Topics:
>>
>>      1. Filter-Files (Tiago Eduardo Zacarias)
>>      2. Re: Filter-Files (Martin Hepworth)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Fri, 31 Jan 2014 13:09:53 -0200
>> From: Tiago Eduardo Zacarias <tiago at tiagoti.com.br>
>> Subject: Filter-Files
>> To: mailscanner at lists.mailscanner.info
>> Message-ID: <52EBBCC1.80600 at tiagoti.com.br>
>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>
>> Good Morning List MailScanner,
>>
>> I ha a few days trying to accomplish in the file filter mailscanner
>> unsuccessfully already realized reinstalling it with all dependencies,
>> and even by setting the parameters to allow and deny files to the files
>> filetypes but I can not perform the filter in mailscanner if I send out
>> direct aqruivo example executable type attached zipped or not the
>> mailscanner blocks, like a support to this problem.
>>
>>
>> Attached the file mailscanner.
>>
>>
>> Thank you.
>>
>> CPU = Pentium 4  3 Ghz
>> Postfix Version: 2.6.6-2.2
>> MailScanner Version:  4.84.6-1
>>
>>
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Fri, 31 Jan 2014 16:15:14 +0000
>> From: Martin Hepworth <maxsec at gmail.com>
>> Subject: Re: Filter-Files
>> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
>> Message-ID:
>> 	<CAGDKorLiogMp8QTGuHhbFcXaaotBVd4qh1LNHpgESU7nYvOMEg at mail.gmail.com>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>> What have you tried with the filetypes thats doesnt work and did you start
>> and stop MailScanner after the change?
>>
>
>
> ------------------------------
>
> Message: 3
> Date: Sat, 01 Feb 2014 18:59:16 -0800
> From: Mark Sapiro <mark at msapiro.net>
> Subject: Re: Filter-Files
> To: mailscanner at lists.mailscanner.info
> Message-ID: <52EDB484.7070809 at msapiro.net>
> Content-Type: text/plain; charset=UTF-8
>
> On 02/01/2014 05:49 AM, Tiago Eduardo Zacarias wrote:
>> Restarted the service mailscanner and yet the policy described in / etc
>> / mailscanner / files - not types.conf and applied as observed in test
>> with attachments and compressed files pure . Example executables files
>> when attached in the policy even deny the mailscanner does not block ,
>> already put debug in order to see something but does not return anything
>> , so that was checked informs entered the path of the program / ??usr /
>> bin / file now and then forwards it to the clamav anti -virus .
>
> It is very difficult for me to understand exactly what you are trying to
> say, but in your MailScanner.conf file do you have
>
> File Command = /usr/bin/file
>
> or some other path? what do you get when you invoke /usr/bin/file or
> whatever path it is on the 'executable' file that is not blocked by
> MailScanner?
>


From alex at vidadigital.com.pa  Wed Feb  5 03:06:01 2014
From: alex at vidadigital.com.pa (Alex Neuman)
Date: Tue, 4 Feb 2014 22:06:01 -0500
Subject: MailScanner Digest, Vol 98, Issue 2
In-Reply-To: <52F1712A.2010201@tiagoti.com.br>
References: <mailman.1.1391342402.29539.mailscanner@lists.mailscanner.info>
	<52F1712A.2010201@tiagoti.com.br>
Message-ID: <CANyE0PrWc_xw8OjB6s5SS=L8rcRwrQPV6UqLjL6g7cn0vypdZg@mail.gmail.com>

On Tue, Feb 4, 2014 at 6:00 PM, Tiago Eduardo Zacarias
<tiago at tiagoti.com.br<https://app.getsignals.com/link?url=mailto%3Atiago%40tiagoti.com.br&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgKCUyroKDA&k=8018c264-a374-4bbc-9fec-c5fd831e95e7>
> wrote:

> nobody ?
>

Nobody understood your previous message as it was very badly translated.
Try using google translate at translate.google.com, or message me off list.
I don't speak portuguese, but since Spanish is my native language it's a
little closer to Portuguese than English is.



*Alex Neuman van der Hans*Reliant Technologies / Vida Digital
http://vidadigital.com.pa/<https://app.getsignals.com/link?url=http%3A%2F%2Fvidadigital.com.pa%2F&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgKCUyroKDA&k=cad0880c-2322-45e2-fe89-116ba8052a97>

Mobile: +507-6781-9505
Work: +507-832-6725
Work (USA): +1-440-253-9789

Follow *@AlexNeuman
<https://app.getsignals.com/link?url=https%3A%2F%2Ftwitter.com%2Falexneuman&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgKCUyroKDA&k=19ef64f2-4ddb-4712-c6b8-43eb060e6354>*
on
Twitter
Like Vida Digital<https://app.getsignals.com/link?url=https%3A%2F%2Ffacebook.com%2Fvidadigital%2F&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgKCUyroKDA&k=76dcb44e-5f25-4ce9-cd88-37236f4b75ca>
on
Facebook
Follow VidaDigital<https://app.getsignals.com/link?url=http%3A%2F%2Finstagram.com%2Fvidadigital&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgKCUyroKDA&k=b131f0e7-a796-479c-b0a9-afca5c013390>
on
Instagram
Subscribe to Vida
Digital<https://app.getsignals.com/link?url=https%3A%2F%2Fyoutube.com%2Freliantpty&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgKCUyroKDA&k=29086f38-9b42-4817-baa1-39bc0128ef96>
on
Youtube
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140204/d541fe79/attachment.html 

From eric.yiu at pacific.net.hk  Thu Feb  6 10:02:32 2014
From: eric.yiu at pacific.net.hk (Eric Yiu)
Date: Thu, 06 Feb 2014 18:02:32 +0800
Subject: sophossavi not work after the sophos update the engine
	libsavi.so.3.2.07.391
Message-ID: <52F35DB8.4020507@pacific.net.hk>

Hi,

I having been using mailscanner with several machines for years with
sophossavi. After the monthly auto update from Sophos and installed
libsavi.so.3.2.07.391, I found that the sophos engine does not exit
even after the email can be scanned out virus, it just hold and
finally return:

Virus Scanning: Denial Of Service attack detected!
Commercial scanner sophossavi timed out!

at the log. I originally thought that it is just because my outdated
mailscanner. I figured out where is the problem and added a code to kill
itself after scanning. Now I have another machine and installed the
current version mailscanner but still the same. Here is my ugly fix:

# diff /opt/MailScanner/lib/MailScanner/SweepViruses.pm.old
/opt/MailScanner/lib/MailScanner/SweepViruses.pm
1132a1133
> kill 9, $$;

My new mailscanner version is 4.84.6

Any other good solution for that?

Regards,

Eric Yiu

From stef at aoc-uk.com  Fri Feb  7 16:56:01 2014
From: stef at aoc-uk.com (Stef Morrell)
Date: Fri, 7 Feb 2014 16:56:01 +0000
Subject: sophossavi not work after the sophos update the engine
	libsavi.so.3.2.07.391
In-Reply-To: <8eb99aa2-6e4f-485b-bb4f-2aa417197b3f@VONLIPWIG.aoc-uk.com>
References: <8eb99aa2-6e4f-485b-bb4f-2aa417197b3f@VONLIPWIG.aoc-uk.com>
Message-ID: <92665C7597419742B19470DFA3D5BEA208F1D064@vonLipwig.aoc-uk.com>

Hello,

On 06 February 2014 10:03 Eric Yiu wrote:
> I having been using mailscanner with several machines for years with
> sophossavi. After the monthly auto update from Sophos and installed
> libsavi.so.3.2.07.391, I found that the sophos engine does not exit
> even after the email can be scanned out virus, it just hold and
> finally return:
> 
> Virus Scanning: Denial Of Service attack detected!
> Commercial scanner sophossavi timed out!

I think I may well be seeing the same problem (my libsavi version matches at least).

At around 4am, my system ran a Sophos Engine update, as it does on the 7th of every month called by cron. I'm using the MajorSophos script to log into Sophos and download the latest engine, which then calls the Sophos installation script included with MS.

Along with the normally scheduled definition updates downloaded by Sophos-autoupdate, this left me with the following:

Current Sophos version information follows:
Product version : 4.96.1 Engine version : 3.50.1 Virus data version : 4.97 Released : 15 January 2014

Prior to this, all was running perfectly well. I am configured to use clam and sophossavi (SAVI 0.30) as my scanners.

>From my logs it's clear that at this point MailScanner (4.84.5-3) gave up and died.

I've tried running test batches, but there's no error. I get the message about meaningless output to keep SAVI happy, but that's all. Meantime in my mail.log I can see Clam performed its scans successfully, but then it just appears to hang. No other information appears in any logs that I can find.

I have tried manually running sweep from the MS sophos-wrapper script - this works fine.
I have tried running example perl script included with SAVI - this works fine.
I have tried switching from sophossavi to sophos - same problem.
I have tried removing Sophos altogether and running just with ClamAV - MS performs as expected.

I didn't see Eric's email until recently, having been processing a massive email queue, using just Clam, so I've not left it alone long enough to potentially see his timeout message. (In hindsight I should probably have checked online list archives, but anyway).

Hitting Sophos with a SIGKILL per Eric's suggestion seems a bit extreme. Has anyone else seen this problem and have an alternate solution, or can point me at where to look for some more useful diagnostics, as I presently have next to nothing to go on.

Thanks

Stef

 

From johnnyb at marlboro.edu  Tue Feb 11 13:57:43 2014
From: johnnyb at marlboro.edu (John Baker)
Date: Tue, 11 Feb 2014 08:57:43 -0500
Subject: why is NY TImes listed?
Message-ID: <CAKf3qpgAFQ_RrJsR50-hn3ORLDz4gdTSj9pkmCDA9V9yXRiUBA@mail.gmail.com>

Hi,

I'm getting a lot of complaints from mail users because ScamNailer has
 nytdirect\@nytimes\.com listed right  now.

That is a legit address. What's up with this and can it be removed?

-- 
John Baker
Network Administrator
Marlboro College
Phone: 451-7551 Cell: 490-0066
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140211/d6ba4b20/attachment.html 

From raubvogel at gmail.com  Tue Feb 11 14:34:40 2014
From: raubvogel at gmail.com (Mauricio Tavares)
Date: Tue, 11 Feb 2014 09:34:40 -0500
Subject: why is NY TImes listed?
In-Reply-To: <CAKf3qpgAFQ_RrJsR50-hn3ORLDz4gdTSj9pkmCDA9V9yXRiUBA@mail.gmail.com>
References: <CAKf3qpgAFQ_RrJsR50-hn3ORLDz4gdTSj9pkmCDA9V9yXRiUBA@mail.gmail.com>
Message-ID: <CAHEKYV6TskTfQqN6S7rZgCDvBR-SFYu_=5QtHDqM0=ZHsO2bZw@mail.gmail.com>

On Tue, Feb 11, 2014 at 8:57 AM, John Baker <johnnyb at marlboro.edu> wrote:
> Hi,
>
> I'm getting a lot of complaints from mail users because ScamNailer has
> nytdirect\@nytimes\.com listed right  now.
>
> That is a legit address. What's up with this and can it be removed?
>
      Check if it was blacklisted. your logs might provide a clue

> --
> John Baker
> Network Administrator
> Marlboro College
> Phone: 451-7551 Cell: 490-0066
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

From phil.randal at hoopleltd.co.uk  Tue Feb 11 14:44:06 2014
From: phil.randal at hoopleltd.co.uk (Randal, Phil)
Date: Tue, 11 Feb 2014 14:44:06 +0000
Subject: why is NY TImes listed?
In-Reply-To: <CAKf3qpgAFQ_RrJsR50-hn3ORLDz4gdTSj9pkmCDA9V9yXRiUBA@mail.gmail.com>
References: <CAKf3qpgAFQ_RrJsR50-hn3ORLDz4gdTSj9pkmCDA9V9yXRiUBA@mail.gmail.com>
Message-ID: <7CA580B59C1ABD45B4614ED90D4C7B857E82BA8E@HC-EXMBX04.herefordshire.gov.uk>

Whitelist it in spamassassin?  Preferably whitelist_auth than just whitelisting the from address (in case it is spoofed).

Cheers,

Phil
--
Phil Randal
Infrastructure Engineer
Hoople Ltd | Thorn Office Centre | Hereford HR2 6JT
Tel: 01432 260415 | Email: phil.randal at hoopleltd.co.uk<mailto:phil.randal at hoopleltd.co.uk>

From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of John Baker
Sent: 11 February 2014 13:58
To: MailScanner discussion
Subject: why is NY TImes listed?

Hi,

I'm getting a lot of complaints from mail users because ScamNailer has  nytdirect\@nytimes\.com listed right  now.

That is a legit address. What's up with this and can it be removed?

--
John Baker
Network Administrator
Marlboro College
Phone: 451-7551 Cell: 490-0066
Hoople Ltd, Registered in England and Wales No. 7556595
Registered office: Plough Lane, Hereford, HR4 0LE

"Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140211/5eec350b/attachment.html 

From mailscanner at barendse.to  Wed Feb 12 10:55:59 2014
From: mailscanner at barendse.to (Remco Barendse)
Date: Wed, 12 Feb 2014 11:55:59 +0100 (CET)
Subject: Clean up script for tmp files
Message-ID: <alpine.LRH.2.02.1402121147260.14150@raveon.vaag.nu>

I know the subject was discussed on the mailing list several times but i 
didn't find the ultimate solution.

Does anyone have a super duper cleanup script for all the files in :

/tmp
for files like  tmp.DPhoj31724

/var/spool/MailScanner/incoming/SpamAssassin-Temp
for files like  .spamassassin3805xUDKuUtmp
                 MailScanner.0aOrDx
                 tmp.IKiiOy6683

They are seriously clogging up my filesystem and slowing down the system.

I tried to script something based on the age of the file but it didn't 
work (maybe because most are zero byte files).

Thanks!

Remco

From pas at unh.edu  Wed Feb 12 12:11:43 2014
From: pas at unh.edu (Paul A Sand)
Date: Wed, 12 Feb 2014 07:11:43 -0500
Subject: Clean up script for tmp files
In-Reply-To: <alpine.LRH.2.02.1402121147260.14150@raveon.vaag.nu>
References: <alpine.LRH.2.02.1402121147260.14150@raveon.vaag.nu>
Message-ID: <20140212121143.GA3432@cisunix.unh.edu>

* Remco Barendse <mailscanner at barendse.to> [2014-02-12 06:06]:
> Does anyone have a super duper cleanup script for all the files in :
> 
> /tmp
> for files like  tmp.DPhoj31724
> 
> /var/spool/MailScanner/incoming/SpamAssassin-Temp
> for files like  .spamassassin3805xUDKuUtmp
>                  MailScanner.0aOrDx
>                  tmp.IKiiOy6683
> 
> They are seriously clogging up my filesystem and slowing down the system.

Whoa, you?re right that there?s a lot of them.

Using ?tmpwatch? is probably the answer if you?re using a Linux-based
system. (http://linux.die.net/man/8/tmpwatch)

On (for example) Red Hat, you can tweak the /tmp cleaning options
(and add directories like /var/spool/MailScanner/incoming/SpamAssassin-Temp)
by editing /etc/cron.daily/tmpwatch.

I?m going to do that last part myself right now?

-- 
-- Paul A Sand <pas at unh.edu>
-- Information Technology / University of New Hampshire
-- http://pubpages.unh.edu/~pas
-- Do not remove tag under penalty of federal law.

From jethro.binks at strath.ac.uk  Wed Feb 12 12:21:46 2014
From: jethro.binks at strath.ac.uk (Jethro R Binks)
Date: Wed, 12 Feb 2014 12:21:46 +0000 (GMT)
Subject: Clean up script for tmp files
In-Reply-To: <alpine.LRH.2.02.1402121147260.14150@raveon.vaag.nu>
References: <alpine.LRH.2.02.1402121147260.14150@raveon.vaag.nu>
Message-ID: <alpine.BSF.2.02.1402121220430.18997@qrswnz.pp.fgengu.np.hx>

I've run this nightly for years which may help:


#!/bin/sh
##
## MailScanner, SpamAssassin and so on tend to leave files around, so this
## will clean up any more than $days old
##
## v2.1

# Defined in MailScanner.conf, "Incoming Work Dir":
MSWORK=/mail/scanner/incoming
# Defined in MailScanner.conf, "SpamAssassin Temporary Dir":
#SATMP=/tmp
SATMP=$MSWORK/SpamAssassin-Temp
# Defined in clamd.conf, "TemporaryDirectory":
CLAMAVTMP=/var/tmp

days="2"

opts="-mtime +$days -maxdepth 1"

find $SATMP -name '.spamassassin*' $opts | xargs rm -rf
find $SATMP -name 'update_spamassassin*' $opts | xargs rm -rf
find $MSWORK -name '[0-9]*' -type d $opts | xargs rm -rf
find $CLAMAVTMP -name 'packlist.*' -type f $opts | xargs rm -rf
find $CLAMAVTMP -name 'checkholddir.*' -type f $opts | xargs rm -rf
find $CLAMAVTMP -name 'clamav-*' $opts | xargs rm -rf




On Wed, 12 Feb 2014, Remco Barendse wrote:

> I know the subject was discussed on the mailing list several times but i 
> didn't find the ultimate solution.
> 
> Does anyone have a super duper cleanup script for all the files in :
> 
> /tmp
> for files like  tmp.DPhoj31724
> 
> /var/spool/MailScanner/incoming/SpamAssassin-Temp
> for files like  .spamassassin3805xUDKuUtmp
>                  MailScanner.0aOrDx
>                  tmp.IKiiOy6683
> 
> They are seriously clogging up my filesystem and slowing down the system.
> 
> I tried to script something based on the age of the file but it didn't 
> work (maybe because most are zero byte files).
> 
> Thanks!
> 
> Remco
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 

.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
Jethro R Binks, Network Manager,
Information Services Directorate, University Of Strathclyde, Glasgow, UK

The University of Strathclyde is a charitable body, registered in
Scotland, number SC015263.

From phil.randal at hoopleltd.co.uk  Wed Feb 12 12:22:48 2014
From: phil.randal at hoopleltd.co.uk (Randal, Phil)
Date: Wed, 12 Feb 2014 12:22:48 +0000
Subject: Clean up script for tmp files
In-Reply-To: <alpine.LRH.2.02.1402121147260.14150@raveon.vaag.nu>
References: <alpine.LRH.2.02.1402121147260.14150@raveon.vaag.nu>
Message-ID: <7CA580B59C1ABD45B4614ED90D4C7B857E830E4B@HC-EXMBX04.herefordshire.gov.uk>

The latest version, 4.86.4 seems to clean up most of these.

If you do install that version, also get the latest TNEF.pm from the MailScanner git repository to solve the issue of loads of tnef* files being created and not deleted.

Cheers,

Phil


-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Remco Barendse
Sent: 12 February 2014 10:56
To: MailScanner mailing list
Subject: Clean up script for tmp files

I know the subject was discussed on the mailing list several times but i didn't find the ultimate solution.

Does anyone have a super duper cleanup script for all the files in :

/tmp
for files like  tmp.DPhoj31724

/var/spool/MailScanner/incoming/SpamAssassin-Temp
for files like  .spamassassin3805xUDKuUtmp
                 MailScanner.0aOrDx
                 tmp.IKiiOy6683

They are seriously clogging up my filesystem and slowing down the system.

I tried to script something based on the age of the file but it didn't work (maybe because most are zero byte files).

Thanks!

Remco
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
Hoople Ltd, Registered in England and Wales No. 7556595
Registered office: Plough Lane, Hereford, HR4 0LE

"Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it."

From armando.montiel at gmail.com  Wed Feb 12 13:00:02 2014
From: armando.montiel at gmail.com (Armando Montiel)
Date: Wed, 12 Feb 2014 07:00:02 -0600
Subject: Clean up script for tmp files
In-Reply-To: <alpine.LRH.2.02.1402121147260.14150@raveon.vaag.nu>
References: <alpine.LRH.2.02.1402121147260.14150@raveon.vaag.nu>
Message-ID: <CAJY3TwE8xZCPKi04e5OvHtidFsROuwU0vs86Q5epyP8HTOBuGQ@mail.gmail.com>

use the "tmpwatch HOURS_OLDER_THAN_THIS /tmp" command.

"tmpwatch 24 /tmp"
will erase every file or subfolder under /tmp not used in the last 24 hours
or oldest ones.
El feb 12, 2014 5:24 AM, "Remco Barendse" <mailscanner at barendse.to>
escribi?:

> I know the subject was discussed on the mailing list several times but i
> didn't find the ultimate solution.
>
> Does anyone have a super duper cleanup script for all the files in :
>
> /tmp
> for files like  tmp.DPhoj31724
>
> /var/spool/MailScanner/incoming/SpamAssassin-Temp
> for files like  .spamassassin3805xUDKuUtmp
>                  MailScanner.0aOrDx
>                  tmp.IKiiOy6683
>
> They are seriously clogging up my filesystem and slowing down the system.
>
> I tried to script something based on the age of the file but it didn't
> work (maybe because most are zero byte files).
>
> Thanks!
>
> Remco
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140212/0b03f384/attachment.html 

From mailscanner at barendse.to  Fri Feb 14 13:24:27 2014
From: mailscanner at barendse.to (Remco Barendse)
Date: Fri, 14 Feb 2014 14:24:27 +0100 (CET)
Subject: Clean up script for tmp files
In-Reply-To: <7CA580B59C1ABD45B4614ED90D4C7B857E830E4B@HC-EXMBX04.herefordshire.gov.uk>
References: <alpine.LRH.2.02.1402121147260.14150@raveon.vaag.nu>
	<7CA580B59C1ABD45B4614ED90D4C7B857E830E4B@HC-EXMBX04.herefordshire.gov.uk>
Message-ID: <alpine.LRH.2.02.1402141421030.14150@raveon.vaag.nu>

Hi Phil,

I am running the latest version of MailScanner since it came out, sadly, 
it didn't solve my problem  (assuming you made a typo and meant 4.84.6-1, 
i couldn't find 4.86.4).

I will try the script that Jethro R Binks posted, looks like this will 
solve my problem (that script should be included in MailScanner!). :)
If not i will try to fiddle with tmpwatch.

Thanks all for the suggestions!

Cheers,
Remco


On Wed, 12 Feb 2014, Randal, Phil wrote:

> The latest version, 4.86.4 seems to clean up most of these.
>
> If you do install that version, also get the latest TNEF.pm from the MailScanner git repository to solve the issue of loads of tnef* files being created and not deleted.
>
> Cheers,
>
> Phil
>
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Remco Barendse
> Sent: 12 February 2014 10:56
> To: MailScanner mailing list
> Subject: Clean up script for tmp files
>
> I know the subject was discussed on the mailing list several times but i didn't find the ultimate solution.
>
> Does anyone have a super duper cleanup script for all the files in :
>
> /tmp
> for files like  tmp.DPhoj31724
>
> /var/spool/MailScanner/incoming/SpamAssassin-Temp
> for files like  .spamassassin3805xUDKuUtmp
>                 MailScanner.0aOrDx
>                 tmp.IKiiOy6683
>
> They are seriously clogging up my filesystem and slowing down the system.
>
> I tried to script something based on the age of the file but it didn't work (maybe because most are zero byte files).
>
> Thanks!
>
> Remco
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> Hoople Ltd, Registered in England and Wales No. 7556595
> Registered office: Plough Lane, Hereford, HR4 0LE
>
> "Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it."
>

From mailscanner at barendse.to  Fri Feb 14 13:47:52 2014
From: mailscanner at barendse.to (Remco Barendse)
Date: Fri, 14 Feb 2014 14:47:52 +0100 (CET)
Subject: Clean up script for tmp files
In-Reply-To: <alpine.BSF.2.02.1402121220430.18997@qrswnz.pp.fgengu.np.hx>
References: <alpine.LRH.2.02.1402121147260.14150@raveon.vaag.nu>
	<alpine.BSF.2.02.1402121220430.18997@qrswnz.pp.fgengu.np.hx>
Message-ID: <alpine.LRH.2.02.1402141446140.14150@raveon.vaag.nu>

Hi Jethro,

When i run the script i get this message :

---
find: warning: you have specified the -maxdepth option after a non-option 
argument -mtime, but options are not positional (-maxdepth affects tests 
specified before it as well as those specified after it).  Please specify 
options before other arguments.
---

I tried moving the $opts to the front but that didn't help.

Where am i going wrong?

Cheers!

On Wed, 12 Feb 2014, Jethro R Binks wrote:

> I've run this nightly for years which may help:
>
>
> #!/bin/sh
> ##
> ## MailScanner, SpamAssassin and so on tend to leave files around, so this
> ## will clean up any more than $days old
> ##
> ## v2.1
>
> # Defined in MailScanner.conf, "Incoming Work Dir":
> MSWORK=/mail/scanner/incoming
> # Defined in MailScanner.conf, "SpamAssassin Temporary Dir":
> #SATMP=/tmp
> SATMP=$MSWORK/SpamAssassin-Temp
> # Defined in clamd.conf, "TemporaryDirectory":
> CLAMAVTMP=/var/tmp
>
> days="2"
>
> opts="-mtime +$days -maxdepth 1"
>
> find $SATMP -name '.spamassassin*' $opts | xargs rm -rf
> find $SATMP -name 'update_spamassassin*' $opts | xargs rm -rf
> find $MSWORK -name '[0-9]*' -type d $opts | xargs rm -rf
> find $CLAMAVTMP -name 'packlist.*' -type f $opts | xargs rm -rf
> find $CLAMAVTMP -name 'checkholddir.*' -type f $opts | xargs rm -rf
> find $CLAMAVTMP -name 'clamav-*' $opts | xargs rm -rf
>
>
>
>
> On Wed, 12 Feb 2014, Remco Barendse wrote:
>
>> I know the subject was discussed on the mailing list several times but i
>> didn't find the ultimate solution.
>>
>> Does anyone have a super duper cleanup script for all the files in :
>>
>> /tmp
>> for files like  tmp.DPhoj31724
>>
>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>> for files like  .spamassassin3805xUDKuUtmp
>>                  MailScanner.0aOrDx
>>                  tmp.IKiiOy6683
>>
>> They are seriously clogging up my filesystem and slowing down the system.
>>
>> I tried to script something based on the age of the file but it didn't
>> work (maybe because most are zero byte files).
>>
>> Thanks!
>>
>> Remco
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
> Jethro R Binks, Network Manager,
> Information Services Directorate, University Of Strathclyde, Glasgow, UK
>
> The University of Strathclyde is a charitable body, registered in
> Scotland, number SC015263.
>

From phil.randal at hoopleltd.co.uk  Fri Feb 14 16:31:20 2014
From: phil.randal at hoopleltd.co.uk (Randal, Phil)
Date: Fri, 14 Feb 2014 16:31:20 +0000
Subject: Clean up script for tmp files
In-Reply-To: <alpine.LRH.2.02.1402141421030.14150@raveon.vaag.nu>
References: <alpine.LRH.2.02.1402121147260.14150@raveon.vaag.nu>
	<7CA580B59C1ABD45B4614ED90D4C7B857E830E4B@HC-EXMBX04.herefordshire.gov.uk>
	<alpine.LRH.2.02.1402141421030.14150@raveon.vaag.nu>
Message-ID: <7CA580B59C1ABD45B4614ED90D4C7B857E83D06A@HC-EXMBX04.herefordshire.gov.uk>

Yes, my typo.  Apologies.

The Updated TNEF.pm from git is still needed to stop a load of temp files being created and not deleted:

https://github.com/MailScanner/MailScanner/blob/master/mailscanner/bin/MailScanner/TNEF.pm

Cheers,

Phil

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Remco Barendse
Sent: 14 February 2014 13:24
To: MailScanner discussion
Subject: RE: Clean up script for tmp files

Hi Phil,

I am running the latest version of MailScanner since it came out, sadly, it didn't solve my problem  (assuming you made a typo and meant 4.84.6-1, i couldn't find 4.86.4).

I will try the script that Jethro R Binks posted, looks like this will solve my problem (that script should be included in MailScanner!). :) If not i will try to fiddle with tmpwatch.

Thanks all for the suggestions!

Cheers,
Remco


On Wed, 12 Feb 2014, Randal, Phil wrote:

> The latest version, 4.86.4 seems to clean up most of these.
>
> If you do install that version, also get the latest TNEF.pm from the MailScanner git repository to solve the issue of loads of tnef* files being created and not deleted.
>
> Cheers,
>
> Phil
>
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info 
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Remco 
> Barendse
> Sent: 12 February 2014 10:56
> To: MailScanner mailing list
> Subject: Clean up script for tmp files
>
> I know the subject was discussed on the mailing list several times but i didn't find the ultimate solution.
>
> Does anyone have a super duper cleanup script for all the files in :
>
> /tmp
> for files like  tmp.DPhoj31724
>
> /var/spool/MailScanner/incoming/SpamAssassin-Temp
> for files like  .spamassassin3805xUDKuUtmp
>                 MailScanner.0aOrDx
>                 tmp.IKiiOy6683
>
> They are seriously clogging up my filesystem and slowing down the system.
>
> I tried to script something based on the age of the file but it didn't work (maybe because most are zero byte files).
>
> Thanks!
>
> Remco
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> Hoople Ltd, Registered in England and Wales No. 7556595 Registered 
> office: Plough Lane, Hereford, HR4 0LE
>
> "Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it."
>
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

From Kevin_Miller at ci.juneau.ak.us  Fri Feb 14 18:06:00 2014
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Fri, 14 Feb 2014 09:06:00 -0900
Subject: Clean up script for tmp files
In-Reply-To: <7CA580B59C1ABD45B4614ED90D4C7B857E83D06A@HC-EXMBX04.herefordshire.gov.uk>
References: <alpine.LRH.2.02.1402121147260.14150@raveon.vaag.nu>
	<7CA580B59C1ABD45B4614ED90D4C7B857E830E4B@HC-EXMBX04.herefordshire.gov.uk>
	<alpine.LRH.2.02.1402141421030.14150@raveon.vaag.nu>
	<7CA580B59C1ABD45B4614ED90D4C7B857E83D06A@HC-EXMBX04.herefordshire.gov.uk>
Message-ID: <C87702B41702834792222AE25D4057B6198BCAE1CF@city-exchange07>

Is this just a drop in replacement, i.e., can I just copy over the old /usr/lib/MailScanner/MailScanner/TNEF.pm with the new one?  Or do I have to install it somehow?  Will it conflict with anything in perl-Convert-TNEF?

I presume "TNEF Expander" should be set to internal.  

 ...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Randal, Phil
Sent: Friday, February 14, 2014 7:31 AM
To: MailScanner discussion
Subject: RE: Clean up script for tmp files

Yes, my typo.  Apologies.

The Updated TNEF.pm from git is still needed to stop a load of temp files being created and not deleted:

https://github.com/MailScanner/MailScanner/blob/master/mailscanner/bin/MailScanner/TNEF.pm

Cheers,

Phil

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Remco Barendse
Sent: 14 February 2014 13:24
To: MailScanner discussion
Subject: RE: Clean up script for tmp files

Hi Phil,

I am running the latest version of MailScanner since it came out, sadly, it didn't solve my problem  (assuming you made a typo and meant 4.84.6-1, i couldn't find 4.86.4).

I will try the script that Jethro R Binks posted, looks like this will solve my problem (that script should be included in MailScanner!). :) If not i will try to fiddle with tmpwatch.

Thanks all for the suggestions!

Cheers,
Remco


On Wed, 12 Feb 2014, Randal, Phil wrote:

> The latest version, 4.86.4 seems to clean up most of these.
>
> If you do install that version, also get the latest TNEF.pm from the MailScanner git repository to solve the issue of loads of tnef* files being created and not deleted.
>
> Cheers,
>
> Phil
>
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Remco 
> Barendse
> Sent: 12 February 2014 10:56
> To: MailScanner mailing list
> Subject: Clean up script for tmp files
>
> I know the subject was discussed on the mailing list several times but i didn't find the ultimate solution.
>
> Does anyone have a super duper cleanup script for all the files in :
>
> /tmp
> for files like  tmp.DPhoj31724
>
> /var/spool/MailScanner/incoming/SpamAssassin-Temp
> for files like  .spamassassin3805xUDKuUtmp
>                 MailScanner.0aOrDx
>                 tmp.IKiiOy6683
>
> They are seriously clogging up my filesystem and slowing down the system.
>
> I tried to script something based on the age of the file but it didn't work (maybe because most are zero byte files).
>
> Thanks!
>
> Remco
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> Hoople Ltd, Registered in England and Wales No. 7556595 Registered
> office: Plough Lane, Hereford, HR4 0LE
>
> "Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it."
>
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

From mark at msapiro.net  Fri Feb 14 18:49:00 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Fri, 14 Feb 2014 10:49:00 -0800
Subject: Clean up script for tmp files
In-Reply-To: <C87702B41702834792222AE25D4057B6198BCAE1CF@city-exchange07>
References: <alpine.LRH.2.02.1402121147260.14150@raveon.vaag.nu>	<7CA580B59C1ABD45B4614ED90D4C7B857E830E4B@HC-EXMBX04.herefordshire.gov.uk>	<alpine.LRH.2.02.1402141421030.14150@raveon.vaag.nu>	<7CA580B59C1ABD45B4614ED90D4C7B857E83D06A@HC-EXMBX04.herefordshire.gov.uk>
	<C87702B41702834792222AE25D4057B6198BCAE1CF@city-exchange07>
Message-ID: <52FE651C.8070404@msapiro.net>

On 02/14/2014 10:06 AM, Kevin Miller wrote:
> Is this just a drop in replacement, i.e., can I just copy over the old /usr/lib/MailScanner/MailScanner/TNEF.pm with the new one?


Yes.


> I presume "TNEF Expander" should be set to internal.  


Yes.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mailscanner at barendse.to  Sat Feb 15 09:08:52 2014
From: mailscanner at barendse.to (Remco Barendse)
Date: Sat, 15 Feb 2014 10:08:52 +0100 (CET)
Subject: Clean up script for tmp files
In-Reply-To: <alpine.BSF.2.02.1402121220430.18997@qrswnz.pp.fgengu.np.hx>
References: <alpine.LRH.2.02.1402121147260.14150@raveon.vaag.nu>
	<alpine.BSF.2.02.1402121220430.18997@qrswnz.pp.fgengu.np.hx>
Message-ID: <alpine.LRH.2.02.1402150940160.14150@raveon.vaag.nu>

I slightly modified the script, if i remove "-maxdepth 1"  from opts the 
script completes without errors and i included /tmp.
However, the find command doesn't find the files. Even when i set days to 
1, i still find files that are 3-4 days old.

When i do :
   find /var/spool/MailScanner/incoming/SpamAssassin-Temp/ -name 'tmp.*' 
it finds all the files, when i add "-mtime +1" it doesn't find anything 
anymore.

Clues anyone?  Could it be that mtime doesn't work on zero byte files?

Thanks!



On Wed, 12 Feb 2014, Jethro R Binks wrote:

> I've run this nightly for years which may help:
>
>
> #!/bin/sh
> ##
> ## MailScanner, SpamAssassin and so on tend to leave files around, so this
> ## will clean up any more than $days old
> ##
> ## v2.1
>
> # Defined in MailScanner.conf, "Incoming Work Dir":
> MSWORK=/mail/scanner/incoming
> # Defined in MailScanner.conf, "SpamAssassin Temporary Dir":
> #SATMP=/tmp
> SATMP=$MSWORK/SpamAssassin-Temp
> # Defined in clamd.conf, "TemporaryDirectory":
> CLAMAVTMP=/var/tmp
>
> days="2"
>
> opts="-mtime +$days -maxdepth 1"
>
> find $SATMP -name '.spamassassin*' $opts | xargs rm -rf
> find $SATMP -name 'update_spamassassin*' $opts | xargs rm -rf
> find $MSWORK -name '[0-9]*' -type d $opts | xargs rm -rf
> find $CLAMAVTMP -name 'packlist.*' -type f $opts | xargs rm -rf
> find $CLAMAVTMP -name 'checkholddir.*' -type f $opts | xargs rm -rf
> find $CLAMAVTMP -name 'clamav-*' $opts | xargs rm -rf
>
>
>
>
> On Wed, 12 Feb 2014, Remco Barendse wrote:
>
>> I know the subject was discussed on the mailing list several times but i
>> didn't find the ultimate solution.
>>
>> Does anyone have a super duper cleanup script for all the files in :
>>
>> /tmp
>> for files like  tmp.DPhoj31724
>>
>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>> for files like  .spamassassin3805xUDKuUtmp
>>                  MailScanner.0aOrDx
>>                  tmp.IKiiOy6683
>>
>> They are seriously clogging up my filesystem and slowing down the system.
>>
>> I tried to script something based on the age of the file but it didn't
>> work (maybe because most are zero byte files).
>>
>> Thanks!
>>
>> Remco
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
> Jethro R Binks, Network Manager,
> Information Services Directorate, University Of Strathclyde, Glasgow, UK
>
> The University of Strathclyde is a charitable body, registered in
> Scotland, number SC015263.
>

From jethro.binks at strath.ac.uk  Sat Feb 15 12:17:30 2014
From: jethro.binks at strath.ac.uk (Jethro R Binks)
Date: Sat, 15 Feb 2014 12:17:30 +0000
Subject: Clean up script for tmp files
In-Reply-To: <alpine.LRH.2.02.1402150940160.14150@raveon.vaag.nu>
References: <alpine.LRH.2.02.1402121147260.14150@raveon.vaag.nu>
	<alpine.BSF.2.02.1402121220430.18997@qrswnz.pp.fgengu.np.hx>
	<alpine.LRH.2.02.1402150940160.14150@raveon.vaag.nu>
Message-ID: <7FE6BB28-E3F4-4128-AC12-1D3C456E02AF@strath.ac.uk>

My script was written for FreeBSD.  If you're using a different operating system, you'll need to read the manual page for your 'find' command and modify it accordingly.

> On 15 Feb 2014, at 09:08, Remco Barendse <mailscanner at barendse.to> wrote:
> 
> I slightly modified the script, if i remove "-maxdepth 1"  from opts the 
> script completes without errors and i included /tmp.
> However, the find command doesn't find the files. Even when i set days to 
> 1, i still find files that are 3-4 days old.
> 
> When i do :
>   find /var/spool/MailScanner/incoming/SpamAssassin-Temp/ -name 'tmp.*' 
> it finds all the files, when i add "-mtime +1" it doesn't find anything 
> anymore.
> 
> Clues anyone?  Could it be that mtime doesn't work on zero byte files?
> 
> Thanks!
> 
> 
> 
>> On Wed, 12 Feb 2014, Jethro R Binks wrote:
>> 
>> I've run this nightly for years which may help:
>> 
>> 
>> #!/bin/sh
>> ##
>> ## MailScanner, SpamAssassin and so on tend to leave files around, so this
>> ## will clean up any more than $days old
>> ##
>> ## v2.1
>> 
>> # Defined in MailScanner.conf, "Incoming Work Dir":
>> MSWORK=/mail/scanner/incoming
>> # Defined in MailScanner.conf, "SpamAssassin Temporary Dir":
>> #SATMP=/tmp
>> SATMP=$MSWORK/SpamAssassin-Temp
>> # Defined in clamd.conf, "TemporaryDirectory":
>> CLAMAVTMP=/var/tmp
>> 
>> days="2"
>> 
>> opts="-mtime +$days -maxdepth 1"
>> 
>> find $SATMP -name '.spamassassin*' $opts | xargs rm -rf
>> find $SATMP -name 'update_spamassassin*' $opts | xargs rm -rf
>> find $MSWORK -name '[0-9]*' -type d $opts | xargs rm -rf
>> find $CLAMAVTMP -name 'packlist.*' -type f $opts | xargs rm -rf
>> find $CLAMAVTMP -name 'checkholddir.*' -type f $opts | xargs rm -rf
>> find $CLAMAVTMP -name 'clamav-*' $opts | xargs rm -rf
>> 
>> 
>> 
>> 
>>> On Wed, 12 Feb 2014, Remco Barendse wrote:
>>> 
>>> I know the subject was discussed on the mailing list several times but i
>>> didn't find the ultimate solution.
>>> 
>>> Does anyone have a super duper cleanup script for all the files in :
>>> 
>>> /tmp
>>> for files like  tmp.DPhoj31724
>>> 
>>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>>> for files like  .spamassassin3805xUDKuUtmp
>>>                 MailScanner.0aOrDx
>>>                 tmp.IKiiOy6683
>>> 
>>> They are seriously clogging up my filesystem and slowing down the system.
>>> 
>>> I tried to script something based on the age of the file but it didn't
>>> work (maybe because most are zero byte files).
>>> 
>>> Thanks!
>>> 
>>> Remco
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>> 
>>> Before posting, read http://wiki.mailscanner.info/posting
>>> 
>>> Support MailScanner development - buy the book off the website!
>>> 
>> 
>> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
>> Jethro R Binks, Network Manager,
>> Information Services Directorate, University Of Strathclyde, Glasgow, UK
>> 
>> The University of Strathclyde is a charitable body, registered in
>> Scotland, number SC015263.
>> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

From kkobb at skylinecorp.com  Wed Feb 19 13:28:57 2014
From: kkobb at skylinecorp.com (Kevin Kobb)
Date: Wed, 19 Feb 2014 08:28:57 -0500
Subject: Clean up script for tmp files
In-Reply-To: <7FE6BB28-E3F4-4128-AC12-1D3C456E02AF@strath.ac.uk>
References: <alpine.LRH.2.02.1402121147260.14150@raveon.vaag.nu>	<alpine.BSF.2.02.1402121220430.18997@qrswnz.pp.fgengu.np.hx>	<alpine.LRH.2.02.1402150940160.14150@raveon.vaag.nu>
	<7FE6BB28-E3F4-4128-AC12-1D3C456E02AF@strath.ac.uk>
Message-ID: <5304B199.9000906@skylinecorp.com>

Hello,

It would probably be more efficient to use the find "-delete" action 
rather than "xargs rm -rf", but either should work.

On a side note, does anybody have plans to carve out an "old style" 
MailScanner tarball with the fixes from GitHub? i.e. a new 4.8xx release?

Thanks

On 2/15/2014 7:17 AM, Jethro R Binks wrote:
> My script was written for FreeBSD.  If you're using a different operating system, you'll need to read the manual page for your 'find' command and modify it accordingly.
>
>> On 15 Feb 2014, at 09:08, Remco Barendse <mailscanner at barendse.to> wrote:
>>
>> I slightly modified the script, if i remove "-maxdepth 1"  from opts the
>> script completes without errors and i included /tmp.
>> However, the find command doesn't find the files. Even when i set days to
>> 1, i still find files that are 3-4 days old.
>>
>> When i do :
>>    find /var/spool/MailScanner/incoming/SpamAssassin-Temp/ -name 'tmp.*'
>> it finds all the files, when i add "-mtime +1" it doesn't find anything
>> anymore.
>>
>> Clues anyone?  Could it be that mtime doesn't work on zero byte files?
>>
>> Thanks!
>>
>>
>>
>>> On Wed, 12 Feb 2014, Jethro R Binks wrote:
>>>
>>> I've run this nightly for years which may help:
>>>
>>>
>>> #!/bin/sh
>>> ##
>>> ## MailScanner, SpamAssassin and so on tend to leave files around, so this
>>> ## will clean up any more than $days old
>>> ##
>>> ## v2.1
>>>
>>> # Defined in MailScanner.conf, "Incoming Work Dir":
>>> MSWORK=/mail/scanner/incoming
>>> # Defined in MailScanner.conf, "SpamAssassin Temporary Dir":
>>> #SATMP=/tmp
>>> SATMP=$MSWORK/SpamAssassin-Temp
>>> # Defined in clamd.conf, "TemporaryDirectory":
>>> CLAMAVTMP=/var/tmp
>>>
>>> days="2"
>>>
>>> opts="-mtime +$days -maxdepth 1"
>>>
>>> find $SATMP -name '.spamassassin*' $opts | xargs rm -rf
>>> find $SATMP -name 'update_spamassassin*' $opts | xargs rm -rf
>>> find $MSWORK -name '[0-9]*' -type d $opts | xargs rm -rf
>>> find $CLAMAVTMP -name 'packlist.*' -type f $opts | xargs rm -rf
>>> find $CLAMAVTMP -name 'checkholddir.*' -type f $opts | xargs rm -rf
>>> find $CLAMAVTMP -name 'clamav-*' $opts | xargs rm -rf
>>>
>>>
>>>
>>>
>>>> On Wed, 12 Feb 2014, Remco Barendse wrote:
>>>>
>>>> I know the subject was discussed on the mailing list several times but i
>>>> didn't find the ultimate solution.
>>>>
>>>> Does anyone have a super duper cleanup script for all the files in :
>>>>
>>>> /tmp
>>>> for files like  tmp.DPhoj31724
>>>>
>>>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>>>> for files like  .spamassassin3805xUDKuUtmp
>>>>                  MailScanner.0aOrDx
>>>>                  tmp.IKiiOy6683
>>>>
>>>> They are seriously clogging up my filesystem and slowing down the system.
>>>>
>>>> I tried to script something based on the age of the file but it didn't
>>>> work (maybe because most are zero byte files).
>>>>
>>>> Thanks!
>>>>
>>>> Remco
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>
>>> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
>>> Jethro R Binks, Network Manager,
>>> Information Services Directorate, University Of Strathclyde, Glasgow, UK
>>>
>>> The University of Strathclyde is a charitable body, registered in
>>> Scotland, number SC015263.
>>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!

From alex at vidadigital.com.pa  Wed Feb 19 15:15:19 2014
From: alex at vidadigital.com.pa (Alex Neuman)
Date: Wed, 19 Feb 2014 10:15:19 -0500
Subject: Clean up script for tmp files
In-Reply-To: <5304B199.9000906@skylinecorp.com>
References: <alpine.LRH.2.02.1402121147260.14150@raveon.vaag.nu>
	<alpine.BSF.2.02.1402121220430.18997@qrswnz.pp.fgengu.np.hx>
	<alpine.LRH.2.02.1402150940160.14150@raveon.vaag.nu>
	<7FE6BB28-E3F4-4128-AC12-1D3C456E02AF@strath.ac.uk>
	<5304B199.9000906@skylinecorp.com>
Message-ID: <CANyE0PoLsAfc4NcOyYy+L2PH0Wv7iej7G8VOETr3y2y5T5nwVw@mail.gmail.com>

find -delete may not be present in all platforms. It may be replaced with
find -exec rm \{}; IIRC
On Feb 19, 2014 9:39 AM, "Kevin Kobb" <kkobb at skylinecorp.com> wrote:

> Hello,
>
> It would probably be more efficient to use the find "-delete" action
> rather than "xargs rm -rf", but either should work.
>
> On a side note, does anybody have plans to carve out an "old style"
> MailScanner tarball with the fixes from GitHub? i.e. a new 4.8xx release?
>
> Thanks
>
> On 2/15/2014 7:17 AM, Jethro R Binks wrote:
> > My script was written for FreeBSD.  If you're using a different
> operating system, you'll need to read the manual page for your 'find'
> command and modify it accordingly.
> >
> >> On 15 Feb 2014, at 09:08, Remco Barendse <mailscanner at barendse.to>
> wrote:
> >>
> >> I slightly modified the script, if i remove "-maxdepth 1"  from opts the
> >> script completes without errors and i included /tmp.
> >> However, the find command doesn't find the files. Even when i set days
> to
> >> 1, i still find files that are 3-4 days old.
> >>
> >> When i do :
> >>    find /var/spool/MailScanner/incoming/SpamAssassin-Temp/ -name 'tmp.*'
> >> it finds all the files, when i add "-mtime +1" it doesn't find anything
> >> anymore.
> >>
> >> Clues anyone?  Could it be that mtime doesn't work on zero byte files?
> >>
> >> Thanks!
> >>
> >>
> >>
> >>> On Wed, 12 Feb 2014, Jethro R Binks wrote:
> >>>
> >>> I've run this nightly for years which may help:
> >>>
> >>>
> >>> #!/bin/sh
> >>> ##
> >>> ## MailScanner, SpamAssassin and so on tend to leave files around, so
> this
> >>> ## will clean up any more than $days old
> >>> ##
> >>> ## v2.1
> >>>
> >>> # Defined in MailScanner.conf, "Incoming Work Dir":
> >>> MSWORK=/mail/scanner/incoming
> >>> # Defined in MailScanner.conf, "SpamAssassin Temporary Dir":
> >>> #SATMP=/tmp
> >>> SATMP=$MSWORK/SpamAssassin-Temp
> >>> # Defined in clamd.conf, "TemporaryDirectory":
> >>> CLAMAVTMP=/var/tmp
> >>>
> >>> days="2"
> >>>
> >>> opts="-mtime +$days -maxdepth 1"
> >>>
> >>> find $SATMP -name '.spamassassin*' $opts | xargs rm -rf
> >>> find $SATMP -name 'update_spamassassin*' $opts | xargs rm -rf
> >>> find $MSWORK -name '[0-9]*' -type d $opts | xargs rm -rf
> >>> find $CLAMAVTMP -name 'packlist.*' -type f $opts | xargs rm -rf
> >>> find $CLAMAVTMP -name 'checkholddir.*' -type f $opts | xargs rm -rf
> >>> find $CLAMAVTMP -name 'clamav-*' $opts | xargs rm -rf
> >>>
> >>>
> >>>
> >>>
> >>>> On Wed, 12 Feb 2014, Remco Barendse wrote:
> >>>>
> >>>> I know the subject was discussed on the mailing list several times
> but i
> >>>> didn't find the ultimate solution.
> >>>>
> >>>> Does anyone have a super duper cleanup script for all the files in :
> >>>>
> >>>> /tmp
> >>>> for files like  tmp.DPhoj31724
> >>>>
> >>>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
> >>>> for files like  .spamassassin3805xUDKuUtmp
> >>>>                  MailScanner.0aOrDx
> >>>>                  tmp.IKiiOy6683
> >>>>
> >>>> They are seriously clogging up my filesystem and slowing down the
> system.
> >>>>
> >>>> I tried to script something based on the age of the file but it didn't
> >>>> work (maybe because most are zero byte files).
> >>>>
> >>>> Thanks!
> >>>>
> >>>> Remco
> >>>> --
> >>>> MailScanner mailing list
> >>>> mailscanner at lists.mailscanner.info
> >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>>>
> >>>> Before posting, read http://wiki.mailscanner.info/posting
> >>>>
> >>>> Support MailScanner development - buy the book off the website!
> >>>>
> >>>
> >>> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
>  .
> >>> Jethro R Binks, Network Manager,
> >>> Information Services Directorate, University Of Strathclyde, Glasgow,
> UK
> >>>
> >>> The University of Strathclyde is a charitable body, registered in
> >>> Scotland, number SC015263.
> >>>
> >> --
> >> MailScanner mailing list
> >> mailscanner at lists.mailscanner.info
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>
> >> Before posting, read http://wiki.mailscanner.info/posting
> >>
> >> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140219/af7d2497/attachment.html 

From brad at comstyle.com  Thu Feb 20 04:10:56 2014
From: brad at comstyle.com (Brad Smith)
Date: Wed, 19 Feb 2014 23:10:56 -0500
Subject: Clean up script for tmp files
Message-ID: <53058050.6070003@comstyle.com>

Reading this thread makes me want to cringe at the workarounds
mentioned so far. Fixes for most of the temp file issues have existed
for some time now in the github repo; plus an unpatched issue I
pointed out once the rest were resolved it became obvious where
it was... https://github.com/MailScanner/MailScanner/issues/31

If you really want to fix things properly instead of using
gross workarounds upgrade to 4.84.6-1 and lift the patches
I commited to the OpenBSD port/package..

http://www.openbsd.org/cgi-bin/cvsweb/ports/mail/mailscanner/patches/?sortby=date#dirlist

It is a little bit easier to see the patches there than digging
through the github repo.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


From stef at aoc-uk.com  Fri Feb 21 11:17:52 2014
From: stef at aoc-uk.com (Stef Morrell)
Date: Fri, 21 Feb 2014 11:17:52 +0000
Subject: Rebuilding RPM file
Message-ID: <92665C7597419742B19470DFA3D5BEA2090B12F3@vonLipwig.aoc-uk.com>

Hi all,

I'm trying to get an up to date RPM built, using a CentOS 6 machine do the building.

I've downloaded mailscanner-4.84.6-1.src.rpm

I've unpacked using rpm -i and that seems fine, I can see the source tgz and specs file as I would expect.

I've then unpacked the tgz, pulled in latest files from git and made a patch which I've added to the specs, then rebuilt the rpm. So far no problem.

When I come to install, however I have the following dependency issues:

--> Processing Dependency: perl(MailScanner::FileInto) for package: mailscanner-4.84.6-1.noarch
--> Processing Dependency: perl(MailScanner::MCPMessage) for package: mailscanner-4.84.6-1.noarch
--> Finished Dependency Resolution
Error: Package: mailscanner-4.84.6-1.noarch (/mailscanner-4.84.6-1.noarch)
           Requires: perl(MailScanner::FileInto)
Error: Package: mailscanner-4.84.6-1.noarch (/mailscanner-4.84.6-1.noarch)
           Requires: perl(MailScanner::MCPMessage)

And on further investigation, if I simply 'rpmbuild --rebuild' the src rpm, the same dependency issues are present. I also notice the rpm I've generated is some 140k smaller than the one downloaded from the MS webpage.

So - I suspect I'm missing a trick with the rebuild. I have been simply doing ' rpmbuild -ba MailScanner4.spec'. Is there something else I should be putting on this command line?

Thanks

Stef 


From IversonS at rushville.k12.in.us  Sat Feb 22 01:03:15 2014
From: IversonS at rushville.k12.in.us (Shawn Iverson)
Date: Fri, 21 Feb 2014 20:03:15 -0500
Subject: Treat Invalid Watermarks with No Sender as Spam
Message-ID: <5307B103020000D50004DD8C@mail.rushville.k12.in.us>

I am having issues where legitimate bounces, out of office messages, delivery receipts, and so forth are being marked as spam due to no watermark or sender address.
 
Treat Invalid Watermarks with No Sender As Spam = high-scoring spam
 
It appears that these messages indeed to not have a valid watermark or sender address anywhere, even though they are legitimate incoming emails.
 
Is this expected behavior?  It appears that many remote servers strip off the original MIME Header...
 
 
Shawn Iverson
Rush County Schools
District Technology Coordinator
iversons at rushville.k12.in.us


--
This message has been scanned by E.F.A. Project and is believed to be clean.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140221/600324cf/attachment.html 

From Kevin_Miller at ci.juneau.ak.us  Sat Feb 22 01:23:28 2014
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Fri, 21 Feb 2014 16:23:28 -0900
Subject: Treat Invalid Watermarks with No Sender as Spam
In-Reply-To: <5307B103020000D50004DD8C@mail.rushville.k12.in.us>
References: <5307B103020000D50004DD8C@mail.rushville.k12.in.us>
Message-ID: <C87702B41702834792222AE25D4057B6198E5F3E48@city-exchange07>

What are your watermark settings in MailScanner.conf?  The idea behind a watermark is outbound mail gets watermarked. Bounces include the original headers so the watermark should be in it if it came from you.  If there's no watermark it implies it's a forged NDR.  (You probably already understand all that - just being pedantic.)
Can you check your outbound messages to verify they're getting watermarked?  Maybe post some examples to pastebin.  It's hard to say w/o seeing the actual message headers.  Post your watermark settings too.  Naturally you'll want to munge the "Watermark Secret" to something other than the actual value you use.
 ...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Shawn Iverson
Sent: Friday, February 21, 2014 4:03 PM
To: mailscanner at lists.mailscanner.info
Subject: Treat Invalid Watermarks with No Sender as Spam

I am having issues where legitimate bounces, out of office messages, delivery receipts, and so forth are being marked as spam due to no watermark or sender address.

Treat Invalid Watermarks with No Sender As Spam = high-scoring spam

It appears that these messages indeed to not have a valid watermark or sender address anywhere, even though they are legitimate incoming emails.

Is this expected behavior?  It appears that many remote servers strip off the original MIME Header...


Shawn Iverson
Rush County Schools
District Technology Coordinator
iversons at rushville.k12.in.us<mailto:iversons at rushville.k12.in.us>

--
This message has been scanned for viruses and dangerous content by
E.F.A. Project<http://www.efa-project.org>, and is believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140221/95ec55d2/attachment.html 

From IversonS at rushville.k12.in.us  Mon Feb 24 23:54:16 2014
From: IversonS at rushville.k12.in.us (Shawn Iverson)
Date: Mon, 24 Feb 2014 18:54:16 -0500
Subject: Treat Invalid Watermarks with No Sender as Spam
In-Reply-To: <C87702B41702834792222AE25D4057B6198E5F3E48@city-exchange07>
References: <5307B103020000D50004DD8C@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E48@city-exchange07>
Message-ID: <530B9558020000D50004DF21@mail.rushville.k12.in.us>

Use Watermarking = yes
Add Watermark = yes
Check Watermarks With No Sender = yes
Treat Invalid Watermarks With No Sender as Spam = high-scoring spam
Check Watermarks To Skip Spam Checks = yes
Watermark Secret = mysecret
Watermark Lifetime = 604800
Watermark Header = X-%org-name%-MailScanner-EFA-Watermark:

Message sent to my gmail from inside has a watermark...appears to be
watermarking outbound emails ok.
http://pastebin.com/CmiShz59
 
Valid Delivery Success Notification from remote server that was
blocked, watermark not there...my X headers are gone...
http://pastebin.com/UxnAKb3F

 
Shawn Iverson
Rush County Schools
District Technology Coordinator
iversons at rushville.k12.in.us
>>> Kevin Miller <Kevin_Miller at ci.juneau.ak.us> 2/21/2014 8:23 PM >>>

What are your watermark settings in MailScanner.conf?  The idea behind
a watermark is outbound mail gets watermarked. Bounces include the
original headers so the watermark should be in it if it came from you. 
If there?s no watermark it implies it?s a forged NDR.  (You probably
already understand all that ? just being pedantic.)
Can you check your outbound messages to verify they?re getting
watermarked?  Maybe post some examples to pastebin.  It?s hard to say
w/o seeing the actual message headers.  Post your watermark settings
too.  Naturally you?ll want to munge the ?Watermark Secret? to something
other than the actual value you use.
 ...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357 
 


--
This message has been scanned by E.F.A. Project and is believed to be clean.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140224/fdeee47a/attachment.html 

From mailscanner at barendse.to  Tue Feb 25 00:07:04 2014
From: mailscanner at barendse.to (Remco Barendse)
Date: Tue, 25 Feb 2014 01:07:04 +0100 (CET)
Subject: Clean up script for tmp files
In-Reply-To: <5304B199.9000906@skylinecorp.com>
References: <alpine.LRH.2.02.1402121147260.14150@raveon.vaag.nu>
	<alpine.BSF.2.02.1402121220430.18997@qrswnz.pp.fgengu.np.hx>
	<alpine.LRH.2.02.1402150940160.14150@raveon.vaag.nu>
	<7FE6BB28-E3F4-4128-AC12-1D3C456E02AF@strath.ac.uk>
	<5304B199.9000906@skylinecorp.com>
Message-ID: <alpine.LRH.2.02.1402242143120.14150@raveon.vaag.nu>

On Wed, 19 Feb 2014, Kevin Kobb wrote:

> Hello,
>
> It would probably be more efficient to use the find "-delete" action
> rather than "xargs rm -rf", but either should work.
>
> On a side note, does anybody have plans to carve out an "old style"
> MailScanner tarball with the fixes from GitHub? i.e. a new 4.8xx release?

Awesome!  Would love to see that

From richard at fastnet.co.uk  Tue Feb 25 17:04:46 2014
From: richard at fastnet.co.uk (Richard Mealing)
Date: Tue, 25 Feb 2014 17:04:46 +0000
Subject: Clean up script for tmp files
In-Reply-To: <53058050.6070003@comstyle.com>
References: <53058050.6070003@comstyle.com>
Message-ID: <6EE47AF64C339A4F8F7F50507241B3795EB23BEB@BTN-EXCHANGE-V1.fastnet.local>

Hi Brad,

I have contacted the FreeBSD maintainer and they are working on a new port --> http://www.freebsd.org/cgi/query-pr.cgi?pr=187005

Thanks,
Rich

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Brad Smith
Sent: 20 February 2014 04:11
To: mailscanner at lists.mailscanner.info
Subject: Clean up script for tmp files

Reading this thread makes me want to cringe at the workarounds mentioned so far. Fixes for most of the temp file issues have existed for some time now in the github repo; plus an unpatched issue I pointed out once the rest were resolved it became obvious where it was... https://github.com/MailScanner/MailScanner/issues/31

If you really want to fix things properly instead of using gross workarounds upgrade to 4.84.6-1 and lift the patches I commited to the OpenBSD port/package..

http://www.openbsd.org/cgi-bin/cvsweb/ports/mail/mailscanner/patches/?sortby=date#dirlist

It is a little bit easier to see the patches there than digging through the github repo.

--
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.

--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

From Kevin_Miller at ci.juneau.ak.us  Wed Feb 26 01:12:33 2014
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Tue, 25 Feb 2014 16:12:33 -0900
Subject: Treat Invalid Watermarks with No Sender as Spam
In-Reply-To: <530B9558020000D50004DF21@mail.rushville.k12.in.us>
References: <5307B103020000D50004DD8C@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E48@city-exchange07>
	<530B9558020000D50004DF21@mail.rushville.k12.in.us>
Message-ID: <C87702B41702834792222AE25D4057B6198E5F3E5B@city-exchange07>

It might be instructive to look at the original message that Tim McCord sent to Paul Imkamp rather than just the delivery report for it.  That way you could verify that the watermark went out on it.  Do you have multiple paths out or just the one?  Your message to gmail did look fine
Rather than setting the action to high scoring spam, maybe try setting it to a value ? say 1.  The other spamassassin tests should push it over the top if it?s actually spam, and if it?s not, adding a little to the score shouldn?t hurt too much.  Play with the score until you find a value that catches spam w/o incurring false positive.  Ultimately, you can?t control what the far end does.
One thing though.  The mail coming in lacking a watermark shouldn?t trigger the rule.  My understanding is, it fires when there?s an invalid watermark AND no from user.  I have many messages that don?t have anything in the ?from field? (envelope from).  That?s a normal thing in an NDR and such but they come right through just fine.  I don?t see anything in the post on pastebin to indicate that it failed because of the watermark.  Why do you think that?s the case?
 ...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Shawn Iverson
Sent: Monday, February 24, 2014 2:54 PM
To: 'MailScanner discussion'
Subject: RE: Treat Invalid Watermarks with No Sender as Spam

Use Watermarking = yes
Add Watermark = yes
Check Watermarks With No Sender = yes
Treat Invalid Watermarks With No Sender as Spam = high-scoring spam
Check Watermarks To Skip Spam Checks = yes
Watermark Secret = mysecret
Watermark Lifetime = 604800
Watermark Header = X-%org-name%-MailScanner-EFA-Watermark:

Message sent to my gmail from inside has a watermark...appears to be watermarking outbound emails ok.
http://pastebin.com/CmiShz59

Valid Delivery Success Notification from remote server that was blocked, watermark not there...my X headers are gone...
http://pastebin.com/UxnAKb3F

Shawn Iverson
Rush County Schools
District Technology Coordinator
iversons at rushville.k12.in.us<mailto:iversons at rushville.k12.in.us>
>>> Kevin Miller <Kevin_Miller at ci.juneau.ak.us<mailto:Kevin_Miller at ci.juneau.ak.us>> 2/21/2014 8:23 PM >>>
What are your watermark settings in MailScanner.conf?  The idea behind a watermark is outbound mail gets watermarked. Bounces include the original headers so the watermark should be in it if it came from you.  If there?s no watermark it implies it?s a forged NDR.  (You probably already understand all that ? just being pedantic.)
Can you check your outbound messages to verify they?re getting watermarked?  Maybe post some examples to pastebin.  It?s hard to say w/o seeing the actual message headers.  Post your watermark settings too.  Naturally you?ll want to munge the ?Watermark Secret? to something other than the actual value you use.
 ...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357


--
This message has been scanned for viruses and dangerous content by
E.F.A. Project<http://www.efa-project.org>, and is believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140225/f58d5456/attachment.html 

From IversonS at rushville.k12.in.us  Wed Feb 26 01:48:05 2014
From: IversonS at rushville.k12.in.us (Shawn Iverson)
Date: Tue, 25 Feb 2014 20:48:05 -0500
Subject: Treat Invalid Watermarks with No Sender as Spam
In-Reply-To: <C87702B41702834792222AE25D4057B6198E5F3E5B@city-exchange07>
References: <5307B103020000D50004DD8C@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E48@city-exchange07>
	<530B9558020000D50004DF21@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E5B@city-exchange07>
Message-ID: <530D0185020000D50004E03B@mail.rushville.k12.in.us>

I only have one path, but I am thinking of putting up a second relay in the path to see the outbound header...
 
SpamAssassin Score:10.00
Spam Report:spam(no watermark or sender address)

This is what Spamassassin reports on this message.


 

Shawn Iverson
Rush County Schools
District Technology Coordinator
iversons at rushville.k12.in.us
>>> Kevin Miller <Kevin_Miller at ci.juneau.ak.us> 2/25/2014 8:12 PM >>>

It might be instructive to look at the original message that Tim McCord sent to Paul Imkamp rather than just the delivery report for it.  That way you could verify that the watermark went out on it.  Do you have multiple paths out or just the one?  Your message to gmail did look fine  
Rather than setting the action to high scoring spam, maybe try setting it to a value say 1.  The other spamassassin tests should push it over the top if its actually spam, and if its not, adding a little to the score shouldnt hurt too much.  Play with the score until you find a value that catches spam w/o incurring false positive.  Ultimately, you cant control what the far end does.
One thing though.  The mail coming in lacking a watermark shouldnt trigger the rule.  My understanding is, it fires when theres an invalid watermark AND no from user.  I have many messages that dont have anything in the from field (envelope from).  Thats a normal thing in an NDR and such but they come right through just fine.  I dont see anything in the post on pastebin to indicate that it failed because of the watermark.  Why do you think thats the case?
...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357 




--
This message has been scanned by E.F.A. Project and is believed to be clean.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140225/6d4f4906/attachment.html 

From nick.z.edwards at gmail.com  Wed Feb 26 05:24:24 2014
From: nick.z.edwards at gmail.com (Nick Edwards)
Date: Wed, 26 Feb 2014 15:24:24 +1000
Subject: why is NY TImes listed?
In-Reply-To: <CAKf3qpgAFQ_RrJsR50-hn3ORLDz4gdTSj9pkmCDA9V9yXRiUBA@mail.gmail.com>
References: <CAKf3qpgAFQ_RrJsR50-hn3ORLDz4gdTSj9pkmCDA9V9yXRiUBA@mail.gmail.com>
Message-ID: <CAMD-=VLYFaYA1kVWLLVBmpo75ept31N-gnkSRk9C20AvKTYetQ@mail.gmail.com>

its the NSA's fault, you'll probably soon find the guardian there too!

On 2/11/14, John Baker <johnnyb at marlboro.edu> wrote:
> Hi,
>
> I'm getting a lot of complaints from mail users because ScamNailer has
>  nytdirect\@nytimes\.com listed right  now.
>
> That is a legit address. What's up with this and can it be removed?
>
> --
> John Baker
> Network Administrator
> Marlboro College
> Phone: 451-7551 Cell: 490-0066
>

From Kevin_Miller at ci.juneau.ak.us  Wed Feb 26 18:42:57 2014
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Wed, 26 Feb 2014 09:42:57 -0900
Subject: Treat Invalid Watermarks with No Sender as Spam
In-Reply-To: <530D0185020000D50004E03B@mail.rushville.k12.in.us>
References: <5307B103020000D50004DD8C@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E48@city-exchange07>
	<530B9558020000D50004DF21@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E5B@city-exchange07>
	<530D0185020000D50004E03B@mail.rushville.k12.in.us>
Message-ID: <C87702B41702834792222AE25D4057B6198E5F3E5C@city-exchange07>

Well, that's a curious thing.  The delivery report you posted had these for spam reporting:
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 4
X-NAI-Spam-Score: 0.5
X-NAI-Spam-Rules: 2 Rules triggered
        CTYPE_GTONE_UNDRSCOPE_PART=0.5, RV4863=0

I don't' know if they're yours or zone.com's.  I think the latter.  With what you posted there aren't any spam reports.

I implemented watermarks a year or two ago, but being cautious, and wanting to watch it a bit first, had the action set to nothing and forgot to every go back and set it to something else.  Fat lot of good that did me! <g>  

After you posted I set it to "1" on my primary mx gateway, and "spam" on my backup gateways.  I noticed in my reports (via MailWatch) that I would get this:
  SpamAssassin Score:	-0.70
or
  SpamAssassin Score:	40.99
  Spam Report:	
    address	no watermark or sender	
but no other spam scores.  The first score above is from a legitimate message, the other from one that's clearly spam.  The other spam messages all seem to have similar scores in the high 30s or low 40s.  I'm only adding one point on this gateway, so the other 39.99 must have been from other spam checks but why they're not listed I don't know.  I'm thinking at this point that perhaps your problem isn't the watermarking, but some other spam scores that are triggered, but don't show up in the spam report.  I don't think MailScanner is assigning a default score of 10 to the messages.

The trick is to figure out how to see the rest of the spam report.  

?...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357 
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Shawn Iverson
Sent: Tuesday, February 25, 2014 4:48 PM
To: 'MailScanner discussion'
Subject: RE: Treat Invalid Watermarks with No Sender as Spam

I only have one path, but I am thinking of putting up a second relay in the path to see the outbound header...
?
SpamAssassin Score:10.00
Spam Report:spam(no watermark or sender address)

This is what Spamassassin reports on this message.
?
Shawn Iverson
Rush County Schools
District Technology Coordinator
iversons at rushville.k12.in.us
>>> Kevin Miller <Kevin_Miller at ci.juneau.ak.us> 2/25/2014 8:12 PM >>>

It might be instructive to look at the original message that Tim McCord sent to Paul Imkamp rather than just the delivery report for it.? That way you could verify that the watermark went out on it.? Do you have multiple paths out or just the one?? Your message to gmail did look fine? 
Rather than setting the action to high scoring spam, maybe try setting it to a value say 1.? The other spamassassin tests should push it over the top if its actually spam, and if its not, adding a little to the score shouldnt hurt too much.? Play with the score until you find a value that catches spam w/o incurring false positive.? Ultimately, you cant control what the far end does.
One thing though.? The mail coming in lacking a watermark shouldnt trigger the rule.? My understanding is, it fires when theres an invalid watermark AND no from user.? I have many messages that dont have anything in the from field (envelope from).? Thats a normal thing in an NDR and such but they come right through just fine.? I dont see anything in the post on pastebin to indicate that it failed because of the watermark.? Why do you think thats the case?
...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357 


-- 
This message has been scanned for viruses and dangerous content by 
E.F.A. Project, and is believed to be clean. 

From Kevin_Miller at ci.juneau.ak.us  Wed Feb 26 19:37:53 2014
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Wed, 26 Feb 2014 10:37:53 -0900
Subject: Treat Invalid Watermarks with No Sender as Spam
In-Reply-To: <530D0185020000D50004E03B@mail.rushville.k12.in.us>
References: <5307B103020000D50004DD8C@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E48@city-exchange07>
	<530B9558020000D50004DF21@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E5B@city-exchange07>
	<530D0185020000D50004E03B@mail.rushville.k12.in.us>
Message-ID: <C87702B41702834792222AE25D4057B6198E5F3E5D@city-exchange07>

Just out of curiosity, what version of MailScanner are you running?
 ...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140226/1fcf54bb/attachment.html 

From IversonS at rushville.k12.in.us  Wed Feb 26 22:28:58 2014
From: IversonS at rushville.k12.in.us (Shawn Iverson)
Date: Wed, 26 Feb 2014 17:28:58 -0500
Subject: Treat Invalid Watermarks with No Sender as Spam
In-Reply-To: <C87702B41702834792222AE25D4057B6198E5F3E5D@city-exchange07>
References: <5307B103020000D50004DD8C@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E48@city-exchange07>
	<530B9558020000D50004DF21@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E5B@city-exchange07>
	<530D0185020000D50004E03B@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E5D@city-exchange07>
Message-ID: <530E245A020000D50004E142@mail.rushville.k12.in.us>

4.84.6-1

 
Shawn Iverson
Rush County Schools
District Technology Coordinator
iversons at rushville.k12.in.us
>>> Kevin Miller <Kevin_Miller at ci.juneau.ak.us> 2/26/2014 2:37 PM >>>

Just out of curiosity, what version of MailScanner are you running?
 ...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357 

-- 
This message has been scanned for viruses and dangerous content by 
E.F.A. Project ( http://www.efa-project.org ), and is believed to be clean. 
Click here to report this message as spam. ( https://efa.rushville.k12.in.us/cgi-bin/learn-msg.cgi?id=5576E8099E.A171B&token=bcc2527a0f2553713686784641821df0 )


--
This message has been scanned by E.F.A. Project and is believed to be clean.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140226/0ae36204/attachment.html 

From IversonS at rushville.k12.in.us  Wed Feb 26 22:37:51 2014
From: IversonS at rushville.k12.in.us (Shawn Iverson)
Date: Wed, 26 Feb 2014 17:37:51 -0500
Subject: Treat Invalid Watermarks with No Sender as Spam
In-Reply-To: <C87702B41702834792222AE25D4057B6198E5F3E5C@city-exchange07>
References: <5307B103020000D50004DD8C@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E48@city-exchange07>
	<530B9558020000D50004DF21@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E5B@city-exchange07>
	<530D0185020000D50004E03B@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E5C@city-exchange07>
Message-ID: <530E266F020000D50004E147@mail.rushville.k12.in.us>

Yep, NAI is zones.com
 
My X headers are X-Rushville  but not there...
 
Here's the full message in the quarantine at the filesystem level...
 
http://pastebin.com/KqqweaZY
 
Still scratching my head on this one.
 
When I disable the Treat Invalid Watermarks With No Sender as Spam, the messages do pass through just fine.
 
 
 
Shawn Iverson
Rush County Schools
District Technology Coordinator
iversons at rushville.k12.in.us
>>> Kevin Miller <Kevin_Miller at ci.juneau.ak.us> 2/26/2014 1:42 PM >>>
Well, that's a curious thing.  The delivery report you posted had these for spam reporting:
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 4
X-NAI-Spam-Score: 0.5
X-NAI-Spam-Rules: 2 Rules triggered
        CTYPE_GTONE_UNDRSCOPE_PART=0.5, RV4863=0

I don't' know if they're yours or zone.com's.  I think the latter.  With what you posted there aren't any spam reports.

I implemented watermarks a year or two ago, but being cautious, and wanting to watch it a bit first, had the action set to nothing and forgot to every go back and set it to something else.  Fat lot of good that did me! <g>  

After you posted I set it to "1" on my primary mx gateway, and "spam" on my backup gateways.  I noticed in my reports (via MailWatch) that I would get this:
  SpamAssassin Score:-0.70
or
  SpamAssassin Score:40.99
  Spam Report:
    addressno watermark or sender
but no other spam scores.  The first score above is from a legitimate message, the other from one that's clearly spam.  The other spam messages all seem to have similar scores in the high 30s or low 40s.  I'm only adding one point on this gateway, so the other 39.99 must have been from other spam checks but why they're not listed I don't know.  I'm thinking at this point that perhaps your problem isn't the watermarking, but some other spam scores that are triggered, but don't show up in the spam report.  I don't think MailScanner is assigning a default score of 10 to the messages.

The trick is to figure out how to see the rest of the spam report.  






--
This message has been scanned by E.F.A. Project and is believed to be clean.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140226/ef780f06/attachment.html 

From IversonS at rushville.k12.in.us  Wed Feb 26 22:40:48 2014
From: IversonS at rushville.k12.in.us (Shawn Iverson)
Date: Wed, 26 Feb 2014 17:40:48 -0500
Subject: Treat Invalid Watermarks with No Sender as Spam
In-Reply-To: <C87702B41702834792222AE25D4057B6198E5F3E5C@city-exchange07>
References: <5307B103020000D50004DD8C@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E48@city-exchange07>
	<530B9558020000D50004DF21@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E5B@city-exchange07>
	<530D0185020000D50004E03B@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E5C@city-exchange07>
Message-ID: <530E2720020000D50004E14D@mail.rushville.k12.in.us>

Interestingly, I noticed as I am emailing this Listserv that the delivery notifications come through just fine and my watermark is there.  I am really wondering if the remote site is not returning a complete original MIME header in this case.
 
Will fire up a secondary relay and capture the outbound message later tonight...

 
Shawn Iverson
Rush County Schools
District Technology Coordinator
iversons at rushville.k12.in.us
>>> Kevin Miller <Kevin_Miller at ci.juneau.ak.us> 2/26/2014 1:42 PM >>>
Well, that's a curious thing.  The delivery report you posted had these for spam reporting:
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 4
X-NAI-Spam-Score: 0.5
X-NAI-Spam-Rules: 2 Rules triggered
        CTYPE_GTONE_UNDRSCOPE_PART=0.5, RV4863=0

I don't' know if they're yours or zone.com's.  I think the latter.  With what you posted there aren't any spam reports.

I implemented watermarks a year or two ago, but being cautious, and wanting to watch it a bit first, had the action set to nothing and forgot to every go back and set it to something else.  Fat lot of good that did me! <g>  

After you posted I set it to "1" on my primary mx gateway, and "spam" on my backup gateways.  I noticed in my reports (via MailWatch) that I would get this:
  SpamAssassin Score:-0.70
or
  SpamAssassin Score:40.99
  Spam Report:
    addressno watermark or sender
but no other spam scores.  The first score above is from a legitimate message, the other from one that's clearly spam.  The other spam messages all seem to have similar scores in the high 30s or low 40s.  I'm only adding one point on this gateway, so the other 39.99 must have been from other spam checks but why they're not listed I don't know.  I'm thinking at this point that perhaps your problem isn't the watermarking, but some other spam scores that are triggered, but don't show up in the spam report.  I don't think MailScanner is assigning a default score of 10 to the messages.

The trick is to figure out how to see the rest of the spam report.  



--
This message has been scanned by E.F.A. Project and is believed to be clean.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140226/f8002f8d/attachment.html 

From Kevin_Miller at ci.juneau.ak.us  Wed Feb 26 23:40:02 2014
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Wed, 26 Feb 2014 14:40:02 -0900
Subject: Treat Invalid Watermarks with No Sender as Spam
In-Reply-To: <530E2720020000D50004E14D@mail.rushville.k12.in.us>
References: <5307B103020000D50004DD8C@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E48@city-exchange07>
	<530B9558020000D50004DF21@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E5B@city-exchange07>
	<530D0185020000D50004E03B@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E5C@city-exchange07>
	<530E2720020000D50004E14D@mail.rushville.k12.in.us>
Message-ID: <C87702B41702834792222AE25D4057B6198E5F3E62@city-exchange07>

It looks like all your X-headers are being stripped.  I don't see any of these (which are present on our outgoing messages:
    X-Rushville-MailScanner-EFA-Information: Please contact postmaster at rushville.k12.in.us for more information
    X-Rushville-MailScanner-EFA-ID: B3A7A80085.AF60E
    X-Rushville-MailScanner-EFA: Found to be clean
    X-Rushville-MailScanner-EFA-From: iversons at rushville.k12.in.us
    X-Rushville-MailScanner-EFA-Watermark: 1393889850.17369 at 8yKbOlpq7bdTT0q0qeBUZg
    X-Spam-Status: No

Could be their Exchange server.  Sometimes they do funny things. 

In MailScanner.conf, what do you have for the "Remove These Headers" line?

Since you can use a ruleset, as a last resort you might just want to not check watermarks from zone.com and other domains that are screwy.  If there's just a few, that's workable.  If not, then it becomes a game of whack-a-mole and quickly becomes a chore...

?...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357 
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Shawn Iverson
Sent: Wednesday, February 26, 2014 1:41 PM
To: 'MailScanner discussion'
Subject: RE: Treat Invalid Watermarks with No Sender as Spam

Interestingly, I noticed as I am emailing this Listserv that the delivery notifications come through just fine and my watermark is there.? I am really wondering if the remote site is not returning a complete original MIME header in this case.
?
Will fire up a secondary relay and capture the outbound message later tonight...
?
Shawn Iverson
Rush County Schools
District Technology Coordinator
iversons at rushville.k12.in.us
>>> Kevin Miller <Kevin_Miller at ci.juneau.ak.us> 2/26/2014 1:42 PM >>>
Well, that's a curious thing.? The delivery report you posted had these for spam reporting:
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 4
X-NAI-Spam-Score: 0.5
X-NAI-Spam-Rules: 2 Rules triggered
??????? CTYPE_GTONE_UNDRSCOPE_PART=0.5, RV4863=0

I don't' know if they're yours or zone.com's.? I think the latter.? With what you posted there aren't any spam reports.

I implemented watermarks a year or two ago, but being cautious, and wanting to watch it a bit first, had the action set to nothing and forgot to every go back and set it to something else.? Fat lot of good that did me! <g>? 

After you posted I set it to "1" on my primary mx gateway, and "spam" on my backup gateways.? I noticed in my reports (via MailWatch) that I would get this:
? SpamAssassin Score:-0.70
or
? SpamAssassin Score:40.99
? Spam Report:
??? addressno watermark or sender
but no other spam scores.? The first score above is from a legitimate message, the other from one that's clearly spam.? The other spam messages all seem to have similar scores in the high 30s or low 40s.? I'm only adding one point on this gateway, so the other 39.99 must have been from other spam checks but why they're not listed I don't know.? I'm thinking at this point that perhaps your problem isn't the watermarking, but some other spam scores that are triggered, but don't show up in the spam report.? I don't think MailScanner is assigning a default score of 10 to the messages.

The trick is to figure out how to see the rest of the spam report.? 

-- 
This message has been scanned for viruses and dangerous content by 
E.F.A. Project, and is believed to be clean. 

From Kevin_Miller at ci.juneau.ak.us  Wed Feb 26 23:48:38 2014
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Wed, 26 Feb 2014 14:48:38 -0900
Subject: Treat Invalid Watermarks with No Sender as Spam
In-Reply-To: <530E266F020000D50004E147@mail.rushville.k12.in.us>
References: <5307B103020000D50004DD8C@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E48@city-exchange07>
	<530B9558020000D50004DF21@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E5B@city-exchange07>
	<530D0185020000D50004E03B@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E5C@city-exchange07>
	<530E266F020000D50004E147@mail.rushville.k12.in.us>
Message-ID: <C87702B41702834792222AE25D4057B6198E5F3E63@city-exchange07>

> When I disable the Treat Invalid Watermarks With No Sender as Spam, the messages do pass through just fine.

What happens when you assign it a numeric value?

?...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357 

From IversonS at rushville.k12.in.us  Wed Feb 26 23:55:04 2014
From: IversonS at rushville.k12.in.us (Shawn Iverson)
Date: Wed, 26 Feb 2014 18:55:04 -0500
Subject: Treat Invalid Watermarks with No Sender as Spam
In-Reply-To: <C87702B41702834792222AE25D4057B6198E5F3E62@city-exchange07>
References: <5307B103020000D50004DD8C@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E48@city-exchange07>
	<530B9558020000D50004DF21@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E5B@city-exchange07>
	<530D0185020000D50004E03B@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E5C@city-exchange07>
	<530E2720020000D50004E14D@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E62@city-exchange07>
Message-ID: <530E3888020000D50004E167@mail.rushville.k12.in.us>

Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: Disposition-Notification-To: Return-Receipt-To:

 
Shawn Iverson
Rush County Schools
District Technology Coordinator
iversons at rushville.k12.in.us
>>> Kevin Miller <Kevin_Miller at ci.juneau.ak.us> 2/26/2014 6:40 PM >>>
It looks like all your X-headers are being stripped.  I don't see any of these (which are present on our outgoing messages:
    X-Rushville-MailScanner-EFA-Information: Please contact postmaster at rushville.k12.in.us for more information
    X-Rushville-MailScanner-EFA-ID: B3A7A80085.AF60E
    X-Rushville-MailScanner-EFA: Found to be clean
    X-Rushville-MailScanner-EFA-From: iversons at rushville.k12.in.us
    X-Rushville-MailScanner-EFA-Watermark: 1393889850.17369 at 8yKbOlpq7bdTT0q0qeBUZg
    X-Spam-Status: No

Could be their Exchange server.  Sometimes they do funny things. 

In MailScanner.conf, what do you have for the "Remove These Headers" line?

Since you can use a ruleset, as a last resort you might just want to not check watermarks from zone.com and other domains that are screwy.  If there's just a few, that's workable.  If not, then it becomes a game of whack-a-mole and quickly becomes a chore...

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357 




--
This message has been scanned by E.F.A. Project and is believed to be clean.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140226/4a17c9c3/attachment.html 

From IversonS at rushville.k12.in.us  Thu Feb 27 00:02:16 2014
From: IversonS at rushville.k12.in.us (Shawn Iverson)
Date: Wed, 26 Feb 2014 19:02:16 -0500
Subject: Treat Invalid Watermarks with No Sender as Spam
In-Reply-To: <C87702B41702834792222AE25D4057B6198E5F3E63@city-exchange07>
References: <5307B103020000D50004DD8C@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E48@city-exchange07>
	<530B9558020000D50004DF21@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E5B@city-exchange07>
	<530D0185020000D50004E03B@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E5C@city-exchange07>
	<530E266F020000D50004E147@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E63@city-exchange07>
Message-ID: <530E3A38020000D50004E16D@mail.rushville.k12.in.us>

Just set a numeric...will observe and see what happens.

 
Shawn Iverson
Rush County Schools
District Technology Coordinator
iversons at rushville.k12.in.us
>>> Kevin Miller <Kevin_Miller at ci.juneau.ak.us> 2/26/2014 6:48 PM >>>
> When I disable the Treat Invalid Watermarks With No Sender as Spam, the messages do pass through just fine.

What happens when you assign it a numeric value?

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357 



--
This message has been scanned by E.F.A. Project and is believed to be clean.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140226/34740b00/attachment.html 

From eric.yiu at pacific.net.hk  Thu Feb 27 07:31:52 2014
From: eric.yiu at pacific.net.hk (Eric Yiu)
Date: Thu, 27 Feb 2014 15:31:52 +0800
Subject: config "Include Scanner Name In Reports" not work
Message-ID: <530EE9E8.9070809@pacific.net.hk>

Hi,

I recently installing new Mailscanner-4.84.6-1 from the old
machine old mailscanner. I found that the config
"Include Scanner Name In Reports" no longer work at this new
version even I specify "no" at this config. It still show
my virus engine in the report.

I patch this by this ugly:

# diff /opt/MailScanner/lib/MailScanner/SweepViruses.pm.orig
/opt/MailScanner/lib/MailScanner/SweepViruses.pm
1085a1086
> if (! $ReportScanner) { $Name = ""; }

Regards,

Eric

From it at festa.bg  Thu Feb 27 10:44:30 2014
From: it at festa.bg (Valentin Laskov)
Date: Thu, 27 Feb 2014 12:44:30 +0200
Subject: Rules for letters with attachments
Message-ID: <BF85B6ED75FC4D0685A2979D4A94C8C0@festa.bg>

Hi all,

Recently my mail servers receive many emails with .exe files attached. These files are actually viruses but ClamAV still does not 
recognize them.

MailScanner puts exe files in quarantine, sends the letter without the file to the recipient and sends notice letter to the sender 
about the attached file removal. Notice returns with "User unknown" because the sender's e-mail address does not exist.

Here's why:

1. How can I configure MailScanner NOT to send any information to recipients of these letters?

Rules for letters with executable files attached to be like this:

quarantine = yes
send report to sender = yes
send report to recipient = no
send cleaned message to recipient = no

2. Is it possible for MailScanner to provide this new feature:
  - email with restricted attachment arrived;
  - MailScanner puts the whole letter in quarantine and sends following notice to the sender:
"If you are the real sender of the letter to ......... with ....... file attached, please respond to this letter without any 
changes. If you are not the sender please do nothing.
If you are the sender, please confirm, otherwise your original letter will be deleted entirely."
  - If MailScanner receive "User unknown" for the notice letter, it deletes original letter immediately;
  - If MailScanner does not receive confirmation, it (optionaly informs recipient for the letter with quarantined attached file like 
now) waits some days;
  - If confirmation received MailScanner sends the original letter optionaly with or without attachment;
  - If timeout of some days expired and no confirmation received, MailScanner deletes the letter.

Regards!
Valentin Laskov



From jerry.benton at mailborder.com  Thu Feb 27 11:46:28 2014
From: jerry.benton at mailborder.com (Jerry Benton)
Date: Thu, 27 Feb 2014 12:46:28 +0100
Subject: Rules for letters with attachments
In-Reply-To: <BF85B6ED75FC4D0685A2979D4A94C8C0@festa.bg>
References: <BF85B6ED75FC4D0685A2979D4A94C8C0@festa.bg>
Message-ID: <CAED3VzASZNwihJG2UELM=L4wfqNNfdKqVBgp28PYxN3xDMqsDA@mail.gmail.com>

Set:

Notify Senders Of Viruses = no

As for clamav not picking up the infection, I would run a MailScanner
--lint to make sure you are not getting lstat() errors. If you are, you
need to check permissions and validate what user clamd is running as.




On Thu, Feb 27, 2014 at 11:44 AM, Valentin Laskov <it at festa.bg> wrote:

> Hi all,
>
> Recently my mail servers receive many emails with .exe files attached.
> These files are actually viruses but ClamAV still does not
> recognize them.
>
> MailScanner puts exe files in quarantine, sends the letter without the
> file to the recipient and sends notice letter to the sender
> about the attached file removal. Notice returns with "User unknown"
> because the sender's e-mail address does not exist.
>
> Here's why:
>
> 1. How can I configure MailScanner NOT to send any information to
> recipients of these letters?
>
> Rules for letters with executable files attached to be like this:
>
> quarantine = yes
> send report to sender = yes
> send report to recipient = no
> send cleaned message to recipient = no
>
> 2. Is it possible for MailScanner to provide this new feature:
>   - email with restricted attachment arrived;
>   - MailScanner puts the whole letter in quarantine and sends following
> notice to the sender:
> "If you are the real sender of the letter to ......... with ....... file
> attached, please respond to this letter without any
> changes. If you are not the sender please do nothing.
> If you are the sender, please confirm, otherwise your original letter will
> be deleted entirely."
>   - If MailScanner receive "User unknown" for the notice letter, it
> deletes original letter immediately;
>   - If MailScanner does not receive confirmation, it (optionaly informs
> recipient for the letter with quarantined attached file like
> now) waits some days;
>   - If confirmation received MailScanner sends the original letter
> optionaly with or without attachment;
>   - If timeout of some days expired and no confirmation received,
> MailScanner deletes the letter.
>
> Regards!
> Valentin Laskov
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



-- 

--
Jerry Benton
Mailborder Systems
www.mailborder.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140227/18162d01/attachment.html 

From steveb_clamav at sanesecurity.com  Thu Feb 27 12:10:18 2014
From: steveb_clamav at sanesecurity.com (Steve Basford)
Date: Thu, 27 Feb 2014 12:10:18 -0000
Subject: Rules for letters with attachments
In-Reply-To: <BF85B6ED75FC4D0685A2979D4A94C8C0@festa.bg>
References: <BF85B6ED75FC4D0685A2979D4A94C8C0@festa.bg>
Message-ID: <c50ad2d425a5584902e83abcebe458bb.squirrel@sirius.servers.eqx.misp.co.uk>


> Hi all,
>
> Recently my mail servers receive many emails with .exe files attached.
> These files are actually viruses but ClamAV still does not
> recognize them.

Are you using the official signatures only on ClamAV or Third-Party ones
as well:

http://sanesecurity.com/usage/linux-scripts/
http://sanesecurity.com/foxhole-databases/

If you want to discuss, off-list...

Cheers,

Steve
Sanesecurity.com


From it at festa.bg  Thu Feb 27 13:27:31 2014
From: it at festa.bg (Valentin Laskov)
Date: Thu, 27 Feb 2014 15:27:31 +0200
Subject: Rules for letters with attachments
References: <BF85B6ED75FC4D0685A2979D4A94C8C0@festa.bg>
	<c50ad2d425a5584902e83abcebe458bb.squirrel@sirius.servers.eqx.misp.co.uk>
Message-ID: <58117357EE8F4C56BE929973D4D6CA13@festa.bg>

Hi Jerry, Hi Steve,

First of all, thank you for your answers!

Jerry, in this case I don't care for senders and yes, in my MailScanner.conf
Notify Senders Of Viruses = no
I can set
Notify Senders Of Blocked Filenames Or Filetypes = yes
to NO but this is not my aim. I would like to protect recipients of unnecessary letters.
MailScanner and Clamd work well and other files are detected as viruses.

Steve, I'm using the official ClamAV signatures only. I looked at the descriptions of Foxhole databases, but their action if I'm not 
wrong, covers the operation of MailScanner or are not intended for new .exe viruses.

I attached a Bad Filename Detected report below.

Cheers,
Valentin

The following e-mails were found to have: Bad Filename Detected

    Sender: brunchskt1 at gmail.com
IP Address: 71.59.80.26
 Recipient: kkkkk at festa.bg
   Subject: image Id 942349204-PicL7674 TYPE==MMS
 MessageID: s1RDGcHS022468
Quarantine: /var/spool/MailScanner/quarantine/20140227/s1RDGcHS022468
    Report: MailScanner: Executable DOS/Windows programs are dangerous in email (IMG000006371.exe)
            No programs allowed (IMG000006371.exe)
    Report: MailScanner: Executable DOS/Windows programs are dangerous in email (IMG000006371.exe)
            No programs allowed (IMG000006371.exe)

Full headers are:

 Return-Path: <g>
 Received: from c-71-59-80-26.hsd1.nj.comcast.net (c-71-59-80-26.hsd1.nj.comcast.net [71.59.80.26])
  by mail.festa.bg (8.14.1/8.14.1) with ESMTP id s1RDGcHS022468
  for <kkkkk at festa.bg>; Thu, 27 Feb 2014 15:16:40 +0200
 Received: from apache by leebenbbgnccfghb. with local (Exim 4.63)
  (envelope-from <gearkff3 at yahoo.com>)
  id 1EKF1Z-S649PO-22
  for <kkkkk at festa.bg>; Thu, 27 Feb 2014 08:16:39 -0500
 To: <kkkkk at festa.bg>
 Subject: image Id 942349204-PicL7674 TYPE==MMS
 Date: Thu, 27 Feb 2014 08:16:39 -0500
 From: mms.service9105 at mms.Vodafone.co.uk
 Message-ID: <07DB53C2B8DB8357FB60848BC4946124 at leebenbbgnccfghb.>
 X-Priority: 3
 X-Mailer: PHPMailer 5.1 (phpmailer.sourceforge.net)
 MIME-Version: 1.0
 Content-Type: multipart/alternative;
  boundary="------------01050100901040406020602"



From IversonS at rushville.k12.in.us  Thu Feb 27 15:11:51 2014
From: IversonS at rushville.k12.in.us (Shawn Iverson)
Date: Thu, 27 Feb 2014 10:11:51 -0500
Subject: Treat Invalid Watermarks with No Sender as Spam
In-Reply-To: <530E3A38020000D50004E16D@mail.rushville.k12.in.us>
References: <5307B103020000D50004DD8C@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E48@city-exchange07>
	<530B9558020000D50004DF21@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E5B@city-exchange07>
	<530D0185020000D50004E03B@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E5C@city-exchange07>
	<530E266F020000D50004E147@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E63@city-exchange07>
	<530E3A38020000D50004E16D@mail.rushville.k12.in.us>
Message-ID: <530F0F67020000D50004E267@mail.rushville.k12.in.us>

Setting to a low score has helped immensely.  Messages are still getting caught by the other algorithms while allowing legit emails through.
 
I will make a feature request, though.
 
It appears in the MailScanner code that when Treat Invalid Watermarks with No Sender As Spam equals anything spam or higher, further rule processing is halted.  This is taking precedence over whitelisting/blacklisting and probably should not.

 
Shawn Iverson
Rush County Schools
District Technology Coordinator
iversons at rushville.k12.in.us
>>> "Shawn Iverson" <IversonS at rushville.k12.in.us> 2/26/2014 7:02 PM >>>
Just set a numeric...will observe and see what happens.

 
Shawn Iverson
Rush County Schools
District Technology Coordinator
iversons at rushville.k12.in.us
>>> Kevin Miller <Kevin_Miller at ci.juneau.ak.us> 2/26/2014 6:48 PM >>>
> When I disable the Treat Invalid Watermarks With No Sender as Spam, the messages do pass through just fine.

What happens when you assign it a numeric value?

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357 


-- 
This message has been scanned for viruses and dangerous content by 
E.F.A. Project ( http://www.efa-project.org ), and is believed to be clean.


--
This message has been scanned by E.F.A. Project and is believed to be clean.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140227/b5927d85/attachment.html 

From Kevin_Miller at ci.juneau.ak.us  Thu Feb 27 17:40:51 2014
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Thu, 27 Feb 2014 08:40:51 -0900
Subject: Treat Invalid Watermarks with No Sender as Spam
In-Reply-To: <530F0F67020000D50004E267@mail.rushville.k12.in.us>
References: <5307B103020000D50004DD8C@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E48@city-exchange07>
	<530B9558020000D50004DF21@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E5B@city-exchange07>
	<530D0185020000D50004E03B@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E5C@city-exchange07>
	<530E266F020000D50004E147@mail.rushville.k12.in.us>
	<C87702B41702834792222AE25D4057B6198E5F3E63@city-exchange07>
	<530E3A38020000D50004E16D@mail.rushville.k12.in.us>
	<530F0F67020000D50004E267@mail.rushville.k12.in.us>
Message-ID: <C87702B41702834792222AE25D4057B6198E5F3E6B@city-exchange07>

Glad the value setting is helping.  I agree with you that continued spam processing would be beneficial, although it is probably more efficient to just deep-six the message once it's determined it's spam.  For me, with just a few thousand messages per day it isn't a problem. If I was moving millions of mail messages it might be better to continue the current action.  What would be best is to have a toggle so the admin can decide whether they want mark it as spam and be done or continue further processing for more granular evaluation and tweaking.
Hopefully the folks that are maintaining MailScanner can take this up.  I appreciate what they do but know they're busy with day jobs and such.  I miss Jules...
 ...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Shawn Iverson
Sent: Thursday, February 27, 2014 6:12 AM
To: 'MailScanner discussion'
Subject: RE: Treat Invalid Watermarks with No Sender as Spam

Setting to a low score has helped immensely.  Messages are still getting caught by the other algorithms while allowing legit emails through.

I will make a feature request, though.

It appears in the MailScanner code that when Treat Invalid Watermarks with No Sender As Spam equals anything spam or higher, further rule processing is halted.  This is taking precedence over whitelisting/blacklisting and probably should not.

Shawn Iverson
Rush County Schools
District Technology Coordinator
iversons at rushville.k12.in.us<mailto:iversons at rushville.k12.in.us>
>>> "Shawn Iverson" <IversonS at rushville.k12.in.us<mailto:IversonS at rushville.k12.in.us>> 2/26/2014 7:02 PM >>>
Just set a numeric...will observe and see what happens.

Shawn Iverson
Rush County Schools
District Technology Coordinator
iversons at rushville.k12.in.us<mailto:iversons at rushville.k12.in.us>
>>> Kevin Miller <Kevin_Miller at ci.juneau.ak.us<mailto:Kevin_Miller at ci.juneau.ak.us>> 2/26/2014 6:48 PM >>>
> When I disable the Treat Invalid Watermarks With No Sender as Spam, the messages do pass through just fine.

What happens when you assign it a numeric value?

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357

--
This message has been scanned for viruses and dangerous content by
E.F.A. Project<http://www.efa-project.org>, and is believed to be clean.
--
This message has been scanned for viruses and dangerous content by
E.F.A. Project<http://www.efa-project.org>, and is believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140227/64952d32/attachment.html 

From tiago at tiagoti.com.br  Fri Feb 28 15:00:24 2014
From: tiago at tiagoti.com.br (Tiago Eduardo Zacarias)
Date: Fri, 28 Feb 2014 12:00:24 -0300
Subject: MailScanner Digest, Vol 98, Issue 16
In-Reply-To: <mailman.1.1393588802.26071.mailscanner@lists.mailscanner.info>
References: <mailman.1.1393588802.26071.mailscanner@lists.mailscanner.info>
Message-ID: <5310A488.30400@tiagoti.com.br>

My policy in mailscanner does not block file types .exe , someone has 
gone through this problem, I use postfix + mailscanner + clamd?


Em 28-02-2014 09:00, mailscanner-request at lists.mailscanner.info escreveu:
> Send MailScanner mailing list submissions to
> 	mailscanner at lists.mailscanner.info
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.mailscanner.info/mailman/listinfo/mailscanner
> or, via email, send a message with subject or body 'help' to
> 	mailscanner-request at lists.mailscanner.info
>
> You can reach the person managing the list at
> 	mailscanner-owner at lists.mailscanner.info
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of MailScanner digest..."
>
>
> Today's Topics:
>
>     1. Re: Rules for letters with attachments (Steve Basford)
>     2. Re: Rules for letters with attachments (Valentin Laskov)
>     3. RE: Treat Invalid Watermarks with No Sender as Spam
>        (Shawn Iverson)
>     4. RE: Treat Invalid Watermarks with No Sender as Spam (Kevin Miller)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 27 Feb 2014 12:10:18 -0000
> From: "Steve Basford" <steveb_clamav at sanesecurity.com>
> Subject: Re: Rules for letters with attachments
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Message-ID:
> 	<c50ad2d425a5584902e83abcebe458bb.squirrel at sirius.servers.eqx.misp.co.uk>
> 	
> Content-Type: text/plain;charset=iso-8859-1
>
>
>> Hi all,
>>
>> Recently my mail servers receive many emails with .exe files attached.
>> These files are actually viruses but ClamAV still does not
>> recognize them.
> Are you using the official signatures only on ClamAV or Third-Party ones
> as well:
>
> http://sanesecurity.com/usage/linux-scripts/
> http://sanesecurity.com/foxhole-databases/
>
> If you want to discuss, off-list...
>
> Cheers,
>
> Steve
> Sanesecurity.com
>
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 27 Feb 2014 15:27:31 +0200
> From: "Valentin Laskov" <it at festa.bg>
> Subject: Re: Rules for letters with attachments
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Message-ID: <58117357EE8F4C56BE929973D4D6CA13 at festa.bg>
> Content-Type: text/plain;	charset="ISO-8859-1"
>
> Hi Jerry, Hi Steve,
>
> First of all, thank you for your answers!
>
> Jerry, in this case I don't care for senders and yes, in my MailScanner.conf
> Notify Senders Of Viruses = no
> I can set
> Notify Senders Of Blocked Filenames Or Filetypes = yes
> to NO but this is not my aim. I would like to protect recipients of unnecessary letters.
> MailScanner and Clamd work well and other files are detected as viruses.
>
> Steve, I'm using the official ClamAV signatures only. I looked at the descriptions of Foxhole databases, but their action if I'm not
> wrong, covers the operation of MailScanner or are not intended for new .exe viruses.
>
> I attached a Bad Filename Detected report below.
>
> Cheers,
> Valentin
>
> The following e-mails were found to have: Bad Filename Detected
>
>      Sender: brunchskt1 at gmail.com
> IP Address: 71.59.80.26
>   Recipient: kkkkk at festa.bg
>     Subject: image Id 942349204-PicL7674 TYPE==MMS
>   MessageID: s1RDGcHS022468
> Quarantine: /var/spool/MailScanner/quarantine/20140227/s1RDGcHS022468
>      Report: MailScanner: Executable DOS/Windows programs are dangerous in email (IMG000006371.exe)
>              No programs allowed (IMG000006371.exe)
>      Report: MailScanner: Executable DOS/Windows programs are dangerous in email (IMG000006371.exe)
>              No programs allowed (IMG000006371.exe)
>
> Full headers are:
>
>   Return-Path: <g>
>   Received: from c-71-59-80-26.hsd1.nj.comcast.net (c-71-59-80-26.hsd1.nj.comcast.net [71.59.80.26])
>    by mail.festa.bg (8.14.1/8.14.1) with ESMTP id s1RDGcHS022468
>    for <kkkkk at festa.bg>; Thu, 27 Feb 2014 15:16:40 +0200
>   Received: from apache by leebenbbgnccfghb. with local (Exim 4.63)
>    (envelope-from <gearkff3 at yahoo.com>)
>    id 1EKF1Z-S649PO-22
>    for <kkkkk at festa.bg>; Thu, 27 Feb 2014 08:16:39 -0500
>   To: <kkkkk at festa.bg>
>   Subject: image Id 942349204-PicL7674 TYPE==MMS
>   Date: Thu, 27 Feb 2014 08:16:39 -0500
>   From: mms.service9105 at mms.Vodafone.co.uk
>   Message-ID: <07DB53C2B8DB8357FB60848BC4946124 at leebenbbgnccfghb.>
>   X-Priority: 3
>   X-Mailer: PHPMailer 5.1 (phpmailer.sourceforge.net)
>   MIME-Version: 1.0
>   Content-Type: multipart/alternative;
>    boundary="------------01050100901040406020602"
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 27 Feb 2014 10:11:51 -0500
> From: "Shawn Iverson" <IversonS at rushville.k12.in.us>
> Subject: RE: Treat Invalid Watermarks with No Sender as Spam
> To: "'MailScanner discussion'" <mailscanner at lists.mailscanner.info>
> Message-ID: <530F0F67020000D50004E267 at mail.rushville.k12.in.us>
> Content-Type: text/plain; charset="us-ascii"
>
> Setting to a low score has helped immensely.  Messages are still getting caught by the other algorithms while allowing legit emails through.
>   
> I will make a feature request, though.
>   
> It appears in the MailScanner code that when Treat Invalid Watermarks with No Sender As Spam equals anything spam or higher, further rule processing is halted.  This is taking precedence over whitelisting/blacklisting and probably should not.
>
>   
> Shawn Iverson
> Rush County Schools
> District Technology Coordinator
> iversons at rushville.k12.in.us
>>>> "Shawn Iverson" <IversonS at rushville.k12.in.us> 2/26/2014 7:02 PM >>>
> Just set a numeric...will observe and see what happens.
>
>   
> Shawn Iverson
> Rush County Schools
> District Technology Coordinator
> iversons at rushville.k12.in.us
>>>> Kevin Miller <Kevin_Miller at ci.juneau.ak.us> 2/26/2014 6:48 PM >>>
>> When I disable the Treat Invalid Watermarks With No Sender as Spam, the messages do pass through just fine.
> What happens when you assign it a numeric value?
>
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242, Fax: (907) 586-4500
> Registered Linux User No: 307357
>
>