From mailborder at gmail.com Thu Apr 2 17:53:23 2015 From: mailborder at gmail.com (Mailborder at Gmail) Date: Thu, 2 Apr 2015 13:53:23 -0400 Subject: Testing the New list Message-ID: DNS has finally propagated. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Thu Apr 2 21:15:21 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Thu, 2 Apr 2015 17:15:21 -0400 Subject: New Website Online Message-ID: <987A6FCF-2C30-4BC7-9189-EDE1AEDCEC79@mailborder.com> The new website for MailScanner is now available. Mostly the same information, but updated. Also has forums. www.mailscanner.info - Jerry Benton www.mailborder.com From jerry.benton at mailborder.com Fri Apr 3 10:46:26 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Fri, 3 Apr 2015 06:46:26 -0400 Subject: DMARC with MailScanner Message-ID: I am looking at how we might be able to integrate DMARC checks into MailScanner. DMARC would have to run as a daemon, and MailScanner would have to pass the email to it and get a result. So, something like: USE_DMARC = yes DMARC_SOCKET = inet:blah123 DMARC_FAIL = deliver/quarantine/delete/log_warn Any ideas? Or anyone using DMARC now with their MTA? DMARC isn’t new, but it isn’t mature either. Just looking for some ideas. - Jerry Benton www.mailborder.com From iversons at rushville.k12.in.us Fri Apr 3 16:14:19 2015 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Fri, 3 Apr 2015 12:14:19 -0400 Subject: DMARC with MailScanner In-Reply-To: References: Message-ID: I'll take a look and see, I've been asked about DMARC a couple of times... On Fri, Apr 3, 2015 at 6:46 AM, Jerry Benton wrote: > I am looking at how we might be able to integrate DMARC checks into > MailScanner. DMARC would have to run as a daemon, and MailScanner would > have to pass the email to it and get a result. So, something like: > > USE_DMARC = yes > DMARC_SOCKET = inet:blah123 > DMARC_FAIL = deliver/quarantine/delete/log_warn > > Any ideas? Or anyone using DMARC now with their MTA? DMARC isn’t new, but > it isn’t mature either. Just looking for some ideas. > > - > Jerry Benton > www.mailborder.com > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevin.miller at juneau.org Fri Apr 3 17:17:12 2015 From: kevin.miller at juneau.org (Kevin Miller) Date: Fri, 3 Apr 2015 17:17:12 +0000 Subject: DMARC with MailScanner In-Reply-To: References: Message-ID: <73b133245bd44c3cb96978d160b21b88@City-Exch-DB2.cbj.local> You might take a look at this page: http://blog.hamzahkhan.com/2014/02/08/securing-postfix-mail-server-greylisting-spf-dkim-dmarc-tls/ and see if you can glean anything from it. It's redhat centric, but ignoring the installation details there may be some good ideas there. Specifically, he uses a MySQL database for reporting and such. It might be that MailScanner can incorporate that and query it for appropriate processing. I haven't looked closely at it - it may not be practical, but figured I'd toss it out as a possible direction to look into... ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357 > -----Original Message----- > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On > Behalf Of Jerry Benton > Sent: Friday, April 03, 2015 2:46 AM > To: MailScanner discussion > Subject: DMARC with MailScanner > > I am looking at how we might be able to integrate DMARC checks into > MailScanner. DMARC would have to run as a daemon, and MailScanner would > have to pass the email to it and get a result. So, something like: > > USE_DMARC = yes > DMARC_SOCKET = inet:blah123 > DMARC_FAIL = deliver/quarantine/delete/log_warn > > Any ideas? Or anyone using DMARC now with their MTA? DMARC isn’t new, > but it isn’t mature either. Just looking for some ideas. > > - > Jerry Benton > www.mailborder.com > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner From jerry.benton at mailborder.com Fri Apr 3 17:32:39 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Fri, 3 Apr 2015 13:32:39 -0400 Subject: DMARC with MailScanner In-Reply-To: <73b133245bd44c3cb96978d160b21b88@City-Exch-DB2.cbj.local> References: <73b133245bd44c3cb96978d160b21b88@City-Exch-DB2.cbj.local> Message-ID: <76E70CAF-AD29-46FF-ADDD-BA29E2763FC4@mailborder.com> Yes, I have seen many MTA level solutions, but I was thinking of a solution built into MailScanner so that you would be able to set quarantine actions consistent with how MailScanner does things. - Jerry Benton www.mailborder.com > On Apr 3, 2015, at 1:17 PM, Kevin Miller wrote: > > You might take a look at this page: > http://blog.hamzahkhan.com/2014/02/08/securing-postfix-mail-server-greylisting-spf-dkim-dmarc-tls/ > and see if you can glean anything from it. > > It's redhat centric, but ignoring the installation details there may be some good ideas there. Specifically, he uses a MySQL database for reporting and such. It might be that MailScanner can incorporate that and query it for appropriate processing. > > I haven't looked closely at it - it may not be practical, but figured I'd toss it out as a possible direction to look into... > > ...Kevin > -- > Kevin Miller > Network/email Administrator, CBJ MIS Dept. > 155 South Seward Street > Juneau, Alaska 99801 > Phone: (907) 586-0242, Fax: (907) 586-4500 > Registered Linux User No: 307357 > > >> -----Original Message----- >> From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On >> Behalf Of Jerry Benton >> Sent: Friday, April 03, 2015 2:46 AM >> To: MailScanner discussion >> Subject: DMARC with MailScanner >> >> I am looking at how we might be able to integrate DMARC checks into >> MailScanner. DMARC would have to run as a daemon, and MailScanner would >> have to pass the email to it and get a result. So, something like: >> >> USE_DMARC = yes >> DMARC_SOCKET = inet:blah123 >> DMARC_FAIL = deliver/quarantine/delete/log_warn >> >> Any ideas? Or anyone using DMARC now with their MTA? DMARC isn’t new, >> but it isn’t mature either. Just looking for some ideas. >> >> - >> Jerry Benton >> www.mailborder.com >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From kevin.miller at juneau.org Fri Apr 3 17:38:46 2015 From: kevin.miller at juneau.org (Kevin Miller) Date: Fri, 3 Apr 2015 17:38:46 +0000 Subject: DMARC with MailScanner In-Reply-To: <76E70CAF-AD29-46FF-ADDD-BA29E2763FC4@mailborder.com> References: <73b133245bd44c3cb96978d160b21b88@City-Exch-DB2.cbj.local> <76E70CAF-AD29-46FF-ADDD-BA29E2763FC4@mailborder.com> Message-ID: <0e88bc991a294babb6d3462de3c57ddd@City-Exch-DB2.cbj.local> Right. I was just thinking that the MTA could perform the test, update the database, then let MailScanner "do the right thing" depending on user settings therein. It would be nice to have one stop shopping w/in MailScanner though, independent of the MTA. ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357 > -----Original Message----- > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On > Behalf Of Jerry Benton > Sent: Friday, April 03, 2015 9:33 AM > To: MailScanner Discussion > Subject: Re: DMARC with MailScanner > > Yes, I have seen many MTA level solutions, but I was thinking of a > solution built into MailScanner so that you would be able to set > quarantine actions consistent with how MailScanner does things. From jerry.benton at mailborder.com Fri Apr 3 17:40:22 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Fri, 3 Apr 2015 13:40:22 -0400 Subject: DMARC with MailScanner In-Reply-To: <0e88bc991a294babb6d3462de3c57ddd@City-Exch-DB2.cbj.local> References: <73b133245bd44c3cb96978d160b21b88@City-Exch-DB2.cbj.local> <76E70CAF-AD29-46FF-ADDD-BA29E2763FC4@mailborder.com> <0e88bc991a294babb6d3462de3c57ddd@City-Exch-DB2.cbj.local> Message-ID: Oh this mailman server is so much faster … - Jerry Benton www.mailborder.com > On Apr 3, 2015, at 1:38 PM, Kevin Miller wrote: > > Right. I was just thinking that the MTA could perform the test, update the database, then let MailScanner "do the right thing" depending on user settings therein. It would be nice to have one stop shopping w/in MailScanner though, independent of the MTA. > > ...Kevin > -- > Kevin Miller > Network/email Administrator, CBJ MIS Dept. > 155 South Seward Street > Juneau, Alaska 99801 > Phone: (907) 586-0242, Fax: (907) 586-4500 > Registered Linux User No: 307357 > > >> -----Original Message----- >> From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On >> Behalf Of Jerry Benton >> Sent: Friday, April 03, 2015 9:33 AM >> To: MailScanner Discussion >> Subject: Re: DMARC with MailScanner >> >> Yes, I have seen many MTA level solutions, but I was thinking of a >> solution built into MailScanner so that you would be able to set >> quarantine actions consistent with how MailScanner does things. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From jim at shout.net Fri Apr 3 17:46:49 2015 From: jim at shout.net (Jim Creason) Date: Fri, 03 Apr 2015 12:46:49 -0500 Subject: DMARC with MailScanner In-Reply-To: References: Message-ID: <551ED209.6000803@shout.net> Perhaps write a SpamAssassin plugin that uses this? http://search.cpan.org/dist/Mail-DMARC/ On 4/3/15 5:46 AM, Jerry Benton wrote: > I am looking at how we might be able to integrate DMARC checks into MailScanner. DMARC would have to run as a daemon, and MailScanner would have to pass the email to it and get a result. So, something like: > > USE_DMARC = yes > DMARC_SOCKET = inet:blah123 > DMARC_FAIL = deliver/quarantine/delete/log_warn > > Any ideas? Or anyone using DMARC now with their MTA? DMARC isn’t new, but it isn’t mature either. Just looking for some ideas. > > - > Jerry Benton > www.mailborder.com > > > > > -- Jim Creason Chief Engineer Shouting Ground Technologies From jerry.benton at mailborder.com Fri Apr 3 17:49:40 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Fri, 3 Apr 2015 13:49:40 -0400 Subject: DMARC with MailScanner In-Reply-To: <551ED209.6000803@shout.net> References: <551ED209.6000803@shout.net> Message-ID: <70DD09E1-0D94-4379-9EE0-B3357AC431B8@mailborder.com> Yes, I have also thought about that route with a SA score being assigned, but this was already requested and shot down by their devs. But a solution may be here: https://blog.laussat.de/2014/05/19/using-dmarc-in-spamassassin/ Damn this server is fast :) - Jerry Benton www.mailborder.com > On Apr 3, 2015, at 1:46 PM, Jim Creason wrote: > > > Perhaps write a SpamAssassin plugin that uses this? > > http://search.cpan.org/dist/Mail-DMARC/ > > > On 4/3/15 5:46 AM, Jerry Benton wrote: >> I am looking at how we might be able to integrate DMARC checks into MailScanner. DMARC would have to run as a daemon, and MailScanner would have to pass the email to it and get a result. So, something like: >> >> USE_DMARC = yes >> DMARC_SOCKET = inet:blah123 >> DMARC_FAIL = deliver/quarantine/delete/log_warn >> >> Any ideas? Or anyone using DMARC now with their MTA? DMARC isn’t new, but it isn’t mature either. Just looking for some ideas. >> >> - >> Jerry Benton >> www.mailborder.com >> >> >> >> >> > > -- > Jim Creason > > Chief Engineer > > Shouting Ground Technologies > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From andrew at topdog.za.net Fri Apr 3 18:14:21 2015 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Fri, 3 Apr 2015 20:14:21 +0200 Subject: DMARC with MailScanner In-Reply-To: <70DD09E1-0D94-4379-9EE0-B3357AC431B8@mailborder.com> References: <551ED209.6000803@shout.net> <70DD09E1-0D94-4379-9EE0-B3357AC431B8@mailborder.com> Message-ID: On 03 Apr 2015, at 7:49 PM, Jerry Benton wrote: > Yes, I have also thought about that route with a SA score being assigned, but this was already requested and shot down by their devs. But a solution may be here: > > https://blog.laussat.de/2014/05/19/using-dmarc-in-spamassassin/ > > > Damn this server is fast :) We use the approach, the actual check happens in Exim and a header is added, similar headers are removed by the Exim prior to adding to prevent spoofing. Then we use a custom spam assassin rule to score based on the header inserted by Exim. For the checks to run within mailscanner you may have to use a spam assassin plugin. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: From nerijusb at dtiltas.lt Sun Apr 5 14:37:50 2015 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Sun, 5 Apr 2015 17:37:50 +0300 Subject: Important MailScanner List Change - Please Read In-Reply-To: <5E8ABBD2-4357-49F2-8609-C35914EABBFA@mailborder.com> References: <5E8ABBD2-4357-49F2-8609-C35914EABBFA@mailborder.com> Message-ID: On Wed, 1 Apr 2015 02:18:37 -0400 Jerry Benton wrote: > Please go sign up again in 24 hours or so. If this lists page is not a pretty Bootstrap 3 looking page, then you are on the wrong server. The new server should resolve to 166.78.111.245. There list server is here: > > http://lists.mailscanner.info/listinfo/mailscanner If I go to "Members", enter email address and press the "Unsubscribe or edit options" button, I get: Bug in Mailman version 2.1.16 We're sorry, we hit a bug! Regards, Nerijus From jerry.benton at mailborder.com Sun Apr 5 14:48:09 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Sun, 5 Apr 2015 10:48:09 -0400 Subject: Important MailScanner List Change - Please Read In-Reply-To: References: <5E8ABBD2-4357-49F2-8609-C35914EABBFA@mailborder.com> Message-ID: I can’t replicate this. Maybe Mark Saprio will know something more as he is a mailman expert. - Jerry Benton www.mailborder.com > On Apr 5, 2015, at 10:37 AM, Nerijus Baliunas wrote: > > On Wed, 1 Apr 2015 02:18:37 -0400 Jerry Benton wrote: > >> Please go sign up again in 24 hours or so. If this lists page is not a pretty Bootstrap 3 looking page, then you are on the wrong server. The new server should resolve to 166.78.111.245. There list server is here: >> >> http://lists.mailscanner.info/listinfo/mailscanner > > If I go to "Members", enter email address and press the "Unsubscribe or edit options" button, I get: > > Bug in Mailman version 2.1.16 > > We're sorry, we hit a bug! > > Regards, > Nerijus From mark at msapiro.net Sun Apr 5 16:16:27 2015 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 05 Apr 2015 09:16:27 -0700 Subject: Important MailScanner List Change - Please Read In-Reply-To: References: <5E8ABBD2-4357-49F2-8609-C35914EABBFA@mailborder.com> Message-ID: <55215FDB.5080409@msapiro.net> On 04/05/2015 07:48 AM, Jerry Benton wrote: > I can’t replicate this. Maybe Mark Saprio will know something more as he is a mailman expert. I'll need server access to see Mailman's logs or you can just send me a copy of Mailman's error log (maybe /var/lib/mailman/logs/error I think in debians package). However, I can duplicate the issue. The 'Members' tab at is a broken page. The button says 'Unsubscribe or edit options' but the description and text box are the ones for visiting the roster and there is only one text box. Somehow the page is conflating the form in the members tab and the form in the profile tab. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From sbanderson at impromed.com Mon Apr 6 13:30:15 2015 From: sbanderson at impromed.com (Scott B. Anderson) Date: Mon, 6 Apr 2015 13:30:15 +0000 Subject: Important MailScanner List Change - Please Read In-Reply-To: <55215FDB.5080409@msapiro.net> References: <5E8ABBD2-4357-49F2-8609-C35914EABBFA@mailborder.com> <55215FDB.5080409@msapiro.net> Message-ID: <849acb1608dd416c996048c08176bb0d@ES4.impromed.com> > -----Original Message----- > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On > Behalf Of Mark Sapiro > Sent: Sunday, April 05, 2015 11:16 AM > To: MailScanner Discussion > Subject: Re: Important MailScanner List Change - Please Read > > On 04/05/2015 07:48 AM, Jerry Benton wrote: > > I can’t replicate this. Maybe Mark Saprio will know something more as he is a > mailman expert. > > > I'll need server access to see Mailman's logs or you can just send me a copy of > Mailman's error log (maybe /var/lib/mailman/logs/error I think in debians > package). > > However, I can duplicate the issue. The 'Members' tab at > is a broken page. > > The button says 'Unsubscribe or edit options' but the description and text box are > the ones for visiting the roster and there is only one text box. > > Somehow the page is conflating the form in the members tab and the form in the > profile tab. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > Quick Question - I am not an advanced web coder, but I have seen this when a browser caches pages that it should not be caching. The coder can't reproduce the error because something is cached that makes a different page work but a browser without that page/form in cache will fail. In the old days it was controlled via , but it is more complicated now, so someone better at modern html coding may be able to answer better on what may be failing causing the presentation of seemingly conflated pages. Scott Anderson ... -- Rely On Us. ImproMed LLC -- From mejaz at cyberia.net.sa Mon Apr 6 13:31:02 2015 From: mejaz at cyberia.net.sa (Mohammed Ejaz) Date: Mon, 6 Apr 2015 16:31:02 +0300 Subject: PDF-Corruption Message-ID: Hello. One of my user keep complaining that he is unable to receive the PDF attachment properly, they are getting corrupted. But when I check my logs it doesn't show any problem. Now my concern is how to justify the customer the problem is from his side or from my MailScanner. Please advice. Thanks for your usual co-operation. Below are the logs for the corrupted attachement/message Apr 6 15:27:08 nmersal MailScanner[23116]: Message C98395DF459.A2E18 from 150.70.237.8 (eyad.nashed at natcom.com.sa) to unitedgroup.com.sa is too big for spam checks (497744 > 150000 bytes) Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: C98395DF459.A2E18 to 555C55DF544 Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message C98395DF459.A2E18 to SQL Apr 6 15:27:08 nmersal MailScanner[24178]: C98395DF459.A2E18: Logged to MailWatch SQL Mail watch screen shot for the same message. Received on: 06/04/15 15:27:08 Received by: nmersal.cyberia.net.sa Received from: 150.70.237.8 [ Add to Whitelist | Add to Blacklist] Received Via: IP Address Hostname Country RBL Spam Virus All 150.70.237.8 rout01.hes.trendmicro.eu (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 10.36.162.83 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 89.237.187.138 SJV-EXHC1.natcom.com.sa (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 172.16.200.106 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 172.16.200.105 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 94.96.34.151 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] ID: C98395DF459.A2E18 Message Headers: Received: from rout01.hes.trendmicro.eu (rout01.hes.trendmicro.eu [150.70.237.8]) by nmersal.cyberia.net.sa (Postfix) with ESMTP id C98395DF459; Mon, 6 Apr 2015 15:27:04 +0300 (AST) Received: from outmta.starcloud.com (unknown [10.36.162.83]) by rout01.hes.trendmicro.eu (Postfix) with SMTP id A01EA740040; Mon, 6 Apr 2015 12:24:17 +0000 (UTC) Received: from SJV-EXHC1.natcom.com.sa (unknown [89.237.187.138]) by relay03.hes.trendmicro.eu (Postfix) with ESMTPS id 0CADD108003B; Mon, 6 Apr 2015 12:24:13 +0000 (UTC) Received: from SJV-EXMB1.natcom.com.sa ([172.16.200.106]) by SJV-EXHC1.natcom.com.sa ([172.16.200.105]) with mapi id 14.03.0174.001; Mon, 6 Apr 2015 15:24:12 +0300 From: Eyad Nashed To: Charbel Abi Nader CC: Mustafa Khan , Hekmat Qassem Subject: RE: Cisco Access Point Quotation Thread-Topic: Cisco Access Point Quotation Thread-Index: AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw Date: Mon, 6 Apr 2015 12:24:11 +0000 Message-ID: References: <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.s a> In-Reply-To: <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.s a> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [94.96.34.151] Content-Type: multipart/mixed; boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" MIME-Version: 1.0 X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 X-TMASE-Result: 10--28.541000-7.000000 X-TMASE-MatchedRID: OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgEve5PR Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClRwk/W3 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTNDUDi9i 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso 7pnCj3Td6w7ozQLgmIj9pQ1oyg== From: eyad.nashed at natcom.com.sa [ Add to Whitelist | Add to Blacklist] To: makhan at unitedgroup.com.sa cabinader at unitedgroup.com.sa Subject: RE: Cisco Access Point Quotation Size: 486.1Kb Anti-Virus/Dangerous Content Protection Virus: N Blocked File: N Other Infection: N SpamAssassin Spam: N Action(s): deliver, header, "X-Spam-Status:, No" High Scoring Spam: N SpamAssassin Spam: N Listed in RBL: N Spam Whitelisted: N Spam Blacklisted: N SpamAssassin Autolearn: N SpamAssassin Score: 0.00 Spam Report: Score Matching Rule Description large too Message Content Protection (MCP) MCP: N High Scoring MCP: N SpamAssassin MCP: N MCP Whitelisted: N MCP Blacklisted: N Regards Ejaz -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex at vidadigital.com.pa Mon Apr 6 14:24:39 2015 From: alex at vidadigital.com.pa (Alex Neuman) Date: Mon, 6 Apr 2015 09:24:39 -0500 Subject: PDF-Corruption In-Reply-To: References: Message-ID: Do an MD5SUM of the PDF file before and after processing. Also, ask the originator NOT to use TNEF encoding (Rich Text Format). *Alex Neuman van der Hans* Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507 6781-9505 Work: +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream ! Saturdays 8am-10am on Máxima 91.7FM Panama Follow *@AlexNeuman * on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz wrote: > Hello. > > > > One of my user keep complaining that he is unable to receive the PDF > attachment properly, they are getting corrupted. But when I check my logs > it doesn’t show any problem. Now my concern is how to justify the customer > the problem is from his side or from my MailScanner. Please advice. Thanks > for your usual co-operation. > > > > > > *Below are the logs for the corrupted attachement/message * > > > > > > Apr 6 15:27:08 nmersal MailScanner[23116]: Message C98395DF459.A2E18 from > 150.70.237.8 (eyad.nashed at natcom.com.sa) to unitedgroup.com.sa is too big > for spam checks (497744 > 150000 bytes) > > Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: C98395DF459.A2E18 to > 555C55DF544 > > Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message > C98395DF459.A2E18 to SQL > > Apr 6 15:27:08 nmersal MailScanner[24178]: C98395DF459.A2E18: Logged to > MailWatch SQL > > > > > > *Mail watch screen shot for the same message. * > > > > > > > > *Received on:* > > 06/04/15 15:27:08 > > *Received by:* > > nmersal.cyberia.net.sa > > *Received from:* > > 150.70.237.8 > > [Add to Whitelist > > | Add to Blacklist > > ] > > *Received Via:* > > *IP Address* > > *Hostname* > > *Country* > > *RBL* > > *Spam* > > *Virus* > > *All* > > 150.70.237.8 > > rout01.hes.trendmicro.eu > > (GeoIP Lookup Failed) > > [ > ] > > [ > > ] > > [ > > ] > > [ > > ] > > 10.36.162.83 > > (Reverse Lookup Failed) > > (GeoIP Lookup Failed) > > [ > ] > > [ > > ] > > [ > > ] > > [ > > ] > > 89.237.187.138 > > SJV-EXHC1.natcom.com.sa > > (GeoIP Lookup Failed) > > [ > ] > > [ > > ] > > [ > > ] > > [ > > ] > > 172.16.200.106 > > (Reverse Lookup Failed) > > (GeoIP Lookup Failed) > > [ > ] > > [ > > ] > > [ > > ] > > [ > > ] > > 172.16.200.105 > > (Reverse Lookup Failed) > > (GeoIP Lookup Failed) > > [ > ] > > [ > > ] > > [ > > ] > > [ > > ] > > 94.96.34.151 > > (Reverse Lookup Failed) > > (GeoIP Lookup Failed) > > [ > ] > > [ > > ] > > [ > > ] > > [ > > ] > > *ID:* > > C98395DF459.A2E18 > > *Message Headers:* > > Received: from rout01.hes.trendmicro.eu (rout01.hes.trendmicro.eu > [150.70.237.8]) > by nmersal.cyberia.net.sa (Postfix) with ESMTP id C98395DF459; > Mon, 6 Apr 2015 15:27:04 +0300 (AST) > Received: from outmta.starcloud.com (unknown [10.36.162.83]) > by rout01.hes.trendmicro.eu (Postfix) with SMTP id A01EA740040; > Mon, 6 Apr 2015 12:24:17 +0000 (UTC) > Received: from SJV-EXHC1.natcom.com.sa (unknown [89.237.187.138]) > by relay03.hes.trendmicro.eu (Postfix) with ESMTPS id 0CADD108003B; > Mon, 6 Apr 2015 12:24:13 +0000 (UTC) > Received: from SJV-EXMB1.natcom.com.sa ([172.16.200.106]) by > SJV-EXHC1.natcom.com.sa ([172.16.200.105]) with mapi id 14.03.0174.001; > Mon, > 6 Apr 2015 15:24:12 +0300 > From: Eyad Nashed > To: Charbel Abi Nader > CC: Mustafa Khan , Hekmat Qassem > > Subject: RE: Cisco Access Point Quotation > Thread-Topic: Cisco Access Point Quotation > Thread-Index: AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw > Date: Mon, 6 Apr 2015 12:24:11 +0000 > Message-ID: < > FBD94B164BE21A4393DB52F7CD6C8DFD16D46764 at SJV-EXMB1.natcom.com.sa> > References: < > 5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > > > In-Reply-To: < > 5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > > > Accept-Language: en-US > Content-Language: en-US > X-MS-Has-Attach: yes > X-MS-TNEF-Correlator: > x-originating-ip: [94.96.34.151] > Content-Type: multipart/mixed; > > boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" > MIME-Version: 1.0 > X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 > X-TMASE-Result: 10--28.541000-7.000000 > X-TMASE-MatchedRID: > OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ > > G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgEve5PR > > Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClRwk/W3 > > 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk > > pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr > > vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q > > Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 > > LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP > > EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv > > /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e > > SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTNDUDi9i > > 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY > > a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso > 7pnCj3Td6w7ozQLgmIj9pQ1oyg== > > *From:* > > eyad.nashed at natcom.com.sa > > [Add to Whitelist > > | Add to Blacklist > > ] > > *To:* > > makhan at unitedgroup.com.sa > cabinader at unitedgroup.com.sa > > *Subject:* > > RE: Cisco Access Point Quotation > > *Size:* > > 486.1Kb > > *Anti-Virus/Dangerous Content Protection* > > *Virus:* > > * N * > > *Blocked File:* > > * N * > > *Other Infection:* > > * N * > > *SpamAssassin* > > *Spam:* > > * N * Action(s): deliver, header, "X-Spam-Status:, No" > > *High Scoring Spam:* > > * N * > > *SpamAssassin Spam:* > > * N * > > *Listed in RBL:* > > * N * > > *Spam Whitelisted:* > > * N * > > *Spam Blacklisted:* > > * N * > > *SpamAssassin Autolearn:* > > * N * > > *SpamAssassin Score:* > > 0.00 > > *Spam Report:* > > *Score* > > *Matching Rule* > > *Description* > > large > > too > > > > *Message Content Protection (MCP)* > > *MCP:* > > * N * > > *High Scoring MCP:* > > * N * > > *SpamAssassin MCP:* > > * N * > > *MCP Whitelisted:* > > * N * > > *MCP Blacklisted:* > > * N * > > > > > > Regards > > Ejaz > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mejaz at cyberia.net.sa Mon Apr 6 14:37:35 2015 From: mejaz at cyberia.net.sa (Mohammed Ejaz) Date: Mon, 6 Apr 2015 17:37:35 +0300 Subject: PDF-Corruption In-Reply-To: References: Message-ID: Thanks, I cannot ask the customer as so many of them are complaining for the same, I can make any exception from my side from the MailScanner configuration. Is there any officially support for mailscanner?? As I wanted to subscribe it. Ejaz From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, April 06, 2015 5:25 PM To: MailScanner Discussion Subject: Re: PDF-Corruption Do an MD5SUM of the PDF file before and after processing. Also, ask the originator NOT to use TNEF encoding (Rich Text Format). Web Bug from http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000 Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507 6781-9505 Work: +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream! Saturdays 8am-10am on Máxima 91.7FM Panama Follow @AlexNeuman on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz wrote: Hello. One of my user keep complaining that he is unable to receive the PDF attachment properly, they are getting corrupted. But when I check my logs it doesn’t show any problem. Now my concern is how to justify the customer the problem is from his side or from my MailScanner. Please advice. Thanks for your usual co-operation. Below are the logs for the corrupted attachement/message Apr 6 15:27:08 nmersal MailScanner[23116]: Message C98395DF459.A2E18 from 150.70.237.8 (eyad.nashed at natcom.com.sa) to unitedgroup.com.sa is too big for spam checks (497744 > 150000 bytes) Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: C98395DF459.A2E18 to 555C55DF544 Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message C98395DF459.A2E18 to SQL Apr 6 15:27:08 nmersal MailScanner[24178]: C98395DF459.A2E18: Logged to MailWatch SQL Mail watch screen shot for the same message. Received on: 06/04/15 15:27:08 Received by: nmersal.cyberia.net.sa Received from: 150.70.237.8 [ Add to Whitelist | Add to Blacklist] Received Via: IP Address Hostname Country RBL Spam Virus All 150.70.237.8 rout01.hes.trendmicro.eu (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 10.36.162.83 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 89.237.187.138 SJV-EXHC1.natcom.com.sa (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 172.16.200.106 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 172.16.200.105 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 94.96.34.151 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] ID: C98395DF459.A2E18 Message Headers: Received: from rout01.hes.trendmicro.eu (rout01.hes.trendmicro.eu [150.70.237.8]) by nmersal.cyberia.net.sa (Postfix) with ESMTP id C98395DF459; Mon, 6 Apr 2015 15:27:04 +0300 (AST) Received: from outmta.starcloud.com (unknown [10.36.162.83]) by rout01.hes.trendmicro.eu (Postfix) with SMTP id A01EA740040; Mon, 6 Apr 2015 12:24:17 +0000 (UTC) Received: from SJV-EXHC1.natcom.com.sa (unknown [89.237.187.138]) by relay03.hes.trendmicro.eu (Postfix) with ESMTPS id 0CADD108003B; Mon, 6 Apr 2015 12:24:13 +0000 (UTC) Received: from SJV-EXMB1.natcom.com.sa ([172.16.200.106]) by SJV-EXHC1.natcom.com.sa ([172.16.200.105]) with mapi id 14.03.0174.001; Mon, 6 Apr 2015 15:24:12 +0300 From: Eyad Nashed To: Charbel Abi Nader CC: Mustafa Khan , Hekmat Qassem Subject: RE: Cisco Access Point Quotation Thread-Topic: Cisco Access Point Quotation Thread-Index: AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw Date: Mon, 6 Apr 2015 12:24:11 +0000 Message-ID: References: <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa> In-Reply-To: <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [94.96.34.151] Content-Type: multipart/mixed; boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" MIME-Version: 1.0 X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 X-TMASE-Result: 10--28.541000-7.000000 X-TMASE-MatchedRID: OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgEve5PR Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClRwk/W3 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTNDUDi9i 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso 7pnCj3Td6w7ozQLgmIj9pQ1oyg== From: eyad.nashed at natcom.com.sa [ Add to Whitelist | Add to Blacklist] To: makhan at unitedgroup.com.sa cabinader at unitedgroup.com.sa Subject: RE: Cisco Access Point Quotation Size: 486.1Kb Anti-Virus/Dangerous Content Protection Virus: N Blocked File: N Other Infection: N SpamAssassin Spam: N Action(s): deliver, header, "X-Spam-Status:, No" High Scoring Spam: N SpamAssassin Spam: N Listed in RBL: N Spam Whitelisted: N Spam Blacklisted: N SpamAssassin Autolearn: N SpamAssassin Score: 0.00 Spam Report: Score Matching Rule Description large too Message Content Protection (MCP) MCP: N High Scoring MCP: N SpamAssassin MCP: N MCP Whitelisted: N MCP Blacklisted: N Regards Ejaz -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex at vidadigital.com.pa Mon Apr 6 15:42:33 2015 From: alex at vidadigital.com.pa (Alex Neuman) Date: Mon, 6 Apr 2015 10:42:33 -0500 Subject: PDF-Corruption In-Reply-To: References: Message-ID: I believe Mailborder and FSL systems provide official support. Try modifying your TNEF decoder settings in MailScanner.conf. On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" wrote: > Thanks, > > > > I cannot ask the customer as so many of them are complaining for the > same, I can make any exception from my side from the MailScanner > configuration. > > > > Is there any officially support for mailscanner?? As I wanted to subscribe > it. > > > > > > Ejaz > > > > *From:* MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] *On > Behalf Of *Alex Neuman > *Sent:* Monday, April 06, 2015 5:25 PM > *To:* MailScanner Discussion > *Subject:* Re: PDF-Corruption > > > > Do an MD5SUM of the PDF file before and after processing. > > > > Also, ask the originator NOT to use TNEF encoding (Rich Text Format). > > [image: Web Bug from > http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000] > > > > > > *Alex Neuman van der Hans* > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > Mobile: +507 6781-9505 > Work: +507 832-6725 > Work (USA): +1 (440) 253-9789 > > Skype: AlexNeuman > > > Don't miss Vida Digital on LiveStream > > ! > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > Follow *@AlexNeuman > * on > Twitter > Like Vida Digital > on > Facebook > > Follow VidaDigital > on > Instagram > > Subscribe to Vida Digital > on > Youtube > > > > On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz > wrote: > > Hello. > > > > One of my user keep complaining that he is unable to receive the PDF > attachment properly, they are getting corrupted. But when I check my logs > it doesn’t show any problem. Now my concern is how to justify the customer > the problem is from his side or from my MailScanner. Please advice. Thanks > for your usual co-operation. > > > > > > *Below are the logs for the corrupted attachement/message * > > > > > > Apr 6 15:27:08 nmersal MailScanner[23116]: Message C98395DF459.A2E18 from > 150.70.237.8 (eyad.nashed at natcom.com.sa) to unitedgroup.com.sa is too big > for spam checks (497744 > 150000 bytes) > > Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: C98395DF459.A2E18 to > 555C55DF544 > > Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message > C98395DF459.A2E18 to SQL > > Apr 6 15:27:08 nmersal MailScanner[24178]: C98395DF459.A2E18: Logged to > MailWatch SQL > > > > > > *Mail watch screen shot for the same message. * > > > > > > > > *Received on:* > > 06/04/15 15:27:08 > > *Received by:* > > nmersal.cyberia.net.sa > > *Received from:* > > 150.70.237.8 > > [Add to Whitelist > > | Add to Blacklist > > ] > > *Received Via:* > > *IP Address* > > *Hostname* > > *Country* > > *RBL* > > *Spam* > > *Virus* > > *All* > > 150.70.237.8 > > rout01.hes.trendmicro.eu > > (GeoIP Lookup Failed) > > [ > ] > > [ > > ] > > [ > > ] > > [ > > ] > > 10.36.162.83 > > (Reverse Lookup Failed) > > (GeoIP Lookup Failed) > > [ > ] > > [ > > ] > > [ > > ] > > [ > > ] > > 89.237.187.138 > > SJV-EXHC1.natcom.com.sa > > (GeoIP Lookup Failed) > > [ > ] > > [ > > ] > > [ > > ] > > [ > > ] > > 172.16.200.106 > > (Reverse Lookup Failed) > > (GeoIP Lookup Failed) > > [ > ] > > [ > > ] > > [ > > ] > > [ > > ] > > 172.16.200.105 > > (Reverse Lookup Failed) > > (GeoIP Lookup Failed) > > [ > ] > > [ > > ] > > [ > > ] > > [ > > ] > > 94.96.34.151 > > (Reverse Lookup Failed) > > (GeoIP Lookup Failed) > > [ > ] > > [ > > ] > > [ > > ] > > [ > > ] > > *ID:* > > C98395DF459.A2E18 > > *Message Headers:* > > Received: from rout01.hes.trendmicro.eu (rout01.hes.trendmicro.eu > [150.70.237.8]) > by nmersal.cyberia.net.sa (Postfix) with ESMTP id C98395DF459; > Mon, 6 Apr 2015 15:27:04 +0300 (AST) > Received: from outmta.starcloud.com (unknown [10.36.162.83]) > by rout01.hes.trendmicro.eu (Postfix) with SMTP id A01EA740040; > Mon, 6 Apr 2015 12:24:17 +0000 (UTC) > Received: from SJV-EXHC1.natcom.com.sa (unknown [89.237.187.138]) > by relay03.hes.trendmicro.eu (Postfix) with ESMTPS id 0CADD108003B; > Mon, 6 Apr 2015 12:24:13 +0000 (UTC) > Received: from SJV-EXMB1.natcom.com.sa ([172.16.200.106]) by > SJV-EXHC1.natcom.com.sa ([172.16.200.105]) with mapi id 14.03.0174.001; > Mon, > 6 Apr 2015 15:24:12 +0300 > From: Eyad Nashed > To: Charbel Abi Nader > CC: Mustafa Khan , Hekmat Qassem > > Subject: RE: Cisco Access Point Quotation > Thread-Topic: Cisco Access Point Quotation > Thread-Index: AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw > Date: Mon, 6 Apr 2015 12:24:11 +0000 > Message-ID: < > FBD94B164BE21A4393DB52F7CD6C8DFD16D46764 at SJV-EXMB1.natcom.com.sa> > References: < > 5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > > > In-Reply-To: < > 5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > > > Accept-Language: en-US > Content-Language: en-US > X-MS-Has-Attach: yes > X-MS-TNEF-Correlator: > x-originating-ip: [94.96.34.151] > Content-Type: multipart/mixed; > > boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" > MIME-Version: 1.0 > X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 > X-TMASE-Result: 10--28.541000-7.000000 > X-TMASE-MatchedRID: > OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ > > G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgEve5PR > > Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClRwk/W3 > > 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk > > pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr > > vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q > > Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 > > LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP > > EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv > > /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e > > SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTNDUDi9i > > 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY > > a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso > 7pnCj3Td6w7ozQLgmIj9pQ1oyg== > > *From:* > > eyad.nashed at natcom.com.sa > > [Add to Whitelist > > | Add to Blacklist > > ] > > *To:* > > makhan at unitedgroup.com.sa > cabinader at unitedgroup.com.sa > > *Subject:* > > RE: Cisco Access Point Quotation > > *Size:* > > 486.1Kb > > *Anti-Virus/Dangerous Content Protection* > > *Virus:* > > * N * > > *Blocked File:* > > * N * > > *Other Infection:* > > * N * > > *SpamAssassin* > > *Spam:* > > * N * Action(s): deliver, header, "X-Spam-Status:, No" > > *High Scoring Spam:* > > * N * > > *SpamAssassin Spam:* > > * N * > > *Listed in RBL:* > > * N * > > *Spam Whitelisted:* > > * N * > > *Spam Blacklisted:* > > * N * > > *SpamAssassin Autolearn:* > > * N * > > *SpamAssassin Score:* > > 0.00 > > *Spam Report:* > > *Score* > > *Matching Rule* > > *Description* > > large > > too > > > > *Message Content Protection (MCP)* > > *MCP:* > > * N * > > *High Scoring MCP:* > > * N * > > *SpamAssassin MCP:* > > * N * > > *MCP Whitelisted:* > > * N * > > *MCP Blacklisted:* > > * N * > > > > > > Regards > > Ejaz > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mejaz at cyberia.net.sa Mon Apr 6 16:04:44 2015 From: mejaz at cyberia.net.sa (Mohammed Ejaz) Date: Mon, 6 Apr 2015 19:04:44 +0300 Subject: PDF-Corruption In-Reply-To: References: Message-ID: Thanks a lot sorry to disturb you, I called during your meeting. As I was unaware about it. This is what all I have for Tnef settings in my mailscanner. Does Any modification required ??? Please advice. Again thank you for your time. Expand TNEF attachments using an external program (or a Perl module)? # within the TNEF attachment will not be checked against the filename rules. Expand TNEF = no # When the TNEF (winmail.dat) attachments are expanded, should the # in "Outlook Rich Text Format" (TNEF) will be able to read the attachments # no => Leave winmail.dat TNEF attachments alone. # TNEF messages being doubled in size. # replace => Replace the winmail.dat TNEF attachment with the files it Use TNEF Contents = replace # We are working on a replacement for the TNEF decoder. Deliver Unparsable TNEF = yes # Where the MS-TNEF expander is installed. # the external TNEF expander binary, # may be. It helps protect against Denial Of Service attacks in TNEF files. #TNEF Expander = internal TNEF Expander = /usr/bin/tnef --maxsize=100000000 # The maximum length of time the TNEF Expander is allowed to run for 1 message. TNEF Timeout = 120 # maybe TNEF files to not be archives as they are really just another way # tnef -- "winmail.dat" files created by Microsoft Exchange or Outlook I believe Mailborder and FSL systems provide official support. Do you have any contacts email/phone numbers Ejaz From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, April 06, 2015 6:43 PM To: MailScanner discussion Subject: RE: PDF-Corruption I believe Mailborder and FSL systems provide official support. Try modifying your TNEF decoder settings in MailScanner.conf. On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" wrote: Thanks, I cannot ask the customer as so many of them are complaining for the same, I can make any exception from my side from the MailScanner configuration. Is there any officially support for mailscanner?? As I wanted to subscribe it. Ejaz From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, April 06, 2015 5:25 PM To: MailScanner Discussion Subject: Re: PDF-Corruption Do an MD5SUM of the PDF file before and after processing. Also, ask the originator NOT to use TNEF encoding (Rich Text Format). Web Bug from http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000 Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507 6781-9505 Work: +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream! Saturdays 8am-10am on Máxima 91.7FM Panama Follow @AlexNeuman on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz wrote: Hello. One of my user keep complaining that he is unable to receive the PDF attachment properly, they are getting corrupted. But when I check my logs it doesn’t show any problem. Now my concern is how to justify the customer the problem is from his side or from my MailScanner. Please advice. Thanks for your usual co-operation. Below are the logs for the corrupted attachement/message Apr 6 15:27:08 nmersal MailScanner[23116]: Message C98395DF459.A2E18 from 150.70.237.8 (eyad.nashed at natcom.com.sa) to unitedgroup.com.sa is too big for spam checks (497744 > 150000 bytes) Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: C98395DF459.A2E18 to 555C55DF544 Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message C98395DF459.A2E18 to SQL Apr 6 15:27:08 nmersal MailScanner[24178]: C98395DF459.A2E18: Logged to MailWatch SQL Mail watch screen shot for the same message. Received on: 06/04/15 15:27:08 Received by: nmersal.cyberia.net.sa Received from: 150.70.237.8 [ Add to Whitelist | Add to Blacklist] Received Via: IP Address Hostname Country RBL Spam Virus All 150.70.237.8 rout01.hes.trendmicro.eu (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 10.36.162.83 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 89.237.187.138 SJV-EXHC1.natcom.com.sa (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 172.16.200.106 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 172.16.200.105 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 94.96.34.151 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] ID: C98395DF459.A2E18 Message Headers: Received: from rout01.hes.trendmicro.eu (rout01.hes.trendmicro.eu [150.70.237.8]) by nmersal.cyberia.net.sa (Postfix) with ESMTP id C98395DF459; Mon, 6 Apr 2015 15:27:04 +0300 (AST) Received: from outmta.starcloud.com (unknown [10.36.162.83]) by rout01.hes.trendmicro.eu (Postfix) with SMTP id A01EA740040; Mon, 6 Apr 2015 12:24:17 +0000 (UTC) Received: from SJV-EXHC1.natcom.com.sa (unknown [89.237.187.138]) by relay03.hes.trendmicro.eu (Postfix) with ESMTPS id 0CADD108003B; Mon, 6 Apr 2015 12:24:13 +0000 (UTC) Received: from SJV-EXMB1.natcom.com.sa ([172.16.200.106]) by SJV-EXHC1.natcom.com.sa ([172.16.200.105]) with mapi id 14.03.0174.001; Mon, 6 Apr 2015 15:24:12 +0300 From: Eyad Nashed To: Charbel Abi Nader CC: Mustafa Khan , Hekmat Qassem Subject: RE: Cisco Access Point Quotation Thread-Topic: Cisco Access Point Quotation Thread-Index: AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw Date: Mon, 6 Apr 2015 12:24:11 +0000 Message-ID: References: <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa> In-Reply-To: <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [94.96.34.151] Content-Type: multipart/mixed; boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" MIME-Version: 1.0 X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 X-TMASE-Result: 10--28.541000-7.000000 X-TMASE-MatchedRID: OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgEve5PR Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClRwk/W3 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTNDUDi9i 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso 7pnCj3Td6w7ozQLgmIj9pQ1oyg== From: eyad.nashed at natcom.com.sa [ Add to Whitelist | Add to Blacklist] To: makhan at unitedgroup.com.sa cabinader at unitedgroup.com.sa Subject: RE: Cisco Access Point Quotation Size: 486.1Kb Anti-Virus/Dangerous Content Protection Virus: N Blocked File: N Other Infection: N SpamAssassin Spam: N Action(s): deliver, header, "X-Spam-Status:, No" High Scoring Spam: N SpamAssassin Spam: N Listed in RBL: N Spam Whitelisted: N Spam Blacklisted: N SpamAssassin Autolearn: N SpamAssassin Score: 0.00 Spam Report: Score Matching Rule Description large too Message Content Protection (MCP) MCP: N High Scoring MCP: N SpamAssassin MCP: N MCP Whitelisted: N MCP Blacklisted: N Regards Ejaz -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From mejaz at cyberia.net.sa Mon Apr 6 16:08:50 2015 From: mejaz at cyberia.net.sa (Mohammed Ejaz) Date: Mon, 6 Apr 2015 19:08:50 +0300 Subject: PDF-Corruption In-Reply-To: References: Message-ID: 1. When email hits to my MailScanner, it gets corrupted. Below are the headers. Received: from nmersal.cyberia.net.sa (212.119.64.55) by SRV-EXCHHUB.unitedgroup.com.sa (191.0.0.18) with Microsoft SMTP Server id 8.3.83.0; Mon, 6 Apr 2015 15:24:51 +0300 Received: from rout01.hes.trendmicro.eu (rout01.hes.trendmicro.eu [150.70.237.8]) by nmersal.cyberia.net.sa (Postfix) with ESMTP id C98395DF459; Mon, 6 Apr 2015 15:27:04 +0300 (AST) Received: from outmta.starcloud.com (unknown [10.36.162.83]) by rout01.hes.trendmicro.eu (Postfix) with SMTP id A01EA740040; Mon, 6 Apr 2015 12:24:17 +0000 (UTC) Received: from SJV-EXHC1.natcom.com.sa (unknown [89.237.187.138]) by relay03.hes.trendmicro.eu (Postfix) with ESMTPS id 0CADD108003B; Mon, 6 Apr 2015 12:24:13 +0000 (UTC) Received: from SJV-EXMB1.natcom.com.sa ([172.16.200.106]) by SJV-EXHC1.natcom.com.sa ([172.16.200.105]) with mapi id 14.03.0174.001; Mon, 6 Apr 2015 15:24:12 +0300 From: Eyad Nashed To: Charbel Abi Nader CC: Mustafa Khan , Hekmat Qassem Subject: RE: Cisco Access Point Quotation Thread-Topic: Cisco Access Point Quotation Thread-Index: AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw Date: Mon, 6 Apr 2015 12:24:11 +0000 Message-ID: References: <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa> In-Reply-To: <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [94.96.34.151] Content-Type: multipart/mixed; boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" MIME-Version: 1.0 X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 X-TMASE-Result: 10--28.541000-7.000000 X-TMASE-MatchedRID: OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgEve5PR Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClRwk/W3 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTNDUDi9i 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso 7pnCj3Td6w7ozQLgmIj9pQ1oyg== X-yoursite-MailScanner-Information: Please contact the ISP for more information X-yoursite-MailScanner-ID: C98395DF459.A2E18 X-yoursite-MailScanner: Found to be clean X-yoursite-MailScanner-From: eyad.nashed at natcom.com.sa X-Spam-Status: No Return-Path: eyad.nashed at natcom.com.sa X-MS-Exchange-Organization-SCL: 0 X-MS-Exchange-Organization-PCL: 2 X-MS-Exchange-Organization-Antispam-Report: DV:3.3.5705.600;OrigIP:212.119.64.55 2. Just to test I have eliminated my mailscanner. And change the MX record of customer to relayed all inbound emails directly to his exchange server, then everything works perfectly. Here are the headers. Received: from rout02.hes.trendmicro.eu (150.70.237.9) by SRV-EXCHHUB.unitedgroup.com.sa (191.0.0.18) with Microsoft SMTP Server (TLS) id 8.3.83.0; Mon, 6 Apr 2015 16:32:41 +0300 Received: from outmta.starcloud.com (unknown [10.36.162.82]) by rout02.hes.trendmicro.eu (Postfix) with SMTP id 313A4740041; Mon, 6 Apr 2015 13:32:12 +0000 (UTC) Received: from SJV-EXHC1.natcom.com.sa (unknown [89.237.187.138]) by relay01.hes.trendmicro.eu (Postfix) with ESMTPS id 6AC84100039; Mon, 6 Apr 2015 13:32:07 +0000 (UTC) Received: from SJV-EXMB1.natcom.com.sa ([172.16.200.106]) by SJV-EXHC1.natcom.com.sa ([172.16.200.105]) with mapi id 14.03.0174.001; Mon, 6 Apr 2015 16:32:06 +0300 From: Eyad Nashed To: Charbel Abi Nader CC: Mustafa Khan Subject: RE: Cisco Access Point Quotation Thread-Topic: Cisco Access Point Quotation Thread-Index: AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNawAAJl/HA= Date: Mon, 6 Apr 2015 13:32:05 +0000 Message-ID: References: <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [94.96.34.151] Content-Type: multipart/mixed; boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46889SJVEXMB1natcomc_" MIME-Version: 1.0 X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 X-TMASE-Result: 10--27.128300-7.000000 X-TMASE-MatchedRID: OoEa6u7Uk5/uYusHgJkgyp4oketYmk9nCzQL/1kygf4kwlcMmOSp1IUR G1M79SstfKEYs8Ci7JN9n0AbsekSW7xygpRxo469yXcoFawkPXsjkUFLcRYBY0/av0A40kEiWiV YX64wRWi3ctt0CPKTNTAvdQPMSC1zfMoG217NqYkNgFUqZt55A6+gG1Tz5KUpSMSu/N2qjWw/W3 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9Stb2CSbxI1C15yxZV2XdhwOwVCrCrh FNYP2bet+wPFHuwLYDi2g4L0QlY4guKfvwCBbG0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVaUGgs9rJ+5iDYXd05XlwHp04FnYN BNWXe3lRGjSN7Hs0bgkRRksxTw== Return-Path: eyad.nashed at natcom.com.sa X-MS-Exchange-Organization-SCL: 0 X-MS-Exchange-Organization-PCL: 2 X-MS-Exchange-Organization-Antispam-Report: DV:3.3.5705.600;OrigIP:150.70.237.9 From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, April 06, 2015 6:43 PM To: MailScanner discussion Subject: RE: PDF-Corruption I believe Mailborder and FSL systems provide official support. Try modifying your TNEF decoder settings in MailScanner.conf. On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" wrote: Thanks, I cannot ask the customer as so many of them are complaining for the same, I can make any exception from my side from the MailScanner configuration. Is there any officially support for mailscanner?? As I wanted to subscribe it. Ejaz From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, April 06, 2015 5:25 PM To: MailScanner Discussion Subject: Re: PDF-Corruption Do an MD5SUM of the PDF file before and after processing. Also, ask the originator NOT to use TNEF encoding (Rich Text Format). Web Bug from http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000 Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507 6781-9505 Work: +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream! Saturdays 8am-10am on Máxima 91.7FM Panama Follow @AlexNeuman on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz wrote: Hello. One of my user keep complaining that he is unable to receive the PDF attachment properly, they are getting corrupted. But when I check my logs it doesn’t show any problem. Now my concern is how to justify the customer the problem is from his side or from my MailScanner. Please advice. Thanks for your usual co-operation. Below are the logs for the corrupted attachement/message Apr 6 15:27:08 nmersal MailScanner[23116]: Message C98395DF459.A2E18 from 150.70.237.8 (eyad.nashed at natcom.com.sa) to unitedgroup.com.sa is too big for spam checks (497744 > 150000 bytes) Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: C98395DF459.A2E18 to 555C55DF544 Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message C98395DF459.A2E18 to SQL Apr 6 15:27:08 nmersal MailScanner[24178]: C98395DF459.A2E18: Logged to MailWatch SQL Mail watch screen shot for the same message. Received on: 06/04/15 15:27:08 Received by: nmersal.cyberia.net.sa Received from: 150.70.237.8 [ Add to Whitelist | Add to Blacklist] Received Via: IP Address Hostname Country RBL Spam Virus All 150.70.237.8 rout01.hes.trendmicro.eu (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 10.36.162.83 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 89.237.187.138 SJV-EXHC1.natcom.com.sa (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 172.16.200.106 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 172.16.200.105 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 94.96.34.151 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] ID: C98395DF459.A2E18 Message Headers: Received: from rout01.hes.trendmicro.eu (rout01.hes.trendmicro.eu [150.70.237.8]) by nmersal.cyberia.net.sa (Postfix) with ESMTP id C98395DF459; Mon, 6 Apr 2015 15:27:04 +0300 (AST) Received: from outmta.starcloud.com (unknown [10.36.162.83]) by rout01.hes.trendmicro.eu (Postfix) with SMTP id A01EA740040; Mon, 6 Apr 2015 12:24:17 +0000 (UTC) Received: from SJV-EXHC1.natcom.com.sa (unknown [89.237.187.138]) by relay03.hes.trendmicro.eu (Postfix) with ESMTPS id 0CADD108003B; Mon, 6 Apr 2015 12:24:13 +0000 (UTC) Received: from SJV-EXMB1.natcom.com.sa ([172.16.200.106]) by SJV-EXHC1.natcom.com.sa ([172.16.200.105]) with mapi id 14.03.0174.001; Mon, 6 Apr 2015 15:24:12 +0300 From: Eyad Nashed To: Charbel Abi Nader CC: Mustafa Khan , Hekmat Qassem Subject: RE: Cisco Access Point Quotation Thread-Topic: Cisco Access Point Quotation Thread-Index: AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw Date: Mon, 6 Apr 2015 12:24:11 +0000 Message-ID: References: <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa> In-Reply-To: <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [94.96.34.151] Content-Type: multipart/mixed; boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" MIME-Version: 1.0 X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 X-TMASE-Result: 10--28.541000-7.000000 X-TMASE-MatchedRID: OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgEve5PR Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClRwk/W3 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTNDUDi9i 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso 7pnCj3Td6w7ozQLgmIj9pQ1oyg== From: eyad.nashed at natcom.com.sa [ Add to Whitelist | Add to Blacklist] To: makhan at unitedgroup.com.sa cabinader at unitedgroup.com.sa Subject: RE: Cisco Access Point Quotation Size: 486.1Kb Anti-Virus/Dangerous Content Protection Virus: N Blocked File: N Other Infection: N SpamAssassin Spam: N Action(s): deliver, header, "X-Spam-Status:, No" High Scoring Spam: N SpamAssassin Spam: N Listed in RBL: N Spam Whitelisted: N Spam Blacklisted: N SpamAssassin Autolearn: N SpamAssassin Score: 0.00 Spam Report: Score Matching Rule Description large too Message Content Protection (MCP) MCP: N High Scoring MCP: N SpamAssassin MCP: N MCP Whitelisted: N MCP Blacklisted: N Regards Ejaz -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Mon Apr 6 16:29:30 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 6 Apr 2015 12:29:30 -0400 Subject: PDF-Corruption In-Reply-To: References: Message-ID: <2F032519-327E-4F27-8C50-902B70106765@mailborder.com> The PDF probably has a disallowed MIME type in the document. Edit your MIME types config file in /etc/MailScanner and allow all MIME types. Resend the email and see if it gets through. If it does, enable each MIME type until you figure out which one is stopping or corrupting the PDF. Note that there is a problem with the current Linux “file” command that has been causing problems with a lot of applications. This may or may not be your problem, but of the customers I have dealt with at Mailborder complaining of this issue, this is often the problem. - Jerry Benton www.mailborder.com > On Apr 6, 2015, at 12:04 PM, Mohammed Ejaz wrote: > > Thanks a lot sorry to disturb you, I called during your meeting. As I was unaware about it. > > > This is what all I have for Tnef settings in my mailscanner. Does Any modification required ??? Please advice. > > Again thank you for your time. > > > > Expand TNEF attachments using an external program (or a Perl module)? > # within the TNEF attachment will not be checked against the filename rules. > Expand TNEF = no > # When the TNEF (winmail.dat) attachments are expanded, should the > # in "Outlook Rich Text Format" (TNEF) will be able to read the attachments > # no => Leave winmail.dat TNEF attachments alone. > # TNEF messages being doubled in size. > # replace => Replace the winmail.dat TNEF attachment with the files it > Use TNEF Contents = replace > # We are working on a replacement for the TNEF decoder. > Deliver Unparsable TNEF = yes > # Where the MS-TNEF expander is installed. > # the external TNEF expander binary, > # may be. It helps protect against Denial Of Service attacks in TNEF files. > #TNEF Expander = internal > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > # The maximum length of time the TNEF Expander is allowed to run for 1 message. > TNEF Timeout = 120 > # maybe TNEF files to not be archives as they are really just another way > # tnef -- "winmail.dat" files created by Microsoft Exchange or Outlook > > > I believe Mailborder and FSL systems provide official support. > > Do you have any contacts email/phone numbers > > Ejaz > > > > > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman > Sent: Monday, April 06, 2015 6:43 PM > To: MailScanner discussion > Subject: RE: PDF-Corruption > > I believe Mailborder and FSL systems provide official support. > > Try modifying your TNEF decoder settings in MailScanner.conf. > > On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" > wrote: > Thanks, > > I cannot ask the customer as so many of them are complaining for the same, I can make any exception from my side from the MailScanner configuration. > > Is there any officially support for mailscanner?? As I wanted to subscribe it. > > > Ejaz > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info ] On Behalf Of Alex Neuman > Sent: Monday, April 06, 2015 5:25 PM > To: MailScanner Discussion > Subject: Re: PDF-Corruption > > Do an MD5SUM of the PDF file before and after processing. > > Also, ask the originator NOT to use TNEF encoding (Rich Text Format). > > > > > Alex Neuman van der Hans > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > Mobile: +507 6781-9505 > Work: +507 832-6725 > Work (USA): +1 (440) 253-9789 > Skype: AlexNeuman > > Don't miss Vida Digital on LiveStream ! > Saturdays 8am-10am on Máxima 91.7FM Panama > > Follow @AlexNeuman on Twitter > Like Vida Digital on Facebook > Follow VidaDigital on Instagram > Subscribe to Vida Digital on Youtube > > On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz > wrote: > Hello. > > One of my user keep complaining that he is unable to receive the PDF attachment properly, they are getting corrupted. But when I check my logs it doesn’t show any problem. Now my concern is how to justify the customer the problem is from his side or from my MailScanner. Please advice. Thanks for your usual co-operation. > > > Below are the logs for the corrupted attachement/message > > > Apr 6 15:27:08 nmersal MailScanner[23116]: Message C98395DF459.A2E18 from 150.70.237.8 (eyad.nashed at natcom.com.sa ) to unitedgroup.com.sa is too big for spam checks (497744 > 150000 bytes) > Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: C98395DF459.A2E18 to 555C55DF544 > Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message C98395DF459.A2E18 to SQL > Apr 6 15:27:08 nmersal MailScanner[24178]: C98395DF459.A2E18: Logged to MailWatch SQL > > > Mail watch screen shot for the same message. > > > > Received on: > 06/04/15 15:27:08 > Received by: > nmersal.cyberia.net.sa > Received from: > 150.70.237.8 > [Add to Whitelist | Add to Blacklist ] > Received Via: > IP Address > Hostname > Country > RBL > Spam > Virus > All > 150.70.237.8 > rout01.hes.trendmicro.eu > (GeoIP Lookup Failed) > [   ] > [   ] > [   ] > [   ] > 10.36.162.83 > (Reverse Lookup Failed) > (GeoIP Lookup Failed) > [   ] > [   ] > [   ] > [   ] > 89.237.187.138 > SJV-EXHC1.natcom.com.sa > (GeoIP Lookup Failed) > [   ] > [   ] > [   ] > [   ] > 172.16.200.106 > (Reverse Lookup Failed) > (GeoIP Lookup Failed) > [   ] > [   ] > [   ] > [   ] > 172.16.200.105 > (Reverse Lookup Failed) > (GeoIP Lookup Failed) > [   ] > [   ] > [   ] > [   ] > 94.96.34.151 > (Reverse Lookup Failed) > (GeoIP Lookup Failed) > [   ] > [   ] > [   ] > [   ] > ID: > C98395DF459.A2E18 > Message Headers: > Received: from rout01.hes.trendmicro.eu (rout01.hes.trendmicro.eu [150.70.237.8]) > by nmersal.cyberia.net.sa (Postfix) with ESMTP id C98395DF459; > Mon, 6 Apr 2015 15:27:04 +0300 (AST) > Received: from outmta.starcloud.com (unknown [10.36.162.83]) > by rout01.hes.trendmicro.eu (Postfix) with SMTP id A01EA740040; > Mon, 6 Apr 2015 12:24:17 +0000 (UTC) > Received: from SJV-EXHC1.natcom.com.sa (unknown [89.237.187.138]) > by relay03.hes.trendmicro.eu (Postfix) with ESMTPS id 0CADD108003B; > Mon, 6 Apr 2015 12:24:13 +0000 (UTC) > Received: from SJV-EXMB1.natcom.com.sa ([172.16.200.106]) by > SJV-EXHC1.natcom.com.sa ([172.16.200.105]) with mapi id 14.03.0174.001; Mon, > 6 Apr 2015 15:24:12 +0300 > From: Eyad Nashed > > To: Charbel Abi Nader > > CC: Mustafa Khan >, Hekmat Qassem > > > Subject: RE: Cisco Access Point Quotation > Thread-Topic: Cisco Access Point Quotation > Thread-Index: AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw > Date: Mon, 6 Apr 2015 12:24:11 +0000 > Message-ID: > > References: <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > > In-Reply-To: <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > > Accept-Language: en-US > Content-Language: en-US > X-MS-Has-Attach: yes > X-MS-TNEF-Correlator: > x-originating-ip: [94.96.34.151] > Content-Type: multipart/mixed; > boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" > MIME-Version: 1.0 > X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 > X-TMASE-Result: 10--28.541000-7.000000 > X-TMASE-MatchedRID: OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ > G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgEve5PR > Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClRwk/W3 > 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk > pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr > vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q > Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 > LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP > EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv > /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e > SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTNDUDi9i > 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY > a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso > 7pnCj3Td6w7ozQLgmIj9pQ1oyg== > From: > eyad.nashed at natcom.com.sa > [Add to Whitelist | Add to Blacklist ] > To: > makhan at unitedgroup.com.sa > cabinader at unitedgroup.com.sa > Subject: > RE: Cisco Access Point Quotation > Size: > 486.1Kb > Anti-Virus/Dangerous Content Protection > Virus: > N > Blocked File: > N > Other Infection: > N > SpamAssassin > Spam: > N Action(s): deliver, header, "X-Spam-Status:, No" > High Scoring Spam: > N > SpamAssassin Spam: > N > Listed in RBL: > N > Spam Whitelisted: > N > Spam Blacklisted: > N > SpamAssassin Autolearn: > N > SpamAssassin Score: > 0.00 > Spam Report: > Score > Matching Rule > Description > large > too > > Message Content Protection (MCP) > MCP: > N > High Scoring MCP: > N > SpamAssassin MCP: > N > MCP Whitelisted: > N > MCP Blacklisted: > N > > > Regards > Ejaz > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Mon Apr 6 16:42:46 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 6 Apr 2015 12:42:46 -0400 Subject: PDF-Corruption In-Reply-To: References: Message-ID: FSL has moved away from MailScanner. They wrote their own thing. They may or may not still provide support. Mailborder and Baruwa do provide support, but for their products which do use MailScanner. - Jerry Benton www.mailborder.com > On Apr 6, 2015, at 11:42 AM, Alex Neuman wrote: > > I believe Mailborder and FSL systems provide official support. > > Try modifying your TNEF decoder settings in MailScanner.conf. > > On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" > wrote: -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex at vidadigital.com.pa Mon Apr 6 16:55:19 2015 From: alex at vidadigital.com.pa (Alex Neuman) Date: Mon, 6 Apr 2015 11:55:19 -0500 Subject: PDF-Corruption In-Reply-To: <2F032519-327E-4F27-8C50-902B70106765@mailborder.com> References: <2F032519-327E-4F27-8C50-902B70106765@mailborder.com> Message-ID: I believe he mentioned the PDF's are being corrupted, not stopped. *Alex Neuman van der Hans* Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507 6781-9505 Work: +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream ! Saturdays 8am-10am on Máxima 91.7FM Panama Follow *@AlexNeuman * on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Mon, Apr 6, 2015 at 11:29 AM, Jerry Benton wrote: > The PDF probably has a disallowed MIME type in the document. Edit your > MIME types config file in /etc/MailScanner and allow all MIME types. Resend > the email and see if it gets through. If it does, enable each MIME type > until you figure out which one is stopping or corrupting the PDF. Note that > there is a problem with the current Linux “file” command that has been > causing problems with a lot of applications. > > This may or may not be your problem, but of the customers I have dealt > with at Mailborder complaining of this issue, this is often the problem. > > - > Jerry Benton > www.mailborder.com > > > > On Apr 6, 2015, at 12:04 PM, Mohammed Ejaz wrote: > > Thanks a lot sorry to disturb you, I called during your meeting. As I was > unaware about it. > > > *This is what all I have for Tnef settings in my mailscanner. *Does > Any modification required ??? Please advice. > > Again thank you for your time. > > > > Expand TNEF attachments using an external program (or a Perl module)? > # within the TNEF attachment will not be checked against the filename > rules. > Expand TNEF = no > # When the TNEF (winmail.dat) attachments are expanded, should the > # in "Outlook Rich Text Format" (TNEF) will be able to read the attachments > # no => Leave winmail.dat TNEF attachments alone. > # TNEF messages being doubled in size. > # replace => Replace the winmail.dat TNEF attachment with the files it > Use TNEF Contents = replace > # We are working on a replacement for the TNEF decoder. > Deliver Unparsable TNEF = yes > # Where the MS-TNEF expander is installed. > # the external TNEF expander binary, > # may be. It helps protect against Denial Of Service attacks in TNEF files. > #TNEF Expander = internal > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > # The maximum length of time the TNEF Expander is allowed to run for 1 > message. > TNEF Timeout = 120 > # maybe TNEF files to not be archives as they are really just another way > # tnef -- "winmail.dat" files created by Microsoft Exchange or > Outlook > > > > I believe Mailborder and FSL systems provide official support. > Do you have any contacts email/phone numbers > > Ejaz > > > > > > *From:* MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info > ] *On Behalf Of *Alex Neuman > *Sent:* Monday, April 06, 2015 6:43 PM > *To:* MailScanner discussion > *Subject:* RE: PDF-Corruption > > > I believe Mailborder and FSL systems provide official support. > > Try modifying your TNEF decoder settings in MailScanner.conf. > On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" wrote: > Thanks, > > I cannot ask the customer as so many of them are complaining for the > same, I can make any exception from my side from the MailScanner > configuration. > > Is there any officially support for mailscanner?? As I wanted to subscribe > it. > > > Ejaz > > *From:* MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] *On > Behalf Of *Alex Neuman > *Sent:* Monday, April 06, 2015 5:25 PM > *To:* MailScanner Discussion > *Subject:* Re: PDF-Corruption > > Do an MD5SUM of the PDF file before and after processing. > > Also, ask the originator NOT to use TNEF encoding (Rich Text Format). > [image: Web Bug from > http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000] > > > > > *Alex Neuman van der Hans* > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > Mobile: +507 6781-9505 > Work: +507 832-6725 > Work (USA): +1 (440) 253-9789 > Skype: AlexNeuman > > Don't miss Vida Digital on LiveStream > > ! > Saturdays 8am-10am on Máxima 91.7FM Panama > > Follow *@AlexNeuman > * on > Twitter > Like Vida Digital > on > Facebook > Follow VidaDigital > on > Instagram > Subscribe to Vida Digital > on > Youtube > > On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz > wrote: > Hello. > > One of my user keep complaining that he is unable to receive the PDF > attachment properly, they are getting corrupted. But when I check my logs > it doesn’t show any problem. Now my concern is how to justify the customer > the problem is from his side or from my MailScanner. Please advice. Thanks > for your usual co-operation. > > > *Below are the logs for the corrupted attachement/message * > > > Apr 6 15:27:08 nmersal MailScanner[23116]: Message C98395DF459.A2E18 from > 150.70.237.8 (eyad.nashed at natcom.com.sa) to unitedgroup.com.sa is too big > for spam checks (497744 > 150000 bytes) > Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: C98395DF459.A2E18 to > 555C55DF544 > Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message > C98395DF459.A2E18 to SQL > Apr 6 15:27:08 nmersal MailScanner[24178]: C98395DF459.A2E18: Logged to > MailWatch SQL > > > *Mail watch screen shot for the same message. * > > > > *Received on:* > 06/04/15 15:27:08 > *Received by:* > nmersal.cyberia.net.sa > *Received from:* > 150.70.237.8 > [Add to Whitelist > > | Add to Blacklist > > ] > *Received Via:* > *IP Address* > *Hostname* > *Country* > *RBL* > *Spam* > *Virus* > *All* > 150.70.237.8 > rout01.hes.trendmicro.eu > (GeoIP Lookup Failed) > [ > ] > [ > > ] > [ > > ] > [ > > ] > 10.36.162.83 > (Reverse Lookup Failed) > (GeoIP Lookup Failed) > [ > ] > [ > > ] > [ > > ] > [ > > ] > 89.237.187.138 > SJV-EXHC1.natcom.com.sa > (GeoIP Lookup Failed) > [ > ] > [ > > ] > [ > > ] > [ > > ] > 172.16.200.106 > (Reverse Lookup Failed) > (GeoIP Lookup Failed) > [ > ] > [ > > ] > [ > > ] > [ > > ] > 172.16.200.105 > (Reverse Lookup Failed) > (GeoIP Lookup Failed) > [ > ] > [ > > ] > [ > > ] > [ > > ] > 94.96.34.151 > (Reverse Lookup Failed) > (GeoIP Lookup Failed) > [ > ] > [ > > ] > [ > > ] > [ > > ] > *ID:* > C98395DF459.A2E18 > *Message Headers:* > Received: from rout01.hes.trendmicro.eu (rout01.hes.trendmicro.eu > [150.70.237.8]) > by nmersal.cyberia.net.sa (Postfix) with ESMTP id C98395DF459; > Mon, 6 Apr 2015 15:27:04 +0300 (AST) > Received: from outmta.starcloud.com (unknown [10.36.162.83]) > by rout01.hes.trendmicro.eu (Postfix) with SMTP id A01EA740040; > Mon, 6 Apr 2015 12:24:17 +0000 (UTC) > Received: from SJV-EXHC1.natcom.com.sa (unknown > [89.237.187.138]) > by relay03.hes.trendmicro.eu (Postfix) with ESMTPS id 0CADD108003B; > Mon, 6 Apr 2015 12:24:13 +0000 (UTC) > Received: from SJV-EXMB1.natcom.com.sa ([172.16.200.106]) > by > SJV-EXHC1.natcom.com.sa ([172.16.200.105]) > with mapi id 14.03.0174.001; Mon, > 6 Apr 2015 15:24:12 +0300 > From: Eyad Nashed > To: Charbel Abi Nader > CC: Mustafa Khan , Hekmat Qassem > > Subject: RE: Cisco Access Point Quotation > Thread-Topic: Cisco Access Point Quotation > Thread-Index: AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw > Date: Mon, 6 Apr 2015 12:24:11 +0000 > Message-ID: < > FBD94B164BE21A4393DB52F7CD6C8DFD16D46764 at SJV-EXMB1.natcom.com.sa> > References: < > 5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > > > In-Reply-To: < > 5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > > > Accept-Language: en-US > Content-Language: en-US > X-MS-Has-Attach: yes > X-MS-TNEF-Correlator: > x-originating-ip: [94.96.34.151] > Content-Type: multipart/mixed; > > boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" > MIME-Version: 1.0 > X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 > X-TMASE-Result: 10--28.541000-7.000000 > X-TMASE-MatchedRID: > OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ > > G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgEve5PR > > Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClRwk/W3 > > 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk > > pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr > > vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q > > Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 > > LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP > > EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv > > /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e > > SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTNDUDi9i > > 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY > > a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso > 7pnCj3Td6w7ozQLgmIj9pQ1oyg== > *From:* > eyad.nashed at natcom.com.sa > [Add to Whitelist > > | Add to Blacklist > > ] > *To:* > makhan at unitedgroup.com.sa > cabinader at unitedgroup.com.sa > *Subject:* > RE: Cisco Access Point Quotation > *Size:* > 486.1Kb > *Anti-Virus/Dangerous Content Protection* > *Virus:* > * N * > *Blocked File:* > * N * > *Other Infection:* > * N * > *SpamAssassin* > *Spam:* > * N * Action(s): deliver, header, "X-Spam-Status:, No" > *High Scoring Spam:* > * N * > *SpamAssassin Spam:* > * N * > *Listed in RBL:* > * N * > *Spam Whitelisted:* > * N * > *Spam Blacklisted:* > * N * > *SpamAssassin Autolearn:* > * N * > *SpamAssassin Score:* > 0.00 > *Spam Report:* > *Score* > *Matching Rule* > *Description* > large > too > > *Message Content Protection (MCP)* > *MCP:* > * N * > *High Scoring MCP:* > * N * > *SpamAssassin MCP:* > * N * > *MCP Whitelisted:* > * N * > *MCP Blacklisted:* > * N * > > > Regards > Ejaz > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Mon Apr 6 16:57:18 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 6 Apr 2015 12:57:18 -0400 Subject: PDF-Corruption In-Reply-To: References: <2F032519-327E-4F27-8C50-902B70106765@mailborder.com> Message-ID: <7DC92EC3-6CA7-4841-A314-707C356220E8@mailborder.com> “... until you figure out which one is stopping or corrupting the PDF.” I saw it. Still applies. - Jerry Benton www.mailborder.com > On Apr 6, 2015, at 12:55 PM, Alex Neuman wrote: > > I believe he mentioned the PDF's are being corrupted, not stopped. > > > > Alex Neuman van der Hans > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > > Mobile: +507 6781-9505 <> > Work: +507 832-6725 > Work (USA): +1 (440) 253-9789 <> > Skype: AlexNeuman <> > > Don't miss Vida Digital on LiveStream ! > Saturdays 8am-10am on Máxima 91.7FM Panama > > Follow @AlexNeuman on Twitter > Like Vida Digital on Facebook > Follow VidaDigital on Instagram > Subscribe to Vida Digital on Youtube > > On Mon, Apr 6, 2015 at 11:29 AM, Jerry Benton > wrote: > The PDF probably has a disallowed MIME type in the document. Edit your MIME types config file in /etc/MailScanner and allow all MIME types. Resend the email and see if it gets through. If it does, enable each MIME type until you figure out which one is stopping or corrupting the PDF. Note that there is a problem with the current Linux “file” command that has been causing problems with a lot of applications. > > This may or may not be your problem, but of the customers I have dealt with at Mailborder complaining of this issue, this is often the problem. > > - > Jerry Benton > www.mailborder.com > > > >> On Apr 6, 2015, at 12:04 PM, Mohammed Ejaz > wrote: >> >> Thanks a lot sorry to disturb you, I called during your meeting. As I was unaware about it. >> >> >> This is what all I have for Tnef settings in my mailscanner. Does Any modification required ??? Please advice. >> >> Again thank you for your time. >> >> >> >> Expand TNEF attachments using an external program (or a Perl module)? >> # within the TNEF attachment will not be checked against the filename rules. >> Expand TNEF = no >> # When the TNEF (winmail.dat) attachments are expanded, should the >> # in "Outlook Rich Text Format" (TNEF) will be able to read the attachments >> # no => Leave winmail.dat TNEF attachments alone. >> # TNEF messages being doubled in size. >> # replace => Replace the winmail.dat TNEF attachment with the files it >> Use TNEF Contents = replace >> # We are working on a replacement for the TNEF decoder. >> Deliver Unparsable TNEF = yes >> # Where the MS-TNEF expander is installed. >> # the external TNEF expander binary, >> # may be. It helps protect against Denial Of Service attacks in TNEF files. >> #TNEF Expander = internal >> TNEF Expander = /usr/bin/tnef --maxsize=100000000 >> # The maximum length of time the TNEF Expander is allowed to run for 1 message. >> TNEF Timeout = 120 >> # maybe TNEF files to not be archives as they are really just another way >> # tnef -- "winmail.dat" files created by Microsoft Exchange or Outlook >> >> >> I believe Mailborder and FSL systems provide official support. >> >> Do you have any contacts email/phone numbers >> >> Ejaz >> >> >> >> >> >> From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info ] On Behalf Of Alex Neuman >> Sent: Monday, April 06, 2015 6:43 PM >> To: MailScanner discussion >> Subject: RE: PDF-Corruption >> >> I believe Mailborder and FSL systems provide official support. >> >> Try modifying your TNEF decoder settings in MailScanner.conf. >> >> On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" > wrote: >> Thanks, >> >> I cannot ask the customer as so many of them are complaining for the same, I can make any exception from my side from the MailScanner configuration. >> >> Is there any officially support for mailscanner?? As I wanted to subscribe it. >> >> >> Ejaz >> >> From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info ] On Behalf Of Alex Neuman >> Sent: Monday, April 06, 2015 5:25 PM >> To: MailScanner Discussion >> Subject: Re: PDF-Corruption >> >> Do an MD5SUM of the PDF file before and after processing. >> >> Also, ask the originator NOT to use TNEF encoding (Rich Text Format). >> >> >> >> >> Alex Neuman van der Hans >> Reliant Technologies / Vida Digital >> http://vidadigital.com.pa/ >> >> Mobile: +507 6781-9505 >> Work: +507 832-6725 >> Work (USA): +1 (440) 253-9789 >> Skype: AlexNeuman >> >> Don't miss Vida Digital on LiveStream ! >> Saturdays 8am-10am on Máxima 91.7FM Panama >> >> Follow @AlexNeuman on Twitter >> Like Vida Digital on Facebook >> Follow VidaDigital on Instagram >> Subscribe to Vida Digital on Youtube >> >> On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz > wrote: >> Hello. >> >> One of my user keep complaining that he is unable to receive the PDF attachment properly, they are getting corrupted. But when I check my logs it doesn’t show any problem. Now my concern is how to justify the customer the problem is from his side or from my MailScanner. Please advice. Thanks for your usual co-operation. >> >> >> Below are the logs for the corrupted attachement/message >> >> >> Apr 6 15:27:08 nmersal MailScanner[23116]: Message C98395DF459.A2E18 from 150.70.237.8 (eyad.nashed at natcom.com.sa ) to unitedgroup.com.sa is too big for spam checks (497744 > 150000 bytes) >> Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: C98395DF459.A2E18 to 555C55DF544 >> Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message C98395DF459.A2E18 to SQL >> Apr 6 15:27:08 nmersal MailScanner[24178]: C98395DF459.A2E18: Logged to MailWatch SQL >> >> >> Mail watch screen shot for the same message. >> >> >> >> Received on: >> 06/04/15 15:27:08 >> Received by: >> nmersal.cyberia.net.sa >> Received from: >> 150.70.237.8 >> [Add to Whitelist | Add to Blacklist ] >> Received Via: >> IP Address >> Hostname >> Country >> RBL >> Spam >> Virus >> All >> 150.70.237.8 >> rout01.hes.trendmicro.eu >> (GeoIP Lookup Failed) >> [   ] >> [   ] >> [   ] >> [   ] >> 10.36.162.83 >> (Reverse Lookup Failed) >> (GeoIP Lookup Failed) >> [   ] >> [   ] >> [   ] >> [   ] >> 89.237.187.138 >> SJV-EXHC1.natcom.com.sa >> (GeoIP Lookup Failed) >> [   ] >> [   ] >> [   ] >> [   ] >> 172.16.200.106 >> (Reverse Lookup Failed) >> (GeoIP Lookup Failed) >> [   ] >> [   ] >> [   ] >> [   ] >> 172.16.200.105 >> (Reverse Lookup Failed) >> (GeoIP Lookup Failed) >> [   ] >> [   ] >> [   ] >> [   ] >> 94.96.34.151 >> (Reverse Lookup Failed) >> (GeoIP Lookup Failed) >> [   ] >> [   ] >> [   ] >> [   ] >> ID: >> C98395DF459.A2E18 >> Message Headers: >> Received: from rout01.hes.trendmicro.eu (rout01.hes.trendmicro.eu [150.70.237.8]) >> by nmersal.cyberia.net.sa (Postfix) with ESMTP id C98395DF459; >> Mon, 6 Apr 2015 15:27:04 +0300 (AST) >> Received: from outmta.starcloud.com (unknown [10.36.162.83]) >> by rout01.hes.trendmicro.eu (Postfix) with SMTP id A01EA740040; >> Mon, 6 Apr 2015 12:24:17 +0000 (UTC) >> Received: from SJV-EXHC1.natcom.com.sa (unknown [89.237.187.138]) >> by relay03.hes.trendmicro.eu (Postfix) with ESMTPS id 0CADD108003B; >> Mon, 6 Apr 2015 12:24:13 +0000 (UTC) >> Received: from SJV-EXMB1.natcom.com.sa ([172.16.200.106]) by >> SJV-EXHC1.natcom.com.sa ([172.16.200.105]) with mapi id 14.03.0174.001; Mon, >> 6 Apr 2015 15:24:12 +0300 >> From: Eyad Nashed > >> To: Charbel Abi Nader > >> CC: Mustafa Khan >, Hekmat Qassem >> > >> Subject: RE: Cisco Access Point Quotation >> Thread-Topic: Cisco Access Point Quotation >> Thread-Index: AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw >> Date: Mon, 6 Apr 2015 12:24:11 +0000 >> Message-ID: > >> References: <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > >> In-Reply-To: <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > >> Accept-Language: en-US >> Content-Language: en-US >> X-MS-Has-Attach: yes >> X-MS-TNEF-Correlator: >> x-originating-ip: [94.96.34.151] >> Content-Type: multipart/mixed; >> boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" >> MIME-Version: 1.0 >> X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 >> X-TMASE-Result: 10--28.541000-7.000000 >> X-TMASE-MatchedRID: OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ >> G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgEve5PR >> Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClRwk/W3 >> 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk >> pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr >> vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q >> Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 >> LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP >> EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv >> /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e >> SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTNDUDi9i >> 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY >> a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso >> 7pnCj3Td6w7ozQLgmIj9pQ1oyg== >> From: >> eyad.nashed at natcom.com.sa >> [Add to Whitelist | Add to Blacklist ] >> To: >> makhan at unitedgroup.com.sa >> cabinader at unitedgroup.com.sa >> Subject: >> RE: Cisco Access Point Quotation >> Size: >> 486.1Kb >> Anti-Virus/Dangerous Content Protection >> Virus: >> N >> Blocked File: >> N >> Other Infection: >> N >> SpamAssassin >> Spam: >> N Action(s): deliver, header, "X-Spam-Status:, No" >> High Scoring Spam: >> N >> SpamAssassin Spam: >> N >> Listed in RBL: >> N >> Spam Whitelisted: >> N >> Spam Blacklisted: >> N >> SpamAssassin Autolearn: >> N >> SpamAssassin Score: >> 0.00 >> Spam Report: >> Score >> Matching Rule >> Description >> large >> too >> >> Message Content Protection (MCP) >> MCP: >> N >> High Scoring MCP: >> N >> SpamAssassin MCP: >> N >> MCP Whitelisted: >> N >> MCP Blacklisted: >> N >> >> >> Regards >> Ejaz >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mejaz at cyberia.net.sa Mon Apr 6 17:05:41 2015 From: mejaz at cyberia.net.sa (Mohammed Ejaz) Date: Mon, 6 Apr 2015 20:05:41 +0300 Subject: PDF-Corruption In-Reply-To: <7DC92EC3-6CA7-4841-A314-707C356220E8@mailborder.com> References: <2F032519-327E-4F27-8C50-902B70106765@mailborder.com> <7DC92EC3-6CA7-4841-A314-707C356220E8@mailborder.com> Message-ID: Seem here my MIME configuration. # The MIME type of the files unpacked from the archive. # Allow MIME Filetypes = text/plain text/html # Deny MIME Filetypes = dosexec # Allow any attachment MIME types matching any of the patterns listed here. Allow File MIME Types = # Deny any attachment MIME types matching any of the patterns listed here. Deny File MIME Types = Archives: Allow File MIME Types = Archives: Deny File MIME Types = # Note: the filename extension will be used as the MIME subtype, so a GIF # Log all the filenames that are allowed by the MIME types set in Filetype # Rules, or just the MIME tyes that are denied? Log Permitted File MIME Types = no From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: Monday, April 06, 2015 7:57 PM To: MailScanner Discussion Subject: Re: PDF-Corruption “... until you figure out which one is stopping or corrupting the PDF.” I saw it. Still applies. - Jerry Benton www.mailborder.com On Apr 6, 2015, at 12:55 PM, Alex Neuman wrote: I believe he mentioned the PDF's are being corrupted, not stopped. Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507 6781-9505 Work: +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream! Saturdays 8am-10am on Máxima 91.7FM Panama Follow @AlexNeuman on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Mon, Apr 6, 2015 at 11:29 AM, Jerry Benton wrote: The PDF probably has a disallowed MIME type in the document. Edit your MIME types config file in /etc/MailScanner and allow all MIME types. Resend the email and see if it gets through. If it does, enable each MIME type until you figure out which one is stopping or corrupting the PDF. Note that there is a problem with the current Linux “file” command that has been causing problems with a lot of applications. This may or may not be your problem, but of the customers I have dealt with at Mailborder complaining of this issue, this is often the problem. - Jerry Benton www.mailborder.com On Apr 6, 2015, at 12:04 PM, Mohammed Ejaz wrote: Thanks a lot sorry to disturb you, I called during your meeting. As I was unaware about it. This is what all I have for Tnef settings in my mailscanner. Does Any modification required ??? Please advice. Again thank you for your time. Expand TNEF attachments using an external program (or a Perl module)? # within the TNEF attachment will not be checked against the filename rules. Expand TNEF = no # When the TNEF (winmail.dat) attachments are expanded, should the # in "Outlook Rich Text Format" (TNEF) will be able to read the attachments # no => Leave winmail.dat TNEF attachments alone. # TNEF messages being doubled in size. # replace => Replace the winmail.dat TNEF attachment with the files it Use TNEF Contents = replace # We are working on a replacement for the TNEF decoder. Deliver Unparsable TNEF = yes # Where the MS-TNEF expander is installed. # the external TNEF expander binary, # may be. It helps protect against Denial Of Service attacks in TNEF files. #TNEF Expander = internal TNEF Expander = /usr/bin/tnef --maxsize=100000000 # The maximum length of time the TNEF Expander is allowed to run for 1 message. TNEF Timeout = 120 # maybe TNEF files to not be archives as they are really just another way # tnef -- "winmail.dat" files created by Microsoft Exchange or Outlook I believe Mailborder and FSL systems provide official support. Do you have any contacts email/phone numbers Ejaz From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, April 06, 2015 6:43 PM To: MailScanner discussion Subject: RE: PDF-Corruption I believe Mailborder and FSL systems provide official support. Try modifying your TNEF decoder settings in MailScanner.conf. On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" < mejaz at cyberia.net.sa> wrote: Thanks, I cannot ask the customer as so many of them are complaining for the same, I can make any exception from my side from the MailScanner configuration. Is there any officially support for mailscanner?? As I wanted to subscribe it. Ejaz From: MailScanner [mailto: mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, April 06, 2015 5:25 PM To: MailScanner Discussion Subject: Re: PDF-Corruption Do an MD5SUM of the PDF file before and after processing. Also, ask the originator NOT to use TNEF encoding (Rich Text Format). Web Bug from http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000 Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507 6781-9505 Work: +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream! Saturdays 8am-10am on Máxima 91.7FM Panama Follow @AlexNeuman on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz < mejaz at cyberia.net.sa> wrote: Hello. One of my user keep complaining that he is unable to receive the PDF attachment properly, they are getting corrupted. But when I check my logs it doesn’t show any problem. Now my concern is how to justify the customer the problem is from his side or from my MailScanner. Please advice. Thanks for your usual co-operation. Below are the logs for the corrupted attachement/message Apr 6 15:27:08 nmersal MailScanner[23116]: Message C98395DF459.A2E18 from 150.70.237.8 ( eyad.nashed at natcom.com.sa) to unitedgroup.com.sa is too big for spam checks (497744 > 150000 bytes) Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: C98395DF459.A2E18 to 555C55DF544 Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message C98395DF459.A2E18 to SQL Apr 6 15:27:08 nmersal MailScanner[24178]: C98395DF459.A2E18: Logged to MailWatch SQL Mail watch screen shot for the same message. Received on: 06/04/15 15:27:08 Received by: nmersal.cyberia.net.sa Received from: 150.70.237.8 [ Add to Whitelist | Add to Blacklist] Received Via: IP Address Hostname Country RBL Spam Virus All 150.70.237.8 rout01.hes.trendmicro.eu (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 10.36.162.83 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 89.237.187.138 SJV-EXHC1.natcom.com.sa (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 172.16.200.106 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 172.16.200.105 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 94.96.34.151 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] ID: C98395DF459.A2E18 Message Headers: Received: from rout01.hes.trendmicro.eu ( rout01.hes.trendmicro.eu [150.70.237.8]) by nmersal.cyberia.net.sa (Postfix) with ESMTP id C98395DF459; Mon, 6 Apr 2015 15:27:04 +0300 (AST) Received: from outmta.starcloud.com (unknown [10.36.162.83]) by rout01.hes.trendmicro.eu (Postfix) with SMTP id A01EA740040; Mon, 6 Apr 2015 12:24:17 +0000 (UTC) Received: from SJV-EXHC1.natcom.com.sa (unknown [89.237.187.138]) by relay03.hes.trendmicro.eu (Postfix) with ESMTPS id 0CADD108003B; Mon, 6 Apr 2015 12:24:13 +0000 (UTC) Received: from SJV-EXMB1.natcom.com.sa ([172.16.200.106]) by SJV-EXHC1.natcom.com.sa ([172.16.200.105]) with mapi id 14.03.0174.001; Mon, 6 Apr 2015 15:24:12 +0300 From: Eyad Nashed < eyad.nashed at natcom.com.sa> To: Charbel Abi Nader < cabinader at unitedgroup.com.sa> CC: Mustafa Khan < makhan at unitedgroup.com.sa>, Hekmat Qassem < hekmatq at natcom.com.sa> Subject: RE: Cisco Access Point Quotation Thread-Topic: Cisco Access Point Quotation Thread-Index: AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw Date: Mon, 6 Apr 2015 12:24:11 +0000 Message-ID: < FBD94B164BE21A4393DB52F7CD6C8DFD16D46764 at SJV-EXMB1.natcom.com.sa> References: < 5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa> In-Reply-To: < 5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [94.96.34.151] Content-Type: multipart/mixed; boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" MIME-Version: 1.0 X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 X-TMASE-Result: 10--28.541000-7.000000 X-TMASE-MatchedRID: OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgEve5PR Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClRwk/W3 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTNDUDi9i 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso 7pnCj3Td6w7ozQLgmIj9pQ1oyg== From: eyad.nashed at natcom.com.sa [ Add to Whitelist | Add to Blacklist] To: makhan at unitedgroup.com.sa cabinader at unitedgroup.com.sa Subject: RE: Cisco Access Point Quotation Size: 486.1Kb Anti-Virus/Dangerous Content Protection Virus: N Blocked File: N Other Infection: N SpamAssassin Spam: N Action(s): deliver, header, "X-Spam-Status:, No" High Scoring Spam: N SpamAssassin Spam: N Listed in RBL: N Spam Whitelisted: N Spam Blacklisted: N SpamAssassin Autolearn: N SpamAssassin Score: 0.00 Spam Report: Score Matching Rule Description large too Message Content Protection (MCP) MCP: N High Scoring MCP: N SpamAssassin MCP: N MCP Whitelisted: N MCP Blacklisted: N Regards Ejaz -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex at vidadigital.com.pa Mon Apr 6 17:07:12 2015 From: alex at vidadigital.com.pa (Alex Neuman) Date: Mon, 6 Apr 2015 12:07:12 -0500 Subject: PDF-Corruption In-Reply-To: <7DC92EC3-6CA7-4841-A314-707C356220E8@mailborder.com> References: <2F032519-327E-4F27-8C50-902B70106765@mailborder.com> <7DC92EC3-6CA7-4841-A314-707C356220E8@mailborder.com> Message-ID: If it did, indeed, stop it - though from experience it's more likely a TNEF issue. I'd switch the TNEF unpacker to the internal and/or verify that the latest perl modules/tnef programs are installed, to be on the safe side. *Alex Neuman van der Hans* Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507 6781-9505 Work: +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream ! Saturdays 8am-10am on Máxima 91.7FM Panama Follow *@AlexNeuman * on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Mon, Apr 6, 2015 at 11:57 AM, Jerry Benton wrote: > “... until you figure out which one is stopping or corrupting the PDF.” > > I saw it. Still applies. > > - > Jerry Benton > www.mailborder.com > > > > On Apr 6, 2015, at 12:55 PM, Alex Neuman wrote: > > I believe he mentioned the PDF's are being corrupted, not stopped. > > > > *Alex Neuman van der Hans* > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > Mobile: +507 6781-9505 > Work: +507 832-6725 > Work (USA): +1 (440) 253-9789 > Skype: AlexNeuman > > Don't miss Vida Digital on LiveStream > > ! > Saturdays 8am-10am on Máxima 91.7FM Panama > > Follow *@AlexNeuman > * on > Twitter > Like Vida Digital > on > Facebook > Follow VidaDigital > on > Instagram > Subscribe to Vida Digital > on > Youtube > > On Mon, Apr 6, 2015 at 11:29 AM, Jerry Benton > wrote: > >> The PDF probably has a disallowed MIME type in the document. Edit your >> MIME types config file in /etc/MailScanner and allow all MIME types. Resend >> the email and see if it gets through. If it does, enable each MIME type >> until you figure out which one is stopping or corrupting the PDF. Note that >> there is a problem with the current Linux “file” command that has been >> causing problems with a lot of applications. >> >> This may or may not be your problem, but of the customers I have dealt >> with at Mailborder complaining of this issue, this is often the problem. >> >> - >> Jerry Benton >> www.mailborder.com >> >> >> >> On Apr 6, 2015, at 12:04 PM, Mohammed Ejaz wrote: >> >> Thanks a lot sorry to disturb you, I called during your meeting. As I >> was unaware about it. >> >> >> *This is what all I have for Tnef settings in my mailscanner. *Does >> Any modification required ??? Please advice. >> >> Again thank you for your time. >> >> >> >> Expand TNEF attachments using an external program (or a Perl module)? >> # within the TNEF attachment will not be checked against the filename >> rules. >> Expand TNEF = no >> # When the TNEF (winmail.dat) attachments are expanded, should the >> # in "Outlook Rich Text Format" (TNEF) will be able to read the >> attachments >> # no => Leave winmail.dat TNEF attachments alone. >> # TNEF messages being doubled in size. >> # replace => Replace the winmail.dat TNEF attachment with the files it >> Use TNEF Contents = replace >> # We are working on a replacement for the TNEF decoder. >> Deliver Unparsable TNEF = yes >> # Where the MS-TNEF expander is installed. >> # the external TNEF expander binary, >> # may be. It helps protect against Denial Of Service attacks in TNEF >> files. >> #TNEF Expander = internal >> TNEF Expander = /usr/bin/tnef --maxsize=100000000 >> # The maximum length of time the TNEF Expander is allowed to run for 1 >> message. >> TNEF Timeout = 120 >> # maybe TNEF files to not be archives as they are really just another way >> # tnef -- "winmail.dat" files created by Microsoft Exchange or >> Outlook >> >> >> >> I believe Mailborder and FSL systems provide official support. >> Do you have any contacts email/phone numbers >> >> Ejaz >> >> >> >> >> >> *From:* MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info >> ] *On Behalf Of *Alex Neuman >> *Sent:* Monday, April 06, 2015 6:43 PM >> *To:* MailScanner discussion >> *Subject:* RE: PDF-Corruption >> >> >> I believe Mailborder and FSL systems provide official support. >> >> Try modifying your TNEF decoder settings in MailScanner.conf. >> On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" wrote: >> Thanks, >> >> I cannot ask the customer as so many of them are complaining for the >> same, I can make any exception from my side from the MailScanner >> configuration. >> >> Is there any officially support for mailscanner?? As I wanted to >> subscribe it. >> >> >> Ejaz >> >> *From:* MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] *On >> Behalf Of *Alex Neuman >> *Sent:* Monday, April 06, 2015 5:25 PM >> *To:* MailScanner Discussion >> *Subject:* Re: PDF-Corruption >> >> Do an MD5SUM of the PDF file before and after processing. >> >> Also, ask the originator NOT to use TNEF encoding (Rich Text Format). >> [image: Web Bug from >> http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000] >> >> >> >> >> *Alex Neuman van der Hans* >> Reliant Technologies / Vida Digital >> http://vidadigital.com.pa/ >> Mobile: +507 6781-9505 >> Work: +507 832-6725 >> Work (USA): +1 (440) 253-9789 >> Skype: AlexNeuman >> >> Don't miss Vida Digital on LiveStream >> >> ! >> Saturdays 8am-10am on Máxima 91.7FM Panama >> >> Follow *@AlexNeuman >> * on >> Twitter >> Like Vida Digital >> on >> Facebook >> Follow VidaDigital >> on >> Instagram >> Subscribe to Vida Digital >> on >> Youtube >> >> On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz >> wrote: >> Hello. >> >> One of my user keep complaining that he is unable to receive the PDF >> attachment properly, they are getting corrupted. But when I check my logs >> it doesn’t show any problem. Now my concern is how to justify the customer >> the problem is from his side or from my MailScanner. Please advice. Thanks >> for your usual co-operation. >> >> >> *Below are the logs for the corrupted attachement/message * >> >> >> Apr 6 15:27:08 nmersal MailScanner[23116]: Message C98395DF459.A2E18 >> from 150.70.237.8 (eyad.nashed at natcom.com.sa) to unitedgroup.com.sa is >> too big for spam checks (497744 > 150000 bytes) >> Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: C98395DF459.A2E18 to >> 555C55DF544 >> Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message >> C98395DF459.A2E18 to SQL >> Apr 6 15:27:08 nmersal MailScanner[24178]: C98395DF459.A2E18: Logged to >> MailWatch SQL >> >> >> *Mail watch screen shot for the same message. * >> >> >> >> *Received on:* >> 06/04/15 15:27:08 >> *Received by:* >> nmersal.cyberia.net.sa >> *Received from:* >> 150.70.237.8 >> [Add to Whitelist >> >> | Add to Blacklist >> >> ] >> *Received Via:* >> *IP Address* >> *Hostname* >> *Country* >> *RBL* >> *Spam* >> *Virus* >> *All* >> 150.70.237.8 >> rout01.hes.trendmicro.eu >> (GeoIP Lookup Failed) >> [ >> ] >> [ >> >> ] >> [ >> >> ] >> [ >> >> ] >> 10.36.162.83 >> (Reverse Lookup Failed) >> (GeoIP Lookup Failed) >> [ >> ] >> [ >> >> ] >> [ >> >> ] >> [ >> >> ] >> 89.237.187.138 >> SJV-EXHC1.natcom.com.sa >> (GeoIP Lookup Failed) >> [ >> >> ] >> [ >> >> ] >> [ >> >> ] >> [ >> >> ] >> 172.16.200.106 >> (Reverse Lookup Failed) >> (GeoIP Lookup Failed) >> [ >> >> ] >> [ >> >> ] >> [ >> >> ] >> [ >> >> ] >> 172.16.200.105 >> (Reverse Lookup Failed) >> (GeoIP Lookup Failed) >> [ >> >> ] >> [ >> >> ] >> [ >> >> ] >> [ >> >> ] >> 94.96.34.151 >> (Reverse Lookup Failed) >> (GeoIP Lookup Failed) >> [ >> ] >> [ >> >> ] >> [ >> >> ] >> [ >> >> ] >> *ID:* >> C98395DF459.A2E18 >> *Message Headers:* >> Received: from rout01.hes.trendmicro.eu (rout01.hes.trendmicro.eu >> [150.70.237.8]) >> by nmersal.cyberia.net.sa (Postfix) with ESMTP id C98395DF459; >> Mon, 6 Apr 2015 15:27:04 +0300 (AST) >> Received: from outmta.starcloud.com (unknown [10.36.162.83]) >> by rout01.hes.trendmicro.eu (Postfix) with SMTP id A01EA740040; >> Mon, 6 Apr 2015 12:24:17 +0000 (UTC) >> Received: from SJV-EXHC1.natcom.com.sa (unknown >> [89.237.187.138]) >> by relay03.hes.trendmicro.eu (Postfix) with ESMTPS id 0CADD108003B; >> Mon, 6 Apr 2015 12:24:13 +0000 (UTC) >> Received: from SJV-EXMB1.natcom.com.sa ([172.16.200.106]) >> by >> SJV-EXHC1.natcom.com.sa ([172.16.200.105]) >> with mapi id 14.03.0174.001; Mon, >> 6 Apr 2015 15:24:12 +0300 >> From: Eyad Nashed >> To: Charbel Abi Nader >> CC: Mustafa Khan , Hekmat Qassem >> >> Subject: RE: Cisco Access Point Quotation >> Thread-Topic: Cisco Access Point Quotation >> Thread-Index: AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw >> Date: Mon, 6 Apr 2015 12:24:11 +0000 >> Message-ID: < >> FBD94B164BE21A4393DB52F7CD6C8DFD16D46764 at SJV-EXMB1.natcom.com.sa> >> References: < >> 5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa >> > >> In-Reply-To: < >> 5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa >> > >> Accept-Language: en-US >> Content-Language: en-US >> X-MS-Has-Attach: yes >> X-MS-TNEF-Correlator: >> x-originating-ip: [94.96.34.151] >> Content-Type: multipart/mixed; >> >> boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" >> MIME-Version: 1.0 >> X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 >> X-TMASE-Result: 10--28.541000-7.000000 >> X-TMASE-MatchedRID: >> OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ >> >> G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgEve5PR >> >> Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClRwk/W3 >> >> 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk >> >> pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr >> >> vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q >> >> Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 >> >> LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP >> >> EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv >> >> /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e >> >> SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTNDUDi9i >> >> 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY >> >> a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso >> 7pnCj3Td6w7ozQLgmIj9pQ1oyg== >> *From:* >> eyad.nashed at natcom.com.sa >> [Add to Whitelist >> >> | Add to Blacklist >> >> ] >> *To:* >> makhan at unitedgroup.com.sa >> cabinader at unitedgroup.com.sa >> *Subject:* >> RE: Cisco Access Point Quotation >> *Size:* >> 486.1Kb >> *Anti-Virus/Dangerous Content Protection* >> *Virus:* >> * N * >> *Blocked File:* >> * N * >> *Other Infection:* >> * N * >> *SpamAssassin* >> *Spam:* >> * N * Action(s): deliver, header, "X-Spam-Status:, No" >> *High Scoring Spam:* >> * N * >> *SpamAssassin Spam:* >> * N * >> *Listed in RBL:* >> * N * >> *Spam Whitelisted:* >> * N * >> *Spam Blacklisted:* >> * N * >> *SpamAssassin Autolearn:* >> * N * >> *SpamAssassin Score:* >> 0.00 >> *Spam Report:* >> *Score* >> *Matching Rule* >> *Description* >> large >> too >> >> *Message Content Protection (MCP)* >> *MCP:* >> * N * >> *High Scoring MCP:* >> * N * >> *SpamAssassin MCP:* >> * N * >> *MCP Whitelisted:* >> * N * >> *MCP Blacklisted:* >> * N * >> >> >> Regards >> Ejaz >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> >> >> > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Mon Apr 6 17:56:55 2015 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 06 Apr 2015 10:56:55 -0700 Subject: Important MailScanner List Change - Please Read In-Reply-To: <849acb1608dd416c996048c08176bb0d@ES4.impromed.com> References: <5E8ABBD2-4357-49F2-8609-C35914EABBFA@mailborder.com> <55215FDB.5080409@msapiro.net> <849acb1608dd416c996048c08176bb0d@ES4.impromed.com> Message-ID: <5522C8E7.4000906@msapiro.net> On 04/06/2015 06:30 AM, Scott B. Anderson wrote: > > I am not an advanced web coder, but I have seen this when a browser caches pages that it should not be caching. The coder can't reproduce the error because something is cached that makes a different page work but a browser without that page/form in cache will fail. In the old days it was controlled via , but it is more complicated now, so someone better at modern html coding may be able to answer better on what may be failing causing the presentation of seemingly conflated pages. It's not a caching issue in this case. I can reproduce the error. I can even reproduce it with a crafted GET URL with query fragments. I have also opened the page in a total of 7 browsers on two different machines, most of which had never previously gotten that page, and I see the issue everywhere. I am convinced that there is some problem with the 'bootstrap' stuff on the page that causes the form on the members tab to be partially replaced with stuff from the form on the profile tab, but I haven't been able to figure out what the problem is. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From jerry.benton at mailborder.com Mon Apr 6 18:57:42 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 6 Apr 2015 14:57:42 -0400 Subject: Important MailScanner List Change - Please Read In-Reply-To: <5522C8E7.4000906@msapiro.net> References: <5E8ABBD2-4357-49F2-8609-C35914EABBFA@mailborder.com> <55215FDB.5080409@msapiro.net> <849acb1608dd416c996048c08176bb0d@ES4.impromed.com> <5522C8E7.4000906@msapiro.net> Message-ID: <445D1741-79F9-4221-8265-70C66E745198@mailborder.com> I fixed the problem by simply removing the option to view list members, which is the one that was giving problems. No one should be using it anyway since only the admins can view those lists. - Jerry Benton www.mailborder.com > On Apr 6, 2015, at 1:56 PM, Mark Sapiro wrote: > > On 04/06/2015 06:30 AM, Scott B. Anderson wrote: >> >> I am not an advanced web coder, but I have seen this when a browser caches pages that it should not be caching. The coder can't reproduce the error because something is cached that makes a different page work but a browser without that page/form in cache will fail. In the old days it was controlled via , but it is more complicated now, so someone better at modern html coding may be able to answer better on what may be failing causing the presentation of seemingly conflated pages. > > > It's not a caching issue in this case. > > I can reproduce the error. I can even reproduce it with a crafted GET > URL with query fragments. I have also opened the page in a total of 7 > browsers on two different machines, most of which had never previously > gotten that page, and I see the issue everywhere. > > I am convinced that there is some problem with the 'bootstrap' stuff on > the page that causes the form on the members tab to be partially > replaced with stuff from the form on the profile tab, but I haven't been > able to figure out what the problem is. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From mejaz at cyberia.net.sa Tue Apr 7 08:27:01 2015 From: mejaz at cyberia.net.sa (Mohammed Ejaz) Date: Tue, 7 Apr 2015 11:27:01 +0300 Subject: PDF-Corruption In-Reply-To: <7DC92EC3-6CA7-4841-A314-707C356220E8@mailborder.com> References: <2F032519-327E-4F27-8C50-902B70106765@mailborder.com> <7DC92EC3-6CA7-4841-A314-707C356220E8@mailborder.com> Message-ID: <006c01d0710c$a163c180$e42b4480$@net.sa> Hi jerry I believe, fSL wont official supporting for MailScanner. When I called steve (FSL) yesterday, he told me check wihth mail border or buruwa, Does mailborder support officially to MailScanner??? Ejaz From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: Monday, April 06, 2015 7:57 PM To: MailScanner Discussion Subject: Re: PDF-Corruption “... until you figure out which one is stopping or corrupting the PDF.” I saw it. Still applies. - Jerry Benton www.mailborder.com On Apr 6, 2015, at 12:55 PM, Alex Neuman wrote: I believe he mentioned the PDF's are being corrupted, not stopped. Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507 6781-9505 Work: +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream! Saturdays 8am-10am on Máxima 91.7FM Panama Follow @AlexNeuman on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Mon, Apr 6, 2015 at 11:29 AM, Jerry Benton wrote: The PDF probably has a disallowed MIME type in the document. Edit your MIME types config file in /etc/MailScanner and allow all MIME types. Resend the email and see if it gets through. If it does, enable each MIME type until you figure out which one is stopping or corrupting the PDF. Note that there is a problem with the current Linux “file” command that has been causing problems with a lot of applications. This may or may not be your problem, but of the customers I have dealt with at Mailborder complaining of this issue, this is often the problem. - Jerry Benton www.mailborder.com On Apr 6, 2015, at 12:04 PM, Mohammed Ejaz wrote: Thanks a lot sorry to disturb you, I called during your meeting. As I was unaware about it. This is what all I have for Tnef settings in my mailscanner. Does Any modification required ??? Please advice. Again thank you for your time. Expand TNEF attachments using an external program (or a Perl module)? # within the TNEF attachment will not be checked against the filename rules. Expand TNEF = no # When the TNEF (winmail.dat) attachments are expanded, should the # in "Outlook Rich Text Format" (TNEF) will be able to read the attachments # no => Leave winmail.dat TNEF attachments alone. # TNEF messages being doubled in size. # replace => Replace the winmail.dat TNEF attachment with the files it Use TNEF Contents = replace # We are working on a replacement for the TNEF decoder. Deliver Unparsable TNEF = yes # Where the MS-TNEF expander is installed. # the external TNEF expander binary, # may be. It helps protect against Denial Of Service attacks in TNEF files. #TNEF Expander = internal TNEF Expander = /usr/bin/tnef --maxsize=100000000 # The maximum length of time the TNEF Expander is allowed to run for 1 message. TNEF Timeout = 120 # maybe TNEF files to not be archives as they are really just another way # tnef -- "winmail.dat" files created by Microsoft Exchange or Outlook I believe Mailborder and FSL systems provide official support. Do you have any contacts email/phone numbers Ejaz From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, April 06, 2015 6:43 PM To: MailScanner discussion Subject: RE: PDF-Corruption I believe Mailborder and FSL systems provide official support. Try modifying your TNEF decoder settings in MailScanner.conf. On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" < mejaz at cyberia.net.sa> wrote: Thanks, I cannot ask the customer as so many of them are complaining for the same, I can make any exception from my side from the MailScanner configuration. Is there any officially support for mailscanner?? As I wanted to subscribe it. Ejaz From: MailScanner [mailto: mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, April 06, 2015 5:25 PM To: MailScanner Discussion Subject: Re: PDF-Corruption Do an MD5SUM of the PDF file before and after processing. Also, ask the originator NOT to use TNEF encoding (Rich Text Format). Web Bug from http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000 Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507 6781-9505 Work: +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream! Saturdays 8am-10am on Máxima 91.7FM Panama Follow @AlexNeuman on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz < mejaz at cyberia.net.sa> wrote: Hello. One of my user keep complaining that he is unable to receive the PDF attachment properly, they are getting corrupted. But when I check my logs it doesn’t show any problem. Now my concern is how to justify the customer the problem is from his side or from my MailScanner. Please advice. Thanks for your usual co-operation. Below are the logs for the corrupted attachement/message Apr 6 15:27:08 nmersal MailScanner[23116]: Message C98395DF459.A2E18 from 150.70.237.8 ( eyad.nashed at natcom.com.sa) to unitedgroup.com.sa is too big for spam checks (497744 > 150000 bytes) Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: C98395DF459.A2E18 to 555C55DF544 Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message C98395DF459.A2E18 to SQL Apr 6 15:27:08 nmersal MailScanner[24178]: C98395DF459.A2E18: Logged to MailWatch SQL Mail watch screen shot for the same message. Received on: 06/04/15 15:27:08 Received by: nmersal.cyberia.net.sa Received from: 150.70.237.8 [ Add to Whitelist | Add to Blacklist] Received Via: IP Address Hostname Country RBL Spam Virus All 150.70.237.8 rout01.hes.trendmicro.eu (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 10.36.162.83 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 89.237.187.138 SJV-EXHC1.natcom.com.sa (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 172.16.200.106 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 172.16.200.105 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 94.96.34.151 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] ID: C98395DF459.A2E18 Message Headers: Received: from rout01.hes.trendmicro.eu ( rout01.hes.trendmicro.eu [150.70.237.8]) by nmersal.cyberia.net.sa (Postfix) with ESMTP id C98395DF459; Mon, 6 Apr 2015 15:27:04 +0300 (AST) Received: from outmta.starcloud.com (unknown [10.36.162.83]) by rout01.hes.trendmicro.eu (Postfix) with SMTP id A01EA740040; Mon, 6 Apr 2015 12:24:17 +0000 (UTC) Received: from SJV-EXHC1.natcom.com.sa (unknown [89.237.187.138]) by relay03.hes.trendmicro.eu (Postfix) with ESMTPS id 0CADD108003B; Mon, 6 Apr 2015 12:24:13 +0000 (UTC) Received: from SJV-EXMB1.natcom.com.sa ([172.16.200.106]) by SJV-EXHC1.natcom.com.sa ([172.16.200.105]) with mapi id 14.03.0174.001; Mon, 6 Apr 2015 15:24:12 +0300 From: Eyad Nashed < eyad.nashed at natcom.com.sa> To: Charbel Abi Nader < cabinader at unitedgroup.com.sa> CC: Mustafa Khan < makhan at unitedgroup.com.sa>, Hekmat Qassem < hekmatq at natcom.com.sa> Subject: RE: Cisco Access Point Quotation Thread-Topic: Cisco Access Point Quotation Thread-Index: AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw Date: Mon, 6 Apr 2015 12:24:11 +0000 Message-ID: < FBD94B164BE21A4393DB52F7CD6C8DFD16D46764 at SJV-EXMB1.natcom.com.sa> References: < 5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa> In-Reply-To: < 5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [94.96.34.151] Content-Type: multipart/mixed; boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" MIME-Version: 1.0 X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 X-TMASE-Result: 10--28.541000-7.000000 X-TMASE-MatchedRID: OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgEve5PR Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClRwk/W3 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTNDUDi9i 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso 7pnCj3Td6w7ozQLgmIj9pQ1oyg== From: eyad.nashed at natcom.com.sa [ Add to Whitelist | Add to Blacklist] To: makhan at unitedgroup.com.sa cabinader at unitedgroup.com.sa Subject: RE: Cisco Access Point Quotation Size: 486.1Kb Anti-Virus/Dangerous Content Protection Virus: N Blocked File: N Other Infection: N SpamAssassin Spam: N Action(s): deliver, header, "X-Spam-Status:, No" High Scoring Spam: N SpamAssassin Spam: N Listed in RBL: N Spam Whitelisted: N Spam Blacklisted: N SpamAssassin Autolearn: N SpamAssassin Score: 0.00 Spam Report: Score Matching Rule Description large too Message Content Protection (MCP) MCP: N High Scoring MCP: N SpamAssassin MCP: N MCP Whitelisted: N MCP Blacklisted: N Regards Ejaz -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Tue Apr 7 09:30:00 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 7 Apr 2015 05:30:00 -0400 Subject: PDF-Corruption In-Reply-To: <006c01d0710c$a163c180$e42b4480$@net.sa> References: <2F032519-327E-4F27-8C50-902B70106765@mailborder.com> <7DC92EC3-6CA7-4841-A314-707C356220E8@mailborder.com> <006c01d0710c$a163c180$e42b4480$@net.sa> Message-ID: <781C1F4B-A2D6-4C34-A564-AC4D85756014@mailborder.com> I will provide official support on Mailborder products. I will provide community support on MailScanner via the mailing list just like everyone else does. Open source is is really great, but you have to do a lot of your own research and testing. - Jerry Benton www.mailborder.com > On Apr 7, 2015, at 4:27 AM, Mohammed Ejaz wrote: > > > Hi jerry > > I believe, fSL wont official supporting for MailScanner. When I called steve (FSL) yesterday, he told me check wihth mail border or buruwa, > > Does mailborder support officially to MailScanner??? > > Ejaz > > > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton > Sent: Monday, April 06, 2015 7:57 PM > To: MailScanner Discussion > Subject: Re: PDF-Corruption > > “... until you figure out which one is stopping or corrupting the PDF.” > > I saw it. Still applies. > > - > Jerry Benton > www.mailborder.com > > > >> On Apr 6, 2015, at 12:55 PM, Alex Neuman > wrote: >> >> I believe he mentioned the PDF's are being corrupted, not stopped. >> >> >> >> Alex Neuman van der Hans >> Reliant Technologies / Vida Digital >> http://vidadigital.com.pa/ >> >> Mobile: +507 6781-9505 >> Work: +507 832-6725 >> Work (USA): +1 (440) 253-9789 >> Skype: AlexNeuman >> >> Don't miss Vida Digital on LiveStream ! >> Saturdays 8am-10am on Máxima 91.7FM Panama >> >> Follow @AlexNeuman on Twitter >> Like Vida Digital on Facebook >> Follow VidaDigital on Instagram >> Subscribe to Vida Digital on Youtube >> >> On Mon, Apr 6, 2015 at 11:29 AM, Jerry Benton > wrote: >> The PDF probably has a disallowed MIME type in the document. Edit your MIME types config file in /etc/MailScanner and allow all MIME types. Resend the email and see if it gets through. If it does, enable each MIME type until you figure out which one is stopping or corrupting the PDF. Note that there is a problem with the current Linux “file” command that has been causing problems with a lot of applications. >> >> This may or may not be your problem, but of the customers I have dealt with at Mailborder complaining of this issue, this is often the problem. >> >> - >> Jerry Benton >> www.mailborder.com >> >> >> >>> On Apr 6, 2015, at 12:04 PM, Mohammed Ejaz > wrote: >>> >>> Thanks a lot sorry to disturb you, I called during your meeting. As I was unaware about it. >>> >>> >>> This is what all I have for Tnef settings in my mailscanner. Does Any modification required ??? Please advice. >>> >>> Again thank you for your time. >>> >>> >>> >>> Expand TNEF attachments using an external program (or a Perl module)? >>> # within the TNEF attachment will not be checked against the filename rules. >>> Expand TNEF = no >>> # When the TNEF (winmail.dat) attachments are expanded, should the >>> # in "Outlook Rich Text Format" (TNEF) will be able to read the attachments >>> # no => Leave winmail.dat TNEF attachments alone. >>> # TNEF messages being doubled in size. >>> # replace => Replace the winmail.dat TNEF attachment with the files it >>> Use TNEF Contents = replace >>> # We are working on a replacement for the TNEF decoder. >>> Deliver Unparsable TNEF = yes >>> # Where the MS-TNEF expander is installed. >>> # the external TNEF expander binary, >>> # may be. It helps protect against Denial Of Service attacks in TNEF files. >>> #TNEF Expander = internal >>> TNEF Expander = /usr/bin/tnef --maxsize=100000000 >>> # The maximum length of time the TNEF Expander is allowed to run for 1 message. >>> TNEF Timeout = 120 >>> # maybe TNEF files to not be archives as they are really just another way >>> # tnef -- "winmail.dat" files created by Microsoft Exchange or Outlook >>> >>> >>> I believe Mailborder and FSL systems provide official support. >>> Do you have any contacts email/phone numbers >>> >>> Ejaz >>> >>> >>> >>> >>> >>> From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info ] On Behalf Of Alex Neuman >>> Sent: Monday, April 06, 2015 6:43 PM >>> To: MailScanner discussion >>> Subject: RE: PDF-Corruption >>> >>> I believe Mailborder and FSL systems provide official support. >>> Try modifying your TNEF decoder settings in MailScanner.conf. >>> On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" > wrote: >>> Thanks, >>> >>> I cannot ask the customer as so many of them are complaining for the same, I can make any exception from my side from the MailScanner configuration. >>> >>> Is there any officially support for mailscanner?? As I wanted to subscribe it. >>> >>> >>> Ejaz >>> >>> From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info ] On Behalf Of Alex Neuman >>> Sent: Monday, April 06, 2015 5:25 PM >>> To: MailScanner Discussion >>> Subject: Re: PDF-Corruption >>> >>> Do an MD5SUM of the PDF file before and after processing. >>> >>> Also, ask the originator NOT to use TNEF encoding (Rich Text Format). >>> >>> >>> >>> >>> Alex Neuman van der Hans >>> Reliant Technologies / Vida Digital >>> http://vidadigital.com.pa/ >>> >>> Mobile: +507 6781-9505 >>> Work: +507 832-6725 >>> Work (USA): +1 (440) 253-9789 >>> Skype: AlexNeuman >>> >>> Don't miss Vida Digital on LiveStream ! >>> Saturdays 8am-10am on Máxima 91.7FM Panama >>> >>> Follow @AlexNeuman on Twitter >>> Like Vida Digital on Facebook >>> Follow VidaDigital on Instagram >>> Subscribe to Vida Digital on Youtube >>> >>> On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz > wrote: >>> Hello. >>> >>> One of my user keep complaining that he is unable to receive the PDF attachment properly, they are getting corrupted. But when I check my logs it doesn’t show any problem. Now my concern is how to justify the customer the problem is from his side or from my MailScanner. Please advice. Thanks for your usual co-operation. >>> >>> >>> Below are the logs for the corrupted attachement/message >>> >>> >>> Apr 6 15:27:08 nmersal MailScanner[23116]: Message C98395DF459.A2E18 from 150.70.237.8 (eyad.nashed at natcom.com.sa ) to unitedgroup.com.sa is too big for spam checks (497744 > 150000 bytes) >>> Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: C98395DF459.A2E18 to 555C55DF544 >>> Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message C98395DF459.A2E18 to SQL >>> Apr 6 15:27:08 nmersal MailScanner[24178]: C98395DF459.A2E18: Logged to MailWatch SQL >>> >>> >>> Mail watch screen shot for the same message. >>> >>> >>> >>> Received on: >>> 06/04/15 15:27:08 >>> Received by: >>> nmersal.cyberia.net.sa >>> Received from: >>> 150.70.237.8 >>> [Add to Whitelist | Add to Blacklist ] >>> Received Via: >>> IP Address >>> Hostname >>> Country >>> RBL >>> Spam >>> Virus >>> All >>> 150.70.237.8 >>> rout01.hes.trendmicro.eu >>> (GeoIP Lookup Failed) >>> [   ] >>> [   ] >>> [   ] >>> [   ] >>> 10.36.162.83 >>> (Reverse Lookup Failed) >>> (GeoIP Lookup Failed) >>> [   ] >>> [   ] >>> [   ] >>> [   ] >>> 89.237.187.138 >>> SJV-EXHC1.natcom.com.sa >>> (GeoIP Lookup Failed) >>> [   ] >>> [   ] >>> [   ] >>> [   ] >>> 172.16.200.106 >>> (Reverse Lookup Failed) >>> (GeoIP Lookup Failed) >>> [   ] >>> [   ] >>> [   ] >>> [   ] >>> 172.16.200.105 >>> (Reverse Lookup Failed) >>> (GeoIP Lookup Failed) >>> [   ] >>> [   ] >>> [   ] >>> [   ] >>> 94.96.34.151 >>> (Reverse Lookup Failed) >>> (GeoIP Lookup Failed) >>> [   ] >>> [   ] >>> [   ] >>> [   ] >>> ID: >>> C98395DF459.A2E18 >>> Message Headers: >>> Received: from rout01.hes.trendmicro.eu (rout01.hes.trendmicro.eu [150.70.237.8]) >>> by nmersal.cyberia.net.sa (Postfix) with ESMTP id C98395DF459; >>> Mon, 6 Apr 2015 15:27:04 +0300 (AST) >>> Received: from outmta.starcloud.com (unknown [10.36.162.83]) >>> by rout01.hes.trendmicro.eu (Postfix) with SMTP id A01EA740040; >>> Mon, 6 Apr 2015 12:24:17 +0000 (UTC) >>> Received: from SJV-EXHC1.natcom.com.sa (unknown [89.237.187.138]) >>> by relay03.hes.trendmicro.eu (Postfix) with ESMTPS id 0CADD108003B; >>> Mon, 6 Apr 2015 12:24:13 +0000 (UTC) >>> Received: from SJV-EXMB1.natcom.com.sa ([172.16.200.106]) by >>> SJV-EXHC1.natcom.com.sa ([172.16.200.105]) with mapi id 14.03.0174.001; Mon, >>> 6 Apr 2015 15:24:12 +0300 >>> From: Eyad Nashed > >>> To: Charbel Abi Nader > >>> CC: Mustafa Khan >, Hekmat Qassem >>> > >>> Subject: RE: Cisco Access Point Quotation >>> Thread-Topic: Cisco Access Point Quotation >>> Thread-Index: AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw >>> Date: Mon, 6 Apr 2015 12:24:11 +0000 >>> Message-ID: > >>> References: <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > >>> In-Reply-To: <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > >>> Accept-Language: en-US >>> Content-Language: en-US >>> X-MS-Has-Attach: yes >>> X-MS-TNEF-Correlator: >>> x-originating-ip: [94.96.34.151] >>> Content-Type: multipart/mixed; >>> boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" >>> MIME-Version: 1.0 >>> X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 >>> X-TMASE-Result: 10--28.541000-7.000000 >>> X-TMASE-MatchedRID: OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ >>> G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgEve5PR >>> Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClRwk/W3 >>> 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk >>> pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr >>> vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q >>> Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 >>> LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP >>> EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv >>> /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e >>> SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTNDUDi9i >>> 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY >>> a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso >>> 7pnCj3Td6w7ozQLgmIj9pQ1oyg== >>> From: >>> eyad.nashed at natcom.com.sa >>> [Add to Whitelist | Add to Blacklist ] >>> To: >>> makhan at unitedgroup.com.sa >>> cabinader at unitedgroup.com.sa >>> Subject: >>> RE: Cisco Access Point Quotation >>> Size: >>> 486.1Kb >>> Anti-Virus/Dangerous Content Protection >>> Virus: >>> N >>> Blocked File: >>> N >>> Other Infection: >>> N >>> SpamAssassin >>> Spam: >>> N Action(s): deliver, header, "X-Spam-Status:, No" >>> High Scoring Spam: >>> N >>> SpamAssassin Spam: >>> N >>> Listed in RBL: >>> N >>> Spam Whitelisted: >>> N >>> Spam Blacklisted: >>> N >>> SpamAssassin Autolearn: >>> N >>> SpamAssassin Score: >>> 0.00 >>> Spam Report: >>> Score >>> Matching Rule >>> Description >>> large >>> too >>> >>> Message Content Protection (MCP) >>> MCP: >>> N >>> High Scoring MCP: >>> N >>> SpamAssassin MCP: >>> N >>> MCP Whitelisted: >>> N >>> MCP Blacklisted: >>> N >>> >>> >>> Regards >>> Ejaz >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/listinfo/mailscanner >>> >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/listinfo/mailscanner >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/listinfo/mailscanner >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From mejaz at cyberia.net.sa Tue Apr 7 09:45:12 2015 From: mejaz at cyberia.net.sa (Mohammed Ejaz) Date: Tue, 7 Apr 2015 12:45:12 +0300 Subject: PDF-Corruption In-Reply-To: References: <2F032519-327E-4F27-8C50-902B70106765@mailborder.com> <7DC92EC3-6CA7-4841-A314-707C356220E8@mailborder.com> Message-ID: <008701d07117$8dce5300$a96af900$@net.sa> All. The same PDF file when other user whose also using an exchange server, we are receiving it perfectly which is being relayed through same MailScanner. The PDF are getting corrupted from few exchange servers only. What could be the reason. Ejaz From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, April 06, 2015 8:07 PM To: MailScanner Discussion Subject: Re: PDF-Corruption If it did, indeed, stop it - though from experience it's more likely a TNEF issue. I'd switch the TNEF unpacker to the internal and/or verify that the latest perl modules/tnef programs are installed, to be on the safe side. Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507 6781-9505 Work: +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream! Saturdays 8am-10am on Máxima 91.7FM Panama Follow @AlexNeuman on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Mon, Apr 6, 2015 at 11:57 AM, Jerry Benton wrote: “... until you figure out which one is stopping or corrupting the PDF.” I saw it. Still applies. - Jerry Benton www.mailborder.com On Apr 6, 2015, at 12:55 PM, Alex Neuman wrote: I believe he mentioned the PDF's are being corrupted, not stopped. Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507 6781-9505 Work: +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream! Saturdays 8am-10am on Máxima 91.7FM Panama Follow @AlexNeuman on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Mon, Apr 6, 2015 at 11:29 AM, Jerry Benton wrote: The PDF probably has a disallowed MIME type in the document. Edit your MIME types config file in /etc/MailScanner and allow all MIME types. Resend the email and see if it gets through. If it does, enable each MIME type until you figure out which one is stopping or corrupting the PDF. Note that there is a problem with the current Linux “file” command that has been causing problems with a lot of applications. This may or may not be your problem, but of the customers I have dealt with at Mailborder complaining of this issue, this is often the problem. - Jerry Benton www.mailborder.com On Apr 6, 2015, at 12:04 PM, Mohammed Ejaz wrote: Thanks a lot sorry to disturb you, I called during your meeting. As I was unaware about it. This is what all I have for Tnef settings in my mailscanner. Does Any modification required ??? Please advice. Again thank you for your time. Expand TNEF attachments using an external program (or a Perl module)? # within the TNEF attachment will not be checked against the filename rules. Expand TNEF = no # When the TNEF (winmail.dat) attachments are expanded, should the # in "Outlook Rich Text Format" (TNEF) will be able to read the attachments # no => Leave winmail.dat TNEF attachments alone. # TNEF messages being doubled in size. # replace => Replace the winmail.dat TNEF attachment with the files it Use TNEF Contents = replace # We are working on a replacement for the TNEF decoder. Deliver Unparsable TNEF = yes # Where the MS-TNEF expander is installed. # the external TNEF expander binary, # may be. It helps protect against Denial Of Service attacks in TNEF files. #TNEF Expander = internal TNEF Expander = /usr/bin/tnef --maxsize=100000000 # The maximum length of time the TNEF Expander is allowed to run for 1 message. TNEF Timeout = 120 # maybe TNEF files to not be archives as they are really just another way # tnef -- "winmail.dat" files created by Microsoft Exchange or Outlook I believe Mailborder and FSL systems provide official support. Do you have any contacts email/phone numbers Ejaz From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, April 06, 2015 6:43 PM To: MailScanner discussion Subject: RE: PDF-Corruption I believe Mailborder and FSL systems provide official support. Try modifying your TNEF decoder settings in MailScanner.conf. On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" < mejaz at cyberia.net.sa> wrote: Thanks, I cannot ask the customer as so many of them are complaining for the same, I can make any exception from my side from the MailScanner configuration. Is there any officially support for mailscanner?? As I wanted to subscribe it. Ejaz From: MailScanner [mailto: mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, April 06, 2015 5:25 PM To: MailScanner Discussion Subject: Re: PDF-Corruption Do an MD5SUM of the PDF file before and after processing. Also, ask the originator NOT to use TNEF encoding (Rich Text Format). Web Bug from http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000 Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507 6781-9505 Work: +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream! Saturdays 8am-10am on Máxima 91.7FM Panama Follow @AlexNeuman on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz < mejaz at cyberia.net.sa> wrote: Hello. One of my user keep complaining that he is unable to receive the PDF attachment properly, they are getting corrupted. But when I check my logs it doesn’t show any problem. Now my concern is how to justify the customer the problem is from his side or from my MailScanner. Please advice. Thanks for your usual co-operation. Below are the logs for the corrupted attachement/message Apr 6 15:27:08 nmersal MailScanner[23116]: Message C98395DF459.A2E18 from 150.70.237.8 ( eyad.nashed at natcom.com.sa) to unitedgroup.com.sa is too big for spam checks (497744 > 150000 bytes) Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: C98395DF459.A2E18 to 555C55DF544 Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message C98395DF459.A2E18 to SQL Apr 6 15:27:08 nmersal MailScanner[24178]: C98395DF459.A2E18: Logged to MailWatch SQL Mail watch screen shot for the same message. Received on: 06/04/15 15:27:08 Received by: nmersal.cyberia.net.sa Received from: 150.70.237.8 [ Add to Whitelist | Add to Blacklist] Received Via: IP Address Hostname Country RBL Spam Virus All 150.70.237.8 rout01.hes.trendmicro.eu (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 10.36.162.83 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 89.237.187.138 SJV-EXHC1.natcom.com.sa (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 172.16.200.106 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 172.16.200.105 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 94.96.34.151 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] ID: C98395DF459.A2E18 Message Headers: Received: from rout01.hes.trendmicro.eu ( rout01.hes.trendmicro.eu [150.70.237.8]) by nmersal.cyberia.net.sa (Postfix) with ESMTP id C98395DF459; Mon, 6 Apr 2015 15:27:04 +0300 (AST) Received: from outmta.starcloud.com (unknown [10.36.162.83]) by rout01.hes.trendmicro.eu (Postfix) with SMTP id A01EA740040; Mon, 6 Apr 2015 12:24:17 +0000 (UTC) Received: from SJV-EXHC1.natcom.com.sa (unknown [89.237.187.138]) by relay03.hes.trendmicro.eu (Postfix) with ESMTPS id 0CADD108003B; Mon, 6 Apr 2015 12:24:13 +0000 (UTC) Received: from SJV-EXMB1.natcom.com.sa ([172.16.200.106]) by SJV-EXHC1.natcom.com.sa ([172.16.200.105]) with mapi id 14.03.0174.001; Mon, 6 Apr 2015 15:24:12 +0300 From: Eyad Nashed < eyad.nashed at natcom.com.sa> To: Charbel Abi Nader < cabinader at unitedgroup.com.sa> CC: Mustafa Khan < makhan at unitedgroup.com.sa>, Hekmat Qassem < hekmatq at natcom.com.sa> Subject: RE: Cisco Access Point Quotation Thread-Topic: Cisco Access Point Quotation Thread-Index: AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw Date: Mon, 6 Apr 2015 12:24:11 +0000 Message-ID: < FBD94B164BE21A4393DB52F7CD6C8DFD16D46764 at SJV-EXMB1.natcom.com.sa> References: < 5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa> In-Reply-To: < 5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [94.96.34.151] Content-Type: multipart/mixed; boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" MIME-Version: 1.0 X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 X-TMASE-Result: 10--28.541000-7.000000 X-TMASE-MatchedRID: OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgEve5PR Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClRwk/W3 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTNDUDi9i 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso 7pnCj3Td6w7ozQLgmIj9pQ1oyg== From: eyad.nashed at natcom.com.sa [ Add to Whitelist | Add to Blacklist] To: makhan at unitedgroup.com.sa cabinader at unitedgroup.com.sa Subject: RE: Cisco Access Point Quotation Size: 486.1Kb Anti-Virus/Dangerous Content Protection Virus: N Blocked File: N Other Infection: N SpamAssassin Spam: N Action(s): deliver, header, "X-Spam-Status:, No" High Scoring Spam: N SpamAssassin Spam: N Listed in RBL: N Spam Whitelisted: N Spam Blacklisted: N SpamAssassin Autolearn: N SpamAssassin Score: 0.00 Spam Report: Score Matching Rule Description large too Message Content Protection (MCP) MCP: N High Scoring MCP: N SpamAssassin MCP: N MCP Whitelisted: N MCP Blacklisted: N Regards Ejaz -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Tue Apr 7 09:45:18 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 7 Apr 2015 05:45:18 -0400 Subject: PDF-Corruption In-Reply-To: <008701d07117$8dce5300$a96af900$@net.sa> References: <2F032519-327E-4F27-8C50-902B70106765@mailborder.com> <7DC92EC3-6CA7-4841-A314-707C356220E8@mailborder.com> <008701d07117$8dce5300$a96af900$@net.sa> Message-ID: <36D3757D-EE33-42D8-BF20-72B15C458FD1@mailborder.com> One user is using Rich Text, the other is not. - Jerry Benton www.mailborder.com > On Apr 7, 2015, at 5:45 AM, Mohammed Ejaz wrote: > > All. > > The same PDF file when other user whose also using an exchange server, we are receiving it perfectly which is being relayed through same MailScanner. > > The PDF are getting corrupted from few exchange servers only. What could be the reason. > > Ejaz > > > > > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman > Sent: Monday, April 06, 2015 8:07 PM > To: MailScanner Discussion > Subject: Re: PDF-Corruption > > If it did, indeed, stop it - though from experience it's more likely a TNEF issue. > > I'd switch the TNEF unpacker to the internal and/or verify that the latest perl modules/tnef programs are installed, to be on the safe side. > > > > > Alex Neuman van der Hans > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > Mobile: +507 6781-9505 > Work: +507 832-6725 > Work (USA): +1 (440) 253-9789 > Skype: AlexNeuman > > Don't miss Vida Digital on LiveStream ! > Saturdays 8am-10am on Máxima 91.7FM Panama > > Follow @AlexNeuman on Twitter > Like Vida Digital on Facebook > Follow VidaDigital on Instagram > Subscribe to Vida Digital on Youtube > > On Mon, Apr 6, 2015 at 11:57 AM, Jerry Benton > wrote: > “... until you figure out which one is stopping or corrupting the PDF.” > > I saw it. Still applies. > > - > Jerry Benton > www.mailborder.com > > > >> On Apr 6, 2015, at 12:55 PM, Alex Neuman > wrote: >> >> I believe he mentioned the PDF's are being corrupted, not stopped. >> >> >> >> Alex Neuman van der Hans >> Reliant Technologies / Vida Digital >> http://vidadigital.com.pa/ >> >> Mobile: +507 6781-9505 >> Work: +507 832-6725 >> Work (USA): +1 (440) 253-9789 >> Skype: AlexNeuman >> >> Don't miss Vida Digital on LiveStream ! >> Saturdays 8am-10am on Máxima 91.7FM Panama >> >> Follow @AlexNeuman on Twitter >> Like Vida Digital on Facebook >> Follow VidaDigital on Instagram >> Subscribe to Vida Digital on Youtube >> >> On Mon, Apr 6, 2015 at 11:29 AM, Jerry Benton > wrote: >> The PDF probably has a disallowed MIME type in the document. Edit your MIME types config file in /etc/MailScanner and allow all MIME types. Resend the email and see if it gets through. If it does, enable each MIME type until you figure out which one is stopping or corrupting the PDF. Note that there is a problem with the current Linux “file” command that has been causing problems with a lot of applications. >> >> This may or may not be your problem, but of the customers I have dealt with at Mailborder complaining of this issue, this is often the problem. >> >> - >> Jerry Benton >> www.mailborder.com >> >> >> >>> On Apr 6, 2015, at 12:04 PM, Mohammed Ejaz > wrote: >>> >>> Thanks a lot sorry to disturb you, I called during your meeting. As I was unaware about it. >>> >>> >>> This is what all I have for Tnef settings in my mailscanner. Does Any modification required ??? Please advice. >>> >>> Again thank you for your time. >>> >>> >>> >>> Expand TNEF attachments using an external program (or a Perl module)? >>> # within the TNEF attachment will not be checked against the filename rules. >>> Expand TNEF = no >>> # When the TNEF (winmail.dat) attachments are expanded, should the >>> # in "Outlook Rich Text Format" (TNEF) will be able to read the attachments >>> # no => Leave winmail.dat TNEF attachments alone. >>> # TNEF messages being doubled in size. >>> # replace => Replace the winmail.dat TNEF attachment with the files it >>> Use TNEF Contents = replace >>> # We are working on a replacement for the TNEF decoder. >>> Deliver Unparsable TNEF = yes >>> # Where the MS-TNEF expander is installed. >>> # the external TNEF expander binary, >>> # may be. It helps protect against Denial Of Service attacks in TNEF files. >>> #TNEF Expander = internal >>> TNEF Expander = /usr/bin/tnef --maxsize=100000000 >>> # The maximum length of time the TNEF Expander is allowed to run for 1 message. >>> TNEF Timeout = 120 >>> # maybe TNEF files to not be archives as they are really just another way >>> # tnef -- "winmail.dat" files created by Microsoft Exchange or Outlook >>> >>> >>> I believe Mailborder and FSL systems provide official support. >>> >>> Do you have any contacts email/phone numbers >>> >>> Ejaz >>> >>> >>> >>> >>> >>> From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info ] On Behalf Of Alex Neuman >>> Sent: Monday, April 06, 2015 6:43 PM >>> To: MailScanner discussion >>> Subject: RE: PDF-Corruption >>> >>> I believe Mailborder and FSL systems provide official support. >>> >>> Try modifying your TNEF decoder settings in MailScanner.conf. >>> >>> On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" > wrote: >>> Thanks, >>> >>> I cannot ask the customer as so many of them are complaining for the same, I can make any exception from my side from the MailScanner configuration. >>> >>> Is there any officially support for mailscanner?? As I wanted to subscribe it. >>> >>> >>> Ejaz >>> >>> From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info ] On Behalf Of Alex Neuman >>> Sent: Monday, April 06, 2015 5:25 PM >>> To: MailScanner Discussion >>> Subject: Re: PDF-Corruption >>> >>> Do an MD5SUM of the PDF file before and after processing. >>> >>> Also, ask the originator NOT to use TNEF encoding (Rich Text Format). >>> >>> >>> >>> >>> Alex Neuman van der Hans >>> Reliant Technologies / Vida Digital >>> http://vidadigital.com.pa/ >>> >>> Mobile: +507 6781-9505 >>> Work: +507 832-6725 >>> Work (USA): +1 (440) 253-9789 >>> Skype: AlexNeuman >>> >>> Don't miss Vida Digital on LiveStream ! >>> Saturdays 8am-10am on Máxima 91.7FM Panama >>> >>> Follow @AlexNeuman on Twitter >>> Like Vida Digital on Facebook >>> Follow VidaDigital on Instagram >>> Subscribe to Vida Digital on Youtube >>> >>> On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz > wrote: >>> Hello. >>> >>> One of my user keep complaining that he is unable to receive the PDF attachment properly, they are getting corrupted. But when I check my logs it doesn’t show any problem. Now my concern is how to justify the customer the problem is from his side or from my MailScanner. Please advice. Thanks for your usual co-operation. >>> >>> >>> Below are the logs for the corrupted attachement/message >>> >>> >>> Apr 6 15:27:08 nmersal MailScanner[23116]: Message C98395DF459.A2E18 from 150.70.237.8 (eyad.nashed at natcom.com.sa ) to unitedgroup.com.sa is too big for spam checks (497744 > 150000 bytes) >>> Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: C98395DF459.A2E18 to 555C55DF544 >>> Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message C98395DF459.A2E18 to SQL >>> Apr 6 15:27:08 nmersal MailScanner[24178]: C98395DF459.A2E18: Logged to MailWatch SQL >>> >>> >>> Mail watch screen shot for the same message. >>> >>> >>> >>> Received on: >>> 06/04/15 15:27:08 >>> Received by: >>> nmersal.cyberia.net.sa >>> Received from: >>> 150.70.237.8 >>> [Add to Whitelist | Add to Blacklist ] >>> Received Via: >>> IP Address >>> Hostname >>> Country >>> RBL >>> Spam >>> Virus >>> All >>> 150.70.237.8 >>> rout01.hes.trendmicro.eu >>> (GeoIP Lookup Failed) >>> [   ] >>> [   ] >>> [   ] >>> [   ] >>> 10.36.162.83 >>> (Reverse Lookup Failed) >>> (GeoIP Lookup Failed) >>> [   ] >>> [   ] >>> [   ] >>> [   ] >>> 89.237.187.138 >>> SJV-EXHC1.natcom.com.sa >>> (GeoIP Lookup Failed) >>> [   ] >>> [   ] >>> [   ] >>> [   ] >>> 172.16.200.106 >>> (Reverse Lookup Failed) >>> (GeoIP Lookup Failed) >>> [   ] >>> [   ] >>> [   ] >>> [   ] >>> 172.16.200.105 >>> (Reverse Lookup Failed) >>> (GeoIP Lookup Failed) >>> [   ] >>> [   ] >>> [   ] >>> [   ] >>> 94.96.34.151 >>> (Reverse Lookup Failed) >>> (GeoIP Lookup Failed) >>> [   ] >>> [   ] >>> [   ] >>> [   ] >>> ID: >>> C98395DF459.A2E18 >>> Message Headers: >>> Received: from rout01.hes.trendmicro.eu (rout01.hes.trendmicro.eu [150.70.237.8]) >>> by nmersal.cyberia.net.sa (Postfix) with ESMTP id C98395DF459; >>> Mon, 6 Apr 2015 15:27:04 +0300 (AST) >>> Received: from outmta.starcloud.com (unknown [10.36.162.83]) >>> by rout01.hes.trendmicro.eu (Postfix) with SMTP id A01EA740040; >>> Mon, 6 Apr 2015 12:24:17 +0000 (UTC) >>> Received: from SJV-EXHC1.natcom.com.sa (unknown [89.237.187.138]) >>> by relay03.hes.trendmicro.eu (Postfix) with ESMTPS id 0CADD108003B; >>> Mon, 6 Apr 2015 12:24:13 +0000 (UTC) >>> Received: from SJV-EXMB1.natcom.com.sa ([172.16.200.106]) by >>> SJV-EXHC1.natcom.com.sa ([172.16.200.105]) with mapi id 14.03.0174.001; Mon, >>> 6 Apr 2015 15:24:12 +0300 >>> From: Eyad Nashed > >>> To: Charbel Abi Nader > >>> CC: Mustafa Khan >, Hekmat Qassem >>> > >>> Subject: RE: Cisco Access Point Quotation >>> Thread-Topic: Cisco Access Point Quotation >>> Thread-Index: AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw >>> Date: Mon, 6 Apr 2015 12:24:11 +0000 >>> Message-ID: > >>> References: <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > >>> In-Reply-To: <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > >>> Accept-Language: en-US >>> Content-Language: en-US >>> X-MS-Has-Attach: yes >>> X-MS-TNEF-Correlator: >>> x-originating-ip: [94.96.34.151] >>> Content-Type: multipart/mixed; >>> boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" >>> MIME-Version: 1.0 >>> X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 >>> X-TMASE-Result: 10--28.541000-7.000000 >>> X-TMASE-MatchedRID: OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ >>> G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgEve5PR >>> Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClRwk/W3 >>> 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk >>> pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr >>> vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q >>> Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 >>> LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP >>> EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv >>> /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e >>> SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTNDUDi9i >>> 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY >>> a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso >>> 7pnCj3Td6w7ozQLgmIj9pQ1oyg== >>> From: >>> eyad.nashed at natcom.com.sa >>> [Add to Whitelist | Add to Blacklist ] >>> To: >>> makhan at unitedgroup.com.sa >>> cabinader at unitedgroup.com.sa >>> Subject: >>> RE: Cisco Access Point Quotation >>> Size: >>> 486.1Kb >>> Anti-Virus/Dangerous Content Protection >>> Virus: >>> N >>> Blocked File: >>> N >>> Other Infection: >>> N >>> SpamAssassin >>> Spam: >>> N Action(s): deliver, header, "X-Spam-Status:, No" >>> High Scoring Spam: >>> N >>> SpamAssassin Spam: >>> N >>> Listed in RBL: >>> N >>> Spam Whitelisted: >>> N >>> Spam Blacklisted: >>> N >>> SpamAssassin Autolearn: >>> N >>> SpamAssassin Score: >>> 0.00 >>> Spam Report: >>> Score >>> Matching Rule >>> Description >>> large >>> too >>> >>> Message Content Protection (MCP) >>> MCP: >>> N >>> High Scoring MCP: >>> N >>> SpamAssassin MCP: >>> N >>> MCP Whitelisted: >>> N >>> MCP Blacklisted: >>> N >>> >>> >>> Regards >>> Ejaz >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/listinfo/mailscanner >>> >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/listinfo/mailscanner >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/listinfo/mailscanner >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From mejaz at cyberia.net.sa Tue Apr 7 09:50:15 2015 From: mejaz at cyberia.net.sa (Mohammed Ejaz) Date: Tue, 7 Apr 2015 12:50:15 +0300 Subject: PDF-Corruption In-Reply-To: <781C1F4B-A2D6-4C34-A564-AC4D85756014@mailborder.com> References: <2F032519-327E-4F27-8C50-902B70106765@mailborder.com> <7DC92EC3-6CA7-4841-A314-707C356220E8@mailborder.com> <006c01d0710c$a163c180$e42b4480$@net.sa> <781C1F4B-A2D6-4C34-A564-AC4D85756014@mailborder.com> Message-ID: <009801d07118$425cb4b0$c7161e10$@net.sa> Hi jerry Can you, or any one does support for us, for Mailscanner/postfix/spamassasin/clamav with mail watch interface. As of now we don’t want to go with mail border products Ejaz From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: Tuesday, April 07, 2015 12:30 PM To: MailScanner Discussion Subject: Re: PDF-Corruption I will provide official support on Mailborder products. I will provide community support on MailScanner via the mailing list just like everyone else does. Open source is is really great, but you have to do a lot of your own research and testing. - Jerry Benton www.mailborder.com On Apr 7, 2015, at 4:27 AM, Mohammed Ejaz wrote: Hi jerry I believe, fSL wont official supporting for MailScanner. When I called steve (FSL) yesterday, he told me check wihth mail border or buruwa, Does mailborder support officially to MailScanner??? Ejaz From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: Monday, April 06, 2015 7:57 PM To: MailScanner Discussion Subject: Re: PDF-Corruption “... until you figure out which one is stopping or corrupting the PDF.” I saw it. Still applies. - Jerry Benton www.mailborder.com On Apr 6, 2015, at 12:55 PM, Alex Neuman < alex at vidadigital.com.pa> wrote: I believe he mentioned the PDF's are being corrupted, not stopped. Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507 6781-9505 Work: +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream! Saturdays 8am-10am on Máxima 91.7FM Panama Follow @AlexNeuman on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Mon, Apr 6, 2015 at 11:29 AM, Jerry Benton < jerry.benton at mailborder.com> wrote: The PDF probably has a disallowed MIME type in the document. Edit your MIME types config file in /etc/MailScanner and allow all MIME types. Resend the email and see if it gets through. If it does, enable each MIME type until you figure out which one is stopping or corrupting the PDF. Note that there is a problem with the current Linux “file” command that has been causing problems with a lot of applications. This may or may not be your problem, but of the customers I have dealt with at Mailborder complaining of this issue, this is often the problem. - Jerry Benton www.mailborder.com On Apr 6, 2015, at 12:04 PM, Mohammed Ejaz < mejaz at cyberia.net.sa> wrote: Thanks a lot sorry to disturb you, I called during your meeting. As I was unaware about it. This is what all I have for Tnef settings in my mailscanner. Does Any modification required ??? Please advice. Again thank you for your time. Expand TNEF attachments using an external program (or a Perl module)? # within the TNEF attachment will not be checked against the filename rules. Expand TNEF = no # When the TNEF (winmail.dat) attachments are expanded, should the # in "Outlook Rich Text Format" (TNEF) will be able to read the attachments # no => Leave winmail.dat TNEF attachments alone. # TNEF messages being doubled in size. # replace => Replace the winmail.dat TNEF attachment with the files it Use TNEF Contents = replace # We are working on a replacement for the TNEF decoder. Deliver Unparsable TNEF = yes # Where the MS-TNEF expander is installed. # the external TNEF expander binary, # may be. It helps protect against Denial Of Service attacks in TNEF files. #TNEF Expander = internal TNEF Expander = /usr/bin/tnef --maxsize=100000000 # The maximum length of time the TNEF Expander is allowed to run for 1 message. TNEF Timeout = 120 # maybe TNEF files to not be archives as they are really just another way # tnef -- "winmail.dat" files created by Microsoft Exchange or Outlook I believe Mailborder and FSL systems provide official support. Do you have any contacts email/phone numbers Ejaz From: MailScanner [ mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, April 06, 2015 6:43 PM To: MailScanner discussion Subject: RE: PDF-Corruption I believe Mailborder and FSL systems provide official support. Try modifying your TNEF decoder settings in MailScanner.conf. On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" < mejaz at cyberia.net.sa> wrote: Thanks, I cannot ask the customer as so many of them are complaining for the same, I can make any exception from my side from the MailScanner configuration. Is there any officially support for mailscanner?? As I wanted to subscribe it. Ejaz From: MailScanner [mailto: mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, April 06, 2015 5:25 PM To: MailScanner Discussion Subject: Re: PDF-Corruption Do an MD5SUM of the PDF file before and after processing. Also, ask the originator NOT to use TNEF encoding (Rich Text Format). Web Bug from http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000 Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507 6781-9505 Work: +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream! Saturdays 8am-10am on Máxima 91.7FM Panama Follow @AlexNeuman on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz < mejaz at cyberia.net.sa> wrote: Hello. One of my user keep complaining that he is unable to receive the PDF attachment properly, they are getting corrupted. But when I check my logs it doesn’t show any problem. Now my concern is how to justify the customer the problem is from his side or from my MailScanner. Please advice. Thanks for your usual co-operation. Below are the logs for the corrupted attachement/message Apr 6 15:27:08 nmersal MailScanner[23116]: Message C98395DF459.A2E18 from 150.70.237.8 ( eyad.nashed at natcom.com.sa) to unitedgroup.com.sa is too big for spam checks (497744 > 150000 bytes) Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: C98395DF459.A2E18 to 555C55DF544 Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message C98395DF459.A2E18 to SQL Apr 6 15:27:08 nmersal MailScanner[24178]: C98395DF459.A2E18: Logged to MailWatch SQL Mail watch screen shot for the same message. Received on: 06/04/15 15:27:08 Received by: nmersal.cyberia.net.sa Received from: 150.70.237.8 [ Add to Whitelist | Add to Blacklist] Received Via: IP Address Hostname Country RBL Spam Virus All 150.70.237.8 rout01.hes.trendmicro.eu (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 10.36.162.83 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 89.237.187.138 SJV-EXHC1.natcom.com.sa (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 172.16.200.106 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 172.16.200.105 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 94.96.34.151 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] ID: C98395DF459.A2E18 Message Headers: Received: from rout01.hes.trendmicro.eu ( rout01.hes.trendmicro.eu [150.70.237.8]) by nmersal.cyberia.net.sa (Postfix) with ESMTP id C98395DF459; Mon, 6 Apr 2015 15:27:04 +0300 (AST) Received: from outmta.starcloud.com (unknown [10.36.162.83]) by rout01.hes.trendmicro.eu (Postfix) with SMTP id A01EA740040; Mon, 6 Apr 2015 12:24:17 +0000 (UTC) Received: from SJV-EXHC1.natcom.com.sa (unknown [89.237.187.138]) by relay03.hes.trendmicro.eu (Postfix) with ESMTPS id 0CADD108003B; Mon, 6 Apr 2015 12:24:13 +0000 (UTC) Received: from SJV-EXMB1.natcom.com.sa ([172.16.200.106]) by SJV-EXHC1.natcom.com.sa ([172.16.200.105]) with mapi id 14.03.0174.001; Mon, 6 Apr 2015 15:24:12 +0300 From: Eyad Nashed < eyad.nashed at natcom.com.sa> To: Charbel Abi Nader < cabinader at unitedgroup.com.sa> CC: Mustafa Khan < makhan at unitedgroup.com.sa>, Hekmat Qassem < hekmatq at natcom.com.sa> Subject: RE: Cisco Access Point Quotation Thread-Topic: Cisco Access Point Quotation Thread-Index: AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw Date: Mon, 6 Apr 2015 12:24:11 +0000 Message-ID: < FBD94B164BE21A4393DB52F7CD6C8DFD16D46764 at SJV-EXMB1.natcom.com.sa> References: < 5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa> In-Reply-To: < 5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [94.96.34.151] Content-Type: multipart/mixed; boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" MIME-Version: 1.0 X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 X-TMASE-Result: 10--28.541000-7.000000 X-TMASE-MatchedRID: OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgEve5PR Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClRwk/W3 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTNDUDi9i 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso 7pnCj3Td6w7ozQLgmIj9pQ1oyg== From: eyad.nashed at natcom.com.sa [ Add to Whitelist | Add to Blacklist] To: makhan at unitedgroup.com.sa cabinader at unitedgroup.com.sa Subject: RE: Cisco Access Point Quotation Size: 486.1Kb Anti-Virus/Dangerous Content Protection Virus: N Blocked File: N Other Infection: N SpamAssassin Spam: N Action(s): deliver, header, "X-Spam-Status:, No" High Scoring Spam: N SpamAssassin Spam: N Listed in RBL: N Spam Whitelisted: N Spam Blacklisted: N SpamAssassin Autolearn: N SpamAssassin Score: 0.00 Spam Report: Score Matching Rule Description large too Message Content Protection (MCP) MCP: N High Scoring MCP: N SpamAssassin MCP: N MCP Whitelisted: N MCP Blacklisted: N Regards Ejaz -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Tue Apr 7 09:51:26 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 7 Apr 2015 05:51:26 -0400 Subject: PDF-Corruption In-Reply-To: <009801d07118$425cb4b0$c7161e10$@net.sa> References: <2F032519-327E-4F27-8C50-902B70106765@mailborder.com> <7DC92EC3-6CA7-4841-A314-707C356220E8@mailborder.com> <006c01d0710c$a163c180$e42b4480$@net.sa> <781C1F4B-A2D6-4C34-A564-AC4D85756014@mailborder.com> <009801d07118$425cb4b0$c7161e10$@net.sa> Message-ID: <9E450A38-9BA3-479D-A728-1649651B57B7@mailborder.com> Mailwatch has a mailing list specific to that software. You should try there: https://lists.sourceforge.net/lists/listinfo/mailwatch-users - Jerry Benton www.mailborder.com > On Apr 7, 2015, at 5:50 AM, Mohammed Ejaz wrote: > > Hi jerry > > Can you, or any one does support for us, for Mailscanner/postfix/spamassasin/clamav with mail watch interface. > As of now we don’t want to go with mail border products > > Ejaz > > > > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton > Sent: Tuesday, April 07, 2015 12:30 PM > To: MailScanner Discussion > Subject: Re: PDF-Corruption > > I will provide official support on Mailborder products. I will provide community support on MailScanner via the mailing list just like everyone else does. Open source is is really great, but you have to do a lot of your own research and testing. > > - > Jerry Benton > www.mailborder.com > > > >> On Apr 7, 2015, at 4:27 AM, Mohammed Ejaz > wrote: >> >> >> Hi jerry >> >> I believe, fSL wont official supporting for MailScanner. When I called steve (FSL) yesterday, he told me check wihth mail border or buruwa, >> >> Does mailborder support officially to MailScanner??? >> >> Ejaz >> >> >> >> From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info ] On Behalf Of Jerry Benton >> Sent: Monday, April 06, 2015 7:57 PM >> To: MailScanner Discussion >> Subject: Re: PDF-Corruption >> >> “... until you figure out which one is stopping or corrupting the PDF.” >> >> I saw it. Still applies. >> >> - >> Jerry Benton >> www.mailborder.com >> >> >> >>> On Apr 6, 2015, at 12:55 PM, Alex Neuman > wrote: >>> >>> I believe he mentioned the PDF's are being corrupted, not stopped. >>> >>> >>> >>> Alex Neuman van der Hans >>> Reliant Technologies / Vida Digital >>> http://vidadigital.com.pa/ >>> >>> Mobile: +507 6781-9505 >>> Work: +507 832-6725 >>> Work (USA): +1 (440) 253-9789 >>> Skype: AlexNeuman >>> >>> Don't miss Vida Digital on LiveStream ! >>> Saturdays 8am-10am on Máxima 91.7FM Panama >>> >>> Follow @AlexNeuman on Twitter >>> Like Vida Digital on Facebook >>> Follow VidaDigital on Instagram >>> Subscribe to Vida Digital on Youtube >>> >>> On Mon, Apr 6, 2015 at 11:29 AM, Jerry Benton > wrote: >>> The PDF probably has a disallowed MIME type in the document. Edit your MIME types config file in /etc/MailScanner and allow all MIME types. Resend the email and see if it gets through. If it does, enable each MIME type until you figure out which one is stopping or corrupting the PDF. Note that there is a problem with the current Linux “file” command that has been causing problems with a lot of applications. >>> >>> This may or may not be your problem, but of the customers I have dealt with at Mailborder complaining of this issue, this is often the problem. >>> >>> - >>> Jerry Benton >>> www.mailborder.com >>> >>> >>> >>>> On Apr 6, 2015, at 12:04 PM, Mohammed Ejaz > wrote: >>>> >>>> Thanks a lot sorry to disturb you, I called during your meeting. As I was unaware about it. >>>> >>>> >>>> This is what all I have for Tnef settings in my mailscanner. Does Any modification required ??? Please advice. >>>> >>>> Again thank you for your time. >>>> >>>> >>>> >>>> Expand TNEF attachments using an external program (or a Perl module)? >>>> # within the TNEF attachment will not be checked against the filename rules. >>>> Expand TNEF = no >>>> # When the TNEF (winmail.dat) attachments are expanded, should the >>>> # in "Outlook Rich Text Format" (TNEF) will be able to read the attachments >>>> # no => Leave winmail.dat TNEF attachments alone. >>>> # TNEF messages being doubled in size. >>>> # replace => Replace the winmail.dat TNEF attachment with the files it >>>> Use TNEF Contents = replace >>>> # We are working on a replacement for the TNEF decoder. >>>> Deliver Unparsable TNEF = yes >>>> # Where the MS-TNEF expander is installed. >>>> # the external TNEF expander binary, >>>> # may be. It helps protect against Denial Of Service attacks in TNEF files. >>>> #TNEF Expander = internal >>>> TNEF Expander = /usr/bin/tnef --maxsize=100000000 >>>> # The maximum length of time the TNEF Expander is allowed to run for 1 message. >>>> TNEF Timeout = 120 >>>> # maybe TNEF files to not be archives as they are really just another way >>>> # tnef -- "winmail.dat" files created by Microsoft Exchange or Outlook >>>> >>>> >>>> I believe Mailborder and FSL systems provide official support. >>>> Do you have any contacts email/phone numbers >>>> >>>> Ejaz >>>> >>>> >>>> >>>> >>>> >>>> From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info ] On Behalf Of Alex Neuman >>>> Sent: Monday, April 06, 2015 6:43 PM >>>> To: MailScanner discussion >>>> Subject: RE: PDF-Corruption >>>> >>>> I believe Mailborder and FSL systems provide official support. >>>> Try modifying your TNEF decoder settings in MailScanner.conf. >>>> On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" > wrote: >>>> Thanks, >>>> >>>> I cannot ask the customer as so many of them are complaining for the same, I can make any exception from my side from the MailScanner configuration. >>>> >>>> Is there any officially support for mailscanner?? As I wanted to subscribe it. >>>> >>>> >>>> Ejaz >>>> >>>> From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info ] On Behalf Of Alex Neuman >>>> Sent: Monday, April 06, 2015 5:25 PM >>>> To: MailScanner Discussion >>>> Subject: Re: PDF-Corruption >>>> >>>> Do an MD5SUM of the PDF file before and after processing. >>>> >>>> Also, ask the originator NOT to use TNEF encoding (Rich Text Format). >>>> >>>> >>>> >>>> >>>> Alex Neuman van der Hans >>>> Reliant Technologies / Vida Digital >>>> http://vidadigital.com.pa/ >>>> >>>> Mobile: +507 6781-9505 >>>> Work: +507 832-6725 >>>> Work (USA): +1 (440) 253-9789 >>>> Skype: AlexNeuman >>>> >>>> Don't miss Vida Digital on LiveStream ! >>>> Saturdays 8am-10am on Máxima 91.7FM Panama >>>> >>>> Follow @AlexNeuman on Twitter >>>> Like Vida Digital on Facebook >>>> Follow VidaDigital on Instagram >>>> Subscribe to Vida Digital on Youtube >>>> >>>> On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz > wrote: >>>> Hello. >>>> >>>> One of my user keep complaining that he is unable to receive the PDF attachment properly, they are getting corrupted. But when I check my logs it doesn’t show any problem. Now my concern is how to justify the customer the problem is from his side or from my MailScanner. Please advice. Thanks for your usual co-operation. >>>> >>>> >>>> Below are the logs for the corrupted attachement/message >>>> >>>> >>>> Apr 6 15:27:08 nmersal MailScanner[23116]: Message C98395DF459.A2E18 from 150.70.237.8 (eyad.nashed at natcom.com.sa ) to unitedgroup.com.sa is too big for spam checks (497744 > 150000 bytes) >>>> Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: C98395DF459.A2E18 to 555C55DF544 >>>> Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message C98395DF459.A2E18 to SQL >>>> Apr 6 15:27:08 nmersal MailScanner[24178]: C98395DF459.A2E18: Logged to MailWatch SQL >>>> >>>> >>>> Mail watch screen shot for the same message. >>>> >>>> >>>> >>>> Received on: >>>> 06/04/15 15:27:08 >>>> Received by: >>>> nmersal.cyberia.net.sa >>>> Received from: >>>> 150.70.237.8 >>>> [Add to Whitelist | Add to Blacklist ] >>>> Received Via: >>>> IP Address >>>> Hostname >>>> Country >>>> RBL >>>> Spam >>>> Virus >>>> All >>>> 150.70.237.8 >>>> rout01.hes.trendmicro.eu >>>> (GeoIP Lookup Failed) >>>> [   ] >>>> [   ] >>>> [   ] >>>> [   ] >>>> 10.36.162.83 >>>> (Reverse Lookup Failed) >>>> (GeoIP Lookup Failed) >>>> [   ] >>>> [   ] >>>> [   ] >>>> [   ] >>>> 89.237.187.138 >>>> SJV-EXHC1.natcom.com.sa >>>> (GeoIP Lookup Failed) >>>> [   ] >>>> [   ] >>>> [   ] >>>> [   ] >>>> 172.16.200.106 >>>> (Reverse Lookup Failed) >>>> (GeoIP Lookup Failed) >>>> [   ] >>>> [   ] >>>> [   ] >>>> [   ] >>>> 172.16.200.105 >>>> (Reverse Lookup Failed) >>>> (GeoIP Lookup Failed) >>>> [   ] >>>> [   ] >>>> [   ] >>>> [   ] >>>> 94.96.34.151 >>>> (Reverse Lookup Failed) >>>> (GeoIP Lookup Failed) >>>> [   ] >>>> [   ] >>>> [   ] >>>> [   ] >>>> ID: >>>> C98395DF459.A2E18 >>>> Message Headers: >>>> Received: from rout01.hes.trendmicro.eu (rout01.hes.trendmicro.eu [150.70.237.8]) >>>> by nmersal.cyberia.net.sa (Postfix) with ESMTP id C98395DF459; >>>> Mon, 6 Apr 2015 15:27:04 +0300 (AST) >>>> Received: from outmta.starcloud.com (unknown [10.36.162.83]) >>>> by rout01.hes.trendmicro.eu (Postfix) with SMTP id A01EA740040; >>>> Mon, 6 Apr 2015 12:24:17 +0000 (UTC) >>>> Received: from SJV-EXHC1.natcom.com.sa (unknown [89.237.187.138]) >>>> by relay03.hes.trendmicro.eu (Postfix) with ESMTPS id 0CADD108003B; >>>> Mon, 6 Apr 2015 12:24:13 +0000 (UTC) >>>> Received: from SJV-EXMB1.natcom.com.sa ([172.16.200.106]) by >>>> SJV-EXHC1.natcom.com.sa ([172.16.200.105]) with mapi id 14.03.0174.001; Mon, >>>> 6 Apr 2015 15:24:12 +0300 >>>> From: Eyad Nashed > >>>> To: Charbel Abi Nader > >>>> CC: Mustafa Khan >, Hekmat Qassem >>>> > >>>> Subject: RE: Cisco Access Point Quotation >>>> Thread-Topic: Cisco Access Point Quotation >>>> Thread-Index: AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw >>>> Date: Mon, 6 Apr 2015 12:24:11 +0000 >>>> Message-ID: > >>>> References: <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > >>>> In-Reply-To: <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > >>>> Accept-Language: en-US >>>> Content-Language: en-US >>>> X-MS-Has-Attach: yes >>>> X-MS-TNEF-Correlator: >>>> x-originating-ip: [94.96.34.151] >>>> Content-Type: multipart/mixed; >>>> boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" >>>> MIME-Version: 1.0 >>>> X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 >>>> X-TMASE-Result: 10--28.541000-7.000000 >>>> X-TMASE-MatchedRID: OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ >>>> G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgEve5PR >>>> Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClRwk/W3 >>>> 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk >>>> pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr >>>> vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q >>>> Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 >>>> LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP >>>> EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv >>>> /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e >>>> SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTNDUDi9i >>>> 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY >>>> a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso >>>> 7pnCj3Td6w7ozQLgmIj9pQ1oyg== >>>> From: >>>> eyad.nashed at natcom.com.sa >>>> [Add to Whitelist | Add to Blacklist ] >>>> To: >>>> makhan at unitedgroup.com.sa >>>> cabinader at unitedgroup.com.sa >>>> Subject: >>>> RE: Cisco Access Point Quotation >>>> Size: >>>> 486.1Kb >>>> Anti-Virus/Dangerous Content Protection >>>> Virus: >>>> N >>>> Blocked File: >>>> N >>>> Other Infection: >>>> N >>>> SpamAssassin >>>> Spam: >>>> N Action(s): deliver, header, "X-Spam-Status:, No" >>>> High Scoring Spam: >>>> N >>>> SpamAssassin Spam: >>>> N >>>> Listed in RBL: >>>> N >>>> Spam Whitelisted: >>>> N >>>> Spam Blacklisted: >>>> N >>>> SpamAssassin Autolearn: >>>> N >>>> SpamAssassin Score: >>>> 0.00 >>>> Spam Report: >>>> Score >>>> Matching Rule >>>> Description >>>> large >>>> too >>>> >>>> Message Content Protection (MCP) >>>> MCP: >>>> N >>>> High Scoring MCP: >>>> N >>>> SpamAssassin MCP: >>>> N >>>> MCP Whitelisted: >>>> N >>>> MCP Blacklisted: >>>> N >>>> >>>> >>>> Regards >>>> Ejaz >>>> >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner at lists.mailscanner.info >>>> http://lists.mailscanner.info/listinfo/mailscanner >>>> >>>> >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner at lists.mailscanner.info >>>> http://lists.mailscanner.info/listinfo/mailscanner >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner at lists.mailscanner.info >>>> http://lists.mailscanner.info/listinfo/mailscanner >>> >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/listinfo/mailscanner >>> >>> >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/listinfo/mailscanner >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From Denis.Beauchemin at usherbrooke.ca Tue Apr 7 12:57:41 2015 From: Denis.Beauchemin at usherbrooke.ca (Denis Beauchemin) Date: Tue, 7 Apr 2015 12:57:41 +0000 Subject: PDF-Corruption In-Reply-To: References: Message-ID: Mohammed, I’d change “Use TNEF Contents = replace” to “Use TNEF Contents = no” for the source that sends you problematic TNEF attachments. Denis De : MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Mohammed Ejaz Envoyé : 6 avril 2015 12:05 À : 'MailScanner Discussion' Objet : RE: PDF-Corruption Thanks a lot sorry to disturb you, I called during your meeting. As I was unaware about it. This is what all I have for Tnef settings in my mailscanner. Does Any modification required ??? Please advice. Again thank you for your time. Expand TNEF attachments using an external program (or a Perl module)? # within the TNEF attachment will not be checked against the filename rules. Expand TNEF = no # When the TNEF (winmail.dat) attachments are expanded, should the # in "Outlook Rich Text Format" (TNEF) will be able to read the attachments # no => Leave winmail.dat TNEF attachments alone. # TNEF messages being doubled in size. # replace => Replace the winmail.dat TNEF attachment with the files it Use TNEF Contents = replace # We are working on a replacement for the TNEF decoder. Deliver Unparsable TNEF = yes # Where the MS-TNEF expander is installed. # the external TNEF expander binary, # may be. It helps protect against Denial Of Service attacks in TNEF files. #TNEF Expander = internal TNEF Expander = /usr/bin/tnef --maxsize=100000000 # The maximum length of time the TNEF Expander is allowed to run for 1 message. TNEF Timeout = 120 # maybe TNEF files to not be archives as they are really just another way # tnef -- "winmail.dat" files created by Microsoft Exchange or Outlook I believe Mailborder and FSL systems provide official support. Do you have any contacts email/phone numbers Ejaz From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, April 06, 2015 6:43 PM To: MailScanner discussion Subject: RE: PDF-Corruption I believe Mailborder and FSL systems provide official support. Try modifying your TNEF decoder settings in MailScanner.conf. On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" > wrote: Thanks, I cannot ask the customer as so many of them are complaining for the same, I can make any exception from my side from the MailScanner configuration. Is there any officially support for mailscanner?? As I wanted to subscribe it. Ejaz From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, April 06, 2015 5:25 PM To: MailScanner Discussion Subject: Re: PDF-Corruption Do an MD5SUM of the PDF file before and after processing. Also, ask the originator NOT to use TNEF encoding (Rich Text Format). Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ [Image supprimée par l'expéditeur.] Mobile: +507 6781-9505 Work: Le Service des Technologies de l'Information de l'UdeS veut vous mettre en garde contre "+5078326725" qui semble être une tentative de fraude envers +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream! Saturdays 8am-10am on Máxima 91.7FM Panama Follow @AlexNeuman on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz > wrote: Hello. One of my user keep complaining that he is unable to receive the PDF attachment properly, they are getting corrupted. But when I check my logs it doesn’t show any problem. Now my concern is how to justify the customer the problem is from his side or from my MailScanner. Please advice. Thanks for your usual co-operation. Below are the logs for the corrupted attachement/message Apr 6 15:27:08 nmersal MailScanner[23116]: Message C98395DF459.A2E18 from 150.70.237.8 (eyad.nashed at natcom.com.sa) to unitedgroup.com.sa is too big for spam checks (497744 > 150000 bytes) Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: C98395DF459.A2E18 to 555C55DF544 Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message C98395DF459.A2E18 to SQL Apr 6 15:27:08 nmersal MailScanner[24178]: C98395DF459.A2E18: Logged to MailWatch SQL Mail watch screen shot for the same message. Received on: 06/04/15 15:27:08 Received by: nmersal.cyberia.net.sa Received from: 150.70.237.8 [Add to Whitelist | Add to Blacklist] Received Via: IP Address Hostname Country RBL Spam Virus All 150.70.237.8 rout01.hes.trendmicro.eu (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 10.36.162.83 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 89.237.187.138 SJV-EXHC1.natcom.com.sa (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 172.16.200.106 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 172.16.200.105 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 94.96.34.151 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] ID: C98395DF459.A2E18 Message Headers: Received: from rout01.hes.trendmicro.eu (rout01.hes.trendmicro.eu [150.70.237.8]) by nmersal.cyberia.net.sa (Postfix) with ESMTP id C98395DF459; Mon, 6 Apr 2015 15:27:04 +0300 (AST) Received: from outmta.starcloud.com (unknown [10.36.162.83]) by rout01.hes.trendmicro.eu (Postfix) with SMTP id A01EA740040; Mon, 6 Apr 2015 12:24:17 +0000 (UTC) Received: from SJV-EXHC1.natcom.com.sa (unknown [89.237.187.138]) by relay03.hes.trendmicro.eu (Postfix) with ESMTPS id 0CADD108003B; Mon, 6 Apr 2015 12:24:13 +0000 (UTC) Received: from SJV-EXMB1.natcom.com.sa ([172.16.200.106]) by SJV-EXHC1.natcom.com.sa ([172.16.200.105]) with mapi id 14.03.0174.001; Mon, 6 Apr 2015 15:24:12 +0300 From: Eyad Nashed > To: Charbel Abi Nader > CC: Mustafa Khan >, Hekmat Qassem > Subject: RE: Cisco Access Point Quotation Thread-Topic: Cisco Access Point Quotation Thread-Index: AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw Date: Mon, 6 Apr 2015 12:24:11 +0000 Message-ID: > References: <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa> In-Reply-To: <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [94.96.34.151] Content-Type: multipart/mixed; boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" MIME-Version: 1.0 X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 X-TMASE-Result: 10--28.541000-7.000000 X-TMASE-MatchedRID: OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgEve5PR Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClRwk/W3 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTNDUDi9i 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso 7pnCj3Td6w7ozQLgmIj9pQ1oyg== From: eyad.nashed at natcom.com.sa [Add to Whitelist | Add to Blacklist] To: makhan at unitedgroup.com.sa cabinader at unitedgroup.com.sa Subject: RE: Cisco Access Point Quotation Size: 486.1Kb Anti-Virus/Dangerous Content Protection Virus: N Blocked File: N Other Infection: N SpamAssassin Spam: N Action(s): deliver, header, "X-Spam-Status:, No" High Scoring Spam: N SpamAssassin Spam: N Listed in RBL: N Spam Whitelisted: N Spam Blacklisted: N SpamAssassin Autolearn: N SpamAssassin Score: 0.00 Spam Report: Score Matching Rule Description large too Message Content Protection (MCP) MCP: N High Scoring MCP: N SpamAssassin MCP: N MCP Whitelisted: N MCP Blacklisted: N Regards Ejaz -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ~WRD000.jpg Type: image/jpeg Size: 823 bytes Desc: ~WRD000.jpg URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 332 bytes Desc: image001.jpg URL: From mejaz at cyberia.net.sa Wed Apr 8 08:04:11 2015 From: mejaz at cyberia.net.sa (Mohammed Ejaz) Date: Wed, 8 Apr 2015 11:04:11 +0300 Subject: PDF-Corruption In-Reply-To: References: <2F032519-327E-4F27-8C50-902B70106765@mailborder.com> <7DC92EC3-6CA7-4841-A314-707C356220E8@mailborder.com> Message-ID: <047a01d071d2$9b199400$d14cbc00$@net.sa> Hi jerry/alex These are headers what I have, I noticed few additional lines. when the message/pdf file gets corrupted. x-originating-ip: [94.96.34.151] Content-Type: multipart/mixed; boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" MIME-Version: 1.0 X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 X-TMASE-Result: 10--28.541000-7.000000 X-TMASE-MatchedRID: OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgEve5PR Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClRwk/W3 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTNDUDi9i 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso 7pnCj3Td6w7ozQLgmIj9pQ1oyg== X-yoursite-MailScanner-Information: Please contact the ISP for more information X-yoursite-MailScanner-ID: C98395DF459.A2E18 X-yoursite-MailScanner: Found to be clean X-yoursite-MailScanner-From: eyad.nashed at natcom.com.sa X-Spam-Status: No Return-Path: eyad.nashed at natcom.com.sa X-MS-Exchange-Organization-SCL: 0 X-MS-Exchange-Organization-PCL: 2 X-MS-Exchange-Organization-Antispam-Report: DV:3.3.5705.600;OrigIP:212.119.64.55 These are header when the same message/pdf file received perfectly , when It send from the other exchange server. ccept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/mixed; boundary="_004_5D03A0A65DC66246BD036492B3B4155D0125B0EFA0F3SRVEXCHANGE_" MIME-Version: 1.0 X-yoursite-MailScanner-Information: Please contact the ISP for more information X-yoursite-MailScanner-ID: 4A3055DF10C.AAD6C X-yoursite-MailScanner: Found to be clean X-yoursite-MailScanner-From: cabinader at unitedgroup.com.sa X-Spam-Status: No Please help. Ejaz From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, April 06, 2015 8:07 PM To: MailScanner Discussion Subject: Re: PDF-Corruption If it did, indeed, stop it - though from experience it's more likely a TNEF issue. I'd switch the TNEF unpacker to the internal and/or verify that the latest perl modules/tnef programs are installed, to be on the safe side. Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507 6781-9505 Work: +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream! Saturdays 8am-10am on Máxima 91.7FM Panama Follow @AlexNeuman on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Mon, Apr 6, 2015 at 11:57 AM, Jerry Benton wrote: “... until you figure out which one is stopping or corrupting the PDF.” I saw it. Still applies. - Jerry Benton www.mailborder.com On Apr 6, 2015, at 12:55 PM, Alex Neuman wrote: I believe he mentioned the PDF's are being corrupted, not stopped. Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507 6781-9505 Work: +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream! Saturdays 8am-10am on Máxima 91.7FM Panama Follow @AlexNeuman on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Mon, Apr 6, 2015 at 11:29 AM, Jerry Benton wrote: The PDF probably has a disallowed MIME type in the document. Edit your MIME types config file in /etc/MailScanner and allow all MIME types. Resend the email and see if it gets through. If it does, enable each MIME type until you figure out which one is stopping or corrupting the PDF. Note that there is a problem with the current Linux “file” command that has been causing problems with a lot of applications. This may or may not be your problem, but of the customers I have dealt with at Mailborder complaining of this issue, this is often the problem. - Jerry Benton www.mailborder.com On Apr 6, 2015, at 12:04 PM, Mohammed Ejaz wrote: Thanks a lot sorry to disturb you, I called during your meeting. As I was unaware about it. This is what all I have for Tnef settings in my mailscanner. Does Any modification required ??? Please advice. Again thank you for your time. Expand TNEF attachments using an external program (or a Perl module)? # within the TNEF attachment will not be checked against the filename rules. Expand TNEF = no # When the TNEF (winmail.dat) attachments are expanded, should the # in "Outlook Rich Text Format" (TNEF) will be able to read the attachments # no => Leave winmail.dat TNEF attachments alone. # TNEF messages being doubled in size. # replace => Replace the winmail.dat TNEF attachment with the files it Use TNEF Contents = replace # We are working on a replacement for the TNEF decoder. Deliver Unparsable TNEF = yes # Where the MS-TNEF expander is installed. # the external TNEF expander binary, # may be. It helps protect against Denial Of Service attacks in TNEF files. #TNEF Expander = internal TNEF Expander = /usr/bin/tnef --maxsize=100000000 # The maximum length of time the TNEF Expander is allowed to run for 1 message. TNEF Timeout = 120 # maybe TNEF files to not be archives as they are really just another way # tnef -- "winmail.dat" files created by Microsoft Exchange or Outlook I believe Mailborder and FSL systems provide official support. Do you have any contacts email/phone numbers Ejaz From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, April 06, 2015 6:43 PM To: MailScanner discussion Subject: RE: PDF-Corruption I believe Mailborder and FSL systems provide official support. Try modifying your TNEF decoder settings in MailScanner.conf. On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" < mejaz at cyberia.net.sa> wrote: Thanks, I cannot ask the customer as so many of them are complaining for the same, I can make any exception from my side from the MailScanner configuration. Is there any officially support for mailscanner?? As I wanted to subscribe it. Ejaz From: MailScanner [mailto: mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, April 06, 2015 5:25 PM To: MailScanner Discussion Subject: Re: PDF-Corruption Do an MD5SUM of the PDF file before and after processing. Also, ask the originator NOT to use TNEF encoding (Rich Text Format). Web Bug from http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000 Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507 6781-9505 Work: +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream! Saturdays 8am-10am on Máxima 91.7FM Panama Follow @AlexNeuman on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz < mejaz at cyberia.net.sa> wrote: Hello. One of my user keep complaining that he is unable to receive the PDF attachment properly, they are getting corrupted. But when I check my logs it doesn’t show any problem. Now my concern is how to justify the customer the problem is from his side or from my MailScanner. Please advice. Thanks for your usual co-operation. Below are the logs for the corrupted attachement/message Apr 6 15:27:08 nmersal MailScanner[23116]: Message C98395DF459.A2E18 from 150.70.237.8 ( eyad.nashed at natcom.com.sa) to unitedgroup.com.sa is too big for spam checks (497744 > 150000 bytes) Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: C98395DF459.A2E18 to 555C55DF544 Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message C98395DF459.A2E18 to SQL Apr 6 15:27:08 nmersal MailScanner[24178]: C98395DF459.A2E18: Logged to MailWatch SQL Mail watch screen shot for the same message. Received on: 06/04/15 15:27:08 Received by: nmersal.cyberia.net.sa Received from: 150.70.237.8 [ Add to Whitelist | Add to Blacklist] Received Via: IP Address Hostname Country RBL Spam Virus All 150.70.237.8 rout01.hes.trendmicro.eu (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 10.36.162.83 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 89.237.187.138 SJV-EXHC1.natcom.com.sa (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 172.16.200.106 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 172.16.200.105 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 94.96.34.151 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] ID: C98395DF459.A2E18 Message Headers: Received: from rout01.hes.trendmicro.eu ( rout01.hes.trendmicro.eu [150.70.237.8]) by nmersal.cyberia.net.sa (Postfix) with ESMTP id C98395DF459; Mon, 6 Apr 2015 15:27:04 +0300 (AST) Received: from outmta.starcloud.com (unknown [10.36.162.83]) by rout01.hes.trendmicro.eu (Postfix) with SMTP id A01EA740040; Mon, 6 Apr 2015 12:24:17 +0000 (UTC) Received: from SJV-EXHC1.natcom.com.sa (unknown [89.237.187.138]) by relay03.hes.trendmicro.eu (Postfix) with ESMTPS id 0CADD108003B; Mon, 6 Apr 2015 12:24:13 +0000 (UTC) Received: from SJV-EXMB1.natcom.com.sa ([172.16.200.106]) by SJV-EXHC1.natcom.com.sa ([172.16.200.105]) with mapi id 14.03.0174.001; Mon, 6 Apr 2015 15:24:12 +0300 From: Eyad Nashed < eyad.nashed at natcom.com.sa> To: Charbel Abi Nader < cabinader at unitedgroup.com.sa> CC: Mustafa Khan < makhan at unitedgroup.com.sa>, Hekmat Qassem < hekmatq at natcom.com.sa> Subject: RE: Cisco Access Point Quotation Thread-Topic: Cisco Access Point Quotation Thread-Index: AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw Date: Mon, 6 Apr 2015 12:24:11 +0000 Message-ID: < FBD94B164BE21A4393DB52F7CD6C8DFD16D46764 at SJV-EXMB1.natcom.com.sa> References: < 5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa> In-Reply-To: < 5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [94.96.34.151] Content-Type: multipart/mixed; boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" MIME-Version: 1.0 X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 X-TMASE-Result: 10--28.541000-7.000000 X-TMASE-MatchedRID: OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgEve5PR Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClRwk/W3 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTNDUDi9i 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso 7pnCj3Td6w7ozQLgmIj9pQ1oyg== From: eyad.nashed at natcom.com.sa [ Add to Whitelist | Add to Blacklist] To: makhan at unitedgroup.com.sa cabinader at unitedgroup.com.sa Subject: RE: Cisco Access Point Quotation Size: 486.1Kb Anti-Virus/Dangerous Content Protection Virus: N Blocked File: N Other Infection: N SpamAssassin Spam: N Action(s): deliver, header, "X-Spam-Status:, No" High Scoring Spam: N SpamAssassin Spam: N Listed in RBL: N Spam Whitelisted: N Spam Blacklisted: N SpamAssassin Autolearn: N SpamAssassin Score: 0.00 Spam Report: Score Matching Rule Description large too Message Content Protection (MCP) MCP: N High Scoring MCP: N SpamAssassin MCP: N MCP Whitelisted: N MCP Blacklisted: N Regards Ejaz -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From mejaz at cyberia.net.sa Wed Apr 8 08:32:27 2015 From: mejaz at cyberia.net.sa (Mohammed Ejaz) Date: Wed, 8 Apr 2015 11:32:27 +0300 Subject: PDF-Corruption In-Reply-To: <36D3757D-EE33-42D8-BF20-72B15C458FD1@mailborder.com> References: <2F032519-327E-4F27-8C50-902B70106765@mailborder.com> <7DC92EC3-6CA7-4841-A314-707C356220E8@mailborder.com> <008701d07117$8dce5300$a96af900$@net.sa> <36D3757D-EE33-42D8-BF20-72B15C458FD1@mailborder.com> Message-ID: <002901d071d6$91057b60$b3107220$@net.sa> Hi The problem is we cannot tell end user before sending an email to us, use only rich/plain or html text etc… So it should be control from our mailgatways is it?? Thank in advance really I do appreciate your great support. Ejaz From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: Tuesday, April 07, 2015 12:45 PM To: MailScanner Discussion Subject: Re: PDF-Corruption One user is using Rich Text, the other is not. - Jerry Benton www.mailborder.com On Apr 7, 2015, at 5:45 AM, Mohammed Ejaz wrote: All. The same PDF file when other user whose also using an exchange server, we are receiving it perfectly which is being relayed through same MailScanner. The PDF are getting corrupted from few exchange servers only. What could be the reason. Ejaz From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, April 06, 2015 8:07 PM To: MailScanner Discussion Subject: Re: PDF-Corruption If it did, indeed, stop it - though from experience it's more likely a TNEF issue. I'd switch the TNEF unpacker to the internal and/or verify that the latest perl modules/tnef programs are installed, to be on the safe side. Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507 6781-9505 Work: +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream! Saturdays 8am-10am on Máxima 91.7FM Panama Follow @AlexNeuman on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Mon, Apr 6, 2015 at 11:57 AM, Jerry Benton < jerry.benton at mailborder.com> wrote: “... until you figure out which one is stopping or corrupting the PDF.” I saw it. Still applies. - Jerry Benton www.mailborder.com On Apr 6, 2015, at 12:55 PM, Alex Neuman < alex at vidadigital.com.pa> wrote: I believe he mentioned the PDF's are being corrupted, not stopped. Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507 6781-9505 Work: +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream! Saturdays 8am-10am on Máxima 91.7FM Panama Follow @AlexNeuman on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Mon, Apr 6, 2015 at 11:29 AM, Jerry Benton < jerry.benton at mailborder.com> wrote: The PDF probably has a disallowed MIME type in the document. Edit your MIME types config file in /etc/MailScanner and allow all MIME types. Resend the email and see if it gets through. If it does, enable each MIME type until you figure out which one is stopping or corrupting the PDF. Note that there is a problem with the current Linux “file” command that has been causing problems with a lot of applications. This may or may not be your problem, but of the customers I have dealt with at Mailborder complaining of this issue, this is often the problem. - Jerry Benton www.mailborder.com On Apr 6, 2015, at 12:04 PM, Mohammed Ejaz < mejaz at cyberia.net.sa> wrote: Thanks a lot sorry to disturb you, I called during your meeting. As I was unaware about it. This is what all I have for Tnef settings in my mailscanner. Does Any modification required ??? Please advice. Again thank you for your time. Expand TNEF attachments using an external program (or a Perl module)? # within the TNEF attachment will not be checked against the filename rules. Expand TNEF = no # When the TNEF (winmail.dat) attachments are expanded, should the # in "Outlook Rich Text Format" (TNEF) will be able to read the attachments # no => Leave winmail.dat TNEF attachments alone. # TNEF messages being doubled in size. # replace => Replace the winmail.dat TNEF attachment with the files it Use TNEF Contents = replace # We are working on a replacement for the TNEF decoder. Deliver Unparsable TNEF = yes # Where the MS-TNEF expander is installed. # the external TNEF expander binary, # may be. It helps protect against Denial Of Service attacks in TNEF files. #TNEF Expander = internal TNEF Expander = /usr/bin/tnef --maxsize=100000000 # The maximum length of time the TNEF Expander is allowed to run for 1 message. TNEF Timeout = 120 # maybe TNEF files to not be archives as they are really just another way # tnef -- "winmail.dat" files created by Microsoft Exchange or Outlook I believe Mailborder and FSL systems provide official support. Do you have any contacts email/phone numbers Ejaz From: MailScanner [ mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, April 06, 2015 6:43 PM To: MailScanner discussion Subject: RE: PDF-Corruption I believe Mailborder and FSL systems provide official support. Try modifying your TNEF decoder settings in MailScanner.conf. On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" < mejaz at cyberia.net.sa> wrote: Thanks, I cannot ask the customer as so many of them are complaining for the same, I can make any exception from my side from the MailScanner configuration. Is there any officially support for mailscanner?? As I wanted to subscribe it. Ejaz From: MailScanner [mailto: mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, April 06, 2015 5:25 PM To: MailScanner Discussion Subject: Re: PDF-Corruption Do an MD5SUM of the PDF file before and after processing. Also, ask the originator NOT to use TNEF encoding (Rich Text Format). Web Bug from http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000 Alex Neuman van der Hans Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507 6781-9505 Work: +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream! Saturdays 8am-10am on Máxima 91.7FM Panama Follow @AlexNeuman on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz < mejaz at cyberia.net.sa> wrote: Hello. One of my user keep complaining that he is unable to receive the PDF attachment properly, they are getting corrupted. But when I check my logs it doesn’t show any problem. Now my concern is how to justify the customer the problem is from his side or from my MailScanner. Please advice. Thanks for your usual co-operation. Below are the logs for the corrupted attachement/message Apr 6 15:27:08 nmersal MailScanner[23116]: Message C98395DF459.A2E18 from 150.70.237.8 ( eyad.nashed at natcom.com.sa) to unitedgroup.com.sa is too big for spam checks (497744 > 150000 bytes) Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: C98395DF459.A2E18 to 555C55DF544 Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message C98395DF459.A2E18 to SQL Apr 6 15:27:08 nmersal MailScanner[24178]: C98395DF459.A2E18: Logged to MailWatch SQL Mail watch screen shot for the same message. Received on: 06/04/15 15:27:08 Received by: nmersal.cyberia.net.sa Received from: 150.70.237.8 [ Add to Whitelist | Add to Blacklist] Received Via: IP Address Hostname Country RBL Spam Virus All 150.70.237.8 rout01.hes.trendmicro.eu (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 10.36.162.83 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 89.237.187.138 SJV-EXHC1.natcom.com.sa (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 172.16.200.106 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 172.16.200.105 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 94.96.34.151 (Reverse Lookup Failed) (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] ID: C98395DF459.A2E18 Message Headers: Received: from rout01.hes.trendmicro.eu ( rout01.hes.trendmicro.eu [150.70.237.8]) by nmersal.cyberia.net.sa (Postfix) with ESMTP id C98395DF459; Mon, 6 Apr 2015 15:27:04 +0300 (AST) Received: from outmta.starcloud.com (unknown [10.36.162.83]) by rout01.hes.trendmicro.eu (Postfix) with SMTP id A01EA740040; Mon, 6 Apr 2015 12:24:17 +0000 (UTC) Received: from SJV-EXHC1.natcom.com.sa (unknown [89.237.187.138]) by relay03.hes.trendmicro.eu (Postfix) with ESMTPS id 0CADD108003B; Mon, 6 Apr 2015 12:24:13 +0000 (UTC) Received: from SJV-EXMB1.natcom.com.sa ([172.16.200.106]) by SJV-EXHC1.natcom.com.sa ([172.16.200.105]) with mapi id 14.03.0174.001; Mon, 6 Apr 2015 15:24:12 +0300 From: Eyad Nashed < eyad.nashed at natcom.com.sa> To: Charbel Abi Nader < cabinader at unitedgroup.com.sa> CC: Mustafa Khan < makhan at unitedgroup.com.sa>, Hekmat Qassem < hekmatq at natcom.com.sa> Subject: RE: Cisco Access Point Quotation Thread-Topic: Cisco Access Point Quotation Thread-Index: AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw Date: Mon, 6 Apr 2015 12:24:11 +0000 Message-ID: < FBD94B164BE21A4393DB52F7CD6C8DFD16D46764 at SJV-EXMB1.natcom.com.sa> References: < 5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa> In-Reply-To: < 5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [94.96.34.151] Content-Type: multipart/mixed; boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" MIME-Version: 1.0 X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 X-TMASE-Result: 10--28.541000-7.000000 X-TMASE-MatchedRID: OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgEve5PR Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClRwk/W3 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTNDUDi9i 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso 7pnCj3Td6w7ozQLgmIj9pQ1oyg== From: eyad.nashed at natcom.com.sa [ Add to Whitelist | Add to Blacklist] To: makhan at unitedgroup.com.sa cabinader at unitedgroup.com.sa Subject: RE: Cisco Access Point Quotation Size: 486.1Kb Anti-Virus/Dangerous Content Protection Virus: N Blocked File: N Other Infection: N SpamAssassin Spam: N Action(s): deliver, header, "X-Spam-Status:, No" High Scoring Spam: N SpamAssassin Spam: N Listed in RBL: N Spam Whitelisted: N Spam Blacklisted: N SpamAssassin Autolearn: N SpamAssassin Score: 0.00 Spam Report: Score Matching Rule Description large too Message Content Protection (MCP) MCP: N High Scoring MCP: N SpamAssassin MCP: N MCP Whitelisted: N MCP Blacklisted: N Regards Ejaz -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From heino.backhaus at fink-computer.de Wed Apr 8 09:02:37 2015 From: heino.backhaus at fink-computer.de (Heino Backhaus) Date: Wed, 8 Apr 2015 11:02:37 +0200 Subject: {Disarmed} RE: PDF-Corruption In-Reply-To: <002901d071d6$91057b60$b3107220$@net.sa> References: <2F032519-327E-4F27-8C50-902B70106765@mailborder.com> <7DC92EC3-6CA7-4841-A314-707C356220E8@mailborder.com> <008701d07117$8dce5300$a96af900$@net.sa> <36D3757D-EE33-42D8-BF20-72B15C458FD1@mailborder.com> <002901d071d6$91057b60$b3107220$@net.sa> Message-ID: <5524EEAD.2030006@fink-computer.de> Hi Ejaz, I'm using the following settings: Expand TNEF = yes Use TNEF Contents = replace ... TNEF Expander = /opt/MailScanner/bin/tnef --maxsize=100000000 These are very similar to yours and it's just running fine for me. In your case I would try this: Use TNEF Contents = add So, if the receipient's got an MS Outlook you/she/he can take a look at the contents of the winmail.dat an see if the pdf-file is viewable and compare it to the extracted one. cu -Heino Am 08.04.2015 um 10:32 schrieb Mohammed Ejaz: > Hi > > The problem is we cannot tell end user before sending an email to us, > use only rich/plain or html text etc… So it should be control from > our mailgatways is it?? > > Thank in advance really I do appreciate your great support. > > Ejaz > > *From:*MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] > *On Behalf Of *Jerry Benton > *Sent:* Tuesday, April 07, 2015 12:45 PM > *To:* MailScanner Discussion > *Subject:* Re: PDF-Corruption > > One user is using Rich Text, the other is not. > > > - > > Jerry Benton > > www.mailborder.com > > On Apr 7, 2015, at 5:45 AM, Mohammed Ejaz > wrote: > > All. > > The same PDF file when other user whose also using an exchange > server, we are receiving it perfectly which is being relayed > through same MailScanner. > > The PDF are getting corrupted from few exchange servers only. What > could be the reason. > > Ejaz > > *From:*MailScanner > [mailto:mailscanner-bounces at lists.mailscanner.info]*On Behalf > Of*Alex Neuman > *Sent:*Monday, April 06, 2015 8:07 PM > *To:*MailScanner Discussion > *Subject:*Re: PDF-Corruption > > If it did, indeed, stop it - though from experience it's more likely > a TNEF issue. > > I'd switch the TNEF unpacker to the internal and/or verify that the > latest perl modules/tnef programs are installed, to be on the safe side. > > Web Bug from > http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c > > > > *Alex Neuman van der Hans* > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > Mobile: +507 6781-9505 > Work: *MailScanner has detected a possible fraud attempt from > "+5078326725" claiming to be* +507 832-6725 > Work (USA): +1 (440) 253-9789 > > Skype: AlexNeuman > > > Don't miss Vida Digital on LiveStream > ! > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > Follow *@AlexNeuman > * on > Twitter > Like Vida Digital > on > Facebook > > Follow VidaDigital > on > Instagram > > Subscribe to Vida Digital > on > Youtube > > On Mon, Apr 6, 2015 at 11:57 AM, Jerry Benton > > > wrote: > > “... until you figure out which one is stopping or corrupting the PDF.” > > I saw it. Still applies. > > > - > > Jerry Benton > > www.mailborder.com > > On Apr 6, 2015, at 12:55 PM, Alex Neuman > > wrote: > > I believe he mentioned the PDF's are being corrupted, not stopped. > > > > *Alex Neuman van der Hans* > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > Mobile: +507 6781-9505 > Work: *MailScanner has detected a possible fraud attempt from > "+5078326725" claiming to be* +507 832-6725 > Work (USA): +1 (440) 253-9789 > > Skype: AlexNeuman > > > Don't miss Vida Digital on LiveStream > ! > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > Follow *@AlexNeuman > * on > Twitter > Like Vida Digital > on > Facebook > > Follow VidaDigital > on > Instagram > > Subscribe to Vida Digital > on > Youtube > > On Mon, Apr 6, 2015 at 11:29 AM, Jerry Benton > > wrote: > > The PDF probably has a disallowed MIME type in the document. > Edit your MIME types config file in /etc/MailScanner and allow > all MIME types. Resend the email and see if it gets through. If > it does, enable each MIME type until you figure out which one is > stopping or corrupting the PDF. Note that there is a problem > with the current Linux “file” command that has been causing > problems with a lot of applications. > > This may or may not be your problem, but of the customers I have > dealt with at Mailborder complaining of this issue, this is > often the problem. > > > - > > Jerry Benton > > www.mailborder.com > > On Apr 6, 2015, at 12:04 PM, Mohammed Ejaz > > wrote: > > Thanks a lot sorry to disturb you, I called during your > meeting. As I was unaware about it. > > *_This is what all I have for Tnef settings in my > mailscanner. _*Does Any modification required ??? Please > advice. > > Again thank you for your time. > > *__* > > *__* > > Expand TNEF attachments using an external program (or a Perl > module)? > > # within the TNEF attachment will not be checked against the > filename rules. > > Expand TNEF = no > > # When the TNEF (winmail.dat) attachments are expanded, > should the > > # in "Outlook Rich Text Format" (TNEF) will be able to read > the attachments > > # no => Leave winmail.dat TNEF attachments alone. > > # TNEF messages being doubled in size. > > # replace => Replace the winmail.dat TNEF attachment with > the files it > > Use TNEF Contents = replace > > # We are working on a replacement for the TNEF decoder. > > Deliver Unparsable TNEF = yes > > # Where the MS-TNEF expander is installed. > > # the external TNEF expander binary, > > # may be. It helps protect against Denial Of Service attacks > in TNEF files. > > #TNEF Expander = internal > > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > > # The maximum length of time the TNEF Expander is allowed to > run for 1 message. > > TNEF Timeout = 120 > > # maybe TNEF files to not be archives as they are really > just another way > > # tnef -- "winmail.dat" files created by Microsoft > Exchange or Outlook > > I believe Mailborder and FSL systems provide official support. > > Do you have any contacts email/phone numbers > > Ejaz > > *From:* MailScanner > [mailto:mailscanner-bounces at lists.mailscanner.info] *On > Behalf Of *Alex Neuman > *Sent:* Monday, April 06, 2015 6:43 PM > *To:* MailScanner discussion > *Subject:* RE: PDF-Corruption > > I believe Mailborder and FSL systems provide official support. > > Try modifying your TNEF decoder settings in MailScanner.conf. > > On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" > > wrote: > > Thanks, > > I cannot ask the customer as so many of them are complaining > for the same, I can make any exception from my side from > the MailScanner configuration. > > Is there any officially support for mailscanner?? As I > wanted to subscribe it. > > Ejaz > > *From:* MailScanner > [mailto:mailscanner-bounces at lists.mailscanner.info > ] *On > Behalf Of *Alex Neuman > *Sent:* Monday, April 06, 2015 5:25 PM > *To:* MailScanner Discussion > *Subject:* Re: PDF-Corruption > > Do an MD5SUM of the PDF file before and after processing. > > Also, ask the originator NOT to use TNEF encoding (Rich Text > Format). > > Web Bug from > http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000 > > > > *Alex Neuman van der Hans* > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > Mobile: +507 6781-9505 > Work: *MailScanner has detected a possible fraud attempt > from "+5078326725" claiming to be* +507 832-6725 > > Work (USA): +1 (440) 253-9789 > > Skype: AlexNeuman > > > Don't miss Vida Digital on LiveStream > ! > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > Follow *@AlexNeuman > * on > Twitter > Like Vida Digital > on > Facebook > > Follow VidaDigital > on > Instagram > > Subscribe to Vida Digital > on > Youtube > > On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz > > wrote: > > Hello. > > One of my user keep complaining that he is unable to > receive the PDF attachment properly, they are getting > corrupted. But when I check my logs it doesn’t show any > problem. Now my concern is how to justify the customer the > problem is from his side or from my MailScanner. Please > advice. Thanks for your usual co-operation. > > *_Below are the logs for the corrupted attachement/message _* > > Apr 6 15:27:08 nmersal MailScanner[23116]: Message > C98395DF459.A2E18 from 150.70.237.8 > (eyad.nashed at natcom.com.sa > ) to unitedgroup.com.sa > is too big for spam checks > (497744 > 150000 bytes) > > Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: > C98395DF459.A2E18 to 555C55DF544 > > Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message > C98395DF459.A2E18 to SQL > > Apr 6 15:27:08 nmersal MailScanner[24178]: > C98395DF459.A2E18: Logged to MailWatch SQL > > *_Mail watch screen shot for the same message. _* > > *Received on:* > > > > 06/04/15 15:27:08 > > *Received by:* > > > > nmersal.cyberia.net.sa > > *Received from:* > > > > 150.70.237.8 > > > > [Add to Whitelist > | > Add to Blacklist > ] > > *Received Via:* > > > > *IP Address* > > > > *Hostname* > > > > *Country* > > > > *RBL* > > > > *Spam* > > > > *Virus* > > > > *All* > > 150.70.237.8 > > > > rout01.hes.trendmicro.eu > > > > (GeoIP Lookup Failed) > > > > [] > > > > [] > > > > [] > > > > [] > > 10.36.162.83 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > [] > > > > [] > > > > [] > > > > [] > > 89.237.187.138 > > > > SJV-EXHC1.natcom.com.sa > > > > (GeoIP Lookup Failed) > > > > [] > > > > [] > > > > [] > > > > [] > > 172.16.200.106 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > [] > > > > [] > > > > [] > > > > [] > > 172.16.200.105 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > [] > > > > [] > > > > [] > > > > [] > > 94.96.34.151 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > [] > > > > [] > > > > [] > > > > [] > > *ID:* > > > > C98395DF459.A2E18 > > *Message Headers:* > > > > Received: from rout01.hes.trendmicro.eu > (rout01.hes.trendmicro.eu > [150.70.237.8]) > by nmersal.cyberia.net.sa > (Postfix) with ESMTP id > C98395DF459; > Mon, 6 Apr 2015 15:27:04 +0300 (AST) > Received: from outmta.starcloud.com > (unknown [10.36.162.83]) > by rout01.hes.trendmicro.eu > (Postfix) with SMTP id > A01EA740040; > Mon, 6 Apr 2015 12:24:17 +0000 (UTC) > Received: from SJV-EXHC1.natcom.com.sa > (unknown [89.237.187.138]) > by relay03.hes.trendmicro.eu > (Postfix) with ESMTPS id > 0CADD108003B; > Mon, 6 Apr 2015 12:24:13 +0000 (UTC) > Received: from SJV-EXMB1.natcom.com.sa > ([172.16.200.106]) by > SJV-EXHC1.natcom.com.sa > ([172.16.200.105]) with > mapi id 14.03.0174.001; Mon, > 6 Apr 2015 15:24:12 +0300 > From: Eyad Nashed > > To: Charbel Abi Nader > > CC: Mustafa Khan >, Hekmat Qassem > > > Subject: RE: Cisco Access Point Quotation > Thread-Topic: Cisco Access Point Quotation > Thread-Index: > AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw > Date: Mon, 6 Apr 2015 12:24:11 +0000 > Message-ID: > > > References: > <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > > > In-Reply-To: > <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > > > Accept-Language: en-US > Content-Language: en-US > X-MS-Has-Attach: yes > X-MS-TNEF-Correlator: > x-originating-ip: [94.96.34.151] > Content-Type: multipart/mixed; > > boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" > MIME-Version: 1.0 > X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 > X-TMASE-Result: 10--28.541000-7.000000 > X-TMASE-MatchedRID: > OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ > > G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgEve5PR > > Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClRwk/W3 > > 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRxYRCMk > > pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9jTVgr > > vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHCe0E4q > > Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhePwhb7 > > LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54LbxFLzYP > > EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YRHfthv > > /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCxGdJ4e > > SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTNDUDi9i > > 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/gT2zXY > > a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso > 7pnCj3Td6w7ozQLgmIj9pQ1oyg== > > *From:* > > > > eyad.nashed at natcom.com.sa > > > > [Add to Whitelist > | > Add to Blacklist > ] > > *To:* > > > > makhan at unitedgroup.com.sa > cabinader at unitedgroup.com.sa > > > *Subject:* > > > > RE: Cisco Access Point Quotation > > *Size:* > > > > 486.1Kb > > *Anti-Virus/Dangerous Content Protection* > > *Virus:* > > > > * N * > > *Blocked File:* > > > > * N * > > *Other Infection:* > > > > * N * > > *SpamAssassin* > > *Spam:* > > > > * N * Action(s): deliver, header, "X-Spam-Status:, No" > > *High Scoring Spam:* > > > > * N * > > *SpamAssassin Spam:* > > > > * N * > > *Listed in RBL:* > > > > * N * > > *Spam Whitelisted:* > > > > * N * > > *Spam Blacklisted:* > > > > * N * > > *SpamAssassin Autolearn:* > > > > * N * > > *SpamAssassin Score:* > > > > 0.00 > > *Spam Report:* > > > > *Score* > > > > *Matching Rule* > > > > *Description* > > large > > > > too > > > > *Message Content Protection (MCP)* > > *MCP:* > > > > * N * > > *High Scoring MCP:* > > > > * N * > > *SpamAssassin MCP:* > > > > * N * > > *MCP Whitelisted:* > > > > * N * > > *MCP Blacklisted:* > > > > * N * > > Regards > > Ejaz > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > From mejaz at cyberia.net.sa Wed Apr 8 09:23:22 2015 From: mejaz at cyberia.net.sa (Mohammed Ejaz) Date: Wed, 8 Apr 2015 12:23:22 +0300 Subject: {Disarmed} RE: PDF-Corruption In-Reply-To: <5524EEAD.2030006@fink-computer.de> References: <2F032519-327E-4F27-8C50-902B70106765@mailborder.com> <7DC92EC3-6CA7-4841-A314-707C356220E8@mailborder.com> <008701d07117$8dce5300$a96af900$@net.sa> <36D3757D-EE33-42D8-BF20-72B15C458FD1@mailborder.com> <002901d071d6$91057b60$b3107220$@net.sa> <5524EEAD.2030006@fink-computer.de> Message-ID: <006e01d071dd$ab4c2670$01e47350$@net.sa> My existing settings as follows Expand TNEF = no Use TNEF Contents = replace TNEF Expander = /usr/bin/tnef --maxsize=100000000 You want me to replace with the below??? Expand TNEF = yes Use TNEF Contents = replace Since the other one TNEF expander is similar your one and mine. And do the test?? Ejaz -----Original Message----- From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Heino Backhaus Sent: Wednesday, April 08, 2015 12:03 PM To: MailScanner Discussion Subject: Re: {Disarmed} RE: PDF-Corruption Hi Ejaz, I'm using the following settings: Expand TNEF = yes Use TNEF Contents = replace ... TNEF Expander = /opt/MailScanner/bin/tnef --maxsize=100000000 These are very similar to yours and it's just running fine for me. In your case I would try this: Use TNEF Contents = add So, if the receipient's got an MS Outlook you/she/he can take a look at the contents of the winmail.dat an see if the pdf-file is viewable and compare it to the extracted one. cu -Heino Am 08.04.2015 um 10:32 schrieb Mohammed Ejaz: > Hi > > The problem is we cannot tell end user before sending an email to us, > use only rich/plain or html text etc… So it should be control from > our mailgatways is it?? > > Thank in advance really I do appreciate your great support. > > Ejaz > > *From:*MailScanner [ mailto:mailscanner-bounces at lists.mailscanner.info] > *On Behalf Of *Jerry Benton > *Sent:* Tuesday, April 07, 2015 12:45 PM > *To:* MailScanner Discussion > *Subject:* Re: PDF-Corruption > > One user is using Rich Text, the other is not. > > > - > > Jerry Benton > > www.mailborder.com < http://www.mailborder.com> > > On Apr 7, 2015, at 5:45 AM, Mohammed Ejaz < mailto:mejaz at cyberia.net.sa>> wrote: > > All. > > The same PDF file when other user whose also using an exchange > server, we are receiving it perfectly which is being relayed > through same MailScanner. > > The PDF are getting corrupted from few exchange servers only. What > could be the reason. > > Ejaz > > *From:*MailScanner > [ mailto:mailscanner-bounces at lists.mailscanner.info]*On Behalf > Of*Alex Neuman > *Sent:*Monday, April 06, 2015 8:07 PM > *To:*MailScanner Discussion > *Subject:*Re: PDF-Corruption > > If it did, indeed, stop it - though from experience it's more likely > a TNEF issue. > > I'd switch the TNEF unpacker to the internal and/or verify that the > latest perl modules/tnef programs are installed, to be on the safe side. > > Web Bug from > > http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v > 5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=05c > c99e4-a934-4057-8312-5895ed2ee49c > > > > *Alex Neuman van der Hans* > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > Mobile: +507 6781-9505 > Work: *MailScanner has detected a possible fraud attempt from > "+5078326725" claiming to be* +507 832-6725 < http://+5078326725/> > Work (USA): +1 (440) 253-9789 > > Skype: AlexNeuman > > > Don't miss Vida Digital on LiveStream > < http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Fnew.livestream.com%2Faccounts%2F5061819&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c>! > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > Follow *@AlexNeuman > < http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ftwitter.com%2Falexneuman&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c>* on > Twitter > Like Vida Digital > < http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ffacebook.com%2Fvidadigital%2F&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c> on > Facebook > > Follow VidaDigital > < http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Finstagram.com%2Fvidadigital&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c> on > Instagram > > Subscribe to Vida Digital > < http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Fyoutube.com%2Freliantpty&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c> on > Youtube > > On Mon, Apr 6, 2015 at 11:57 AM, Jerry Benton > < jerry.benton at mailborder.com > > wrote: > > “... until you figure out which one is stopping or corrupting the PDF.” > > I saw it. Still applies. > > > - > > Jerry Benton > > www.mailborder.com < http://www.mailborder.com/> > > On Apr 6, 2015, at 12:55 PM, Alex Neuman > < alex at vidadigital.com.pa > wrote: > > I believe he mentioned the PDF's are being corrupted, not stopped. > > > > *Alex Neuman van der Hans* > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > Mobile: +507 6781-9505 > Work: *MailScanner has detected a possible fraud attempt from > "+5078326725" claiming to be* +507 832-6725 < http://+5078326725/> > Work (USA): +1 (440) 253-9789 > > Skype: AlexNeuman > > > Don't miss Vida Digital on LiveStream > < http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Fnew.livestream.com%2Faccounts%2F5061819&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23>! > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > Follow *@AlexNeuman > < http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ftwitter.com%2Falexneuman&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23>* on > Twitter > Like Vida Digital > < http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ffacebook.com%2Fvidadigital%2F&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23> on > Facebook > > Follow VidaDigital > < http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Finstagram.com%2Fvidadigital&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23> on > Instagram > > Subscribe to Vida Digital > < http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Fyoutube.com%2Freliantpty&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23> on > Youtube > > On Mon, Apr 6, 2015 at 11:29 AM, Jerry Benton > < mailto:jerry.benton at mailborder.com>> wrote: > > The PDF probably has a disallowed MIME type in the document. > Edit your MIME types config file in /etc/MailScanner and allow > all MIME types. Resend the email and see if it gets through. If > it does, enable each MIME type until you figure out which one is > stopping or corrupting the PDF. Note that there is a problem > with the current Linux “file” command that has been causing > problems with a lot of applications. > > This may or may not be your problem, but of the customers I have > dealt with at Mailborder complaining of this issue, this is > often the problem. > > > - > > Jerry Benton > > www.mailborder.com < http://www.mailborder.com/> > > On Apr 6, 2015, at 12:04 PM, Mohammed Ejaz > < mejaz at cyberia.net.sa > wrote: > > Thanks a lot sorry to disturb you, I called during your > meeting. As I was unaware about it. > > *_This is what all I have for Tnef settings in my > mailscanner. _*Does Any modification required ??? Please > advice. > > Again thank you for your time. > > *__* > > *__* > > Expand TNEF attachments using an external program (or a Perl > module)? > > # within the TNEF attachment will not be checked against the > filename rules. > > Expand TNEF = no > > # When the TNEF (winmail.dat) attachments are expanded, > should the > > # in "Outlook Rich Text Format" (TNEF) will be able to read > the attachments > > # no => Leave winmail.dat TNEF attachments alone. > > # TNEF messages being doubled in size. > > # replace => Replace the winmail.dat TNEF attachment with > the files it > > Use TNEF Contents = replace > > # We are working on a replacement for the TNEF decoder. > > Deliver Unparsable TNEF = yes > > # Where the MS-TNEF expander is installed. > > # the external TNEF expander binary, > > # may be. It helps protect against Denial Of Service attacks > in TNEF files. > > #TNEF Expander = internal > > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > > # The maximum length of time the TNEF Expander is allowed to > run for 1 message. > > TNEF Timeout = 120 > > # maybe TNEF files to not be archives as they are really > just another way > > # tnef -- "winmail.dat" files created by Microsoft > Exchange or Outlook > > I believe Mailborder and FSL systems provide official support. > > Do you have any contacts email/phone numbers > > Ejaz > > *From:* MailScanner > [ mailto:mailscanner-bounces at lists.mailscanner.info] *On > Behalf Of *Alex Neuman > *Sent:* Monday, April 06, 2015 6:43 PM > *To:* MailScanner discussion > *Subject:* RE: PDF-Corruption > > I believe Mailborder and FSL systems provide official support. > > Try modifying your TNEF decoder settings in MailScanner.conf. > > On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" > < mejaz at cyberia.net.sa > wrote: > > Thanks, > > I cannot ask the customer as so many of them are complaining > for the same, I can make any exception from my side from > the MailScanner configuration. > > Is there any officially support for mailscanner?? As I > wanted to subscribe it. > > Ejaz > > *From:* MailScanner > [mailto:mailscanner-bounces at lists.mailscanner.info > < mailto:mailscanner-bounces at lists.mailscanner.info>] *On > Behalf Of *Alex Neuman > *Sent:* Monday, April 06, 2015 5:25 PM > *To:* MailScanner Discussion > *Subject:* Re: PDF-Corruption > > Do an MD5SUM of the PDF file before and after processing. > > Also, ask the originator NOT to use TNEF encoding (Rich Text > Format). > > Web Bug from > > http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v > 5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=8f4 > 1d298-9289-4b2f-8696-168d37d56000 > > > > *Alex Neuman van der Hans* > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > Mobile: +507 6781-9505 < tel:%2B507%206781-9505> > Work: *MailScanner has detected a possible fraud attempt > from "+5078326725" claiming to be* +507 832-6725 > < http://+5078326725/> > Work (USA): +1 (440) 253-9789 > < tel:%2B1%20%28440%29%20253-9789> > > Skype: AlexNeuman > > > Don't miss Vida Digital on LiveStream > < http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Fnew.livestream.com%2Faccounts%2F5061819&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000>! > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > Follow *@AlexNeuman > < http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ftwitter.com%2Falexneuman&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000>* on > Twitter > Like Vida Digital > < http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ffacebook.com%2Fvidadigital%2F&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000> on > Facebook > > Follow VidaDigital > < http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Finstagram.com%2Fvidadigital&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000> on > Instagram > > Subscribe to Vida Digital > < http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Fyoutube.com%2Freliantpty&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000> on > Youtube > > On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz > < mejaz at cyberia.net.sa > wrote: > > Hello. > > One of my user keep complaining that he is unable to > receive the PDF attachment properly, they are getting > corrupted. But when I check my logs it doesn’t show any > problem. Now my concern is how to justify the customer the > problem is from his side or from my MailScanner. Please > advice. Thanks for your usual co-operation. > > *_Below are the logs for the corrupted attachement/message > _* > > Apr 6 15:27:08 nmersal MailScanner[23116]: Message > C98395DF459.A2E18 from 150.70.237.8 > ( eyad.nashed at natcom.com.sa > < mailto:eyad.nashed at natcom.com.sa>) to unitedgroup.com.sa > < http://unitedgroup.com.sa/> is too big for spam checks > (497744 > 150000 bytes) > > Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: > C98395DF459.A2E18 to 555C55DF544 > > Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message > C98395DF459.A2E18 to SQL > > Apr 6 15:27:08 nmersal MailScanner[24178]: > C98395DF459.A2E18: Logged to MailWatch SQL > > *_Mail watch screen shot for the same message. _* > > *Received on:* > > > > 06/04/15 15:27:08 > > *Received by:* > > > > nmersal.cyberia.net.sa < http://nmersal.cyberia.net.sa/> > > *Received from:* > > > > 150.70.237.8 > > > > [Add to Whitelist > < http://nmersal.cyberia.net.sa/mailscanner/lists.php?host=150.70.237.8&from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader at unitedgroup.com.sa&type=h&list=w> | > Add to Blacklist > > &from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader > @unitedgroup.com.sa&type=h&list=b>] > > *Received Via:* > > > > *IP Address* > > > > *Hostname* > > > > *Country* > > > > *RBL* > > > > *Spam* > > > > *Virus* > > > > *All* > > 150.70.237.8 > > > > rout01.hes.trendmicro.eu > < http://rout01.hes.trendmicro.eu/> > > > > (GeoIP Lookup Failed) > > > > > [ 8>] > > > > > [ lay=150.70.237.8&isspam=1>] > > > > > [ lay=150.70.237.8&isvirus=1>] > > > > > [ lay=150.70.237.8>] > > 10.36.162.83 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > > [ 3>] > > > > > [ lay=10.36.162.83&isspam=1>] > > > > > [ lay=10.36.162.83&isvirus=1>] > > > > > [ lay=10.36.162.83>] > > 89.237.187.138 > > > > SJV-EXHC1.natcom.com.sa < http://sjv-exhc1.natcom.com.sa/> > > > > (GeoIP Lookup Failed) > > > > > [ 138>] > > > > > [ lay=89.237.187.138&isspam=1>] > > > > > [ lay=89.237.187.138&isvirus=1>] > > > > > [ lay=89.237.187.138>] > > 172.16.200.106 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > > [ 106>] > > > > > [ lay=172.16.200.106&isspam=1>] > > > > > [ lay=172.16.200.106&isvirus=1>] > > > > > [ lay=172.16.200.106>] > > 172.16.200.105 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > > [ 105>] > > > > > [ lay=172.16.200.105&isspam=1>] > > > > > [ lay=172.16.200.105&isvirus=1>] > > > > > [ lay=172.16.200.105>] > > 94.96.34.151 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > > [ 1>] > > > > > [ lay=94.96.34.151&isspam=1>] > > > > > [ lay=94.96.34.151&isvirus=1>] > > > > > [ lay=94.96.34.151>] > > *ID:* > > > > C98395DF459.A2E18 > > *Message Headers:* > > > > Received: from rout01.hes.trendmicro.eu > < http://rout01.hes.trendmicro.eu/> (rout01.hes.trendmicro.eu > < http://rout01.hes.trendmicro.eu/> [150.70.237.8]) > by nmersal.cyberia.net.sa > < http://nmersal.cyberia.net.sa/> (Postfix) with ESMTP id > C98395DF459; > Mon, 6 Apr 2015 15:27:04 +0300 (AST) > Received: from outmta.starcloud.com > < http://outmta.starcloud.com/> (unknown [10.36.162.83]) > by rout01.hes.trendmicro.eu > < http://rout01.hes.trendmicro.eu/> (Postfix) with SMTP id > A01EA740040; > Mon, 6 Apr 2015 12:24:17 +0000 (UTC) > Received: from SJV-EXHC1.natcom.com.sa > < http://sjv-exhc1.natcom.com.sa/> (unknown [89.237.187.138]) > by relay03.hes.trendmicro.eu > < http://relay03.hes.trendmicro.eu/> (Postfix) with ESMTPS id > 0CADD108003B; > Mon, 6 Apr 2015 12:24:13 +0000 (UTC) > Received: from SJV-EXMB1.natcom.com.sa > < http://sjv-exmb1.natcom.com.sa/> ([172.16.200.106]) by > SJV-EXHC1.natcom.com.sa > < http://sjv-exhc1.natcom.com.sa/> ([172.16.200.105]) with > mapi id 14.03.0174.001; Mon, > 6 Apr 2015 15:24:12 +0300 > From: Eyad Nashed < mailto:eyad.nashed at natcom.com.sa>> > To: Charbel Abi Nader < mailto:cabinader at unitedgroup.com.sa>> > CC: Mustafa Khan < mailto:makhan at unitedgroup.com.sa>>, Hekmat Qassem > < hekmatq at natcom.com.sa > > Subject: RE: Cisco Access Point Quotation > Thread-Topic: Cisco Access Point Quotation > Thread-Index: > AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw > Date: Mon, 6 Apr 2015 12:24:11 +0000 > Message-ID: > < mailto:FBD94B164BE21A4393DB52F7CD6C8DFD16D46764 at SJV-EXMB1.natcom.com.sa>> > References: > <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > < mailto:5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa>> > In-Reply-To: > <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > < mailto:5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa>> > Accept-Language: en-US > Content-Language: en-US > X-MS-Has-Attach: yes > X-MS-TNEF-Correlator: > x-originating-ip: [94.96.34.151] > Content-Type: multipart/mixed; > > boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" > MIME-Version: 1.0 > X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 > X-TMASE-Result: 10--28.541000-7.000000 > X-TMASE-MatchedRID: > OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ > > > G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgE > ve5PR > > > Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClR > wk/W3 > > > 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRx > YRCMk > > > pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9 > jTVgr > > > vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHC > e0E4q > > > Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhe > Pwhb7 > > > LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54Lbx > FLzYP > > > EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YR > Hfthv > > > /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCx > GdJ4e > > > SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTND > UDi9i > > > 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/g > T2zXY > > a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso > 7pnCj3Td6w7ozQLgmIj9pQ1oyg== > > *From:* > > > > eyad.nashed at natcom.com.sa > < mailto:eyad.nashed at natcom.com.sa> > > > > [Add to Whitelist > < http://nmersal.cyberia.net.sa/mailscanner/lists.php?host=150.70.237.8&from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader at unitedgroup.com.sa&type=f&list=w> | > Add to Blacklist > > &from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader > @unitedgroup.com.sa&type=f&list=b>] > > *To:* > > > > makhan at unitedgroup.com.sa < mailto:makhan at unitedgroup.com.sa> > cabinader at unitedgroup.com.sa > < mailto:cabinader at unitedgroup.com.sa> > > *Subject:* > > > > RE: Cisco Access Point Quotation > > *Size:* > > > > 486.1Kb > > *Anti-Virus/Dangerous Content Protection* > > *Virus:* > > > > * N * > > *Blocked File:* > > > > * N * > > *Other Infection:* > > > > * N * > > *SpamAssassin* > > *Spam:* > > > > * N * Action(s): deliver, header, "X-Spam-Status:, No" > > *High Scoring Spam:* > > > > * N * > > *SpamAssassin Spam:* > > > > * N * > > *Listed in RBL:* > > > > * N * > > *Spam Whitelisted:* > > > > * N * > > *Spam Blacklisted:* > > > > * N * > > *SpamAssassin Autolearn:* > > > > * N * > > *SpamAssassin Score:* > > > > 0.00 > > *Spam Report:* > > > > *Score* > > > > *Matching Rule* > > > > *Description* > > large > > > > too > > > > *Message Content Protection (MCP)* > > *MCP:* > > > > * N * > > *High Scoring MCP:* > > > > * N * > > *SpamAssassin MCP:* > > > > * N * > > *MCP Whitelisted:* > > > > * N * > > *MCP Blacklisted:* > > > > * N * > > Regards > > Ejaz > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > < mailto:mailscanner at lists.mailscanner.info> > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > < mailto:mailscanner at lists.mailscanner.info> > http://lists.mailscanner.info/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > < mailto:mailscanner at lists.mailscanner.info> > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > < mailto:mailscanner at lists.mailscanner.info> > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > < mailto:mailscanner at lists.mailscanner.info> > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > < mailto:mailscanner at lists.mailscanner.info> > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > < mailto:mailscanner at lists.mailscanner.info> > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From heino.backhaus at fink-computer.de Wed Apr 8 09:37:26 2015 From: heino.backhaus at fink-computer.de (Heino Backhaus) Date: Wed, 8 Apr 2015 11:37:26 +0200 Subject: {Disarmed} RE: {Disarmed} RE: PDF-Corruption In-Reply-To: <006e01d071dd$ab4c2670$01e47350$@net.sa> References: <2F032519-327E-4F27-8C50-902B70106765@mailborder.com> <7DC92EC3-6CA7-4841-A314-707C356220E8@mailborder.com> <008701d07117$8dce5300$a96af900$@net.sa> <36D3757D-EE33-42D8-BF20-72B15C458FD1@mailborder.com> <002901d071d6$91057b60$b3107220$@net.sa> <5524EEAD.2030006@fink-computer.de> <006e01d071dd$ab4c2670$01e47350$@net.sa> Message-ID: <5524F6D6.8070901@fink-computer.de> Hi, my sugestion is to change Use TNEF Contents = replace to Use TNEF Contents = add so, in this case, the attachments in winmal.dat are extracted and attachend to the mail. The winmail.dat stais in the mail. So you can (if you got an MS Outlook) take a look into the winmail.dat to see if the original pdf-file is viewable and compare it to the, via tnef, extracted one. Hope this helps. Am 08.04.2015 um 11:23 schrieb Mohammed Ejaz: > My existing settings as follows > > Expand TNEF = no > > Use TNEF Contents = replace > > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > > You want me to replace with the below??? > > Expand TNEF = yes > > Use TNEF Contents = replace > > Since the other one TNEF expander is similar your one and mine. > > And do the test?? > > Ejaz > > -----Original Message----- > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On > Behalf Of Heino Backhaus > Sent: Wednesday, April 08, 2015 12:03 PM > To: MailScanner Discussion > Subject: Re: {Disarmed} RE: PDF-Corruption > > Hi Ejaz, > > I'm using the following settings: > > Expand TNEF = yes > > Use TNEF Contents = replace > > ... > > TNEF Expander = /opt/MailScanner/bin/tnef --maxsize=100000000 > > These are very similar to yours and it's just running fine for me. In > your case I would try this: > > Use TNEF Contents = add > > So, if the receipient's got an MS Outlook you/she/he can take a look at > the contents of the winmail.dat an see if the pdf-file is viewable and > compare it to the extracted one. > > cu > > -Heino > > Am 08.04.2015 um 10:32 schrieb Mohammed Ejaz: > > > Hi > > > > > > The problem is we cannot tell end user before sending an email to us, > > > use only rich/plain or html text etc… So it should be control from > > > our mailgatways is it?? > > > > > > Thank in advance really I do appreciate your great support. > > > > > > Ejaz > > > > > > *From:*MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] > > > *On Behalf Of *Jerry Benton > > > *Sent:* Tuesday, April 07, 2015 12:45 PM > > > *To:* MailScanner Discussion > > > *Subject:* Re: PDF-Corruption > > > > > > One user is using Rich Text, the other is not. > > > > > > > > > - > > > > > > Jerry Benton > > > > > > www.mailborder.com > > > > > > > On Apr 7, 2015, at 5:45 AM, Mohammed Ejaz > > > wrote: > > > > > > All. > > > > > > The same PDF file when other user whose also using an exchange > > > server, we are receiving it perfectly which is being relayed > > > through same MailScanner. > > > > > > The PDF are getting corrupted from few exchange servers only. What > > > could be the reason. > > > > > > Ejaz > > > > > > *From:*MailScanner > > > [mailto:mailscanner-bounces at lists.mailscanner.info]*On Behalf > > > Of*Alex Neuman > > > *Sent:*Monday, April 06, 2015 8:07 PM > > > *To:*MailScanner Discussion > > > *Subject:*Re: PDF-Corruption > > > > > > If it did, indeed, stop it - though from experience it's more likely > > > a TNEF issue. > > > > > > I'd switch the TNEF unpacker to the internal and/or verify that the > > > latest perl modules/tnef programs are installed, to be on the > safe side. > > > > > > Web Bug from > > > > > > http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v > > > 5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=05c > > > c99e4-a934-4057-8312-5895ed2ee49c > > > > > > > > > > > > *Alex Neuman van der Hans* > > > Reliant Technologies / Vida Digital > > > http://vidadigital.com.pa/ > > > > > > Mobile: +507 6781-9505 > > > Work: *MailScanner has detected a possible fraud attempt from > > > "+5078326725" claiming to be* +507 832-6725 <*MailScanner has > detected a possible fraud attempt from "+5078326725" claiming to be* > http://+5078326725/> > > > Work (USA): +1 (440) 253-9789 > > > > > > Skype: AlexNeuman > > > > > > > > > Don't miss Vida Digital on LiveStream > > > > ! > > > > > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > > > > > > > Follow *@AlexNeuman > > > > * > on > > > Twitter > > > Like Vida Digital > > > > > on > > > Facebook > > > > > > Follow VidaDigital > > > > > on > > > Instagram > > > > > > Subscribe to Vida Digital > > > > > on > > > Youtube > > > > > > On Mon, Apr 6, 2015 at 11:57 AM, Jerry Benton > > > >> > > > wrote: > > > > > > “... until you figure out which one is stopping or corrupting the > PDF.” > > > > > > I saw it. Still applies. > > > > > > > > > - > > > > > > Jerry Benton > > > > > > www.mailborder.com > > > > > > > On Apr 6, 2015, at 12:55 PM, Alex Neuman > > > >> > wrote: > > > > > > I believe he mentioned the PDF's are being corrupted, not > stopped. > > > > > > > > > > > > *Alex Neuman van der Hans* > > > Reliant Technologies / Vida Digital > > > http://vidadigital.com.pa/ > > > > > > Mobile: +507 6781-9505 > > > Work: *MailScanner has detected a possible fraud attempt from > > > "+5078326725" claiming to be* +507 832-6725 <*MailScanner has > detected a possible fraud attempt from "+5078326725" claiming to be* > http://+5078326725/> > > > Work (USA): +1 (440) 253-9789 > > > > > > Skype: AlexNeuman > > > > > > > > > Don't miss Vida Digital on LiveStream > > > > ! > > > > > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > > > > > > > Follow *@AlexNeuman > > > > * > on > > > Twitter > > > Like Vida Digital > > > > > on > > > Facebook > > > > > > Follow VidaDigital > > > > > on > > > Instagram > > > > > > Subscribe to Vida Digital > > > > > on > > > Youtube > > > > > > On Mon, Apr 6, 2015 at 11:29 AM, Jerry Benton > > > > > > wrote: > > > > > > The PDF probably has a disallowed MIME type in the document. > > > Edit your MIME types config file in /etc/MailScanner and allow > > > all MIME types. Resend the email and see if it gets through. If > > > it does, enable each MIME type until you figure out which one is > > > stopping or corrupting the PDF. Note that there is a problem > > > with the current Linux “file” command that has been causing > > > problems with a lot of applications. > > > > > > This may or may not be your problem, but of the customers I have > > > dealt with at Mailborder complaining of this issue, this is > > > often the problem. > > > > > > > > > - > > > > > > Jerry Benton > > > > > > www.mailborder.com > > > > > > > On Apr 6, 2015, at 12:04 PM, Mohammed Ejaz > > > >> wrote: > > > > > > Thanks a lot sorry to disturb you, I called during your > > > meeting. As I was unaware about it. > > > > > > *_This is what all I have for Tnef settings in my > > > mailscanner. _*Does Any modification required ??? Please > > > advice. > > > > > > Again thank you for your time. > > > > > > *__* > > > > > > *__* > > > > > > Expand TNEF attachments using an external program (or a Perl > > > module)? > > > > > > # within the TNEF attachment will not be checked against the > > > filename rules. > > > > > > Expand TNEF = no > > > > > > # When the TNEF (winmail.dat) attachments are expanded, > > > should the > > > > > > # in "Outlook Rich Text Format" (TNEF) will be able to read > > > the attachments > > > > > > # no => Leave winmail.dat TNEF attachments alone. > > > > > > # TNEF messages being doubled in size. > > > > > > # replace => Replace the winmail.dat TNEF attachment with > > > the files it > > > > > > Use TNEF Contents = replace > > > > > > # We are working on a replacement for the TNEF decoder. > > > > > > Deliver Unparsable TNEF = yes > > > > > > # Where the MS-TNEF expander is installed. > > > > > > # the external TNEF expander binary, > > > > > > # may be. It helps protect against Denial Of Service attacks > > > in TNEF files. > > > > > > #TNEF Expander = internal > > > > > > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > > > > > > # The maximum length of time the TNEF Expander is allowed to > > > run for 1 message. > > > > > > TNEF Timeout = 120 > > > > > > # maybe TNEF files to not be archives as they are really > > > just another way > > > > > > # tnef -- "winmail.dat" files created by Microsoft > > > Exchange or Outlook > > > > > > I believe Mailborder and FSL systems provide official > support. > > > > > > Do you have any contacts email/phone numbers > > > > > > Ejaz > > > > > > *From:* MailScanner > > > [mailto:mailscanner-bounces at lists.mailscanner.info] *On > > > Behalf Of *Alex Neuman > > > *Sent:* Monday, April 06, 2015 6:43 PM > > > *To:* MailScanner discussion > > > *Subject:* RE: PDF-Corruption > > > > > > I believe Mailborder and FSL systems provide official > support. > > > > > > Try modifying your TNEF decoder settings in MailScanner.conf. > > > > > > On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" > > > >> wrote: > > > > > > Thanks, > > > > > > I cannot ask the customer as so many of them are complaining > > > for the same, I can make any exception from my side from > > > the MailScanner configuration. > > > > > > Is there any officially support for mailscanner?? As I > > > wanted to subscribe it. > > > > > > Ejaz > > > > > > *From:* MailScanner > > > [mailto:mailscanner-bounces at lists.mailscanner.info > > > ] *On > > > Behalf Of *Alex Neuman > > > *Sent:* Monday, April 06, 2015 5:25 PM > > > *To:* MailScanner Discussion > > > *Subject:* Re: PDF-Corruption > > > > > > Do an MD5SUM of the PDF file before and after processing. > > > > > > Also, ask the originator NOT to use TNEF encoding (Rich Text > > > Format). > > > > > > Web Bug from > > > > > > http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v > > > 5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=8f4 > > > 1d298-9289-4b2f-8696-168d37d56000 > > > > > > > > > > > > *Alex Neuman van der Hans* > > > Reliant Technologies / Vida Digital > > > http://vidadigital.com.pa/ > > > > > > Mobile: +507 6781-9505 > > > Work: *MailScanner has detected a possible fraud attempt > > > from "+5078326725" claiming to be* +507 832-6725 > > > <*MailScanner has detected a possible fraud attempt from > "+5078326725" claiming to be* http://+5078326725/> > > > Work (USA): +1 (440) 253-9789 > > > > > > > > > Skype: AlexNeuman > > > > > > > > > Don't miss Vida Digital on LiveStream > > > > ! > > > > > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > > > > > > > Follow *@AlexNeuman > > > > * > on > > > Twitter > > > Like Vida Digital > > > > > on > > > Facebook > > > > > > Follow VidaDigital > > > > > on > > > Instagram > > > > > > Subscribe to Vida Digital > > > > > on > > > Youtube > > > > > > On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz > > > >> wrote: > > > > > > Hello. > > > > > > One of my user keep complaining that he is unable to > > > receive the PDF attachment properly, they are getting > > > corrupted. But when I check my logs it doesn’t show any > > > problem. Now my concern is how to justify the customer the > > > problem is from his side or from my MailScanner. Please > > > advice. Thanks for your usual co-operation. > > > > > > *_Below are the logs for the corrupted attachement/message > > > _* > > > > > > Apr 6 15:27:08 nmersal MailScanner[23116]: Message > > > C98395DF459.A2E18 from 150.70.237.8 > > > (eyad.nashed at natcom.com.sa > > > ) to unitedgroup.com.sa > > > is too big for spam checks > > > (497744 > 150000 bytes) > > > > > > Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: > > > C98395DF459.A2E18 to 555C55DF544 > > > > > > Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message > > > C98395DF459.A2E18 to SQL > > > > > > Apr 6 15:27:08 nmersal MailScanner[24178]: > > > C98395DF459.A2E18: Logged to MailWatch SQL > > > > > > *_Mail watch screen shot for the same message. _* > > > > > > *Received on:* > > > > > > > > > > > > 06/04/15 15:27:08 > > > > > > *Received by:* > > > > > > > > > > > > nmersal.cyberia.net.sa > > > > > > *Received from:* > > > > > > > > > > > > 150.70.237.8 > > > > > > > > > > > > [Add to Whitelist > > > > > | > > > Add to Blacklist > > > > > > > > > &from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader > > > > @unitedgroup.com.sa&type=h&list=b>] > > > > > > *Received Via:* > > > > > > > > > > > > *IP Address* > > > > > > > > > > > > *Hostname* > > > > > > > > > > > > *Country* > > > > > > > > > > > > *RBL* > > > > > > > > > > > > *Spam* > > > > > > > > > > > > *Virus* > > > > > > > > > > > > *All* > > > > > > 150.70.237.8 > > > > > > > > > > > > rout01.hes.trendmicro.eu > > > > > > > > > > > > > > > (GeoIP Lookup Failed) > > > > > > > > > > > > > > > [ > > 8>] > > > > > > > > > > > > > > > [ > > lay=150.70.237.8&isspam=1>] > > > > > > > > > > > > > > > [ > > lay=150.70.237.8&isvirus=1>] > > > > > > > > > > > > > > > [ > > lay=150.70.237.8>] > > > > > > 10.36.162.83 > > > > > > > > > > > > (Reverse Lookup Failed) > > > > > > > > > > > > (GeoIP Lookup Failed) > > > > > > > > > > > > > > > [ > > 3>] > > > > > > > > > > > > > > > [ > > lay=10.36.162.83&isspam=1>] > > > > > > > > > > > > > > > [ > > lay=10.36.162.83&isvirus=1>] > > > > > > > > > > > > > > > [ > > lay=10.36.162.83>] > > > > > > 89.237.187.138 > > > > > > > > > > > > SJV-EXHC1.natcom.com.sa > > > > > > > > > > > > (GeoIP Lookup Failed) > > > > > > > > > > > > > > > [ > > 138>] > > > > > > > > > > > > > > > [ > > lay=89.237.187.138&isspam=1>] > > > > > > > > > > > > > > > [ > > lay=89.237.187.138&isvirus=1>] > > > > > > > > > > > > > > > [ > > lay=89.237.187.138>] > > > > > > 172.16.200.106 > > > > > > > > > > > > (Reverse Lookup Failed) > > > > > > > > > > > > (GeoIP Lookup Failed) > > > > > > > > > > > > > > > [ > > 106>] > > > > > > > > > > > > > > > [ > > lay=172.16.200.106&isspam=1>] > > > > > > > > > > > > > > > [ > > lay=172.16.200.106&isvirus=1>] > > > > > > > > > > > > > > > [ > > lay=172.16.200.106>] > > > > > > 172.16.200.105 > > > > > > > > > > > > (Reverse Lookup Failed) > > > > > > > > > > > > (GeoIP Lookup Failed) > > > > > > > > > > > > > > > [ > > 105>] > > > > > > > > > > > > > > > [ > > lay=172.16.200.105&isspam=1>] > > > > > > > > > > > > > > > [ > > lay=172.16.200.105&isvirus=1>] > > > > > > > > > > > > > > > [ > > lay=172.16.200.105>] > > > > > > 94.96.34.151 > > > > > > > > > > > > (Reverse Lookup Failed) > > > > > > > > > > > > (GeoIP Lookup Failed) > > > > > > > > > > > > > > > [ > > 1>] > > > > > > > > > > > > > > > [ > > lay=94.96.34.151&isspam=1>] > > > > > > > > > > > > > > > [ > > lay=94.96.34.151&isvirus=1>] > > > > > > > > > > > > > > > [ > > lay=94.96.34.151>] > > > > > > *ID:* > > > > > > > > > > > > C98395DF459.A2E18 > > > > > > *Message Headers:* > > > > > > > > > > > > Received: from rout01.hes.trendmicro.eu > > > (rout01.hes.trendmicro.eu > > > [150.70.237.8]) > > > by nmersal.cyberia.net.sa > > > (Postfix) with ESMTP id > > > C98395DF459; > > > Mon, 6 Apr 2015 15:27:04 +0300 (AST) > > > Received: from outmta.starcloud.com > > > (unknown [10.36.162.83]) > > > by rout01.hes.trendmicro.eu > > > (Postfix) with SMTP id > > > A01EA740040; > > > Mon, 6 Apr 2015 12:24:17 +0000 (UTC) > > > Received: from SJV-EXHC1.natcom.com.sa > > > (unknown [89.237.187.138]) > > > by relay03.hes.trendmicro.eu > > > (Postfix) with ESMTPS id > > > 0CADD108003B; > > > Mon, 6 Apr 2015 12:24:13 +0000 (UTC) > > > Received: from SJV-EXMB1.natcom.com.sa > > > ([172.16.200.106]) by > > > SJV-EXHC1.natcom.com.sa > > > ([172.16.200.105]) with > > > mapi id 14.03.0174.001; Mon, > > > 6 Apr 2015 15:24:12 +0300 > > > From: Eyad Nashed > > > > > > To: Charbel Abi Nader > > > > > > CC: Mustafa Khan > > >, Hekmat Qassem > > > >> > > > Subject: RE: Cisco Access Point Quotation > > > Thread-Topic: Cisco Access Point Quotation > > > Thread-Index: > > > AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw > > > Date: Mon, 6 Apr 2015 12:24:11 +0000 > > > Message-ID: > > > > > > > > > > > References: > > > > <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > > > > > > > > In-Reply-To: > > > > <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > > > > > > > > Accept-Language: en-US > > > Content-Language: en-US > > > X-MS-Has-Attach: yes > > > X-MS-TNEF-Correlator: > > > x-originating-ip: [94.96.34.151] > > > Content-Type: multipart/mixed; > > > > > > > boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" > > > MIME-Version: 1.0 > > > X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 > > > X-TMASE-Result: 10--28.541000-7.000000 > > > X-TMASE-MatchedRID: > > > OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ > > > > > > > > > G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgE > > > ve5PR > > > > > > > > > Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClR > > > wk/W3 > > > > > > > > > 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRx > > > YRCMk > > > > > > > > > pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9 > > > jTVgr > > > > > > > > > vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHC > > > e0E4q > > > > > > > > > Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhe > > > Pwhb7 > > > > > > > > > LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54Lbx > > > FLzYP > > > > > > > > > EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YR > > > Hfthv > > > > > > > > > /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCx > > > GdJ4e > > > > > > > > > SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTND > > > UDi9i > > > > > > > > > 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/g > > > T2zXY > > > > > > > a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso > > > 7pnCj3Td6w7ozQLgmIj9pQ1oyg== > > > > > > *From:* > > > > > > > > > > > > eyad.nashed at natcom.com.sa > > > > > > > > > > > > > > > [Add to Whitelist > > > > > | > > > Add to Blacklist > > > > > > > > > &from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader > > > > @unitedgroup.com.sa&type=f&list=b>] > > > > > > *To:* > > > > > > > > > > > > makhan at unitedgroup.com.sa > > > > cabinader at unitedgroup.com.sa > > > > > > > > > *Subject:* > > > > > > > > > > > > RE: Cisco Access Point Quotation > > > > > > *Size:* > > > > > > > > > > > > 486.1Kb > > > > > > *Anti-Virus/Dangerous Content Protection* > > > > > > *Virus:* > > > > > > > > > > > > * N * > > > > > > *Blocked File:* > > > > > > > > > > > > * N * > > > > > > *Other Infection:* > > > > > > > > > > > > * N * > > > > > > *SpamAssassin* > > > > > > *Spam:* > > > > > > > > > > > > * N * Action(s): deliver, header, "X-Spam-Status:, No" > > > > > > *High Scoring Spam:* > > > > > > > > > > > > * N * > > > > > > *SpamAssassin Spam:* > > > > > > > > > > > > * N * > > > > > > *Listed in RBL:* > > > > > > > > > > > > * N * > > > > > > *Spam Whitelisted:* > > > > > > > > > > > > * N * > > > > > > *Spam Blacklisted:* > > > > > > > > > > > > * N * > > > > > > *SpamAssassin Autolearn:* > > > > > > > > > > > > * N * > > > > > > *SpamAssassin Score:* > > > > > > > > > > > > 0.00 > > > > > > *Spam Report:* > > > > > > > > > > > > *Score* > > > > > > > > > > > > *Matching Rule* > > > > > > > > > > > > *Description* > > > > > > large > > > > > > > > > > > > too > > > > > > > > > > > > *Message Content Protection (MCP)* > > > > > > *MCP:* > > > > > > > > > > > > * N * > > > > > > *High Scoring MCP:* > > > > > > > > > > > > * N * > > > > > > *SpamAssassin MCP:* > > > > > > > > > > > > * N * > > > > > > *MCP Whitelisted:* > > > > > > > > > > > > * N * > > > > > > *MCP Blacklisted:* > > > > > > > > > > > > * N * > > > > > > Regards > > > > > > Ejaz > > > > > > > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner at lists.mailscanner.info > > > > > > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner at lists.mailscanner.info > > > > > > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner at lists.mailscanner.info > > > > > > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner at lists.mailscanner.info > > > > > > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner at lists.mailscanner.info > > > > > > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner at lists.mailscanner.info > > > > > > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner at lists.mailscanner.info > > > > > > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > > > > > > > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > From paul at trusted-management.com Wed Apr 8 09:40:58 2015 From: paul at trusted-management.com (Paul Overton) Date: Wed, 8 Apr 2015 10:40:58 +0100 Subject: {Disarmed} RE: {Disarmed} RE: {Disarmed} RE: PDF-Corruption In-Reply-To: <006e01d071dd$ab4c2670$01e47350$@net.sa> References: <2F032519-327E-4F27-8C50-902B70106765@mailborder.com> <7DC92EC3-6CA7-4841-A314-707C356220E8@mailborder.com> <008701d07117$8dce5300$a96af900$@net.sa> <36D3757D-EE33-42D8-BF20-72B15C458FD1@mailborder.com> <002901d071d6$91057b60$b3107220$@net.sa> <5524EEAD.2030006@fink-computer.de> <006e01d071dd$ab4c2670$01e47350$@net.sa> Message-ID: I have found in the past that the binary TNEF expander is unreliable, I switched to using the internal (PERL) one some time ago. I seem to recall that this solved a number of problems, including PDF files. Regards Paul From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mohammed Ejaz Sent: 08 April 2015 10:23 To: 'MailScanner Discussion' Subject: {Disarmed} RE: {Disarmed} RE: PDF-Corruption My existing settings as follows Expand TNEF = no Use TNEF Contents = replace TNEF Expander = /usr/bin/tnef --maxsize=100000000 You want me to replace with the below??? Expand TNEF = yes Use TNEF Contents = replace Since the other one TNEF expander is similar your one and mine. And do the test?? Ejaz -----Original Message----- From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Heino Backhaus Sent: Wednesday, April 08, 2015 12:03 PM To: MailScanner Discussion Subject: Re: {Disarmed} RE: PDF-Corruption Hi Ejaz, I'm using the following settings: Expand TNEF = yes Use TNEF Contents = replace ... TNEF Expander = /opt/MailScanner/bin/tnef --maxsize=100000000 These are very similar to yours and it's just running fine for me. In your case I would try this: Use TNEF Contents = add So, if the receipient's got an MS Outlook you/she/he can take a look at the contents of the winmail.dat an see if the pdf-file is viewable and compare it to the extracted one. cu -Heino Am 08.04.2015 um 10:32 schrieb Mohammed Ejaz: > Hi > > The problem is we cannot tell end user before sending an email to us, > use only rich/plain or html text etc… So it should be control from > our mailgatways is it?? > > Thank in advance really I do appreciate your great support. > > Ejaz > > *From:*MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] > *On Behalf Of *Jerry Benton > *Sent:* Tuesday, April 07, 2015 12:45 PM > *To:* MailScanner Discussion > *Subject:* Re: PDF-Corruption > > One user is using Rich Text, the other is not. > > > - > > Jerry Benton > > www.mailborder.com > > On Apr 7, 2015, at 5:45 AM, Mohammed Ejaz > wrote: > > All. > > The same PDF file when other user whose also using an exchange > server, we are receiving it perfectly which is being relayed > through same MailScanner. > > The PDF are getting corrupted from few exchange servers only. What > could be the reason. > > Ejaz > > *From:*MailScanner > [mailto:mailscanner-bounces at lists.mailscanner.info]*On Behalf > Of*Alex Neuman > *Sent:*Monday, April 06, 2015 8:07 PM > *To:*MailScanner Discussion > *Subject:*Re: PDF-Corruption > > If it did, indeed, stop it - though from experience it's more likely > a TNEF issue. > > I'd switch the TNEF unpacker to the internal and/or verify that the > latest perl modules/tnef programs are installed, to be on the safe side. > > Web Bug from > > MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v > 5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=05c > c99e4-a934-4057-8312-5895ed2ee49c > > > > *Alex Neuman van der Hans* > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > Mobile: +507 6781-9505 > Work: *MailScanner has detected a possible fraud attempt from > "+5078326725" claiming to be* +507 832-6725 > > Work (USA): +1 (440) 253-9789 > > Skype: AlexNeuman > > > Don't miss Vida Digital on LiveStream > >! > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > Follow *@AlexNeuman > >* on > Twitter > Like Vida Digital > > on > Facebook > > Follow VidaDigital > > on > Instagram > > Subscribe to Vida Digital > > on > Youtube > > On Mon, Apr 6, 2015 at 11:57 AM, Jerry Benton > >> > wrote: > > “... until you figure out which one is stopping or corrupting the PDF.” > > I saw it. Still applies. > > > - > > Jerry Benton > > www.mailborder.com > > On Apr 6, 2015, at 12:55 PM, Alex Neuman > >> wrote: > > I believe he mentioned the PDF's are being corrupted, not stopped. > > > > *Alex Neuman van der Hans* > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > Mobile: +507 6781-9505 > Work: *MailScanner has detected a possible fraud attempt from > "+5078326725" claiming to be* +507 832-6725 > > Work (USA): +1 (440) 253-9789 > > Skype: AlexNeuman > > > Don't miss Vida Digital on LiveStream > >! > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > Follow *@AlexNeuman > >* on > Twitter > Like Vida Digital > > on > Facebook > > Follow VidaDigital > > on > Instagram > > Subscribe to Vida Digital > > on > Youtube > > On Mon, Apr 6, 2015 at 11:29 AM, Jerry Benton > > wrote: > > The PDF probably has a disallowed MIME type in the document. > Edit your MIME types config file in /etc/MailScanner and allow > all MIME types. Resend the email and see if it gets through. If > it does, enable each MIME type until you figure out which one is > stopping or corrupting the PDF. Note that there is a problem > with the current Linux “file” command that has been causing > problems with a lot of applications. > > This may or may not be your problem, but of the customers I have > dealt with at Mailborder complaining of this issue, this is > often the problem. > > > - > > Jerry Benton > > www.mailborder.com > > On Apr 6, 2015, at 12:04 PM, Mohammed Ejaz > >> wrote: > > Thanks a lot sorry to disturb you, I called during your > meeting. As I was unaware about it. > > *_This is what all I have for Tnef settings in my > mailscanner. _*Does Any modification required ??? Please > advice. > > Again thank you for your time. > > *__* > > *__* > > Expand TNEF attachments using an external program (or a Perl > module)? > > # within the TNEF attachment will not be checked against the > filename rules. > > Expand TNEF = no > > # When the TNEF (winmail.dat) attachments are expanded, > should the > > # in "Outlook Rich Text Format" (TNEF) will be able to read > the attachments > > # no => Leave winmail.dat TNEF attachments alone. > > # TNEF messages being doubled in size. > > # replace => Replace the winmail.dat TNEF attachment with > the files it > > Use TNEF Contents = replace > > # We are working on a replacement for the TNEF decoder. > > Deliver Unparsable TNEF = yes > > # Where the MS-TNEF expander is installed. > > # the external TNEF expander binary, > > # may be. It helps protect against Denial Of Service attacks > in TNEF files. > > #TNEF Expander = internal > > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > > # The maximum length of time the TNEF Expander is allowed to > run for 1 message. > > TNEF Timeout = 120 > > # maybe TNEF files to not be archives as they are really > just another way > > # tnef -- "winmail.dat" files created by Microsoft > Exchange or Outlook > > I believe Mailborder and FSL systems provide official support. > > Do you have any contacts email/phone numbers > > Ejaz > > *From:* MailScanner > [mailto:mailscanner-bounces at lists.mailscanner.info] *On > Behalf Of *Alex Neuman > *Sent:* Monday, April 06, 2015 6:43 PM > *To:* MailScanner discussion > *Subject:* RE: PDF-Corruption > > I believe Mailborder and FSL systems provide official support. > > Try modifying your TNEF decoder settings in MailScanner.conf. > > On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" > >> wrote: > > Thanks, > > I cannot ask the customer as so many of them are complaining > for the same, I can make any exception from my side from > the MailScanner configuration. > > Is there any officially support for mailscanner?? As I > wanted to subscribe it. > > Ejaz > > *From:* MailScanner > [mailto:mailscanner-bounces at lists.mailscanner.info > ] *On > Behalf Of *Alex Neuman > *Sent:* Monday, April 06, 2015 5:25 PM > *To:* MailScanner Discussion > *Subject:* Re: PDF-Corruption > > Do an MD5SUM of the PDF file before and after processing. > > Also, ask the originator NOT to use TNEF encoding (Rich Text > Format). > > Web Bug from > > MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v > 5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=8f4 > 1d298-9289-4b2f-8696-168d37d56000 > > > > *Alex Neuman van der Hans* > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > Mobile: +507 6781-9505 > Work: *MailScanner has detected a possible fraud attempt > from "+5078326725" claiming to be* +507 832-6725 > > > Work (USA): +1 (440) 253-9789 > > > Skype: AlexNeuman > > > Don't miss Vida Digital on LiveStream > >! > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > Follow *@AlexNeuman > >* on > Twitter > Like Vida Digital > > on > Facebook > > Follow VidaDigital > > on > Instagram > > Subscribe to Vida Digital > > on > Youtube > > On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz > >> wrote: > > Hello. > > One of my user keep complaining that he is unable to > receive the PDF attachment properly, they are getting > corrupted. But when I check my logs it doesn’t show any > problem. Now my concern is how to justify the customer the > problem is from his side or from my MailScanner. Please > advice. Thanks for your usual co-operation. > > *_Below are the logs for the corrupted attachement/message > _* > > Apr 6 15:27:08 nmersal MailScanner[23116]: Message > C98395DF459.A2E18 from 150.70.237.8 > (eyad.nashed at natcom.com.sa > ) to unitedgroup.com.sa > is too big for spam checks > (497744 > 150000 bytes) > > Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: > C98395DF459.A2E18 to 555C55DF544 > > Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message > C98395DF459.A2E18 to SQL > > Apr 6 15:27:08 nmersal MailScanner[24178]: > C98395DF459.A2E18: Logged to MailWatch SQL > > *_Mail watch screen shot for the same message. _* > > *Received on:* > > > > 06/04/15 15:27:08 > > *Received by:* > > > > nmersal.cyberia.net.sa > > *Received from:* > > > > 150.70.237.8 > > > > [Add to Whitelist > | > Add to Blacklist > > &from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader > @unitedgroup.com.sa&type=h&list=b>] > > *Received Via:* > > > > *IP Address* > > > > *Hostname* > > > > *Country* > > > > *RBL* > > > > *Spam* > > > > *Virus* > > > > *All* > > 150.70.237.8 > > > > rout01.hes.trendmicro.eu > > > > > (GeoIP Lookup Failed) > > > > > [ 8>] > > > > > [ lay=150.70.237.8&isspam=1>] > > > > > [ lay=150.70.237.8&isvirus=1>] > > > > > [ lay=150.70.237.8>] > > 10.36.162.83 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > > [ 3>] > > > > > [ lay=10.36.162.83&isspam=1>] > > > > > [ lay=10.36.162.83&isvirus=1>] > > > > > [ lay=10.36.162.83>] > > 89.237.187.138 > > > > SJV-EXHC1.natcom.com.sa > > > > (GeoIP Lookup Failed) > > > > > [ 138>] > > > > > [ lay=89.237.187.138&isspam=1>] > > > > > [ lay=89.237.187.138&isvirus=1>] > > > > > [ lay=89.237.187.138>] > > 172.16.200.106 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > > [ 106>] > > > > > [ lay=172.16.200.106&isspam=1>] > > > > > [ lay=172.16.200.106&isvirus=1>] > > > > > [ lay=172.16.200.106>] > > 172.16.200.105 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > > [ 105>] > > > > > [ lay=172.16.200.105&isspam=1>] > > > > > [ lay=172.16.200.105&isvirus=1>] > > > > > [ lay=172.16.200.105>] > > 94.96.34.151 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > > [ 1>] > > > > > [ lay=94.96.34.151&isspam=1>] > > > > > [ lay=94.96.34.151&isvirus=1>] > > > > > [ lay=94.96.34.151>] > > *ID:* > > > > C98395DF459.A2E18 > > *Message Headers:* > > > > Received: from rout01.hes.trendmicro.eu > (rout01.hes.trendmicro.eu > [150.70.237.8]) > by nmersal.cyberia.net.sa > (Postfix) with ESMTP id > C98395DF459; > Mon, 6 Apr 2015 15:27:04 +0300 (AST) > Received: from outmta.starcloud.com > (unknown [10.36.162.83]) > by rout01.hes.trendmicro.eu > (Postfix) with SMTP id > A01EA740040; > Mon, 6 Apr 2015 12:24:17 +0000 (UTC) > Received: from SJV-EXHC1.natcom.com.sa > (unknown [89.237.187.138]) > by relay03.hes.trendmicro.eu > (Postfix) with ESMTPS id > 0CADD108003B; > Mon, 6 Apr 2015 12:24:13 +0000 (UTC) > Received: from SJV-EXMB1.natcom.com.sa > ([172.16.200.106]) by > SJV-EXHC1.natcom.com.sa > ([172.16.200.105]) with > mapi id 14.03.0174.001; Mon, > 6 Apr 2015 15:24:12 +0300 > From: Eyad Nashed > > To: Charbel Abi Nader > > CC: Mustafa Khan >, Hekmat Qassem > >> > Subject: RE: Cisco Access Point Quotation > Thread-Topic: Cisco Access Point Quotation > Thread-Index: > AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw > Date: Mon, 6 Apr 2015 12:24:11 +0000 > Message-ID: > > > References: > <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > > > In-Reply-To: > <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > > > Accept-Language: en-US > Content-Language: en-US > X-MS-Has-Attach: yes > X-MS-TNEF-Correlator: > x-originating-ip: [94.96.34.151] > Content-Type: multipart/mixed; > > boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" > MIME-Version: 1.0 > X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 > X-TMASE-Result: 10--28.541000-7.000000 > X-TMASE-MatchedRID: > OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ > > > G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgE > ve5PR > > > Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClR > wk/W3 > > > 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRx > YRCMk > > > pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9 > jTVgr > > > vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHC > e0E4q > > > Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhe > Pwhb7 > > > LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54Lbx > FLzYP > > > EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YR > Hfthv > > > /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCx > GdJ4e > > > SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTND > UDi9i > > > 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/g > T2zXY > > a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso > 7pnCj3Td6w7ozQLgmIj9pQ1oyg== > > *From:* > > > > eyad.nashed at natcom.com.sa > > > > > [Add to Whitelist > | > Add to Blacklist > > &from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader > @unitedgroup.com.sa&type=f&list=b>] > > *To:* > > > > makhan at unitedgroup.com.sa > cabinader at unitedgroup.com.sa > > > *Subject:* > > > > RE: Cisco Access Point Quotation > > *Size:* > > > > 486.1Kb > > *Anti-Virus/Dangerous Content Protection* > > *Virus:* > > > > * N * > > *Blocked File:* > > > > * N * > > *Other Infection:* > > > > * N * > > *SpamAssassin* > > *Spam:* > > > > * N * Action(s): deliver, header, "X-Spam-Status:, No" > > *High Scoring Spam:* > > > > * N * > > *SpamAssassin Spam:* > > > > * N * > > *Listed in RBL:* > > > > * N * > > *Spam Whitelisted:* > > > > * N * > > *Spam Blacklisted:* > > > > * N * > > *SpamAssassin Autolearn:* > > > > * N * > > *SpamAssassin Score:* > > > > 0.00 > > *Spam Report:* > > > > *Score* > > > > *Matching Rule* > > > > *Description* > > large > > > > too > > > > *Message Content Protection (MCP)* > > *MCP:* > > > > * N * > > *High Scoring MCP:* > > > > * N * > > *SpamAssassin MCP:* > > > > * N * > > *MCP Whitelisted:* > > > > * N * > > *MCP Blacklisted:* > > > > * N * > > Regards > > Ejaz > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Trusted Management Limited, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul at trusted-management.com Wed Apr 8 09:49:09 2015 From: paul at trusted-management.com (Paul Overton) Date: Wed, 8 Apr 2015 10:49:09 +0100 Subject: update_bad_phishing_emails Message-ID: Jerry, First of all, many thanks for providing a new site and support services for MailScanner. I was an early adopter and have been using it ever since. I have updated one of my servers to run your latest version of MS and found that many of the essential elements have indeed been updated. However I note that the binary "update_bad_phishing_emails" is the original version from 2 years ago, and is broken due to lack of support over the past years. (Domain pointers missing etc). I had had a solution running for much of that time, but your latest changes to the support web sites now prevent this file from updating. Have you re-crested the necessary back end support for the above file? And if so what changed do we need to make to re-enable this function? Regards & Thanks -- Paul Overton -- This message has been scanned for viruses and dangerous content by Trusted Management Limited, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mejaz at cyberia.net.sa Wed Apr 8 09:57:18 2015 From: mejaz at cyberia.net.sa (Mohammed Ejaz) Date: Wed, 8 Apr 2015 12:57:18 +0300 Subject: {Disarmed} RE: {Disarmed} RE: {Disarmed} RE: PDF-Corruption In-Reply-To: References: <2F032519-327E-4F27-8C50-902B70106765@mailborder.com> <7DC92EC3-6CA7-4841-A314-707C356220E8@mailborder.com> <008701d07117$8dce5300$a96af900$@net.sa> <36D3757D-EE33-42D8-BF20-72B15C458FD1@mailborder.com> <002901d071d6$91057b60$b3107220$@net.sa> <5524EEAD.2030006@fink-computer.de> <006e01d071dd$ab4c2670$01e47350$@net.sa> Message-ID: <00bc01d071e2$6b540380$41fc0a80$@net.sa> Would you please help me, How can I switched existing TNEF to using the internal (PERL) Ejaz From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Paul Overton Sent: Wednesday, April 08, 2015 12:41 PM To: MailScanner Discussion Subject: {Disarmed} RE: {Disarmed} RE: {Disarmed} RE: PDF-Corruption I have found in the past that the binary TNEF expander is unreliable, I switched to using the internal (PERL) one some time ago. I seem to recall that this solved a number of problems, including PDF files. Regards Paul From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mohammed Ejaz Sent: 08 April 2015 10:23 To: 'MailScanner Discussion' Subject: {Disarmed} RE: {Disarmed} RE: PDF-Corruption My existing settings as follows Expand TNEF = no Use TNEF Contents = replace TNEF Expander = /usr/bin/tnef --maxsize=100000000 You want me to replace with the below??? Expand TNEF = yes Use TNEF Contents = replace Since the other one TNEF expander is similar your one and mine. And do the test?? Ejaz -----Original Message----- From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Heino Backhaus Sent: Wednesday, April 08, 2015 12:03 PM To: MailScanner Discussion Subject: Re: {Disarmed} RE: PDF-Corruption Hi Ejaz, I'm using the following settings: Expand TNEF = yes Use TNEF Contents = replace ... TNEF Expander = /opt/MailScanner/bin/tnef --maxsize=100000000 These are very similar to yours and it's just running fine for me. In your case I would try this: Use TNEF Contents = add So, if the receipient's got an MS Outlook you/she/he can take a look at the contents of the winmail.dat an see if the pdf-file is viewable and compare it to the extracted one. cu -Heino Am 08.04.2015 um 10:32 schrieb Mohammed Ejaz: > Hi > > The problem is we cannot tell end user before sending an email to us, > use only rich/plain or html text etc… So it should be control from > our mailgatways is it?? > > Thank in advance really I do appreciate your great support. > > Ejaz > > *From:*MailScanner [ mailto:mailscanner-bounces at lists.mailscanner.info] > *On Behalf Of *Jerry Benton > *Sent:* Tuesday, April 07, 2015 12:45 PM > *To:* MailScanner Discussion > *Subject:* Re: PDF-Corruption > > One user is using Rich Text, the other is not. > > > - > > Jerry Benton > > www.mailborder.com < http://www.mailborder.com> > > On Apr 7, 2015, at 5:45 AM, Mohammed Ejaz < mailto:mejaz at cyberia.net.sa>> wrote: > > All. > > The same PDF file when other user whose also using an exchange > server, we are receiving it perfectly which is being relayed > through same MailScanner. > > The PDF are getting corrupted from few exchange servers only. What > could be the reason. > > Ejaz > > *From:*MailScanner > [ mailto:mailscanner-bounces at lists.mailscanner.info]*On Behalf > Of*Alex Neuman > *Sent:*Monday, April 06, 2015 8:07 PM > *To:*MailScanner Discussion > *Subject:*Re: PDF-Corruption > > If it did, indeed, stop it - though from experience it's more likely > a TNEF issue. > > I'd switch the TNEF unpacker to the internal and/or verify that the > latest perl modules/tnef programs are installed, to be on the safe side. > > Web Bug from > > MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v > 5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=05c > c99e4-a934-4057-8312-5895ed2ee49c > > > > *Alex Neuman van der Hans* > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > Mobile: +507 6781-9505 > Work: *MailScanner has detected a possible fraud attempt from > "+5078326725" claiming to be* +507 832-6725 < MailScanner has detected a possible fraud attempt from "+5078326725" claiming to be http://+5078326725/> > Work (USA): +1 (440) 253-9789 > > Skype: AlexNeuman > > > Don't miss Vida Digital on LiveStream > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Fnew.livestream.com%2Faccounts%2F5061819&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c>! > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > Follow *@AlexNeuman > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ftwitter.com%2Falexneuman&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c>* on > Twitter > Like Vida Digital > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ffacebook.com%2Fvidadigital%2F&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c> on > Facebook > > Follow VidaDigital > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Finstagram.com%2Fvidadigital&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c> on > Instagram > > Subscribe to Vida Digital > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Fyoutube.com%2Freliantpty&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c> on > Youtube > > On Mon, Apr 6, 2015 at 11:57 AM, Jerry Benton > < jerry.benton at mailborder.com > > wrote: > > “... until you figure out which one is stopping or corrupting the PDF.” > > I saw it. Still applies. > > > - > > Jerry Benton > > www.mailborder.com < http://www.mailborder.com/> > > On Apr 6, 2015, at 12:55 PM, Alex Neuman > < alex at vidadigital.com.pa > wrote: > > I believe he mentioned the PDF's are being corrupted, not stopped. > > > > *Alex Neuman van der Hans* > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > Mobile: +507 6781-9505 > Work: *MailScanner has detected a possible fraud attempt from > "+5078326725" claiming to be* +507 832-6725 < MailScanner has detected a possible fraud attempt from "+5078326725" claiming to be http://+5078326725/> > Work (USA): +1 (440) 253-9789 > > Skype: AlexNeuman > > > Don't miss Vida Digital on LiveStream > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Fnew.livestream.com%2Faccounts%2F5061819&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23>! > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > Follow *@AlexNeuman > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ftwitter.com%2Falexneuman&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23>* on > Twitter > Like Vida Digital > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ffacebook.com%2Fvidadigital%2F&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23> on > Facebook > > Follow VidaDigital > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Finstagram.com%2Fvidadigital&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23> on > Instagram > > Subscribe to Vida Digital > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Fyoutube.com%2Freliantpty&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23> on > Youtube > > On Mon, Apr 6, 2015 at 11:29 AM, Jerry Benton > < mailto:jerry.benton at mailborder.com>> wrote: > > The PDF probably has a disallowed MIME type in the document. > Edit your MIME types config file in /etc/MailScanner and allow > all MIME types. Resend the email and see if it gets through. If > it does, enable each MIME type until you figure out which one is > stopping or corrupting the PDF. Note that there is a problem > with the current Linux “file” command that has been causing > problems with a lot of applications. > > This may or may not be your problem, but of the customers I have > dealt with at Mailborder complaining of this issue, this is > often the problem. > > > - > > Jerry Benton > > www.mailborder.com < http://www.mailborder.com/> > > On Apr 6, 2015, at 12:04 PM, Mohammed Ejaz > < mejaz at cyberia.net.sa > wrote: > > Thanks a lot sorry to disturb you, I called during your > meeting. As I was unaware about it. > > *_This is what all I have for Tnef settings in my > mailscanner. _*Does Any modification required ??? Please > advice. > > Again thank you for your time. > > *__* > > *__* > > Expand TNEF attachments using an external program (or a Perl > module)? > > # within the TNEF attachment will not be checked against the > filename rules. > > Expand TNEF = no > > # When the TNEF (winmail.dat) attachments are expanded, > should the > > # in "Outlook Rich Text Format" (TNEF) will be able to read > the attachments > > # no => Leave winmail.dat TNEF attachments alone. > > # TNEF messages being doubled in size. > > # replace => Replace the winmail.dat TNEF attachment with > the files it > > Use TNEF Contents = replace > > # We are working on a replacement for the TNEF decoder. > > Deliver Unparsable TNEF = yes > > # Where the MS-TNEF expander is installed. > > # the external TNEF expander binary, > > # may be. It helps protect against Denial Of Service attacks > in TNEF files. > > #TNEF Expander = internal > > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > > # The maximum length of time the TNEF Expander is allowed to > run for 1 message. > > TNEF Timeout = 120 > > # maybe TNEF files to not be archives as they are really > just another way > > # tnef -- "winmail.dat" files created by Microsoft > Exchange or Outlook > > I believe Mailborder and FSL systems provide official support. > > Do you have any contacts email/phone numbers > > Ejaz > > *From:* MailScanner > [ mailto:mailscanner-bounces at lists.mailscanner.info] *On > Behalf Of *Alex Neuman > *Sent:* Monday, April 06, 2015 6:43 PM > *To:* MailScanner discussion > *Subject:* RE: PDF-Corruption > > I believe Mailborder and FSL systems provide official support. > > Try modifying your TNEF decoder settings in MailScanner.conf. > > On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" > < mejaz at cyberia.net.sa > wrote: > > Thanks, > > I cannot ask the customer as so many of them are complaining > for the same, I can make any exception from my side from > the MailScanner configuration. > > Is there any officially support for mailscanner?? As I > wanted to subscribe it. > > Ejaz > > *From:* MailScanner > [mailto:mailscanner-bounces at lists.mailscanner.info > < mailto:mailscanner-bounces at lists.mailscanner.info>] *On > Behalf Of *Alex Neuman > *Sent:* Monday, April 06, 2015 5:25 PM > *To:* MailScanner Discussion > *Subject:* Re: PDF-Corruption > > Do an MD5SUM of the PDF file before and after processing. > > Also, ask the originator NOT to use TNEF encoding (Rich Text > Format). > > Web Bug from > > MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v > 5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=8f4 > 1d298-9289-4b2f-8696-168d37d56000 > > > > *Alex Neuman van der Hans* > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > Mobile: +507 6781-9505 < tel:%2B507%206781-9505> > Work: *MailScanner has detected a possible fraud attempt > from "+5078326725" claiming to be* +507 832-6725 > < MailScanner has detected a possible fraud attempt from "+5078326725" claiming to be http://+5078326725/> > Work (USA): +1 (440) 253-9789 > < tel:%2B1%20%28440%29%20253-9789> > > Skype: AlexNeuman > > > Don't miss Vida Digital on LiveStream > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Fnew.livestream.com%2Faccounts%2F5061819&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000>! > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > Follow *@AlexNeuman > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ftwitter.com%2Falexneuman&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000>* on > Twitter > Like Vida Digital > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ffacebook.com%2Fvidadigital%2F&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000> on > Facebook > > Follow VidaDigital > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Finstagram.com%2Fvidadigital&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000> on > Instagram > > Subscribe to Vida Digital > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Fyoutube.com%2Freliantpty&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000> on > Youtube > > On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz > < mejaz at cyberia.net.sa > wrote: > > Hello. > > One of my user keep complaining that he is unable to > receive the PDF attachment properly, they are getting > corrupted. But when I check my logs it doesn’t show any > problem. Now my concern is how to justify the customer the > problem is from his side or from my MailScanner. Please > advice. Thanks for your usual co-operation. > > *_Below are the logs for the corrupted attachement/message > _* > > Apr 6 15:27:08 nmersal MailScanner[23116]: Message > C98395DF459.A2E18 from 150.70.237.8 > ( eyad.nashed at natcom.com.sa > < mailto:eyad.nashed at natcom.com.sa>) to unitedgroup.com.sa > < http://unitedgroup.com.sa/> is too big for spam checks > (497744 > 150000 bytes) > > Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: > C98395DF459.A2E18 to 555C55DF544 > > Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message > C98395DF459.A2E18 to SQL > > Apr 6 15:27:08 nmersal MailScanner[24178]: > C98395DF459.A2E18: Logged to MailWatch SQL > > *_Mail watch screen shot for the same message. _* > > *Received on:* > > > > 06/04/15 15:27:08 > > *Received by:* > > > > nmersal.cyberia.net.sa < http://nmersal.cyberia.net.sa/> > > *Received from:* > > > > 150.70.237.8 > > > > [Add to Whitelist > < http://nmersal.cyberia.net.sa/mailscanner/lists.php?host=150.70.237.8&from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader at unitedgroup.com.sa&type=h&list=w> | > Add to Blacklist > > &from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader > @unitedgroup.com.sa&type=h&list=b>] > > *Received Via:* > > > > *IP Address* > > > > *Hostname* > > > > *Country* > > > > *RBL* > > > > *Spam* > > > > *Virus* > > > > *All* > > 150.70.237.8 > > > > rout01.hes.trendmicro.eu > < http://rout01.hes.trendmicro.eu/> > > > > (GeoIP Lookup Failed) > > > > > [ 8>] > > > > > [ lay=150.70.237.8&isspam=1>] > > > > > [ lay=150.70.237.8&isvirus=1>] > > > > > [ lay=150.70.237.8>] > > 10.36.162.83 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > > [ 3>] > > > > > [ lay=10.36.162.83&isspam=1>] > > > > > [ lay=10.36.162.83&isvirus=1>] > > > > > [ lay=10.36.162.83>] > > 89.237.187.138 > > > > SJV-EXHC1.natcom.com.sa < http://sjv-exhc1.natcom.com.sa/> > > > > (GeoIP Lookup Failed) > > > > > [ 138>] > > > > > [ lay=89.237.187.138&isspam=1>] > > > > > [ lay=89.237.187.138&isvirus=1>] > > > > > [ lay=89.237.187.138>] > > 172.16.200.106 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > > [ 106>] > > > > > [ lay=172.16.200.106&isspam=1>] > > > > > [ lay=172.16.200.106&isvirus=1>] > > > > > [ lay=172.16.200.106>] > > 172.16.200.105 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > > [ 105>] > > > > > [ lay=172.16.200.105&isspam=1>] > > > > > [ lay=172.16.200.105&isvirus=1>] > > > > > [ lay=172.16.200.105>] > > 94.96.34.151 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > > [ 1>] > > > > > [ lay=94.96.34.151&isspam=1>] > > > > > [ lay=94.96.34.151&isvirus=1>] > > > > > [ lay=94.96.34.151>] > > *ID:* > > > > C98395DF459.A2E18 > > *Message Headers:* > > > > Received: from rout01.hes.trendmicro.eu > < http://rout01.hes.trendmicro.eu/> (rout01.hes.trendmicro.eu > < http://rout01.hes.trendmicro.eu/> [150.70.237.8]) > by nmersal.cyberia.net.sa > < http://nmersal.cyberia.net.sa/> (Postfix) with ESMTP id > C98395DF459; > Mon, 6 Apr 2015 15:27:04 +0300 (AST) > Received: from outmta.starcloud.com > < http://outmta.starcloud.com/> (unknown [10.36.162.83]) > by rout01.hes.trendmicro.eu > < http://rout01.hes.trendmicro.eu/> (Postfix) with SMTP id > A01EA740040; > Mon, 6 Apr 2015 12:24:17 +0000 (UTC) > Received: from SJV-EXHC1.natcom.com.sa > < http://sjv-exhc1.natcom.com.sa/> (unknown [89.237.187.138]) > by relay03.hes.trendmicro.eu > < http://relay03.hes.trendmicro.eu/> (Postfix) with ESMTPS id > 0CADD108003B; > Mon, 6 Apr 2015 12:24:13 +0000 (UTC) > Received: from SJV-EXMB1.natcom.com.sa > < http://sjv-exmb1.natcom.com.sa/> ([172.16.200.106]) by > SJV-EXHC1.natcom.com.sa > < http://sjv-exhc1.natcom.com.sa/> ([172.16.200.105]) with > mapi id 14.03.0174.001; Mon, > 6 Apr 2015 15:24:12 +0300 > From: Eyad Nashed < mailto:eyad.nashed at natcom.com.sa>> > To: Charbel Abi Nader < mailto:cabinader at unitedgroup.com.sa>> > CC: Mustafa Khan < mailto:makhan at unitedgroup.com.sa>>, Hekmat Qassem > < hekmatq at natcom.com.sa > > Subject: RE: Cisco Access Point Quotation > Thread-Topic: Cisco Access Point Quotation > Thread-Index: > AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw > Date: Mon, 6 Apr 2015 12:24:11 +0000 > Message-ID: > < mailto:FBD94B164BE21A4393DB52F7CD6C8DFD16D46764 at SJV-EXMB1.natcom.com.sa>> > References: > <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > < mailto:5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa>> > In-Reply-To: > <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > < mailto:5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa>> > Accept-Language: en-US > Content-Language: en-US > X-MS-Has-Attach: yes > X-MS-TNEF-Correlator: > x-originating-ip: [94.96.34.151] > Content-Type: multipart/mixed; > > boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" > MIME-Version: 1.0 > X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 > X-TMASE-Result: 10--28.541000-7.000000 > X-TMASE-MatchedRID: > OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ > > > G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgE > ve5PR > > > Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClR > wk/W3 > > > 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRx > YRCMk > > > pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9 > jTVgr > > > vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHC > e0E4q > > > Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhe > Pwhb7 > > > LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54Lbx > FLzYP > > > EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YR > Hfthv > > > /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCx > GdJ4e > > > SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTND > UDi9i > > > 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/g > T2zXY > > a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso > 7pnCj3Td6w7ozQLgmIj9pQ1oyg== > > *From:* > > > > eyad.nashed at natcom.com.sa > < mailto:eyad.nashed at natcom.com.sa> > > > > [Add to Whitelist > < http://nmersal.cyberia.net.sa/mailscanner/lists.php?host=150.70.237.8&from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader at unitedgroup.com.sa&type=f&list=w> | > Add to Blacklist > > &from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader > @unitedgroup.com.sa&type=f&list=b>] > > *To:* > > > > makhan at unitedgroup.com.sa < mailto:makhan at unitedgroup.com.sa> > cabinader at unitedgroup.com.sa > < mailto:cabinader at unitedgroup.com.sa> > > *Subject:* > > > > RE: Cisco Access Point Quotation > > *Size:* > > > > 486.1Kb > > *Anti-Virus/Dangerous Content Protection* > > *Virus:* > > > > * N * > > *Blocked File:* > > > > * N * > > *Other Infection:* > > > > * N * > > *SpamAssassin* > > *Spam:* > > > > * N * Action(s): deliver, header, "X-Spam-Status:, No" > > *High Scoring Spam:* > > > > * N * > > *SpamAssassin Spam:* > > > > * N * > > *Listed in RBL:* > > > > * N * > > *Spam Whitelisted:* > > > > * N * > > *Spam Blacklisted:* > > > > * N * > > *SpamAssassin Autolearn:* > > > > * N * > > *SpamAssassin Score:* > > > > 0.00 > > *Spam Report:* > > > > *Score* > > > > *Matching Rule* > > > > *Description* > > large > > > > too > > > > *Message Content Protection (MCP)* > > *MCP:* > > > > * N * > > *High Scoring MCP:* > > > > * N * > > *SpamAssassin MCP:* > > > > * N * > > *MCP Whitelisted:* > > > > * N * > > *MCP Blacklisted:* > > > > * N * > > Regards > > Ejaz > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > < mailto:mailscanner at lists.mailscanner.info> > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > < mailto:mailscanner at lists.mailscanner.info> > http://lists.mailscanner.info/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > < mailto:mailscanner at lists.mailscanner.info> > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > < mailto:mailscanner at lists.mailscanner.info> > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > < mailto:mailscanner at lists.mailscanner.info> > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > < mailto:mailscanner at lists.mailscanner.info> > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > < mailto:mailscanner at lists.mailscanner.info> > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Trusted Management Limited, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mejaz at cyberia.net.sa Wed Apr 8 10:02:38 2015 From: mejaz at cyberia.net.sa (Mohammed Ejaz) Date: Wed, 8 Apr 2015 13:02:38 +0300 Subject: {Disarmed} RE: {Disarmed} RE: {Disarmed} RE: PDF-Corruption In-Reply-To: <00bc01d071e2$6b540380$41fc0a80$@net.sa> References: <2F032519-327E-4F27-8C50-902B70106765@mailborder.com> <7DC92EC3-6CA7-4841-A314-707C356220E8@mailborder.com> <008701d07117$8dce5300$a96af900$@net.sa> <36D3757D-EE33-42D8-BF20-72B15C458FD1@mailborder.com> <002901d071d6$91057b60$b3107220$@net.sa> <5524EEAD.2030006@fink-computer.de> <006e01d071dd$ab4c2670$01e47350$@net.sa> <00bc01d071e2$6b540380$41fc0a80$@net.sa> Message-ID: <00d001d071e3$2740afd0$75c20f70$@net.sa> You mean enabling “TNEF Expander = internal” in mailscanner.conf and should “TNEF Expander = /usr/bin/tnef --maxsize=100000000” disable?? That’s it. Ejaz From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mohammed Ejaz Sent: Wednesday, April 08, 2015 12:57 PM To: 'MailScanner Discussion' Subject: RE: {Disarmed} RE: {Disarmed} RE: {Disarmed} RE: PDF-Corruption Would you please help me, How can I switched existing TNEF to using the internal (PERL) Ejaz From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Paul Overton Sent: Wednesday, April 08, 2015 12:41 PM To: MailScanner Discussion Subject: {Disarmed} RE: {Disarmed} RE: {Disarmed} RE: PDF-Corruption I have found in the past that the binary TNEF expander is unreliable, I switched to using the internal (PERL) one some time ago. I seem to recall that this solved a number of problems, including PDF files. Regards Paul From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mohammed Ejaz Sent: 08 April 2015 10:23 To: 'MailScanner Discussion' Subject: {Disarmed} RE: {Disarmed} RE: PDF-Corruption My existing settings as follows Expand TNEF = no Use TNEF Contents = replace TNEF Expander = /usr/bin/tnef --maxsize=100000000 You want me to replace with the below??? Expand TNEF = yes Use TNEF Contents = replace Since the other one TNEF expander is similar your one and mine. And do the test?? Ejaz -----Original Message----- From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Heino Backhaus Sent: Wednesday, April 08, 2015 12:03 PM To: MailScanner Discussion Subject: Re: {Disarmed} RE: PDF-Corruption Hi Ejaz, I'm using the following settings: Expand TNEF = yes Use TNEF Contents = replace ... TNEF Expander = /opt/MailScanner/bin/tnef --maxsize=100000000 These are very similar to yours and it's just running fine for me. In your case I would try this: Use TNEF Contents = add So, if the receipient's got an MS Outlook you/she/he can take a look at the contents of the winmail.dat an see if the pdf-file is viewable and compare it to the extracted one. cu -Heino Am 08.04.2015 um 10:32 schrieb Mohammed Ejaz: > Hi > > The problem is we cannot tell end user before sending an email to us, > use only rich/plain or html text etc… So it should be control from > our mailgatways is it?? > > Thank in advance really I do appreciate your great support. > > Ejaz > > *From:*MailScanner [ mailto:mailscanner-bounces at lists.mailscanner.info] > *On Behalf Of *Jerry Benton > *Sent:* Tuesday, April 07, 2015 12:45 PM > *To:* MailScanner Discussion > *Subject:* Re: PDF-Corruption > > One user is using Rich Text, the other is not. > > > - > > Jerry Benton > > www.mailborder.com < http://www.mailborder.com> > > On Apr 7, 2015, at 5:45 AM, Mohammed Ejaz < mailto:mejaz at cyberia.net.sa>> wrote: > > All. > > The same PDF file when other user whose also using an exchange > server, we are receiving it perfectly which is being relayed > through same MailScanner. > > The PDF are getting corrupted from few exchange servers only. What > could be the reason. > > Ejaz > > *From:*MailScanner > [ mailto:mailscanner-bounces at lists.mailscanner.info]*On Behalf > Of*Alex Neuman > *Sent:*Monday, April 06, 2015 8:07 PM > *To:*MailScanner Discussion > *Subject:*Re: PDF-Corruption > > If it did, indeed, stop it - though from experience it's more likely > a TNEF issue. > > I'd switch the TNEF unpacker to the internal and/or verify that the > latest perl modules/tnef programs are installed, to be on the safe side. > > Web Bug from > > MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v > 5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=05c > c99e4-a934-4057-8312-5895ed2ee49c > > > > *Alex Neuman van der Hans* > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > Mobile: +507 6781-9505 > Work: *MailScanner has detected a possible fraud attempt from > "+5078326725" claiming to be* +507 832-6725 < MailScanner has detected a possible fraud attempt from "+5078326725" claiming to be http://+5078326725/> > Work (USA): +1 (440) 253-9789 > > Skype: AlexNeuman > > > Don't miss Vida Digital on LiveStream > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Fnew.livestream.com%2Faccounts%2F5061819&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c>! > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > Follow *@AlexNeuman > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ftwitter.com%2Falexneuman&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c>* on > Twitter > Like Vida Digital > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ffacebook.com%2Fvidadigital%2F&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c> on > Facebook > > Follow VidaDigital > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Finstagram.com%2Fvidadigital&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c> on > Instagram > > Subscribe to Vida Digital > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Fyoutube.com%2Freliantpty&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c> on > Youtube > > On Mon, Apr 6, 2015 at 11:57 AM, Jerry Benton > < jerry.benton at mailborder.com > > wrote: > > “... until you figure out which one is stopping or corrupting the PDF.” > > I saw it. Still applies. > > > - > > Jerry Benton > > www.mailborder.com < http://www.mailborder.com/> > > On Apr 6, 2015, at 12:55 PM, Alex Neuman > < alex at vidadigital.com.pa > wrote: > > I believe he mentioned the PDF's are being corrupted, not stopped. > > > > *Alex Neuman van der Hans* > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > Mobile: +507 6781-9505 > Work: *MailScanner has detected a possible fraud attempt from > "+5078326725" claiming to be* +507 832-6725 < MailScanner has detected a possible fraud attempt from "+5078326725" claiming to be http://+5078326725/> > Work (USA): +1 (440) 253-9789 > > Skype: AlexNeuman > > > Don't miss Vida Digital on LiveStream > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Fnew.livestream.com%2Faccounts%2F5061819&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23>! > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > Follow *@AlexNeuman > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ftwitter.com%2Falexneuman&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23>* on > Twitter > Like Vida Digital > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ffacebook.com%2Fvidadigital%2F&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23> on > Facebook > > Follow VidaDigital > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Finstagram.com%2Fvidadigital&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23> on > Instagram > > Subscribe to Vida Digital > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Fyoutube.com%2Freliantpty&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23> on > Youtube > > On Mon, Apr 6, 2015 at 11:29 AM, Jerry Benton > < mailto:jerry.benton at mailborder.com>> wrote: > > The PDF probably has a disallowed MIME type in the document. > Edit your MIME types config file in /etc/MailScanner and allow > all MIME types. Resend the email and see if it gets through. If > it does, enable each MIME type until you figure out which one is > stopping or corrupting the PDF. Note that there is a problem > with the current Linux “file” command that has been causing > problems with a lot of applications. > > This may or may not be your problem, but of the customers I have > dealt with at Mailborder complaining of this issue, this is > often the problem. > > > - > > Jerry Benton > > www.mailborder.com < http://www.mailborder.com/> > > On Apr 6, 2015, at 12:04 PM, Mohammed Ejaz > < mejaz at cyberia.net.sa > wrote: > > Thanks a lot sorry to disturb you, I called during your > meeting. As I was unaware about it. > > *_This is what all I have for Tnef settings in my > mailscanner. _*Does Any modification required ??? Please > advice. > > Again thank you for your time. > > *__* > > *__* > > Expand TNEF attachments using an external program (or a Perl > module)? > > # within the TNEF attachment will not be checked against the > filename rules. > > Expand TNEF = no > > # When the TNEF (winmail.dat) attachments are expanded, > should the > > # in "Outlook Rich Text Format" (TNEF) will be able to read > the attachments > > # no => Leave winmail.dat TNEF attachments alone. > > # TNEF messages being doubled in size. > > # replace => Replace the winmail.dat TNEF attachment with > the files it > > Use TNEF Contents = replace > > # We are working on a replacement for the TNEF decoder. > > Deliver Unparsable TNEF = yes > > # Where the MS-TNEF expander is installed. > > # the external TNEF expander binary, > > # may be. It helps protect against Denial Of Service attacks > in TNEF files. > > #TNEF Expander = internal > > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > > # The maximum length of time the TNEF Expander is allowed to > run for 1 message. > > TNEF Timeout = 120 > > # maybe TNEF files to not be archives as they are really > just another way > > # tnef -- "winmail.dat" files created by Microsoft > Exchange or Outlook > > I believe Mailborder and FSL systems provide official support. > > Do you have any contacts email/phone numbers > > Ejaz > > *From:* MailScanner > [ mailto:mailscanner-bounces at lists.mailscanner.info] *On > Behalf Of *Alex Neuman > *Sent:* Monday, April 06, 2015 6:43 PM > *To:* MailScanner discussion > *Subject:* RE: PDF-Corruption > > I believe Mailborder and FSL systems provide official support. > > Try modifying your TNEF decoder settings in MailScanner.conf. > > On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" > < mejaz at cyberia.net.sa > wrote: > > Thanks, > > I cannot ask the customer as so many of them are complaining > for the same, I can make any exception from my side from > the MailScanner configuration. > > Is there any officially support for mailscanner?? As I > wanted to subscribe it. > > Ejaz > > *From:* MailScanner > [mailto:mailscanner-bounces at lists.mailscanner.info > < mailto:mailscanner-bounces at lists.mailscanner.info>] *On > Behalf Of *Alex Neuman > *Sent:* Monday, April 06, 2015 5:25 PM > *To:* MailScanner Discussion > *Subject:* Re: PDF-Corruption > > Do an MD5SUM of the PDF file before and after processing. > > Also, ask the originator NOT to use TNEF encoding (Rich Text > Format). > > Web Bug from > > MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v > 5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=8f4 > 1d298-9289-4b2f-8696-168d37d56000 > > > > *Alex Neuman van der Hans* > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > Mobile: +507 6781-9505 < tel:%2B507%206781-9505> > Work: *MailScanner has detected a possible fraud attempt > from "+5078326725" claiming to be* +507 832-6725 > < MailScanner has detected a possible fraud attempt from "+5078326725" claiming to be http://+5078326725/> > Work (USA): +1 (440) 253-9789 > < tel:%2B1%20%28440%29%20253-9789> > > Skype: AlexNeuman > > > Don't miss Vida Digital on LiveStream > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Fnew.livestream.com%2Faccounts%2F5061819&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000>! > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > Follow *@AlexNeuman > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ftwitter.com%2Falexneuman&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000>* on > Twitter > Like Vida Digital > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ffacebook.com%2Fvidadigital%2F&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000> on > Facebook > > Follow VidaDigital > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Finstagram.com%2Fvidadigital&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000> on > Instagram > > Subscribe to Vida Digital > < MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Fyoutube.com%2Freliantpty&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000> on > Youtube > > On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz > < mejaz at cyberia.net.sa > wrote: > > Hello. > > One of my user keep complaining that he is unable to > receive the PDF attachment properly, they are getting > corrupted. But when I check my logs it doesn’t show any > problem. Now my concern is how to justify the customer the > problem is from his side or from my MailScanner. Please > advice. Thanks for your usual co-operation. > > *_Below are the logs for the corrupted attachement/message > _* > > Apr 6 15:27:08 nmersal MailScanner[23116]: Message > C98395DF459.A2E18 from 150.70.237.8 > ( eyad.nashed at natcom.com.sa > < mailto:eyad.nashed at natcom.com.sa>) to unitedgroup.com.sa > < http://unitedgroup.com.sa/> is too big for spam checks > (497744 > 150000 bytes) > > Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: > C98395DF459.A2E18 to 555C55DF544 > > Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message > C98395DF459.A2E18 to SQL > > Apr 6 15:27:08 nmersal MailScanner[24178]: > C98395DF459.A2E18: Logged to MailWatch SQL > > *_Mail watch screen shot for the same message. _* > > *Received on:* > > > > 06/04/15 15:27:08 > > *Received by:* > > > > nmersal.cyberia.net.sa < http://nmersal.cyberia.net.sa/> > > *Received from:* > > > > 150.70.237.8 > > > > [Add to Whitelist > < http://nmersal.cyberia.net.sa/mailscanner/lists.php?host=150.70.237.8&from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader at unitedgroup.com.sa&type=h&list=w> | > Add to Blacklist > > &from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader > @unitedgroup.com.sa&type=h&list=b>] > > *Received Via:* > > > > *IP Address* > > > > *Hostname* > > > > *Country* > > > > *RBL* > > > > *Spam* > > > > *Virus* > > > > *All* > > 150.70.237.8 > > > > rout01.hes.trendmicro.eu > < http://rout01.hes.trendmicro.eu/> > > > > (GeoIP Lookup Failed) > > > > > [ 8>] > > > > > [ lay=150.70.237.8&isspam=1>] > > > > > [ lay=150.70.237.8&isvirus=1>] > > > > > [ lay=150.70.237.8>] > > 10.36.162.83 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > > [ 3>] > > > > > [ lay=10.36.162.83&isspam=1>] > > > > > [ lay=10.36.162.83&isvirus=1>] > > > > > [ lay=10.36.162.83>] > > 89.237.187.138 > > > > SJV-EXHC1.natcom.com.sa < http://sjv-exhc1.natcom.com.sa/> > > > > (GeoIP Lookup Failed) > > > > > [ 138>] > > > > > [ lay=89.237.187.138&isspam=1>] > > > > > [ lay=89.237.187.138&isvirus=1>] > > > > > [ lay=89.237.187.138>] > > 172.16.200.106 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > > [ 106>] > > > > > [ lay=172.16.200.106&isspam=1>] > > > > > [ lay=172.16.200.106&isvirus=1>] > > > > > [ lay=172.16.200.106>] > > 172.16.200.105 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > > [ 105>] > > > > > [ lay=172.16.200.105&isspam=1>] > > > > > [ lay=172.16.200.105&isvirus=1>] > > > > > [ lay=172.16.200.105>] > > 94.96.34.151 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > > [ 1>] > > > > > [ lay=94.96.34.151&isspam=1>] > > > > > [ lay=94.96.34.151&isvirus=1>] > > > > > [ lay=94.96.34.151>] > > *ID:* > > > > C98395DF459.A2E18 > > *Message Headers:* > > > > Received: from rout01.hes.trendmicro.eu > < http://rout01.hes.trendmicro.eu/> (rout01.hes.trendmicro.eu > < http://rout01.hes.trendmicro.eu/> [150.70.237.8]) > by nmersal.cyberia.net.sa > < http://nmersal.cyberia.net.sa/> (Postfix) with ESMTP id > C98395DF459; > Mon, 6 Apr 2015 15:27:04 +0300 (AST) > Received: from outmta.starcloud.com > < http://outmta.starcloud.com/> (unknown [10.36.162.83]) > by rout01.hes.trendmicro.eu > < http://rout01.hes.trendmicro.eu/> (Postfix) with SMTP id > A01EA740040; > Mon, 6 Apr 2015 12:24:17 +0000 (UTC) > Received: from SJV-EXHC1.natcom.com.sa > < http://sjv-exhc1.natcom.com.sa/> (unknown [89.237.187.138]) > by relay03.hes.trendmicro.eu > < http://relay03.hes.trendmicro.eu/> (Postfix) with ESMTPS id > 0CADD108003B; > Mon, 6 Apr 2015 12:24:13 +0000 (UTC) > Received: from SJV-EXMB1.natcom.com.sa > < http://sjv-exmb1.natcom.com.sa/> ([172.16.200.106]) by > SJV-EXHC1.natcom.com.sa > < http://sjv-exhc1.natcom.com.sa/> ([172.16.200.105]) with > mapi id 14.03.0174.001; Mon, > 6 Apr 2015 15:24:12 +0300 > From: Eyad Nashed < mailto:eyad.nashed at natcom.com.sa>> > To: Charbel Abi Nader < mailto:cabinader at unitedgroup.com.sa>> > CC: Mustafa Khan < mailto:makhan at unitedgroup.com.sa>>, Hekmat Qassem > < hekmatq at natcom.com.sa > > Subject: RE: Cisco Access Point Quotation > Thread-Topic: Cisco Access Point Quotation > Thread-Index: > AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw > Date: Mon, 6 Apr 2015 12:24:11 +0000 > Message-ID: > < mailto:FBD94B164BE21A4393DB52F7CD6C8DFD16D46764 at SJV-EXMB1.natcom.com.sa>> > References: > <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > < mailto:5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa>> > In-Reply-To: > <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > < mailto:5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa>> > Accept-Language: en-US > Content-Language: en-US > X-MS-Has-Attach: yes > X-MS-TNEF-Correlator: > x-originating-ip: [94.96.34.151] > Content-Type: multipart/mixed; > > boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" > MIME-Version: 1.0 > X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 > X-TMASE-Result: 10--28.541000-7.000000 > X-TMASE-MatchedRID: > OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ > > > G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgE > ve5PR > > > Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClR > wk/W3 > > > 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRx > YRCMk > > > pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9 > jTVgr > > > vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHC > e0E4q > > > Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhe > Pwhb7 > > > LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54Lbx > FLzYP > > > EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YR > Hfthv > > > /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCx > GdJ4e > > > SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTND > UDi9i > > > 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/g > T2zXY > > a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso > 7pnCj3Td6w7ozQLgmIj9pQ1oyg== > > *From:* > > > > eyad.nashed at natcom.com.sa > < mailto:eyad.nashed at natcom.com.sa> > > > > [Add to Whitelist > < http://nmersal.cyberia.net.sa/mailscanner/lists.php?host=150.70.237.8&from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader at unitedgroup.com.sa&type=f&list=w> | > Add to Blacklist > > &from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader > @unitedgroup.com.sa&type=f&list=b>] > > *To:* > > > > makhan at unitedgroup.com.sa < mailto:makhan at unitedgroup.com.sa> > cabinader at unitedgroup.com.sa > < mailto:cabinader at unitedgroup.com.sa> > > *Subject:* > > > > RE: Cisco Access Point Quotation > > *Size:* > > > > 486.1Kb > > *Anti-Virus/Dangerous Content Protection* > > *Virus:* > > > > * N * > > *Blocked File:* > > > > * N * > > *Other Infection:* > > > > * N * > > *SpamAssassin* > > *Spam:* > > > > * N * Action(s): deliver, header, "X-Spam-Status:, No" > > *High Scoring Spam:* > > > > * N * > > *SpamAssassin Spam:* > > > > * N * > > *Listed in RBL:* > > > > * N * > > *Spam Whitelisted:* > > > > * N * > > *Spam Blacklisted:* > > > > * N * > > *SpamAssassin Autolearn:* > > > > * N * > > *SpamAssassin Score:* > > > > 0.00 > > *Spam Report:* > > > > *Score* > > > > *Matching Rule* > > > > *Description* > > large > > > > too > > > > *Message Content Protection (MCP)* > > *MCP:* > > > > * N * > > *High Scoring MCP:* > > > > * N * > > *SpamAssassin MCP:* > > > > * N * > > *MCP Whitelisted:* > > > > * N * > > *MCP Blacklisted:* > > > > * N * > > Regards > > Ejaz > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > < mailto:mailscanner at lists.mailscanner.info> > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > < mailto:mailscanner at lists.mailscanner.info> > http://lists.mailscanner.info/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > < mailto:mailscanner at lists.mailscanner.info> > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > < mailto:mailscanner at lists.mailscanner.info> > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > < mailto:mailscanner at lists.mailscanner.info> > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > < mailto:mailscanner at lists.mailscanner.info> > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > < mailto:mailscanner at lists.mailscanner.info> > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Trusted Management Limited, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul at trusted-management.com Wed Apr 8 10:10:31 2015 From: paul at trusted-management.com (Paul Overton) Date: Wed, 8 Apr 2015 11:10:31 +0100 Subject: {Disarmed} RE: {Disarmed} RE: {Disarmed} RE: {Disarmed} RE: {Disarmed} RE: PDF-Corruption In-Reply-To: <00d001d071e3$2740afd0$75c20f70$@net.sa> References: <2F032519-327E-4F27-8C50-902B70106765@mailborder.com> <7DC92EC3-6CA7-4841-A314-707C356220E8@mailborder.com> <008701d07117$8dce5300$a96af900$@net.sa> <36D3757D-EE33-42D8-BF20-72B15C458FD1@mailborder.com> <002901d071d6$91057b60$b3107220$@net.sa> <5524EEAD.2030006@fink-computer.de> <006e01d071dd$ab4c2670$01e47350$@net.sa> <00bc01d071e2$6b540380$41fc0a80$@net.sa> <00d001d071e3$2740afd0$75c20f70$@net.sa> Message-ID: This is what I had in mind. “TNEF Expander = internal” The notes in the config file above this entry explain it. Paul From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mohammed Ejaz Sent: 08 April 2015 11:03 To: 'MailScanner Discussion' Subject: {Disarmed} RE: {Disarmed} RE: {Disarmed} RE: {Disarmed} RE: PDF-Corruption You mean enabling “TNEF Expander = internal” in mailscanner.conf and should “TNEF Expander = /usr/bin/tnef --maxsize=100000000” disable?? That’s it. Ejaz From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mohammed Ejaz Sent: Wednesday, April 08, 2015 12:57 PM To: 'MailScanner Discussion' Subject: RE: {Disarmed} RE: {Disarmed} RE: {Disarmed} RE: PDF-Corruption Would you please help me, How can I switched existing TNEF to using the internal (PERL) Ejaz From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Paul Overton Sent: Wednesday, April 08, 2015 12:41 PM To: MailScanner Discussion Subject: {Disarmed} RE: {Disarmed} RE: {Disarmed} RE: PDF-Corruption I have found in the past that the binary TNEF expander is unreliable, I switched to using the internal (PERL) one some time ago. I seem to recall that this solved a number of problems, including PDF files. Regards Paul From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mohammed Ejaz Sent: 08 April 2015 10:23 To: 'MailScanner Discussion' Subject: {Disarmed} RE: {Disarmed} RE: PDF-Corruption My existing settings as follows Expand TNEF = no Use TNEF Contents = replace TNEF Expander = /usr/bin/tnef --maxsize=100000000 You want me to replace with the below??? Expand TNEF = yes Use TNEF Contents = replace Since the other one TNEF expander is similar your one and mine. And do the test?? Ejaz -----Original Message----- From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Heino Backhaus Sent: Wednesday, April 08, 2015 12:03 PM To: MailScanner Discussion Subject: Re: {Disarmed} RE: PDF-Corruption Hi Ejaz, I'm using the following settings: Expand TNEF = yes Use TNEF Contents = replace ... TNEF Expander = /opt/MailScanner/bin/tnef --maxsize=100000000 These are very similar to yours and it's just running fine for me. In your case I would try this: Use TNEF Contents = add So, if the receipient's got an MS Outlook you/she/he can take a look at the contents of the winmail.dat an see if the pdf-file is viewable and compare it to the extracted one. cu -Heino Am 08.04.2015 um 10:32 schrieb Mohammed Ejaz: > Hi > > The problem is we cannot tell end user before sending an email to us, > use only rich/plain or html text etc… So it should be control from > our mailgatways is it?? > > Thank in advance really I do appreciate your great support. > > Ejaz > > *From:*MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] > *On Behalf Of *Jerry Benton > *Sent:* Tuesday, April 07, 2015 12:45 PM > *To:* MailScanner Discussion > *Subject:* Re: PDF-Corruption > > One user is using Rich Text, the other is not. > > > - > > Jerry Benton > > www.mailborder.com > > On Apr 7, 2015, at 5:45 AM, Mohammed Ejaz > wrote: > > All. > > The same PDF file when other user whose also using an exchange > server, we are receiving it perfectly which is being relayed > through same MailScanner. > > The PDF are getting corrupted from few exchange servers only. What > could be the reason. > > Ejaz > > *From:*MailScanner > [mailto:mailscanner-bounces at lists.mailscanner.info]*On Behalf > Of*Alex Neuman > *Sent:*Monday, April 06, 2015 8:07 PM > *To:*MailScanner Discussion > *Subject:*Re: PDF-Corruption > > If it did, indeed, stop it - though from experience it's more likely > a TNEF issue. > > I'd switch the TNEF unpacker to the internal and/or verify that the > latest perl modules/tnef programs are installed, to be on the safe side. > > Web Bug from > > MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v > 5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=05c > c99e4-a934-4057-8312-5895ed2ee49c > > > > *Alex Neuman van der Hans* > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > Mobile: +507 6781-9505 > Work: *MailScanner has detected a possible fraud attempt from > "+5078326725" claiming to be* +507 832-6725 > > Work (USA): +1 (440) 253-9789 > > Skype: AlexNeuman > > > Don't miss Vida Digital on LiveStream > >! > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > Follow *@AlexNeuman > >* on > Twitter > Like Vida Digital > > on > Facebook > > Follow VidaDigital > > on > Instagram > > Subscribe to Vida Digital > > on > Youtube > > On Mon, Apr 6, 2015 at 11:57 AM, Jerry Benton > >> > wrote: > > “... until you figure out which one is stopping or corrupting the PDF.” > > I saw it. Still applies. > > > - > > Jerry Benton > > www.mailborder.com > > On Apr 6, 2015, at 12:55 PM, Alex Neuman > >> wrote: > > I believe he mentioned the PDF's are being corrupted, not stopped. > > > > *Alex Neuman van der Hans* > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > Mobile: +507 6781-9505 > Work: *MailScanner has detected a possible fraud attempt from > "+5078326725" claiming to be* +507 832-6725 > > Work (USA): +1 (440) 253-9789 > > Skype: AlexNeuman > > > Don't miss Vida Digital on LiveStream > >! > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > Follow *@AlexNeuman > >* on > Twitter > Like Vida Digital > > on > Facebook > > Follow VidaDigital > > on > Instagram > > Subscribe to Vida Digital > > on > Youtube > > On Mon, Apr 6, 2015 at 11:29 AM, Jerry Benton > > wrote: > > The PDF probably has a disallowed MIME type in the document. > Edit your MIME types config file in /etc/MailScanner and allow > all MIME types. Resend the email and see if it gets through. If > it does, enable each MIME type until you figure out which one is > stopping or corrupting the PDF. Note that there is a problem > with the current Linux “file” command that has been causing > problems with a lot of applications. > > This may or may not be your problem, but of the customers I have > dealt with at Mailborder complaining of this issue, this is > often the problem. > > > - > > Jerry Benton > > www.mailborder.com > > On Apr 6, 2015, at 12:04 PM, Mohammed Ejaz > >> wrote: > > Thanks a lot sorry to disturb you, I called during your > meeting. As I was unaware about it. > > *_This is what all I have for Tnef settings in my > mailscanner. _*Does Any modification required ??? Please > advice. > > Again thank you for your time. > > *__* > > *__* > > Expand TNEF attachments using an external program (or a Perl > module)? > > # within the TNEF attachment will not be checked against the > filename rules. > > Expand TNEF = no > > # When the TNEF (winmail.dat) attachments are expanded, > should the > > # in "Outlook Rich Text Format" (TNEF) will be able to read > the attachments > > # no => Leave winmail.dat TNEF attachments alone. > > # TNEF messages being doubled in size. > > # replace => Replace the winmail.dat TNEF attachment with > the files it > > Use TNEF Contents = replace > > # We are working on a replacement for the TNEF decoder. > > Deliver Unparsable TNEF = yes > > # Where the MS-TNEF expander is installed. > > # the external TNEF expander binary, > > # may be. It helps protect against Denial Of Service attacks > in TNEF files. > > #TNEF Expander = internal > > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > > # The maximum length of time the TNEF Expander is allowed to > run for 1 message. > > TNEF Timeout = 120 > > # maybe TNEF files to not be archives as they are really > just another way > > # tnef -- "winmail.dat" files created by Microsoft > Exchange or Outlook > > I believe Mailborder and FSL systems provide official support. > > Do you have any contacts email/phone numbers > > Ejaz > > *From:* MailScanner > [mailto:mailscanner-bounces at lists.mailscanner.info] *On > Behalf Of *Alex Neuman > *Sent:* Monday, April 06, 2015 6:43 PM > *To:* MailScanner discussion > *Subject:* RE: PDF-Corruption > > I believe Mailborder and FSL systems provide official support. > > Try modifying your TNEF decoder settings in MailScanner.conf. > > On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" > >> wrote: > > Thanks, > > I cannot ask the customer as so many of them are complaining > for the same, I can make any exception from my side from > the MailScanner configuration. > > Is there any officially support for mailscanner?? As I > wanted to subscribe it. > > Ejaz > > *From:* MailScanner > [mailto:mailscanner-bounces at lists.mailscanner.info > ] *On > Behalf Of *Alex Neuman > *Sent:* Monday, April 06, 2015 5:25 PM > *To:* MailScanner Discussion > *Subject:* Re: PDF-Corruption > > Do an MD5SUM of the PDF file before and after processing. > > Also, ask the originator NOT to use TNEF encoding (Rich Text > Format). > > Web Bug from > > MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: MailScanner has detected definite fraud in the website at "t.signaleuna.com". Do not trust this website: http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v > 5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=8f4 > 1d298-9289-4b2f-8696-168d37d56000 > > > > *Alex Neuman van der Hans* > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > Mobile: +507 6781-9505 > Work: *MailScanner has detected a possible fraud attempt > from "+5078326725" claiming to be* +507 832-6725 > > > Work (USA): +1 (440) 253-9789 > > > Skype: AlexNeuman > > > Don't miss Vida Digital on LiveStream > >! > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > Follow *@AlexNeuman > >* on > Twitter > Like Vida Digital > > on > Facebook > > Follow VidaDigital > > on > Instagram > > Subscribe to Vida Digital > > on > Youtube > > On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz > >> wrote: > > Hello. > > One of my user keep complaining that he is unable to > receive the PDF attachment properly, they are getting > corrupted. But when I check my logs it doesn’t show any > problem. Now my concern is how to justify the customer the > problem is from his side or from my MailScanner. Please > advice. Thanks for your usual co-operation. > > *_Below are the logs for the corrupted attachement/message > _* > > Apr 6 15:27:08 nmersal MailScanner[23116]: Message > C98395DF459.A2E18 from 150.70.237.8 > (eyad.nashed at natcom.com.sa > ) to unitedgroup.com.sa > is too big for spam checks > (497744 > 150000 bytes) > > Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: > C98395DF459.A2E18 to 555C55DF544 > > Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message > C98395DF459.A2E18 to SQL > > Apr 6 15:27:08 nmersal MailScanner[24178]: > C98395DF459.A2E18: Logged to MailWatch SQL > > *_Mail watch screen shot for the same message. _* > > *Received on:* > > > > 06/04/15 15:27:08 > > *Received by:* > > > > nmersal.cyberia.net.sa > > *Received from:* > > > > 150.70.237.8 > > > > [Add to Whitelist > | > Add to Blacklist > > &from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader > @unitedgroup.com.sa&type=h&list=b>] > > *Received Via:* > > > > *IP Address* > > > > *Hostname* > > > > *Country* > > > > *RBL* > > > > *Spam* > > > > *Virus* > > > > *All* > > 150.70.237.8 > > > > rout01.hes.trendmicro.eu > > > > > (GeoIP Lookup Failed) > > > > > [ 8>] > > > > > [ lay=150.70.237.8&isspam=1>] > > > > > [ lay=150.70.237.8&isvirus=1>] > > > > > [ lay=150.70.237.8>] > > 10.36.162.83 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > > [ 3>] > > > > > [ lay=10.36.162.83&isspam=1>] > > > > > [ lay=10.36.162.83&isvirus=1>] > > > > > [ lay=10.36.162.83>] > > 89.237.187.138 > > > > SJV-EXHC1.natcom.com.sa > > > > (GeoIP Lookup Failed) > > > > > [ 138>] > > > > > [ lay=89.237.187.138&isspam=1>] > > > > > [ lay=89.237.187.138&isvirus=1>] > > > > > [ lay=89.237.187.138>] > > 172.16.200.106 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > > [ 106>] > > > > > [ lay=172.16.200.106&isspam=1>] > > > > > [ lay=172.16.200.106&isvirus=1>] > > > > > [ lay=172.16.200.106>] > > 172.16.200.105 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > > [ 105>] > > > > > [ lay=172.16.200.105&isspam=1>] > > > > > [ lay=172.16.200.105&isvirus=1>] > > > > > [ lay=172.16.200.105>] > > 94.96.34.151 > > > > (Reverse Lookup Failed) > > > > (GeoIP Lookup Failed) > > > > > [ 1>] > > > > > [ lay=94.96.34.151&isspam=1>] > > > > > [ lay=94.96.34.151&isvirus=1>] > > > > > [ lay=94.96.34.151>] > > *ID:* > > > > C98395DF459.A2E18 > > *Message Headers:* > > > > Received: from rout01.hes.trendmicro.eu > (rout01.hes.trendmicro.eu > [150.70.237.8]) > by nmersal.cyberia.net.sa > (Postfix) with ESMTP id > C98395DF459; > Mon, 6 Apr 2015 15:27:04 +0300 (AST) > Received: from outmta.starcloud.com > (unknown [10.36.162.83]) > by rout01.hes.trendmicro.eu > (Postfix) with SMTP id > A01EA740040; > Mon, 6 Apr 2015 12:24:17 +0000 (UTC) > Received: from SJV-EXHC1.natcom.com.sa > (unknown [89.237.187.138]) > by relay03.hes.trendmicro.eu > (Postfix) with ESMTPS id > 0CADD108003B; > Mon, 6 Apr 2015 12:24:13 +0000 (UTC) > Received: from SJV-EXMB1.natcom.com.sa > ([172.16.200.106]) by > SJV-EXHC1.natcom.com.sa > ([172.16.200.105]) with > mapi id 14.03.0174.001; Mon, > 6 Apr 2015 15:24:12 +0300 > From: Eyad Nashed > > To: Charbel Abi Nader > > CC: Mustafa Khan >, Hekmat Qassem > >> > Subject: RE: Cisco Access Point Quotation > Thread-Topic: Cisco Access Point Quotation > Thread-Index: > AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw > Date: Mon, 6 Apr 2015 12:24:11 +0000 > Message-ID: > > > References: > <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > > > In-Reply-To: > <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > > > Accept-Language: en-US > Content-Language: en-US > X-MS-Has-Attach: yes > X-MS-TNEF-Correlator: > x-originating-ip: [94.96.34.151] > Content-Type: multipart/mixed; > > boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" > MIME-Version: 1.0 > X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 > X-TMASE-Result: 10--28.541000-7.000000 > X-TMASE-MatchedRID: > OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ > > > G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgE > ve5PR > > > Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClR > wk/W3 > > > 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRx > YRCMk > > > pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9 > jTVgr > > > vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHC > e0E4q > > > Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhe > Pwhb7 > > > LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54Lbx > FLzYP > > > EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YR > Hfthv > > > /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCx > GdJ4e > > > SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTND > UDi9i > > > 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/g > T2zXY > > a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso > 7pnCj3Td6w7ozQLgmIj9pQ1oyg== > > *From:* > > > > eyad.nashed at natcom.com.sa > > > > > [Add to Whitelist > | > Add to Blacklist > > &from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader > @unitedgroup.com.sa&type=f&list=b>] > > *To:* > > > > makhan at unitedgroup.com.sa > cabinader at unitedgroup.com.sa > > > *Subject:* > > > > RE: Cisco Access Point Quotation > > *Size:* > > > > 486.1Kb > > *Anti-Virus/Dangerous Content Protection* > > *Virus:* > > > > * N * > > *Blocked File:* > > > > * N * > > *Other Infection:* > > > > * N * > > *SpamAssassin* > > *Spam:* > > > > * N * Action(s): deliver, header, "X-Spam-Status:, No" > > *High Scoring Spam:* > > > > * N * > > *SpamAssassin Spam:* > > > > * N * > > *Listed in RBL:* > > > > * N * > > *Spam Whitelisted:* > > > > * N * > > *Spam Blacklisted:* > > > > * N * > > *SpamAssassin Autolearn:* > > > > * N * > > *SpamAssassin Score:* > > > > 0.00 > > *Spam Report:* > > > > *Score* > > > > *Matching Rule* > > > > *Description* > > large > > > > too > > > > *Message Content Protection (MCP)* > > *MCP:* > > > > * N * > > *High Scoring MCP:* > > > > * N * > > *SpamAssassin MCP:* > > > > * N * > > *MCP Whitelisted:* > > > > * N * > > *MCP Blacklisted:* > > > > * N * > > Regards > > Ejaz > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Trusted Management Limited, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Trusted Management Limited, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heino.backhaus at fink-computer.de Wed Apr 8 10:10:52 2015 From: heino.backhaus at fink-computer.de (Heino Backhaus) Date: Wed, 8 Apr 2015 12:10:52 +0200 Subject: {Disarmed} RE: {Disarmed} RE: {Disarmed} RE: {Disarmed} RE: PDF-Corruption In-Reply-To: <00d001d071e3$2740afd0$75c20f70$@net.sa> References: <2F032519-327E-4F27-8C50-902B70106765@mailborder.com> <7DC92EC3-6CA7-4841-A314-707C356220E8@mailborder.com> <008701d07117$8dce5300$a96af900$@net.sa> <36D3757D-EE33-42D8-BF20-72B15C458FD1@mailborder.com> <002901d071d6$91057b60$b3107220$@net.sa> <5524EEAD.2030006@fink-computer.de> <006e01d071dd$ab4c2670$01e47350$@net.sa> <00bc01d071e2$6b540380$41fc0a80$@net.sa> <00d001d071e3$2740afd0$75c20f70$@net.sa> Message-ID: <5524FEAC.1020505@fink-computer.de> yes, ihmo it`s just that ;-) Do a restart of your Mailscanner-deamons, to activate the new settings. Regards Heino Am 08.04.2015 um 12:02 schrieb Mohammed Ejaz: > You mean enabling “TNEF Expander = internal” in mailscanner.conf and > should “TNEF Expander = /usr/bin/tnef --maxsize=100000000” disable?? > That’s it. > > Ejaz > > *From:*MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] > *On Behalf Of *Mohammed Ejaz > *Sent:* Wednesday, April 08, 2015 12:57 PM > *To:* 'MailScanner Discussion' > *Subject:* RE: {Disarmed} RE: {Disarmed} RE: {Disarmed} RE: PDF-Corruption > > Would you please help me, > > How can I switched existing TNEF to using the internal (PERL) > > Ejaz > > *From:*MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] > *On Behalf Of *Paul Overton > *Sent:* Wednesday, April 08, 2015 12:41 PM > *To:* MailScanner Discussion > *Subject:* {Disarmed} RE: {Disarmed} RE: {Disarmed} RE: PDF-Corruption > > I have found in the past that the binary TNEF expander is unreliable, I > switched to using the internal (PERL) one some time ago. I seem to > recall that this solved a number of problems, including PDF files. > > Regards Paul > > *From:* MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] > *On Behalf Of *Mohammed Ejaz > *Sent:* 08 April 2015 10:23 > *To:* 'MailScanner Discussion' > *Subject:* {Disarmed} RE: {Disarmed} RE: PDF-Corruption > > My existing settings as follows > > Expand TNEF = no > > Use TNEF Contents = replace > > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > > You want me to replace with the below??? > > Expand TNEF = yes > > Use TNEF Contents = replace > > Since the other one TNEF expander is similar your one and mine. > > And do the test?? > > Ejaz > > -----Original Message----- > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On > Behalf Of Heino Backhaus > Sent: Wednesday, April 08, 2015 12:03 PM > To: MailScanner Discussion > Subject: Re: {Disarmed} RE: PDF-Corruption > > Hi Ejaz, > > I'm using the following settings: > > Expand TNEF = yes > > Use TNEF Contents = replace > > ... > > TNEF Expander = /opt/MailScanner/bin/tnef --maxsize=100000000 > > These are very similar to yours and it's just running fine for me. In > your case I would try this: > > Use TNEF Contents = add > > So, if the receipient's got an MS Outlook you/she/he can take a look at > the contents of the winmail.dat an see if the pdf-file is viewable and > compare it to the extracted one. > > cu > > -Heino > > Am 08.04.2015 um 10:32 schrieb Mohammed Ejaz: > > > Hi > > > > > > The problem is we cannot tell end user before sending an email to us, > > > use only rich/plain or html text etc… So it should be control from > > > our mailgatways is it?? > > > > > > Thank in advance really I do appreciate your great support. > > > > > > Ejaz > > > > > > *From:*MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] > > > *On Behalf Of *Jerry Benton > > > *Sent:* Tuesday, April 07, 2015 12:45 PM > > > *To:* MailScanner Discussion > > > *Subject:* Re: PDF-Corruption > > > > > > One user is using Rich Text, the other is not. > > > > > > > > > - > > > > > > Jerry Benton > > > > > > www.mailborder.com > > > > > > > On Apr 7, 2015, at 5:45 AM, Mohammed Ejaz > > > wrote: > > > > > > All. > > > > > > The same PDF file when other user whose also using an exchange > > > server, we are receiving it perfectly which is being relayed > > > through same MailScanner. > > > > > > The PDF are getting corrupted from few exchange servers only. What > > > could be the reason. > > > > > > Ejaz > > > > > > *From:*MailScanner > > > [mailto:mailscanner-bounces at lists.mailscanner.info]*On Behalf > > > Of*Alex Neuman > > > *Sent:*Monday, April 06, 2015 8:07 PM > > > *To:*MailScanner Discussion > > > *Subject:*Re: PDF-Corruption > > > > > > If it did, indeed, stop it - though from experience it's more likely > > > a TNEF issue. > > > > > > I'd switch the TNEF unpacker to the internal and/or verify that the > > > latest perl modules/tnef programs are installed, to be on the > safe side. > > > > > > Web Bug from > > > > > > *MailScanner has detected a possible fraud attempt from > "t.signaleuna.com" claiming to be* *MailScanner has detected definite > fraud in the website at "t.signaleuna.com". Do /not/ trust this > website:* *MailScanner has detected definite fraud in the website at > "t.signaleuna.com". Do /not/ trust this website:* > http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v > > > 5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=05c > > > c99e4-a934-4057-8312-5895ed2ee49c > > > > > > > > > > > > *Alex Neuman van der Hans* > > > Reliant Technologies / Vida Digital > > > http://vidadigital.com.pa/ > > > > > > Mobile: +507 6781-9505 > > > Work: *MailScanner has detected a possible fraud attempt from > > > "+5078326725" claiming to be* +507 832-6725 <*MailScanner has > detected a possible fraud attempt from "+5078326725" claiming to be* > http://+5078326725/> > > > Work (USA): +1 (440) 253-9789 > > > > > > Skype: AlexNeuman > > > > > > > > > Don't miss Vida Digital on LiveStream > > > <*MailScanner has detected a possible fraud attempt from > "t.signaleuna.com" claiming to be* *MailScanner has detected definite > fraud in the website at "t.signaleuna.com". Do /not/ trust this > website:* *MailScanner has detected definite fraud in the website at > "t.signaleuna.com". Do /not/ trust this website:* > http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Fnew.livestream.com%2Faccounts%2F5061819&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c>! > > > > > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > > > > > > > Follow *@AlexNeuman > > > <*MailScanner has detected a possible fraud attempt from > "t.signaleuna.com" claiming to be* *MailScanner has detected definite > fraud in the website at "t.signaleuna.com". Do /not/ trust this > website:* *MailScanner has detected definite fraud in the website at > "t.signaleuna.com". Do /not/ trust this website:* > http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ftwitter.com%2Falexneuman&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c>* > on > > > Twitter > > > Like Vida Digital > > > <*MailScanner has detected a possible fraud attempt from > "t.signaleuna.com" claiming to be* *MailScanner has detected definite > fraud in the website at "t.signaleuna.com". Do /not/ trust this > website:* *MailScanner has detected definite fraud in the website at > "t.signaleuna.com". Do /not/ trust this website:* > http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ffacebook.com%2Fvidadigital%2F&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c> > on > > > Facebook > > > > > > Follow VidaDigital > > > <*MailScanner has detected a possible fraud attempt from > "t.signaleuna.com" claiming to be* *MailScanner has detected definite > fraud in the website at "t.signaleuna.com". Do /not/ trust this > website:* *MailScanner has detected definite fraud in the website at > "t.signaleuna.com". Do /not/ trust this website:* > http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Finstagram.com%2Fvidadigital&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c> > on > > > Instagram > > > > > > Subscribe to Vida Digital > > > <*MailScanner has detected a possible fraud attempt from > "t.signaleuna.com" claiming to be* *MailScanner has detected definite > fraud in the website at "t.signaleuna.com". Do /not/ trust this > website:* *MailScanner has detected definite fraud in the website at > "t.signaleuna.com". Do /not/ trust this website:* > http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Fyoutube.com%2Freliantpty&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c> > on > > > Youtube > > > > > > On Mon, Apr 6, 2015 at 11:57 AM, Jerry Benton > > > >> > > > wrote: > > > > > > “... until you figure out which one is stopping or corrupting the > PDF.” > > > > > > I saw it. Still applies. > > > > > > > > > - > > > > > > Jerry Benton > > > > > > www.mailborder.com > > > > > > > On Apr 6, 2015, at 12:55 PM, Alex Neuman > > > >> > wrote: > > > > > > I believe he mentioned the PDF's are being corrupted, not > stopped. > > > > > > > > > > > > *Alex Neuman van der Hans* > > > Reliant Technologies / Vida Digital > > > http://vidadigital.com.pa/ > > > > > > Mobile: +507 6781-9505 > > > Work: *MailScanner has detected a possible fraud attempt from > > > "+5078326725" claiming to be* +507 832-6725 <*MailScanner has > detected a possible fraud attempt from "+5078326725" claiming to be* > http://+5078326725/> > > > Work (USA): +1 (440) 253-9789 > > > > > > Skype: AlexNeuman > > > > > > > > > Don't miss Vida Digital on LiveStream > > > <*MailScanner has detected a possible fraud attempt from > "t.signaleuna.com" claiming to be* *MailScanner has detected definite > fraud in the website at "t.signaleuna.com". Do /not/ trust this > website:* *MailScanner has detected definite fraud in the website at > "t.signaleuna.com". Do /not/ trust this website:* > http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Fnew.livestream.com%2Faccounts%2F5061819&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23>! > > > > > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > > > > > > > Follow *@AlexNeuman > > > <*MailScanner has detected a possible fraud attempt from > "t.signaleuna.com" claiming to be* *MailScanner has detected definite > fraud in the website at "t.signaleuna.com". Do /not/ trust this > website:* *MailScanner has detected definite fraud in the website at > "t.signaleuna.com". Do /not/ trust this website:* > http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ftwitter.com%2Falexneuman&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23>* > on > > > Twitter > > > Like Vida Digital > > > <*MailScanner has detected a possible fraud attempt from > "t.signaleuna.com" claiming to be* *MailScanner has detected definite > fraud in the website at "t.signaleuna.com". Do /not/ trust this > website:* *MailScanner has detected definite fraud in the website at > "t.signaleuna.com". Do /not/ trust this website:* > http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ffacebook.com%2Fvidadigital%2F&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23> > on > > > Facebook > > > > > > Follow VidaDigital > > > <*MailScanner has detected a possible fraud attempt from > "t.signaleuna.com" claiming to be* *MailScanner has detected definite > fraud in the website at "t.signaleuna.com". Do /not/ trust this > website:* *MailScanner has detected definite fraud in the website at > "t.signaleuna.com". Do /not/ trust this website:* > http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Finstagram.com%2Fvidadigital&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23> > on > > > Instagram > > > > > > Subscribe to Vida Digital > > > <*MailScanner has detected a possible fraud attempt from > "t.signaleuna.com" claiming to be* *MailScanner has detected definite > fraud in the website at "t.signaleuna.com". Do /not/ trust this > website:* *MailScanner has detected definite fraud in the website at > "t.signaleuna.com". Do /not/ trust this website:* > http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Fyoutube.com%2Freliantpty&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23> > on > > > Youtube > > > > > > On Mon, Apr 6, 2015 at 11:29 AM, Jerry Benton > > > > > > wrote: > > > > > > The PDF probably has a disallowed MIME type in the document. > > > Edit your MIME types config file in /etc/MailScanner and allow > > > all MIME types. Resend the email and see if it gets through. If > > > it does, enable each MIME type until you figure out which one is > > > stopping or corrupting the PDF. Note that there is a problem > > > with the current Linux “file” command that has been causing > > > problems with a lot of applications. > > > > > > This may or may not be your problem, but of the customers I have > > > dealt with at Mailborder complaining of this issue, this is > > > often the problem. > > > > > > > > > - > > > > > > Jerry Benton > > > > > > www.mailborder.com > > > > > > > On Apr 6, 2015, at 12:04 PM, Mohammed Ejaz > > > >> wrote: > > > > > > Thanks a lot sorry to disturb you, I called during your > > > meeting. As I was unaware about it. > > > > > > *_This is what all I have for Tnef settings in my > > > mailscanner. _*Does Any modification required ??? Please > > > advice. > > > > > > Again thank you for your time. > > > > > > *__* > > > > > > *__* > > > > > > Expand TNEF attachments using an external program (or a Perl > > > module)? > > > > > > # within the TNEF attachment will not be checked against the > > > filename rules. > > > > > > Expand TNEF = no > > > > > > # When the TNEF (winmail.dat) attachments are expanded, > > > should the > > > > > > # in "Outlook Rich Text Format" (TNEF) will be able to read > > > the attachments > > > > > > # no => Leave winmail.dat TNEF attachments alone. > > > > > > # TNEF messages being doubled in size. > > > > > > # replace => Replace the winmail.dat TNEF attachment with > > > the files it > > > > > > Use TNEF Contents = replace > > > > > > # We are working on a replacement for the TNEF decoder. > > > > > > Deliver Unparsable TNEF = yes > > > > > > # Where the MS-TNEF expander is installed. > > > > > > # the external TNEF expander binary, > > > > > > # may be. It helps protect against Denial Of Service attacks > > > in TNEF files. > > > > > > #TNEF Expander = internal > > > > > > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > > > > > > # The maximum length of time the TNEF Expander is allowed to > > > run for 1 message. > > > > > > TNEF Timeout = 120 > > > > > > # maybe TNEF files to not be archives as they are really > > > just another way > > > > > > # tnef -- "winmail.dat" files created by Microsoft > > > Exchange or Outlook > > > > > > I believe Mailborder and FSL systems provide official > support. > > > > > > Do you have any contacts email/phone numbers > > > > > > Ejaz > > > > > > *From:* MailScanner > > > [mailto:mailscanner-bounces at lists.mailscanner.info] *On > > > Behalf Of *Alex Neuman > > > *Sent:* Monday, April 06, 2015 6:43 PM > > > *To:* MailScanner discussion > > > *Subject:* RE: PDF-Corruption > > > > > > I believe Mailborder and FSL systems provide official > support. > > > > > > Try modifying your TNEF decoder settings in MailScanner.conf. > > > > > > On Apr 6, 2015 9:36 AM, "Mohammed Ejaz" > > > >> wrote: > > > > > > Thanks, > > > > > > I cannot ask the customer as so many of them are complaining > > > for the same, I can make any exception from my side from > > > the MailScanner configuration. > > > > > > Is there any officially support for mailscanner?? As I > > > wanted to subscribe it. > > > > > > Ejaz > > > > > > *From:* MailScanner > > > [mailto:mailscanner-bounces at lists.mailscanner.info > > > ] *On > > > Behalf Of *Alex Neuman > > > *Sent:* Monday, April 06, 2015 5:25 PM > > > *To:* MailScanner Discussion > > > *Subject:* Re: PDF-Corruption > > > > > > Do an MD5SUM of the PDF file before and after processing. > > > > > > Also, ask the originator NOT to use TNEF encoding (Rich Text > > > Format). > > > > > > Web Bug from > > > > > > *MailScanner has detected a possible fraud attempt from > "t.signaleuna.com" claiming to be* *MailScanner has detected definite > fraud in the website at "t.signaleuna.com". Do /not/ trust this > website:* *MailScanner has detected definite fraud in the website at > "t.signaleuna.com". Do /not/ trust this website:* > http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v > > > 5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=8f4 > > > 1d298-9289-4b2f-8696-168d37d56000 > > > > > > > > > > > > *Alex Neuman van der Hans* > > > Reliant Technologies / Vida Digital > > > http://vidadigital.com.pa/ > > > > > > Mobile: +507 6781-9505 > > > Work: *MailScanner has detected a possible fraud attempt > > > from "+5078326725" claiming to be* +507 832-6725 > > > <*MailScanner has detected a possible fraud attempt from > "+5078326725" claiming to be* http://+5078326725/> > > > Work (USA): +1 (440) 253-9789 > > > > > > > > > Skype: AlexNeuman > > > > > > > > > Don't miss Vida Digital on LiveStream > > > <*MailScanner has detected a possible fraud attempt from > "t.signaleuna.com" claiming to be* *MailScanner has detected definite > fraud in the website at "t.signaleuna.com". Do /not/ trust this > website:* *MailScanner has detected definite fraud in the website at > "t.signaleuna.com". Do /not/ trust this website:* > http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Fnew.livestream.com%2Faccounts%2F5061819&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000>! > > > > > > Saturdays 8am-10am on Máxima 91.7FM Panama > > > > > > > > > Follow *@AlexNeuman > > > <*MailScanner has detected a possible fraud attempt from > "t.signaleuna.com" claiming to be* *MailScanner has detected definite > fraud in the website at "t.signaleuna.com". Do /not/ trust this > website:* *MailScanner has detected definite fraud in the website at > "t.signaleuna.com". Do /not/ trust this website:* > http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ftwitter.com%2Falexneuman&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000>* > on > > > Twitter > > > Like Vida Digital > > > <*MailScanner has detected a possible fraud attempt from > "t.signaleuna.com" claiming to be* *MailScanner has detected definite > fraud in the website at "t.signaleuna.com". Do /not/ trust this > website:* *MailScanner has detected definite fraud in the website at > "t.signaleuna.com". Do /not/ trust this website:* > http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ffacebook.com%2Fvidadigital%2F&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000> > on > > > Facebook > > > > > > Follow VidaDigital > > > <*MailScanner has detected a possible fraud attempt from > "t.signaleuna.com" claiming to be* *MailScanner has detected definite > fraud in the website at "t.signaleuna.com". Do /not/ trust this > website:* *MailScanner has detected definite fraud in the website at > "t.signaleuna.com". Do /not/ trust this website:* > http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Finstagram.com%2Fvidadigital&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000> > on > > > Instagram > > > > > > Subscribe to Vida Digital > > > <*MailScanner has detected a possible fraud attempt from > "t.signaleuna.com" claiming to be* *MailScanner has detected definite > fraud in the website at "t.signaleuna.com". Do /not/ trust this > website:* *MailScanner has detected definite fraud in the website at > "t.signaleuna.com". Do /not/ trust this website:* > http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Fyoutube.com%2Freliantpty&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000> > on > > > Youtube > > > > > > On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz > > > >> wrote: > > > > > > Hello. > > > > > > One of my user keep complaining that he is unable to > > > receive the PDF attachment properly, they are getting > > > corrupted. But when I check my logs it doesn’t show any > > > problem. Now my concern is how to justify the customer the > > > problem is from his side or from my MailScanner. Please > > > advice. Thanks for your usual co-operation. > > > > > > *_Below are the logs for the corrupted attachement/message > > > _* > > > > > > Apr 6 15:27:08 nmersal MailScanner[23116]: Message > > > C98395DF459.A2E18 from 150.70.237.8 > > > (eyad.nashed at natcom.com.sa > > > ) to unitedgroup.com.sa > > > is too big for spam checks > > > (497744 > 150000 bytes) > > > > > > Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue: > > > C98395DF459.A2E18 to 555C55DF544 > > > > > > Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message > > > C98395DF459.A2E18 to SQL > > > > > > Apr 6 15:27:08 nmersal MailScanner[24178]: > > > C98395DF459.A2E18: Logged to MailWatch SQL > > > > > > *_Mail watch screen shot for the same message. _* > > > > > > *Received on:* > > > > > > > > > > > > 06/04/15 15:27:08 > > > > > > *Received by:* > > > > > > > > > > > > nmersal.cyberia.net.sa > > > > > > *Received from:* > > > > > > > > > > > > 150.70.237.8 > > > > > > > > > > > > [Add to Whitelist > > > > > | > > > Add to Blacklist > > > > > > > > > &from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader > > > > @unitedgroup.com.sa&type=h&list=b>] > > > > > > *Received Via:* > > > > > > > > > > > > *IP Address* > > > > > > > > > > > > *Hostname* > > > > > > > > > > > > *Country* > > > > > > > > > > > > *RBL* > > > > > > > > > > > > *Spam* > > > > > > > > > > > > *Virus* > > > > > > > > > > > > *All* > > > > > > 150.70.237.8 > > > > > > > > > > > > rout01.hes.trendmicro.eu > > > > > > > > > > > > > > > (GeoIP Lookup Failed) > > > > > > > > > > > > > > > [ > > 8>] > > > > > > > > > > > > > > > [ > > lay=150.70.237.8&isspam=1>] > > > > > > > > > > > > > > > [ > > lay=150.70.237.8&isvirus=1>] > > > > > > > > > > > > > > > [ > > lay=150.70.237.8>] > > > > > > 10.36.162.83 > > > > > > > > > > > > (Reverse Lookup Failed) > > > > > > > > > > > > (GeoIP Lookup Failed) > > > > > > > > > > > > > > > [ > > 3>] > > > > > > > > > > > > > > > [ > > lay=10.36.162.83&isspam=1>] > > > > > > > > > > > > > > > [ > > lay=10.36.162.83&isvirus=1>] > > > > > > > > > > > > > > > [ > > lay=10.36.162.83>] > > > > > > 89.237.187.138 > > > > > > > > > > > > SJV-EXHC1.natcom.com.sa > > > > > > > > > > > > (GeoIP Lookup Failed) > > > > > > > > > > > > > > > [ > > 138>] > > > > > > > > > > > > > > > [ > > lay=89.237.187.138&isspam=1>] > > > > > > > > > > > > > > > [ > > lay=89.237.187.138&isvirus=1>] > > > > > > > > > > > > > > > [ > > lay=89.237.187.138>] > > > > > > 172.16.200.106 > > > > > > > > > > > > (Reverse Lookup Failed) > > > > > > > > > > > > (GeoIP Lookup Failed) > > > > > > > > > > > > > > > [ > > 106>] > > > > > > > > > > > > > > > [ > > lay=172.16.200.106&isspam=1>] > > > > > > > > > > > > > > > [ > > lay=172.16.200.106&isvirus=1>] > > > > > > > > > > > > > > > [ > > lay=172.16.200.106>] > > > > > > 172.16.200.105 > > > > > > > > > > > > (Reverse Lookup Failed) > > > > > > > > > > > > (GeoIP Lookup Failed) > > > > > > > > > > > > > > > [ > > 105>] > > > > > > > > > > > > > > > [ > > lay=172.16.200.105&isspam=1>] > > > > > > > > > > > > > > > [ > > lay=172.16.200.105&isvirus=1>] > > > > > > > > > > > > > > > [ > > lay=172.16.200.105>] > > > > > > 94.96.34.151 > > > > > > > > > > > > (Reverse Lookup Failed) > > > > > > > > > > > > (GeoIP Lookup Failed) > > > > > > > > > > > > > > > [ > > 1>] > > > > > > > > > > > > > > > [ > > lay=94.96.34.151&isspam=1>] > > > > > > > > > > > > > > > [ > > lay=94.96.34.151&isvirus=1>] > > > > > > > > > > > > > > > [ > > lay=94.96.34.151>] > > > > > > *ID:* > > > > > > > > > > > > C98395DF459.A2E18 > > > > > > *Message Headers:* > > > > > > > > > > > > Received: from rout01.hes.trendmicro.eu > > > (rout01.hes.trendmicro.eu > > > [150.70.237.8]) > > > by nmersal.cyberia.net.sa > > > (Postfix) with ESMTP id > > > C98395DF459; > > > Mon, 6 Apr 2015 15:27:04 +0300 (AST) > > > Received: from outmta.starcloud.com > > > (unknown [10.36.162.83]) > > > by rout01.hes.trendmicro.eu > > > (Postfix) with SMTP id > > > A01EA740040; > > > Mon, 6 Apr 2015 12:24:17 +0000 (UTC) > > > Received: from SJV-EXHC1.natcom.com.sa > > > (unknown [89.237.187.138]) > > > by relay03.hes.trendmicro.eu > > > (Postfix) with ESMTPS id > > > 0CADD108003B; > > > Mon, 6 Apr 2015 12:24:13 +0000 (UTC) > > > Received: from SJV-EXMB1.natcom.com.sa > > > ([172.16.200.106]) by > > > SJV-EXHC1.natcom.com.sa > > > ([172.16.200.105]) with > > > mapi id 14.03.0174.001; Mon, > > > 6 Apr 2015 15:24:12 +0300 > > > From: Eyad Nashed > > > > > > To: Charbel Abi Nader > > > > > > CC: Mustafa Khan > > >, Hekmat Qassem > > > >> > > > Subject: RE: Cisco Access Point Quotation > > > Thread-Topic: Cisco Access Point Quotation > > > Thread-Index: > > > AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw > > > Date: Mon, 6 Apr 2015 12:24:11 +0000 > > > Message-ID: > > > > > > > > > > > References: > > > > <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > > > > > > > > In-Reply-To: > > > > <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa > > > > > > > > Accept-Language: en-US > > > Content-Language: en-US > > > X-MS-Has-Attach: yes > > > X-MS-TNEF-Correlator: > > > x-originating-ip: [94.96.34.151] > > > Content-Type: multipart/mixed; > > > > > > > boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_" > > > MIME-Version: 1.0 > > > X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007 > > > X-TMASE-Result: 10--28.541000-7.000000 > > > X-TMASE-MatchedRID: > > > OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ > > > > > > > > > G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgE > > > ve5PR > > > > > > > > > Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClR > > > wk/W3 > > > > > > > > > 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRx > > > YRCMk > > > > > > > > > pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9 > > > jTVgr > > > > > > > > > vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHC > > > e0E4q > > > > > > > > > Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhe > > > Pwhb7 > > > > > > > > > LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54Lbx > > > FLzYP > > > > > > > > > EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YR > > > Hfthv > > > > > > > > > /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCx > > > GdJ4e > > > > > > > > > SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTND > > > UDi9i > > > > > > > > > 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/g > > > T2zXY > > > > > > > a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso > > > 7pnCj3Td6w7ozQLgmIj9pQ1oyg== > > > > > > *From:* > > > > > > > > > > > > eyad.nashed at natcom.com.sa > > > > > > > > > > > > > > > [Add to Whitelist > > > > > | > > > Add to Blacklist > > > > > > > > > &from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader > > > > @unitedgroup.com.sa&type=f&list=b>] > > > > > > *To:* > > > > > > > > > > > > makhan at unitedgroup.com.sa > > > > cabinader at unitedgroup.com.sa > > > > > > > > > *Subject:* > > > > > > > > > > > > RE: Cisco Access Point Quotation > > > > > > *Size:* > > > > > > > > > > > > 486.1Kb > > > > > > *Anti-Virus/Dangerous Content Protection* > > > > > > *Virus:* > > > > > > > > > > > > * N * > > > > > > *Blocked File:* > > > > > > > > > > > > * N * > > > > > > *Other Infection:* > > > > > > > > > > > > * N * > > > > > > *SpamAssassin* > > > > > > *Spam:* > > > > > > > > > > > > * N * Action(s): deliver, header, "X-Spam-Status:, No" > > > > > > *High Scoring Spam:* > > > > > > > > > > > > * N * > > > > > > *SpamAssassin Spam:* > > > > > > > > > > > > * N * > > > > > > *Listed in RBL:* > > > > > > > > > > > > * N * > > > > > > *Spam Whitelisted:* > > > > > > > > > > > > * N * > > > > > > *Spam Blacklisted:* > > > > > > > > > > > > * N * > > > > > > *SpamAssassin Autolearn:* > > > > > > > > > > > > * N * > > > > > > *SpamAssassin Score:* > > > > > > > > > > > > 0.00 > > > > > > *Spam Report:* > > > > > > > > > > > > *Score* > > > > > > > > > > > > *Matching Rule* > > > > > > > > > > > > *Description* > > > > > > large > > > > > > > > > > > > too > > > > > > > > > > > > *Message Content Protection (MCP)* > > > > > > *MCP:* > > > > > > > > > > > > * N * > > > > > > *High Scoring MCP:* > > > > > > > > > > > > * N * > > > > > > *SpamAssassin MCP:* > > > > > > > > > > > > * N * > > > > > > *MCP Whitelisted:* > > > > > > > > > > > > * N * > > > > > > *MCP Blacklisted:* > > > > > > > > > > > > * N * > > > > > > Regards > > > > > > Ejaz > > > > > > > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner at lists.mailscanner.info > > > > > > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner at lists.mailscanner.info > > > > > > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner at lists.mailscanner.info > > > > > > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner at lists.mailscanner.info > > > > > > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner at lists.mailscanner.info > > > > > > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner at lists.mailscanner.info > > > > > > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner at lists.mailscanner.info > > > > > > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > > > > > > > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > > http://lists.mailscanner.info/listinfo/mailscanner > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > > > -- > This message has been scanned for viruses and > dangerous content by *Trusted Management Limited* > , and is > believed to be clean. > > > > > From jerry.benton at mailborder.com Wed Apr 8 10:16:50 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Wed, 8 Apr 2015 06:16:50 -0400 Subject: update_bad_phishing_emails In-Reply-To: References: Message-ID: Paul, I don’t have access to the server for the phishing emails. Jules signed an NDA for the technology used. All of the DNS records prior to the transfer are still in place. That script uses cdn.mailscanner.info, but is also uses a subdomain of bastionmail.com, which I have no control over. At some point I can look into it, but as of right now I need to start focusing on Mailborder. I spent the last 3 months working exclusively on MailScanner, but I am 100% dependent on Mailborder for my income, so I need to get back to developing the next version of Mailborder and working on getting some more clients. If someone else on this list has some insight and knows more about this, feel free to step forward. I will also send Jules an email to see if he can pass some info to me regarding this service. - Jerry Benton www.mailborder.com > On Apr 8, 2015, at 5:49 AM, Paul Overton wrote: > > Jerry, > > First of all, many thanks for providing a new site and support services for MailScanner. I was an early adopter and have been using it ever since. > > I have updated one of my servers to run your latest version of MS and found that many of the essential elements have indeed been updated. However I note that the binary “update_bad_phishing_emails” is the original version from 2 years ago, and is broken due to lack of support over the past years. (Domain pointers missing etc). > > I had had a solution running for much of that time, but your latest changes to the support web sites now prevent this file from updating. > > Have you re-crested the necessary back end support for the above file? And if so what changed do we need to make to re-enable this function? > > Regards & Thanks > > -- > Paul Overton > > -- > This message has been scanned for viruses and > dangerous content by Trusted Management Limited , and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul at welshfamily.com Wed Apr 8 19:53:33 2015 From: paul at welshfamily.com (Paul Welsh) Date: Wed, 8 Apr 2015 20:53:33 +0100 Subject: Digest mode Message-ID: Not urgent but I am not sure the digest mode for this list is working correctly. In the space of 50 minutes between 10.22 am and 11.10 am BST I received MailScanner Digest, Vol 112, Issue 20 - 24. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Wed Apr 8 20:37:57 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Wed, 8 Apr 2015 16:37:57 -0400 Subject: Digest mode In-Reply-To: References: Message-ID: <01064E06-D91D-4852-B51D-C48E031367C5@mailborder.com> The cron does digests at noon UTC. - Jerry Benton www.mailborder.com > On Apr 8, 2015, at 3:53 PM, Paul Welsh wrote: > > Not urgent but I am not sure the digest mode for this list is working correctly. In the space of 50 minutes between 10.22 am and 11.10 am BST I received MailScanner Digest, Vol 112, Issue 20 - 24. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From niall at hosiene.co.uk Wed Apr 8 22:10:25 2015 From: niall at hosiene.co.uk (niall at hosiene.co.uk) Date: Wed, 8 Apr 2015 22:10:25 -0000 Subject: Digest mode In-Reply-To: <01064E06-D91D-4852-B51D-C48E031367C5@mailborder.com> References: <01064E06-D91D-4852-B51D-C48E031367C5@mailborder.com> Message-ID: <22ae1dfe5f7f7557a9ed811801f9777b.squirrel@mailserver.hosiene.co.uk> ...but noon UTC is 13:00 BST. Not 11:00 BST. > The cron does digests at noon UTC. > > - > Jerry Benton > www.mailborder.com > > > >> On Apr 8, 2015, at 3:53 PM, Paul Welsh wrote: >> >> Not urgent but I am not sure the digest mode for this list is working >> correctly. In the space of 50 minutes between 10.22 am and 11.10 am BST >> I received MailScanner Digest, Vol 112, Issue 20 - 24. >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From niall at hosiene.co.uk Wed Apr 8 22:10:35 2015 From: niall at hosiene.co.uk (niall at hosiene.co.uk) Date: Wed, 8 Apr 2015 22:10:35 -0000 Subject: Digest mode In-Reply-To: <01064E06-D91D-4852-B51D-C48E031367C5@mailborder.com> References: <01064E06-D91D-4852-B51D-C48E031367C5@mailborder.com> Message-ID: <225f3d82a35474c21397f561367de73e.squirrel@mailserver.hosiene.co.uk> ...but noon UTC is 13:00 BST. Not 11:00 BST. > The cron does digests at noon UTC. > > - > Jerry Benton > www.mailborder.com > > > >> On Apr 8, 2015, at 3:53 PM, Paul Welsh wrote: >> >> Not urgent but I am not sure the digest mode for this list is working >> correctly. In the space of 50 minutes between 10.22 am and 11.10 am BST >> I received MailScanner Digest, Vol 112, Issue 20 - 24. >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jerry.benton at mailborder.com Wed Apr 8 22:16:29 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Wed, 8 Apr 2015 18:16:29 -0400 Subject: Digest mode In-Reply-To: <225f3d82a35474c21397f561367de73e.squirrel@mailserver.hosiene.co.uk> References: <01064E06-D91D-4852-B51D-C48E031367C5@mailborder.com> <225f3d82a35474c21397f561367de73e.squirrel@mailserver.hosiene.co.uk> Message-ID: <808923EF-C268-46FD-8016-C7AD3CDFFCED@mailborder.com> I’ll let Mark answer since he is the mailman expert. I am not sure what the problem is other than the time the email was received. - Jerry Benton www.mailborder.com > On Apr 8, 2015, at 6:10 PM, niall at hosiene.co.uk wrote: > > ...but noon UTC is 13:00 BST. Not 11:00 BST. >> The cron does digests at noon UTC. >> >> - >> Jerry Benton >> www.mailborder.com >> >> >> >>> On Apr 8, 2015, at 3:53 PM, Paul Welsh wrote: >>> >>> Not urgent but I am not sure the digest mode for this list is working >>> correctly. In the space of 50 minutes between 10.22 am and 11.10 am BST >>> I received MailScanner Digest, Vol 112, Issue 20 - 24. >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/listinfo/mailscanner >>> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> >> > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From mark at msapiro.net Thu Apr 9 00:01:03 2015 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 08 Apr 2015 17:01:03 -0700 Subject: Digest mode In-Reply-To: References: Message-ID: <5525C13F.8060209@msapiro.net> On 04/08/2015 12:53 PM, Paul Welsh wrote: > Not urgent but I am not sure the digest mode for this list is working > correctly. In the space of 50 minutes between 10.22 am and 11.10 am BST > I received MailScanner Digest, Vol 112, Issue 20 - 24. I don't have time right now to research this further, but here's what I think is happening. The list is configured to send digests daily at noon (server time = UTC). In addition it is configured to send a digest whenever the accummulated size of the mbox which will go in the next digest is >= 100KB. There have been some recent threads with posts consisting of a top-posted reply followed by a long quote of the entire branch of that thread. These kinds of posts tend to grow to the point where a few or even one of them will trigger a digest on size. The real solution is to teach people better posting habits, but trust me, I've fought and lost that battle and it can't be won short of moderating all posts and rejecting those that quote excessively. The remaining options are to set the size trigger larger or unlimited or just live with it. If people wish to offer opinions on which of the options in the previous paragraph to take, please do. Please do not start a thread on top/bottom/inline posting style or excessive quoting; it's a waste of bandwidth and with very limited exception, doesn't change anyone's mind or affect behavior. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From J.Ede at birchenallhowden.co.uk Thu Apr 9 08:13:13 2015 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Thu, 9 Apr 2015 08:13:13 +0000 Subject: v4.85.2-1 Released In-Reply-To: <83994A99-D7D0-4660-81C6-AD8513B1C586@mailborder.com> References: <2E3E8650-A69B-4DCE-AD18-B38B7864D801@mailborder.com> <551B14C2.8050303@yoopermail.us> <83994A99-D7D0-4660-81C6-AD8513B1C586@mailborder.com> Message-ID: Jerry, For info on Centos 6.6 I've had to manually install the following optional modules manually... Could the installer try and do them, but not complain if can't install? perl-IO-String perl-Data-Dump perl-Test-Manifest perl-Net-DNS-Resolver-Programmable Jason -----Original Message----- From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 31 March 2015 23:19 To: MailScanner discussion Subject: Re: v4.85.2-1 Released That install script does not move your freshclam.conf file around. It just installs the software. Your OS platform decides where it wants to put the file. The installer was tested on Ubuntu, so that may be where the problem comes from. Either, it doesn’t matter as the install script simply uncomments a line called “Example” if it exists so that freshclam will work. You can ignore the error. - Jerry Benton www.mailborder.com > On Mar 31, 2015, at 5:42 PM, Patrick Goupell wrote: > > > > On 03/29/2015 07:28 AM, Jerry Benton wrote: >> Ok, I made some minor updates based on feedback from testers. The new packages are now available on the MailScanner website. Jules and I are in the process of transferring mailscanner.info domain to my registrar. Once that is completed and I finish up the latest Mailborder development project I am working on I will create a new website for MailScanner and a new mailman server that should remove these big delays we have been seeing. >> >> Thanks to everyone that tested the packages and pointed out areas of improvement. >> >> > While testing the install of the mailscanner debian package (on > wheezy) I get a message about a missing file: > Install mesage stream follows: > > MailScanner-4.85.2-1/ > MailScanner-4.85.2-1/ChangeLog > MailScanner-4.85.2-1/mailscanner-4.85.2-1-noarch.deb > MailScanner-4.85.2-1/install.sh > MailScanner-4.85.2-1/README > MailScanner-4.85.2-1/UPGRADE > MailScanner-4.85.2-1/COPYING > MailScanner Installation for Debian Based Systems > > This will INSTALL or UPGRADE the required software for MailScanner on > Debian based systems via the Apt package manager. Supported > distributions are Debian 6,7 and associated variants such as Ubuntu. > Internet connectivity is required for this installation script to > execute. > > ... install messages > ... then this > Installing tnef, Clam AV (if elected), and Spamassassin (if elected) > via apt ... > .. download messages > ... install messages > ... then this > Setting up libclamav-client-perl (0.11-2) ... > Can't open /etc/freshclam.conf: No such file or directory. > > After the package install finishes I find the freshclam.conf file in > /etc/clamav not in /etc itself. > > Do I need to adjust something on my end or will this fix itself later > in the install process? > > > -- > Patrick Goupell > > Are you free? Find out at http://www.sedm.org/ Income taxes? Find > out at http://www.whatistaxed.com > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From J.Ede at birchenallhowden.co.uk Thu Apr 9 08:22:23 2015 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Thu, 9 Apr 2015 08:22:23 +0000 Subject: Taint issues on 4.85.2-1 Message-ID: Installed this version on my development environment on Centos 6.6 and then run debug and I get a load of taint errors MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) pyzor: check failed: internal error, python traceback seen in response Building a message batch to scan... Have a batch of 10 messages. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Checked and /usr/sbin/MailScanner has the -U switch in it so it shouldn't have this issue... Suggestions? Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Thu Apr 9 09:43:03 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Thu, 9 Apr 2015 05:43:03 -0400 Subject: v4.85.2-1 Released In-Reply-To: References: <2E3E8650-A69B-4DCE-AD18-B38B7864D801@mailborder.com> <551B14C2.8050303@yoopermail.us> <83994A99-D7D0-4660-81C6-AD8513B1C586@mailborder.com> Message-ID: It does try to install them and logs the info if it can’t. I modified the installer script a bit with your feedback. - Jerry Benton www.mailborder.com > On Apr 9, 2015, at 4:13 AM, Jason Ede wrote: > > perl-Net-DNS-Resolver-Programmable From t.sovandara at gmail.com Sun Apr 12 01:13:31 2015 From: t.sovandara at gmail.com (t dara) Date: Sun, 12 Apr 2015 08:13:31 +0700 Subject: Mailscanner use a lots of RAM Message-ID: Dear All, After I install mailscanner new version(v4.85.2-1), I notice RAM usage so high. when I stop mailscanner service, RAM come back to normal. Please see attachment file as your reference. Thanks, Sovandara -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: mailscanner.PNG Type: image/png Size: 119653 bytes Desc: not available URL: From jerry.benton at mailborder.com Sun Apr 12 01:31:58 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Sat, 11 Apr 2015 21:31:58 -0400 Subject: Mailscanner use a lots of RAM In-Reply-To: References: Message-ID: <5BF57C8E-1B70-4D12-A97D-CDB923CC052A@mailborder.com> Please read how Linux uses RAM. - Jerry Benton www.mailborder.com Sent from my iPhone > On Apr 11, 2015, at 21:13, t dara wrote: > > Dear All, > > After I install mailscanner new version(v4.85.2-1), I notice RAM usage so high. > when I stop mailscanner service, RAM come back to normal. Please see attachment file as your reference. > > Thanks, > Sovandara > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From alex at vidadigital.com.pa Sun Apr 12 01:50:58 2015 From: alex at vidadigital.com.pa (Alex Neuman) Date: Sat, 11 Apr 2015 20:50:58 -0500 Subject: Mailscanner use a lots of RAM In-Reply-To: <5BF57C8E-1B70-4D12-A97D-CDB923CC052A@mailborder.com> References: <5BF57C8E-1B70-4D12-A97D-CDB923CC052A@mailborder.com> Message-ID: Agreed. http://www.linuxatemyram.com/ *Alex Neuman van der Hans* Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507 6781-9505 Work: +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream ! Saturdays 8am-10am on Máxima 91.7FM Panama Follow *@AlexNeuman * on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Sat, Apr 11, 2015 at 8:31 PM, Jerry Benton wrote: > Please read how Linux uses RAM. > > - > Jerry Benton > www.mailborder.com > Sent from my iPhone > > > On Apr 11, 2015, at 21:13, t dara wrote: > > > > Dear All, > > > > After I install mailscanner new version(v4.85.2-1), I notice RAM usage > so high. > > when I stop mailscanner service, RAM come back to normal. Please see > attachment file as your reference. > > > > Thanks, > > Sovandara > > > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From barryc at rjlsystems.com Sun Apr 12 14:28:55 2015 From: barryc at rjlsystems.com (Barry Callahan) Date: Sun, 12 Apr 2015 10:28:55 -0400 Subject: {Disarmed} Re: Mailscanner use a lots of RAM In-Reply-To: References: <5BF57C8E-1B70-4D12-A97D-CDB923CC052A@mailborder.com> Message-ID: <552A8127.3050804@rjlsystems.com> On 4/11/2015 9:50 PM, Alex Neuman wrote: > Agreed. > > http://www.linuxatemyram.com/ > > Web Bug from > http://t.signauxneuf.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=ac6a6638-f82d-4214-e1d0-f6c2d70ad7b1 Except that, unless I've been misinterpreting the output of top for all these years, the buffers column of the output reflects how many K of memory are used as buffers -- ie: how much of "used" memory is really "available". BTW: The top-reported buffers and the amount of buffered memory being reported by `free -m` correlate with each-other. (and from the "mailscanner running" clipping to the "mailscanner stopped" one, the amount of memory allocated to buffers actually went UP.) And 1.5GB difference in memory utilization can seem pretty alarming. But what we don't know based on looking at difference, is: What was mailscanner doing when it was running, and what else was running / occupying memory that ALSO stopped before taking the second snap. Looking at the top five lines of top's output gives you an overview of what's going on, but you REALLY need to look at the detail area to point any fingers. (NOTE: you can change the columns being displayed, and how you sort by hitting 'f' -- see the man page)(NOTE #2: If you add columns to top's display, you may have to make your window wider or scroll left and right in order to be able to see them.) On my system with 2GB of RAM, sitting mostly idle, after 8.5 days of uptime: The master mailscanner process has 676kB resident in memory and 33.7MB in swap. Each of 3 mailscanner child processes has ~100MB resident and ~20MB in swap. clamd has 304MB resident and 768k in swap (I just noticed that I'm still on 4.84.6-1) Conceivably, if the OP had Mailscanner.conf set to keep 15 mailscanner processes around, that might explain the difference. -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex at vidadigital.com.pa Sun Apr 12 20:01:31 2015 From: alex at vidadigital.com.pa (Alex Neuman) Date: Sun, 12 Apr 2015 15:01:31 -0500 Subject: {Disarmed} Re: Mailscanner use a lots of RAM In-Reply-To: <552A8127.3050804@rjlsystems.com> References: <5BF57C8E-1B70-4D12-A97D-CDB923CC052A@mailborder.com> <552A8127.3050804@rjlsystems.com> Message-ID: On Sun, Apr 12, 2015 at 9:28 AM, Barry Callahan wrote: > Conceivably, if the OP had Mailscanner.conf set to keep 15 mailscanner > processes around, that might explain the difference. > The comments on MailScanner.conf say: # As a rough guide, try 5 children per CPU. But read the notes above. So the OP might have set 3 cores aside for the VM running it, and used 15 children. Still, it doesn't mean "MailScanner ate my RAM", just "used most of it as it was available", right? *Alex Neuman van der Hans* Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507 6781-9505 Work: +507 832-6725 Work (USA): +1 (440) 253-9789 Skype: AlexNeuman Don't miss Vida Digital on LiveStream ! Saturdays 8am-10am on Máxima 91.7FM Panama Follow *@AlexNeuman * on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube -------------- next part -------------- An HTML attachment was scrubbed... URL: From t.sovandara at gmail.com Mon Apr 13 02:50:20 2015 From: t.sovandara at gmail.com (t dara) Date: Mon, 13 Apr 2015 09:50:20 +0700 Subject: Mailscanner use a lots of RAM In-Reply-To: References: <5BF57C8E-1B70-4D12-A97D-CDB923CC052A@mailborder.com> Message-ID: Thanks a lot On Sun, Apr 12, 2015 at 8:50 AM, Alex Neuman wrote: > Agreed. > > http://www.linuxatemyram.com/ > > > > > *Alex Neuman van der Hans* > Reliant Technologies / Vida Digital > http://vidadigital.com.pa/ > > Mobile: +507 6781-9505 > Work: +507 832-6725 > Work (USA): +1 (440) 253-9789 > Skype: AlexNeuman > > Don't miss Vida Digital on LiveStream > > ! > Saturdays 8am-10am on Máxima 91.7FM Panama > > Follow *@AlexNeuman > * on > Twitter > Like Vida Digital > on > Facebook > Follow VidaDigital > on > Instagram > Subscribe to Vida Digital > on > Youtube > > On Sat, Apr 11, 2015 at 8:31 PM, Jerry Benton > wrote: > >> Please read how Linux uses RAM. >> >> - >> Jerry Benton >> www.mailborder.com >> Sent from my iPhone >> >> > On Apr 11, 2015, at 21:13, t dara wrote: >> > >> > Dear All, >> > >> > After I install mailscanner new version(v4.85.2-1), I notice RAM usage >> so high. >> > when I stop mailscanner service, RAM come back to normal. Please see >> attachment file as your reference. >> > >> > Thanks, >> > Sovandara >> > >> > >> > >> > -- >> > MailScanner mailing list >> > mailscanner at lists.mailscanner.info >> > http://lists.mailscanner.info/listinfo/mailscanner >> > >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Denis.Beauchemin at usherbrooke.ca Mon Apr 13 13:36:33 2015 From: Denis.Beauchemin at usherbrooke.ca (Denis Beauchemin) Date: Mon, 13 Apr 2015 13:36:33 +0000 Subject: Error in upgrade Message-ID: Hello, I just upgraded from 4.85.2-0 to 4.85.2-1 on RHEL 6.6 and got the following errors at the end of the process : Installing the MailScanner RPM ... Preparing... ################################################## mailscanner ################################################## Leaving mailscanner.cf link or file alone. SpamAssassin site rules found in /etc/mail/spamassassin To activate MailScanner run the following commands: service sendmail stop chkconfig sendmail off chkconfig MailScanner on service MailScanner start Note that you will need to replace the sendmail option above with your respective MTA. Sendmail, Postfix, Exim, etc. If you are using Clam AV, ensure that you check that the user and group specified in /usr/share/MailScanner/clamav-wrapper matches the user specified in /etc/passwd. /var/tmp/rpm-tmp.0GUhjw: line 7: syntax error near unexpected token `fi' /var/tmp/rpm-tmp.0GUhjw: line 7: `fi' warning: %postun(mailscanner-4.85.2-0.noarch) scriptlet failed, exit status 2 ClamAV update process started at Mon Apr 13 08:59:20 2015 main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) daily.cld is up to date (version: 20317, sigs: 1369028, f-level: 63, builder: neo) bytecode.cld is up to date (version: 250, sigs: 42, f-level: 63, builder: neo) Upgrading /etc/MailScanner/MailScanner.conf Your old configuration file will be saved as: /etc/MailScanner/MailScanner.conf.old.40032 Substitution pattern not terminated at -e line 1. Usage: RPM === If you are using the RPM distributions then try this: cd /etc/MailScanner upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > MailScanner.new mv -f MailScanner.conf MailScanner.old mv -f MailScanner.new MailScanner.conf TAR === If you are using the tar distribution so that the old version is in /opt/MailScanner and the new one is in /opt/MailScanner.new then: cd /opt/MailScanner.new/etc ../bin/upgrade_MailScanner_conf /opt/MailScanner/etc/MailScanner.conf /opt/MailScanner.new/etc/MailScanner.conf > MailScanner.new mv -f MailScanner.conf MailScanner.old mv -f MailScanner.new MailScanner.conf NOTE ==== To keep your old comments in your original file, add "--keep-comments" to the command line. Note that this will mean you don't get to find out any extra new values you might be able to use in existing "improved" configuration options. No .rpmnew file, so just copying your existing .conf file. ---------------------------------------------------------- Installation Complete See http://www.mailscanner.info for more information and support via the MailScanner mailing list. From jerry.benton at mailborder.com Mon Apr 13 13:56:34 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 13 Apr 2015 09:56:34 -0400 Subject: Error in upgrade In-Reply-To: References: Message-ID: <284022CE-E4E0-4B9F-B93C-4819D8EBC4D5@mailborder.com> Thanks. There might be a syntax error in the spec file in the %post section. You upgrade should be ok though. Can someone double check this for me? Fresh eyes might help. # Create the SpasAssassin sym-link to mailscanner.cf SADIR=`perl -MMail::SpamAssassin -e 'print Mail::SpamAssassin->new->first_existing_path(@Mail::SpamAssassin::site_rules_path)' 2>/dev/null` if [ "x$SADIR" = "x" ]; then echo No SpamAssassin installation found. else #mkdir -p ${RPM_BUILD_ROOT}${SADIR} if [ -e ${SADIR}/mailscanner.cf ]; then echo Leaving mailscanner.cf link or file alone. else ln -s -f /etc/MailScanner/spam.assassin.prefs.conf ${SADIR}/mailscanner.cf fi echo SpamAssassin site rules found in ${SADIR} fi # Create the incoming and quarantine dirs if needed for F in incoming quarantine incoming/Locks do if [ \! -d /var/spool/MailScanner/$F ]; then mkdir -p /var/spool/MailScanner/$F chown root.root /var/spool/MailScanner/$F chmod 0755 /var/spool/MailScanner/$F fi done - Jerry Benton www.mailborder.com > On Apr 13, 2015, at 9:36 AM, Denis Beauchemin wrote: > > Hello, > > I just upgraded from 4.85.2-0 to 4.85.2-1 on RHEL 6.6 and got the following errors at the end of the process : > Installing the MailScanner RPM ... > Preparing... ################################################## > mailscanner ################################################## > > Leaving mailscanner.cf link or file alone. > SpamAssassin site rules found in /etc/mail/spamassassin > > To activate MailScanner run the following commands: > > service sendmail stop > chkconfig sendmail off > chkconfig MailScanner on > service MailScanner start > > Note that you will need to replace the sendmail option > above with your respective MTA. Sendmail, Postfix, Exim, etc. > > If you are using Clam AV, ensure that you check that the user > and group specified in /usr/share/MailScanner/clamav-wrapper > matches the user specified in /etc/passwd. > > /var/tmp/rpm-tmp.0GUhjw: line 7: syntax error near unexpected token `fi' > /var/tmp/rpm-tmp.0GUhjw: line 7: `fi' > warning: %postun(mailscanner-4.85.2-0.noarch) scriptlet failed, exit status 2 > ClamAV update process started at Mon Apr 13 08:59:20 2015 > main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) > daily.cld is up to date (version: 20317, sigs: 1369028, f-level: 63, builder: neo) > bytecode.cld is up to date (version: 250, sigs: 42, f-level: 63, builder: neo) > Upgrading /etc/MailScanner/MailScanner.conf > > Your old configuration file will be saved as: > /etc/MailScanner/MailScanner.conf.old.40032 > > Substitution pattern not terminated at -e line 1. > Usage: > > RPM > === > If you are using the RPM distributions then try this: > > cd /etc/MailScanner > upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > MailScanner.new > mv -f MailScanner.conf MailScanner.old > mv -f MailScanner.new MailScanner.conf > > TAR > === > If you are using the tar distribution so that the old version is in > /opt/MailScanner and the new one is in /opt/MailScanner.new then: > > cd /opt/MailScanner.new/etc > ../bin/upgrade_MailScanner_conf /opt/MailScanner/etc/MailScanner.conf /opt/MailScanner.new/etc/MailScanner.conf > MailScanner.new > mv -f MailScanner.conf MailScanner.old > mv -f MailScanner.new MailScanner.conf > > NOTE > ==== > To keep your old comments in your original file, add "--keep-comments" > to the command line. Note that this will mean you don't get to find > out any extra new values you might be able to use in existing "improved" > configuration options. > > No .rpmnew file, so just copying your existing .conf file. > > ---------------------------------------------------------- > Installation Complete > > See http://www.mailscanner.info for more information and > support via the MailScanner mailing list. > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From Denis.Beauchemin at usherbrooke.ca Mon Apr 13 14:04:58 2015 From: Denis.Beauchemin at usherbrooke.ca (Denis Beauchemin) Date: Mon, 13 Apr 2015 14:04:58 +0000 Subject: Error in upgrade In-Reply-To: <284022CE-E4E0-4B9F-B93C-4819D8EBC4D5@mailborder.com> References: <284022CE-E4E0-4B9F-B93C-4819D8EBC4D5@mailborder.com> Message-ID: Jerry, The semicolon is missing on this line: for F in incoming quarantine incoming/Locks do => for F in incoming quarantine incoming/Locks; do Denis -----Message d'origine----- De : MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Jerry Benton Envoyé : 13 avril 2015 09:57 À : MailScanner Discussion Objet : Re: Error in upgrade Thanks. There might be a syntax error in the spec file in the %post section. You upgrade should be ok though. Can someone double check this for me? Fresh eyes might help. # Create the SpasAssassin sym-link to mailscanner.cf SADIR=`perl -MMail::SpamAssassin -e 'print Mail::SpamAssassin->new->first_existing_path(@Mail::SpamAssassin::site_rules_path)' 2>/dev/null` if [ "x$SADIR" = "x" ]; then echo No SpamAssassin installation found. else #mkdir -p ${RPM_BUILD_ROOT}${SADIR} if [ -e ${SADIR}/mailscanner.cf ]; then echo Leaving mailscanner.cf link or file alone. else ln -s -f /etc/MailScanner/spam.assassin.prefs.conf ${SADIR}/mailscanner.cf fi echo SpamAssassin site rules found in ${SADIR} fi # Create the incoming and quarantine dirs if needed for F in incoming quarantine incoming/Locks do if [ \! -d /var/spool/MailScanner/$F ]; then mkdir -p /var/spool/MailScanner/$F chown root.root /var/spool/MailScanner/$F chmod 0755 /var/spool/MailScanner/$F fi done - Jerry Benton www.mailborder.com From jerry.benton at mailborder.com Mon Apr 13 14:26:05 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 13 Apr 2015 10:26:05 -0400 Subject: Taint issues on 4.85.2-1 In-Reply-To: References: Message-ID: <01D63DCE-2656-4F89-ABDF-C9B12FA1F8EA@mailborder.com> I believe this is a perl-IO-File thing and not a MailScanner thing. Can you send the head of that file? First 20 lines or so. - Jerry Benton www.mailborder.com > On Apr 9, 2015, at 4:22 AM, Jason Ede wrote: > > > Installed this version on my development environment on Centos 6.6 and then run debug and I get a load of taint errors > > MailScanner --debug > > > In Debugging mode, not forking... > Trying to setlogsock(unix) > pyzor: check failed: internal error, python traceback seen in response > Building a message batch to scan... > Have a batch of 10 messages. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > > > Checked and /usr/sbin/MailScanner has the –U switch in it so it shouldn’t have this issue… Suggestions? > > Jason > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Mon Apr 13 14:34:19 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 13 Apr 2015 10:34:19 -0400 Subject: Error in upgrade In-Reply-To: References: <284022CE-E4E0-4B9F-B93C-4819D8EBC4D5@mailborder.com> Message-ID: <8DCBBE39-3199-46AC-84ED-914406EF1FAE@mailborder.com> Dennis, Thank you. The same error was in the SuSE spec file. I have rebuilt all of the packages and made v4.85.2-2 available for all platforms. - Jerry Benton www.mailborder.com > On Apr 13, 2015, at 10:04 AM, Denis Beauchemin wrote: > > Jerry, > > The semicolon is missing on this line: > for F in incoming quarantine incoming/Locks do > => for F in incoming quarantine incoming/Locks; do > > Denis > -----Message d'origine----- > De : MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Jerry Benton > Envoyé : 13 avril 2015 09:57 > À : MailScanner Discussion > Objet : Re: Error in upgrade > > Thanks. There might be a syntax error in the spec file in the %post section. You upgrade should be ok though. Can someone double check this for me? Fresh eyes might help. > > > # Create the SpasAssassin sym-link to mailscanner.cf SADIR=`perl -MMail::SpamAssassin -e 'print Mail::SpamAssassin->new->first_existing_path(@Mail::SpamAssassin::site_rules_path)' 2>/dev/null` if [ "x$SADIR" = "x" ]; then > echo No SpamAssassin installation found. > else > #mkdir -p ${RPM_BUILD_ROOT}${SADIR} > if [ -e ${SADIR}/mailscanner.cf ]; then > echo Leaving mailscanner.cf link or file alone. > else > ln -s -f /etc/MailScanner/spam.assassin.prefs.conf ${SADIR}/mailscanner.cf > fi > echo SpamAssassin site rules found in ${SADIR} fi > > # Create the incoming and quarantine dirs if needed for F in incoming quarantine incoming/Locks do > if [ \! -d /var/spool/MailScanner/$F ]; then > mkdir -p /var/spool/MailScanner/$F > chown root.root /var/spool/MailScanner/$F > chmod 0755 /var/spool/MailScanner/$F > fi > done > > - > Jerry Benton > www.mailborder.com > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From jerry.benton at mailborder.com Mon Apr 13 14:36:12 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 13 Apr 2015 10:36:12 -0400 Subject: v4.85.2-2 Released Message-ID: <6558C40E-C69B-4C24-A6F2-6C40A0BD24F5@mailborder.com> This corrects a minor error in the RPM packages spec file during an upgrade. (RHEL and SuSE) Version release updated for all packages although Debian and the tarball has not changed. https://www.mailscanner.info/downloads/ - Jerry Benton www.mailborder.com From email at ace.net.au Tue Apr 14 06:25:47 2015 From: email at ace.net.au (Peter Nitschke) Date: Tue, 14 Apr 2015 15:55:47 +0930 Subject: v4.85.2-2 Released In-Reply-To: <6558C40E-C69B-4C24-A6F2-6C40A0BD24F5@mailborder.com> References: <6558C40E-C69B-4C24-A6F2-6C40A0BD24F5@mailborder.com> Message-ID: <201504141555470824.26D52C4E@web.ace.net.au> Any chance of a link for "Current version"? Cheers. *********** REPLY SEPARATOR *********** On 13/04/2015 at 10:36 AM Jerry Benton wrote: >This encoded message has been converted to an attachment. > >This corrects a minor error in the RPM packages spec file during an >upgrade. (RHEL and SuSE) Version release updated for all packages although >Debian and the tarball has not changed. > https://www.mailscanner.info/downloads/ - Jerry >Benton www.mailborder.com -- MailScanner mailing >list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner From J.Ede at birchenallhowden.co.uk Tue Apr 14 09:01:11 2015 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue, 14 Apr 2015 09:01:11 +0000 Subject: Taint issues on 4.85.2-1 In-Reply-To: <01D63DCE-2656-4F89-ABDF-C9B12FA1F8EA@mailborder.com> References: <01D63DCE-2656-4F89-ABDF-C9B12FA1F8EA@mailborder.com> Message-ID: Hi, I’ll send it when in the office. I did also wonder if it could be spamassassin creating the problem… I’m running 3.4 and not sure if that’s running untainted. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 13 April 2015 15:26 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 I believe this is a perl-IO-File thing and not a MailScanner thing. Can you send the head of that file? First 20 lines or so. - Jerry Benton www.mailborder.com On Apr 9, 2015, at 4:22 AM, Jason Ede > wrote: Installed this version on my development environment on Centos 6.6 and then run debug and I get a load of taint errors MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) pyzor: check failed: internal error, python traceback seen in response Building a message batch to scan... Have a batch of 10 messages. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Checked and /usr/sbin/MailScanner has the –U switch in it so it shouldn’t have this issue… Suggestions? Jason -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From vpdose at kirchenweg.de Tue Apr 14 15:19:27 2015 From: vpdose at kirchenweg.de (Volker Dose) Date: Tue, 14 Apr 2015 17:19:27 +0200 (CEST) Subject: No filetype checks on RAR-archives Message-ID: <1397475476.2043663.1429024767262.JavaMail.open-xchange@ptangptang.store> Hi Mailing-List, I have set up a new MS installation and do not manage to get filetype/filename checks working inseid of rar-archives. I am using MS with postfix and ClamAV as virus scanner. I have added the SaneSecurity files for ClamAV also. The filetype checks are working fine on 7z-archives and zip-archives are also searched for unwanted filetypes. even Excel files are unpacked and checked. I understand, that clamav is not able to check RAR-archives anymore, right? This are the relevant setting ( I hope ;-) Maximum Archive Depth = 8 Find Archives By Content = yes Unpack Microsoft Documents = no Archives Are = zip rar Archives: Deny Filenames = \.com$ \.exe$ \.cpl$ \.pif$ Archives: Deny Filetypes = executable This are my settings: [root at mailscanner MailScanner]# cat /etc/redhat-release CentOS release 6.6 (Final) [root at mailscanner MailScanner]# rpm -q postfix postfix-2.6.6-6.el6_5.i686 [root at mailscanner MailScanner]# MailScanner --lint Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 1084 hostnames from the phishing whitelist Read 11741 hostnames from the phishing blacklists Config: calling custom init function SQLBlacklist Starting up SQL Blacklist Read 250 blacklist entries Config: calling custom init function MailWatchLogging Started SQL Logging child Config: calling custom init function SQLWhitelist Starting up SQL Whitelist Read 499 whitelist entries Checking version numbers... Version number in MailScanner.conf (4.84.6) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. MailScanner setting GID to (89) MailScanner setting UID to (89) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database bayes: cannot open bayes databases /var/spool/MailScanner/bayes/bayes_* R/O: tie failed: Permission denied bayes: cannot open bayes databases /var/spool/MailScanner/bayes/bayes_* R/O: tie failed: Permission denied pyzor: check failed: internal error, python traceback seen in response SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 6 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = f-prot-6 clamd" Found these virus scanners installed: clamavmodule, f-prot-6, sophossavi, mcafee6, clamd =========================================================================== Filename Checks: Windows/DOSExecutable (1 eicar.com) Completed checking by /usr/local/bin/file_wrapper at /usr/lib/MailScanner/MailScanner/SweepOther.pm line 488 Completed checking by /usr/local/bin/file_wrapper -i at /usr/lib/MailScanner/MailScanner/SweepOther.pm line 570 Filetype Checks: Allowing 1 eicar.com : identified as ASCII text Filetype Mime Checks: Allowing 1 eicar.com (no match found) Other Checks: Found 1 problems Virus and Content Scanning: Starting Scanning: / [Found virus] ./1/eicar.com at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2530 Virus Scanning: F-Prot6 found 1 infections Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com Virus Scanning: Clamd found 2 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 3 viruses =========================================================================== Virus Scanner test reports: F-Prot6 said "[Found virus] ./1/eicar.com" Clamd said "eicar.com was infected: Eicar-Test-Signature" If any of your virus scanners (clamavmodule,f-prot-6,sophossavi,mcafee6,clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Config: calling custom end function SQLBlacklist Closing down by-domain spam blacklist Config: calling custom end function MailWatchLogging Config: calling custom end function SQLWhitelist Closing down by-domain spam whitelist [root at mailscanner MailScanner] Best regards Volker -------------- next part -------------- An HTML attachment was scrubbed... URL: From steveb_clamav at sanesecurity.com Tue Apr 14 19:37:43 2015 From: steveb_clamav at sanesecurity.com (Steve Basford) Date: Tue, 14 Apr 2015 20:37:43 +0100 Subject: No filetype checks on RAR-archives In-Reply-To: <1397475476.2043663.1429024767262.JavaMail.open-xchange@ptangptang.store> References: <1397475476.2043663.1429024767262.JavaMail.open-xchange@ptangptang.store> Message-ID: On Tue, April 14, 2015 4:19 pm, Volker Dose wrote: > > > I am using MS with postfix and ClamAV as virus scanner. I have added the > SaneSecurity files for ClamAV also. > How about... http://sanesecurity.com/foxhole-databases/ Cheers, Steve Web : sanesecurity.com Blog: sanesecurity.blogspot.com From vpdose at kirchenweg.de Tue Apr 14 20:47:24 2015 From: vpdose at kirchenweg.de (Volker Dose) Date: Tue, 14 Apr 2015 22:47:24 +0200 Subject: No filetype checks on RAR-archives In-Reply-To: References: <1397475476.2043663.1429024767262.JavaMail.open-xchange@ptangptang.store> Message-ID: <3C0BFC8F-AC53-4416-A737-CBB18A5CDC6C@kirchenweg.de> Hi, I have already configured the foxhole-stuff and it works brilliantly on zip-files. But no effect on executables in rar-archives. I was reading, that clam has no support for opening and scanning rar-archives because of license issues. I have the actual clamav installed and even tried to compile from scratch, but no success -rar-files are not scanned. Best regards Volker > Am 14.04.2015 um 21:37 schrieb Steve Basford : > > > On Tue, April 14, 2015 4:19 pm, Volker Dose wrote: >> >> >> I am using MS with postfix and ClamAV as virus scanner. I have added the >> SaneSecurity files for ClamAV also. >> > > How about... > > http://sanesecurity.com/foxhole-databases/ > > Cheers, > > Steve > Web : sanesecurity.com > Blog: sanesecurity.blogspot.com > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From rcooper at dwford.com Wed Apr 15 00:03:59 2015 From: rcooper at dwford.com (Rick Cooper) Date: Tue, 14 Apr 2015 20:03:59 -0400 Subject: No filetype checks on RAR-archives In-Reply-To: <3C0BFC8F-AC53-4416-A737-CBB18A5CDC6C@kirchenweg.de> References: <1397475476.2043663.1429024767262.JavaMail.open-xchange@ptangptang.store> <3C0BFC8F-AC53-4416-A737-CBB18A5CDC6C@kirchenweg.de> Message-ID: <723F17EA99EE4343BEFDD23B51725988@SAHOMELT> Volker Dose wrote: > Hi, > > I have already configured the foxhole-stuff and it works brilliantly > on zip-files. But no effect on executables in rar-archives. > > I was reading, that clam has no support for opening and scanning > rar-archives because of license issues. I have the actual clamav > installed and even tried to compile from scratch, but no success > -rar-files are not scanned. ClamAv has had RAR capabilities since verion 0.90. Now, from what I remember Fedora does not include libunrar (even though it's free) and I think there version of the rpm uses the --disable-unrar switch as well. Don't remember if you are using fedora or not. Also you have to have unrar installed for MailScanner to unpack it. Look in the MailScanner.conf for MailScanner.conf:Unrar Command = /usr/bin/unrar And point it to your unrar binary From vpdose at kirchenweg.de Wed Apr 15 07:37:09 2015 From: vpdose at kirchenweg.de (Volker Dose) Date: Wed, 15 Apr 2015 09:37:09 +0200 (CEST) Subject: No filetype checks on RAR-archives In-Reply-To: <723F17EA99EE4343BEFDD23B51725988@SAHOMELT> References: <1397475476.2043663.1429024767262.JavaMail.open-xchange@ptangptang.store> <3C0BFC8F-AC53-4416-A737-CBB18A5CDC6C@kirchenweg.de> <723F17EA99EE4343BEFDD23B51725988@SAHOMELT> Message-ID: <202092356.2140553.1429083429380.JavaMail.open-xchange@ptangptang.store> Hi, I am using CentOS and afaik there is no rar-Support compiled in - at least no sign of "libclamavunrar": [root at mailscanner ~]# ldd /usr/bin/clamscan linux-gate.so.1 => (0x00748000) libclamav.so.6 => /usr/lib/libclamav.so.6 (0x008ef000) libxml2.so.2 => /usr/lib/libxml2.so.2 (0x001bf000) libz.so.1 => /lib/libz.so.1 (0x00f46000) libbz2.so.1 => /lib/libbz2.so.1 (0x00515000) libssl.so.10 => /usr/lib/libssl.so.10 (0x00659000) libcrypto.so.10 => /usr/lib/libcrypto.so.10 (0x0030a000) libm.so.6 => /lib/libm.so.6 (0x004d2000) libdl.so.2 => /lib/libdl.so.2 (0x00fce000) libpthread.so.0 => /lib/libpthread.so.0 (0x00526000) libc.so.6 => /lib/libc.so.6 (0x00749000) libgssapi_krb5.so.2 => /lib/libgssapi_krb5.so.2 (0x00541000) libkrb5.so.3 => /lib/libkrb5.so.3 (0x00af2000) libcom_err.so.2 => /lib/libcom_err.so.2 (0x004fc000) libk5crypto.so.3 => /lib/libk5crypto.so.3 (0x00581000) libresolv.so.2 => /lib/libresolv.so.2 (0x005ac000) /lib/ld-linux.so.2 (0x00e11000) libkrb5support.so.0 => /lib/libkrb5support.so.0 (0x00501000) libkeyutils.so.1 => /lib/libkeyutils.so.1 (0x0050d000) libselinux.so.1 => /lib/libselinux.so.1 (0x00bfc000) When I check a zip-archiv it shows this: [root at mailscanner ~]# clamscan putty.zip putty.zip: Sanesecurity.Foxhole.Zip_exe.UNOFFICIAL FOUND ----------- SCAN SUMMARY ----------- Known viruses: 4478278 Engine version: 0.98.6 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Data read: 0.25 MB (ratio 0.00:1) Time: 16.959 sec (0 m 16 s) [root at mailscanner ~]# clamscan putty.rar putty.rar: OK ----------- SCAN SUMMARY ----------- Known viruses: 4478278 Engine version: 0.98.6 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.22 MB Data read: 0.22 MB (ratio 1.00:1) Time: 17.652 sec (0 m 17 s) But this is maybe just a side-problem, I was hoping to get the filetype recognition working in MS. Here my Settings regarding rar/unrar in MailScanner.conf: Unrar Command = /usr/bin/unrar Unrar Timeout = 50 Best regards Volker > Rick Cooper hat am 15. April 2015 um 02:03 geschrieben: > > > Volker Dose wrote: > > Hi, > > > > I have already configured the foxhole-stuff and it works brilliantly > > on zip-files. But no effect on executables in rar-archives. > > > > I was reading, that clam has no support for opening and scanning > > rar-archives because of license issues. I have the actual clamav > > installed and even tried to compile from scratch, but no success > > -rar-files are not scanned. > > ClamAv has had RAR capabilities since verion 0.90. > Now, from what I remember Fedora does not include libunrar (even though it's > free) and I think there version of the rpm uses the --disable-unrar switch > as well. Don't remember if you are using fedora or not. > > > Also you have to have unrar installed for MailScanner to unpack it. > Look in the MailScanner.conf for > > MailScanner.conf:Unrar Command = /usr/bin/unrar > > And point it to your unrar binary > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Wed Apr 15 07:42:40 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Wed, 15 Apr 2015 03:42:40 -0400 Subject: No filetype checks on RAR-archives In-Reply-To: <202092356.2140553.1429083429380.JavaMail.open-xchange@ptangptang.store> References: <1397475476.2043663.1429024767262.JavaMail.open-xchange@ptangptang.store> <3C0BFC8F-AC53-4416-A737-CBB18A5CDC6C@kirchenweg.de> <723F17EA99EE4343BEFDD23B51725988@SAHOMELT> <202092356.2140553.1429083429380.JavaMail.open-xchange@ptangptang.store> Message-ID: https://s3.amazonaws.com/mailborder/releases/stable/4.1.0/unrar-4.2.3-1.el6.rf.x86_64.rpm - Jerry Benton www.mailborder.com > On Apr 15, 2015, at 3:37 AM, Volker Dose wrote: > > Hi, > > I am using CentOS and afaik there is no rar-Support compiled in - at least no sign of "libclamavunrar": > > > [root at mailscanner ~]# ldd /usr/bin/clamscan > linux-gate.so.1 => (0x00748000) > libclamav.so.6 => /usr/lib/libclamav.so.6 (0x008ef000) > libxml2.so.2 => /usr/lib/libxml2.so.2 (0x001bf000) > libz.so.1 => /lib/libz.so.1 (0x00f46000) > libbz2.so.1 => /lib/libbz2.so.1 (0x00515000) > libssl.so.10 => /usr/lib/libssl.so.10 (0x00659000) > libcrypto.so.10 => /usr/lib/libcrypto.so.10 (0x0030a000) > libm.so.6 => /lib/libm.so.6 (0x004d2000) > libdl.so.2 => /lib/libdl.so.2 (0x00fce000) > libpthread.so.0 => /lib/libpthread.so.0 (0x00526000) > libc.so.6 => /lib/libc.so.6 (0x00749000) > libgssapi_krb5.so.2 => /lib/libgssapi_krb5.so.2 (0x00541000) > libkrb5.so.3 => /lib/libkrb5.so.3 (0x00af2000) > libcom_err.so.2 => /lib/libcom_err.so.2 (0x004fc000) > libk5crypto.so.3 => /lib/libk5crypto.so.3 (0x00581000) > libresolv.so.2 => /lib/libresolv.so.2 (0x005ac000) > /lib/ld-linux.so.2 (0x00e11000) > libkrb5support.so.0 => /lib/libkrb5support.so.0 (0x00501000) > libkeyutils.so.1 => /lib/libkeyutils.so.1 (0x0050d000) > libselinux.so.1 => /lib/libselinux.so.1 (0x00bfc000) > > When I check a zip-archiv it shows this: > > [root at mailscanner ~]# clamscan putty.zip > > putty.zip: Sanesecurity.Foxhole.Zip_exe.UNOFFICIAL FOUND > > ----------- SCAN SUMMARY ----------- > Known viruses: 4478278 > Engine version: 0.98.6 > Scanned directories: 0 > Scanned files: 1 > Infected files: 1 > Data scanned: 0.00 MB > Data read: 0.25 MB (ratio 0.00:1) > Time: 16.959 sec (0 m 16 s) > > > > [root at mailscanner ~]# clamscan putty.rar > > putty.rar: OK > > ----------- SCAN SUMMARY ----------- > > Known viruses: 4478278 > Engine version: 0.98.6 > Scanned directories: 0 > Scanned files: 1 > Infected files: 0 > Data scanned: 0.22 MB > Data read: 0.22 MB (ratio 1.00:1) > Time: 17.652 sec (0 m 17 s) > > > > But this is maybe just a side-problem, I was hoping to get the filetype recognition working in MS. > > Here my Settings regarding rar/unrar in MailScanner.conf: > > Unrar Command = /usr/bin/unrar > Unrar Timeout = 50 > > > Best regards > Volker > > > Rick Cooper > hat am 15. April 2015 um 02:03 geschrieben: > > > > > > Volker Dose wrote: > > > Hi, > > > > > > I have already configured the foxhole-stuff and it works brilliantly > > > on zip-files. But no effect on executables in rar-archives. > > > > > > I was reading, that clam has no support for opening and scanning > > > rar-archives because of license issues. I have the actual clamav > > > installed and even tried to compile from scratch, but no success > > > -rar-files are not scanned. > > > > ClamAv has had RAR capabilities since verion 0.90. > > Now, from what I remember Fedora does not include libunrar (even though it's > > free) and I think there version of the rpm uses the --disable-unrar switch > > as well. Don't remember if you are using fedora or not. > > > > > > Also you have to have unrar installed for MailScanner to unpack it. > > Look in the MailScanner.conf for > > > > MailScanner.conf:Unrar Command = /usr/bin/unrar > > > > And point it to your unrar binary > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From vpdose at kirchenweg.de Wed Apr 15 08:19:52 2015 From: vpdose at kirchenweg.de (Volker Dose) Date: Wed, 15 Apr 2015 10:19:52 +0200 Subject: No filetype checks on RAR-archives In-Reply-To: References: <1397475476.2043663.1429024767262.JavaMail.open-xchange@ptangptang.store> <3C0BFC8F-AC53-4416-A737-CBB18A5CDC6C@kirchenweg.de> <723F17EA99EE4343BEFDD23B51725988@SAHOMELT> <202092356.2140553.1429083429380.JavaMail.open-xchange@ptangptang.store> Message-ID: <3241E6E2-3076-4168-BA9C-965579D66274@kirchenweg.de> Hi, Thanks a lot for the link, But I am using a 32bit architektur, do you have a rpm for that also? Best regards, Volker Volker Dose > Am 15.04.2015 um 09:42 schrieb Jerry Benton : > > https://s3.amazonaws.com/mailborder/releases/stable/4.1.0/unrar-4.2.3-1.el6.rf.x86_64.rpm > > > - > Jerry Benton > www.mailborder.com > > > >> On Apr 15, 2015, at 3:37 AM, Volker Dose wrote: >> >> Hi, >> >> I am using CentOS and afaik there is no rar-Support compiled in - at least no sign of "libclamavunrar": >> >> >> [root at mailscanner ~]# ldd /usr/bin/clamscan >> linux-gate.so.1 => (0x00748000) >> libclamav.so.6 => /usr/lib/libclamav.so.6 (0x008ef000) >> libxml2.so.2 => /usr/lib/libxml2.so.2 (0x001bf000) >> libz.so.1 => /lib/libz.so.1 (0x00f46000) >> libbz2.so.1 => /lib/libbz2.so.1 (0x00515000) >> libssl.so.10 => /usr/lib/libssl.so.10 (0x00659000) >> libcrypto.so.10 => /usr/lib/libcrypto.so.10 (0x0030a000) >> libm.so.6 => /lib/libm.so.6 (0x004d2000) >> libdl.so.2 => /lib/libdl.so.2 (0x00fce000) >> libpthread.so.0 => /lib/libpthread.so.0 (0x00526000) >> libc.so.6 => /lib/libc.so.6 (0x00749000) >> libgssapi_krb5.so.2 => /lib/libgssapi_krb5.so.2 (0x00541000) >> libkrb5.so.3 => /lib/libkrb5.so.3 (0x00af2000) >> libcom_err.so.2 => /lib/libcom_err.so.2 (0x004fc000) >> libk5crypto.so.3 => /lib/libk5crypto.so.3 (0x00581000) >> libresolv.so.2 => /lib/libresolv.so.2 (0x005ac000) >> /lib/ld-linux.so.2 (0x00e11000) >> libkrb5support.so.0 => /lib/libkrb5support.so.0 (0x00501000) >> libkeyutils.so.1 => /lib/libkeyutils.so.1 (0x0050d000) >> libselinux.so.1 => /lib/libselinux.so.1 (0x00bfc000) >> >> When I check a zip-archiv it shows this: >> >> [root at mailscanner ~]# clamscan putty.zip >> >> putty.zip: Sanesecurity.Foxhole.Zip_exe.UNOFFICIAL FOUND >> >> ----------- SCAN SUMMARY ----------- >> Known viruses: 4478278 >> Engine version: 0.98.6 >> Scanned directories: 0 >> Scanned files: 1 >> Infected files: 1 >> Data scanned: 0.00 MB >> Data read: 0.25 MB (ratio 0.00:1) >> Time: 16.959 sec (0 m 16 s) >> >> >> >> [root at mailscanner ~]# clamscan putty.rar >> >> putty.rar: OK >> >> ----------- SCAN SUMMARY ----------- >> >> Known viruses: 4478278 >> Engine version: 0.98.6 >> Scanned directories: 0 >> Scanned files: 1 >> Infected files: 0 >> Data scanned: 0.22 MB >> Data read: 0.22 MB (ratio 1.00:1) >> Time: 17.652 sec (0 m 17 s) >> >> >> >> But this is maybe just a side-problem, I was hoping to get the filetype recognition working in MS. >> >> Here my Settings regarding rar/unrar in MailScanner.conf: >> >> Unrar Command = /usr/bin/unrar >> Unrar Timeout = 50 >> >> >> Best regards >> Volker >> >> > Rick Cooper hat am 15. April 2015 um 02:03 geschrieben: >> > >> > >> > Volker Dose wrote: >> > > Hi, >> > > >> > > I have already configured the foxhole-stuff and it works brilliantly >> > > on zip-files. But no effect on executables in rar-archives. >> > > >> > > I was reading, that clam has no support for opening and scanning >> > > rar-archives because of license issues. I have the actual clamav >> > > installed and even tried to compile from scratch, but no success >> > > -rar-files are not scanned. >> > >> > ClamAv has had RAR capabilities since verion 0.90. >> > Now, from what I remember Fedora does not include libunrar (even though it's >> > free) and I think there version of the rpm uses the --disable-unrar switch >> > as well. Don't remember if you are using fedora or not. >> > >> > >> > Also you have to have unrar installed for MailScanner to unpack it. >> > Look in the MailScanner.conf for >> > >> > MailScanner.conf:Unrar Command = /usr/bin/unrar >> > >> > And point it to your unrar binary >> > >> > >> > -- >> > MailScanner mailing list >> > mailscanner at lists.mailscanner.info >> > http://lists.mailscanner.info/listinfo/mailscanner >> > >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Wed Apr 15 08:22:05 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Wed, 15 Apr 2015 04:22:05 -0400 Subject: No filetype checks on RAR-archives In-Reply-To: <3241E6E2-3076-4168-BA9C-965579D66274@kirchenweg.de> References: <1397475476.2043663.1429024767262.JavaMail.open-xchange@ptangptang.store> <3C0BFC8F-AC53-4416-A737-CBB18A5CDC6C@kirchenweg.de> <723F17EA99EE4343BEFDD23B51725988@SAHOMELT> <202092356.2140553.1429083429380.JavaMail.open-xchange@ptangptang.store> <3241E6E2-3076-4168-BA9C-965579D66274@kirchenweg.de> Message-ID: <4C73D376-AEAE-493E-A87C-4FBB7271A401@mailborder.com> Sigh … its 2015 not 1993. https://s3.amazonaws.com/mailborder/releases/stable/4.1.0/unrar-4.2.3-1.el6.rf.i686.rpm - Jerry Benton www.mailborder.com > On Apr 15, 2015, at 4:19 AM, Volker Dose wrote: > > Hi, > > Thanks a lot for the link, But I am using a 32bit architektur, do you have a rpm for that also? > > Best regards, > > Volker > > Volker Dose > > Am 15.04.2015 um 09:42 schrieb Jerry Benton >: > >> https://s3.amazonaws.com/mailborder/releases/stable/4.1.0/unrar-4.2.3-1.el6.rf.x86_64.rpm >> >> >> - >> Jerry Benton >> www.mailborder.com >> >> >> >>> On Apr 15, 2015, at 3:37 AM, Volker Dose > wrote: >>> >>> Hi, >>> >>> I am using CentOS and afaik there is no rar-Support compiled in - at least no sign of "libclamavunrar": >>> >>> >>> [root at mailscanner ~]# ldd /usr/bin/clamscan >>> linux-gate.so.1 => (0x00748000) >>> libclamav.so.6 => /usr/lib/libclamav.so.6 (0x008ef000) >>> libxml2.so.2 => /usr/lib/libxml2.so.2 (0x001bf000) >>> libz.so.1 => /lib/libz.so.1 (0x00f46000) >>> libbz2.so.1 => /lib/libbz2.so.1 (0x00515000) >>> libssl.so.10 => /usr/lib/libssl.so.10 (0x00659000) >>> libcrypto.so.10 => /usr/lib/libcrypto.so.10 (0x0030a000) >>> libm.so.6 => /lib/libm.so.6 (0x004d2000) >>> libdl.so.2 => /lib/libdl.so.2 (0x00fce000) >>> libpthread.so.0 => /lib/libpthread.so.0 (0x00526000) >>> libc.so.6 => /lib/libc.so.6 (0x00749000) >>> libgssapi_krb5.so.2 => /lib/libgssapi_krb5.so.2 (0x00541000) >>> libkrb5.so.3 => /lib/libkrb5.so.3 (0x00af2000) >>> libcom_err.so.2 => /lib/libcom_err.so.2 (0x004fc000) >>> libk5crypto.so.3 => /lib/libk5crypto.so.3 (0x00581000) >>> libresolv.so.2 => /lib/libresolv.so.2 (0x005ac000) >>> /lib/ld-linux.so.2 (0x00e11000) >>> libkrb5support.so.0 => /lib/libkrb5support.so.0 (0x00501000) >>> libkeyutils.so.1 => /lib/libkeyutils.so.1 (0x0050d000) >>> libselinux.so.1 => /lib/libselinux.so.1 (0x00bfc000) >>> >>> When I check a zip-archiv it shows this: >>> >>> [root at mailscanner ~]# clamscan putty.zip >>> >>> putty.zip: Sanesecurity.Foxhole.Zip_exe.UNOFFICIAL FOUND >>> >>> ----------- SCAN SUMMARY ----------- >>> Known viruses: 4478278 >>> Engine version: 0.98.6 >>> Scanned directories: 0 >>> Scanned files: 1 >>> Infected files: 1 >>> Data scanned: 0.00 MB >>> Data read: 0.25 MB (ratio 0.00:1) >>> Time: 16.959 sec (0 m 16 s) >>> >>> >>> >>> [root at mailscanner ~]# clamscan putty.rar >>> >>> putty.rar: OK >>> >>> ----------- SCAN SUMMARY ----------- >>> >>> Known viruses: 4478278 >>> Engine version: 0.98.6 >>> Scanned directories: 0 >>> Scanned files: 1 >>> Infected files: 0 >>> Data scanned: 0.22 MB >>> Data read: 0.22 MB (ratio 1.00:1) >>> Time: 17.652 sec (0 m 17 s) >>> >>> >>> >>> But this is maybe just a side-problem, I was hoping to get the filetype recognition working in MS. >>> >>> Here my Settings regarding rar/unrar in MailScanner.conf: >>> >>> Unrar Command = /usr/bin/unrar >>> Unrar Timeout = 50 >>> >>> >>> Best regards >>> Volker >>> >>> > Rick Cooper > hat am 15. April 2015 um 02:03 geschrieben: >>> > >>> > >>> > Volker Dose wrote: >>> > > Hi, >>> > > >>> > > I have already configured the foxhole-stuff and it works brilliantly >>> > > on zip-files. But no effect on executables in rar-archives. >>> > > >>> > > I was reading, that clam has no support for opening and scanning >>> > > rar-archives because of license issues. I have the actual clamav >>> > > installed and even tried to compile from scratch, but no success >>> > > -rar-files are not scanned. >>> > >>> > ClamAv has had RAR capabilities since verion 0.90. >>> > Now, from what I remember Fedora does not include libunrar (even though it's >>> > free) and I think there version of the rpm uses the --disable-unrar switch >>> > as well. Don't remember if you are using fedora or not. >>> > >>> > >>> > Also you have to have unrar installed for MailScanner to unpack it. >>> > Look in the MailScanner.conf for >>> > >>> > MailScanner.conf:Unrar Command = /usr/bin/unrar >>> > >>> > And point it to your unrar binary >>> > >>> > >>> > -- >>> > MailScanner mailing list >>> > mailscanner at lists.mailscanner.info >>> > http://lists.mailscanner.info/listinfo/mailscanner >>> > >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/listinfo/mailscanner >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From vpdose at kirchenweg.de Wed Apr 15 09:18:18 2015 From: vpdose at kirchenweg.de (Volker Dose) Date: Wed, 15 Apr 2015 11:18:18 +0200 (CEST) Subject: No filetype checks on RAR-archives In-Reply-To: <4C73D376-AEAE-493E-A87C-4FBB7271A401@mailborder.com> References: <1397475476.2043663.1429024767262.JavaMail.open-xchange@ptangptang.store> <3C0BFC8F-AC53-4416-A737-CBB18A5CDC6C@kirchenweg.de> <723F17EA99EE4343BEFDD23B51725988@SAHOMELT> <202092356.2140553.1429083429380.JavaMail.open-xchange@ptangptang.store> <3241E6E2-3076-4168-BA9C-965579D66274@kirchenweg.de> <4C73D376-AEAE-493E-A87C-4FBB7271A401@mailborder.com> Message-ID: <258455322.2171971.1429089498165.JavaMail.open-xchange@ptangptang.store> Hi, yeah, maybe you'r right about my choice to use 32bit, I will conside this ;-) But actually your hint was excatly, was I was hoping for, with that binary MS is scanning rar-Archives and was blocking an exe-file inside a rar-Archive. Thanks so much!! Best regards Volker > Jerry Benton hat am 15. April 2015 um 10:22 > geschrieben: > > Sigh ... its 2015 not 1993. > > > https://s3.amazonaws.com/mailborder/releases/stable/4.1.0/unrar-4.2.3-1.el6.rf.i686.rpm > > > - > Jerry Benton > > > > > > On Apr 15, 2015, at 4:19 AM, Volker Dose < vpdose at kirchenweg.de > > > > wrote: > > > > Hi, > > > > Thanks a lot for the link, But I am using a 32bit architektur, do you > > have a rpm for that also? > > > > Best regards, > > > > Volker > > > > Volker Dose > > > > Am 15.04.2015 um 09:42 schrieb Jerry Benton < > > jerry.benton at mailborder.com >: > > > > > > > > > > > > > > https://s3.amazonaws.com/mailborder/releases/stable/4.1.0/unrar-4.2.3-1.el6.rf.x86_64.rpm > > > > > > > > > - > > > Jerry Benton > > > > > > > > > > > > > > > > On Apr 15, 2015, at 3:37 AM, Volker Dose > > > > > > > < vpdose at kirchenweg.de > > > > > > > > wrote: > > > > > > > > Hi, > > > > > > > > I am using CentOS and afaik there is no rar-Support > > > > compiled in - at least no sign of "libclamavunrar": > > > > > > > > > > > > [root at mailscanner ~]# ldd /usr/bin/clamscan > > > > linux-gate.so.1 => (0x00748000) > > > > libclamav.so.6 => /usr/lib/libclamav.so.6 > > > > (0x008ef000) > > > > libxml2.so.2 => /usr/lib/libxml2.so.2 (0x001bf000) > > > > > > > > libz.so.1 => /lib/libz.so.1 (0x00f46000) > > > > libbz2.so.1 => /lib/libbz2.so.1 (0x00515000) > > > > libssl.so.10 => /usr/lib/libssl.so.10 (0x00659000) > > > > > > > > libcrypto.so.10 => /usr/lib/libcrypto.so.10 > > > > (0x0030a000) > > > > libm.so.6 => /lib/libm.so.6 (0x004d2000) > > > > libdl.so.2 => /lib/libdl.so.2 (0x00fce000) > > > > libpthread.so.0 => /lib/libpthread.so.0 > > > > (0x00526000) > > > > libc.so.6 => /lib/libc.so.6 (0x00749000) > > > > libgssapi_krb5.so.2 => /lib/libgssapi_krb5.so.2 > > > > (0x00541000) > > > > libkrb5.so.3 => /lib/libkrb5.so.3 (0x00af2000) > > > > libcom_err.so.2 => /lib/libcom_err.so.2 > > > > (0x004fc000) > > > > libk5crypto.so.3 => /lib/libk5crypto.so.3 > > > > (0x00581000) > > > > libresolv.so.2 => /lib/libresolv.so.2 (0x005ac000) > > > > > > > > /lib/ld-linux.so.2 (0x00e11000) > > > > libkrb5support.so.0 => /lib/libkrb5support.so.0 > > > > (0x00501000) > > > > libkeyutils.so.1 => /lib/libkeyutils.so.1 > > > > (0x0050d000) > > > > libselinux.so.1 => /lib/libselinux.so.1 > > > > (0x00bfc000) > > > > > > > > When I check a zip-archiv it shows this: > > > > > > > > > > > > [root at mailscanner ~]# clamscan putty.zip > > > > > > > > putty.zip: Sanesecurity.Foxhole.Zip_exe.UNOFFICIAL FOUND > > > > > > > > ----------- SCAN SUMMARY ----------- > > > > Known viruses: 4478278 > > > > Engine version: 0.98.6 > > > > Scanned directories: 0 > > > > Scanned files: 1 > > > > Infected files: 1 > > > > Data scanned: 0.00 MB > > > > Data read: 0.25 MB (ratio 0.00:1) > > > > Time: 16.959 sec (0 m 16 s) > > > > > > > > > > > > > > > > > > > > [root at mailscanner ~]# clamscan putty.rar > > > > > > > > putty.rar: OK > > > > > > > > ----------- SCAN SUMMARY ----------- > > > > > > > > Known viruses: 4478278 > > > > Engine version: 0.98.6 > > > > Scanned directories: 0 > > > > Scanned files: 1 > > > > Infected files: 0 > > > > Data scanned: 0.22 MB > > > > Data read: 0.22 MB (ratio 1.00:1) > > > > Time: 17.652 sec (0 m 17 s) > > > > > > > > > > > > > > > > But this is maybe just a side-problem, I was hoping to get > > > > the filetype recognition working in MS. > > > > > > > > Here my Settings regarding rar/unrar in MailScanner.conf: > > > > > > > > Unrar Command = /usr/bin/unrar > > > > Unrar Timeout = 50 > > > > > > > > > > > > Best regards > > > > Volker > > > > > > > > > Rick Cooper < rcooper at dwford.com > > > > > > hat am 15. April 2015 um > > > > > 02:03 geschrieben: > > > > > > > > > > > > > > > Volker Dose wrote: > > > > > > Hi, > > > > > > > > > > > > I have already configured the foxhole-stuff and it > > > > > > works brilliantly > > > > > > on zip-files. But no effect on executables in > > > > > > rar-archives. > > > > > > > > > > > > I was reading, that clam has no support for opening and > > > > > > scanning > > > > > > rar-archives because of license issues. I have the > > > > > > actual clamav > > > > > > installed and even tried to compile from scratch, but > > > > > > no success > > > > > > -rar-files are not scanned. > > > > > > > > > > ClamAv has had RAR capabilities since verion 0.90. > > > > > Now, from what I remember Fedora does not include > > > > > libunrar (even though it's > > > > > free) and I think there version of the rpm uses the > > > > > --disable-unrar switch > > > > > as well. Don't remember if you are using fedora or not. > > > > > > > > > > > > > > > Also you have to have unrar installed for MailScanner to > > > > > unpack it. > > > > > Look in the MailScanner.conf for > > > > > > > > > > MailScanner.conf:Unrar Command = /usr/bin/unrar > > > > > > > > > > And point it to your unrar binary > > > > > > > > > > > > > > > -- > > > > > MailScanner mailing list > > > > > mailscanner at lists.mailscanner.info > > > > > > > > > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > > > > > > > > > > > > -- > > > > MailScanner mailing list > > > > mailscanner at lists.mailscanner.info > > > > > > > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner at lists.mailscanner.info > > > > > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > > > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Denis.Beauchemin at usherbrooke.ca Wed Apr 15 12:11:20 2015 From: Denis.Beauchemin at usherbrooke.ca (Denis Beauchemin) Date: Wed, 15 Apr 2015 12:11:20 +0000 Subject: No filetype checks on RAR-archives In-Reply-To: <723F17EA99EE4343BEFDD23B51725988@SAHOMELT> References: <1397475476.2043663.1429024767262.JavaMail.open-xchange@ptangptang.store> <3C0BFC8F-AC53-4416-A737-CBB18A5CDC6C@kirchenweg.de> <723F17EA99EE4343BEFDD23B51725988@SAHOMELT> Message-ID: I have unrar on my RHEL 6.6 server: $ rpm -qif $(which unrar) Name : unrar Relocations: (not relocatable) Version : 5.0.3 Vendor: Dag Apt Repository, http://dag.wieers.com/apt/ Release : 1 Build Date: Fri 20 Feb 2015 07:42:02 PM EST Install Date: Wed 11 Mar 2015 10:00:55 AM EDT Build Host: cos5-a64-n7-a7.mailborder.com Group : Applications/Archiving Source RPM: unrar-5.0.3-1.src.rpm Size : 255168 License: Freeware Signature : (none) Packager : Dag Wieers URL : http://www.rarlab.com/ Summary : Extract, test and view RAR archives Description : The unRAR utility is a freeware program, distributed with source code and developed for extracting, testing and viewing the contents of archives created with the RAR archiver version 1.50 and above. $ yum repolist Loaded plugins: product-id, refresh-packagekit, rhnplugin, security, subscription-manager *Note* Red Hat Network repositories are not listed below. You must run this command as root to access RHN repositories. repo id repo name status epel Extra Packages for Enterprise Linux 6 - x86_64 11,350 rpmforge RHEL 6Server - RPMforge.net - dag 4,718 repolist: 16,068 It must be coming from rpmforge (http://repoforge.org/use/). Denis -----Message d'origine----- De : MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Rick Cooper Envoyé : 14 avril 2015 20:04 À : 'MailScanner Discussion' Objet : RE: No filetype checks on RAR-archives Volker Dose wrote: > Hi, > > I have already configured the foxhole-stuff and it works brilliantly > on zip-files. But no effect on executables in rar-archives. > > I was reading, that clam has no support for opening and scanning > rar-archives because of license issues. I have the actual clamav > installed and even tried to compile from scratch, but no success > -rar-files are not scanned. ClamAv has had RAR capabilities since verion 0.90. Now, from what I remember Fedora does not include libunrar (even though it's free) and I think there version of the rpm uses the --disable-unrar switch as well. Don't remember if you are using fedora or not. Also you have to have unrar installed for MailScanner to unpack it. Look in the MailScanner.conf for MailScanner.conf:Unrar Command = /usr/bin/unrar And point it to your unrar binary -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner From richard at fastnet.co.uk Wed Apr 15 13:43:58 2015 From: richard at fastnet.co.uk (Richard Mealing) Date: Wed, 15 Apr 2015 13:43:58 +0000 Subject: deprecated code Message-ID: <6EE47AF64C339A4F8F7F50507241B3795EF1F014@BTN-EXCHANGE-V1.fastnet.local> Hi, I'm getting the following when using perl5-5.18.4_13 - /usr/local/etc/rc.d/mailscanner restart Stopping mailscanner. Waiting for PIDS: 758. Starting mailscanner. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/CustomConfig.pm line 749. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/GenericSpam.pm line 39. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/RBLs.pm line 39. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/MCP.pm line 40. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/SA.pm line 39. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/CustomConfig.pm line 749. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/GenericSpam.pm line 39. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/RBLs.pm line 39. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/MCP.pm line 40. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/SA.pm line 39. This is on FreeBSD 10.1-RELEASE-p9. I wondered if this had been fixed in the next release? I have the latest from the ports. Thanks, Rich -------------- next part -------------- An HTML attachment was scrubbed... URL: From richard at fastnet.co.uk Wed Apr 15 13:58:05 2015 From: richard at fastnet.co.uk (Richard Mealing) Date: Wed, 15 Apr 2015 13:58:05 +0000 Subject: deprecated code In-Reply-To: <6EE47AF64C339A4F8F7F50507241B3795EF1F014@BTN-EXCHANGE-V1.fastnet.local> References: <6EE47AF64C339A4F8F7F50507241B3795EF1F014@BTN-EXCHANGE-V1.fastnet.local> Message-ID: <6EE47AF64C339A4F8F7F50507241B3795EF1F044@BTN-EXCHANGE-V1.fastnet.local> Is it as simple as changing - use IO to - use IO::Pipe ? Or use IO::file when it's using file? I have changed them all now and all the errors have gone. Everything seems to be working fine, for the moment..! Thanks, Rich From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Richard Mealing Sent: 15 April 2015 14:44 To: MailScanner discussion (mailscanner at lists.mailscanner.info) Subject: deprecated code Hi, I'm getting the following when using perl5-5.18.4_13 - /usr/local/etc/rc.d/mailscanner restart Stopping mailscanner. Waiting for PIDS: 758. Starting mailscanner. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/CustomConfig.pm line 749. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/GenericSpam.pm line 39. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/RBLs.pm line 39. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/MCP.pm line 40. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/SA.pm line 39. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/CustomConfig.pm line 749. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/GenericSpam.pm line 39. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/RBLs.pm line 39. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/MCP.pm line 40. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/SA.pm line 39. This is on FreeBSD 10.1-RELEASE-p9. I wondered if this had been fixed in the next release? I have the latest from the ports. Thanks, Rich -------------- next part -------------- An HTML attachment was scrubbed... URL: From grenier at cgsecurity.org Wed Apr 15 14:05:56 2015 From: grenier at cgsecurity.org (Christophe GRENIER) Date: Wed, 15 Apr 2015 16:05:56 +0200 (CEST) Subject: No filetype checks on RAR-archives In-Reply-To: References: <1397475476.2043663.1429024767262.JavaMail.open-xchange@ptangptang.store> <3C0BFC8F-AC53-4416-A737-CBB18A5CDC6C@kirchenweg.de> <723F17EA99EE4343BEFDD23B51725988@SAHOMELT> <202092356.2140553.1429083429380.JavaMail.open-xchange@ptangptang.store> Message-ID: On Wed, 15 Apr 2015, Jerry Benton wrote: > https://s3.amazonaws.com/mailborder/releases/stable/4.1.0/unrar-4.2.3-1.el6.rf.x86_64.rpm Hi with unrar-4.2.3-1.el6.rf.x86_64 , filename checks are ok with https://s3.amazonaws.com/mailscanner/install/rpm/unrar-5.0.3-1.x86_64.rpm filename checks don't work for rar (installed by MailScanner-4.85.1-1/install.sh ) BTW is there any way to check filenames inside 7z archive ? Thanks, Christophe -- ,-~~-.___. ._. / | ' \ | |--------. Christophe GRENIER ( ) 0 | | | grenier at cgsecurity.org \_/-, ,----' | | | ==== !_!-v---v--. / \-'~; .--------. TestDisk & PhotoRec / __/~| ._-""|| | Data Recovery =( _____|_|____||________| http://www.cgsecurity.org From jerry.benton at mailborder.com Wed Apr 15 14:36:14 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Wed, 15 Apr 2015 10:36:14 -0400 Subject: deprecated code In-Reply-To: <6EE47AF64C339A4F8F7F50507241B3795EF1F014@BTN-EXCHANGE-V1.fastnet.local> References: <6EE47AF64C339A4F8F7F50507241B3795EF1F014@BTN-EXCHANGE-V1.fastnet.local> Message-ID: <8D14DF53-8C73-43F8-AB4A-411F98D5A08E@mailborder.com> Yes. I updated ALL of the code. That item an a few others. - Jerry Benton www.mailborder.com > On Apr 15, 2015, at 9:43 AM, Richard Mealing wrote: > > Hi, > > I’m getting the following when using perl5-5.18.4_13 - > > /usr/local/etc/rc.d/mailscanner restart > Stopping mailscanner. > Waiting for PIDS: 758. > Starting mailscanner. > Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/CustomConfig.pm line 749. > Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/GenericSpam.pm line 39. > Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/RBLs.pm line 39. > Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/MCP.pm line 40. > Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/SA.pm line 39. > Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/CustomConfig.pm line 749. > Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/GenericSpam.pm line 39. > Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/RBLs.pm line 39. > Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/MCP.pm line 40. > Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/SA.pm line 39. > > This is on FreeBSD 10.1-RELEASE-p9. > > I wondered if this had been fixed in the next release? I have the latest from the ports. > > Thanks, > Rich > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From richard at fastnet.co.uk Wed Apr 15 14:49:41 2015 From: richard at fastnet.co.uk (Richard Mealing) Date: Wed, 15 Apr 2015 14:49:41 +0000 Subject: deprecated code In-Reply-To: <8D14DF53-8C73-43F8-AB4A-411F98D5A08E@mailborder.com> References: <6EE47AF64C339A4F8F7F50507241B3795EF1F014@BTN-EXCHANGE-V1.fastnet.local> <8D14DF53-8C73-43F8-AB4A-411F98D5A08E@mailborder.com> Message-ID: <6EE47AF64C339A4F8F7F50507241B3795EF1F118@BTN-EXCHANGE-V1.fastnet.local> Thanks Jerry. I look forward to seeing that in the ports tree. I’ll manually update it for now, as I have a few servers to upgrade! Thanks again for all your hard work. Rich From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 15 April 2015 15:36 To: MailScanner Discussion Subject: Re: deprecated code Yes. I updated ALL of the code. That item an a few others. - Jerry Benton www.mailborder.com On Apr 15, 2015, at 9:43 AM, Richard Mealing > wrote: Hi, I’m getting the following when using perl5-5.18.4_13 - /usr/local/etc/rc.d/mailscanner restart Stopping mailscanner. Waiting for PIDS: 758. Starting mailscanner. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/CustomConfig.pm line 749. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/GenericSpam.pm line 39. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/RBLs.pm line 39. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/MCP.pm line 40. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/SA.pm line 39. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/CustomConfig.pm line 749. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/GenericSpam.pm line 39. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/RBLs.pm line 39. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/MCP.pm line 40. Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/SA.pm line 39. This is on FreeBSD 10.1-RELEASE-p9. I wondered if this had been fixed in the next release? I have the latest from the ports. Thanks, Rich -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Wed Apr 15 14:52:34 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Wed, 15 Apr 2015 10:52:34 -0400 Subject: deprecated code In-Reply-To: <6EE47AF64C339A4F8F7F50507241B3795EF1F118@BTN-EXCHANGE-V1.fastnet.local> References: <6EE47AF64C339A4F8F7F50507241B3795EF1F014@BTN-EXCHANGE-V1.fastnet.local> <8D14DF53-8C73-43F8-AB4A-411F98D5A08E@mailborder.com> <6EE47AF64C339A4F8F7F50507241B3795EF1F118@BTN-EXCHANGE-V1.fastnet.local> Message-ID: Richard, You can use the tarball for FreeBSD now from the MailScanner website. I tested in on FBSD 10. It installs into /opt/MailScanner though. - Jerry Benton www.mailborder.com > On Apr 15, 2015, at 10:49 AM, Richard Mealing wrote: > > Thanks Jerry. I look forward to seeing that in the ports tree. I’ll manually update it for now, as I have a few servers to upgrade! > > Thanks again for all your hard work. > > Rich > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton > Sent: 15 April 2015 15:36 > To: MailScanner Discussion > Subject: Re: deprecated code > > Yes. I updated ALL of the code. That item an a few others. > > - > Jerry Benton > www.mailborder.com > > > > On Apr 15, 2015, at 9:43 AM, Richard Mealing > wrote: > > Hi, > > I’m getting the following when using perl5-5.18.4_13 - > > /usr/local/etc/rc.d/mailscanner restart > Stopping mailscanner. > Waiting for PIDS: 758. > Starting mailscanner. > Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/CustomConfig.pm line 749. > Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/GenericSpam.pm line 39. > Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/RBLs.pm line 39. > Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/MCP.pm line 40. > Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/SA.pm line 39. > Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/CustomConfig.pm line 749. > Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/GenericSpam.pm line 39. > Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/RBLs.pm line 39. > Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/MCP.pm line 40. > Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/SA.pm line 39. > > This is on FreeBSD 10.1-RELEASE-p9. > > I wondered if this had been fixed in the next release? I have the latest from the ports. > > Thanks, > Rich > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Thu Apr 16 19:45:42 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Thu, 16 Apr 2015 15:45:42 -0400 Subject: Executable vs Binary Message-ID: <5DEB4B7A-A19C-4336-B70F-71AE3ABD7F44@mailborder.com> Has anyone dealt with this? I can’t decide if I should mod the source or just change the configs: - Microsoft document comes through with some sort of dat file embedded. While MS see that dat file as text/plain, the character set is binary, so it nails it as an executable. - Allowing executables will allow the file. So, there’s the rub. Under the current code we have to allow executables for these “newer” types of Microsoft documents to get through. This isn’t restricted to just Microsoft. There are several other file formats that make MailScanner fire on this. Ideas? - Jerry Benton www.mailborder.com From kevin.miller at juneau.org Thu Apr 16 20:08:48 2015 From: kevin.miller at juneau.org (Kevin Miller) Date: Thu, 16 Apr 2015 20:08:48 +0000 Subject: Executable vs Binary In-Reply-To: <5DEB4B7A-A19C-4336-B70F-71AE3ABD7F44@mailborder.com> References: <5DEB4B7A-A19C-4336-B70F-71AE3ABD7F44@mailborder.com> Message-ID: <1c0e807f71e94ae8a35435aa5c7a7585@City-Exch-DB2.cbj.local> I was fighting that a while back. Actually, I still am. See the "filename/filetype not working properly" thread in the archives. Long story short, one person said that a newer version of /usr/bin/file fixed the issue. I haven't verified that yet. ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357 > -----Original Message----- > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On > Behalf Of Jerry Benton > Sent: Thursday, April 16, 2015 11:46 AM > To: MailScanner Discussion > Subject: Executable vs Binary > > Has anyone dealt with this? I can’t decide if I should mod the source or > just change the configs: > > - Microsoft document comes through with some sort of dat file embedded. > While MS see that dat file as text/plain, the character set is binary, > so it nails it as an executable. > - Allowing executables will allow the file. > > So, there’s the rub. Under the current code we have to allow executables > for these “newer” types of Microsoft documents to get through. This > isn’t restricted to just Microsoft. There are several other file formats > that make MailScanner fire on this. > > > Ideas? > > - > Jerry Benton > www.mailborder.com > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner From jerry.benton at mailborder.com Thu Apr 16 20:13:31 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Thu, 16 Apr 2015 16:13:31 -0400 Subject: Executable vs Binary In-Reply-To: <1c0e807f71e94ae8a35435aa5c7a7585@City-Exch-DB2.cbj.local> References: <5DEB4B7A-A19C-4336-B70F-71AE3ABD7F44@mailborder.com> <1c0e807f71e94ae8a35435aa5c7a7585@City-Exch-DB2.cbj.local> Message-ID: It hasn’t. - Jerry Benton www.mailborder.com > On Apr 16, 2015, at 4:08 PM, Kevin Miller wrote: > > I was fighting that a while back. Actually, I still am. See the "filename/filetype not working properly" thread in the archives. Long story short, one person said that a newer version of /usr/bin/file fixed the issue. I haven't verified that yet. > > ...Kevin > -- > Kevin Miller > Network/email Administrator, CBJ MIS Dept. > 155 South Seward Street > Juneau, Alaska 99801 > Phone: (907) 586-0242, Fax: (907) 586-4500 > Registered Linux User No: 307357 > > >> -----Original Message----- >> From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On >> Behalf Of Jerry Benton >> Sent: Thursday, April 16, 2015 11:46 AM >> To: MailScanner Discussion >> Subject: Executable vs Binary >> >> Has anyone dealt with this? I can’t decide if I should mod the source or >> just change the configs: >> >> - Microsoft document comes through with some sort of dat file embedded. >> While MS see that dat file as text/plain, the character set is binary, >> so it nails it as an executable. >> - Allowing executables will allow the file. >> >> So, there’s the rub. Under the current code we have to allow executables >> for these “newer” types of Microsoft documents to get through. This >> isn’t restricted to just Microsoft. There are several other file formats >> that make MailScanner fire on this. >> >> >> Ideas? >> >> - >> Jerry Benton >> www.mailborder.com >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From astephens at ptera.com Thu Apr 16 21:03:05 2015 From: astephens at ptera.com (Art Stephens) Date: Thu, 16 Apr 2015 14:03:05 -0700 Subject: Problem messages Message-ID: I keep getting these emails from MailScanner Archive: Number of messages: 1 Tries Message Last Tried ===== ======= ========== 6 DBCA82040EB.A9AA7 Thu Apr 16 09:45:57 2015 I have followed instructions on how to remove these but they keep occurring every time we receive an email addressed to a non existent user. Log entries Apr 16 09:24:19 retail MailScanner[17702]: Making attempt 2 at processing message DBCA82040EB.A9AA7 Apr 16 09:24:23 retail MailScanner[17702]: SpamAssassin cache hit for message DBCA82040EB.A9AA7 Apr 16 09:28:10 retail MailScanner[18268]: Making attempt 3 at processing message DBCA82040EB.A9AA7 Apr 16 09:28:14 retail MailScanner[18268]: SpamAssassin cache hit for message DBCA82040EB.A9AA7 Apr 16 09:32:25 retail MailScanner[18318]: Making attempt 4 at processing message DBCA82040EB.A9AA7 Apr 16 09:32:29 retail MailScanner[18318]: SpamAssassin cache hit for message DBCA82040EB.A9AA7 Apr 16 09:37:12 retail MailScanner[17699]: Making attempt 5 at processing message DBCA82040EB.A9AA7 Apr 16 09:37:16 retail MailScanner[17699]: SpamAssassin cache hit for message DBCA82040EB.A9AA7 Apr 16 09:40:33 retail MailScanner[18427]: Making attempt 6 at processing message DBCA82040EB.A9AA7 Apr 16 09:40:36 retail MailScanner[18427]: SpamAssassin cache hit for message DBCA82040EB.A9AA7 Apr 16 09:40:36 retail MailScanner[18217]: Warning: skipping message DBCA82040EB.A9AA7 as it has been attempted too many times Apr 16 09:40:36 retail MailScanner[18217]: Quarantined message DBCA82040EB.A9AA7 as it caused MailScanner to crash several times Apr 16 09:40:36 retail MailScanner[18217]: Saved entire message to /var/spool/MailScanner/quarantine/20150416/DBCA82040EB.A9AA7 Running on Linux retail.ptera.net 2.6.33.6-147.fc13.x86_64 #1 SMP Tue Jul 6 22:32:17 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux This is Fedora release 13 (Goddard) This is Perl version 5.010001 (5.10.1) This is MailScanner version 4.84.6 Any fix? Response from Forum... Make sure you have tnef installed. Then check your tnef settings. Also make sure your directory permissions and the user to run as are set correctly. If you need more help, please use the mailing list. OK Thanks Expand TNEF = yes Use TNEF Contents = replace Deliver Unparsable TNEF = no #TNEF Expander = internal TNEF Expander = /usr/bin/tnef --maxsize=100000000 TNEF Timeout = 120 perl-Convert-TNEF 0.17-11.fc13 tnef 1.4.5-1 And I get this emal sent to me: The original message was received at Thu, 16 Apr 2015 12:48:49 -0700 from postfix at localhost with id t3GJmn2a020753 ----- The following addresses had permanent fatal errors ----- 160-92248047-23-f.trowridge=guitarfranks.com at mail.mybusinesshomes.com (reason: 554 5.7.1 <160-92248047-23-f.trowridge= guitarfranks.com at mail.mybusinesshomes.com>: Relay access denied) (expanded from: 160-92248047-23-f.trowridge= guitarfranks.com at mail.mybusinesshomes.com) ----- Transcript of session follows ----- ... while talking to [127.0.0.1]: >>> DATA <<< 554 5.7.1 <160-92248047-23-f.trowridge= guitarfranks.com at mail.mybusinesshomes.com>: Relay access denied 554 5.0.0 Service unavailable <<< 554 5.5.1 Error: no valid recipients Final-Recipient: RFC822; 160-92248047-23-f.trowridge= guitarfranks.com at mail.mybusinesshomes.com Action: failed Status: 5.7.1 Remote-MTA: DNS; [127.0.0.1] Diagnostic-Code: SMTP; 554 5.7.1 <160-92248047-23-f.trowridge= guitarfranks.com at mail.mybusinesshomes.com>: Relay access denied Last-Attempt-Date: Thu, 16 Apr 2015 12:48:49 -0700 ---------- Forwarded message ---------- From: MailScanner To: 160-92248047-23-f.trowridge=guitarfranks.com at mail.mybusinesshomes.com Cc: Date: Thu, 16 Apr 2015 12:48:49 -0700 Subject: Warning: E-mail error detected Our virus detector failed to completely analyse a message you sent:- To: f.trowridge at guitarfranks.com Subject: New Mortgage Lows Date: Thu Apr 16 12:48:49 2015 Any parts of the message that could not be analysed will not have been delivered. If you are using Microsoft Outlook, we strongly recommend you change your outgoing message format from "Rich Text" to "HTML" or "Plain Text". 1) Click on the "Tools" menu and choose "Options..." 2) Go to the "Mail Format" tab 3) For message format, select "HTML" or "Plain text" 4) Click OK The virus detector said this about the message: Report: Report: MailScanner: Message attempted to kill MailScanner -- MailScanner Email Virus Scanner Ptera Wireless Internet Inc. www.ptera.net For all your IT requirements visit: http://www.transtec.co.uk Totally stumped on how to proceed to fix this.... -- Arthur Stephens Senior Networking Technician Ptera Inc. PO Box 135 24001 E Mission Suite 50 Liberty Lake, WA 99019 509-927-7837 ptera.com facebook.com/PteraInc | twitter.com/Ptera ----------------------------------------------------------------------------- "This message may contain confidential and/or propriety information, and is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company." -------------- next part -------------- An HTML attachment was scrubbed... URL: From jeremy at fluxlabs.net Fri Apr 17 02:36:50 2015 From: jeremy at fluxlabs.net (Jeremy McSpadden) Date: Fri, 17 Apr 2015 02:36:50 +0000 Subject: Problem messages In-Reply-To: References: Message-ID: <0E618F75-707B-4B0F-BC49-8287021E9915@fluxlabs.net> Why are you accepting messages to a non-existent user ? -- Jeremy McSpadden Flux Labs, Inc | http://www.fluxlabs.net | Endless Solutions Office : 850-250-5590 x 501 | Cell : 850-890-2543 | Fax : 850-254-2955 On Apr 16, 2015, at 4:03 PM, Art Stephens > wrote: I have followed instructions on how to remove these but they keep occurring every time we receive an email addressed to a non existent user. -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Fri Apr 17 14:55:54 2015 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Fri, 17 Apr 2015 10:55:54 -0400 Subject: Executable vs Binary In-Reply-To: <5DEB4B7A-A19C-4336-B70F-71AE3ABD7F44@mailborder.com> References: <5DEB4B7A-A19C-4336-B70F-71AE3ABD7F44@mailborder.com> Message-ID: Jerry, I will study this and see if I can assist. Do you have a sample document with this .dat embedded? On Thu, Apr 16, 2015 at 3:45 PM, Jerry Benton wrote: > Has anyone dealt with this? I can’t decide if I should mod the source or > just change the configs: > > - Microsoft document comes through with some sort of dat file embedded. > While MS see that dat file as text/plain, the character set is binary, so > it nails it as an executable. > - Allowing executables will allow the file. > > So, there’s the rub. Under the current code we have to allow executables > for these “newer” types of Microsoft documents to get through. This isn’t > restricted to just Microsoft. There are several other file formats that > make MailScanner fire on this. > > > Ideas? > > - > Jerry Benton > www.mailborder.com > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Fri Apr 17 15:07:03 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Fri, 17 Apr 2015 11:07:03 -0400 Subject: Executable vs Binary In-Reply-To: References: <5DEB4B7A-A19C-4336-B70F-71AE3ABD7F44@mailborder.com> Message-ID: <7B0AD7DA-8637-44FA-8A4C-89719EFA8D30@mailborder.com> Yep. Attached. - Jerry Benton www.mailborder.com > On Apr 17, 2015, at 10:55 AM, Shawn Iverson wrote: > > Jerry, > > I will study this and see if I can assist. > > Do you have a sample document with this .dat embedded? > > On Thu, Apr 16, 2015 at 3:45 PM, Jerry Benton > wrote: > Has anyone dealt with this? I can’t decide if I should mod the source or just change the configs: > > - Microsoft document comes through with some sort of dat file embedded. While MS see that dat file as text/plain, the character set is binary, so it nails it as an executable. > - Allowing executables will allow the file. > > So, there’s the rub. Under the current code we have to allow executables for these “newer” types of Microsoft documents to get through. This isn’t restricted to just Microsoft. There are several other file formats that make MailScanner fire on this. > > > Ideas? > > - > Jerry Benton > www.mailborder.com > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > Shawn Iverson > Director of Technology > Rush County Schools > 765-932-3901 x271 > iversons at rushville.k12.in.us > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Huisregels sporthal flyer A5.docx Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document Size: 186795 bytes Desc: not available URL: -------------- next part -------------- An HTML attachment was scrubbed... URL: From astephens at ptera.com Fri Apr 17 16:44:16 2015 From: astephens at ptera.com (Art Stephens) Date: Fri, 17 Apr 2015 09:44:16 -0700 Subject: Problem messages In-Reply-To: <0E618F75-707B-4B0F-BC49-8287021E9915@fluxlabs.net> References: <0E618F75-707B-4B0F-BC49-8287021E9915@fluxlabs.net> Message-ID: OK well that answer did not help me. I may be wrong but last I checked I can send emails to non-existing user accounts and it is the mail server that decides whether or not they exist and whether or not to put the email in their mail box. On Thu, Apr 16, 2015 at 7:36 PM, Jeremy McSpadden wrote: > Why are you accepting messages to a non-existent user ? > -- > Jeremy McSpadden > Flux Labs, Inc | http://www.fluxlabs.net | Endless Solutions > *Office* : 850-250-5590 x 501 | *Cell* : 850-890-2543 | *Fax* : > 850-254-2955 > > On Apr 16, 2015, at 4:03 PM, Art Stephens wrote: > > I have followed instructions on how to remove these but they keep > occurring every time we receive an email addressed to a non existent user. > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -- Arthur Stephens Senior Networking Technician Ptera Inc. PO Box 135 24001 E Mission Suite 50 Liberty Lake, WA 99019 509-927-7837 ptera.com facebook.com/PteraInc | twitter.com/Ptera ----------------------------------------------------------------------------- "This message may contain confidential and/or propriety information, and is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company." -------------- next part -------------- An HTML attachment was scrubbed... URL: From jeremy at fluxlabs.net Fri Apr 17 16:48:20 2015 From: jeremy at fluxlabs.net (Jeremy McSpadden) Date: Fri, 17 Apr 2015 16:48:20 +0000 Subject: Problem messages In-Reply-To: References: <0E618F75-707B-4B0F-BC49-8287021E9915@fluxlabs.net>, Message-ID: <9B8131EE-A7A1-488D-BEE2-778594090C5D@fluxlabs.net> Then your mail server should return the email via an NDR. Run mailscanner in debug mode and force a delivery. Usually a taint issue. -- Jeremy McSpadden | Flux Labs Local - 850-250-5590x501 | Mobile - 850-890-2543 Fax - 850-254-2955 | Toll Free - 877-699-FLUX Web - http://www.fluxlabs.net On Apr 17, 2015, at 11:44 AM, Art Stephens > wrote: OK well that answer did not help me. I may be wrong but last I checked I can send emails to non-existing user accounts and it is the mail server that decides whether or not they exist and whether or not to put the email in their mail box. On Thu, Apr 16, 2015 at 7:36 PM, Jeremy McSpadden > wrote: Why are you accepting messages to a non-existent user ? -- Jeremy McSpadden Flux Labs, Inc | http://www.fluxlabs.net | Endless Solutions Office : 850-250-5590 x 501 | Cell : 850-890-2543 | Fax : 850-254-2955 On Apr 16, 2015, at 4:03 PM, Art Stephens > wrote: I have followed instructions on how to remove these but they keep occurring every time we receive an email addressed to a non existent user. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- Arthur Stephens Senior Networking Technician Ptera Inc. PO Box 135 24001 E Mission Suite 50 Liberty Lake, WA 99019 509-927-7837 ptera.com facebook.com/PteraInc | twitter.com/Ptera ----------------------------------------------------------------------------- "This message may contain confidential and/or propriety information, and is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company." -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Fri Apr 17 16:49:02 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Fri, 17 Apr 2015 12:49:02 -0400 Subject: Problem messages In-Reply-To: References: <0E618F75-707B-4B0F-BC49-8287021E9915@fluxlabs.net> Message-ID: Art, Are these mailer daemon emails? (Backscatter) They look like one of the following: - Regular emails with permission problems - TNEF errors causing MS to crash - Jerry Benton www.mailborder.com > On Apr 17, 2015, at 12:44 PM, Art Stephens wrote: > > OK well that answer did not help me. > > I may be wrong but last I checked I can send emails to non-existing user accounts and it is the mail server that decides whether or not they exist and whether or not to put the email in their mail box. > > On Thu, Apr 16, 2015 at 7:36 PM, Jeremy McSpadden > wrote: > Why are you accepting messages to a non-existent user ? > -- > Jeremy McSpadden > Flux Labs, Inc | http://www.fluxlabs.net | Endless Solutions > Office : 850-250-5590 x 501 | Cell : 850-890-2543 | Fax : 850-254-2955 >> On Apr 16, 2015, at 4:03 PM, Art Stephens > wrote: >> >> I have followed instructions on how to remove these but they keep occurring every time we receive an email addressed to a non existent user. > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > -- > Arthur Stephens > Senior Networking Technician > Ptera Inc. > PO Box 135 > 24001 E Mission Suite 50 > Liberty Lake, WA 99019 > 509-927-7837 > ptera.com > facebook.com/PteraInc | twitter.com/Ptera ----------------------------------------------------------------------------- > "This message may contain confidential and/or propriety information, and is intended for the person/entity to whom it was originally addressed. > Any use by others is strictly prohibited. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company." > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Fri Apr 17 16:49:56 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Fri, 17 Apr 2015 12:49:56 -0400 Subject: Problem messages In-Reply-To: References: <0E618F75-707B-4B0F-BC49-8287021E9915@fluxlabs.net> Message-ID: Oh .. and have you tried? MailScanner —lint - Jerry Benton www.mailborder.com > On Apr 17, 2015, at 12:49 PM, Jerry Benton wrote: > > Art, > > Are these mailer daemon emails? (Backscatter) They look like one of the following: > > - Regular emails with permission problems > - TNEF errors causing MS to crash > > - > Jerry Benton > www.mailborder.com > > > >> On Apr 17, 2015, at 12:44 PM, Art Stephens > wrote: >> >> OK well that answer did not help me. >> >> I may be wrong but last I checked I can send emails to non-existing user accounts and it is the mail server that decides whether or not they exist and whether or not to put the email in their mail box. >> >> On Thu, Apr 16, 2015 at 7:36 PM, Jeremy McSpadden > wrote: >> Why are you accepting messages to a non-existent user ? >> -- >> Jeremy McSpadden >> Flux Labs, Inc | http://www.fluxlabs.net | Endless Solutions >> Office : 850-250-5590 x 501 | Cell : 850-890-2543 | Fax : 850-254-2955 >>> On Apr 16, 2015, at 4:03 PM, Art Stephens > wrote: >>> >>> I have followed instructions on how to remove these but they keep occurring every time we receive an email addressed to a non existent user. >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> >> >> >> >> >> -- >> Arthur Stephens >> Senior Networking Technician >> Ptera Inc. >> PO Box 135 >> 24001 E Mission Suite 50 >> Liberty Lake, WA 99019 >> 509-927-7837 >> ptera.com >> facebook.com/PteraInc | twitter.com/Ptera ----------------------------------------------------------------------------- >> "This message may contain confidential and/or propriety information, and is intended for the person/entity to whom it was originally addressed. >> Any use by others is strictly prohibited. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company." >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From astephens at ptera.com Fri Apr 17 17:21:50 2015 From: astephens at ptera.com (Art Stephens) Date: Fri, 17 Apr 2015 10:21:50 -0700 Subject: Problem messages In-Reply-To: <9B8131EE-A7A1-488D-BEE2-778594090C5D@fluxlabs.net> References: <0E618F75-707B-4B0F-BC49-8287021E9915@fluxlabs.net> <9B8131EE-A7A1-488D-BEE2-778594090C5D@fluxlabs.net> Message-ID: Ok I know how to run it in debug mode. How do you force a delivery? On Fri, Apr 17, 2015 at 9:48 AM, Jeremy McSpadden wrote: > Then your mail server should return the email via an NDR. > > Run mailscanner in debug mode and force a delivery. Usually a taint > issue. > > > -- > Jeremy McSpadden | Flux Labs > Local - 850-250-5590x501 <850-250-5590;501> | Mobile - 850-890-2543 > Fax - 850-254-2955 | Toll Free - 877-699-FLUX > Web - http://www.fluxlabs.net > > > On Apr 17, 2015, at 11:44 AM, Art Stephens wrote: > > OK well that answer did not help me. > > I may be wrong but last I checked I can send emails to non-existing user > accounts and it is the mail server that decides whether or not they exist > and whether or not to put the email in their mail box. > > On Thu, Apr 16, 2015 at 7:36 PM, Jeremy McSpadden > wrote: > >> Why are you accepting messages to a non-existent user ? >> -- >> Jeremy McSpadden >> Flux Labs, Inc | http://www.fluxlabs.net | Endless Solutions >> *Office* : 850-250-5590 x 501 | *Cell* : 850-890-2543 | *Fax* : >> 850-254-2955 >> >> On Apr 16, 2015, at 4:03 PM, Art Stephens wrote: >> >> I have followed instructions on how to remove these but they keep >> occurring every time we receive an email addressed to a non existent user. >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> >> >> > > > -- > Arthur Stephens > Senior Networking Technician > Ptera Inc. > PO Box 135 > 24001 E Mission Suite 50 > Liberty Lake, WA 99019 > 509-927-7837 > ptera.com > facebook.com/PteraInc | twitter.com/Ptera > > ----------------------------------------------------------------------------- > "This message may contain confidential and/or propriety information, and > is intended for the person/entity to whom it was originally addressed. > Any use by others is strictly prohibited. Please note that any views or > opinions presented in this email are solely those of the author and are not > intended to represent those of the company." > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -- Arthur Stephens Senior Networking Technician Ptera Inc. PO Box 135 24001 E Mission Suite 50 Liberty Lake, WA 99019 509-927-7837 ptera.com facebook.com/PteraInc | twitter.com/Ptera ----------------------------------------------------------------------------- "This message may contain confidential and/or propriety information, and is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company." -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Fri Apr 17 17:23:18 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Fri, 17 Apr 2015 13:23:18 -0400 Subject: Problem messages In-Reply-To: References: <0E618F75-707B-4B0F-BC49-8287021E9915@fluxlabs.net> <9B8131EE-A7A1-488D-BEE2-778594090C5D@fluxlabs.net> Message-ID: <61E6D0C6-E81A-4DC6-B22F-BF199AA3C6E1@mailborder.com> Looks like you are using Postfix: postsuper -r ALL - Jerry Benton www.mailborder.com > On Apr 17, 2015, at 1:21 PM, Art Stephens wrote: > > Ok I know how to run it in debug mode. How do you force a delivery? > > On Fri, Apr 17, 2015 at 9:48 AM, Jeremy McSpadden > wrote: > Then your mail server should return the email via an NDR. > > Run mailscanner in debug mode and force a delivery. Usually a taint issue. > > > -- > Jeremy McSpadden | Flux Labs > Local - 850-250-5590x501 | Mobile - 850-890-2543 > Fax - 850-254-2955 | Toll Free - 877-699-FLUX > Web - http://www.fluxlabs.net > > > On Apr 17, 2015, at 11:44 AM, Art Stephens > wrote: > >> OK well that answer did not help me. >> >> I may be wrong but last I checked I can send emails to non-existing user accounts and it is the mail server that decides whether or not they exist and whether or not to put the email in their mail box. >> >> On Thu, Apr 16, 2015 at 7:36 PM, Jeremy McSpadden > wrote: >> Why are you accepting messages to a non-existent user ? >> -- >> Jeremy McSpadden >> Flux Labs, Inc | http://www.fluxlabs.net | Endless Solutions >> Office : 850-250-5590 x 501 | Cell : 850-890-2543 | Fax : 850-254-2955 >>> On Apr 16, 2015, at 4:03 PM, Art Stephens > wrote: >>> >>> I have followed instructions on how to remove these but they keep occurring every time we receive an email addressed to a non existent user. >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> >> >> >> >> >> -- >> Arthur Stephens >> Senior Networking Technician >> Ptera Inc. >> PO Box 135 >> 24001 E Mission Suite 50 >> Liberty Lake, WA 99019 >> 509-927-7837 >> ptera.com >> facebook.com/PteraInc | twitter.com/Ptera ----------------------------------------------------------------------------- >> "This message may contain confidential and/or propriety information, and is intended for the person/entity to whom it was originally addressed. >> Any use by others is strictly prohibited. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company." >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > -- > Arthur Stephens > Senior Networking Technician > Ptera Inc. > PO Box 135 > 24001 E Mission Suite 50 > Liberty Lake, WA 99019 > 509-927-7837 > ptera.com > facebook.com/PteraInc | twitter.com/Ptera ----------------------------------------------------------------------------- > "This message may contain confidential and/or propriety information, and is intended for the person/entity to whom it was originally addressed. > Any use by others is strictly prohibited. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company." > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From astephens at ptera.com Fri Apr 17 17:28:55 2015 From: astephens at ptera.com (Art Stephens) Date: Fri, 17 Apr 2015 10:28:55 -0700 Subject: Problem messages In-Reply-To: References: <0E618F75-707B-4B0F-BC49-8287021E9915@fluxlabs.net> Message-ID: Here is the email stored in quarantine... X-Greylist: delayed 1201 by SQLgrey-1.7.6 Received: from tare.mybusinesshomes.com (tare.mybusinesshomes.com [104.144.53.49]) by retail.ptera.net (Postfix) with ESMTP id 28BAE2040EB for ; Thu, 16 Apr 2015 12:27:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d= mybusinesshomes.com; h=Mime-Version:Content-Type:Date:From:Reply-To:Subject:To:Message-ID; i= daniel at mybusinesshomes.com; bh=/am6s325r80MQDk6xsWt9dEHqrg=; b=PMjZDO6+Zm6vJz788hTYMkK9EPIuDp3sXTPp1YYqNH0FmhTtkOX/SqH7emY8heUF654AUQnxveta x+2EdF5Wa82LJQ05cy2n4nqkUy81mf1Xm9YdVy2vOPET/WBxKNIDvuNyyWGS1YV0DwCA2ZiQ1LVA KmngKzRIXFarQNozFfw= DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1; d=mybusinesshomes.com ; b=SX+3xvmjQ4MTcOKjSbGwna3RXUaHdFjJmmgda2U6fQFFpDVW1sH46JR94WEqLWnRZ2yhPikkpeNK 43cHooE9YjdoCGb3SbD5l2v8HacY22xl4TTPnpQTusyHqHV3sKQJ4ySxbkJ+jMUmXjoq30BqRrB6 6vmwgCeFBW4t+Wh0oto=; Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="93f11594500d3e5668274acd930562807dac1e17" Date: Thu, 16 Apr 2015 15:52:57 -0400 From: "Harp Approvals" Reply-To: "Harp Approvals" Subject: New Mortgage Lows To: Message-ID: --93f11594500d3e5668274acd930562807dac1e17 Content-Type: text/plain; Content-Transfer-Encoding: 8bit Your email client does not support HTML, this email must be viewed in HTML mode. --93f11594500d3e5668274acd930562807dac1e17 Content-Type: text/html; Content-Transfer-Encoding: 8bit

 
If you cannot see the images below, click here.

If you would no longer like to receive communication from us, click here.

PO Box 483 - Woodstock GA, 30188
click here to unsubscribe --93f11594500d3e5668274acd930562807dac1e17-- Log file entry.. Apr 16 12:31:55 retail MailScanner[20404]: Making attempt 2 at processing message 28BAE2040EB.A5D2F Apr 16 12:31:59 retail MailScanner[20404]: SpamAssassin cache hit for message 28BAE2040EB.A5D2F Apr 16 12:37:23 retail MailScanner[20517]: Making attempt 3 at processing message 28BAE2040EB.A5D2F Apr 16 12:37:26 retail MailScanner[20517]: SpamAssassin cache hit for message 28BAE2040EB.A5D2F Apr 16 12:42:54 retail MailScanner[19879]: Making attempt 4 at processing message 28BAE2040EB.A5D2F Apr 16 12:42:57 retail MailScanner[19879]: SpamAssassin cache hit for message 28BAE2040EB.A5D2F Apr 16 12:46:19 retail MailScanner[19930]: Making attempt 5 at processing message 28BAE2040EB.A5D2F Apr 16 12:46:22 retail MailScanner[19930]: SpamAssassin cache hit for message 28BAE2040EB.A5D2F Apr 16 12:48:43 retail MailScanner[19663]: Making attempt 6 at processing message 28BAE2040EB.A5D2F Apr 16 12:48:47 retail MailScanner[19663]: SpamAssassin cache hit for message 28BAE2040EB.A5D2F Apr 16 12:48:49 retail MailScanner[18370]: Warning: skipping message 28BAE2040EB.A5D2F as it has been attempted too many times Apr 16 12:48:49 retail MailScanner[18370]: Quarantined message 28BAE2040EB.A5D2F as it caused MailScanner to crash several times Apr 16 12:48:49 retail MailScanner[18370]: Saved entire message to /var/spool/MailScanner/quarantine/20150416/28BAE2040EB.A5D2F Here is the email sent to me... The original message was received at Thu, 16 Apr 2015 12:48:49 -0700 from postfix at localhost with id t3GJmn2a020753 ----- The following addresses had permanent fatal errors ----- 160-92248047-23-f.trowridge=guitarfranks.com at mail.mybusinesshomes.com (reason: 554 5.7.1 <160-92248047-23-f.trowridge= guitarfranks.com at mail.mybusinesshomes.com>: Relay access denied) (expanded from: 160-92248047-23-f.trowridge= guitarfranks.com at mail.mybusinesshomes.com) ----- Transcript of session follows ----- ... while talking to [127.0.0.1]: >>> DATA <<< 554 5.7.1 <160-92248047-23-f.trowridge= guitarfranks.com at mail.mybusinesshomes.com>: Relay access denied 554 5.0.0 Service unavailable <<< 554 5.5.1 Error: no valid recipients Final-Recipient: RFC822; 160-92248047-23-f.trowridge= guitarfranks.com at mail.mybusinesshomes.com Action: failed Status: 5.7.1 Remote-MTA: DNS; [127.0.0.1] Diagnostic-Code: SMTP; 554 5.7.1 <160-92248047-23-f.trowridge= guitarfranks.com at mail.mybusinesshomes.com>: Relay access denied Last-Attempt-Date: Thu, 16 Apr 2015 12:48:49 -0700 ---------- Forwarded message ---------- From: MailScanner To: 160-92248047-23-f.trowridge=guitarfranks.com at mail.mybusinesshomes.com Cc: Date: Thu, 16 Apr 2015 12:48:49 -0700 Subject: Warning: E-mail error detected Our virus detector failed to completely analyse a message you sent:- To: f.trowridge at guitarfranks.com Subject: New Mortgage Lows Date: Thu Apr 16 12:48:49 2015 Any parts of the message that could not be analysed will not have been delivered. If you are using Microsoft Outlook, we strongly recommend you change your outgoing message format from "Rich Text" to "HTML" or "Plain Text". 1) Click on the "Tools" menu and choose "Options..." 2) Go to the "Mail Format" tab 3) For message format, select "HTML" or "Plain text" 4) Click OK The virus detector said this about the message: Report: Report: MailScanner: Message attempted to kill MailScanner -- MailScanner Email Virus Scanner Ptera Wireless Internet Inc. www.ptera.net For all your IT requirements visit: http://www.transtec.co.uk On Fri, Apr 17, 2015 at 9:49 AM, Jerry Benton wrote: > Art, > > Are these mailer daemon emails? (Backscatter) They look like one of the > following: > > - Regular emails with permission problems > - TNEF errors causing MS to crash > > - > Jerry Benton > www.mailborder.com > > > > On Apr 17, 2015, at 12:44 PM, Art Stephens wrote: > > OK well that answer did not help me. > > I may be wrong but last I checked I can send emails to non-existing user > accounts and it is the mail server that decides whether or not they exist > and whether or not to put the email in their mail box. > > On Thu, Apr 16, 2015 at 7:36 PM, Jeremy McSpadden > wrote: > >> Why are you accepting messages to a non-existent user ? >> -- >> Jeremy McSpadden >> Flux Labs, Inc | http://www.fluxlabs.net | Endless Solutions >> *Office* : 850-250-5590 x 501 | *Cell* : 850-890-2543 | *Fax* : >> 850-254-2955 >> >> On Apr 16, 2015, at 4:03 PM, Art Stephens wrote: >> >> I have followed instructions on how to remove these but they keep >> occurring every time we receive an email addressed to a non existent user. >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> >> >> > > > -- > Arthur Stephens > Senior Networking Technician > Ptera Inc. > PO Box 135 > 24001 E Mission Suite 50 > Liberty Lake, WA 99019 > 509-927-7837 > ptera.com > facebook.com/PteraInc | twitter.com/Ptera > > ----------------------------------------------------------------------------- > "This message may contain confidential and/or propriety information, and > is intended for the person/entity to whom it was originally addressed. > Any use by others is strictly prohibited. Please note that any views or > opinions presented in this email are solely those of the author and are not > intended to represent those of the company." > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -- Arthur Stephens Senior Networking Technician Ptera Inc. PO Box 135 24001 E Mission Suite 50 Liberty Lake, WA 99019 509-927-7837 ptera.com facebook.com/PteraInc | twitter.com/Ptera ----------------------------------------------------------------------------- "This message may contain confidential and/or propriety information, and is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company." -------------- next part -------------- An HTML attachment was scrubbed... URL: From astephens at ptera.com Fri Apr 17 17:29:49 2015 From: astephens at ptera.com (Art Stephens) Date: Fri, 17 Apr 2015 10:29:49 -0700 Subject: Problem messages In-Reply-To: References: <0E618F75-707B-4B0F-BC49-8287021E9915@fluxlabs.net> Message-ID: Nope not sure what that is On Fri, Apr 17, 2015 at 9:49 AM, Jerry Benton wrote: > Oh .. and have you tried? > > MailScanner —lint > > > - > Jerry Benton > www.mailborder.com > > > > On Apr 17, 2015, at 12:49 PM, Jerry Benton > wrote: > > Art, > > Are these mailer daemon emails? (Backscatter) They look like one of the > following: > > - Regular emails with permission problems > - TNEF errors causing MS to crash > > - > Jerry Benton > www.mailborder.com > > > > On Apr 17, 2015, at 12:44 PM, Art Stephens wrote: > > OK well that answer did not help me. > > I may be wrong but last I checked I can send emails to non-existing user > accounts and it is the mail server that decides whether or not they exist > and whether or not to put the email in their mail box. > > On Thu, Apr 16, 2015 at 7:36 PM, Jeremy McSpadden > wrote: > >> Why are you accepting messages to a non-existent user ? >> -- >> Jeremy McSpadden >> Flux Labs, Inc | http://www.fluxlabs.net | Endless Solutions >> *Office* : 850-250-5590 x 501 | *Cell* : 850-890-2543 | *Fax* : >> 850-254-2955 >> >> On Apr 16, 2015, at 4:03 PM, Art Stephens wrote: >> >> I have followed instructions on how to remove these but they keep >> occurring every time we receive an email addressed to a non existent user. >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> >> >> > > > -- > Arthur Stephens > Senior Networking Technician > Ptera Inc. > PO Box 135 > 24001 E Mission Suite 50 > Liberty Lake, WA 99019 > 509-927-7837 > ptera.com > facebook.com/PteraInc | twitter.com/Ptera > > ----------------------------------------------------------------------------- > "This message may contain confidential and/or propriety information, and > is intended for the person/entity to whom it was originally addressed. > Any use by others is strictly prohibited. Please note that any views or > opinions presented in this email are solely those of the author and are not > intended to represent those of the company." > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -- Arthur Stephens Senior Networking Technician Ptera Inc. PO Box 135 24001 E Mission Suite 50 Liberty Lake, WA 99019 509-927-7837 ptera.com facebook.com/PteraInc | twitter.com/Ptera ----------------------------------------------------------------------------- "This message may contain confidential and/or propriety information, and is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company." -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Fri Apr 17 17:50:13 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Fri, 17 Apr 2015 13:50:13 -0400 Subject: Problem messages In-Reply-To: References: <0E618F75-707B-4B0F-BC49-8287021E9915@fluxlabs.net> Message-ID: Art, You are having TNEF issues. These items have been fixed in the latest version, which is here: https://www.mailscanner.info/downloads/ Please note that most people here are not going to be in a hurry to support Fedora. I would highly suggest that you use a stable OS designed to be used for servers such as: - RHEL - CentOS - Debian - Ubuntu LTS server - FreeBSD You can also use other OS’s like Gentoo, but your community support is going to be hard to come by. The first 4 items on that list are the most common, stable, and easy to get support for. If you setup a new server the current installation scripts they will do everything for you except configure MailScanner. (Required packages, permissions, etc.) In short, you are currently running on a solution that is not optimal with an old version of MailScanner that is known to have these TNEF issues. You will save yourself a lot of hair pulling if you just start fresh. You can start here: https://www.mailscanner.info/install/ - Jerry Benton www.mailborder.com > On Apr 17, 2015, at 1:29 PM, Art Stephens wrote: > > Nope not sure what that is > > On Fri, Apr 17, 2015 at 9:49 AM, Jerry Benton > wrote: > Oh .. and have you tried? > > MailScanner —lint > > > - > Jerry Benton > www.mailborder.com > > > >> On Apr 17, 2015, at 12:49 PM, Jerry Benton > wrote: >> >> Art, >> >> Are these mailer daemon emails? (Backscatter) They look like one of the following: >> >> - Regular emails with permission problems >> - TNEF errors causing MS to crash >> >> - >> Jerry Benton >> www.mailborder.com >> >> >> >>> On Apr 17, 2015, at 12:44 PM, Art Stephens > wrote: >>> >>> OK well that answer did not help me. >>> >>> I may be wrong but last I checked I can send emails to non-existing user accounts and it is the mail server that decides whether or not they exist and whether or not to put the email in their mail box. >>> >>> On Thu, Apr 16, 2015 at 7:36 PM, Jeremy McSpadden > wrote: >>> Why are you accepting messages to a non-existent user ? >>> -- >>> Jeremy McSpadden >>> Flux Labs, Inc | http://www.fluxlabs.net | Endless Solutions >>> Office : 850-250-5590 x 501 | Cell : 850-890-2543 | Fax : 850-254-2955 >>>> On Apr 16, 2015, at 4:03 PM, Art Stephens > wrote: >>>> >>>> I have followed instructions on how to remove these but they keep occurring every time we receive an email addressed to a non existent user. >>> >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/listinfo/mailscanner >>> >>> >>> >>> >>> >>> -- >>> Arthur Stephens >>> Senior Networking Technician >>> Ptera Inc. >>> PO Box 135 >>> 24001 E Mission Suite 50 >>> Liberty Lake, WA 99019 >>> 509-927-7837 >>> ptera.com >>> facebook.com/PteraInc | twitter.com/Ptera ----------------------------------------------------------------------------- >>> "This message may contain confidential and/or propriety information, and is intended for the person/entity to whom it was originally addressed. >>> Any use by others is strictly prohibited. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company." >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/listinfo/mailscanner >>> >> > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > -- > Arthur Stephens > Senior Networking Technician > Ptera Inc. > PO Box 135 > 24001 E Mission Suite 50 > Liberty Lake, WA 99019 > 509-927-7837 > ptera.com > facebook.com/PteraInc | twitter.com/Ptera ----------------------------------------------------------------------------- > "This message may contain confidential and/or propriety information, and is intended for the person/entity to whom it was originally addressed. > Any use by others is strictly prohibited. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company." > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From astephens at ptera.com Fri Apr 17 17:50:45 2015 From: astephens at ptera.com (Art Stephens) Date: Fri, 17 Apr 2015 10:50:45 -0700 Subject: Problem messages In-Reply-To: <61E6D0C6-E81A-4DC6-B22F-BF199AA3C6E1@mailborder.com> References: <0E618F75-707B-4B0F-BC49-8287021E9915@fluxlabs.net> <9B8131EE-A7A1-488D-BEE2-778594090C5D@fluxlabs.net> <61E6D0C6-E81A-4DC6-B22F-BF199AA3C6E1@mailborder.com> Message-ID: Here is what I got.... [root at retail ~]# MailScanner -debug In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... and in another console... [root at retail ~]# service postfix start Starting postfix: [ OK ] [root at retail ~]# postsuper -r ALL [root at retail ~]# On Fri, Apr 17, 2015 at 10:23 AM, Jerry Benton wrote: > Looks like you are using Postfix: > > postsuper -r ALL > > - > Jerry Benton > www.mailborder.com > > > > On Apr 17, 2015, at 1:21 PM, Art Stephens wrote: > > Ok I know how to run it in debug mode. How do you force a delivery? > > On Fri, Apr 17, 2015 at 9:48 AM, Jeremy McSpadden > wrote: > >> Then your mail server should return the email via an NDR. >> >> Run mailscanner in debug mode and force a delivery. Usually a taint >> issue. >> >> >> -- >> Jeremy McSpadden | Flux Labs >> Local - 850-250-5590x501 <850-250-5590;501> | Mobile - 850-890-2543 >> Fax - 850-254-2955 | Toll Free - 877-699-FLUX >> Web - http://www.fluxlabs.net >> >> >> On Apr 17, 2015, at 11:44 AM, Art Stephens wrote: >> >> OK well that answer did not help me. >> >> I may be wrong but last I checked I can send emails to non-existing >> user accounts and it is the mail server that decides whether or not they >> exist and whether or not to put the email in their mail box. >> >> On Thu, Apr 16, 2015 at 7:36 PM, Jeremy McSpadden >> wrote: >> >>> Why are you accepting messages to a non-existent user ? >>> -- >>> Jeremy McSpadden >>> Flux Labs, Inc | http://www.fluxlabs.net | Endless Solutions >>> *Office* : 850-250-5590 x 501 | *Cell* : 850-890-2543 | *Fax* : >>> 850-254-2955 >>> >>> On Apr 16, 2015, at 4:03 PM, Art Stephens wrote: >>> >>> I have followed instructions on how to remove these but they keep >>> occurring every time we receive an email addressed to a non existent user. >>> >>> >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/listinfo/mailscanner >>> >>> >>> >> >> >> -- >> Arthur Stephens >> Senior Networking Technician >> Ptera Inc. >> PO Box 135 >> 24001 E Mission Suite 50 >> Liberty Lake, WA 99019 >> 509-927-7837 >> ptera.com >> facebook.com/PteraInc | twitter.com/Ptera >> >> ----------------------------------------------------------------------------- >> "This message may contain confidential and/or propriety information, and >> is intended for the person/entity to whom it was originally addressed. >> Any use by others is strictly prohibited. Please note that any views or >> opinions presented in this email are solely those of the author and are not >> intended to represent those of the company." >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> >> >> > > > -- > Arthur Stephens > Senior Networking Technician > Ptera Inc. > PO Box 135 > 24001 E Mission Suite 50 > Liberty Lake, WA 99019 > 509-927-7837 > ptera.com > facebook.com/PteraInc | twitter.com/Ptera > > ----------------------------------------------------------------------------- > "This message may contain confidential and/or propriety information, and > is intended for the person/entity to whom it was originally addressed. > Any use by others is strictly prohibited. Please note that any views or > opinions presented in this email are solely those of the author and are not > intended to represent those of the company." > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -- Arthur Stephens Senior Networking Technician Ptera Inc. PO Box 135 24001 E Mission Suite 50 Liberty Lake, WA 99019 509-927-7837 ptera.com facebook.com/PteraInc | twitter.com/Ptera ----------------------------------------------------------------------------- "This message may contain confidential and/or propriety information, and is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company." -------------- next part -------------- An HTML attachment was scrubbed... URL: From jeremy at fluxlabs.net Fri Apr 17 17:54:50 2015 From: jeremy at fluxlabs.net (Jeremy McSpadden) Date: Fri, 17 Apr 2015 17:54:50 +0000 Subject: Problem messages In-Reply-To: References: <0E618F75-707B-4B0F-BC49-8287021E9915@fluxlabs.net> <9B8131EE-A7A1-488D-BEE2-778594090C5D@fluxlabs.net> <61E6D0C6-E81A-4DC6-B22F-BF199AA3C6E1@mailborder.com>, Message-ID: <0648C770-6F28-4D0B-B8EE-DE3C8A810DEF@fluxlabs.net> You'll need to enable debug in the mailscanner.conf file first. -- Jeremy McSpadden | Flux Labs Local - 850-250-5590x501 | Mobile - 850-890-2543 Fax - 850-254-2955 | Toll Free - 877-699-FLUX Web - http://www.fluxlabs.net On Apr 17, 2015, at 12:50 PM, Art Stephens > wrote: Here is what I got.... [root at retail ~]# MailScanner -debug In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... and in another console... [root at retail ~]# service postfix start Starting postfix: [ OK ] [root at retail ~]# postsuper -r ALL [root at retail ~]# On Fri, Apr 17, 2015 at 10:23 AM, Jerry Benton > wrote: Looks like you are using Postfix: postsuper -r ALL - Jerry Benton www.mailborder.com On Apr 17, 2015, at 1:21 PM, Art Stephens > wrote: Ok I know how to run it in debug mode. How do you force a delivery? On Fri, Apr 17, 2015 at 9:48 AM, Jeremy McSpadden > wrote: Then your mail server should return the email via an NDR. Run mailscanner in debug mode and force a delivery. Usually a taint issue. -- Jeremy McSpadden | Flux Labs Local - 850-250-5590x501 | Mobile - 850-890-2543 Fax - 850-254-2955 | Toll Free - 877-699-FLUX Web - http://www.fluxlabs.net On Apr 17, 2015, at 11:44 AM, Art Stephens > wrote: OK well that answer did not help me. I may be wrong but last I checked I can send emails to non-existing user accounts and it is the mail server that decides whether or not they exist and whether or not to put the email in their mail box. On Thu, Apr 16, 2015 at 7:36 PM, Jeremy McSpadden > wrote: Why are you accepting messages to a non-existent user ? -- Jeremy McSpadden Flux Labs, Inc | http://www.fluxlabs.net | Endless Solutions Office : 850-250-5590 x 501 | Cell : 850-890-2543 | Fax : 850-254-2955 On Apr 16, 2015, at 4:03 PM, Art Stephens > wrote: I have followed instructions on how to remove these but they keep occurring every time we receive an email addressed to a non existent user. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- Arthur Stephens Senior Networking Technician Ptera Inc. PO Box 135 24001 E Mission Suite 50 Liberty Lake, WA 99019 509-927-7837 ptera.com facebook.com/PteraInc | twitter.com/Ptera ----------------------------------------------------------------------------- "This message may contain confidential and/or propriety information, and is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company." -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- Arthur Stephens Senior Networking Technician Ptera Inc. PO Box 135 24001 E Mission Suite 50 Liberty Lake, WA 99019 509-927-7837 ptera.com facebook.com/PteraInc | twitter.com/Ptera ----------------------------------------------------------------------------- "This message may contain confidential and/or propriety information, and is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company." -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- Arthur Stephens Senior Networking Technician Ptera Inc. PO Box 135 24001 E Mission Suite 50 Liberty Lake, WA 99019 509-927-7837 ptera.com facebook.com/PteraInc | twitter.com/Ptera ----------------------------------------------------------------------------- "This message may contain confidential and/or propriety information, and is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company." -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From J.Ede at birchenallhowden.co.uk Tue Apr 21 08:04:05 2015 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue, 21 Apr 2015 08:04:05 +0000 Subject: Taint issues on 4.85.2-1 In-Reply-To: <01D63DCE-2656-4F89-ABDF-C9B12FA1F8EA@mailborder.com> References: <01D63DCE-2656-4F89-ABDF-C9B12FA1F8EA@mailborder.com> Message-ID: Hi Jerry, Here is the top of the file # package IO::File; =head1 NAME IO::File - supply object methods for filehandles =head1 SYNOPSIS use IO::File; $fh = new IO::File; if ($fh->open("< file")) { print <$fh>; $fh->close; } $fh = new IO::File "> file"; if (defined $fh) { print $fh "bar\n"; $fh->close; } $fh = new IO::File "file", "r"; if (defined $fh) { print <$fh>; undef $fh; # automatically closes the file } $fh = new IO::File "file", O_WRONLY|O_APPEND; if (defined $fh) { print $fh "corge\n"; $pos = $fh->getpos; $fh->setpos($pos); undef $fh; # automatically closes the file } autoflush STDOUT 1; =head1 DESCRIPTION From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 13 April 2015 15:26 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 I believe this is a perl-IO-File thing and not a MailScanner thing. Can you send the head of that file? First 20 lines or so. - Jerry Benton www.mailborder.com On Apr 9, 2015, at 4:22 AM, Jason Ede > wrote: Installed this version on my development environment on Centos 6.6 and then run debug and I get a load of taint errors MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) pyzor: check failed: internal error, python traceback seen in response Building a message batch to scan... Have a batch of 10 messages. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Checked and /usr/sbin/MailScanner has the –U switch in it so it shouldn’t have this issue… Suggestions? Jason -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Tue Apr 21 08:05:56 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 21 Apr 2015 04:05:56 -0400 Subject: Taint issues on 4.85.2-1 In-Reply-To: References: <01D63DCE-2656-4F89-ABDF-C9B12FA1F8EA@mailborder.com> Message-ID: <1A832CF2-E6F4-404A-A02E-F5BE36123F7D@mailborder.com> Mmmmm … not going to do it. Can you send me /usr/lib64/perl5/IO/File.pm ? - Jerry Benton www.mailborder.com > On Apr 21, 2015, at 4:04 AM, Jason Ede wrote: > > Hi Jerry, > > Here is the top of the file > > # > > package IO::File; > > =head1 NAME > > IO::File - supply object methods for filehandles > > =head1 SYNOPSIS > > use IO::File; > > $fh = new IO::File; > if ($fh->open("< file")) { > print <$fh>; > $fh->close; > } > > $fh = new IO::File "> file"; > if (defined $fh) { > print $fh "bar\n"; > $fh->close; > } > > $fh = new IO::File "file", "r"; > if (defined $fh) { > print <$fh>; > undef $fh; # automatically closes the file > } > > $fh = new IO::File "file", O_WRONLY|O_APPEND; > if (defined $fh) { > print $fh "corge\n"; > > $pos = $fh->getpos; > $fh->setpos($pos); > > undef $fh; # automatically closes the file > } > > autoflush STDOUT 1; > > =head1 DESCRIPTION > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton > Sent: 13 April 2015 15:26 > To: MailScanner Discussion > Subject: Re: Taint issues on 4.85.2-1 > > I believe this is a perl-IO-File thing and not a MailScanner thing. Can you send the head of that file? First 20 lines or so. > > - > Jerry Benton > www.mailborder.com > > > > On Apr 9, 2015, at 4:22 AM, Jason Ede > wrote: > > > Installed this version on my development environment on Centos 6.6 and then run debug and I get a load of taint errors > > MailScanner --debug > > > In Debugging mode, not forking... > Trying to setlogsock(unix) > pyzor: check failed: internal error, python traceback seen in response > Building a message batch to scan... > Have a batch of 10 messages. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > > > Checked and /usr/sbin/MailScanner has the –U switch in it so it shouldn’t have this issue… Suggestions? > > Jason > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From J.Ede at birchenallhowden.co.uk Tue Apr 21 08:17:20 2015 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue, 21 Apr 2015 08:17:20 +0000 Subject: Taint issues on 4.85.2-1 In-Reply-To: <1A832CF2-E6F4-404A-A02E-F5BE36123F7D@mailborder.com> References: <01D63DCE-2656-4F89-ABDF-C9B12FA1F8EA@mailborder.com> <1A832CF2-E6F4-404A-A02E-F5BE36123F7D@mailborder.com> Message-ID: Emailed you the file directly. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 21 April 2015 09:06 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 Mmmmm … not going to do it. Can you send me /usr/lib64/perl5/IO/File.pm ? - Jerry Benton www.mailborder.com On Apr 21, 2015, at 4:04 AM, Jason Ede > wrote: Hi Jerry, Here is the top of the file # package IO::File; =head1 NAME IO::File - supply object methods for filehandles =head1 SYNOPSIS use IO::File; $fh = new IO::File; if ($fh->open("< file")) { print <$fh>; $fh->close; } $fh = new IO::File "> file"; if (defined $fh) { print $fh "bar\n"; $fh->close; } $fh = new IO::File "file", "r"; if (defined $fh) { print <$fh>; undef $fh; # automatically closes the file } $fh = new IO::File "file", O_WRONLY|O_APPEND; if (defined $fh) { print $fh "corge\n"; $pos = $fh->getpos; $fh->setpos($pos); undef $fh; # automatically closes the file } autoflush STDOUT 1; =head1 DESCRIPTION From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 13 April 2015 15:26 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 I believe this is a perl-IO-File thing and not a MailScanner thing. Can you send the head of that file? First 20 lines or so. - Jerry Benton www.mailborder.com On Apr 9, 2015, at 4:22 AM, Jason Ede > wrote: Installed this version on my development environment on Centos 6.6 and then run debug and I get a load of taint errors MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) pyzor: check failed: internal error, python traceback seen in response Building a message batch to scan... Have a batch of 10 messages. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Checked and /usr/sbin/MailScanner has the –U switch in it so it shouldn’t have this issue… Suggestions? Jason -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevin.miller at juneau.org Wed Apr 22 19:36:32 2015 From: kevin.miller at juneau.org (Kevin Miller) Date: Wed, 22 Apr 2015 19:36:32 +0000 Subject: Executable vs Binary In-Reply-To: References: <5DEB4B7A-A19C-4336-B70F-71AE3ABD7F44@mailborder.com> Message-ID: <0af0af178a1a4927a9f073d989e89ac6@City-Exch-DB2.cbj.local> Shawn – any progress on this? The message with the files that Jerry attached in his reply to you got blocked by my MailScanner gateway (I just noticed that today). Did you receive them? If not, you’ll have to get them via ftp or something. If you did receive them OK, have you had a chance to work on the issue? ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357 From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Shawn Iverson Sent: Friday, April 17, 2015 6:56 AM To: MailScanner Discussion Subject: Re: Executable vs Binary Jerry, I will study this and see if I can assist. Do you have a sample document with this .dat embedded? On Thu, Apr 16, 2015 at 3:45 PM, Jerry Benton > wrote: Has anyone dealt with this? I can’t decide if I should mod the source or just change the configs: - Microsoft document comes through with some sort of dat file embedded. While MS see that dat file as text/plain, the character set is binary, so it nails it as an executable. - Allowing executables will allow the file. So, there’s the rub. Under the current code we have to allow executables for these “newer” types of Microsoft documents to get through. This isn’t restricted to just Microsoft. There are several other file formats that make MailScanner fire on this. Ideas? - Jerry Benton www.mailborder.com -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Wed Apr 22 21:53:43 2015 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Wed, 22 Apr 2015 17:53:43 -0400 Subject: Executable vs Binary In-Reply-To: <0af0af178a1a4927a9f073d989e89ac6@City-Exch-DB2.cbj.local> References: <5DEB4B7A-A19C-4336-B70F-71AE3ABD7F44@mailborder.com> <0af0af178a1a4927a9f073d989e89ac6@City-Exch-DB2.cbj.local> Message-ID: Starting to make progress... I received the message and have the file :) Feedback to follow... On Wed, Apr 22, 2015 at 3:36 PM, Kevin Miller wrote: > Shawn – any progress on this? The message with the files that Jerry > attached in his reply to you got blocked by my MailScanner gateway (I just > noticed that today). Did you receive them? If not, you’ll have to get > them via ftp or something. If you did receive them OK, have you had a > chance to work on the issue? > > > > ...Kevin > -- > Kevin Miller > Network/email Administrator, CBJ MIS Dept. > 155 South Seward Street > Juneau, Alaska 99801 > Phone: (907) 586-0242, Fax: (907) 586-4500 > Registered Linux User No: 307357 > > > > *From:* MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] *On > Behalf Of *Shawn Iverson > *Sent:* Friday, April 17, 2015 6:56 AM > *To:* MailScanner Discussion > *Subject:* Re: Executable vs Binary > > > > Jerry, > > > > I will study this and see if I can assist. > > > > Do you have a sample document with this .dat embedded? > > > > On Thu, Apr 16, 2015 at 3:45 PM, Jerry Benton > wrote: > > Has anyone dealt with this? I can’t decide if I should mod the source or > just change the configs: > > - Microsoft document comes through with some sort of dat file embedded. > While MS see that dat file as text/plain, the character set is binary, so > it nails it as an executable. > - Allowing executables will allow the file. > > So, there’s the rub. Under the current code we have to allow executables > for these “newer” types of Microsoft documents to get through. This isn’t > restricted to just Microsoft. There are several other file formats that > make MailScanner fire on this. > > > Ideas? > > - > Jerry Benton > www.mailborder.com > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > -- > > Shawn Iverson > > Director of Technology > > Rush County Schools > > 765-932-3901 x271 > > iversons at rushville.k12.in.us > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Thu Apr 23 00:59:00 2015 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Wed, 22 Apr 2015 20:59:00 -0400 Subject: Executable vs Binary In-Reply-To: <5DEB4B7A-A19C-4336-B70F-71AE3ABD7F44@mailborder.com> References: <5DEB4B7A-A19C-4336-B70F-71AE3ABD7F44@mailborder.com> Message-ID: I am having trouble getting MS to fire off on the embedded .dat file in the provided .docx file. Using file version 5.11.... When I run file -i against it, I get the following 0000.dat: text/plain; charset=binary My archives.filetype.rules.conf has the following: deny executable No executables No programs allowed On Thu, Apr 16, 2015 at 3:45 PM, Jerry Benton wrote: > Has anyone dealt with this? I can’t decide if I should mod the source or > just change the configs: > > - Microsoft document comes through with some sort of dat file embedded. > While MS see that dat file as text/plain, the character set is binary, so > it nails it as an executable. > - Allowing executables will allow the file. > > So, there’s the rub. Under the current code we have to allow executables > for these “newer” types of Microsoft documents to get through. This isn’t > restricted to just Microsoft. There are several other file formats that > make MailScanner fire on this. > > > Ideas? > > - > Jerry Benton > www.mailborder.com > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Thu Apr 23 01:01:05 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Wed, 22 Apr 2015 21:01:05 -0400 Subject: Executable vs Binary In-Reply-To: References: <5DEB4B7A-A19C-4336-B70F-71AE3ABD7F44@mailborder.com> Message-ID: I get the same results when checking the MIME type. I think what is firing is the binary character set. - Jerry Benton www.mailborder.com > On Apr 22, 2015, at 8:59 PM, Shawn Iverson wrote: > > I am having trouble getting MS to fire off on the embedded .dat file in the provided .docx file. > > Using file version 5.11.... > > When I run file -i against it, I get the following > > 0000.dat: text/plain; charset=binary > > My archives.filetype.rules.conf has the following: > > deny executable No executables No programs allowed > > > > > > On Thu, Apr 16, 2015 at 3:45 PM, Jerry Benton > wrote: > Has anyone dealt with this? I can’t decide if I should mod the source or just change the configs: > > - Microsoft document comes through with some sort of dat file embedded. While MS see that dat file as text/plain, the character set is binary, so it nails it as an executable. > - Allowing executables will allow the file. > > So, there’s the rub. Under the current code we have to allow executables for these “newer” types of Microsoft documents to get through. This isn’t restricted to just Microsoft. There are several other file formats that make MailScanner fire on this. > > > Ideas? > > - > Jerry Benton > www.mailborder.com > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > Shawn Iverson > Director of Technology > Rush County Schools > 765-932-3901 x271 > iversons at rushville.k12.in.us > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From J.Ede at birchenallhowden.co.uk Thu Apr 23 08:12:49 2015 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Thu, 23 Apr 2015 08:12:49 +0000 Subject: Taint issues on 4.85.2-1 In-Reply-To: References: <01D63DCE-2656-4F89-ABDF-C9B12FA1F8EA@mailborder.com> <1A832CF2-E6F4-404A-A02E-F5BE36123F7D@mailborder.com> Message-ID: Hi Jerry, Did you get the IO::File.pm file? The version of it is 1.14 Will look at it a bit more from here… It’s the same on my production box and that is ok on an older version of MailScanner. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede Sent: 21 April 2015 09:17 To: MailScanner Discussion Subject: RE: Taint issues on 4.85.2-1 Emailed you the file directly. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 21 April 2015 09:06 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 Mmmmm … not going to do it. Can you send me /usr/lib64/perl5/IO/File.pm ? - Jerry Benton www.mailborder.com On Apr 21, 2015, at 4:04 AM, Jason Ede > wrote: Hi Jerry, Here is the top of the file # package IO::File; =head1 NAME IO::File - supply object methods for filehandles =head1 SYNOPSIS use IO::File; $fh = new IO::File; if ($fh->open("< file")) { print <$fh>; $fh->close; } $fh = new IO::File "> file"; if (defined $fh) { print $fh "bar\n"; $fh->close; } $fh = new IO::File "file", "r"; if (defined $fh) { print <$fh>; undef $fh; # automatically closes the file } $fh = new IO::File "file", O_WRONLY|O_APPEND; if (defined $fh) { print $fh "corge\n"; $pos = $fh->getpos; $fh->setpos($pos); undef $fh; # automatically closes the file } autoflush STDOUT 1; =head1 DESCRIPTION From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 13 April 2015 15:26 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 I believe this is a perl-IO-File thing and not a MailScanner thing. Can you send the head of that file? First 20 lines or so. - Jerry Benton www.mailborder.com On Apr 9, 2015, at 4:22 AM, Jason Ede > wrote: Installed this version on my development environment on Centos 6.6 and then run debug and I get a load of taint errors MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) pyzor: check failed: internal error, python traceback seen in response Building a message batch to scan... Have a batch of 10 messages. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Checked and /usr/sbin/MailScanner has the –U switch in it so it shouldn’t have this issue… Suggestions? Jason -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From J.Ede at birchenallhowden.co.uk Thu Apr 23 08:54:30 2015 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Thu, 23 Apr 2015 08:54:30 +0000 Subject: Taint issues on 4.85.2-1 In-Reply-To: References: <01D63DCE-2656-4F89-ABDF-C9B12FA1F8EA@mailborder.com> <1A832CF2-E6F4-404A-A02E-F5BE36123F7D@mailborder.com> Message-ID: Ok, looking through the MailScanner.pm file… When in debug mode it’s complaining around line 1100 when it calls $batch->Explode($Debug); That triggers one line containing Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185, <$fh> line 4. For each message in the batch. Also around line 1250 where it does $batch->SignUninfected(); I get Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185. for each message in the batch… Hopefully that will help narrow it down a bit… From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede Sent: 23 April 2015 09:13 To: MailScanner Discussion Subject: RE: Taint issues on 4.85.2-1 Hi Jerry, Did you get the IO::File.pm file? The version of it is 1.14 Will look at it a bit more from here… It’s the same on my production box and that is ok on an older version of MailScanner. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede Sent: 21 April 2015 09:17 To: MailScanner Discussion Subject: RE: Taint issues on 4.85.2-1 Emailed you the file directly. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 21 April 2015 09:06 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 Mmmmm … not going to do it. Can you send me /usr/lib64/perl5/IO/File.pm ? - Jerry Benton www.mailborder.com On Apr 21, 2015, at 4:04 AM, Jason Ede > wrote: Hi Jerry, Here is the top of the file # package IO::File; =head1 NAME IO::File - supply object methods for filehandles =head1 SYNOPSIS use IO::File; $fh = new IO::File; if ($fh->open("< file")) { print <$fh>; $fh->close; } $fh = new IO::File "> file"; if (defined $fh) { print $fh "bar\n"; $fh->close; } $fh = new IO::File "file", "r"; if (defined $fh) { print <$fh>; undef $fh; # automatically closes the file } $fh = new IO::File "file", O_WRONLY|O_APPEND; if (defined $fh) { print $fh "corge\n"; $pos = $fh->getpos; $fh->setpos($pos); undef $fh; # automatically closes the file } autoflush STDOUT 1; =head1 DESCRIPTION From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 13 April 2015 15:26 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 I believe this is a perl-IO-File thing and not a MailScanner thing. Can you send the head of that file? First 20 lines or so. - Jerry Benton www.mailborder.com On Apr 9, 2015, at 4:22 AM, Jason Ede > wrote: Installed this version on my development environment on Centos 6.6 and then run debug and I get a load of taint errors MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) pyzor: check failed: internal error, python traceback seen in response Building a message batch to scan... Have a batch of 10 messages. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Checked and /usr/sbin/MailScanner has the –U switch in it so it shouldn’t have this issue… Suggestions? Jason -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From J.Ede at birchenallhowden.co.uk Thu Apr 23 09:57:01 2015 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Thu, 23 Apr 2015 09:57:01 +0000 Subject: Taint issues on 4.85.2-1 In-Reply-To: References: <01D63DCE-2656-4F89-ABDF-C9B12FA1F8EA@mailborder.com> <1A832CF2-E6F4-404A-A02E-F5BE36123F7D@mailborder.com> Message-ID: Further info, when on Explode($batch) then in Message.pm around line 2250 where it does $entity = eval { $parser->parse($handle) }; Seems to be the offending line. That’s as far as I can get with it before I get hopelessly lost From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede Sent: 23 April 2015 09:55 To: MailScanner Discussion Subject: RE: Taint issues on 4.85.2-1 Ok, looking through the MailScanner.pm file… When in debug mode it’s complaining around line 1100 when it calls $batch->Explode($Debug); That triggers one line containing Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185, <$fh> line 4. For each message in the batch. Also around line 1250 where it does $batch->SignUninfected(); I get Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185. for each message in the batch… Hopefully that will help narrow it down a bit… From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede Sent: 23 April 2015 09:13 To: MailScanner Discussion Subject: RE: Taint issues on 4.85.2-1 Hi Jerry, Did you get the IO::File.pm file? The version of it is 1.14 Will look at it a bit more from here… It’s the same on my production box and that is ok on an older version of MailScanner. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede Sent: 21 April 2015 09:17 To: MailScanner Discussion Subject: RE: Taint issues on 4.85.2-1 Emailed you the file directly. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 21 April 2015 09:06 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 Mmmmm … not going to do it. Can you send me /usr/lib64/perl5/IO/File.pm ? - Jerry Benton www.mailborder.com On Apr 21, 2015, at 4:04 AM, Jason Ede > wrote: Hi Jerry, Here is the top of the file # package IO::File; =head1 NAME IO::File - supply object methods for filehandles =head1 SYNOPSIS use IO::File; $fh = new IO::File; if ($fh->open("< file")) { print <$fh>; $fh->close; } $fh = new IO::File "> file"; if (defined $fh) { print $fh "bar\n"; $fh->close; } $fh = new IO::File "file", "r"; if (defined $fh) { print <$fh>; undef $fh; # automatically closes the file } $fh = new IO::File "file", O_WRONLY|O_APPEND; if (defined $fh) { print $fh "corge\n"; $pos = $fh->getpos; $fh->setpos($pos); undef $fh; # automatically closes the file } autoflush STDOUT 1; =head1 DESCRIPTION From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 13 April 2015 15:26 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 I believe this is a perl-IO-File thing and not a MailScanner thing. Can you send the head of that file? First 20 lines or so. - Jerry Benton www.mailborder.com On Apr 9, 2015, at 4:22 AM, Jason Ede > wrote: Installed this version on my development environment on Centos 6.6 and then run debug and I get a load of taint errors MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) pyzor: check failed: internal error, python traceback seen in response Building a message batch to scan... Have a batch of 10 messages. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Checked and /usr/sbin/MailScanner has the –U switch in it so it shouldn’t have this issue… Suggestions? Jason -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Thu Apr 23 14:39:08 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Thu, 23 Apr 2015 10:39:08 -0400 Subject: Taint issues on 4.85.2-1 In-Reply-To: References: <01D63DCE-2656-4F89-ABDF-C9B12FA1F8EA@mailborder.com> <1A832CF2-E6F4-404A-A02E-F5BE36123F7D@mailborder.com> Message-ID: <451606A8-B438-48C5-B033-1E95C43D2B81@mailborder.com> Jason, what do your have your file permissions set at when running? user? group? - Jerry Benton www.mailborder.com Sent from my iPhone > On Apr 23, 2015, at 05:57, Jason Ede wrote: > > > Further info, when on Explode($batch) then in Message.pm around line 2250 where it does > $entity = eval { $parser->parse($handle) }; > > Seems to be the offending line. > > That’s as far as I can get with it before I get hopelessly lost > > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede > Sent: 23 April 2015 09:55 > To: MailScanner Discussion > Subject: RE: Taint issues on 4.85.2-1 > > Ok, looking through the MailScanner.pm file… > > When in debug mode it’s complaining around line 1100 when it calls > > $batch->Explode($Debug); > > That triggers one line containing > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185, <$fh> line 4. > > For each message in the batch. > > > Also around line 1250 where it does > $batch->SignUninfected(); > I get > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185. > > for each message in the batch… > > Hopefully that will help narrow it down a bit… > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede > Sent: 23 April 2015 09:13 > To: MailScanner Discussion > Subject: RE: Taint issues on 4.85.2-1 > > Hi Jerry, > > Did you get the IO::File.pm file? The version of it is 1.14 > > Will look at it a bit more from here… > > It’s the same on my production box and that is ok on an older version of MailScanner. > > Jason > > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede > Sent: 21 April 2015 09:17 > To: MailScanner Discussion > Subject: RE: Taint issues on 4.85.2-1 > > Emailed you the file directly. > > Jason > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton > Sent: 21 April 2015 09:06 > To: MailScanner Discussion > Subject: Re: Taint issues on 4.85.2-1 > > Mmmmm … not going to do it. Can you send me /usr/lib64/perl5/IO/File.pm ? > > - > Jerry Benton > www.mailborder.com > > > > On Apr 21, 2015, at 4:04 AM, Jason Ede wrote: > > Hi Jerry, > > Here is the top of the file > > # > > package IO::File; > > =head1 NAME > > IO::File - supply object methods for filehandles > > =head1 SYNOPSIS > > use IO::File; > > $fh = new IO::File; > if ($fh->open("< file")) { > print <$fh>; > $fh->close; > } > > $fh = new IO::File "> file"; > if (defined $fh) { > print $fh "bar\n"; > $fh->close; > } > > $fh = new IO::File "file", "r"; > if (defined $fh) { > print <$fh>; > undef $fh; # automatically closes the file > } > > $fh = new IO::File "file", O_WRONLY|O_APPEND; > if (defined $fh) { > print $fh "corge\n"; > > $pos = $fh->getpos; > $fh->setpos($pos); > > undef $fh; # automatically closes the file > } > > autoflush STDOUT 1; > > =head1 DESCRIPTION > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton > Sent: 13 April 2015 15:26 > To: MailScanner Discussion > Subject: Re: Taint issues on 4.85.2-1 > > I believe this is a perl-IO-File thing and not a MailScanner thing. Can you send the head of that file? First 20 lines or so. > > - > Jerry Benton > www.mailborder.com > > > > On Apr 9, 2015, at 4:22 AM, Jason Ede wrote: > > > Installed this version on my development environment on Centos 6.6 and then run debug and I get a load of taint errors > > MailScanner --debug > > > In Debugging mode, not forking... > Trying to setlogsock(unix) > pyzor: check failed: internal error, python traceback seen in response > Building a message batch to scan... > Have a batch of 10 messages. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > > > Checked and /usr/sbin/MailScanner has the –U switch in it so it shouldn’t have this issue… Suggestions? > > Jason > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From J.Ede at birchenallhowden.co.uk Thu Apr 23 14:51:34 2015 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Thu, 23 Apr 2015 14:51:34 +0000 Subject: Taint issues on 4.85.2-1 In-Reply-To: <451606A8-B438-48C5-B033-1E95C43D2B81@mailborder.com> References: <01D63DCE-2656-4F89-ABDF-C9B12FA1F8EA@mailborder.com> <1A832CF2-E6F4-404A-A02E-F5BE36123F7D@mailborder.com> <451606A8-B438-48C5-B033-1E95C43D2B81@mailborder.com> Message-ID: They’re set to postfix and postfix. As far as I can see this user has read/write access where it needs to. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 23 April 2015 15:39 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 Jason, what do your have your file permissions set at when running? user? group? - Jerry Benton www.mailborder.com Sent from my iPhone On Apr 23, 2015, at 05:57, Jason Ede > wrote: Further info, when on Explode($batch) then in Message.pm around line 2250 where it does $entity = eval { $parser->parse($handle) }; Seems to be the offending line. That’s as far as I can get with it before I get hopelessly lost From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede Sent: 23 April 2015 09:55 To: MailScanner Discussion Subject: RE: Taint issues on 4.85.2-1 Ok, looking through the MailScanner.pm file… When in debug mode it’s complaining around line 1100 when it calls $batch->Explode($Debug); That triggers one line containing Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185, <$fh> line 4. For each message in the batch. Also around line 1250 where it does $batch->SignUninfected(); I get Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185. for each message in the batch… Hopefully that will help narrow it down a bit… From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede Sent: 23 April 2015 09:13 To: MailScanner Discussion Subject: RE: Taint issues on 4.85.2-1 Hi Jerry, Did you get the IO::File.pm file? The version of it is 1.14 Will look at it a bit more from here… It’s the same on my production box and that is ok on an older version of MailScanner. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede Sent: 21 April 2015 09:17 To: MailScanner Discussion Subject: RE: Taint issues on 4.85.2-1 Emailed you the file directly. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 21 April 2015 09:06 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 Mmmmm … not going to do it. Can you send me /usr/lib64/perl5/IO/File.pm ? - Jerry Benton www.mailborder.com On Apr 21, 2015, at 4:04 AM, Jason Ede > wrote: Hi Jerry, Here is the top of the file # package IO::File; =head1 NAME IO::File - supply object methods for filehandles =head1 SYNOPSIS use IO::File; $fh = new IO::File; if ($fh->open("< file")) { print <$fh>; $fh->close; } $fh = new IO::File "> file"; if (defined $fh) { print $fh "bar\n"; $fh->close; } $fh = new IO::File "file", "r"; if (defined $fh) { print <$fh>; undef $fh; # automatically closes the file } $fh = new IO::File "file", O_WRONLY|O_APPEND; if (defined $fh) { print $fh "corge\n"; $pos = $fh->getpos; $fh->setpos($pos); undef $fh; # automatically closes the file } autoflush STDOUT 1; =head1 DESCRIPTION From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 13 April 2015 15:26 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 I believe this is a perl-IO-File thing and not a MailScanner thing. Can you send the head of that file? First 20 lines or so. - Jerry Benton www.mailborder.com On Apr 9, 2015, at 4:22 AM, Jason Ede > wrote: Installed this version on my development environment on Centos 6.6 and then run debug and I get a load of taint errors MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) pyzor: check failed: internal error, python traceback seen in response Building a message batch to scan... Have a batch of 10 messages. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Checked and /usr/sbin/MailScanner has the –U switch in it so it shouldn’t have this issue… Suggestions? Jason -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Thu Apr 23 15:29:12 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Thu, 23 Apr 2015 11:29:12 -0400 Subject: Taint issues on 4.85.2-1 In-Reply-To: References: <01D63DCE-2656-4F89-ABDF-C9B12FA1F8EA@mailborder.com> <1A832CF2-E6F4-404A-A02E-F5BE36123F7D@mailborder.com> <451606A8-B438-48C5-B033-1E95C43D2B81@mailborder.com> Message-ID: 0660? 777? And ClamAV settings if you are using that? - Jerry Benton www.mailborder.com > On Apr 23, 2015, at 10:51 AM, Jason Ede wrote: > > They’re set to postfix and postfix. As far as I can see this user has read/write access where it needs to. > > Jason > > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton > Sent: 23 April 2015 15:39 > To: MailScanner Discussion > Subject: Re: Taint issues on 4.85.2-1 > > Jason, > > what do your have your file permissions set at when running? user? group? > > - > Jerry Benton > www.mailborder.com > Sent from my iPhone > > On Apr 23, 2015, at 05:57, Jason Ede > wrote: > > > Further info, when on Explode($batch) then in Message.pm around line 2250 where it does > $entity = eval { $parser->parse($handle) }; > > Seems to be the offending line. > > That’s as far as I can get with it before I get hopelessly lost > > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info ] On Behalf Of Jason Ede > Sent: 23 April 2015 09:55 > To: MailScanner Discussion > Subject: RE: Taint issues on 4.85.2-1 > > Ok, looking through the MailScanner.pm file… > > When in debug mode it’s complaining around line 1100 when it calls > > $batch->Explode($Debug); > > That triggers one line containing > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185, <$fh> line 4. > > For each message in the batch. > > > Also around line 1250 where it does > $batch->SignUninfected(); > I get > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185. > > for each message in the batch… > > Hopefully that will help narrow it down a bit… > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info ] On Behalf Of Jason Ede > Sent: 23 April 2015 09:13 > To: MailScanner Discussion > Subject: RE: Taint issues on 4.85.2-1 > > Hi Jerry, > > Did you get the IO::File.pm file? The version of it is 1.14 > > Will look at it a bit more from here… > > It’s the same on my production box and that is ok on an older version of MailScanner. > > Jason > > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info ] On Behalf Of Jason Ede > Sent: 21 April 2015 09:17 > To: MailScanner Discussion > Subject: RE: Taint issues on 4.85.2-1 > > Emailed you the file directly. > > Jason > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info ] On Behalf Of Jerry Benton > Sent: 21 April 2015 09:06 > To: MailScanner Discussion > Subject: Re: Taint issues on 4.85.2-1 > > Mmmmm … not going to do it. Can you send me /usr/lib64/perl5/IO/File.pm ? > > - > Jerry Benton > www.mailborder.com > > > > On Apr 21, 2015, at 4:04 AM, Jason Ede > wrote: > > Hi Jerry, > > Here is the top of the file > > # > > package IO::File; > > =head1 NAME > > IO::File - supply object methods for filehandles > > =head1 SYNOPSIS > > use IO::File; > > $fh = new IO::File; > if ($fh->open("< file")) { > print <$fh>; > $fh->close; > } > > $fh = new IO::File "> file"; > if (defined $fh) { > print $fh "bar\n"; > $fh->close; > } > > $fh = new IO::File "file", "r"; > if (defined $fh) { > print <$fh>; > undef $fh; # automatically closes the file > } > > $fh = new IO::File "file", O_WRONLY|O_APPEND; > if (defined $fh) { > print $fh "corge\n"; > > $pos = $fh->getpos; > $fh->setpos($pos); > > undef $fh; # automatically closes the file > } > > autoflush STDOUT 1; > > =head1 DESCRIPTION > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info ] On Behalf Of Jerry Benton > Sent: 13 April 2015 15:26 > To: MailScanner Discussion > Subject: Re: Taint issues on 4.85.2-1 > > I believe this is a perl-IO-File thing and not a MailScanner thing. Can you send the head of that file? First 20 lines or so. > > - > Jerry Benton > www.mailborder.com > > > > On Apr 9, 2015, at 4:22 AM, Jason Ede > wrote: > > > Installed this version on my development environment on Centos 6.6 and then run debug and I get a load of taint errors > > MailScanner --debug > > > In Debugging mode, not forking... > Trying to setlogsock(unix) > pyzor: check failed: internal error, python traceback seen in response > Building a message batch to scan... > Have a batch of 10 messages. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > > > Checked and /usr/sbin/MailScanner has the –U switch in it so it shouldn’t have this issue… Suggestions? > > Jason > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From J.Ede at birchenallhowden.co.uk Thu Apr 23 15:41:11 2015 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Thu, 23 Apr 2015 15:41:11 +0000 Subject: Taint issues on 4.85.2-1 In-Reply-To: References: <01D63DCE-2656-4F89-ABDF-C9B12FA1F8EA@mailborder.com> <1A832CF2-E6F4-404A-A02E-F5BE36123F7D@mailborder.com> <451606A8-B438-48C5-B033-1E95C43D2B81@mailborder.com> Message-ID: Here they are… /var/spool/MailScanner drwxr-xr-x 4 root root 4096 Nov 21 14:49 . drwxr-xr-x. 15 root root 4096 Apr 2 10:51 .. drwxr-x--- 17 postfix postfix 4096 Apr 23 16:36 incoming drwxr-x--- 21 postfix apache 4096 Apr 23 09:23 quarantine I use clamd Clamd Port = 3310 Clamd Socket = /var/run/clamav/clamd.sock Clamd Lock File = /var/lock/subsys/clamd Clamd Use Threads = yes I don’t think I’ve missed any permissions, but it’s been a while since I’ve set up a MS server. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 23 April 2015 16:29 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 0660? 777? And ClamAV settings if you are using that? - Jerry Benton www.mailborder.com On Apr 23, 2015, at 10:51 AM, Jason Ede > wrote: They’re set to postfix and postfix. As far as I can see this user has read/write access where it needs to. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 23 April 2015 15:39 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 Jason, what do your have your file permissions set at when running? user? group? - Jerry Benton www.mailborder.com Sent from my iPhone On Apr 23, 2015, at 05:57, Jason Ede > wrote: Further info, when on Explode($batch) then in Message.pm around line 2250 where it does $entity = eval { $parser->parse($handle) }; Seems to be the offending line. That’s as far as I can get with it before I get hopelessly lost From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede Sent: 23 April 2015 09:55 To: MailScanner Discussion Subject: RE: Taint issues on 4.85.2-1 Ok, looking through the MailScanner.pm file… When in debug mode it’s complaining around line 1100 when it calls $batch->Explode($Debug); That triggers one line containing Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185, <$fh> line 4. For each message in the batch. Also around line 1250 where it does $batch->SignUninfected(); I get Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185. for each message in the batch… Hopefully that will help narrow it down a bit… From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede Sent: 23 April 2015 09:13 To: MailScanner Discussion Subject: RE: Taint issues on 4.85.2-1 Hi Jerry, Did you get the IO::File.pm file? The version of it is 1.14 Will look at it a bit more from here… It’s the same on my production box and that is ok on an older version of MailScanner. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede Sent: 21 April 2015 09:17 To: MailScanner Discussion Subject: RE: Taint issues on 4.85.2-1 Emailed you the file directly. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 21 April 2015 09:06 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 Mmmmm … not going to do it. Can you send me /usr/lib64/perl5/IO/File.pm ? - Jerry Benton www.mailborder.com On Apr 21, 2015, at 4:04 AM, Jason Ede > wrote: Hi Jerry, Here is the top of the file # package IO::File; =head1 NAME IO::File - supply object methods for filehandles =head1 SYNOPSIS use IO::File; $fh = new IO::File; if ($fh->open("< file")) { print <$fh>; $fh->close; } $fh = new IO::File "> file"; if (defined $fh) { print $fh "bar\n"; $fh->close; } $fh = new IO::File "file", "r"; if (defined $fh) { print <$fh>; undef $fh; # automatically closes the file } $fh = new IO::File "file", O_WRONLY|O_APPEND; if (defined $fh) { print $fh "corge\n"; $pos = $fh->getpos; $fh->setpos($pos); undef $fh; # automatically closes the file } autoflush STDOUT 1; =head1 DESCRIPTION From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 13 April 2015 15:26 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 I believe this is a perl-IO-File thing and not a MailScanner thing. Can you send the head of that file? First 20 lines or so. - Jerry Benton www.mailborder.com On Apr 9, 2015, at 4:22 AM, Jason Ede > wrote: Installed this version on my development environment on Centos 6.6 and then run debug and I get a load of taint errors MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) pyzor: check failed: internal error, python traceback seen in response Building a message batch to scan... Have a batch of 10 messages. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Checked and /usr/sbin/MailScanner has the –U switch in it so it shouldn’t have this issue… Suggestions? Jason -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Thu Apr 23 15:47:56 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Thu, 23 Apr 2015 11:47:56 -0400 Subject: Taint issues on 4.85.2-1 In-Reply-To: References: <01D63DCE-2656-4F89-ABDF-C9B12FA1F8EA@mailborder.com> <1A832CF2-E6F4-404A-A02E-F5BE36123F7D@mailborder.com> <451606A8-B438-48C5-B033-1E95C43D2B81@mailborder.com> Message-ID: In your MailScanner.conf there are permission and user settings. In short, it is complaining for some reason, and it is probably insecure permissions. I have ran the latest MS on every OS supported by MailScanner and have not seen this issue. So the only thing I can come up with right now is a permissions issue in your settings or on your file system. - Jerry Benton www.mailborder.com > On Apr 23, 2015, at 11:41 AM, Jason Ede wrote: > > Here they are… > > /var/spool/MailScanner > > drwxr-xr-x 4 root root 4096 Nov 21 14:49 . > drwxr-xr-x. 15 root root 4096 Apr 2 10:51 .. > drwxr-x--- 17 postfix postfix 4096 Apr 23 16:36 incoming > drwxr-x--- 21 postfix apache 4096 Apr 23 09:23 quarantine > > I use clamd > > Clamd Port = 3310 > Clamd Socket = /var/run/clamav/clamd.sock > Clamd Lock File = /var/lock/subsys/clamd > Clamd Use Threads = yes > > I don’t think I’ve missed any permissions, but it’s been a while since I’ve set up a MS server. > > Jason > > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton > Sent: 23 April 2015 16:29 > To: MailScanner Discussion > Subject: Re: Taint issues on 4.85.2-1 > > 0660? 777? And ClamAV settings if you are using that? > > - > Jerry Benton > www.mailborder.com > > > > On Apr 23, 2015, at 10:51 AM, Jason Ede > wrote: > > They’re set to postfix and postfix. As far as I can see this user has read/write access where it needs to. > > Jason > > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info ] On Behalf Of Jerry Benton > Sent: 23 April 2015 15:39 > To: MailScanner Discussion > Subject: Re: Taint issues on 4.85.2-1 > > Jason, > > what do your have your file permissions set at when running? user? group? > > - > Jerry Benton > www.mailborder.com > Sent from my iPhone > > On Apr 23, 2015, at 05:57, Jason Ede > wrote: > > > Further info, when on Explode($batch) then in Message.pm around line 2250 where it does > $entity = eval { $parser->parse($handle) }; > > Seems to be the offending line. > > That’s as far as I can get with it before I get hopelessly lost > > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info ] On Behalf Of Jason Ede > Sent: 23 April 2015 09:55 > To: MailScanner Discussion > Subject: RE: Taint issues on 4.85.2-1 > > Ok, looking through the MailScanner.pm file… > > When in debug mode it’s complaining around line 1100 when it calls > > $batch->Explode($Debug); > > That triggers one line containing > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185, <$fh> line 4. > > For each message in the batch. > > > Also around line 1250 where it does > $batch->SignUninfected(); > I get > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185. > > for each message in the batch… > > Hopefully that will help narrow it down a bit… > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info ] On Behalf Of Jason Ede > Sent: 23 April 2015 09:13 > To: MailScanner Discussion > Subject: RE: Taint issues on 4.85.2-1 > > Hi Jerry, > > Did you get the IO::File.pm file? The version of it is 1.14 > > Will look at it a bit more from here… > > It’s the same on my production box and that is ok on an older version of MailScanner. > > Jason > > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info ] On Behalf Of Jason Ede > Sent: 21 April 2015 09:17 > To: MailScanner Discussion > Subject: RE: Taint issues on 4.85.2-1 > > Emailed you the file directly. > > Jason > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info ] On Behalf Of Jerry Benton > Sent: 21 April 2015 09:06 > To: MailScanner Discussion > Subject: Re: Taint issues on 4.85.2-1 > > Mmmmm … not going to do it. Can you send me /usr/lib64/perl5/IO/File.pm ? > > - > Jerry Benton > www.mailborder.com > > > > On Apr 21, 2015, at 4:04 AM, Jason Ede > wrote: > > Hi Jerry, > > Here is the top of the file > > # > > package IO::File; > > =head1 NAME > > IO::File - supply object methods for filehandles > > =head1 SYNOPSIS > > use IO::File; > > $fh = new IO::File; > if ($fh->open("< file")) { > print <$fh>; > $fh->close; > } > > $fh = new IO::File "> file"; > if (defined $fh) { > print $fh "bar\n"; > $fh->close; > } > > $fh = new IO::File "file", "r"; > if (defined $fh) { > print <$fh>; > undef $fh; # automatically closes the file > } > > $fh = new IO::File "file", O_WRONLY|O_APPEND; > if (defined $fh) { > print $fh "corge\n"; > > $pos = $fh->getpos; > $fh->setpos($pos); > > undef $fh; # automatically closes the file > } > > autoflush STDOUT 1; > > =head1 DESCRIPTION > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info ] On Behalf Of Jerry Benton > Sent: 13 April 2015 15:26 > To: MailScanner Discussion > Subject: Re: Taint issues on 4.85.2-1 > > I believe this is a perl-IO-File thing and not a MailScanner thing. Can you send the head of that file? First 20 lines or so. > > - > Jerry Benton > www.mailborder.com > > > > On Apr 9, 2015, at 4:22 AM, Jason Ede > wrote: > > > Installed this version on my development environment on Centos 6.6 and then run debug and I get a load of taint errors > > MailScanner --debug > > > In Debugging mode, not forking... > Trying to setlogsock(unix) > pyzor: check failed: internal error, python traceback seen in response > Building a message batch to scan... > Have a batch of 10 messages. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > > > Checked and /usr/sbin/MailScanner has the –U switch in it so it shouldn’t have this issue… Suggestions? > > Jason > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From J.Ede at birchenallhowden.co.uk Thu Apr 23 15:58:04 2015 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Thu, 23 Apr 2015 15:58:04 +0000 Subject: Taint issues on 4.85.2-1 In-Reply-To: References: <01D63DCE-2656-4F89-ABDF-C9B12FA1F8EA@mailborder.com> <1A832CF2-E6F4-404A-A02E-F5BE36123F7D@mailborder.com> <451606A8-B438-48C5-B033-1E95C43D2B81@mailborder.com> Message-ID: Incoming Work Permissions = 0644 Quarantine Permissions = 0660 I can see it might be permissions, but it’s working out which permission is not right. I’m comparing it against a working system and still can’t spot it… The User is postfix in the conf file too. Jason -- Dr Jason Ede Development Manager, BirchenallHowden Ltd From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 23 April 2015 16:48 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 In your MailScanner.conf there are permission and user settings. In short, it is complaining for some reason, and it is probably insecure permissions. I have ran the latest MS on every OS supported by MailScanner and have not seen this issue. So the only thing I can come up with right now is a permissions issue in your settings or on your file system. - Jerry Benton www.mailborder.com On Apr 23, 2015, at 11:41 AM, Jason Ede > wrote: Here they are… /var/spool/MailScanner drwxr-xr-x 4 root root 4096 Nov 21 14:49 . drwxr-xr-x. 15 root root 4096 Apr 2 10:51 .. drwxr-x--- 17 postfix postfix 4096 Apr 23 16:36 incoming drwxr-x--- 21 postfix apache 4096 Apr 23 09:23 quarantine I use clamd Clamd Port = 3310 Clamd Socket = /var/run/clamav/clamd.sock Clamd Lock File = /var/lock/subsys/clamd Clamd Use Threads = yes I don’t think I’ve missed any permissions, but it’s been a while since I’ve set up a MS server. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 23 April 2015 16:29 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 0660? 777? And ClamAV settings if you are using that? - Jerry Benton www.mailborder.com On Apr 23, 2015, at 10:51 AM, Jason Ede > wrote: They’re set to postfix and postfix. As far as I can see this user has read/write access where it needs to. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 23 April 2015 15:39 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 Jason, what do your have your file permissions set at when running? user? group? - Jerry Benton www.mailborder.com Sent from my iPhone On Apr 23, 2015, at 05:57, Jason Ede > wrote: Further info, when on Explode($batch) then in Message.pm around line 2250 where it does $entity = eval { $parser->parse($handle) }; Seems to be the offending line. That’s as far as I can get with it before I get hopelessly lost From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede Sent: 23 April 2015 09:55 To: MailScanner Discussion Subject: RE: Taint issues on 4.85.2-1 Ok, looking through the MailScanner.pm file… When in debug mode it’s complaining around line 1100 when it calls $batch->Explode($Debug); That triggers one line containing Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185, <$fh> line 4. For each message in the batch. Also around line 1250 where it does $batch->SignUninfected(); I get Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185. for each message in the batch… Hopefully that will help narrow it down a bit… From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede Sent: 23 April 2015 09:13 To: MailScanner Discussion Subject: RE: Taint issues on 4.85.2-1 Hi Jerry, Did you get the IO::File.pm file? The version of it is 1.14 Will look at it a bit more from here… It’s the same on my production box and that is ok on an older version of MailScanner. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede Sent: 21 April 2015 09:17 To: MailScanner Discussion Subject: RE: Taint issues on 4.85.2-1 Emailed you the file directly. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 21 April 2015 09:06 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 Mmmmm … not going to do it. Can you send me /usr/lib64/perl5/IO/File.pm ? - Jerry Benton www.mailborder.com On Apr 21, 2015, at 4:04 AM, Jason Ede > wrote: Hi Jerry, Here is the top of the file # package IO::File; =head1 NAME IO::File - supply object methods for filehandles =head1 SYNOPSIS use IO::File; $fh = new IO::File; if ($fh->open("< file")) { print <$fh>; $fh->close; } $fh = new IO::File "> file"; if (defined $fh) { print $fh "bar\n"; $fh->close; } $fh = new IO::File "file", "r"; if (defined $fh) { print <$fh>; undef $fh; # automatically closes the file } $fh = new IO::File "file", O_WRONLY|O_APPEND; if (defined $fh) { print $fh "corge\n"; $pos = $fh->getpos; $fh->setpos($pos); undef $fh; # automatically closes the file } autoflush STDOUT 1; =head1 DESCRIPTION From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 13 April 2015 15:26 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 I believe this is a perl-IO-File thing and not a MailScanner thing. Can you send the head of that file? First 20 lines or so. - Jerry Benton www.mailborder.com On Apr 9, 2015, at 4:22 AM, Jason Ede > wrote: Installed this version on my development environment on Centos 6.6 and then run debug and I get a load of taint errors MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) pyzor: check failed: internal error, python traceback seen in response Building a message batch to scan... Have a batch of 10 messages. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Checked and /usr/sbin/MailScanner has the –U switch in it so it shouldn’t have this issue… Suggestions? Jason -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From J.Ede at birchenallhowden.co.uk Thu Apr 23 17:01:58 2015 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Thu, 23 Apr 2015 17:01:58 +0000 Subject: Taint issues on 4.85.2-1 In-Reply-To: References: <01D63DCE-2656-4F89-ABDF-C9B12FA1F8EA@mailborder.com> <1A832CF2-E6F4-404A-A02E-F5BE36123F7D@mailborder.com> <451606A8-B438-48C5-B033-1E95C43D2B81@mailborder.com> Message-ID: From enabling the debug logging in the code… Exploding message E1402120A37.A5B3C into /var/spool/MailScanner/incoming/4672/E1402120A37.A5B3C This means it’s permissions on my incoming folder that are wrong, but they look ok both at filesystem level and in conf file. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede Sent: 23 April 2015 16:58 To: MailScanner Discussion Subject: RE: Taint issues on 4.85.2-1 Incoming Work Permissions = 0644 Quarantine Permissions = 0660 I can see it might be permissions, but it’s working out which permission is not right. I’m comparing it against a working system and still can’t spot it… The User is postfix in the conf file too. Jason -- Dr Jason Ede Development Manager, BirchenallHowden Ltd From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 23 April 2015 16:48 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 In your MailScanner.conf there are permission and user settings. In short, it is complaining for some reason, and it is probably insecure permissions. I have ran the latest MS on every OS supported by MailScanner and have not seen this issue. So the only thing I can come up with right now is a permissions issue in your settings or on your file system. - Jerry Benton www.mailborder.com On Apr 23, 2015, at 11:41 AM, Jason Ede > wrote: Here they are… /var/spool/MailScanner drwxr-xr-x 4 root root 4096 Nov 21 14:49 . drwxr-xr-x. 15 root root 4096 Apr 2 10:51 .. drwxr-x--- 17 postfix postfix 4096 Apr 23 16:36 incoming drwxr-x--- 21 postfix apache 4096 Apr 23 09:23 quarantine I use clamd Clamd Port = 3310 Clamd Socket = /var/run/clamav/clamd.sock Clamd Lock File = /var/lock/subsys/clamd Clamd Use Threads = yes I don’t think I’ve missed any permissions, but it’s been a while since I’ve set up a MS server. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 23 April 2015 16:29 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 0660? 777? And ClamAV settings if you are using that? - Jerry Benton www.mailborder.com On Apr 23, 2015, at 10:51 AM, Jason Ede > wrote: They’re set to postfix and postfix. As far as I can see this user has read/write access where it needs to. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 23 April 2015 15:39 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 Jason, what do your have your file permissions set at when running? user? group? - Jerry Benton www.mailborder.com Sent from my iPhone On Apr 23, 2015, at 05:57, Jason Ede > wrote: Further info, when on Explode($batch) then in Message.pm around line 2250 where it does $entity = eval { $parser->parse($handle) }; Seems to be the offending line. That’s as far as I can get with it before I get hopelessly lost From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede Sent: 23 April 2015 09:55 To: MailScanner Discussion Subject: RE: Taint issues on 4.85.2-1 Ok, looking through the MailScanner.pm file… When in debug mode it’s complaining around line 1100 when it calls $batch->Explode($Debug); That triggers one line containing Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185, <$fh> line 4. For each message in the batch. Also around line 1250 where it does $batch->SignUninfected(); I get Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185. for each message in the batch… Hopefully that will help narrow it down a bit… From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede Sent: 23 April 2015 09:13 To: MailScanner Discussion Subject: RE: Taint issues on 4.85.2-1 Hi Jerry, Did you get the IO::File.pm file? The version of it is 1.14 Will look at it a bit more from here… It’s the same on my production box and that is ok on an older version of MailScanner. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede Sent: 21 April 2015 09:17 To: MailScanner Discussion Subject: RE: Taint issues on 4.85.2-1 Emailed you the file directly. Jason From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 21 April 2015 09:06 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 Mmmmm … not going to do it. Can you send me /usr/lib64/perl5/IO/File.pm ? - Jerry Benton www.mailborder.com On Apr 21, 2015, at 4:04 AM, Jason Ede > wrote: Hi Jerry, Here is the top of the file # package IO::File; =head1 NAME IO::File - supply object methods for filehandles =head1 SYNOPSIS use IO::File; $fh = new IO::File; if ($fh->open("< file")) { print <$fh>; $fh->close; } $fh = new IO::File "> file"; if (defined $fh) { print $fh "bar\n"; $fh->close; } $fh = new IO::File "file", "r"; if (defined $fh) { print <$fh>; undef $fh; # automatically closes the file } $fh = new IO::File "file", O_WRONLY|O_APPEND; if (defined $fh) { print $fh "corge\n"; $pos = $fh->getpos; $fh->setpos($pos); undef $fh; # automatically closes the file } autoflush STDOUT 1; =head1 DESCRIPTION From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 13 April 2015 15:26 To: MailScanner Discussion Subject: Re: Taint issues on 4.85.2-1 I believe this is a perl-IO-File thing and not a MailScanner thing. Can you send the head of that file? First 20 lines or so. - Jerry Benton www.mailborder.com On Apr 9, 2015, at 4:22 AM, Jason Ede > wrote: Installed this version on my development environment on Centos 6.6 and then run debug and I get a load of taint errors MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) pyzor: check failed: internal error, python traceback seen in response Building a message batch to scan... Have a batch of 10 messages. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Checked and /usr/sbin/MailScanner has the –U switch in it so it shouldn’t have this issue… Suggestions? Jason -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Fri Apr 24 15:28:10 2015 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Fri, 24 Apr 2015 11:28:10 -0400 Subject: Executable vs Binary In-Reply-To: <7B0AD7DA-8637-44FA-8A4C-89719EFA8D30@mailborder.com> References: <5DEB4B7A-A19C-4336-B70F-71AE3ABD7F44@mailborder.com> <7B0AD7DA-8637-44FA-8A4C-89719EFA8D30@mailborder.com> Message-ID: Jerry, I am going to upgrade my MailScanner to your latest release and test this again. I simply cannot get it to detect the .dat as an executable for some reason.... On Fri, Apr 17, 2015 at 11:07 AM, Jerry Benton wrote: > Yep. Attached. > > > > - > Jerry Benton > www.mailborder.com > > > > > On Apr 17, 2015, at 10:55 AM, Shawn Iverson > wrote: > > Jerry, > > I will study this and see if I can assist. > > Do you have a sample document with this .dat embedded? > > On Thu, Apr 16, 2015 at 3:45 PM, Jerry Benton > wrote: > >> Has anyone dealt with this? I can’t decide if I should mod the source or >> just change the configs: >> >> - Microsoft document comes through with some sort of dat file embedded. >> While MS see that dat file as text/plain, the character set is binary, so >> it nails it as an executable. >> - Allowing executables will allow the file. >> >> So, there’s the rub. Under the current code we have to allow executables >> for these “newer” types of Microsoft documents to get through. This isn’t >> restricted to just Microsoft. There are several other file formats that >> make MailScanner fire on this. >> >> >> Ideas? >> >> - >> Jerry Benton >> www.mailborder.com >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> >> > > > -- > Shawn Iverson > Director of Technology > Rush County Schools > 765-932-3901 x271 > iversons at rushville.k12.in.us > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner-list at okla.com Mon Apr 27 01:52:57 2015 From: mailscanner-list at okla.com (Tracy Greggs) Date: Sun, 26 Apr 2015 20:52:57 -0500 Subject: Executable vs Binary In-Reply-To: References: <5DEB4B7A-A19C-4336-B70F-71AE3ABD7F44@mailborder.com> <7B0AD7DA-8637-44FA-8A4C-89719EFA8D30@mailborder.com> Message-ID: <006201d0808c$e62e5fc0$b28b1f40$@okla.com> For whatever it is worth, I am using file v 5.22 0000.dat: DOS executable (block device driver) From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Shawn Iverson Sent: Friday, April 24, 2015 10:28 AM To: MailScanner Discussion Subject: Re: Executable vs Binary Jerry, I am going to upgrade my MailScanner to your latest release and test this again. I simply cannot get it to detect the .dat as an executable for some reason.... On Fri, Apr 17, 2015 at 11:07 AM, Jerry Benton wrote: Yep. Attached. - Jerry Benton www.mailborder.com On Apr 17, 2015, at 10:55 AM, Shawn Iverson wrote: Jerry, I will study this and see if I can assist. Do you have a sample document with this .dat embedded? On Thu, Apr 16, 2015 at 3:45 PM, Jerry Benton wrote: Has anyone dealt with this? I can’t decide if I should mod the source or just change the configs: - Microsoft document comes through with some sort of dat file embedded. While MS see that dat file as text/plain, the character set is binary, so it nails it as an executable. - Allowing executables will allow the file. So, there’s the rub. Under the current code we have to allow executables for these “newer” types of Microsoft documents to get through. This isn’t restricted to just Microsoft. There are several other file formats that make MailScanner fire on this. Ideas? - Jerry Benton www.mailborder.com -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner at barendse.to Mon Apr 27 08:35:09 2015 From: mailscanner at barendse.to (Remco Barendse) Date: Mon, 27 Apr 2015 10:35:09 +0200 (CEST) Subject: v4.85.2-1 Released In-Reply-To: <2E3E8650-A69B-4DCE-AD18-B38B7864D801@mailborder.com> References: <2E3E8650-A69B-4DCE-AD18-B38B7864D801@mailborder.com> Message-ID: Thanks a million for releasing this updated MailScanner package. I really started to believe MailScanner had become abandonware. The new installer script is awesome (worked flawelessly to upgrade my CentOS 5/6 boxes) and is very easy to use. Thanks to all MailScanner devs!!! On Sun, 29 Mar 2015, Jerry Benton wrote: > Ok, I made some minor updates based on feedback from testers. The new packages are now available on the MailScanner website. Jules and I are in the process of transferring mailscanner.info domain to my registrar. Once that is completed and I finish up the latest Mailborder development project I am working on I will create a new website for MailScanner and a new mailman server that should remove these big delays we have been seeing. > > Thanks to everyone that tested the packages and pointed out areas of improvement. > > > Package Downloads: > > http://www.mailscanner.info/downloads.html > > > Complete Source: > > https://github.com/MailScanner/v4 > > > - > Jerry Benton > www.mailborder.com > > > > From glenn.steen at gmail.com Mon Apr 27 20:55:21 2015 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon, 27 Apr 2015 22:55:21 +0200 Subject: Does Mailscanner Rename In-Reply-To: <55156328.5020108@fink-computer.de> References: <55156328.5020108@fink-computer.de> Message-ID: Generally, the name shown in the report has been ... sanitized... For example, if you have somthing trigger the "very long fillename" rule, it'll be ... shortened... This can sometimes be a bit confusing, but is generally a good thing;-) Cheers! -- -- Glenn On 27 March 2015 at 15:03, Heino Backhaus wrote: > Hello All, > > > I enjoy using mailscanner for many years now. Thanks to all. > I would realy appreciate your help with a problem i was running across. > > The first question is. Does Mailscanner rename a file with a CLSID in > the filename to something like this: CLIP-%7B8EC58011.bmp ? > > Now to my problem: > An attached bitmap (a companys logo) triggeres the CLSID Filename rule. > > The MailWatch report says: > Report: MailScanner: Files containing CLSID's are trying to hide their > real type (CLIP-%7B8EC58011.bmp) > > The corresponding rule from filename.rules.conf is stated below: > > # Deny filenames containing CLSID's > deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real type > Files containing CLSID's are trying to hide > their real type > > A strange thing is that this file downloaded from Mailwatch and attached > to a new (html) mail will pass the Mailscanner. > So i think it's renamed and may not be the original name... > But when you try to release the mail from quarantine it triggers > the CLSID-Rule again ... I'm a little confused about this and need help. > Thanks in advance. > > > My Softwareversions are: > > MailWatch Version = 1.2.0 - Beta 5 > > MailScanner Version = 4.84.6 > > PHP Version = 5.5.9-1ubuntu4.7 > > MySQL Version = 5.5.41-0ubuntu0.14.04.1 > > > > -- > > "In retrospect it becomes clear that hindsight is definitely overrated!" > > -Alfred E. Neumann > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Apr 27 21:01:02 2015 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon, 27 Apr 2015 23:01:02 +0200 Subject: Filename wrongly triggers CLSID-Rule in Filename.rules.conf In-Reply-To: <551572EC.1010602@fink-computer.de> References: <551572EC.1010602@fink-computer.de> Message-ID: Not strange at all: When you download the file, it'll be renamed to the sanitized name, which will pass through just dandy. When you release the message, it still contain the CLSID thing, and will trigger the same rule. One can set things so that you don't use the same rules for released messages, but that may be a bit involved. I usually just use WinSCP to download the attachment directly from the quarantine. Cheers! -- -- Glenn On 27 March 2015 at 16:10, Heino Backhaus wrote: > > Hello All, > > > I've enjoyed using mailscanner for many years now. Thanks to all. > I would realy appreciate your help with a problem i was running across. > > An attached bitmap (a companys logo) triggeres wrongly the CLSID > Filename rule. > > The MailWatch report says: > Report: MailScanner: Files containing CLSID's are trying to hide > their real type (CLIP-%7B8EC58011.bmp) > > The corresponding rule from filename.rules.conf is stated below: > > # Deny filenames containing CLSID's > deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real type > Files containing CLSID's are trying to hide > their real type > > The first question is. Does Mailscanner rename a file with a CLSID in > the filename to something like this: CLIP-%7B8EC58011.bmp ? > > A strange thing is that this file downloaded from Mailwatch and attached > to a new (html) mail will pass the Mailscanner. > So i think it's renamed... > But when you try to release the mail from quarantine it triggers > the CLSID-Rule again ... I'm a little confused about this and need help. > > > My Softwareversions are: > > MailWatch Version = 1.2.0 - Beta 5 > > MailScanner Version = 4.84.6 > > PHP Version = 5.5.9-1ubuntu4.7 > > MySQL Version = 5.5.41-0ubuntu0.14.04.1 > > > Thanks in advance. > -Heino > > -- > > "In retrospect it becomes clear that hindsight is definitely overrated!" > > -Alfred E. Neumann > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From datasoftindia at gmail.com Wed Apr 29 03:35:02 2015 From: datasoftindia at gmail.com (Datasoft-India) Date: Wed, 29 Apr 2015 09:05:02 +0530 Subject: Yahoo Bouncing mails with trailing spaces in subject Message-ID: Hi All, I have gone through the threads in the archive list. However I have finally nailed down the problem to the following condition. No matter what, whenever we compose a mail with an extra space at the end of the subject, a Duplicate Subject line gets added at the top of the header and the mail is bounced by Yahoo. with the following message. : host mta5.am0.yahoodns.net[98.138.112.35] said: 554 Message not allowed – Headers are not RFC compliant[291] (in reply to end of DATA command). Sample header shown below. Return-Path: X-Spam-Status: No Subject: test 10 X-securemailhub-MailScanner-From: xx at yyyyyyy.com X-securemailhub-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, Output of MailScanner -V This is CentOS release 5.11 (Final) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.84.6 Question2) Is the Latest version of MailScanner 4.85.2-2 supported on the CentOS release 5.11 (Final) and Perl version 5.008008 without issues. Can you help through some light on this.? Thanks/DP -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Wed Apr 29 11:29:35 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Wed, 29 Apr 2015 07:29:35 -0400 Subject: Yahoo Bouncing mails with trailing spaces in subject In-Reply-To: References: Message-ID: <49C72ED8-43A3-4AE9-8FEF-6D6D4DDA3C4C@mailborder.com> 4.85.2-2 supports RHEL 5. - Jerry Benton www.mailborder.com > On Apr 28, 2015, at 11:35 PM, Datasoft-India wrote: > > Hi All, > I have gone through the threads in the archive list. However I have finally nailed down the problem to the following condition. No matter what, whenever we compose a mail with an extra space at the end of the subject, a Duplicate Subject line gets added at the top of the header and the mail is bounced by Yahoo. with the following message. > >: host mta5.am0.yahoodns.net [98.138.112.35] said: 554 Message not allowed – Headers are not RFC compliant[291] (in reply to end of DATA command). > > > Sample header shown below. > > Return-Path: > > X-Spam-Status: No > Subject: test 10 > X-securemailhub-MailScanner-From: xx at yyyyyyy.com > X-securemailhub-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, > > > Output of MailScanner -V > > This is CentOS release 5.11 (Final) > This is Perl version 5.008008 (5.8.8) > This is MailScanner version 4.84.6 > > Question2) Is the Latest version of MailScanner 4.85.2-2 supported on the CentOS release 5.11 (Final) and Perl version 5.008008 without issues. > > Can you help through some light on this.? > > Thanks/DP > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From pparsons at techeez.com Wed Apr 29 18:52:28 2015 From: pparsons at techeez.com (Philip Parsons) Date: Wed, 29 Apr 2015 18:52:28 +0000 Subject: I think I must have missed something Message-ID: <11D8E491D9562549A61FD3186F36342002127B1537@exchange.techeez.com> Read 0 hostnames from the phishing blacklists Is this list no longer working ? or do I need to change something Thank you. Philip Parsons -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Wed Apr 29 18:54:45 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Wed, 29 Apr 2015 14:54:45 -0400 Subject: I think I must have missed something In-Reply-To: <11D8E491D9562549A61FD3186F36342002127B1537@exchange.techeez.com> References: <11D8E491D9562549A61FD3186F36342002127B1537@exchange.techeez.com> Message-ID: I can only speak to v4.85.2-2 - Do you have a cron job setup for the scripts? - Have you tried running the scripts manually? - Jerry Benton www.mailborder.com > On Apr 29, 2015, at 2:52 PM, Philip Parsons wrote: > > Read 0 hostnames from the phishing blacklists > > > Is this list no longer working ? or do I need to change something > > > Thank you. > Philip Parsons > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From pparsons at techeez.com Wed Apr 29 19:06:19 2015 From: pparsons at techeez.com (Philip Parsons) Date: Wed, 29 Apr 2015 19:06:19 +0000 Subject: I think I must have missed something In-Reply-To: References: <11D8E491D9562549A61FD3186F36342002127B1537@exchange.techeez.com> Message-ID: <11D8E491D9562549A61FD3186F36342002127B158E@exchange.techeez.com> Its an older version 4.84.6. From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: April-29-15 11:55 AM To: MailScanner Discussion Subject: Re: I think I must have missed something I can only speak to v4.85.2-2 - Do you have a cron job setup for the scripts? - Have you tried running the scripts manually? - Jerry Benton www.mailborder.com On Apr 29, 2015, at 2:52 PM, Philip Parsons > wrote: Read 0 hostnames from the phishing blacklists Is this list no longer working ? or do I need to change something Thank you. Philip Parsons -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Wed Apr 29 19:20:22 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Wed, 29 Apr 2015 15:20:22 -0400 Subject: I think I must have missed something In-Reply-To: <11D8E491D9562549A61FD3186F36342002127B158E@exchange.techeez.com> References: <11D8E491D9562549A61FD3186F36342002127B1537@exchange.techeez.com> <11D8E491D9562549A61FD3186F36342002127B158E@exchange.techeez.com> Message-ID: Get the new ones here: http://phishing.mailborder.com/ The updater is running off the one I built for Mailborder until I can get a copy of it over to the MailScanner domain, but it will be the same exact thing. - Jerry Benton www.mailborder.com > On Apr 29, 2015, at 3:06 PM, Philip Parsons wrote: > > Its an older version 4.84.6. > > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton > Sent: April-29-15 11:55 AM > To: MailScanner Discussion > Subject: Re: I think I must have missed something > > I can only speak to v4.85.2-2 > > - Do you have a cron job setup for the scripts? > - Have you tried running the scripts manually? > > - > Jerry Benton > www.mailborder.com > > > > On Apr 29, 2015, at 2:52 PM, Philip Parsons > wrote: > > Read 0 hostnames from the phishing blacklists > > > Is this list no longer working ? or do I need to change something > > > Thank you. > Philip Parsons > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner , and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: