From heino.backhaus at fink-computer.de Tue Jun 2 10:11:34 2015 From: heino.backhaus at fink-computer.de (Heino Backhaus) Date: Tue, 2 Jun 2015 12:11:34 +0200 Subject: .gz Archives are analyzed correctly Message-ID: <556D8156.4020509@fink-computer.de> Hello List, again i need some help. Actualy we receive brand new Windows Viruses in .gz files. MS is configured to block executables in Archives but they're going through. Does anybode has a fast hint wich parameters i should double-check. My Mailscanner Version is: 4.84.6-1 Cheers -Heino From heino.backhaus at fink-computer.de Tue Jun 2 11:45:57 2015 From: heino.backhaus at fink-computer.de (Heino Backhaus) Date: Tue, 2 Jun 2015 13:45:57 +0200 Subject: .gz Archives are _not_ analyzed correctly In-Reply-To: <556D8156.4020509@fink-computer.de> References: <556D8156.4020509@fink-computer.de> Message-ID: <556D9775.9040205@fink-computer.de> Hello List, so now after a lot of testing i can say that in my installation attached .gz - Archives are not analyzed as i expect/want them to be... Executables in .gz - Files will not be blocked. They are handled different than in .zip - Files and I don't have a clue. Is there anyone who can tell me what to do to block executeables in .gz - Files ? Or where to look ? Thanks -Heino Am 02.06.2015 um 12:11 schrieb Heino Backhaus: > Hello List, > > again i need some help. > > Actualy we receive brand new Windows Viruses in .gz files. MS is > configured to block executables in Archives but they're going through. > > Does anybode has a fast hint wich parameters i should double-check. > > My Mailscanner Version is: 4.84.6-1 > > > Cheers > -Heino > > From heino.backhaus at fink-computer.de Tue Jun 2 14:55:36 2015 From: heino.backhaus at fink-computer.de (Heino Backhaus) Date: Tue, 2 Jun 2015 16:55:36 +0200 Subject: .gz Archives are _not_ analyzed correctly In-Reply-To: <556D9775.9040205@fink-computer.de> References: <556D8156.4020509@fink-computer.de> <556D9775.9040205@fink-computer.de> Message-ID: <556DC3E8.5030803@fink-computer.de> It's not an GnuZip it's a RAR-Archive. This should bring some light on it: root at mailscanner2014:~/test# unrar l DP386592711.gz UNRAR 5.00 beta 8 freeware Copyright (c) 1993-2013 Alexander Roshal Archive: DP386592711.gz Details: RAR 4 Attributes Size Date Time Name ----------- --------- -------- ----- ---- ..A.... 675840 02-06-15 06:39 RFQ - DP386592711.exe ----------- --------- -------- ----- ---- 675840 1 But shouldn't Mailscanner detect that it is a RAR-Archive and check the content anyway? Ok, i think it's the best to block RAR Archives until i get some more help or knowledge. Thanks -Heino Am 02.06.2015 um 13:45 schrieb Heino Backhaus: > Hello List, > > so now after a lot of testing i can say that in my installation attached > .gz - Archives are not analyzed as i expect/want them to be... > Executables in .gz - Files will not be blocked. They are handled > different than in .zip - Files and I don't have a clue. > Is there anyone who can tell me what to do to block executeables in .gz > - Files ? Or where to look ? > > > Thanks > -Heino > > > > Am 02.06.2015 um 12:11 schrieb Heino Backhaus: >> Hello List, >> >> again i need some help. >> >> Actualy we receive brand new Windows Viruses in .gz files. MS is >> configured to block executables in Archives but they're going through. >> >> Does anybode has a fast hint wich parameters i should double-check. >> >> My Mailscanner Version is: 4.84.6-1 >> >> >> Cheers >> -Heino >> >> > > From dobril at stanga.net Sat Jun 6 16:53:01 2015 From: dobril at stanga.net (Dobril Dobrilov) Date: Sat, 6 Jun 2015 19:53:01 +0300 Subject: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart Message-ID: <024b01d0a079$3fe8e920$bfbabb60$@stanga.net> Hello, All messages stucks in /var/spool/postfix/incoming I just need MailScanner to check messages attachement for bad attachments (exe ,bat..) , no Antivirus , no Spam checks This is what happening when I try to send or receive email Jun 6 19:39:35 snowthunder postfix_host/pickup[21567]: 04A9D42C4C: uid=0 from= Jun 6 19:39:35 snowthunder postfix_host/cleanup[21603]: 04A9D42C4C: hold: header Received: by mail.snowthunder.org (Postfix, from userid 0)??id 04A9D42C4C; Sat, 6 Jun 2015 19:39:34 +0300 (EEST) from local; from= to= Jun 6 19:39:35 snowthunder postfix_host/cleanup[21603]: 04A9D42C4C: message-id=<20150606163935.04A9D42C4C at mail.snowthunder.org> Jun 6 19:39:37 snowthunder MailScanner[21598]: New Batch: Scanning 1 messages, 667 bytes Jun 6 19:39:37 snowthunder MailScanner[21598]: Saved archive copies of 04A9D42C4C.A004F Jun 6 19:39:37 snowthunder MailScanner[21598]: Looked up unknown string nonpasswordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf Jun 6 19:39:37 snowthunder MailScanner[21598]: Filename Checks: Allowing 04A9D42C4C.A004F msg-21598-1.txt Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus and Content Scanning: Starting Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus Scanning completed at 48372 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Spam Checks: Starting Jun 6 19:39:37 snowthunder MailScanner[21598]: Delivery of nonspam: message 04A9D42C4C.A004F from root at mail.snowthunder.org to dobril at snowthunder.org with subject Jun 6 19:39:37 snowthunder MailScanner[21598]: Spam Checks completed at 474732 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Requeue: 04A9D42C4C.A004F to C096D42C55 Jun 6 19:39:37 snowthunder MailScanner[21598]: Uninfected: Delivered 1 messages Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus Processing completed at 136202 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Deleted 1 messages from processing-database Jun 6 19:39:37 snowthunder MailScanner[21598]: Batch completed at 23686 bytes per second (667 / 0) Jun 6 19:39:37 snowthunder MailScanner[21598]: Batch (1 message) processed in 0.03 seconds # ls -l /var/spool/postfix/incoming/ total 68 drwx------. 2 postfix postfix 4096 Jun 6 19:39 0 drwx------. 2 postfix postfix 4096 Jun 6 19:21 1 drwx------. 2 postfix postfix 4096 Jun 6 18:52 2 drwx------. 2 postfix postfix 4096 Jun 6 19:38 3 drwx------. 2 postfix postfix 4096 Jun 6 18:56 4 drwx------. 2 postfix postfix 4096 Jun 6 19:18 5 drwx------. 2 postfix postfix 4096 Jun 6 19:14 6 drwx------. 2 postfix postfix 4096 Jun 6 19:38 7 drwx------. 2 postfix postfix 4096 Jun 6 19:01 8 drwx------. 2 postfix postfix 4096 Jun 6 18:52 9 drwx------. 2 postfix postfix 4096 Jun 6 19:38 A drwx------. 2 postfix postfix 4096 Jun 6 18:57 B drwx------. 2 postfix postfix 4096 Jun 6 19:02 C -rwx------. 1 postfix postfix 946 Jun 6 19:39 C096D42C55 drwx------. 2 postfix postfix 4096 Jun 6 18:56 D drwx------. 2 postfix postfix 4096 Jun 6 18:56 E drwx------. 2 postfix postfix 4096 Jun 6 18:56 F If I restart postfix service, it's process delivery of all message from /var/spool/postfix/incoming .. but there are something wrong. This is my Postfix configs: main.cf command_directory = /usr/sbin maximal_queue_lifetime = 2d bounce_queue_lifetime = 0 myhostname = mail.snowthunder.org mydomain = snowthunder.org mydestination = mail.snowthunder.org virtual_alias_domains = /etc/postfix/local-host-names, /etc/postfix/virtual_domains virtual_alias_maps = hash:/etc/postfix/virtual canonical_maps = hash:/etc/postfix/canonical alias_maps = smtp_connection_cache_on_demand = no mail_spool_directory = /maildir/ transport_maps = hash:/etc/postfix/transport smtpd_helo_required = yes disable_vrfy_command = yes inet_interfaces = all mynetworks = 127.0.0.0/8 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_mx_backup, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_hostname smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_client_restrictions = permit_mynetworks syslog_name = postfix_host default_process_limit = 500 fallback_relay = 127.0.0.1 hash_queue_names = deferred, defer active bounce flush incoming unknown_local_recipient_reject_code = 450 message_size_limit = 20000000 readme_directory = /usr/share/doc/postfix-2.11.1/README_FILES sample_directory = /usr/share/doc/postfix-2.11.1/samples sendmail_path = /usr/sbin/sendmail html_directory = no setgid_group = postdrop manpage_directory = /usr/share/man daemon_directory = /usr/libexec/postfix newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq mail_owner = postfix queue_directory = /var/spool/postfix data_directory = /var/lib/postfix inet_protocols = ipv4 header_checks = regexp:/etc/postfix/header_checks master.cf smtp inet n - n - 80 smtpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache discard unix - - n - - discard tlsmgr unix - - n 1000? 1 tlsmgr retry unix - - n - - error proxywrite unix - - n - 1 proxymap -------------- next part -------------- An HTML attachment was scrubbed... URL: From jeremy at fluxlabs.net Sat Jun 6 16:56:31 2015 From: jeremy at fluxlabs.net (Jeremy McSpadden) Date: Sat, 6 Jun 2015 16:56:31 +0000 Subject: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart In-Reply-To: <024b01d0a079$3fe8e920$bfbabb60$@stanga.net> References: <024b01d0a079$3fe8e920$bfbabb60$@stanga.net> Message-ID: <494027DB-7271-4B32-B0E2-87054AF5C5BB@fluxlabs.net> Fix your Conf files Jun 6 19:39:37 snowthunder MailScanner[21598]: Looked up unknown string nonpasswordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf -- Jeremy McSpadden | Flux Labs Local - 850-250-5590x501 | Mobile - 850-890-2543 Fax - 850-254-2955 | Toll Free - 877-699-FLUX Web - http://www.fluxlabs.net On Jun 6, 2015, at 12:53 PM, Dobril Dobrilov > wrote: Hello, All messages stucks in /var/spool/postfix/incoming I just need MailScanner to check messages attachement for bad attachments (exe ,bat….) , no Antivirus , no Spam checks This is what happening when I try to send or receive email Jun 6 19:39:35 snowthunder postfix_host/pickup[21567]: 04A9D42C4C: uid=0 from= Jun 6 19:39:35 snowthunder postfix_host/cleanup[21603]: 04A9D42C4C: hold: header Received: by mail.snowthunder.org (Postfix, from userid 0)??id 04A9D42C4C; Sat, 6 Jun 2015 19:39:34 +0300 (EEST) from local; from=> to=> Jun 6 19:39:35 snowthunder postfix_host/cleanup[21603]: 04A9D42C4C: message-id=<20150606163935.04A9D42C4C at mail.snowthunder.org> Jun 6 19:39:37 snowthunder MailScanner[21598]: New Batch: Scanning 1 messages, 667 bytes Jun 6 19:39:37 snowthunder MailScanner[21598]: Saved archive copies of 04A9D42C4C.A004F Jun 6 19:39:37 snowthunder MailScanner[21598]: Looked up unknown string nonpasswordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf Jun 6 19:39:37 snowthunder MailScanner[21598]: Filename Checks: Allowing 04A9D42C4C.A004F msg-21598-1.txt Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus and Content Scanning: Starting Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus Scanning completed at 48372 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Spam Checks: Starting Jun 6 19:39:37 snowthunder MailScanner[21598]: Delivery of nonspam: message 04A9D42C4C.A004F from root at mail.snowthunder.org to dobril at snowthunder.org with subject Jun 6 19:39:37 snowthunder MailScanner[21598]: Spam Checks completed at 474732 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Requeue: 04A9D42C4C.A004F to C096D42C55 Jun 6 19:39:37 snowthunder MailScanner[21598]: Uninfected: Delivered 1 messages Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus Processing completed at 136202 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Deleted 1 messages from processing-database Jun 6 19:39:37 snowthunder MailScanner[21598]: Batch completed at 23686 bytes per second (667 / 0) Jun 6 19:39:37 snowthunder MailScanner[21598]: Batch (1 message) processed in 0.03 seconds # ls -l /var/spool/postfix/incoming/ total 68 drwx------. 2 postfix postfix 4096 Jun 6 19:39 0 drwx------. 2 postfix postfix 4096 Jun 6 19:21 1 drwx------. 2 postfix postfix 4096 Jun 6 18:52 2 drwx------. 2 postfix postfix 4096 Jun 6 19:38 3 drwx------. 2 postfix postfix 4096 Jun 6 18:56 4 drwx------. 2 postfix postfix 4096 Jun 6 19:18 5 drwx------. 2 postfix postfix 4096 Jun 6 19:14 6 drwx------. 2 postfix postfix 4096 Jun 6 19:38 7 drwx------. 2 postfix postfix 4096 Jun 6 19:01 8 drwx------. 2 postfix postfix 4096 Jun 6 18:52 9 drwx------. 2 postfix postfix 4096 Jun 6 19:38 A drwx------. 2 postfix postfix 4096 Jun 6 18:57 B drwx------. 2 postfix postfix 4096 Jun 6 19:02 C -rwx------. 1 postfix postfix 946 Jun 6 19:39 C096D42C55 drwx------. 2 postfix postfix 4096 Jun 6 18:56 D drwx------. 2 postfix postfix 4096 Jun 6 18:56 E drwx------. 2 postfix postfix 4096 Jun 6 18:56 F If I restart postfix service, it’s process delivery of all message from /var/spool/postfix/incoming .. but there are something wrong. This is my Postfix configs: main.cf command_directory = /usr/sbin maximal_queue_lifetime = 2d bounce_queue_lifetime = 0 myhostname = mail.snowthunder.org mydomain = snowthunder.org mydestination = mail.snowthunder.org virtual_alias_domains = /etc/postfix/local-host-names, /etc/postfix/virtual_domains virtual_alias_maps = hash:/etc/postfix/virtual canonical_maps = hash:/etc/postfix/canonical alias_maps = smtp_connection_cache_on_demand = no mail_spool_directory = /maildir/ transport_maps = hash:/etc/postfix/transport smtpd_helo_required = yes disable_vrfy_command = yes inet_interfaces = all mynetworks = 127.0.0.0/8 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_mx_backup, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_hostname smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_client_restrictions = permit_mynetworks syslog_name = postfix_host default_process_limit = 500 fallback_relay = 127.0.0.1 hash_queue_names = deferred, defer active bounce flush incoming unknown_local_recipient_reject_code = 450 message_size_limit = 20000000 readme_directory = /usr/share/doc/postfix-2.11.1/README_FILES sample_directory = /usr/share/doc/postfix-2.11.1/samples sendmail_path = /usr/sbin/sendmail html_directory = no setgid_group = postdrop manpage_directory = /usr/share/man daemon_directory = /usr/libexec/postfix newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq mail_owner = postfix queue_directory = /var/spool/postfix data_directory = /var/lib/postfix inet_protocols = ipv4 header_checks = regexp:/etc/postfix/header_checks master.cf smtp inet n - n - 80 smtpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache discard unix - - n - - discard tlsmgr unix - - n 1000? 1 tlsmgr retry unix - - n - - error proxywrite unix - - n - 1 proxymap -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From dobril at stanga.net Sat Jun 6 17:08:12 2015 From: dobril at stanga.net (Dobril Dobrilov) Date: Sat, 6 Jun 2015 20:08:12 +0300 Subject: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart In-Reply-To: <494027DB-7271-4B32-B0E2-87054AF5C5BB@fluxlabs.net> References: <024b01d0a079$3fe8e920$bfbabb60$@stanga.net> <494027DB-7271-4B32-B0E2-87054AF5C5BB@fluxlabs.net> Message-ID: <025a01d0a07b$5eb9a270$1c2ce750$@stanga.net> I fix it , but the problem with delivery still persists From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jeremy McSpadden Sent: Saturday, June 6, 2015 7:57 PM To: MailScanner Discussion Subject: Re: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart Fix your Conf files Jun 6 19:39:37 snowthunder MailScanner[21598]: Looked up unknown string nonpasswordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf -- Jeremy McSpadden | Flux Labs Local - 850-250-5590x501 | Mobile - 850-890-2543 Fax - 850-254-2955 | Toll Free - 877-699-FLUX Web - http://www.fluxlabs.net On Jun 6, 2015, at 12:53 PM, Dobril Dobrilov > wrote: Hello, All messages stucks in /var/spool/postfix/incoming I just need MailScanner to check messages attachement for bad attachments (exe ,bat..) , no Antivirus , no Spam checks This is what happening when I try to send or receive email Jun 6 19:39:35 snowthunder postfix_host/pickup[21567]: 04A9D42C4C: uid=0 from= Jun 6 19:39:35 snowthunder postfix_host/cleanup[21603]: 04A9D42C4C: hold: header Received: by mail.snowthunder.org (Postfix, from userid 0)??id 04A9D42C4C; Sat, 6 Jun 2015 19:39:34 +0300 (EEST) from local; from= > to= > Jun 6 19:39:35 snowthunder postfix_host/cleanup[21603]: 04A9D42C4C: message-id=<20150606163935.04A9D42C4C at mail.snowthunder.org > Jun 6 19:39:37 snowthunder MailScanner[21598]: New Batch: Scanning 1 messages, 667 bytes Jun 6 19:39:37 snowthunder MailScanner[21598]: Saved archive copies of 04A9D42C4C.A004F Jun 6 19:39:37 snowthunder MailScanner[21598]: Looked up unknown string nonpasswordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf Jun 6 19:39:37 snowthunder MailScanner[21598]: Filename Checks: Allowing 04A9D42C4C.A004F msg-21598-1.txt Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus and Content Scanning: Starting Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus Scanning completed at 48372 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Spam Checks: Starting Jun 6 19:39:37 snowthunder MailScanner[21598]: Delivery of nonspam: message 04A9D42C4C.A004F from root at mail.snowthunder.org to dobril at snowthunder.org with subject Jun 6 19:39:37 snowthunder MailScanner[21598]: Spam Checks completed at 474732 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Requeue: 04A9D42C4C.A004F to C096D42C55 Jun 6 19:39:37 snowthunder MailScanner[21598]: Uninfected: Delivered 1 messages Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus Processing completed at 136202 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Deleted 1 messages from processing-database Jun 6 19:39:37 snowthunder MailScanner[21598]: Batch completed at 23686 bytes per second (667 / 0) Jun 6 19:39:37 snowthunder MailScanner[21598]: Batch (1 message) processed in 0.03 seconds # ls -l /var/spool/postfix/incoming/ total 68 drwx------. 2 postfix postfix 4096 Jun 6 19:39 0 drwx------. 2 postfix postfix 4096 Jun 6 19:21 1 drwx------. 2 postfix postfix 4096 Jun 6 18:52 2 drwx------. 2 postfix postfix 4096 Jun 6 19:38 3 drwx------. 2 postfix postfix 4096 Jun 6 18:56 4 drwx------. 2 postfix postfix 4096 Jun 6 19:18 5 drwx------. 2 postfix postfix 4096 Jun 6 19:14 6 drwx------. 2 postfix postfix 4096 Jun 6 19:38 7 drwx------. 2 postfix postfix 4096 Jun 6 19:01 8 drwx------. 2 postfix postfix 4096 Jun 6 18:52 9 drwx------. 2 postfix postfix 4096 Jun 6 19:38 A drwx------. 2 postfix postfix 4096 Jun 6 18:57 B drwx------. 2 postfix postfix 4096 Jun 6 19:02 C -rwx------. 1 postfix postfix 946 Jun 6 19:39 C096D42C55 drwx------. 2 postfix postfix 4096 Jun 6 18:56 D drwx------. 2 postfix postfix 4096 Jun 6 18:56 E drwx------. 2 postfix postfix 4096 Jun 6 18:56 F If I restart postfix service, it's process delivery of all message from /var/spool/postfix/incoming .. but there are something wrong. This is my Postfix configs: main.cf command_directory = /usr/sbin maximal_queue_lifetime = 2d bounce_queue_lifetime = 0 myhostname = mail.snowthunder.org mydomain = snowthunder.org mydestination = mail.snowthunder.org virtual_alias_domains = /etc/postfix/local-host-names, /etc/postfix/virtual_domains virtual_alias_maps = hash:/etc/postfix/virtual canonical_maps = hash:/etc/postfix/canonical alias_maps = smtp_connection_cache_on_demand = no mail_spool_directory = /maildir/ transport_maps = hash:/etc/postfix/transport smtpd_helo_required = yes disable_vrfy_command = yes inet_interfaces = all mynetworks = 127.0.0.0/8 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_mx_backup, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_hostname smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_client_restrictions = permit_mynetworks syslog_name = postfix_host default_process_limit = 500 fallback_relay = 127.0.0.1 hash_queue_names = deferred, defer active bounce flush incoming unknown_local_recipient_reject_code = 450 message_size_limit = 20000000 readme_directory = /usr/share/doc/postfix-2.11.1/README_FILES sample_directory = /usr/share/doc/postfix-2.11.1/samples sendmail_path = /usr/sbin/sendmail html_directory = no setgid_group = postdrop manpage_directory = /usr/share/man daemon_directory = /usr/libexec/postfix newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq mail_owner = postfix queue_directory = /var/spool/postfix data_directory = /var/lib/postfix inet_protocols = ipv4 header_checks = regexp:/etc/postfix/header_checks master.cf smtp inet n - n - 80 smtpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache discard unix - - n - - discard tlsmgr unix - - n 1000? 1 tlsmgr retry unix - - n - - error proxywrite unix - - n - 1 proxymap -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jeremy at fluxlabs.net Sat Jun 6 17:08:57 2015 From: jeremy at fluxlabs.net (Jeremy McSpadden) Date: Sat, 6 Jun 2015 17:08:57 +0000 Subject: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart In-Reply-To: <025a01d0a07b$5eb9a270$1c2ce750$@stanga.net> References: <024b01d0a079$3fe8e920$bfbabb60$@stanga.net> <494027DB-7271-4B32-B0E2-87054AF5C5BB@fluxlabs.net>, <025a01d0a07b$5eb9a270$1c2ce750$@stanga.net> Message-ID: Output new log. -- Jeremy McSpadden | Flux Labs Local - 850-250-5590x501 | Mobile - 850-890-2543 Fax - 850-254-2955 | Toll Free - 877-699-FLUX Web - http://www.fluxlabs.net On Jun 6, 2015, at 1:08 PM, Dobril Dobrilov > wrote: I fix it , but the problem with delivery still persists From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jeremy McSpadden Sent: Saturday, June 6, 2015 7:57 PM To: MailScanner Discussion Subject: Re: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart Fix your Conf files Jun 6 19:39:37 snowthunder MailScanner[21598]: Looked up unknown string nonpasswordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf -- Jeremy McSpadden | Flux Labs Local - 850-250-5590x501 | Mobile - 850-890-2543 Fax - 850-254-2955 | Toll Free - 877-699-FLUX Web - http://www.fluxlabs.net On Jun 6, 2015, at 12:53 PM, Dobril Dobrilov > wrote: Hello, All messages stucks in /var/spool/postfix/incoming I just need MailScanner to check messages attachement for bad attachments (exe ,bat….) , no Antivirus , no Spam checks This is what happening when I try to send or receive email Jun 6 19:39:35 snowthunder postfix_host/pickup[21567]: 04A9D42C4C: uid=0 from= Jun 6 19:39:35 snowthunder postfix_host/cleanup[21603]: 04A9D42C4C: hold: header Received: by mail.snowthunder.org (Postfix, from userid 0)??id 04A9D42C4C; Sat, 6 Jun 2015 19:39:34 +0300 (EEST) from local; from=> to=> Jun 6 19:39:35 snowthunder postfix_host/cleanup[21603]: 04A9D42C4C: message-id=<20150606163935.04A9D42C4C at mail.snowthunder.org> Jun 6 19:39:37 snowthunder MailScanner[21598]: New Batch: Scanning 1 messages, 667 bytes Jun 6 19:39:37 snowthunder MailScanner[21598]: Saved archive copies of 04A9D42C4C.A004F Jun 6 19:39:37 snowthunder MailScanner[21598]: Looked up unknown string nonpasswordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf Jun 6 19:39:37 snowthunder MailScanner[21598]: Filename Checks: Allowing 04A9D42C4C.A004F msg-21598-1.txt Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus and Content Scanning: Starting Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus Scanning completed at 48372 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Spam Checks: Starting Jun 6 19:39:37 snowthunder MailScanner[21598]: Delivery of nonspam: message 04A9D42C4C.A004F from root at mail.snowthunder.org to dobril at snowthunder.org with subject Jun 6 19:39:37 snowthunder MailScanner[21598]: Spam Checks completed at 474732 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Requeue: 04A9D42C4C.A004F to C096D42C55 Jun 6 19:39:37 snowthunder MailScanner[21598]: Uninfected: Delivered 1 messages Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus Processing completed at 136202 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Deleted 1 messages from processing-database Jun 6 19:39:37 snowthunder MailScanner[21598]: Batch completed at 23686 bytes per second (667 / 0) Jun 6 19:39:37 snowthunder MailScanner[21598]: Batch (1 message) processed in 0.03 seconds # ls -l /var/spool/postfix/incoming/ total 68 drwx------. 2 postfix postfix 4096 Jun 6 19:39 0 drwx------. 2 postfix postfix 4096 Jun 6 19:21 1 drwx------. 2 postfix postfix 4096 Jun 6 18:52 2 drwx------. 2 postfix postfix 4096 Jun 6 19:38 3 drwx------. 2 postfix postfix 4096 Jun 6 18:56 4 drwx------. 2 postfix postfix 4096 Jun 6 19:18 5 drwx------. 2 postfix postfix 4096 Jun 6 19:14 6 drwx------. 2 postfix postfix 4096 Jun 6 19:38 7 drwx------. 2 postfix postfix 4096 Jun 6 19:01 8 drwx------. 2 postfix postfix 4096 Jun 6 18:52 9 drwx------. 2 postfix postfix 4096 Jun 6 19:38 A drwx------. 2 postfix postfix 4096 Jun 6 18:57 B drwx------. 2 postfix postfix 4096 Jun 6 19:02 C -rwx------. 1 postfix postfix 946 Jun 6 19:39 C096D42C55 drwx------. 2 postfix postfix 4096 Jun 6 18:56 D drwx------. 2 postfix postfix 4096 Jun 6 18:56 E drwx------. 2 postfix postfix 4096 Jun 6 18:56 F If I restart postfix service, it’s process delivery of all message from /var/spool/postfix/incoming .. but there are something wrong. This is my Postfix configs: main.cf command_directory = /usr/sbin maximal_queue_lifetime = 2d bounce_queue_lifetime = 0 myhostname = mail.snowthunder.org mydomain = snowthunder.org mydestination = mail.snowthunder.org virtual_alias_domains = /etc/postfix/local-host-names, /etc/postfix/virtual_domains virtual_alias_maps = hash:/etc/postfix/virtual canonical_maps = hash:/etc/postfix/canonical alias_maps = smtp_connection_cache_on_demand = no mail_spool_directory = /maildir/ transport_maps = hash:/etc/postfix/transport smtpd_helo_required = yes disable_vrfy_command = yes inet_interfaces = all mynetworks = 127.0.0.0/8 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_mx_backup, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_hostname smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_client_restrictions = permit_mynetworks syslog_name = postfix_host default_process_limit = 500 fallback_relay = 127.0.0.1 hash_queue_names = deferred, defer active bounce flush incoming unknown_local_recipient_reject_code = 450 message_size_limit = 20000000 readme_directory = /usr/share/doc/postfix-2.11.1/README_FILES sample_directory = /usr/share/doc/postfix-2.11.1/samples sendmail_path = /usr/sbin/sendmail html_directory = no setgid_group = postdrop manpage_directory = /usr/share/man daemon_directory = /usr/libexec/postfix newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq mail_owner = postfix queue_directory = /var/spool/postfix data_directory = /var/lib/postfix inet_protocols = ipv4 header_checks = regexp:/etc/postfix/header_checks master.cf smtp inet n - n - 80 smtpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache discard unix - - n - - discard tlsmgr unix - - n 1000? 1 tlsmgr retry unix - - n - - error proxywrite unix - - n - 1 proxymap -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From dobril at stanga.net Sat Jun 6 17:10:55 2015 From: dobril at stanga.net (Dobril Dobrilov) Date: Sat, 6 Jun 2015 20:10:55 +0300 Subject: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart In-Reply-To: References: <024b01d0a079$3fe8e920$bfbabb60$@stanga.net> <494027DB-7271-4B32-B0E2-87054AF5C5BB@fluxlabs.net>, <025a01d0a07b$5eb9a270$1c2ce750$@stanga.net> Message-ID: <026901d0a07b$bfbd9a40$3f38cec0$@stanga.net> Jun 6 20:05:26 snowthunder postfix_host/postfix-script[22051]: starting the Postfix mail system Jun 6 20:05:26 snowthunder postfix_host/master[22053]: daemon started -- version 2.11.1, configuration /etc/postfix Jun 6 20:05:27 snowthunder MailScanner[22077]: MailScanner E-Mail Virus Scanner version 4.85.2 starting... Jun 6 20:05:27 snowthunder MailScanner[22077]: Reading configuration file /etc/MailScanner/MailScanner.conf Jun 6 20:05:27 snowthunder MailScanner[22077]: Connected to Processing Attempts Database Jun 6 20:05:27 snowthunder MailScanner[22077]: Found 0 messages in the Processing Attempts Database Jun 6 20:05:27 snowthunder MailScanner[22077]: Using locktype = flock Jun 6 20:05:32 snowthunder MailScanner[22080]: MailScanner E-Mail Virus Scanner version 4.85.2 starting... Jun 6 20:05:32 snowthunder MailScanner[22080]: Reading configuration file /etc/MailScanner/MailScanner.conf Jun 6 20:05:32 snowthunder MailScanner[22080]: Connected to Processing Attempts Database Jun 6 20:05:32 snowthunder MailScanner[22080]: Found 0 messages in the Processing Attempts Database Jun 6 20:05:32 snowthunder MailScanner[22080]: Using locktype = flock Jun 6 20:05:37 snowthunder MailScanner[22081]: MailScanner E-Mail Virus Scanner version 4.85.2 starting... Jun 6 20:05:37 snowthunder MailScanner[22081]: Reading configuration file /etc/MailScanner/MailScanner.conf Jun 6 20:05:37 snowthunder MailScanner[22081]: Connected to Processing Attempts Database Jun 6 20:05:37 snowthunder MailScanner[22081]: Found 0 messages in the Processing Attempts Database Jun 6 20:05:37 snowthunder MailScanner[22081]: Using locktype = flock Jun 6 20:05:42 snowthunder MailScanner[22082]: MailScanner E-Mail Virus Scanner version 4.85.2 starting... Jun 6 20:05:42 snowthunder MailScanner[22082]: Reading configuration file /etc/MailScanner/MailScanner.conf Jun 6 20:05:42 snowthunder MailScanner[22082]: Connected to Processing Attempts Database Jun 6 20:05:42 snowthunder MailScanner[22082]: Found 0 messages in the Processing Attempts Database Jun 6 20:05:42 snowthunder MailScanner[22082]: Using locktype = flock Jun 6 20:06:00 snowthunder postfix_host/pickup[22055]: 8D7F542C55: uid=0 from= Jun 6 20:06:00 snowthunder postfix_host/cleanup[22087]: 8D7F542C55: hold: header Received: by mail.snowthunder.org (Postfix, from userid 0)??id 8D7F542C55; Sat, 6 Jun 2015 20:06:00 +0300 (EEST) from local; from= to= Jun 6 20:06:00 snowthunder postfix_host/cleanup[22087]: 8D7F542C55: message-id=<20150606170600.8D7F542C55 at mail.snowthunder.org> Jun 6 20:06:01 snowthunder MailScanner[22081]: New Batch: Scanning 1 messages, 667 bytes Jun 6 20:06:01 snowthunder MailScanner[22081]: Saved archive copies of 8D7F542C55.AD92B Jun 6 20:06:01 snowthunder MailScanner[22081]: Filename Checks: Allowing 8D7F542C55.AD92B msg-22081-1.txt Jun 6 20:06:01 snowthunder MailScanner[22081]: Virus and Content Scanning: Starting Jun 6 20:06:01 snowthunder MailScanner[22081]: Virus Scanning completed at 51055 bytes per second Jun 6 20:06:01 snowthunder MailScanner[22081]: Spam Checks: Starting Jun 6 20:06:01 snowthunder MailScanner[22081]: Delivery of nonspam: message 8D7F542C55.AD92B from root at mail.snowthunder.org to dobril at snowthunder.org with subject Jun 6 20:06:01 snowthunder MailScanner[22081]: Spam Checks completed at 474089 bytes per second Jun 6 20:06:01 snowthunder MailScanner[22081]: Requeue: 8D7F542C55.AD92B to 73EC242C59 Jun 6 20:06:01 snowthunder MailScanner[22081]: Uninfected: Delivered 1 messages Jun 6 20:06:01 snowthunder MailScanner[22081]: Virus Processing completed at 143621 bytes per second Jun 6 20:06:01 snowthunder MailScanner[22081]: Deleted 1 messages from processing-database Jun 6 20:06:01 snowthunder MailScanner[22081]: Batch completed at 25539 bytes per second (667 / 0) Jun 6 20:06:01 snowthunder MailScanner[22081]: Batch (1 message) processed in 0.03 seconds From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jeremy McSpadden Sent: Saturday, June 6, 2015 8:09 PM To: MailScanner Discussion Subject: Re: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart Output new log. -- Jeremy McSpadden | Flux Labs Local - 850-250-5590x501 | Mobile - 850-890-2543 Fax - 850-254-2955 | Toll Free - 877-699-FLUX Web - http://www.fluxlabs.net On Jun 6, 2015, at 1:08 PM, Dobril Dobrilov > wrote: I fix it , but the problem with delivery still persists From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jeremy McSpadden Sent: Saturday, June 6, 2015 7:57 PM To: MailScanner Discussion Subject: Re: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart Fix your Conf files Jun 6 19:39:37 snowthunder MailScanner[21598]: Looked up unknown string nonpasswordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf -- Jeremy McSpadden | Flux Labs Local - 850-250-5590x501 | Mobile - 850-890-2543 Fax - 850-254-2955 | Toll Free - 877-699-FLUX Web - http://www.fluxlabs.net On Jun 6, 2015, at 12:53 PM, Dobril Dobrilov > wrote: Hello, All messages stucks in /var/spool/postfix/incoming I just need MailScanner to check messages attachement for bad attachments (exe ,bat..) , no Antivirus , no Spam checks This is what happening when I try to send or receive email Jun 6 19:39:35 snowthunder postfix_host/pickup[21567]: 04A9D42C4C: uid=0 from= Jun 6 19:39:35 snowthunder postfix_host/cleanup[21603]: 04A9D42C4C: hold: header Received: by mail.snowthunder.org (Postfix, from userid 0)??id 04A9D42C4C; Sat, 6 Jun 2015 19:39:34 +0300 (EEST) from local; from= > to= > Jun 6 19:39:35 snowthunder postfix_host/cleanup[21603]: 04A9D42C4C: message-id=<20150606163935.04A9D42C4C at mail.snowthunder.org > Jun 6 19:39:37 snowthunder MailScanner[21598]: New Batch: Scanning 1 messages, 667 bytes Jun 6 19:39:37 snowthunder MailScanner[21598]: Saved archive copies of 04A9D42C4C.A004F Jun 6 19:39:37 snowthunder MailScanner[21598]: Looked up unknown string nonpasswordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf Jun 6 19:39:37 snowthunder MailScanner[21598]: Filename Checks: Allowing 04A9D42C4C.A004F msg-21598-1.txt Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus and Content Scanning: Starting Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus Scanning completed at 48372 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Spam Checks: Starting Jun 6 19:39:37 snowthunder MailScanner[21598]: Delivery of nonspam: message 04A9D42C4C.A004F from root at mail.snowthunder.org to dobril at snowthunder.org with subject Jun 6 19:39:37 snowthunder MailScanner[21598]: Spam Checks completed at 474732 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Requeue: 04A9D42C4C.A004F to C096D42C55 Jun 6 19:39:37 snowthunder MailScanner[21598]: Uninfected: Delivered 1 messages Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus Processing completed at 136202 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Deleted 1 messages from processing-database Jun 6 19:39:37 snowthunder MailScanner[21598]: Batch completed at 23686 bytes per second (667 / 0) Jun 6 19:39:37 snowthunder MailScanner[21598]: Batch (1 message) processed in 0.03 seconds # ls -l /var/spool/postfix/incoming/ total 68 drwx------. 2 postfix postfix 4096 Jun 6 19:39 0 drwx------. 2 postfix postfix 4096 Jun 6 19:21 1 drwx------. 2 postfix postfix 4096 Jun 6 18:52 2 drwx------. 2 postfix postfix 4096 Jun 6 19:38 3 drwx------. 2 postfix postfix 4096 Jun 6 18:56 4 drwx------. 2 postfix postfix 4096 Jun 6 19:18 5 drwx------. 2 postfix postfix 4096 Jun 6 19:14 6 drwx------. 2 postfix postfix 4096 Jun 6 19:38 7 drwx------. 2 postfix postfix 4096 Jun 6 19:01 8 drwx------. 2 postfix postfix 4096 Jun 6 18:52 9 drwx------. 2 postfix postfix 4096 Jun 6 19:38 A drwx------. 2 postfix postfix 4096 Jun 6 18:57 B drwx------. 2 postfix postfix 4096 Jun 6 19:02 C -rwx------. 1 postfix postfix 946 Jun 6 19:39 C096D42C55 drwx------. 2 postfix postfix 4096 Jun 6 18:56 D drwx------. 2 postfix postfix 4096 Jun 6 18:56 E drwx------. 2 postfix postfix 4096 Jun 6 18:56 F If I restart postfix service, it's process delivery of all message from /var/spool/postfix/incoming .. but there are something wrong. This is my Postfix configs: main.cf command_directory = /usr/sbin maximal_queue_lifetime = 2d bounce_queue_lifetime = 0 myhostname = mail.snowthunder.org mydomain = snowthunder.org mydestination = mail.snowthunder.org virtual_alias_domains = /etc/postfix/local-host-names, /etc/postfix/virtual_domains virtual_alias_maps = hash:/etc/postfix/virtual canonical_maps = hash:/etc/postfix/canonical alias_maps = smtp_connection_cache_on_demand = no mail_spool_directory = /maildir/ transport_maps = hash:/etc/postfix/transport smtpd_helo_required = yes disable_vrfy_command = yes inet_interfaces = all mynetworks = 127.0.0.0/8 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_mx_backup, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_hostname smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_client_restrictions = permit_mynetworks syslog_name = postfix_host default_process_limit = 500 fallback_relay = 127.0.0.1 hash_queue_names = deferred, defer active bounce flush incoming unknown_local_recipient_reject_code = 450 message_size_limit = 20000000 readme_directory = /usr/share/doc/postfix-2.11.1/README_FILES sample_directory = /usr/share/doc/postfix-2.11.1/samples sendmail_path = /usr/sbin/sendmail html_directory = no setgid_group = postdrop manpage_directory = /usr/share/man daemon_directory = /usr/libexec/postfix newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq mail_owner = postfix queue_directory = /var/spool/postfix data_directory = /var/lib/postfix inet_protocols = ipv4 header_checks = regexp:/etc/postfix/header_checks master.cf smtp inet n - n - 80 smtpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache discard unix - - n - - discard tlsmgr unix - - n 1000? 1 tlsmgr retry unix - - n - - error proxywrite unix - - n - 1 proxymap -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jeremy at fluxlabs.net Sat Jun 6 17:19:12 2015 From: jeremy at fluxlabs.net (Jeremy McSpadden) Date: Sat, 6 Jun 2015 17:19:12 +0000 Subject: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart In-Reply-To: <026901d0a07b$bfbd9a40$3f38cec0$@stanga.net> References: <024b01d0a079$3fe8e920$bfbabb60$@stanga.net> <494027DB-7271-4B32-B0E2-87054AF5C5BB@fluxlabs.net>, <025a01d0a07b$5eb9a270$1c2ce750$@stanga.net> , <026901d0a07b$bfbd9a40$3f38cec0$@stanga.net> Message-ID: Messages are still remaining in hold folder ? Not being delivered ? -- Jeremy McSpadden | Flux Labs Local - 850-250-5590x501 | Mobile - 850-890-2543 Fax - 850-254-2955 | Toll Free - 877-699-FLUX Web - http://www.fluxlabs.net On Jun 6, 2015, at 1:10 PM, Dobril Dobrilov > wrote: Jun 6 20:05:26 snowthunder postfix_host/postfix-script[22051]: starting the Postfix mail system Jun 6 20:05:26 snowthunder postfix_host/master[22053]: daemon started -- version 2.11.1, configuration /etc/postfix Jun 6 20:05:27 snowthunder MailScanner[22077]: MailScanner E-Mail Virus Scanner version 4.85.2 starting... Jun 6 20:05:27 snowthunder MailScanner[22077]: Reading configuration file /etc/MailScanner/MailScanner.conf Jun 6 20:05:27 snowthunder MailScanner[22077]: Connected to Processing Attempts Database Jun 6 20:05:27 snowthunder MailScanner[22077]: Found 0 messages in the Processing Attempts Database Jun 6 20:05:27 snowthunder MailScanner[22077]: Using locktype = flock Jun 6 20:05:32 snowthunder MailScanner[22080]: MailScanner E-Mail Virus Scanner version 4.85.2 starting... Jun 6 20:05:32 snowthunder MailScanner[22080]: Reading configuration file /etc/MailScanner/MailScanner.conf Jun 6 20:05:32 snowthunder MailScanner[22080]: Connected to Processing Attempts Database Jun 6 20:05:32 snowthunder MailScanner[22080]: Found 0 messages in the Processing Attempts Database Jun 6 20:05:32 snowthunder MailScanner[22080]: Using locktype = flock Jun 6 20:05:37 snowthunder MailScanner[22081]: MailScanner E-Mail Virus Scanner version 4.85.2 starting... Jun 6 20:05:37 snowthunder MailScanner[22081]: Reading configuration file /etc/MailScanner/MailScanner.conf Jun 6 20:05:37 snowthunder MailScanner[22081]: Connected to Processing Attempts Database Jun 6 20:05:37 snowthunder MailScanner[22081]: Found 0 messages in the Processing Attempts Database Jun 6 20:05:37 snowthunder MailScanner[22081]: Using locktype = flock Jun 6 20:05:42 snowthunder MailScanner[22082]: MailScanner E-Mail Virus Scanner version 4.85.2 starting... Jun 6 20:05:42 snowthunder MailScanner[22082]: Reading configuration file /etc/MailScanner/MailScanner.conf Jun 6 20:05:42 snowthunder MailScanner[22082]: Connected to Processing Attempts Database Jun 6 20:05:42 snowthunder MailScanner[22082]: Found 0 messages in the Processing Attempts Database Jun 6 20:05:42 snowthunder MailScanner[22082]: Using locktype = flock Jun 6 20:06:00 snowthunder postfix_host/pickup[22055]: 8D7F542C55: uid=0 from= Jun 6 20:06:00 snowthunder postfix_host/cleanup[22087]: 8D7F542C55: hold: header Received: by mail.snowthunder.org (Postfix, from userid 0)??id 8D7F542C55; Sat, 6 Jun 2015 20:06:00 +0300 (EEST) from local; from=> to=> Jun 6 20:06:00 snowthunder postfix_host/cleanup[22087]: 8D7F542C55: message-id=<20150606170600.8D7F542C55 at mail.snowthunder.org> Jun 6 20:06:01 snowthunder MailScanner[22081]: New Batch: Scanning 1 messages, 667 bytes Jun 6 20:06:01 snowthunder MailScanner[22081]: Saved archive copies of 8D7F542C55.AD92B Jun 6 20:06:01 snowthunder MailScanner[22081]: Filename Checks: Allowing 8D7F542C55.AD92B msg-22081-1.txt Jun 6 20:06:01 snowthunder MailScanner[22081]: Virus and Content Scanning: Starting Jun 6 20:06:01 snowthunder MailScanner[22081]: Virus Scanning completed at 51055 bytes per second Jun 6 20:06:01 snowthunder MailScanner[22081]: Spam Checks: Starting Jun 6 20:06:01 snowthunder MailScanner[22081]: Delivery of nonspam: message 8D7F542C55.AD92B from root at mail.snowthunder.org to dobril at snowthunder.org with subject Jun 6 20:06:01 snowthunder MailScanner[22081]: Spam Checks completed at 474089 bytes per second Jun 6 20:06:01 snowthunder MailScanner[22081]: Requeue: 8D7F542C55.AD92B to 73EC242C59 Jun 6 20:06:01 snowthunder MailScanner[22081]: Uninfected: Delivered 1 messages Jun 6 20:06:01 snowthunder MailScanner[22081]: Virus Processing completed at 143621 bytes per second Jun 6 20:06:01 snowthunder MailScanner[22081]: Deleted 1 messages from processing-database Jun 6 20:06:01 snowthunder MailScanner[22081]: Batch completed at 25539 bytes per second (667 / 0) Jun 6 20:06:01 snowthunder MailScanner[22081]: Batch (1 message) processed in 0.03 seconds From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jeremy McSpadden Sent: Saturday, June 6, 2015 8:09 PM To: MailScanner Discussion Subject: Re: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart Output new log. -- Jeremy McSpadden | Flux Labs Local - 850-250-5590x501 | Mobile - 850-890-2543 Fax - 850-254-2955 | Toll Free - 877-699-FLUX Web - http://www.fluxlabs.net On Jun 6, 2015, at 1:08 PM, Dobril Dobrilov > wrote: I fix it , but the problem with delivery still persists From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jeremy McSpadden Sent: Saturday, June 6, 2015 7:57 PM To: MailScanner Discussion Subject: Re: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart Fix your Conf files Jun 6 19:39:37 snowthunder MailScanner[21598]: Looked up unknown string nonpasswordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf -- Jeremy McSpadden | Flux Labs Local - 850-250-5590x501 | Mobile - 850-890-2543 Fax - 850-254-2955 | Toll Free - 877-699-FLUX Web - http://www.fluxlabs.net On Jun 6, 2015, at 12:53 PM, Dobril Dobrilov > wrote: Hello, All messages stucks in /var/spool/postfix/incoming I just need MailScanner to check messages attachement for bad attachments (exe ,bat….) , no Antivirus , no Spam checks This is what happening when I try to send or receive email Jun 6 19:39:35 snowthunder postfix_host/pickup[21567]: 04A9D42C4C: uid=0 from= Jun 6 19:39:35 snowthunder postfix_host/cleanup[21603]: 04A9D42C4C: hold: header Received: by mail.snowthunder.org (Postfix, from userid 0)??id 04A9D42C4C; Sat, 6 Jun 2015 19:39:34 +0300 (EEST) from local; from=> to=> Jun 6 19:39:35 snowthunder postfix_host/cleanup[21603]: 04A9D42C4C: message-id=<20150606163935.04A9D42C4C at mail.snowthunder.org> Jun 6 19:39:37 snowthunder MailScanner[21598]: New Batch: Scanning 1 messages, 667 bytes Jun 6 19:39:37 snowthunder MailScanner[21598]: Saved archive copies of 04A9D42C4C.A004F Jun 6 19:39:37 snowthunder MailScanner[21598]: Looked up unknown string nonpasswordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf Jun 6 19:39:37 snowthunder MailScanner[21598]: Filename Checks: Allowing 04A9D42C4C.A004F msg-21598-1.txt Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus and Content Scanning: Starting Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus Scanning completed at 48372 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Spam Checks: Starting Jun 6 19:39:37 snowthunder MailScanner[21598]: Delivery of nonspam: message 04A9D42C4C.A004F from root at mail.snowthunder.org to dobril at snowthunder.org with subject Jun 6 19:39:37 snowthunder MailScanner[21598]: Spam Checks completed at 474732 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Requeue: 04A9D42C4C.A004F to C096D42C55 Jun 6 19:39:37 snowthunder MailScanner[21598]: Uninfected: Delivered 1 messages Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus Processing completed at 136202 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Deleted 1 messages from processing-database Jun 6 19:39:37 snowthunder MailScanner[21598]: Batch completed at 23686 bytes per second (667 / 0) Jun 6 19:39:37 snowthunder MailScanner[21598]: Batch (1 message) processed in 0.03 seconds # ls -l /var/spool/postfix/incoming/ total 68 drwx------. 2 postfix postfix 4096 Jun 6 19:39 0 drwx------. 2 postfix postfix 4096 Jun 6 19:21 1 drwx------. 2 postfix postfix 4096 Jun 6 18:52 2 drwx------. 2 postfix postfix 4096 Jun 6 19:38 3 drwx------. 2 postfix postfix 4096 Jun 6 18:56 4 drwx------. 2 postfix postfix 4096 Jun 6 19:18 5 drwx------. 2 postfix postfix 4096 Jun 6 19:14 6 drwx------. 2 postfix postfix 4096 Jun 6 19:38 7 drwx------. 2 postfix postfix 4096 Jun 6 19:01 8 drwx------. 2 postfix postfix 4096 Jun 6 18:52 9 drwx------. 2 postfix postfix 4096 Jun 6 19:38 A drwx------. 2 postfix postfix 4096 Jun 6 18:57 B drwx------. 2 postfix postfix 4096 Jun 6 19:02 C -rwx------. 1 postfix postfix 946 Jun 6 19:39 C096D42C55 drwx------. 2 postfix postfix 4096 Jun 6 18:56 D drwx------. 2 postfix postfix 4096 Jun 6 18:56 E drwx------. 2 postfix postfix 4096 Jun 6 18:56 F If I restart postfix service, it’s process delivery of all message from /var/spool/postfix/incoming .. but there are something wrong. This is my Postfix configs: main.cf command_directory = /usr/sbin maximal_queue_lifetime = 2d bounce_queue_lifetime = 0 myhostname = mail.snowthunder.org mydomain = snowthunder.org mydestination = mail.snowthunder.org virtual_alias_domains = /etc/postfix/local-host-names, /etc/postfix/virtual_domains virtual_alias_maps = hash:/etc/postfix/virtual canonical_maps = hash:/etc/postfix/canonical alias_maps = smtp_connection_cache_on_demand = no mail_spool_directory = /maildir/ transport_maps = hash:/etc/postfix/transport smtpd_helo_required = yes disable_vrfy_command = yes inet_interfaces = all mynetworks = 127.0.0.0/8 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_mx_backup, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_hostname smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_client_restrictions = permit_mynetworks syslog_name = postfix_host default_process_limit = 500 fallback_relay = 127.0.0.1 hash_queue_names = deferred, defer active bounce flush incoming unknown_local_recipient_reject_code = 450 message_size_limit = 20000000 readme_directory = /usr/share/doc/postfix-2.11.1/README_FILES sample_directory = /usr/share/doc/postfix-2.11.1/samples sendmail_path = /usr/sbin/sendmail html_directory = no setgid_group = postdrop manpage_directory = /usr/share/man daemon_directory = /usr/libexec/postfix newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq mail_owner = postfix queue_directory = /var/spool/postfix data_directory = /var/lib/postfix inet_protocols = ipv4 header_checks = regexp:/etc/postfix/header_checks master.cf smtp inet n - n - 80 smtpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache discard unix - - n - - discard tlsmgr unix - - n 1000? 1 tlsmgr retry unix - - n - - error proxywrite unix - - n - 1 proxymap -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From dobril at stanga.net Sat Jun 6 17:21:59 2015 From: dobril at stanga.net (Dobril Dobrilov) Date: Sat, 6 Jun 2015 20:21:59 +0300 Subject: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart In-Reply-To: References: <024b01d0a079$3fe8e920$bfbabb60$@stanga.net> <494027DB-7271-4B32-B0E2-87054AF5C5BB@fluxlabs.net>, <025a01d0a07b$5eb9a270$1c2ce750$@stanga.net> , <026901d0a07b$bfbd9a40$3f38cec0$@stanga.net> Message-ID: <027801d0a07d$4b8afb20$e2a0f160$@stanga.net> No, The massages are in /var/spool/postfix/incoming If I restart postfix the messages will be delivered. From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jeremy McSpadden Sent: Saturday, June 6, 2015 8:19 PM To: MailScanner Discussion Subject: Re: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart Messages are still remaining in hold folder ? Not being delivered ? -- Jeremy McSpadden | Flux Labs Local - 850-250-5590x501 | Mobile - 850-890-2543 Fax - 850-254-2955 | Toll Free - 877-699-FLUX Web - http://www.fluxlabs.net On Jun 6, 2015, at 1:10 PM, Dobril Dobrilov > wrote: Jun 6 20:05:26 snowthunder postfix_host/postfix-script[22051]: starting the Postfix mail system Jun 6 20:05:26 snowthunder postfix_host/master[22053]: daemon started -- version 2.11.1, configuration /etc/postfix Jun 6 20:05:27 snowthunder MailScanner[22077]: MailScanner E-Mail Virus Scanner version 4.85.2 starting... Jun 6 20:05:27 snowthunder MailScanner[22077]: Reading configuration file /etc/MailScanner/MailScanner.conf Jun 6 20:05:27 snowthunder MailScanner[22077]: Connected to Processing Attempts Database Jun 6 20:05:27 snowthunder MailScanner[22077]: Found 0 messages in the Processing Attempts Database Jun 6 20:05:27 snowthunder MailScanner[22077]: Using locktype = flock Jun 6 20:05:32 snowthunder MailScanner[22080]: MailScanner E-Mail Virus Scanner version 4.85.2 starting... Jun 6 20:05:32 snowthunder MailScanner[22080]: Reading configuration file /etc/MailScanner/MailScanner.conf Jun 6 20:05:32 snowthunder MailScanner[22080]: Connected to Processing Attempts Database Jun 6 20:05:32 snowthunder MailScanner[22080]: Found 0 messages in the Processing Attempts Database Jun 6 20:05:32 snowthunder MailScanner[22080]: Using locktype = flock Jun 6 20:05:37 snowthunder MailScanner[22081]: MailScanner E-Mail Virus Scanner version 4.85.2 starting... Jun 6 20:05:37 snowthunder MailScanner[22081]: Reading configuration file /etc/MailScanner/MailScanner.conf Jun 6 20:05:37 snowthunder MailScanner[22081]: Connected to Processing Attempts Database Jun 6 20:05:37 snowthunder MailScanner[22081]: Found 0 messages in the Processing Attempts Database Jun 6 20:05:37 snowthunder MailScanner[22081]: Using locktype = flock Jun 6 20:05:42 snowthunder MailScanner[22082]: MailScanner E-Mail Virus Scanner version 4.85.2 starting... Jun 6 20:05:42 snowthunder MailScanner[22082]: Reading configuration file /etc/MailScanner/MailScanner.conf Jun 6 20:05:42 snowthunder MailScanner[22082]: Connected to Processing Attempts Database Jun 6 20:05:42 snowthunder MailScanner[22082]: Found 0 messages in the Processing Attempts Database Jun 6 20:05:42 snowthunder MailScanner[22082]: Using locktype = flock Jun 6 20:06:00 snowthunder postfix_host/pickup[22055]: 8D7F542C55: uid=0 from= Jun 6 20:06:00 snowthunder postfix_host/cleanup[22087]: 8D7F542C55: hold: header Received: by mail.snowthunder.org (Postfix, from userid 0)??id 8D7F542C55; Sat, 6 Jun 2015 20:06:00 +0300 (EEST) from local; from= > to= > Jun 6 20:06:00 snowthunder postfix_host/cleanup[22087]: 8D7F542C55: message-id=<20150606170600.8D7F542C55 at mail.snowthunder.org > Jun 6 20:06:01 snowthunder MailScanner[22081]: New Batch: Scanning 1 messages, 667 bytes Jun 6 20:06:01 snowthunder MailScanner[22081]: Saved archive copies of 8D7F542C55.AD92B Jun 6 20:06:01 snowthunder MailScanner[22081]: Filename Checks: Allowing 8D7F542C55.AD92B msg-22081-1.txt Jun 6 20:06:01 snowthunder MailScanner[22081]: Virus and Content Scanning: Starting Jun 6 20:06:01 snowthunder MailScanner[22081]: Virus Scanning completed at 51055 bytes per second Jun 6 20:06:01 snowthunder MailScanner[22081]: Spam Checks: Starting Jun 6 20:06:01 snowthunder MailScanner[22081]: Delivery of nonspam: message 8D7F542C55.AD92B from root at mail.snowthunder.org to dobril at snowthunder.org with subject Jun 6 20:06:01 snowthunder MailScanner[22081]: Spam Checks completed at 474089 bytes per second Jun 6 20:06:01 snowthunder MailScanner[22081]: Requeue: 8D7F542C55.AD92B to 73EC242C59 Jun 6 20:06:01 snowthunder MailScanner[22081]: Uninfected: Delivered 1 messages Jun 6 20:06:01 snowthunder MailScanner[22081]: Virus Processing completed at 143621 bytes per second Jun 6 20:06:01 snowthunder MailScanner[22081]: Deleted 1 messages from processing-database Jun 6 20:06:01 snowthunder MailScanner[22081]: Batch completed at 25539 bytes per second (667 / 0) Jun 6 20:06:01 snowthunder MailScanner[22081]: Batch (1 message) processed in 0.03 seconds From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jeremy McSpadden Sent: Saturday, June 6, 2015 8:09 PM To: MailScanner Discussion Subject: Re: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart Output new log. -- Jeremy McSpadden | Flux Labs Local - 850-250-5590x501 | Mobile - 850-890-2543 Fax - 850-254-2955 | Toll Free - 877-699-FLUX Web - http://www.fluxlabs.net On Jun 6, 2015, at 1:08 PM, Dobril Dobrilov > wrote: I fix it , but the problem with delivery still persists From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jeremy McSpadden Sent: Saturday, June 6, 2015 7:57 PM To: MailScanner Discussion Subject: Re: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart Fix your Conf files Jun 6 19:39:37 snowthunder MailScanner[21598]: Looked up unknown string nonpasswordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf -- Jeremy McSpadden | Flux Labs Local - 850-250-5590x501 | Mobile - 850-890-2543 Fax - 850-254-2955 | Toll Free - 877-699-FLUX Web - http://www.fluxlabs.net On Jun 6, 2015, at 12:53 PM, Dobril Dobrilov > wrote: Hello, All messages stucks in /var/spool/postfix/incoming I just need MailScanner to check messages attachement for bad attachments (exe ,bat..) , no Antivirus , no Spam checks This is what happening when I try to send or receive email Jun 6 19:39:35 snowthunder postfix_host/pickup[21567]: 04A9D42C4C: uid=0 from= Jun 6 19:39:35 snowthunder postfix_host/cleanup[21603]: 04A9D42C4C: hold: header Received: by mail.snowthunder.org (Postfix, from userid 0)??id 04A9D42C4C; Sat, 6 Jun 2015 19:39:34 +0300 (EEST) from local; from= > to= > Jun 6 19:39:35 snowthunder postfix_host/cleanup[21603]: 04A9D42C4C: message-id=<20150606163935.04A9D42C4C at mail.snowthunder.org > Jun 6 19:39:37 snowthunder MailScanner[21598]: New Batch: Scanning 1 messages, 667 bytes Jun 6 19:39:37 snowthunder MailScanner[21598]: Saved archive copies of 04A9D42C4C.A004F Jun 6 19:39:37 snowthunder MailScanner[21598]: Looked up unknown string nonpasswordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf Jun 6 19:39:37 snowthunder MailScanner[21598]: Filename Checks: Allowing 04A9D42C4C.A004F msg-21598-1.txt Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus and Content Scanning: Starting Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus Scanning completed at 48372 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Spam Checks: Starting Jun 6 19:39:37 snowthunder MailScanner[21598]: Delivery of nonspam: message 04A9D42C4C.A004F from root at mail.snowthunder.org to dobril at snowthunder.org with subject Jun 6 19:39:37 snowthunder MailScanner[21598]: Spam Checks completed at 474732 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Requeue: 04A9D42C4C.A004F to C096D42C55 Jun 6 19:39:37 snowthunder MailScanner[21598]: Uninfected: Delivered 1 messages Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus Processing completed at 136202 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Deleted 1 messages from processing-database Jun 6 19:39:37 snowthunder MailScanner[21598]: Batch completed at 23686 bytes per second (667 / 0) Jun 6 19:39:37 snowthunder MailScanner[21598]: Batch (1 message) processed in 0.03 seconds # ls -l /var/spool/postfix/incoming/ total 68 drwx------. 2 postfix postfix 4096 Jun 6 19:39 0 drwx------. 2 postfix postfix 4096 Jun 6 19:21 1 drwx------. 2 postfix postfix 4096 Jun 6 18:52 2 drwx------. 2 postfix postfix 4096 Jun 6 19:38 3 drwx------. 2 postfix postfix 4096 Jun 6 18:56 4 drwx------. 2 postfix postfix 4096 Jun 6 19:18 5 drwx------. 2 postfix postfix 4096 Jun 6 19:14 6 drwx------. 2 postfix postfix 4096 Jun 6 19:38 7 drwx------. 2 postfix postfix 4096 Jun 6 19:01 8 drwx------. 2 postfix postfix 4096 Jun 6 18:52 9 drwx------. 2 postfix postfix 4096 Jun 6 19:38 A drwx------. 2 postfix postfix 4096 Jun 6 18:57 B drwx------. 2 postfix postfix 4096 Jun 6 19:02 C -rwx------. 1 postfix postfix 946 Jun 6 19:39 C096D42C55 drwx------. 2 postfix postfix 4096 Jun 6 18:56 D drwx------. 2 postfix postfix 4096 Jun 6 18:56 E drwx------. 2 postfix postfix 4096 Jun 6 18:56 F If I restart postfix service, it's process delivery of all message from /var/spool/postfix/incoming .. but there are something wrong. This is my Postfix configs: main.cf command_directory = /usr/sbin maximal_queue_lifetime = 2d bounce_queue_lifetime = 0 myhostname = mail.snowthunder.org mydomain = snowthunder.org mydestination = mail.snowthunder.org virtual_alias_domains = /etc/postfix/local-host-names, /etc/postfix/virtual_domains virtual_alias_maps = hash:/etc/postfix/virtual canonical_maps = hash:/etc/postfix/canonical alias_maps = smtp_connection_cache_on_demand = no mail_spool_directory = /maildir/ transport_maps = hash:/etc/postfix/transport smtpd_helo_required = yes disable_vrfy_command = yes inet_interfaces = all mynetworks = 127.0.0.0/8 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_mx_backup, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_hostname smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_client_restrictions = permit_mynetworks syslog_name = postfix_host default_process_limit = 500 fallback_relay = 127.0.0.1 hash_queue_names = deferred, defer active bounce flush incoming unknown_local_recipient_reject_code = 450 message_size_limit = 20000000 readme_directory = /usr/share/doc/postfix-2.11.1/README_FILES sample_directory = /usr/share/doc/postfix-2.11.1/samples sendmail_path = /usr/sbin/sendmail html_directory = no setgid_group = postdrop manpage_directory = /usr/share/man daemon_directory = /usr/libexec/postfix newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq mail_owner = postfix queue_directory = /var/spool/postfix data_directory = /var/lib/postfix inet_protocols = ipv4 header_checks = regexp:/etc/postfix/header_checks master.cf smtp inet n - n - 80 smtpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache discard unix - - n - - discard tlsmgr unix - - n 1000? 1 tlsmgr retry unix - - n - - error proxywrite unix - - n - 1 proxymap -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jeremy at fluxlabs.net Sat Jun 6 17:23:00 2015 From: jeremy at fluxlabs.net (Jeremy McSpadden) Date: Sat, 6 Jun 2015 17:23:00 +0000 Subject: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart In-Reply-To: <027801d0a07d$4b8afb20$e2a0f160$@stanga.net> References: <024b01d0a079$3fe8e920$bfbabb60$@stanga.net> <494027DB-7271-4B32-B0E2-87054AF5C5BB@fluxlabs.net>, <025a01d0a07b$5eb9a270$1c2ce750$@stanga.net> , <026901d0a07b$bfbd9a40$3f38cec0$@stanga.net> , <027801d0a07d$4b8afb20$e2a0f160$@stanga.net> Message-ID: <1547BF94-AF3C-4ACF-AD23-7C63A8ACF336@fluxlabs.net> Is postfix crashing ? Is MS set to deliver via batch or queue ? Set to batch. -- Jeremy McSpadden | Flux Labs Local - 850-250-5590x501 | Mobile - 850-890-2543 Fax - 850-254-2955 | Toll Free - 877-699-FLUX Web - http://www.fluxlabs.net On Jun 6, 2015, at 1:22 PM, Dobril Dobrilov > wrote: No, The massages are in /var/spool/postfix/incoming If I restart postfix the messages will be delivered. From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jeremy McSpadden Sent: Saturday, June 6, 2015 8:19 PM To: MailScanner Discussion Subject: Re: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart Messages are still remaining in hold folder ? Not being delivered ? -- Jeremy McSpadden | Flux Labs Local - 850-250-5590x501 | Mobile - 850-890-2543 Fax - 850-254-2955 | Toll Free - 877-699-FLUX Web - http://www.fluxlabs.net On Jun 6, 2015, at 1:10 PM, Dobril Dobrilov > wrote: Jun 6 20:05:26 snowthunder postfix_host/postfix-script[22051]: starting the Postfix mail system Jun 6 20:05:26 snowthunder postfix_host/master[22053]: daemon started -- version 2.11.1, configuration /etc/postfix Jun 6 20:05:27 snowthunder MailScanner[22077]: MailScanner E-Mail Virus Scanner version 4.85.2 starting... Jun 6 20:05:27 snowthunder MailScanner[22077]: Reading configuration file /etc/MailScanner/MailScanner.conf Jun 6 20:05:27 snowthunder MailScanner[22077]: Connected to Processing Attempts Database Jun 6 20:05:27 snowthunder MailScanner[22077]: Found 0 messages in the Processing Attempts Database Jun 6 20:05:27 snowthunder MailScanner[22077]: Using locktype = flock Jun 6 20:05:32 snowthunder MailScanner[22080]: MailScanner E-Mail Virus Scanner version 4.85.2 starting... Jun 6 20:05:32 snowthunder MailScanner[22080]: Reading configuration file /etc/MailScanner/MailScanner.conf Jun 6 20:05:32 snowthunder MailScanner[22080]: Connected to Processing Attempts Database Jun 6 20:05:32 snowthunder MailScanner[22080]: Found 0 messages in the Processing Attempts Database Jun 6 20:05:32 snowthunder MailScanner[22080]: Using locktype = flock Jun 6 20:05:37 snowthunder MailScanner[22081]: MailScanner E-Mail Virus Scanner version 4.85.2 starting... Jun 6 20:05:37 snowthunder MailScanner[22081]: Reading configuration file /etc/MailScanner/MailScanner.conf Jun 6 20:05:37 snowthunder MailScanner[22081]: Connected to Processing Attempts Database Jun 6 20:05:37 snowthunder MailScanner[22081]: Found 0 messages in the Processing Attempts Database Jun 6 20:05:37 snowthunder MailScanner[22081]: Using locktype = flock Jun 6 20:05:42 snowthunder MailScanner[22082]: MailScanner E-Mail Virus Scanner version 4.85.2 starting... Jun 6 20:05:42 snowthunder MailScanner[22082]: Reading configuration file /etc/MailScanner/MailScanner.conf Jun 6 20:05:42 snowthunder MailScanner[22082]: Connected to Processing Attempts Database Jun 6 20:05:42 snowthunder MailScanner[22082]: Found 0 messages in the Processing Attempts Database Jun 6 20:05:42 snowthunder MailScanner[22082]: Using locktype = flock Jun 6 20:06:00 snowthunder postfix_host/pickup[22055]: 8D7F542C55: uid=0 from= Jun 6 20:06:00 snowthunder postfix_host/cleanup[22087]: 8D7F542C55: hold: header Received: by mail.snowthunder.org (Postfix, from userid 0)??id 8D7F542C55; Sat, 6 Jun 2015 20:06:00 +0300 (EEST) from local; from=> to=> Jun 6 20:06:00 snowthunder postfix_host/cleanup[22087]: 8D7F542C55: message-id=<20150606170600.8D7F542C55 at mail.snowthunder.org> Jun 6 20:06:01 snowthunder MailScanner[22081]: New Batch: Scanning 1 messages, 667 bytes Jun 6 20:06:01 snowthunder MailScanner[22081]: Saved archive copies of 8D7F542C55.AD92B Jun 6 20:06:01 snowthunder MailScanner[22081]: Filename Checks: Allowing 8D7F542C55.AD92B msg-22081-1.txt Jun 6 20:06:01 snowthunder MailScanner[22081]: Virus and Content Scanning: Starting Jun 6 20:06:01 snowthunder MailScanner[22081]: Virus Scanning completed at 51055 bytes per second Jun 6 20:06:01 snowthunder MailScanner[22081]: Spam Checks: Starting Jun 6 20:06:01 snowthunder MailScanner[22081]: Delivery of nonspam: message 8D7F542C55.AD92B from root at mail.snowthunder.org to dobril at snowthunder.org with subject Jun 6 20:06:01 snowthunder MailScanner[22081]: Spam Checks completed at 474089 bytes per second Jun 6 20:06:01 snowthunder MailScanner[22081]: Requeue: 8D7F542C55.AD92B to 73EC242C59 Jun 6 20:06:01 snowthunder MailScanner[22081]: Uninfected: Delivered 1 messages Jun 6 20:06:01 snowthunder MailScanner[22081]: Virus Processing completed at 143621 bytes per second Jun 6 20:06:01 snowthunder MailScanner[22081]: Deleted 1 messages from processing-database Jun 6 20:06:01 snowthunder MailScanner[22081]: Batch completed at 25539 bytes per second (667 / 0) Jun 6 20:06:01 snowthunder MailScanner[22081]: Batch (1 message) processed in 0.03 seconds From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jeremy McSpadden Sent: Saturday, June 6, 2015 8:09 PM To: MailScanner Discussion Subject: Re: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart Output new log. -- Jeremy McSpadden | Flux Labs Local - 850-250-5590x501 | Mobile - 850-890-2543 Fax - 850-254-2955 | Toll Free - 877-699-FLUX Web - http://www.fluxlabs.net On Jun 6, 2015, at 1:08 PM, Dobril Dobrilov > wrote: I fix it , but the problem with delivery still persists From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jeremy McSpadden Sent: Saturday, June 6, 2015 7:57 PM To: MailScanner Discussion Subject: Re: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart Fix your Conf files Jun 6 19:39:37 snowthunder MailScanner[21598]: Looked up unknown string nonpasswordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf -- Jeremy McSpadden | Flux Labs Local - 850-250-5590x501 | Mobile - 850-890-2543 Fax - 850-254-2955 | Toll Free - 877-699-FLUX Web - http://www.fluxlabs.net On Jun 6, 2015, at 12:53 PM, Dobril Dobrilov > wrote: Hello, All messages stucks in /var/spool/postfix/incoming I just need MailScanner to check messages attachement for bad attachments (exe ,bat….) , no Antivirus , no Spam checks This is what happening when I try to send or receive email Jun 6 19:39:35 snowthunder postfix_host/pickup[21567]: 04A9D42C4C: uid=0 from= Jun 6 19:39:35 snowthunder postfix_host/cleanup[21603]: 04A9D42C4C: hold: header Received: by mail.snowthunder.org (Postfix, from userid 0)??id 04A9D42C4C; Sat, 6 Jun 2015 19:39:34 +0300 (EEST) from local; from=> to=> Jun 6 19:39:35 snowthunder postfix_host/cleanup[21603]: 04A9D42C4C: message-id=<20150606163935.04A9D42C4C at mail.snowthunder.org> Jun 6 19:39:37 snowthunder MailScanner[21598]: New Batch: Scanning 1 messages, 667 bytes Jun 6 19:39:37 snowthunder MailScanner[21598]: Saved archive copies of 04A9D42C4C.A004F Jun 6 19:39:37 snowthunder MailScanner[21598]: Looked up unknown string nonpasswordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf Jun 6 19:39:37 snowthunder MailScanner[21598]: Filename Checks: Allowing 04A9D42C4C.A004F msg-21598-1.txt Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus and Content Scanning: Starting Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus Scanning completed at 48372 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Spam Checks: Starting Jun 6 19:39:37 snowthunder MailScanner[21598]: Delivery of nonspam: message 04A9D42C4C.A004F from root at mail.snowthunder.org to dobril at snowthunder.org with subject Jun 6 19:39:37 snowthunder MailScanner[21598]: Spam Checks completed at 474732 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Requeue: 04A9D42C4C.A004F to C096D42C55 Jun 6 19:39:37 snowthunder MailScanner[21598]: Uninfected: Delivered 1 messages Jun 6 19:39:37 snowthunder MailScanner[21598]: Virus Processing completed at 136202 bytes per second Jun 6 19:39:37 snowthunder MailScanner[21598]: Deleted 1 messages from processing-database Jun 6 19:39:37 snowthunder MailScanner[21598]: Batch completed at 23686 bytes per second (667 / 0) Jun 6 19:39:37 snowthunder MailScanner[21598]: Batch (1 message) processed in 0.03 seconds # ls -l /var/spool/postfix/incoming/ total 68 drwx------. 2 postfix postfix 4096 Jun 6 19:39 0 drwx------. 2 postfix postfix 4096 Jun 6 19:21 1 drwx------. 2 postfix postfix 4096 Jun 6 18:52 2 drwx------. 2 postfix postfix 4096 Jun 6 19:38 3 drwx------. 2 postfix postfix 4096 Jun 6 18:56 4 drwx------. 2 postfix postfix 4096 Jun 6 19:18 5 drwx------. 2 postfix postfix 4096 Jun 6 19:14 6 drwx------. 2 postfix postfix 4096 Jun 6 19:38 7 drwx------. 2 postfix postfix 4096 Jun 6 19:01 8 drwx------. 2 postfix postfix 4096 Jun 6 18:52 9 drwx------. 2 postfix postfix 4096 Jun 6 19:38 A drwx------. 2 postfix postfix 4096 Jun 6 18:57 B drwx------. 2 postfix postfix 4096 Jun 6 19:02 C -rwx------. 1 postfix postfix 946 Jun 6 19:39 C096D42C55 drwx------. 2 postfix postfix 4096 Jun 6 18:56 D drwx------. 2 postfix postfix 4096 Jun 6 18:56 E drwx------. 2 postfix postfix 4096 Jun 6 18:56 F If I restart postfix service, it’s process delivery of all message from /var/spool/postfix/incoming .. but there are something wrong. This is my Postfix configs: main.cf command_directory = /usr/sbin maximal_queue_lifetime = 2d bounce_queue_lifetime = 0 myhostname = mail.snowthunder.org mydomain = snowthunder.org mydestination = mail.snowthunder.org virtual_alias_domains = /etc/postfix/local-host-names, /etc/postfix/virtual_domains virtual_alias_maps = hash:/etc/postfix/virtual canonical_maps = hash:/etc/postfix/canonical alias_maps = smtp_connection_cache_on_demand = no mail_spool_directory = /maildir/ transport_maps = hash:/etc/postfix/transport smtpd_helo_required = yes disable_vrfy_command = yes inet_interfaces = all mynetworks = 127.0.0.0/8 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_mx_backup, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_hostname smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_client_restrictions = permit_mynetworks syslog_name = postfix_host default_process_limit = 500 fallback_relay = 127.0.0.1 hash_queue_names = deferred, defer active bounce flush incoming unknown_local_recipient_reject_code = 450 message_size_limit = 20000000 readme_directory = /usr/share/doc/postfix-2.11.1/README_FILES sample_directory = /usr/share/doc/postfix-2.11.1/samples sendmail_path = /usr/sbin/sendmail html_directory = no setgid_group = postdrop manpage_directory = /usr/share/man daemon_directory = /usr/libexec/postfix newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq mail_owner = postfix queue_directory = /var/spool/postfix data_directory = /var/lib/postfix inet_protocols = ipv4 header_checks = regexp:/etc/postfix/header_checks master.cf smtp inet n - n - 80 smtpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache discard unix - - n - - discard tlsmgr unix - - n 1000? 1 tlsmgr retry unix - - n - - error proxywrite unix - - n - 1 proxymap -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Sat Jun 6 17:24:56 2015 From: mark at msapiro.net (Mark Sapiro) Date: Sat, 06 Jun 2015 10:24:56 -0700 Subject: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart In-Reply-To: <024b01d0a079$3fe8e920$bfbabb60$@stanga.net> References: <024b01d0a079$3fe8e920$bfbabb60$@stanga.net> Message-ID: <55732CE8.10109@msapiro.net> On 06/06/2015 09:53 AM, Dobril Dobrilov wrote: > > All messages stucks in /var/spool/postfix/incoming ... > # ls -l /var/spool/postfix/incoming/ > > total 68 > > drwx------. 2 postfix postfix 4096 Jun 6 19:39 0 > > drwx------. 2 postfix postfix 4096 Jun 6 19:21 1 > > drwx------. 2 postfix postfix 4096 Jun 6 18:52 2 > > drwx------. 2 postfix postfix 4096 Jun 6 19:38 3 > > drwx------. 2 postfix postfix 4096 Jun 6 18:56 4 > > drwx------. 2 postfix postfix 4096 Jun 6 19:18 5 > > drwx------. 2 postfix postfix 4096 Jun 6 19:14 6 > > drwx------. 2 postfix postfix 4096 Jun 6 19:38 7 > > drwx------. 2 postfix postfix 4096 Jun 6 19:01 8 > > drwx------. 2 postfix postfix 4096 Jun 6 18:52 9 > > drwx------. 2 postfix postfix 4096 Jun 6 19:38 A > > drwx------. 2 postfix postfix 4096 Jun 6 18:57 B > > drwx------. 2 postfix postfix 4096 Jun 6 19:02 C > > -rwx------. 1 postfix postfix 946 Jun 6 19:39 C096D42C55 > > drwx------. 2 postfix postfix 4096 Jun 6 18:56 D > > drwx------. 2 postfix postfix 4096 Jun 6 18:56 E > > drwx------. 2 postfix postfix 4096 Jun 6 18:56 F ... > main.cf ... > hash_queue_names = deferred, defer active bounce flush incoming This is curious. You are hashing the 'incoming' queue but Mailscanner is queueing the message in /var/spool/postfix/incoming/C096D42C55 instead of /var/spool/postfix/incoming/C/C096D42C55. I don't know if this is the problem or not, but hashing 'incoming' is thought to be unnecessary, see . I suggest removing 'incoming' from hash_queue_names or maybe removing hash_queue_names entirely and going with the default and reloading Postfix. If this fixes the problem, it's probably actually a MailScanner bug. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From iversons at rushville.k12.in.us Sat Jun 6 17:32:56 2015 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Sat, 6 Jun 2015 13:32:56 -0400 Subject: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart In-Reply-To: <027801d0a07d$4b8afb20$e2a0f160$@stanga.net> References: <024b01d0a079$3fe8e920$bfbabb60$@stanga.net> <494027DB-7271-4B32-B0E2-87054AF5C5BB@fluxlabs.net> <025a01d0a07b$5eb9a270$1c2ce750$@stanga.net> <026901d0a07b$bfbd9a40$3f38cec0$@stanga.net> <027801d0a07d$4b8afb20$e2a0f160$@stanga.net> Message-ID: Is your header_checks and queue settings ok? I have mine set to hold mail and MS fetch it and drop it into incoming for postifx to deliver... /etc/postfix/header_checks: /^Received:/ HOLD /etc/MailScanner/MailScanner.conf: Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming Incoming Work Dir = /var/spool/MailScanner/incoming Lockfile Dir = /var/spool/MailScanner/incoming/Locks On Sat, Jun 6, 2015 at 1:21 PM, Dobril Dobrilov wrote: > No, > > > > The massages are in /var/spool/postfix/incoming > > > > If I restart postfix the messages will be delivered. > > > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dobril at stanga.net Sat Jun 6 17:37:51 2015 From: dobril at stanga.net (Dobril Dobrilov) Date: Sat, 6 Jun 2015 20:37:51 +0300 Subject: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart In-Reply-To: <55732CE8.10109@msapiro.net> References: <024b01d0a079$3fe8e920$bfbabb60$@stanga.net> <55732CE8.10109@msapiro.net> Message-ID: <029901d0a07f$8306b510$89141f30$@stanga.net> Mark , you solve my problem . Thank you very much. After I comment the line: hash_queue_names = deferred, defer active bounce flush incoming and remove these directories 0/ 1/ 2/ 3/ 4/ 5/ 6/ 7/ 8/ 9/ A/ B/ C/ D/ E/ F/ . Now everything work perfect. -----Original Message----- From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mark Sapiro Sent: Saturday, June 6, 2015 8:25 PM To: mailscanner at lists.mailscanner.info Subject: Re: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart On 06/06/2015 09:53 AM, Dobril Dobrilov wrote: > > All messages stucks in /var/spool/postfix/incoming ... > # ls -l /var/spool/postfix/incoming/ > > total 68 > > drwx------. 2 postfix postfix 4096 Jun 6 19:39 0 > > drwx------. 2 postfix postfix 4096 Jun 6 19:21 1 > > drwx------. 2 postfix postfix 4096 Jun 6 18:52 2 > > drwx------. 2 postfix postfix 4096 Jun 6 19:38 3 > > drwx------. 2 postfix postfix 4096 Jun 6 18:56 4 > > drwx------. 2 postfix postfix 4096 Jun 6 19:18 5 > > drwx------. 2 postfix postfix 4096 Jun 6 19:14 6 > > drwx------. 2 postfix postfix 4096 Jun 6 19:38 7 > > drwx------. 2 postfix postfix 4096 Jun 6 19:01 8 > > drwx------. 2 postfix postfix 4096 Jun 6 18:52 9 > > drwx------. 2 postfix postfix 4096 Jun 6 19:38 A > > drwx------. 2 postfix postfix 4096 Jun 6 18:57 B > > drwx------. 2 postfix postfix 4096 Jun 6 19:02 C > > -rwx------. 1 postfix postfix 946 Jun 6 19:39 C096D42C55 > > drwx------. 2 postfix postfix 4096 Jun 6 18:56 D > > drwx------. 2 postfix postfix 4096 Jun 6 18:56 E > > drwx------. 2 postfix postfix 4096 Jun 6 18:56 F ... > main.cf ... > hash_queue_names = deferred, defer active bounce flush incoming This is curious. You are hashing the 'incoming' queue but Mailscanner is queueing the message in /var/spool/postfix/incoming/C096D42C55 instead of /var/spool/postfix/incoming/C/C096D42C55. I don't know if this is the problem or not, but hashing 'incoming' is thought to be unnecessary, see . I suggest removing 'incoming' from hash_queue_names or maybe removing hash_queue_names entirely and going with the default and reloading Postfix. If this fixes the problem, it's probably actually a MailScanner bug. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner From mark at msapiro.net Sat Jun 6 17:50:25 2015 From: mark at msapiro.net (Mark Sapiro) Date: Sat, 06 Jun 2015 10:50:25 -0700 Subject: CentOS6 - Postfix_MailScanner - Messages remaining until postfix restart In-Reply-To: <029901d0a07f$8306b510$89141f30$@stanga.net> References: <024b01d0a079$3fe8e920$bfbabb60$@stanga.net> <55732CE8.10109@msapiro.net> <029901d0a07f$8306b510$89141f30$@stanga.net> Message-ID: <557332E1.3020503@msapiro.net> On 06/06/2015 10:37 AM, Dobril Dobrilov wrote: > Mark , you solve my problem . Thank you very much. > > After I comment the line: > hash_queue_names = deferred, defer active bounce flush incoming > and remove these directories 0/ 1/ 2/ 3/ 4/ 5/ 6/ 7/ 8/ 9/ A/ B/ C/ D/ E/ F/ . > > Now everything work perfect. Good. I looked briefly at the code in MailScanner/Postfix.pm, and it does attempt to find the hash queue depth, but it does it by actually examining the queue directory, and it looks like if can get confused if there is anything other than the 16 subdirectories there at the time it looks. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From email at ace.net.au Tue Jun 9 05:05:25 2015 From: email at ace.net.au (Peter Nitschke) Date: Tue, 09 Jun 2015 14:35:25 +0930 Subject: Protected Sky RBL Message-ID: <201506091435250518.47A2F485@web.ace.net.au> Hi, Does anybody have any experience or know anything about the Protected Sky RBL? http://psky.me No information on the web site. Peter From jerry.benton at mailborder.com Tue Jun 9 05:07:55 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 9 Jun 2015 01:07:55 -0400 Subject: Protected Sky RBL In-Reply-To: <201506091435250518.47A2F485@web.ace.net.au> References: <201506091435250518.47A2F485@web.ace.net.au> Message-ID: <59EC251D-C3C5-4533-A47A-FE2955E92F1F@mailborder.com> Looks new. I’d avoid it for the very reason you mentioned below. - Jerry Benton www.mailborder.com > On Jun 9, 2015, at 1:05 AM, Peter Nitschke wrote: > > Hi, > > Does anybody have any experience or know anything about the Protected Sky > RBL? > > http://psky.me > > No information on the web site. > > Peter > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From email at ace.net.au Tue Jun 9 05:57:08 2015 From: email at ace.net.au (Peter Nitschke) Date: Tue, 09 Jun 2015 15:27:08 +0930 Subject: Protected Sky RBL In-Reply-To: <59EC251D-C3C5-4533-A47A-FE2955E92F1F@mailborder.com> References: <201506091435250518.47A2F485@web.ace.net.au> <59EC251D-C3C5-4533-A47A-FE2955E92F1F@mailborder.com> Message-ID: <201506091527080903.47D24EB6@web.ace.net.au> One of my users mail has been blocked because of it, but there isn't any way to get the listing cleared. It's a major ISP that is using this list too, which surprised me, as it's blocking the mail of one of it's own subsidary servers. Peter *********** REPLY SEPARATOR *********** On 9/06/2015 at 1:07 AM Jerry Benton wrote: >This encoded message has been converted to an attachment. > >Looks new. I’d avoid it for the very reason you mentioned below. > - Jerry Benton www.mailborder.com > On Jun 9, 2015, at 1:05 AM, >Peter Nitschke wrote: > > Hi, > > Does anybody have >any experience or know anything about the Protected Sky > RBL? > > >http://psky.me > > No information on the web site. > > Peter > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > >http://lists.mailscanner.info/listinfo/mailscanner > -- MailScanner >mailing >list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner From jerry.benton at mailborder.com Wed Jun 10 15:31:55 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Wed, 10 Jun 2015 11:31:55 -0400 Subject: Blocking All Attachments Message-ID: Has anyone ever tried blocking any attachments that is not specifically allowed in filename.rules.conf ? For example, if some text document can through with the extension .foobar. .foobar is not a listed extension as alllowed, so it is denied. I am not sure how a regex statement at the end of the configuration file that is essentially a deny all would behave. - Jerry Benton www.mailborder.com From antal at admx.nl Wed Jun 10 21:20:45 2015 From: antal at admx.nl (ADMX - Antal Delahaije) Date: Wed, 10 Jun 2015 21:20:45 +0000 Subject: MailScanner prevents bayes mysql autolearn Message-ID: Hi, I've configurerd the latest MailScanner 4.85.2 in combination with MailWatch 1.2.0 beta 8. Everything works fine except for bayes autolearning. If I set 'SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin' the bayes files are written into this directory but it also creates a journal which always is created with 0600 permissions thus MailWatch cannot access this journal until I manually set permission to 0660. This journal merges with the bayes database and a new file with the same 0600 permissions is created. Whatever I do to this folder permissions or set in MailScanner.conf, it always is permission 0600. Then I figured out bayes can also write to MySQL database so I've configured something like below in my spam.assassin.prefs.conf. bayes_store_module Mail::SpamAssassin::BayesStore::MySQL bayes_sql_dsn DBI:mysql:sa_bayes:127.0.0.1:3306 bayes_sql_username sauser bayes_sql_password password bayes_sql_override_username postfix This works great for all e-mails I manually learn with 'sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --ham/--spam file' command or I learn from the MailWatch frontend, no more errors here! After a while I noticed MailScanner said it was autolearning but still creating the local bayes files in '/var/spool/MailScanner/spamassassin'. I tried disabling the 'SpamAssassin User State Dir' but this completely stopped autolearning. I think MailScanner is somehow preventing spamassassin to autolearn via MySQL. Is this possible what I am doing via MailScanner? Maybe some misconfiguration? Or does anybody know the solution to get autolearn working the conventional way? Best regards, Antal. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Thu Jun 11 00:08:23 2015 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 10 Jun 2015 17:08:23 -0700 Subject: MailScanner prevents bayes mysql autolearn In-Reply-To: References: Message-ID: <5578D177.80405@msapiro.net> On 06/10/2015 02:20 PM, ADMX - Antal Delahaije wrote: > > I think MailScanner is somehow preventing spamassassin to autolearn via > MySQL. Is this possible what I am doing via MailScanner? Maybe some > misconfiguration? > > > > Or does anybody know the solution to get autolearn working the > conventional way? I use these settings in spam.assassin.prefs.conf bayes_path /var/spool/MailScanner/spamassassin/bayes bayes_file_mode 0770 bayes_store_module Mail::SpamAssassin::BayesStore::SDBM I also have g+s on the /var/spool/MailScanner/spamassassin/ directory. That works for me and it worked for me before I added bayes_store_module Mail::SpamAssassin::BayesStore::SDBM to use SDBM. The g+s on the directory is to maintain the group on the subordinate files when they are occasionally changed by some 'root' process. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From antal at admx.nl Thu Jun 11 13:20:17 2015 From: antal at admx.nl (ADMX - Antal Delahaije) Date: Thu, 11 Jun 2015 13:20:17 +0000 Subject: MailScanner prevents bayes mysql autolearn In-Reply-To: <5578D177.80405@msapiro.net> References: <5578D177.80405@msapiro.net> Message-ID: Ok thanks, this seems to be working. I also found another solution for the read/write error to the bayes journal from within the MailWatch interface. sed -i 's/sa-learn -p/sa-learn --no-sync -p/' /var/www/html/mailscanner/functions.php But your solution, using SDBM is a better one. So far my bayes_journal is created with the correct permissions and performance seems great. Thanks again. Regards, Antal. -----Oorspronkelijk bericht----- Van: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] Namens Mark Sapiro Verzonden: donderdag 11 juni 2015 2:08 Aan: mailscanner at lists.mailscanner.info Onderwerp: Re: MailScanner prevents bayes mysql autolearn On 06/10/2015 02:20 PM, ADMX - Antal Delahaije wrote: > > I think MailScanner is somehow preventing spamassassin to autolearn > via MySQL. Is this possible what I am doing via MailScanner? Maybe > some misconfiguration? > > > > Or does anybody know the solution to get autolearn working the > conventional way? I use these settings in spam.assassin.prefs.conf bayes_path /var/spool/MailScanner/spamassassin/bayes bayes_file_mode 0770 bayes_store_module Mail::SpamAssassin::BayesStore::SDBM I also have g+s on the /var/spool/MailScanner/spamassassin/ directory. That works for me and it worked for me before I added bayes_store_module Mail::SpamAssassin::BayesStore::SDBM to use SDBM. The g+s on the directory is to maintain the group on the subordinate files when they are occasionally changed by some 'root' process. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner From jim at shout.net Thu Jun 11 14:12:01 2015 From: jim at shout.net (Jim Creason) Date: Thu, 11 Jun 2015 09:12:01 -0500 Subject: MailScanner prevents bayes mysql autolearn In-Reply-To: References: Message-ID: <55799731.8000101@shout.net> Hi Antal, This sounds like something I encountered setting this up a couple months ago. I'm pretty sure my issue was this symlink in /etc/spamassassin was missing: mailscanner.cf -> /etc/MailScanner/spam.assassin.prefs.conf --jim On 6/10/15 4:20 PM, ADMX - Antal Delahaije wrote: > Hi, > > I’ve configurerd the latest MailScanner 4.85.2 in combination with > MailWatch 1.2.0 beta 8. Everything works fine except for bayes autolearning. > > If I set ‘SpamAssassin User State Dir = > /var/spool/MailScanner/spamassassin’ the bayes files are written into > this directory but it also creates a journal which always is created > with 0600 permissions thus MailWatch cannot access this journal until I > manually set permission to 0660. This journal merges with the bayes > database and a new file with the same 0600 permissions is created. > Whatever I do to this folder permissions or set in MailScanner.conf, it > always is permission 0600. > > Then I figured out bayes can also write to MySQL database so I’ve > configured something like below in my spam.assassin.prefs.conf. > > bayes_store_module Mail::SpamAssassin::BayesStore::MySQL > > bayes_sql_dsn DBI:mysql:sa_bayes:127.0.0.1:3306 > > bayes_sql_username sauser > > bayes_sql_password password > > bayes_sql_override_username postfix > > This works great for all e-mails I manually learn with ‘sa-learn –p > /etc/MailScanner/spam.assassin.prefs.conf –-ham/--spam file’ command or > I learn from the MailWatch frontend, no more errors here! > > After a while I noticed MailScanner said it was autolearning but still > creating the local bayes files in ‘/var/spool/MailScanner/spamassassin’. > I tried disabling the ‘SpamAssassin User State Dir’ but this completely > stopped autolearning. > > I think MailScanner is somehow preventing spamassassin to autolearn via > MySQL. Is this possible what I am doing via MailScanner? Maybe some > misconfiguration? > > Or does anybody know the solution to get autolearn working the > conventional way? > > Best regards, > > Antal. > > > > > -- Jim Creason Chief Engineer Shouting Ground Technologies From antal at admx.nl Thu Jun 11 14:32:21 2015 From: antal at admx.nl (ADMX - Antal Delahaije) Date: Thu, 11 Jun 2015 14:32:21 +0000 Subject: MailScanner prevents bayes mysql autolearn In-Reply-To: <55799731.8000101@shout.net> References: <55799731.8000101@shout.net> Message-ID: Hi Jim, That's also possible because I actually encountered this while running the sa-learn password from bash. I already added this symlink, but still I don't think changing bayesstore to SDBM was a bad move. Thanks. Regards Antal. -----Oorspronkelijk bericht----- Van: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] Namens Jim Creason Verzonden: donderdag 11 juni 2015 16:12 Aan: MailScanner Discussion Onderwerp: Re: MailScanner prevents bayes mysql autolearn Hi Antal, This sounds like something I encountered setting this up a couple months ago. I'm pretty sure my issue was this symlink in /etc/spamassassin was missing: mailscanner.cf -> /etc/MailScanner/spam.assassin.prefs.conf --jim On 6/10/15 4:20 PM, ADMX - Antal Delahaije wrote: > Hi, > > I’ve configurerd the latest MailScanner 4.85.2 in combination with > MailWatch 1.2.0 beta 8. Everything works fine except for bayes autolearning. > > If I set ‘SpamAssassin User State Dir = > /var/spool/MailScanner/spamassassin’ the bayes files are written into > this directory but it also creates a journal which always is created > with 0600 permissions thus MailWatch cannot access this journal until > I manually set permission to 0660. This journal merges with the bayes > database and a new file with the same 0600 permissions is created. > Whatever I do to this folder permissions or set in MailScanner.conf, > it always is permission 0600. > > Then I figured out bayes can also write to MySQL database so I’ve > configured something like below in my spam.assassin.prefs.conf. > > bayes_store_module Mail::SpamAssassin::BayesStore::MySQL > > bayes_sql_dsn DBI:mysql:sa_bayes:127.0.0.1:3306 > > bayes_sql_username sauser > > bayes_sql_password password > > bayes_sql_override_username postfix > > This works great for all e-mails I manually learn with ‘sa-learn –p > /etc/MailScanner/spam.assassin.prefs.conf –-ham/--spam file’ command > or I learn from the MailWatch frontend, no more errors here! > > After a while I noticed MailScanner said it was autolearning but still > creating the local bayes files in ‘/var/spool/MailScanner/spamassassin’. > I tried disabling the ‘SpamAssassin User State Dir’ but this > completely stopped autolearning. > > I think MailScanner is somehow preventing spamassassin to autolearn > via MySQL. Is this possible what I am doing via MailScanner? Maybe > some misconfiguration? > > Or does anybody know the solution to get autolearn working the > conventional way? > > Best regards, > > Antal. > > > > > -- Jim Creason Chief Engineer Shouting Ground Technologies -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner From mike at sentinelbox.net Thu Jun 11 19:29:33 2015 From: mike at sentinelbox.net (michael pap) Date: Thu, 11 Jun 2015 15:29:33 -0400 Subject: graymail ruleset question Message-ID: Hi, Is there a way to create a ruleset in MailScanner/SA to separate graymail spam from other spam like X-%orgname%-Bulk-Signature? Thank you. Mike -- This email has been scanned by the EMFABox eMail service. ID: 3C838E11A0.A2A85 -- This email has been scanned by the EMFABox eMail service. ID: BE53C428B5.AABE7 -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Mon Jun 15 18:47:37 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 15 Jun 2015 14:47:37 -0400 Subject: Webhooks Message-ID: <7E52BC1D-925D-454B-B940-6C0822A53C64@mailborder.com> Has anyone tested or dealt with webhooks and MailScanner? There are some obvious privacy concerns with having them in email. - Jerry Benton www.mailborder.com From mailscanner at barendse.to Tue Jun 16 14:59:06 2015 From: mailscanner at barendse.to (Remco Barendse) Date: Tue, 16 Jun 2015 16:59:06 +0200 (CEST) Subject: Webhooks In-Reply-To: <7E52BC1D-925D-454B-B940-6C0822A53C64@mailborder.com> References: <7E52BC1D-925D-454B-B940-6C0822A53C64@mailborder.com> Message-ID: You mean the tracking url's? All web traffic is routed through a proxy here (no exceptions), i am using block lists to block the webhooks on proxy level and i regularly check the logs adding new domains to my block list. On Mon, 15 Jun 2015, Jerry Benton wrote: > Has anyone tested or dealt with webhooks and MailScanner? There are some obvious privacy concerns with having them in email. > > - > Jerry Benton > www.mailborder.com > > > > > > From jerry.benton at mailborder.com Tue Jun 16 15:05:48 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 16 Jun 2015 11:05:48 -0400 Subject: Webhooks In-Reply-To: References: <7E52BC1D-925D-454B-B940-6C0822A53C64@mailborder.com> Message-ID: <7EAF778E-3D4B-4DAF-B197-5B745622F540@mailborder.com> Yes, for tracking. I am interested in how places like Mailchimp insert them and how these web hooks are reporting email reads, deletes, etc. Opening an email by default does not activate a web link in the email, but with web hooks that is somehow happening. - Jerry Benton www.mailborder.com > On Jun 16, 2015, at 10:59 AM, Remco Barendse wrote: > > You mean the tracking url's? > > All web traffic is routed through a proxy here (no exceptions), i am using block lists to block the webhooks on proxy level and i regularly check the logs adding new domains to my block list. > > > On Mon, 15 Jun 2015, Jerry Benton wrote: > >> Has anyone tested or dealt with webhooks and MailScanner? There are some obvious privacy concerns with having them in email. >> >> - >> Jerry Benton >> www.mailborder.com >> >> >> >> >> >> > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From chapman at simplesrv.com Tue Jun 16 15:07:44 2015 From: chapman at simplesrv.com (Chris Chapman) Date: Tue, 16 Jun 2015 10:07:44 -0500 Subject: Webhooks In-Reply-To: <7EAF778E-3D4B-4DAF-B197-5B745622F540@mailborder.com> References: <7E52BC1D-925D-454B-B940-6C0822A53C64@mailborder.com> <7EAF778E-3D4B-4DAF-B197-5B745622F540@mailborder.com> Message-ID: <5671275A-119B-41B7-9D72-1F13CC5A55FF@simplesrv.com> Are you asking how to implement them or how to remove them via MailScanner? Chris Chapman chapman at simplesrv.com > On Jun 16, 2015, at 10:05 AM, Jerry Benton wrote: > > Yes, for tracking. I am interested in how places like Mailchimp insert them and how these web hooks are reporting email reads, deletes, etc. Opening an email by default does not activate a web link in the email, but with web hooks that is somehow happening. > > - > Jerry Benton > www.mailborder.com > > > >> On Jun 16, 2015, at 10:59 AM, Remco Barendse wrote: >> >> You mean the tracking url's? >> >> All web traffic is routed through a proxy here (no exceptions), i am using block lists to block the webhooks on proxy level and i regularly check the logs adding new domains to my block list. >> >> >> On Mon, 15 Jun 2015, Jerry Benton wrote: >> >>> Has anyone tested or dealt with webhooks and MailScanner? There are some obvious privacy concerns with having them in email. >>> >>> - >>> Jerry Benton >>> www.mailborder.com >>> >>> >>> >>> >>> >>> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From jerry.benton at mailborder.com Tue Jun 16 15:09:42 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 16 Jun 2015 11:09:42 -0400 Subject: Webhooks In-Reply-To: <5671275A-119B-41B7-9D72-1F13CC5A55FF@simplesrv.com> References: <7E52BC1D-925D-454B-B940-6C0822A53C64@mailborder.com> <7EAF778E-3D4B-4DAF-B197-5B745622F540@mailborder.com> <5671275A-119B-41B7-9D72-1F13CC5A55FF@simplesrv.com> Message-ID: I am interested in: - how the mechanics of it work with the different techniques commonly in use - identifying, removing or disarming via MailScanner - Jerry Benton www.mailborder.com > On Jun 16, 2015, at 11:07 AM, Chris Chapman wrote: > > Are you asking how to implement them or how to remove them via MailScanner? > > Chris Chapman > chapman at simplesrv.com > > >> On Jun 16, 2015, at 10:05 AM, Jerry Benton wrote: >> >> Yes, for tracking. I am interested in how places like Mailchimp insert them and how these web hooks are reporting email reads, deletes, etc. Opening an email by default does not activate a web link in the email, but with web hooks that is somehow happening. >> >> - >> Jerry Benton >> www.mailborder.com >> >> >> >>> On Jun 16, 2015, at 10:59 AM, Remco Barendse wrote: >>> >>> You mean the tracking url's? >>> >>> All web traffic is routed through a proxy here (no exceptions), i am using block lists to block the webhooks on proxy level and i regularly check the logs adding new domains to my block list. >>> >>> >>> On Mon, 15 Jun 2015, Jerry Benton wrote: >>> >>>> Has anyone tested or dealt with webhooks and MailScanner? There are some obvious privacy concerns with having them in email. >>>> >>>> - >>>> Jerry Benton >>>> www.mailborder.com >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/listinfo/mailscanner >>> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From chapman at simplesrv.com Tue Jun 16 15:12:17 2015 From: chapman at simplesrv.com (Chris Chapman) Date: Tue, 16 Jun 2015 10:12:17 -0500 Subject: Webhooks In-Reply-To: References: <7E52BC1D-925D-454B-B940-6C0822A53C64@mailborder.com> <7EAF778E-3D4B-4DAF-B197-5B745622F540@mailborder.com> <5671275A-119B-41B7-9D72-1F13CC5A55FF@simplesrv.com> Message-ID: <9EB5080B-063F-44D1-A3AB-DB17B8BAB851@simplesrv.com> Normally, to implement a web hook to track if an email has been read, there is an embedded image in the email. The src url for that image contains a UUID (to anonymize the user). That URL points to a script on a server that does a database insert based on the UUID and returns headers which return an image file. As for filtering, someone else will have to answer that. Chris Chapman chapman at simplesrv.com > On Jun 16, 2015, at 10:09 AM, Jerry Benton wrote: > > I am interested in: > > - how the mechanics of it work with the different techniques commonly in use > - identifying, removing or disarming via MailScanner > > - > Jerry Benton > www.mailborder.com > > > >> On Jun 16, 2015, at 11:07 AM, Chris Chapman wrote: >> >> Are you asking how to implement them or how to remove them via MailScanner? >> >> Chris Chapman >> chapman at simplesrv.com >> >> >>> On Jun 16, 2015, at 10:05 AM, Jerry Benton wrote: >>> >>> Yes, for tracking. I am interested in how places like Mailchimp insert them and how these web hooks are reporting email reads, deletes, etc. Opening an email by default does not activate a web link in the email, but with web hooks that is somehow happening. >>> >>> - >>> Jerry Benton >>> www.mailborder.com >>> >>> >>> >>>> On Jun 16, 2015, at 10:59 AM, Remco Barendse wrote: >>>> >>>> You mean the tracking url's? >>>> >>>> All web traffic is routed through a proxy here (no exceptions), i am using block lists to block the webhooks on proxy level and i regularly check the logs adding new domains to my block list. >>>> >>>> >>>> On Mon, 15 Jun 2015, Jerry Benton wrote: >>>> >>>>> Has anyone tested or dealt with webhooks and MailScanner? There are some obvious privacy concerns with having them in email. >>>>> >>>>> - >>>>> Jerry Benton >>>>> www.mailborder.com >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner at lists.mailscanner.info >>>> http://lists.mailscanner.info/listinfo/mailscanner >>>> >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/listinfo/mailscanner >>> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From jerry.benton at mailborder.com Tue Jun 16 15:33:30 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 16 Jun 2015 11:33:30 -0400 Subject: Webhooks In-Reply-To: <9EB5080B-063F-44D1-A3AB-DB17B8BAB851@simplesrv.com> References: <7E52BC1D-925D-454B-B940-6C0822A53C64@mailborder.com> <7EAF778E-3D4B-4DAF-B197-5B745622F540@mailborder.com> <5671275A-119B-41B7-9D72-1F13CC5A55FF@simplesrv.com> <9EB5080B-063F-44D1-A3AB-DB17B8BAB851@simplesrv.com> Message-ID: What you are describing is a web bug, which is already covered in MailScanner. I am interested in webhooks, which appear to be a slightly different animal than a web bug, but at the same time almost identical in behavior. Jerry Benton www.mailborder.com > On Jun 16, 2015, at 11:12 AM, Chris Chapman wrote: > > Normally, to implement a web hook to track if an email has been read, there is an embedded image in the email. The src url for that image contains a UUID (to anonymize the user). That URL points to a script on a server that does a database insert based on the UUID and returns headers which return an image file. > > As for filtering, someone else will have to answer that. > > > > Chris Chapman > chapman at simplesrv.com > > >> On Jun 16, 2015, at 10:09 AM, Jerry Benton wrote: >> >> I am interested in: >> >> - how the mechanics of it work with the different techniques commonly in use >> - identifying, removing or disarming via MailScanner >> >> - >> Jerry Benton >> www.mailborder.com >> >> >> >>> On Jun 16, 2015, at 11:07 AM, Chris Chapman wrote: >>> >>> Are you asking how to implement them or how to remove them via MailScanner? >>> >>> Chris Chapman >>> chapman at simplesrv.com >>> >>> >>>> On Jun 16, 2015, at 10:05 AM, Jerry Benton wrote: >>>> >>>> Yes, for tracking. I am interested in how places like Mailchimp insert them and how these web hooks are reporting email reads, deletes, etc. Opening an email by default does not activate a web link in the email, but with web hooks that is somehow happening. >>>> >>>> - >>>> Jerry Benton >>>> www.mailborder.com >>>> >>>> >>>> >>>>> On Jun 16, 2015, at 10:59 AM, Remco Barendse wrote: >>>>> >>>>> You mean the tracking url's? >>>>> >>>>> All web traffic is routed through a proxy here (no exceptions), i am using block lists to block the webhooks on proxy level and i regularly check the logs adding new domains to my block list. >>>>> >>>>> >>>>> On Mon, 15 Jun 2015, Jerry Benton wrote: >>>>> >>>>>> Has anyone tested or dealt with webhooks and MailScanner? There are some obvious privacy concerns with having them in email. >>>>>> >>>>>> - >>>>>> Jerry Benton >>>>>> www.mailborder.com >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner at lists.mailscanner.info >>>>> http://lists.mailscanner.info/listinfo/mailscanner >>>>> >>>> >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner at lists.mailscanner.info >>>> http://lists.mailscanner.info/listinfo/mailscanner >>>> >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/listinfo/mailscanner >>> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From pas at unh.edu Tue Jun 16 15:34:32 2015 From: pas at unh.edu (Paul Sand) Date: Tue, 16 Jun 2015 11:34:32 -0400 Subject: Webhooks In-Reply-To: <9EB5080B-063F-44D1-A3AB-DB17B8BAB851@simplesrv.com> References: <7E52BC1D-925D-454B-B940-6C0822A53C64@mailborder.com> <7EAF778E-3D4B-4DAF-B197-5B745622F540@mailborder.com> <5671275A-119B-41B7-9D72-1F13CC5A55FF@simplesrv.com> <9EB5080B-063F-44D1-A3AB-DB17B8BAB851@simplesrv.com> Message-ID: <20150616153432.GA46800@cisunix.unh.edu> * Chris Chapman [2015-06-16 11:14]: > Normally, to implement a web hook to track if an email has been read, > there is an embedded image in the email. The src url for that image > contains a UUID (to anonymize the user). That URL points to a script on a > server that does a database insert based on the UUID and returns headers > which return an image file. Hi -- Note the "WebBug" items in the MailScanner.conf file. As near as I can tell, they work fine to disarm the technique above. (Except the default "Web Bug Replacement" item has been a no-workie for awhile, I think. I needed to replace that with a local URL) -- -- Paul A Sand -- Information Technology / University of New Hampshire -- http://pubpages.unh.edu/~pas -- All generic disclaimers apply. From jerry.benton at mailborder.com Tue Jun 16 15:35:45 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 16 Jun 2015 11:35:45 -0400 Subject: Webhooks In-Reply-To: <20150616153432.GA46800@cisunix.unh.edu> References: <7E52BC1D-925D-454B-B940-6C0822A53C64@mailborder.com> <7EAF778E-3D4B-4DAF-B197-5B745622F540@mailborder.com> <5671275A-119B-41B7-9D72-1F13CC5A55FF@simplesrv.com> <9EB5080B-063F-44D1-A3AB-DB17B8BAB851@simplesrv.com> <20150616153432.GA46800@cisunix.unh.edu> Message-ID: The latest version of MS has a URL that points to an Amazon S3 file. - Jerry Benton www.mailborder.com > On Jun 16, 2015, at 11:34 AM, Paul Sand wrote: > > * Chris Chapman [2015-06-16 11:14]: >> Normally, to implement a web hook to track if an email has been read, >> there is an embedded image in the email. The src url for that image >> contains a UUID (to anonymize the user). That URL points to a script on a >> server that does a database insert based on the UUID and returns headers >> which return an image file. > > Hi -- > > Note the "WebBug" items in the MailScanner.conf file. As near as I can > tell, they work fine to disarm the technique above. (Except the default > "Web Bug Replacement" item has been a no-workie for awhile, I think. I > needed to replace that with a local URL) > > > -- > -- Paul A Sand > -- Information Technology / University of New Hampshire > -- http://pubpages.unh.edu/~pas > -- All generic disclaimers apply. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From chapman at simplesrv.com Tue Jun 16 16:05:53 2015 From: chapman at simplesrv.com (Chris Chapman) Date: Tue, 16 Jun 2015 11:05:53 -0500 Subject: Webhooks In-Reply-To: References: <7E52BC1D-925D-454B-B940-6C0822A53C64@mailborder.com> <7EAF778E-3D4B-4DAF-B197-5B745622F540@mailborder.com> <5671275A-119B-41B7-9D72-1F13CC5A55FF@simplesrv.com> <9EB5080B-063F-44D1-A3AB-DB17B8BAB851@simplesrv.com> Message-ID: <464C7FB0-7A5E-4192-936A-04983535EC87@simplesrv.com> Hi Jerry - Without loading some sort of content from a webserver containing identifying information, such as a UUID, I don’t see how any other way web hooks could be implemented. Looking at the mailchimp api, it seems they are handling the web bug functionality internally in their application THEN transmitting the data to your script on a server somewhere. So essentially it’s the same thing, they are just acting as a middleman. Now for tracking bounces, usually the return email is set to something like emailAddress+bounces at domain.com or uuid+bounces at domain.com. These go into a bounces mailbox which is processed. I assume this is how mailchimp handles it as well. Maybe not a mailbox per se but a process which accepts return mail headers. Hope this helps. Chris Chapman chapman at simplesrv.com > On Jun 16, 2015, at 10:33 AM, Jerry Benton wrote: > > What you are describing is a web bug, which is already covered in MailScanner. I am interested in webhooks, which appear to be a slightly different animal than a web bug, but at the same time almost identical in behavior. > > > Jerry Benton > www.mailborder.com > > > >> On Jun 16, 2015, at 11:12 AM, Chris Chapman wrote: >> >> Normally, to implement a web hook to track if an email has been read, there is an embedded image in the email. The src url for that image contains a UUID (to anonymize the user). That URL points to a script on a server that does a database insert based on the UUID and returns headers which return an image file. >> >> As for filtering, someone else will have to answer that. >> >> >> >> Chris Chapman >> chapman at simplesrv.com >> >> >>> On Jun 16, 2015, at 10:09 AM, Jerry Benton wrote: >>> >>> I am interested in: >>> >>> - how the mechanics of it work with the different techniques commonly in use >>> - identifying, removing or disarming via MailScanner >>> >>> - >>> Jerry Benton >>> www.mailborder.com >>> >>> >>> >>>> On Jun 16, 2015, at 11:07 AM, Chris Chapman wrote: >>>> >>>> Are you asking how to implement them or how to remove them via MailScanner? >>>> >>>> Chris Chapman >>>> chapman at simplesrv.com >>>> >>>> >>>>> On Jun 16, 2015, at 10:05 AM, Jerry Benton wrote: >>>>> >>>>> Yes, for tracking. I am interested in how places like Mailchimp insert them and how these web hooks are reporting email reads, deletes, etc. Opening an email by default does not activate a web link in the email, but with web hooks that is somehow happening. >>>>> >>>>> - >>>>> Jerry Benton >>>>> www.mailborder.com >>>>> >>>>> >>>>> >>>>>> On Jun 16, 2015, at 10:59 AM, Remco Barendse wrote: >>>>>> >>>>>> You mean the tracking url's? >>>>>> >>>>>> All web traffic is routed through a proxy here (no exceptions), i am using block lists to block the webhooks on proxy level and i regularly check the logs adding new domains to my block list. >>>>>> >>>>>> >>>>>> On Mon, 15 Jun 2015, Jerry Benton wrote: >>>>>> >>>>>>> Has anyone tested or dealt with webhooks and MailScanner? There are some obvious privacy concerns with having them in email. >>>>>>> >>>>>>> - >>>>>>> Jerry Benton >>>>>>> www.mailborder.com >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner at lists.mailscanner.info >>>>>> http://lists.mailscanner.info/listinfo/mailscanner >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner at lists.mailscanner.info >>>>> http://lists.mailscanner.info/listinfo/mailscanner >>>>> >>>> >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner at lists.mailscanner.info >>>> http://lists.mailscanner.info/listinfo/mailscanner >>>> >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/listinfo/mailscanner >>> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From chapman at simplesrv.com Tue Jun 16 16:15:45 2015 From: chapman at simplesrv.com (Chris Chapman) Date: Tue, 16 Jun 2015 11:15:45 -0500 Subject: Webhooks In-Reply-To: <464C7FB0-7A5E-4192-936A-04983535EC87@simplesrv.com> References: <7E52BC1D-925D-454B-B940-6C0822A53C64@mailborder.com> <7EAF778E-3D4B-4DAF-B197-5B745622F540@mailborder.com> <5671275A-119B-41B7-9D72-1F13CC5A55FF@simplesrv.com> <9EB5080B-063F-44D1-A3AB-DB17B8BAB851@simplesrv.com> <464C7FB0-7A5E-4192-936A-04983535EC87@simplesrv.com> Message-ID: Having just watched the absolutely cringe-worthy video on webhooks.org, this is indeed what is going on. The service (such as mailchimp) tracks all the response information - bounces, opens, etc. Then it sends an http(s) post to your script on your server for various events. You set different URLs to receive post content for these events. Chris Chapman chapman at simplesrv.com > On Jun 16, 2015, at 11:05 AM, Chris Chapman wrote: > > Hi Jerry - > > Without loading some sort of content from a webserver containing identifying information, such as a UUID, I don’t see how any other way web hooks could be implemented. Looking at the mailchimp api, it seems they are handling the web bug functionality internally in their application THEN transmitting the data to your script on a server somewhere. So essentially it’s the same thing, they are just acting as a middleman. > > Now for tracking bounces, usually the return email is set to something like emailAddress+bounces at domain.com or uuid+bounces at domain.com . These go into a bounces mailbox which is processed. I assume this is how mailchimp handles it as well. Maybe not a mailbox per se but a process which accepts return mail headers. > > Hope this helps. > > Chris Chapman > chapman at simplesrv.com > > >> On Jun 16, 2015, at 10:33 AM, Jerry Benton > wrote: >> >> What you are describing is a web bug, which is already covered in MailScanner. I am interested in webhooks, which appear to be a slightly different animal than a web bug, but at the same time almost identical in behavior. >> >> >> Jerry Benton >> www.mailborder.com >> >> >> >>> On Jun 16, 2015, at 11:12 AM, Chris Chapman wrote: >>> >>> Normally, to implement a web hook to track if an email has been read, there is an embedded image in the email. The src url for that image contains a UUID (to anonymize the user). That URL points to a script on a server that does a database insert based on the UUID and returns headers which return an image file. >>> >>> As for filtering, someone else will have to answer that. >>> >>> >>> >>> Chris Chapman >>> chapman at simplesrv.com >>> >>> >>>> On Jun 16, 2015, at 10:09 AM, Jerry Benton wrote: >>>> >>>> I am interested in: >>>> >>>> - how the mechanics of it work with the different techniques commonly in use >>>> - identifying, removing or disarming via MailScanner >>>> >>>> - >>>> Jerry Benton >>>> www.mailborder.com >>>> >>>> >>>> >>>>> On Jun 16, 2015, at 11:07 AM, Chris Chapman wrote: >>>>> >>>>> Are you asking how to implement them or how to remove them via MailScanner? >>>>> >>>>> Chris Chapman >>>>> chapman at simplesrv.com >>>>> >>>>> >>>>>> On Jun 16, 2015, at 10:05 AM, Jerry Benton wrote: >>>>>> >>>>>> Yes, for tracking. I am interested in how places like Mailchimp insert them and how these web hooks are reporting email reads, deletes, etc. Opening an email by default does not activate a web link in the email, but with web hooks that is somehow happening. >>>>>> >>>>>> - >>>>>> Jerry Benton >>>>>> www.mailborder.com >>>>>> >>>>>> >>>>>> >>>>>>> On Jun 16, 2015, at 10:59 AM, Remco Barendse wrote: >>>>>>> >>>>>>> You mean the tracking url's? >>>>>>> >>>>>>> All web traffic is routed through a proxy here (no exceptions), i am using block lists to block the webhooks on proxy level and i regularly check the logs adding new domains to my block list. >>>>>>> >>>>>>> >>>>>>> On Mon, 15 Jun 2015, Jerry Benton wrote: >>>>>>> >>>>>>>> Has anyone tested or dealt with webhooks and MailScanner? There are some obvious privacy concerns with having them in email. >>>>>>>> >>>>>>>> - >>>>>>>> Jerry Benton >>>>>>>> www.mailborder.com >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> MailScanner mailing list >>>>>>> mailscanner at lists.mailscanner.info >>>>>>> http://lists.mailscanner.info/listinfo/mailscanner >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner at lists.mailscanner.info >>>>>> http://lists.mailscanner.info/listinfo/mailscanner >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner at lists.mailscanner.info >>>>> http://lists.mailscanner.info/listinfo/mailscanner >>>>> >>>> >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner at lists.mailscanner.info >>>> http://lists.mailscanner.info/listinfo/mailscanner >>>> >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/listinfo/mailscanner >>> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Tue Jun 16 16:33:58 2015 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 16 Jun 2015 09:33:58 -0700 Subject: Webhooks In-Reply-To: References: <7E52BC1D-925D-454B-B940-6C0822A53C64@mailborder.com> <7EAF778E-3D4B-4DAF-B197-5B745622F540@mailborder.com> <5671275A-119B-41B7-9D72-1F13CC5A55FF@simplesrv.com> <9EB5080B-063F-44D1-A3AB-DB17B8BAB851@simplesrv.com> <464C7FB0-7A5E-4192-936A-04983535EC87@simplesrv.com> Message-ID: <55804FF6.3080508@msapiro.net> On 06/16/2015 09:15 AM, Chris Chapman wrote: > Having just watched the absolutely cringe-worthy video on webhooks.org > , this is indeed what is going on. The service > (such as mailchimp) tracks all the response information - bounces, > opens, etc. Then it sends an http(s) post to your script on your server > for various events. You set different URLs to receive post content for > these events. I don't have enough patience to watch the video, but my question is how does mailchimp/whatever actually track the 'open'. Is this via the standard web bug that we already deal with, via some modified web bug such as an html stylesheet reference rather than a 1x1 transparent image, or via some 'new' mechanism? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From chapman at simplesrv.com Tue Jun 16 16:38:21 2015 From: chapman at simplesrv.com (Chris Chapman) Date: Tue, 16 Jun 2015 11:38:21 -0500 Subject: Webhooks In-Reply-To: <55804FF6.3080508@msapiro.net> References: <7E52BC1D-925D-454B-B940-6C0822A53C64@mailborder.com> <7EAF778E-3D4B-4DAF-B197-5B745622F540@mailborder.com> <5671275A-119B-41B7-9D72-1F13CC5A55FF@simplesrv.com> <9EB5080B-063F-44D1-A3AB-DB17B8BAB851@simplesrv.com> <464C7FB0-7A5E-4192-936A-04983535EC87@simplesrv.com> <55804FF6.3080508@msapiro.net> Message-ID: <35659652-DB1E-4DD4-BA78-3B7B51BB582F@simplesrv.com> It would have to be a web bug or maybe an AJAX post to MailChimp. But AJAX assumes javascript in the mail client so, I certainly doubt that. It *could* also be a serialized name convention for an external css file I suppose. But I’ve found external css files in email to be sketchy at best. Most likely a simple web bug. Chris Chapman chapman at simplesrv.com > On Jun 16, 2015, at 11:33 AM, Mark Sapiro wrote: > > On 06/16/2015 09:15 AM, Chris Chapman wrote: >> Having just watched the absolutely cringe-worthy video on webhooks.org >> , this is indeed what is going on. The service >> (such as mailchimp) tracks all the response information - bounces, >> opens, etc. Then it sends an http(s) post to your script on your server >> for various events. You set different URLs to receive post content for >> these events. > > > I don't have enough patience to watch the video, but my question is how > does mailchimp/whatever actually track the 'open'. Is this via the > standard web bug that we already deal with, via some modified web bug > such as an html stylesheet reference rather than a 1x1 transparent > image, or via some 'new' mechanism? > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From email at ace.net.au Fri Jun 19 06:20:45 2015 From: email at ace.net.au (Peter Nitschke) Date: Fri, 19 Jun 2015 15:50:45 +0930 Subject: Check which rules hit Message-ID: <201506191550450309.7B67525B@web.ace.net.au> I have built up a large number of rules for SA to use with MS and many are probably now obsolete. How can I monitor which rules are getting hits? Thanks. Peter From jerry.benton at mailborder.com Fri Jun 19 08:26:55 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Fri, 19 Jun 2015 04:26:55 -0400 Subject: Check which rules hit In-Reply-To: <201506191550450309.7B67525B@web.ace.net.au> References: <201506191550450309.7B67525B@web.ace.net.au> Message-ID: <4EE2BC11-8870-4B89-96DF-23F59C8B04E5@mailborder.com> Unless you are using something like Mailborder or Baruwa, I don’t see how. You can get Bayes stats, but I don’t know of any data aggregation on rule hits. - Jerry Benton www.mailborder.com > On Jun 19, 2015, at 2:20 AM, Peter Nitschke wrote: > > I have built up a large number of rules for SA to use with MS and many are > probably now obsolete. > > How can I monitor which rules are getting hits? > > Thanks. > > Peter > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From phil.randal at hoopleltd.co.uk Fri Jun 19 08:45:29 2015 From: phil.randal at hoopleltd.co.uk (Randal, Phil) Date: Fri, 19 Jun 2015 08:45:29 +0000 Subject: Check which rules hit In-Reply-To: <4EE2BC11-8870-4B89-96DF-23F59C8B04E5@mailborder.com> References: <201506191550450309.7B67525B@web.ace.net.au> <4EE2BC11-8870-4B89-96DF-23F59C8B04E5@mailborder.com> Message-ID: <7CA580B59C1ABD45B4614ED90D4C7B858A63DEEA@HC-EXMBX04.herefordshire.gov.uk> Mailwatch also does it, and I've used that reporting to help me remove ineffective custom spamassassin rules. Cheers, Phil -----Original Message----- From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: 19 June 2015 09:27 To: MailScanner Discussion Subject: Re: Check which rules hit Unless you are using something like Mailborder or Baruwa, I don’t see how. You can get Bayes stats, but I don’t know of any data aggregation on rule hits. - Jerry Benton www.mailborder.com > On Jun 19, 2015, at 2:20 AM, Peter Nitschke wrote: > > I have built up a large number of rules for SA to use with MS and many > are probably now obsolete. > > How can I monitor which rules are getting hits? > > Thanks. > > Peter > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner Hoople Ltd, Registered in England and Wales No. 7556595 Registered office: Plough Lane, Hereford, HR4 0LE "Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it." From andrew at topdog.za.net Fri Jun 19 10:00:06 2015 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Fri, 19 Jun 2015 12:00:06 +0200 Subject: Check which rules hit In-Reply-To: <201506191550450309.7B67525B@web.ace.net.au> References: <201506191550450309.7B67525B@web.ace.net.au> Message-ID: On 19 Jun 2015, at 8:20 AM, Peter Nitschke wrote: > How can I monitor which rules are getting hits? If you are not using a front end, you can write a "Always Looked Up Last" function to log that mailscanner makes it available in the message hash that is passed to the function as 'spam report' -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: From Denis.Beauchemin at usherbrooke.ca Fri Jun 19 12:26:30 2015 From: Denis.Beauchemin at usherbrooke.ca (Denis Beauchemin) Date: Fri, 19 Jun 2015 12:26:30 +0000 Subject: Check which rules hit In-Reply-To: <201506191550450309.7B67525B@web.ace.net.au> References: <201506191550450309.7B67525B@web.ace.net.au> Message-ID: I created this script a while back just to do that: #!/usr/bin/perl -w # # Script that looks through maillog to find all messages tagged as spam # by MailScanner. It then tallies the different SpamAssassin rules that # fired. # Denis Beauchemin, 20050516 use Getopt::Long; # Where some commands reside: my $GREP = "/bin/grep"; my $GUNZIP = "/bin/gunzip"; # Value of "Spam =" in %report-dir%/languages.conf my $isSpamString = "est un polluriel, SpamAssassin"; my $isHamString = "est pas un polluriel, SpamAssassin"; my $allString = " un polluriel, SpamAssassin"; # Value of "score =" in %report-dir%/languages.conf my $scoreString = "score="; # Value of "required =" in %report-dir%/languages.conf my $reqdString = "requis "; my $autoString = "autolearn=spam"; my $cachedString = "cached, "; my $nCachedString = "not cached, "; my $maillog = "/var/log/maillog"; @maillogs = (); my $sortByName = 0; my $sortByHits = 0; my $getHam = 0; my $getAll = 0; my $help = 0; GetOptions( 'sortbyname|byname' => \$sortByName, 'sortbyhits|byhits' => \$sortByHits, 'log=s' => \@maillogs, 'ham' => \$getHam, 'all' => \$getAll, 'help' => \$help, ); if ( $help ) { print ' This program tallies SpamAssassin\'s rules that were triggered when an email was detected as spam by MailScanner. You can search for ham with the --ham option. You can search for all SpamAssassin results with the --all option. By default it sorts the results by rule name. It can also sort them by number of hits if called with --sortbyhits (or --byhits). The option --sortbyname (or --byname) is the default one. If you don\'t want to use the current maillog, specify a different one with --log new-maillog. All unknown command line parameters will be treated as additional file names to process. It is OK for a log file to be gzipped. '; exit; } push @maillogs, @ARGV; @maillogs = ( $maillog ) if ( @maillogs == 0 ); #print "Maillogs: @maillogs\n"; #my $searchString = $getHam ? $isHamString : $isSpamString; my $searchString; if ( $getAll ) { $searchString = "$allString"; } elsif ( $getHam ) { $searchString = "$isHamString"; } else { $searchString = "$isSpamString"; } foreach my $maillog ( @maillogs ) { print "Processing $maillog...\n"; $sortByName++ if ( ( $sortByName == 0 ) && ( $sortByHits == 0 ) ); my $openCmd = "LANG=C $GREP \"$searchString\" $maillog |"; if ( $maillog =~ /\.gz$/ ) { $openCmd = "$GUNZIP -c $maillog | LANG=C $GREP \"$searchString\" |"; } open LOG, "$openCmd" || die "Cannot open $maillog"; while ( ) { next unless /$searchString \((?:$cachedString|$nCachedString)$scoreString[-\d.]+, $reqdStrin g[-\d.]+,(?: $autoString,)?(.*)$/; my $hits = $1; foreach my $hit ( $hits =~ / ([^\s]+) -?[\d.]+(?:,|\))/g ) { $hit{$hit}++; } } close LOG; } if ( $sortByName ) { foreach my $hit ( sort keys %hit ) { printf "%27s %5d\n", $hit, $hit{$hit}; } } elsif ( $sortByHits ) { foreach my $hit ( sort {$hit{$b}<=>$hit{$a}} keys %hit ) { printf "%27s %5d\n", $hit, $hit{$hit}; } } -----Message d'origine----- De : MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Peter Nitschke Envoyé : 19 juin 2015 02:21 À : mailscanner at lists.mailscanner.info Objet : Check which rules hit I have built up a large number of rules for SA to use with MS and many are probably now obsolete. How can I monitor which rules are getting hits? Thanks. Peter -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner From Denis.Beauchemin at usherbrooke.ca Fri Jun 19 12:30:29 2015 From: Denis.Beauchemin at usherbrooke.ca (Denis Beauchemin) Date: Fri, 19 Jun 2015 12:30:29 +0000 Subject: Check which rules hit In-Reply-To: References: <201506191550450309.7B67525B@web.ace.net.au> Message-ID: OK, this time I try to send it in a compressed format. Denis -----Message d'origine----- De : MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Denis Beauchemin Envoyé : 19 juin 2015 08:27 À : MailScanner Discussion Objet : RE: Check which rules hit I created this script a while back just to do that: #!/usr/bin/perl -w # # Script that looks through maillog to find all messages tagged as spam # by MailScanner. It then tallies the different SpamAssassin rules that # fired. # Denis Beauchemin, 20050516 use Getopt::Long; # Where some commands reside: my $GREP = "/bin/grep"; my $GUNZIP = "/bin/gunzip"; # Value of "Spam =" in %report-dir%/languages.conf my $isSpamString = "est un polluriel, SpamAssassin"; my $isHamString = "est pas un polluriel, SpamAssassin"; my $allString = " un polluriel, SpamAssassin"; # Value of "score =" in %report-dir%/languages.conf my $scoreString = "score="; # Value of "required =" in %report-dir%/languages.conf my $reqdString = "requis "; my $autoString = "autolearn=spam"; my $cachedString = "cached, "; my $nCachedString = "not cached, "; my $maillog = "/var/log/maillog"; @maillogs = (); my $sortByName = 0; my $sortByHits = 0; my $getHam = 0; my $getAll = 0; my $help = 0; GetOptions( 'sortbyname|byname' => \$sortByName, 'sortbyhits|byhits' => \$sortByHits, 'log=s' => \@maillogs, 'ham' => \$getHam, 'all' => \$getAll, 'help' => \$help, ); if ( $help ) { print ' This program tallies SpamAssassin\'s rules that were triggered when an email was detected as spam by MailScanner. You can search for ham with the --ham option. You can search for all SpamAssassin results with the --all option. By default it sorts the results by rule name. It can also sort them by number of hits if called with --sortbyhits (or --byhits). The option --sortbyname (or --byname) is the default one. If you don\'t want to use the current maillog, specify a different one with --log new-maillog. All unknown command line parameters will be treated as additional file names to process. It is OK for a log file to be gzipped. '; exit; } push @maillogs, @ARGV; @maillogs = ( $maillog ) if ( @maillogs == 0 ); #print "Maillogs: @maillogs\n"; #my $searchString = $getHam ? $isHamString : $isSpamString; my $searchString; if ( $getAll ) { $searchString = "$allString"; } elsif ( $getHam ) { $searchString = "$isHamString"; } else { $searchString = "$isSpamString"; } foreach my $maillog ( @maillogs ) { print "Processing $maillog...\n"; $sortByName++ if ( ( $sortByName == 0 ) && ( $sortByHits == 0 ) ); my $openCmd = "LANG=C $GREP \"$searchString\" $maillog |"; if ( $maillog =~ /\.gz$/ ) { $openCmd = "$GUNZIP -c $maillog | LANG=C $GREP \"$searchString\" |"; } open LOG, "$openCmd" || die "Cannot open $maillog"; while ( ) { next unless /$searchString \((?:$cachedString|$nCachedString)$scoreString[-\d.]+, $reqdStrin g[-\d.]+,(?: $autoString,)?(.*)$/; my $hits = $1; foreach my $hit ( $hits =~ / ([^\s]+) -?[\d.]+(?:,|\))/g ) { $hit{$hit}++; } } close LOG; } if ( $sortByName ) { foreach my $hit ( sort keys %hit ) { printf "%27s %5d\n", $hit, $hit{$hit}; } } elsif ( $sortByHits ) { foreach my $hit ( sort {$hit{$b}<=>$hit{$a}} keys %hit ) { printf "%27s %5d\n", $hit, $hit{$hit}; } } -----Message d'origine----- De : MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Peter Nitschke Envoyé : 19 juin 2015 02:21 À : mailscanner at lists.mailscanner.info Objet : Check which rules hit I have built up a large number of rules for SA to use with MS and many are probably now obsolete. How can I monitor which rules are getting hits? Thanks. Peter -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- A non-text attachment was scrubbed... Name: sa-hits.gz Type: application/x-gzip Size: 1836 bytes Desc: sa-hits.gz URL: From email at ace.net.au Mon Jun 22 17:20:51 2015 From: email at ace.net.au (Peter Nitschke) Date: Tue, 23 Jun 2015 02:50:51 +0930 Subject: Check which rules hit In-Reply-To: References: <201506191550450309.7B67525B@web.ace.net.au> Message-ID: <201506230250510850.05A9196B@web.ace.net.au> This looks interesting. I edited to English for spam, not spam etc, but when I run it, it just says "processing /var/log/maillog" and is very fast, but I get nothing, no output to screen or file that I can find. Any suggestions how I can understand it better? Thanks, Peter *********** REPLY SEPARATOR *********** On 19/06/2015 at 12:26 PM Denis Beauchemin wrote: >This encoded message has been converted to an attachment. > >I created this script a while back just to do that: >#!/usr/bin/perl -w ># ># Script that looks through maillog to find all messages tagged as spam ># by MailScanner. It then tallies the different SpamAssassin rules that ># fired. ># Denis Beauchemin, 20050516 > >use Getopt::Long; > ># Where some commands reside: >my $GREP = "/bin/grep"; >my $GUNZIP = "/bin/gunzip"; > ># Value of "Spam =" in %report-dir%/languages.conf >my $isSpamString = "est un polluriel, SpamAssassin"; >my $isHamString = "est pas un polluriel, SpamAssassin"; >my $allString = " un polluriel, SpamAssassin"; ># Value of "score =" in %report-dir%/languages.conf >my $scoreString = "score="; ># Value of "required =" in %report-dir%/languages.conf >my $reqdString = "requis "; >my $autoString = "autolearn=spam"; >my $cachedString = "cached, "; >my $nCachedString = "not cached, "; > >my $maillog = "/var/log/maillog"; >@maillogs = (); > >my $sortByName = 0; >my $sortByHits = 0; >my $getHam = 0; >my $getAll = 0; >my $help = 0; > >GetOptions( > 'sortbyname|byname' => \$sortByName, > 'sortbyhits|byhits' => \$sortByHits, > 'log=s' => \@maillogs, > 'ham' => \$getHam, > 'all' => \$getAll, > 'help' => \$help, >); > >if ( $help ) { > print ' >This program tallies SpamAssassin\'s rules that were triggered when >an email was detected as spam by MailScanner. > >You can search for ham with the --ham option. > >You can search for all SpamAssassin results with the --all option. > >By default it sorts the results by rule name. It can also sort them >by number of hits if called with --sortbyhits (or --byhits). > >The option --sortbyname (or --byname) is the default one. > >If you don\'t want to use the current maillog, specify a different >one with --log new-maillog. > >All unknown command line parameters will be treated as additional >file names to process. > >It is OK for a log file to be gzipped. >'; > exit; >} > >push @maillogs, @ARGV; >@maillogs = ( $maillog ) if ( @maillogs == 0 ); >#print "Maillogs: @maillogs\n"; >#my $searchString = $getHam ? $isHamString : $isSpamString; >my $searchString; >if ( $getAll ) { > $searchString = "$allString"; >} elsif ( $getHam ) { > $searchString = "$isHamString"; >} else { > $searchString = "$isSpamString"; >} > >foreach my $maillog ( @maillogs ) { > print "Processing $maillog...\n"; > > $sortByName++ if ( ( $sortByName == 0 ) && ( $sortByHits == 0 ) ); > > my $openCmd = "LANG=C $GREP \"$searchString\" $maillog |"; > if ( $maillog =~ /\.gz$/ ) { > $openCmd = "$GUNZIP -c $maillog | LANG=C $GREP \"$searchString\" >|"; > } > open LOG, "$openCmd" || die "Cannot open $maillog"; > > while ( ) { > next unless /$searchString >\((?:$cachedString|$nCachedString)$scoreString[-\d.]+, $reqdStrin >g[-\d.]+,(?: $autoString,)?(.*)$/; > my $hits = $1; > foreach my $hit ( $hits =~ / ([^\s]+) -?[\d.]+(?:,|\))/g ) { > $hit{$hit}++; > } > } > > close LOG; >} > >if ( $sortByName ) { > foreach my $hit ( sort keys %hit ) { > printf "%27s %5d\n", $hit, $hit{$hit}; > } >} elsif ( $sortByHits ) { > foreach my $hit ( sort {$hit{$b}<=>$hit{$a}} keys %hit ) { > printf "%27s %5d\n", $hit, $hit{$hit}; > } >} > > >-----Message d'origine----- >De : MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] De >la part de Peter Nitschke >Envoyé : 19 juin 2015 02:21 >À : mailscanner at lists.mailscanner.info >Objet : Check which rules hit > >I have built up a large number of rules for SA to use with MS and many are >probably now obsolete. > >How can I monitor which rules are getting hits? > >Thanks. > >Peter > > > > >-- >MailScanner mailing list >mailscanner at lists.mailscanner.info >http://lists.mailscanner.info/listinfo/mailscanner > > -- MailScanner mailing >list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner From Denis.Beauchemin at usherbrooke.ca Mon Jun 22 17:51:17 2015 From: Denis.Beauchemin at usherbrooke.ca (Denis Beauchemin) Date: Mon, 22 Jun 2015 17:51:17 +0000 Subject: Check which rules hit In-Reply-To: <201506230250510850.05A9196B@web.ace.net.au> References: <201506191550450309.7B67525B@web.ace.net.au> <201506230250510850.05A9196B@web.ace.net.au> Message-ID: My log lines look like this: Jun 22 13:26:16 10.32.103.21 smtps2 MailScanner[47071]: Message t5MHQFDv033375 from 10.32.106.21 (someone at usherbrooke.ca) to usherbrooke.ca is n'est pas un polluriel, SpamAssassin (not cached, score=-6.206, requis 6.5, autolearn=not spam, BAYES_00 -1.90, HTML_MESSAGE 0.00, RDNS_NONE 0.79, UDES_FROM01 -3.00, UDES_FROM02 -0.10, UDES_FROMTO01 -2.00) Jun 22 13:27:23 10.32.103.28 smtpe1 MailScanner[61090]: Message t5MHR8mw063252 from 64.5.96.10 (someone at alliinclusive.space) to usherbrooke.ca is est un polluriel, SpamAssassin (not cached, score=7.776, requis 6.5, autolearn=spam, BAYES_50 0.80, HTML_EXTRA_CLOSE 0.00, HTML_MESSAGE 0.00, HTML_TAG_BALANCE_BODY 1.16, MIME_HTML_ONLY 0.72, MIME_HTML_ONLY_MULTI 0.00, MPART_ALT_DIFF 0.79, RDNS_NONE 0.79, STYLE_GIBBERISH 3.50, T_REMOTE_IMAGE 0.01) The script does a first grep for the strings in yellow. There’s a third string that matches all ham/spam: un polluriel, SpamAssassin Then Perl is used to search for lines that match: 1- The yellow string followed by “ (“ 2- Then the green string (could also be “cached”) 3- Then the blue strings, including the digits, decimal point and minus sign 4- Then the dark grey strings, including the digits, decimal point and minus sign 5- Then the light gray string that could be omitted 6- Then all the rules names and their respective score (could be negative) At the end the matching rules are printed sorted as requested. Denis -----Message d'origine----- De : MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Peter Nitschke Envoyé : 22 juin 2015 13:21 À : mailscanner at lists.mailscanner.info Objet : RE: Check which rules hit This looks interesting. I edited to English for spam, not spam etc, but when I run it, it just says "processing /var/log/maillog" and is very fast, but I get nothing, no output to screen or file that I can find. Any suggestions how I can understand it better? Thanks, Peter *********** REPLY SEPARATOR *********** On 19/06/2015 at 12:26 PM Denis Beauchemin wrote: >This encoded message has been converted to an attachment. > >I created this script a while back just to do that: >#!/usr/bin/perl -w ># ># Script that looks through maillog to find all messages tagged as spam ># by MailScanner. It then tallies the different SpamAssassin rules >that # fired. ># Denis Beauchemin, 20050516 > >use Getopt::Long; > ># Where some commands reside: >my $GREP = "/bin/grep"; >my $GUNZIP = "/bin/gunzip"; > ># Value of "Spam =" in %report-dir%/languages.conf my $isSpamString = >"est un polluriel, SpamAssassin"; >my $isHamString = "est pas un polluriel, SpamAssassin"; >my $allString = " un polluriel, SpamAssassin"; ># Value of "score =" in %report-dir%/languages.conf >my $scoreString = "score="; ># Value of "required =" in %report-dir%/languages.conf >my $reqdString = "requis "; >my $autoString = "autolearn=spam"; >my $cachedString = "cached, "; >my $nCachedString = "not cached, "; > >my $maillog = "/var/log/maillog"; >@maillogs = (); > >my $sortByName = 0; >my $sortByHits = 0; >my $getHam = 0; >my $getAll = 0; >my $help = 0; > >GetOptions( > 'sortbyname|byname' => \$sortByName, > 'sortbyhits|byhits' => \$sortByHits, > 'log=s' => \@maillogs, > 'ham' => \$getHam, > 'all' => \$getAll, > 'help' => \$help, >); > >if ( $help ) { > print ' >This program tallies SpamAssassin\'s rules that were triggered when an >email was detected as spam by MailScanner. > >You can search for ham with the --ham option. > >You can search for all SpamAssassin results with the --all option. > >By default it sorts the results by rule name. It can also sort them by >number of hits if called with --sortbyhits (or --byhits). > >The option --sortbyname (or --byname) is the default one. > >If you don\'t want to use the current maillog, specify a different one >with --log new-maillog. > >All unknown command line parameters will be treated as additional file >names to process. > >It is OK for a log file to be gzipped. >'; > exit; >} > >push @maillogs, @ARGV; >@maillogs = ( $maillog ) if ( @maillogs == 0 ); #print "Maillogs: >@maillogs\n"; #my $searchString = $getHam ? $isHamString : >$isSpamString; my $searchString; if ( $getAll ) { > $searchString = "$allString"; >} elsif ( $getHam ) { > $searchString = "$isHamString"; >} else { > $searchString = "$isSpamString"; >} > >foreach my $maillog ( @maillogs ) { > print "Processing $maillog...\n"; > > $sortByName++ if ( ( $sortByName == 0 ) && ( $sortByHits == 0 ) ); > > my $openCmd = "LANG=C $GREP \"$searchString\" $maillog |"; > if ( $maillog =~ /\.gz$/ ) { > $openCmd = "$GUNZIP -c $maillog | LANG=C $GREP \"$searchString\" >|"; > } > open LOG, "$openCmd" || die "Cannot open $maillog"; > > while ( ) { > next unless /$searchString >\((?:$cachedString|$nCachedString)$scoreString[-\d.]+, $reqdStrin >g[-\d.]+,(?: $autoString,)?(.*)$/; > my $hits = $1; > foreach my $hit ( $hits =~ / ([^\s]+) -?[\d.]+(?:,|\))/g ) { > $hit{$hit}++; > } > } > > close LOG; >} > >if ( $sortByName ) { > foreach my $hit ( sort keys %hit ) { > printf "%27s %5d\n", $hit, $hit{$hit}; > } >} elsif ( $sortByHits ) { > foreach my $hit ( sort {$hit{$b}<=>$hit{$a}} keys %hit ) { > printf "%27s %5d\n", $hit, $hit{$hit}; > } >} > > >-----Message d'origine----- >De : MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] De >la part de Peter Nitschke >Envoyé : 19 juin 2015 02:21 >À : mailscanner at lists.mailscanner.info >Objet : Check which rules hit > >I have built up a large number of rules for SA to use with MS and many >are probably now obsolete. > >How can I monitor which rules are getting hits? > >Thanks. > >Peter > > > > >-- >MailScanner mailing list >mailscanner at lists.mailscanner.info >http://lists.mailscanner.info/listinfo/mailscanner > > -- MailScanner mailing >list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From mike at sentinelbox.net Mon Jun 22 19:58:27 2015 From: mike at sentinelbox.net (michael pap) Date: Mon, 22 Jun 2015 15:58:27 -0400 Subject: MailScanner with SpamAssassin 3.4.1 use Mail::SpamAssassin::Plugin::TxRep or keep AWL Message-ID: Hi, what is currently the better choice keep AWL switch to TxRep The TxRep (Reputation) plugin is designed as a substantially improved replacement of the AWL plugin. It adjusts the final message spam score by looking up and taking in consideration the reputation of the sender. It cannot coexist with the old AWL plugin, which must be disabled when the TxRep is loaded. https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Plugin_TxRep.html To try TxRep out, you have to disable the AWL plugin (if present), back up its database and add a line loading this module in init.pre (AWL may be enabled in v310.pre): # loadplugin Mail::SpamAssassin::Plugin::AWL loadplugin Mail::SpamAssassin::Plugin::TxRep When AWL is not disabled, TxRep will refuse to run. Use the supplied 60_txreputation.cf file or add these lines to a .cf file: header TXREP eval:check_senders_reputation() describe TXREP Score normalizing based on sender's reputation tflags TXREP userconf noautolearn priority TXREP 1000 Thank you. Michael -- This email has been scanned by the EMFABox eMail service. ID: D818CE0E03.A9DD4 -- This email has been scanned by the EMFABox eMail service. ID: 2B51D422D3.AC34C -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner at gojensen.no Tue Jun 23 09:30:04 2015 From: mailscanner at gojensen.no (gojensen) Date: Tue, 23 Jun 2015 11:30:04 +0200 Subject: Can't disable scanning of attachements Message-ID: <5589271C.1000209@gojensen.no> Hi! We have tons of "false" positives from the attachement scanning part of mailscanner. Apparently our users get's lots of archive files with double extensions and stuff. At FIRST I tried to comment out this Part of filename.rules.conf: # Deny all other double file extensions. This catches any hidden filenames. deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename hiding Attempt to hide real filename extension That didn't help, even after forcefully restarting mailscanner. I then opted for these settings: Filename Rules = Filetype Rules = Archives: Filename Rules = Archives: Filetype Rules = Maximum Archive Depth = 0 But it's STILL denying my attachements and replacing them with that default text message. Help?! Running MailScanner Version = 4.85.2 on Ubuntu with Postfix. -- // gojensen From jerry.benton at mailborder.com Tue Jun 23 09:32:44 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 23 Jun 2015 05:32:44 -0400 Subject: Can't disable scanning of attachements In-Reply-To: <5589271C.1000209@gojensen.no> References: <5589271C.1000209@gojensen.no> Message-ID: <3BE0EE5C-95A0-43B7-8A8F-50722EB14A44@mailborder.com> Change it to “allow” and put your Filename and Filetype rules back in the configuration. - Jerry Benton www.mailborder.com > On Jun 23, 2015, at 5:30 AM, gojensen wrote: > > Hi! We have tons of "false" positives from the attachement scanning part of mailscanner. Apparently our users get's lots of archive files with double extensions and stuff. > > At FIRST I tried to comment out this Part of filename.rules.conf: > # Deny all other double file extensions. This catches any hidden filenames. > deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename hiding Attempt to hide real filename extension > > That didn't help, even after forcefully restarting mailscanner. > I then opted for these settings: > > Filename Rules = > Filetype Rules = > Archives: Filename Rules = > Archives: Filetype Rules = > Maximum Archive Depth = 0 > > But it's STILL denying my attachements and replacing them with that default text message. > > Help?! > > Running MailScanner Version = 4.85.2 on Ubuntu with Postfix. > > -- > // gojensen > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From pas at unh.edu Tue Jun 23 10:02:35 2015 From: pas at unh.edu (Paul Sand) Date: Tue, 23 Jun 2015 06:02:35 -0400 Subject: Can't disable scanning of attachements In-Reply-To: <5589271C.1000209@gojensen.no> References: <5589271C.1000209@gojensen.no> Message-ID: <20150623100235.GA61829@cisunix.unh.edu> * gojensen [2015-06-23 05:35]: > At FIRST I tried to comment out this Part of filename.rules.conf: > # Deny all other double file extensions. This catches any hidden filenames. > deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename hiding > Attempt to hide real filename extension We changed this to rename to _$1.$2 \.([a-z][a-z0-9]{2,3}\s*)\.([a-z0-9]{3})$ Found possible filename hiding Attempt to hide real filename extension ... which changes (for example) "chapter.one.doc" to "chapter_one.doc". -- -- Paul A Sand -- Information Technology / University of New Hampshire -- http://pubpages.unh.edu/~pas -- Sanitized for your protection. From mailscanner at gojensen.no Tue Jun 23 11:27:37 2015 From: mailscanner at gojensen.no (gojensen) Date: Tue, 23 Jun 2015 13:27:37 +0200 Subject: Can't disable scanning of attachements In-Reply-To: <3BE0EE5C-95A0-43B7-8A8F-50722EB14A44@mailborder.com> References: <5589271C.1000209@gojensen.no> <3BE0EE5C-95A0-43B7-8A8F-50722EB14A44@mailborder.com> Message-ID: <558942A9.4020606@gojensen.no> But shouldn't I be allowed to disable these tests alltogether? They make a lot of noise for us as is... (I'm certain I tried an allow but will double check that...) -- // gojensen On 23.06.2015 11:32, Jerry Benton wrote: > Change it to “allow” and put your Filename and Filetype rules back in the configuration. > > - > Jerry Benton > www.mailborder.com > > > >> On Jun 23, 2015, at 5:30 AM, gojensen wrote: >> >> Hi! We have tons of "false" positives from the attachement scanning part of mailscanner. Apparently our users get's lots of archive files with double extensions and stuff. >> >> At FIRST I tried to comment out this Part of filename.rules.conf: >> # Deny all other double file extensions. This catches any hidden filenames. >> deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename hiding Attempt to hide real filename extension >> >> That didn't help, even after forcefully restarting mailscanner. >> I then opted for these settings: >> >> Filename Rules = >> Filetype Rules = >> Archives: Filename Rules = >> Archives: Filetype Rules = >> Maximum Archive Depth = 0 >> >> But it's STILL denying my attachements and replacing them with that default text message. >> >> Help?! >> >> Running MailScanner Version = 4.85.2 on Ubuntu with Postfix. >> >> -- >> // gojensen >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> > > > From email at ace.net.au Wed Jun 24 12:43:52 2015 From: email at ace.net.au (Peter Nitschke) Date: Wed, 24 Jun 2015 22:13:52 +0930 Subject: Check which rules hit In-Reply-To: References: <201506191550450309.7B67525B@web.ace.net.au> <201506230250510850.05A9196B@web.ace.net.au> Message-ID: <201506242213520245.0EF82EE1@web.ace.net.au> Is the output to screen or to a file? Thanks. *********** REPLY SEPARATOR *********** On 22/06/2015 at 5:51 PM Denis Beauchemin wrote: My log lines look like this: Jun 22 13:26:16 10.32.103.21 smtps2 MailScanner[47071]: Message t5MHQFDv033375 from 10.32.106.21 (someone at usherbrooke.ca) to usherbrooke.ca is n'est pas un polluriel, SpamAssassin (not cached, score=-6.206, requis 6.5, autolearn=not spam, BAYES_00 -1.90, HTML_MESSAGE 0.00, RDNS_NONE 0.79, UDES_FROM01 -3.00, UDES_FROM02 -0.10, UDES_FROMTO01 -2.00) Jun 22 13:27:23 10.32.103.28 smtpe1 MailScanner[61090]: Message t5MHR8mw063252 from 64.5.96.10 (someone at alliinclusive.space) to usherbrooke.ca is est un polluriel, SpamAssassin (not cached, score=7.776, requis 6.5, autolearn=spam, BAYES_50 0.80, HTML_EXTRA_CLOSE 0.00, HTML_MESSAGE 0.00, HTML_TAG_BALANCE_BODY 1.16, MIME_HTML_ONLY 0.72, MIME_HTML_ONLY_MULTI 0.00, MPART_ALT_DIFF 0.79, RDNS_NONE 0.79, STYLE_GIBBERISH 3.50, T_REMOTE_IMAGE 0.01) The script does a first grep for the strings in yellow. There�s a third string that matches all ham/spam: un polluriel, SpamAssassin Then Perl is used to search for lines that match: 1- The yellow string followed by � (� 2- Then the green string (could also be �cached�) 3- Then the blue strings, including the digits, decimal point and minus sign 4- Then the dark grey strings, including the digits, decimal point and minus sign 5- Then the light gray string that could be omitted 6- Then all the rules names and their respective score (could be negative) At the end the matching rules are printed sorted as requested. Denis -----Message d'origine----- De : MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Peter Nitschke Envoy� : 22 juin 2015 13:21 � : mailscanner at lists.mailscanner.info Objet : RE: Check which rules hit This looks interesting. I edited to English for spam, not spam etc, but when I run it, it just says "processing /var/log/maillog" and is very fast, but I get nothing, no output to screen or file that I can find. Any suggestions how I can understand it better? Thanks, Peter *********** REPLY SEPARATOR *********** On 19/06/2015 at 12:26 PM Denis Beauchemin wrote: >This encoded message has been converted to an attachment. > >I created this script a while back just to do that: >#!/usr/bin/perl -w ># ># Script that looks through maillog to find all messages tagged as spam ># by MailScanner. It then tallies the different SpamAssassin rules >that # fired. ># Denis Beauchemin, 20050516 > >use Getopt::Long; > ># Where some commands reside: >my $GREP = "/bin/grep"; >my $GUNZIP = "/bin/gunzip"; > ># Value of "Spam =" in %report-dir%/languages.conf my $isSpamString = >"est un polluriel, SpamAssassin"; >my $isHamString = "est pas un polluriel, SpamAssassin"; >my $allString = " un polluriel, SpamAssassin"; ># Value of "score =" in %report-dir%/languages.conf >my $scoreString = "score="; ># Value of "required =" in %report-dir%/languages.conf >my $reqdString = "requis "; >my $autoString = "autolearn=spam"; >my $cachedString = "cached, "; >my $nCachedString = "not cached, "; > >my $maillog = "/var/log/maillog"; >@maillogs = (); > >my $sortByName = 0; >my $sortByHits = 0; >my $getHam = 0; >my $getAll = 0; >my $help = 0; > >GetOptions( > 'sortbyname|byname' => \$sortByName, > 'sortbyhits|byhits' => \$sortByHits, > 'log=s' => \@maillogs, > 'ham' => \$getHam, > 'all' => \$getAll, > 'help' => \$help, >); > >if ( $help ) { > print ' >This program tallies SpamAssassin\'s rules that were triggered when an >email was detected as spam by MailScanner. > >You can search for ham with the --ham option. > >You can search for all SpamAssassin results with the --all option. > >By default it sorts the results by rule name. It can also sort them by >number of hits if called with --sortbyhits (or --byhits). > >The option --sortbyname (or --byname) is the default one. > >If you don\'t want to use the current maillog, specify a different one >with --log new-maillog. > >All unknown command line parameters will be treated as additional file >names to process. > >It is OK for a log file to be gzipped. >'; > exit; >} > >push @maillogs, @ARGV; >@maillogs = ( $maillog ) if ( @maillogs == 0 ); #print "Maillogs: >@maillogs\n"; #my $searchString = $getHam ? $isHamString : >$isSpamString; my $searchString; if ( $getAll ) { > $searchString = "$allString"; >} elsif ( $getHam ) { > $searchString = "$isHamString"; >} else { > $searchString = "$isSpamString"; >} > >foreach my $maillog ( @maillogs ) { > print "Processing $maillog...\n"; > > $sortByName++ if ( ( $sortByName == 0 ) && ( $sortByHits == 0 ) ); > > my $openCmd = "LANG=C $GREP \"$searchString\" $maillog |"; > if ( $maillog =~ /\.gz$/ ) { > $openCmd = "$GUNZIP -c $maillog | LANG=C $GREP \"$searchString\" >|"; > } > open LOG, "$openCmd" || die "Cannot open $maillog"; > > while ( ) { > next unless /$searchString >\((?:$cachedString|$nCachedString)$scoreString[-\d.]+, $reqdStrin >g[-\d.]+,(?: $autoString,)?(.*)$/; > my $hits = $1; > foreach my $hit ( $hits =~ / ([^\s]+) -?[\d.]+(?:,|\))/g ) { > $hit{$hit}++; > } > } > > close LOG; >} > >if ( $sortByName ) { > foreach my $hit ( sort keys %hit ) { > printf "%27s %5d\n", $hit, $hit{$hit}; > } >} elsif ( $sortByHits ) { > foreach my $hit ( sort {$hit{$b}<=>$hit{$a}} keys %hit ) { > printf "%27s %5d\n", $hit, $hit{$hit}; > } >} > > >-----Message d'origine----- >De : MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] De >la part de Peter Nitschke >Envoy� : 19 juin 2015 02:21 >� : mailscanner at lists.mailscanner.info >Objet : Check which rules hit > >I have built up a large number of rules for SA to use with MS and many >are probably now obsolete. > >How can I monitor which rules are getting hits? > >Thanks. > >Peter > > > > >-- >MailScanner mailing list >mailscanner at lists.mailscanner.info >http://lists.mailscanner.info/listinfo/mailscanner > > -- MailScanner mailing >list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From email at ace.net.au Wed Jun 24 12:54:04 2015 From: email at ace.net.au (Peter Nitschke) Date: Wed, 24 Jun 2015 22:24:04 +0930 Subject: Check which rules hit In-Reply-To: <201506242213520245.0EF82EE1@web.ace.net.au> References: <201506191550450309.7B67525B@web.ace.net.au> <201506230250510850.05A9196B@web.ace.net.au> <201506242213520245.0EF82EE1@web.ace.net.au> Message-ID: <201506242224040413.0F01861D@web.ace.net.au> Scrap that, I deleted the line with "cached" as my logs don't have that and now I am getting screen output. However it looks as though deleting the "cached" line is causing errors. Is there a better way to deal with that? Peter *********** REPLY SEPARATOR *********** On 24/06/2015 at 10:13 PM Peter Nitschke wrote: Is the output to screen or to a file? Thanks. *********** REPLY SEPARATOR *********** On 22/06/2015 at 5:51 PM Denis Beauchemin wrote: My log lines look like this: Jun 22 13:26:16 10.32.103.21 smtps2 MailScanner[47071]: Message t5MHQFDv033375 from 10.32.106.21 (someone at usherbrooke.ca) to usherbrooke.ca is n'est pas un polluriel, SpamAssassin (not cached, score=-6.206, requis 6.5, autolearn=not spam, BAYES_00 -1.90, HTML_MESSAGE 0.00, RDNS_NONE 0.79, UDES_FROM01 -3.00, UDES_FROM02 -0.10, UDES_FROMTO01 -2.00) Jun 22 13:27:23 10.32.103.28 smtpe1 MailScanner[61090]: Message t5MHR8mw063252 from 64.5.96.10 (someone at alliinclusive.space) to usherbrooke.ca is est un polluriel, SpamAssassin (not cached, score=7.776, requis 6.5, autolearn=spam, BAYES_50 0.80, HTML_EXTRA_CLOSE 0.00, HTML_MESSAGE 0.00, HTML_TAG_BALANCE_BODY 1.16, MIME_HTML_ONLY 0.72, MIME_HTML_ONLY_MULTI 0.00, MPART_ALT_DIFF 0.79, RDNS_NONE 0.79, STYLE_GIBBERISH 3.50, T_REMOTE_IMAGE 0.01) The script does a first grep for the strings in yellow. There�s a third string that matches all ham/spam: un polluriel, SpamAssassin Then Perl is used to search for lines that match: 1- The yellow string followed by � (� 2- Then the green string (could also be �cached�) 3- Then the blue strings, including the digits, decimal point and minus sign 4- Then the dark grey strings, including the digits, decimal point and minus sign 5- Then the light gray string that could be omitted 6- Then all the rules names and their respective score (could be negative) At the end the matching rules are printed sorted as requested. Denis -----Message d'origine----- De : MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Peter Nitschke Envoy� : 22 juin 2015 13:21 � : mailscanner at lists.mailscanner.info Objet : RE: Check which rules hit This looks interesting. I edited to English for spam, not spam etc, but when I run it, it just says "processing /var/log/maillog" and is very fast, but I get nothing, no output to screen or file that I can find. Any suggestions how I can understand it better? Thanks, Peter *********** REPLY SEPARATOR *********** On 19/06/2015 at 12:26 PM Denis Beauchemin wrote: >This encoded message has been converted to an attachment. > >I created this script a while back just to do that: >#!/usr/bin/perl -w ># ># Script that looks through maillog to find all messages tagged as spam ># by MailScanner. It then tallies the different SpamAssassin rules >that # fired. ># Denis Beauchemin, 20050516 > >use Getopt::Long; > ># Where some commands reside: >my $GREP = "/bin/grep"; >my $GUNZIP = "/bin/gunzip"; > ># Value of "Spam =" in %report-dir%/languages.conf my $isSpamString = >"est un polluriel, SpamAssassin"; >my $isHamString = "est pas un polluriel, SpamAssassin"; >my $allString = " un polluriel, SpamAssassin"; ># Value of "score =" in %report-dir%/languages.conf >my $scoreString = "score="; ># Value of "required =" in %report-dir%/languages.conf >my $reqdString = "requis "; >my $autoString = "autolearn=spam"; >my $cachedString = "cached, "; >my $nCachedString = "not cached, "; > >my $maillog = "/var/log/maillog"; >@maillogs = (); > >my $sortByName = 0; >my $sortByHits = 0; >my $getHam = 0; >my $getAll = 0; >my $help = 0; > >GetOptions( > 'sortbyname|byname' => \$sortByName, > 'sortbyhits|byhits' => \$sortByHits, > 'log=s' => \@maillogs, > 'ham' => \$getHam, > 'all' => \$getAll, > 'help' => \$help, >); > >if ( $help ) { > print ' >This program tallies SpamAssassin\'s rules that were triggered when an >email was detected as spam by MailScanner. > >You can search for ham with the --ham option. > >You can search for all SpamAssassin results with the --all option. > >By default it sorts the results by rule name. It can also sort them by >number of hits if called with --sortbyhits (or --byhits). > >The option --sortbyname (or --byname) is the default one. > >If you don\'t want to use the current maillog, specify a different one >with --log new-maillog. > >All unknown command line parameters will be treated as additional file >names to process. > >It is OK for a log file to be gzipped. >'; > exit; >} > >push @maillogs, @ARGV; >@maillogs = ( $maillog ) if ( @maillogs == 0 ); #print "Maillogs: >@maillogs\n"; #my $searchString = $getHam ? $isHamString : >$isSpamString; my $searchString; if ( $getAll ) { > $searchString = "$allString"; >} elsif ( $getHam ) { > $searchString = "$isHamString"; >} else { > $searchString = "$isSpamString"; >} > >foreach my $maillog ( @maillogs ) { > print "Processing $maillog...\n"; > > $sortByName++ if ( ( $sortByName == 0 ) && ( $sortByHits == 0 ) ); > > my $openCmd = "LANG=C $GREP \"$searchString\" $maillog |"; > if ( $maillog =~ /\.gz$/ ) { > $openCmd = "$GUNZIP -c $maillog | LANG=C $GREP \"$searchString\" >|"; > } > open LOG, "$openCmd" || die "Cannot open $maillog"; > > while ( ) { > next unless /$searchString >\((?:$cachedString|$nCachedString)$scoreString[-\d.]+, $reqdStrin >g[-\d.]+,(?: $autoString,)?(.*)$/; > my $hits = $1; > foreach my $hit ( $hits =~ / ([^\s]+) -?[\d.]+(?:,|\))/g ) { > $hit{$hit}++; > } > } > > close LOG; >} > >if ( $sortByName ) { > foreach my $hit ( sort keys %hit ) { > printf "%27s %5d\n", $hit, $hit{$hit}; > } >} elsif ( $sortByHits ) { > foreach my $hit ( sort {$hit{$b}<=>$hit{$a}} keys %hit ) { > printf "%27s %5d\n", $hit, $hit{$hit}; > } >} > > >-----Message d'origine----- >De : MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] De >la part de Peter Nitschke >Envoy� : 19 juin 2015 02:21 >� : mailscanner at lists.mailscanner.info >Objet : Check which rules hit > >I have built up a large number of rules for SA to use with MS and many >are probably now obsolete. > >How can I monitor which rules are getting hits? > >Thanks. > >Peter > > > > >-- >MailScanner mailing list >mailscanner at lists.mailscanner.info >http://lists.mailscanner.info/listinfo/mailscanner > > -- MailScanner mailing >list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From kae at midnighthax.com Thu Jun 25 13:32:19 2015 From: kae at midnighthax.com (Keith Edmunds) Date: Thu, 25 Jun 2015 14:32:19 +0100 Subject: Debian repo gone AWOL Message-ID: <20150625143219.24852277@kae.tiger-computing.wbp> Hi all Around the beginning of June or late May, the Debian Mailscanner repo appears to have, er, disappeared. For a long time, the following lines in the appropriate sources.list file worked fine: deb http://apt.baruwa.org/debian wheezy main deb-src http://apt.baruwa.org/debian wheezy main Since then, https://www.baruwa.com/debian 404s. Does anyone know what's happened? Are there still Debian packages around? Thanks, Keith From mark at msapiro.net Thu Jun 25 14:55:55 2015 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 25 Jun 2015 07:55:55 -0700 Subject: Debian repo gone AWOL In-Reply-To: <20150625143219.24852277@kae.tiger-computing.wbp> References: <20150625143219.24852277@kae.tiger-computing.wbp> Message-ID: <558C167B.7030304@msapiro.net> On 06/25/2015 06:32 AM, Keith Edmunds wrote: > > Does anyone know what's happened? Are there still Debian packages around? See . -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From jerry.benton at mailborder.com Thu Jun 25 14:58:25 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Thu, 25 Jun 2015 10:58:25 -0400 Subject: Debian repo gone AWOL In-Reply-To: <558C167B.7030304@msapiro.net> References: <20150625143219.24852277@kae.tiger-computing.wbp> <558C167B.7030304@msapiro.net> Message-ID: I will check later today. - Jerry Benton www.mailborder.com Sent from my iPhone > On Jun 25, 2015, at 10:55, Mark Sapiro wrote: > >> On 06/25/2015 06:32 AM, Keith Edmunds wrote: >> >> Does anyone know what's happened? Are there still Debian packages around? > > > See . > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From jerry.benton at mailborder.com Thu Jun 25 18:33:16 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Thu, 25 Jun 2015 14:33:16 -0400 Subject: Debian repo gone AWOL In-Reply-To: <558C167B.7030304@msapiro.net> References: <20150625143219.24852277@kae.tiger-computing.wbp> <558C167B.7030304@msapiro.net> Message-ID: <338C2937-07C0-401F-B03D-D65DAD528B39@mailborder.com> Yeah, what Mark said. Use the downloads page on the MailScanner website for the Debian package. - Jerry Benton www.mailborder.com > On Jun 25, 2015, at 10:55 AM, Mark Sapiro wrote: > > On 06/25/2015 06:32 AM, Keith Edmunds wrote: >> >> Does anyone know what's happened? Are there still Debian packages around? > > > See . > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From greminn at gmail.com Sat Jun 27 03:47:41 2015 From: greminn at gmail.com (Simon) Date: Sat, 27 Jun 2015 15:47:41 +1200 Subject: Marking email as virus using header? Message-ID: Hi there, We front our mailscanner servers with fortigate firewalls, and use the AV at the firewall rather than mailscanner (av is turned off on mailscanner). Mailscanner is the latest version, running on Centos 6.6. What I have been wondering about is if we could pass the email to mailscanner with a custom header (set at the firewall) and have mailscanner mark it as spam. This would only be for logging purposes, and so that clients can 'see' the av in action and also potentionally let their contacts know if they have been compromised. Is this possible somehow? Many thanks, Simon -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevin.miller at juneau.org Sat Jun 27 16:43:26 2015 From: kevin.miller at juneau.org (Kevin Miller) Date: Sat, 27 Jun 2015 16:43:26 +0000 Subject: Marking email as virus using header? In-Reply-To: References: Message-ID: <8990111f522b4f56aa51baa5cadf419b@City-Exch-DB2.cbj.local> If you can set the custom header on the firewall, you could write a simple spamassassin rule which triggers on that header, and set the “Spam Actions” to a ruleset. If it’s normal spam, do whatever you normally do with spam. If it has the header you’ve set, you could maybe call the custom(parameter) option in Spam Actions and have it do what you want. I haven’t ever used the custom option so I don’t know what all would be involved, but see the notes in the Spam Actions section in MailScanner.conf and /usr/lib/MailScanner/MailScannerCustomFunctions/CustomAction.pm. ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357 From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Simon Sent: Friday, June 26, 2015 7:48 PM To: mailscanner at lists.mailscanner.info Subject: Marking email as virus using header? Hi there, We front our mailscanner servers with fortigate firewalls, and use the AV at the firewall rather than mailscanner (av is turned off on mailscanner). Mailscanner is the latest version, running on Centos 6.6. What I have been wondering about is if we could pass the email to mailscanner with a custom header (set at the firewall) and have mailscanner mark it as spam. This would only be for logging purposes, and so that clients can 'see' the av in action and also potentionally let their contacts know if they have been compromised. Is this possible somehow? Many thanks, Simon -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevin.miller at juneau.org Sat Jun 27 16:46:02 2015 From: kevin.miller at juneau.org (Kevin Miller) Date: Sat, 27 Jun 2015 16:46:02 +0000 Subject: Marking email as virus using header? In-Reply-To: References: Message-ID: A quick followup to my previous post – scrolling down a bit further in MailScanner.conf I see a “SpamAssassin Rule Actions” setting. That may be even easier to work with for what you’re trying to accomplish… ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357 From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Simon Sent: Friday, June 26, 2015 7:48 PM To: mailscanner at lists.mailscanner.info Subject: Marking email as virus using header? Hi there, We front our mailscanner servers with fortigate firewalls, and use the AV at the firewall rather than mailscanner (av is turned off on mailscanner). Mailscanner is the latest version, running on Centos 6.6. What I have been wondering about is if we could pass the email to mailscanner with a custom header (set at the firewall) and have mailscanner mark it as spam. This would only be for logging purposes, and so that clients can 'see' the av in action and also potentionally let their contacts know if they have been compromised. Is this possible somehow? Many thanks, Simon -------------- next part -------------- An HTML attachment was scrubbed... URL: From greminn at gmail.com Sun Jun 28 21:35:29 2015 From: greminn at gmail.com (Simon) Date: Mon, 29 Jun 2015 09:35:29 +1200 Subject: Marking email as virus using header? In-Reply-To: References: Message-ID: Thanks Kevin - i will investigate those options. “SpamAssassin Rule Actions” looks promising! Simon On Sun, Jun 28, 2015 at 4:46 AM, Kevin Miller wrote: > A quick followup to my previous post – scrolling down a bit further in > MailScanner.conf I see a “SpamAssassin Rule Actions” setting. That may be > even easier to work with for what you’re trying to accomplish… > > > > ...Kevin > -- > Kevin Miller > Network/email Administrator, CBJ MIS Dept. > 155 South Seward Street > Juneau, Alaska 99801 > Phone: (907) 586-0242, Fax: (907) 586-4500 > Registered Linux User No: 307357 > > > > *From:* MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] *On > Behalf Of *Simon > *Sent:* Friday, June 26, 2015 7:48 PM > *To:* mailscanner at lists.mailscanner.info > *Subject:* Marking email as virus using header? > > > > Hi there, > > > > We front our mailscanner servers with fortigate firewalls, and use the AV > at the firewall rather than mailscanner (av is turned off on mailscanner). > Mailscanner is the latest version, running on Centos 6.6. > > > > What I have been wondering about is if we could pass the email to > mailscanner with a custom header (set at the firewall) and have mailscanner > mark it as spam. > > > > This would only be for logging purposes, and so that clients can 'see' the > av in action and also potentionally let their contacts know if they have > been compromised. > > > > Is this possible somehow? > > > > Many thanks, > > > > Simon > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From greminn at gmail.com Sun Jun 28 21:43:52 2015 From: greminn at gmail.com (Simon) Date: Mon, 29 Jun 2015 09:43:52 +1200 Subject: Stored Bad Filename Message Report sending when HIGH SPAM Message-ID: Hi There, We have just started trialling MailScanner 4.85.2 on Centos 6.6 and its working really well. We have "Notify Senders Of Blocked Filenames Or Filetypes" = 'yes' so our clients get notified when an attachment has been blocked.. and this works well for legitimate senders. However in one case the message is clearly SPAM (e.g. its SA score is 12.37) - is there any way to stop MailScanner sending these reports in these instances? Thanks Simon -------------- next part -------------- An HTML attachment was scrubbed... URL: From greminn at gmail.com Mon Jun 29 00:38:21 2015 From: greminn at gmail.com (Simon) Date: Mon, 29 Jun 2015 12:38:21 +1200 Subject: SA not getting Envelope-From - cannot use SPF Message-ID: Hi There (again!), Sorry for barrage of questions :) For some reason SA is not doing any SPF checks: Jun 29 12:32:55.131 [29496] dbg: diag: [...] module installed: Mail::SPF, version v2.008 Jun 29 12:32:55.147 [29496] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC Jun 29 12:32:57.122 [29496] dbg: spf: cannot get Envelope-From, cannot use SPF Jun 29 12:32:57.122 [29496] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender Jun 29 12:32:57.123 [29496] dbg: spf: spf_whitelist_from: could not find useable envelope sender Ive done quite a bit of checking conf but cant seem to figure out whats going on. Is this something todo with postfix not setting Envelope-From correctly? "envelope_sender_header X-MailScanner-From" is in the spam.assassin.prefs.conf and "Envelope From Header = X-MailScanner-From:" is set in MailScanner.conf MailScanner Version:4.85.2 SpamAssassin Version:3.3.1 Many thanks Simon -------------- next part -------------- An HTML attachment was scrubbed... URL: From greminn at gmail.com Mon Jun 29 09:28:59 2015 From: greminn at gmail.com (Simon) Date: Mon, 29 Jun 2015 21:28:59 +1200 Subject: SA not getting Envelope-From - cannot use SPF In-Reply-To: References: Message-ID: OK i did a bit more digging here, and changed some settings: in MailScanner.conf: %org-name% = NewMediaNetworks Add Envelope From Header = yes Envelope From Header = X-%org-name%-MailScanner-From: In spam.assassin.prefs.conf: envelope_sender_header X-NewMediaNetworks-MailScanner-From But for some reason im still not seeing the header in SA: dbg: FreeMail: header Reply-To not found from mail dbg: spf: cannot get Envelope-From, cannot use SPF dbg: spf: def_spf_whitelist_from: could not find useable envelope sender dbg: message: envelope_sender_header 'X-NewMediaNetworks-MailScanner-From' not found in message Cheers On Mon, Jun 29, 2015 at 12:38 PM, Simon wrote: > Hi There (again!), Sorry for barrage of questions :) > > For some reason SA is not doing any SPF checks: > > Jun 29 12:32:55.131 [29496] dbg: diag: [...] module installed: Mail::SPF, > version v2.008 > Jun 29 12:32:55.147 [29496] dbg: plugin: loading > Mail::SpamAssassin::Plugin::SPF from @INC > Jun 29 12:32:57.122 [29496] dbg: spf: cannot get Envelope-From, cannot use > SPF > Jun 29 12:32:57.122 [29496] dbg: spf: def_spf_whitelist_from: could not > find useable envelope sender > Jun 29 12:32:57.123 [29496] dbg: spf: spf_whitelist_from: could not find > useable envelope sender > > Ive done quite a bit of checking conf but cant seem to figure out whats > going on. Is this something todo with postfix not setting Envelope-From > correctly? > > "envelope_sender_header X-MailScanner-From" is in > the spam.assassin.prefs.conf and "Envelope From Header = > X-MailScanner-From:" is set in MailScanner.conf > > MailScanner Version:4.85.2 > SpamAssassin Version:3.3.1 > > Many thanks > > Simon > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Mon Jun 29 13:05:14 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 29 Jun 2015 09:05:14 -0400 Subject: SA not getting Envelope-From - cannot use SPF In-Reply-To: References: Message-ID: I assume you are running spamassassin —lint. Run MailScanner —lint. If you want to run spamassassin —lint you need to include the option that points it to spam.assassin.prefs.conf. - Jerry Benton www.mailborder.com > On Jun 29, 2015, at 5:28 AM, Simon wrote: > > OK i did a bit more digging here, and changed some settings: > > in MailScanner.conf: > > %org-name% = NewMediaNetworks > Add Envelope From Header = yes > Envelope From Header = X-%org-name%-MailScanner-From: > > In spam.assassin.prefs.conf: > > envelope_sender_header X-NewMediaNetworks-MailScanner-From > > But for some reason im still not seeing the header in SA: > > dbg: FreeMail: header Reply-To not found from mail > dbg: spf: cannot get Envelope-From, cannot use SPF > dbg: spf: def_spf_whitelist_from: could not find useable envelope sender > dbg: message: envelope_sender_header 'X-NewMediaNetworks-MailScanner-From' not found in message > > Cheers > > > On Mon, Jun 29, 2015 at 12:38 PM, Simon > wrote: > Hi There (again!), Sorry for barrage of questions :) > > For some reason SA is not doing any SPF checks: > > Jun 29 12:32:55.131 [29496] dbg: diag: [...] module installed: Mail::SPF, version v2.008 > Jun 29 12:32:55.147 [29496] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > Jun 29 12:32:57.122 [29496] dbg: spf: cannot get Envelope-From, cannot use SPF > Jun 29 12:32:57.122 [29496] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender > Jun 29 12:32:57.123 [29496] dbg: spf: spf_whitelist_from: could not find useable envelope sender > > Ive done quite a bit of checking conf but cant seem to figure out whats going on. Is this something todo with postfix not setting Envelope-From correctly? > > "envelope_sender_header X-MailScanner-From" is in the spam.assassin.prefs.conf and "Envelope From Header = X-MailScanner-From:" is set in MailScanner.conf > > MailScanner Version:4.85.2 > SpamAssassin Version:3.3.1 > > Many thanks > > Simon > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From greminn at gmail.com Mon Jun 29 20:47:09 2015 From: greminn at gmail.com (Simon) Date: Tue, 30 Jun 2015 08:47:09 +1200 Subject: SA not getting Envelope-From - cannot use SPF In-Reply-To: References: Message-ID: Thanks for the reply Jerry.. I was running: spamassassin -x -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint to get those results. MailScanner --lint results in the following, so it looks like i need to sort something with pyzor (and note we are not using virus checks as these taken care of at the network edge). Currently you are using no virus scanners. This is probably not what you want. In your /etc/MailScanner/MailScanner.conf file, set Virus Scanners = clamav Then download http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz Unpack it, "cd" into the directory and run ./install.sh Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 464 hostnames from the phishing whitelist Read 12608 hostnames from the phishing blacklists Config: calling custom init function SQLBlacklist Starting up SQL Blacklist Read 11 blacklist entries Config: calling custom init function MailWatchLogging Started SQL Logging child Config: calling custom init function SQLWhitelist Starting up SQL Whitelist Read 3 whitelist entries Checking version numbers... Version number in MailScanner.conf (4.85.2) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. MailScanner setting GID to (48) MailScanner setting UID to (89) Checking for SpamAssassin errors (if you use it)... pyzor: check failed: internal error, python traceback seen in response SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 0 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = none" Found these virus scanners installed: clamavmodule =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting =========================================================================== If any of your virus scanners (clamavmodule) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Config: calling custom end function SQLBlacklist Closing down SQL Blacklist Config: calling custom end function MailWatchLogging Config: calling custom end function SQLWhitelist Closing down SQL Whitelist On Tue, Jun 30, 2015 at 1:05 AM, Jerry Benton wrote: > I assume you are running spamassassin —lint. Run MailScanner —lint. If you > want to run spamassassin —lint you need to include the option that points > it to spam.assassin.prefs.conf. > > - > Jerry Benton > www.mailborder.com > > > > On Jun 29, 2015, at 5:28 AM, Simon wrote: > > OK i did a bit more digging here, and changed some settings: > > in MailScanner.conf: > > %org-name% = NewMediaNetworks > Add Envelope From Header = yes > Envelope From Header = X-%org-name%-MailScanner-From: > > In spam.assassin.prefs.conf: > > envelope_sender_header X-NewMediaNetworks-MailScanner-From > > But for some reason im still not seeing the header in SA: > > dbg: FreeMail: header Reply-To not found from mail > dbg: spf: cannot get Envelope-From, cannot use SPF > dbg: spf: def_spf_whitelist_from: could not find useable envelope sender > dbg: message: envelope_sender_header 'X-NewMediaNetworks-MailScanner-From' > not found in message > > Cheers > > > On Mon, Jun 29, 2015 at 12:38 PM, Simon wrote: > >> Hi There (again!), Sorry for barrage of questions :) >> >> For some reason SA is not doing any SPF checks: >> >> Jun 29 12:32:55.131 [29496] dbg: diag: [...] module installed: Mail::SPF, >> version v2.008 >> Jun 29 12:32:55.147 [29496] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::SPF from @INC >> Jun 29 12:32:57.122 [29496] dbg: spf: cannot get Envelope-From, cannot >> use SPF >> Jun 29 12:32:57.122 [29496] dbg: spf: def_spf_whitelist_from: could not >> find useable envelope sender >> Jun 29 12:32:57.123 [29496] dbg: spf: spf_whitelist_from: could not find >> useable envelope sender >> >> Ive done quite a bit of checking conf but cant seem to figure out whats >> going on. Is this something todo with postfix not setting Envelope-From >> correctly? >> >> "envelope_sender_header X-MailScanner-From" is in >> the spam.assassin.prefs.conf and "Envelope From Header = >> X-MailScanner-From:" is set in MailScanner.conf >> >> MailScanner Version:4.85.2 >> SpamAssassin Version:3.3.1 >> >> Many thanks >> >> Simon >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From greminn at gmail.com Mon Jun 29 21:12:01 2015 From: greminn at gmail.com (Simon) Date: Tue, 30 Jun 2015 09:12:01 +1200 Subject: SA not getting Envelope-From - cannot use SPF In-Reply-To: References: Message-ID: OK a followup here.. im still getting errors from SA regarding not getting the header correctly.. # spamassassin -x -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint dbg: message: envelope_sender_header 'X-NewMediaNetworks-MailScanner-From' not found in message dbg: spf: cannot get Envelope-From, cannot use SPF dbg: spf: def_spf_whitelist_from: could not find useable envelope sender dbg: FreeMail: header EnvelopeFrom not found from mail dbg: spf: spf_whitelist_from: could not find useable envelope sender Full output here: http://pastebin.com/7yMczpbg On Tue, Jun 30, 2015 at 8:47 AM, Simon wrote: > Thanks for the reply Jerry.. I was running: > > spamassassin -x -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint to > get those results. MailScanner --lint results in the following, so it > looks like i need to sort something with pyzor (and note we are not using > virus checks as these taken care of at the network edge). > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Mon Jun 29 21:21:38 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 29 Jun 2015 17:21:38 -0400 Subject: SA not getting Envelope-From - cannot use SPF In-Reply-To: References: Message-ID: <1225DC90-5721-4F6B-BFFD-9FE965EF476D@mailborder.com> Well, if it makes you feel better, I get the same error on my lab system. However, I know when processing real mail the SPF portion does work and assigns scores. I have attached a screenshot from my Mailborder v5.0.0 development server. - Jerry Benton www.mailborder.com > On Jun 29, 2015, at 5:12 PM, Simon wrote: > > spamassassin -x -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Screen Shot 2015-06-29 at 5.19.07 PM.png Type: image/png Size: 208563 bytes Desc: not available URL: From greminn at gmail.com Mon Jun 29 21:26:17 2015 From: greminn at gmail.com (Simon) Date: Tue, 30 Jun 2015 09:26:17 +1200 Subject: SA not getting Envelope-From - cannot use SPF In-Reply-To: <1225DC90-5721-4F6B-BFFD-9FE965EF476D@mailborder.com> References: <1225DC90-5721-4F6B-BFFD-9FE965EF476D@mailborder.com> Message-ID: Hi Jerry - i fell much better! :) Did what i should have done in a list of checks and actually send an email from a domain with SPF set: Jun 30 09:24:15 mx2 MailScanner[3392]: Message 5926C40E3C.ACD2C from 192.168.1.1 (bla at testdomain.co.nz) to testdomain.co.nz is spam, SpamAssassin (score=8.127, required 6, FSL_HELO_NON_FQDN_1 0.00, HELO_LOCALHOST 3.60, HTML_MESSAGE 0.00, INVALID_DATE 0.43, MIME_HTML_ONLY 1.10, MISSING_MID 0.14, *SPF_FAIL 0.92, TO_EQ_FM_DOM_SPF_FAIL 1.93, TO_EQ_FM_SPF_FAIL 0.00*) Cool - thanks. On Tue, Jun 30, 2015 at 9:21 AM, Jerry Benton wrote: > Well, if it makes you feel better, I get the same error on my lab system. > However, I know when processing real mail the SPF portion does work and > assigns scores. I have attached a screenshot from my Mailborder v5.0.0 > development server. > > > - > Jerry Benton > www.mailborder.com > > > On Jun 29, 2015, at 5:12 PM, Simon wrote: > > spamassassin -x -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Screen Shot 2015-06-29 at 5.19.07 PM.png Type: image/png Size: 208563 bytes Desc: not available URL: From Denis.Beauchemin at usherbrooke.ca Tue Jun 30 12:18:49 2015 From: Denis.Beauchemin at usherbrooke.ca (Denis Beauchemin) Date: Tue, 30 Jun 2015 12:18:49 +0000 Subject: Check which rules hit In-Reply-To: <201506242224040413.0F01861D@web.ace.net.au> References: <201506191550450309.7B67525B@web.ace.net.au> <201506230250510850.05A9196B@web.ace.net.au> <201506242213520245.0EF82EE1@web.ace.net.au> <201506242224040413.0F01861D@web.ace.net.au> Message-ID: Peter, post some log lines and I will make it work for you. Denis De : MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Peter Nitschke Envoyé : 24 juin 2015 08:55 À : mailscanner at lists.mailscanner.info Objet : RE: Check which rules hit o;? Scrap that, I deleted the line with "cached" as my logs don't have that and now I am getting screen output. However it looks as though deleting the "cached" line is causing errors. Is there a better way to deal with that? Peter *********** REPLY SEPARATOR *********** On 24/06/2015 at 10:13 PM Peter Nitschke wrote: Is the output to screen or to a file? Thanks. *********** REPLY SEPARATOR *********** On 22/06/2015 at 5:51 PM Denis Beauchemin wrote: My log lines look like this: Jun 22 13:26:16 10.32.103.21 smtps2 MailScanner[47071]: Message t5MHQFDv033375 from 10.32.106.21 (someone at usherbrooke.ca) to usherbrooke.ca is n'est pas un polluriel, SpamAssassin (not cached, score=-6.206, requis 6.5, autolearn=not spam, BAYES_00 -1.90, HTML_MESSAGE 0.00, RDNS_NONE 0.79, UDES_FROM01 -3.00, UDES_FROM02 -0.10, UDES_FROMTO01 -2.00) Jun 22 13:27:23 10.32.103.28 smtpe1 MailScanner[61090]: Message t5MHR8mw063252 from 64.5.96.10 (someone at alliinclusive.space) to usherbrooke.ca is est un polluriel, SpamAssassin (not cached, score=7.776, requis 6.5, autolearn=spam, BAYES_50 0.80, HTML_EXTRA_CLOSE 0.00, HTML_MESSAGE 0.00, HTML_TAG_BALANCE_BODY 1.16, MIME_HTML_ONLY 0.72, MIME_HTML_ONLY_MULTI 0.00, MPART_ALT_DIFF 0.79, RDNS_NONE 0.79, STYLE_GIBBERISH 3.50, T_REMOTE_IMAGE 0.01) The script does a first grep for the strings in yellow. Thereb third string that matches all ham/spam: un polluriel, SpamAssassin Then Perl is used to search for lines that match: 1- The yellow string followed by b 2- Then the green string (could also be b 3- Then the blue strings, including the digits, decimal point and minus sign 4- Then the dark grey strings, including the digits, decimal point and minus sign 5- Then the light gray string that could be omitted 6- Then all the rules names and their respective score (could be negative) At the end the matching rules are printed sorted as requested. Denis -----Message d'origine----- De : MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Peter Nitschke EnvoyC) : 22 juin 2015 13:21 C mailscanner at lists.mailscanner.info Objet : RE: Check which rules hit This looks interesting. I edited to English for spam, not spam etc, but when I run it, it just says "processing /var/log/maillog" and is very fast, but I get nothing, no output to screen or file that I can find. Any suggestions how I can understand it better? Thanks, Peter *********** REPLY SEPARATOR *********** On 19/06/2015 at 12:26 PM Denis Beauchemin wrote: >This encoded message has been converted to an attachment. > >I created this script a while back just to do that: >#!/usr/bin/perl -w ># ># Script that looks through maillog to find all messages tagged as spam ># by MailScanner. It then tallies the different SpamAssassin rules >that # fired. ># Denis Beauchemin, 20050516 > >use Getopt::Long; > ># Where some commands reside: >my $GREP = "/bin/grep"; >my $GUNZIP = "/bin/gunzip"; > ># Value of "Spam =" in %report-dir%/languages.conf my $isSpamString = >"est un polluriel, SpamAssassin"; >my $isHamString = "est pas un polluriel, SpamAssassin"; >my $allString = " un polluriel, SpamAssassin"; ># Value of "score =" in %report-dir%/languages.conf >my $scoreString = "score="; ># Value of "required =" in %report-dir%/languages.conf >my $reqdString = "requis "; >my $autoString = "autolearn=spam"; >my $cachedString = "cached, "; >my $nCachedString = "not cached, "; > >my $maillog = "/var/log/maillog"; >@maillogs = (); > >my $sortByName = 0; >my $sortByHits = 0; >my $getHam = 0; >my $getAll = 0; >my $help = 0; > >GetOptions( > 'sortbyname|byname' => \$sortByName, > 'sortbyhits|byhits' => \$sortByHits, > 'log=s' => \@maillogs, > 'ham' => \$getHam, > 'all' => \$getAll, > 'help' => \$help, >); > >if ( $help ) { > print ' >This program tallies SpamAssassin\'s rules that were triggered when an >email was detected as spam by MailScanner. > >You can search for ham with the --ham option. > >You can search for all SpamAssassin results with the --all option. > >By default it sorts the results by rule name. It can also sort them by >number of hits if called with --sortbyhits (or --byhits). > >The option --sortbyname (or --byname) is the default one. > >If you don\'t want to use the current maillog, specify a different one >with --log new-maillog. > >All unknown command line parameters will be treated as additional file >names to process. > >It is OK for a log file to be gzipped. >'; > exit; >} > >push @maillogs, @ARGV; >@maillogs = ( $maillog ) if ( @maillogs == 0 ); #print "Maillogs: >@maillogs\n"; #my $searchString = $getHam ? $isHamString : >$isSpamString; my $searchString; if ( $getAll ) { > $searchString = "$allString"; >} elsif ( $getHam ) { > $searchString = "$isHamString"; >} else { > $searchString = "$isSpamString"; >} > >foreach my $maillog ( @maillogs ) { > print "Processing $maillog...\n"; > > $sortByName++ if ( ( $sortByName == 0 ) && ( $sortByHits == 0 ) ); > > my $openCmd = "LANG=C $GREP \"$searchString\" $maillog |"; > if ( $maillog =~ /\.gz$/ ) { > $openCmd = "$GUNZIP -c $maillog | LANG=C $GREP \"$searchString\" >|"; > } > open LOG, "$openCmd" || die "Cannot open $maillog"; > > while ( ) { > next unless /$searchString >\((?:$cachedString|$nCachedString)$scoreString[-\d.]+, $reqdStrin >g[-\d.]+,(?: $autoString,)?(.*)$/; > my $hits = $1; > foreach my $hit ( $hits =~ / ([^\s]+) -?[\d.]+(?:,|\))/g ) { > $hit{$hit}++; > } > } > > close LOG; >} > >if ( $sortByName ) { > foreach my $hit ( sort keys %hit ) { > printf "%27s %5d\n", $hit, $hit{$hit}; > } >} elsif ( $sortByHits ) { > foreach my $hit ( sort {$hit{$b}<=>$hit{$a}} keys %hit ) { > printf "%27s %5d\n", $hit, $hit{$hit}; > } >} > > >-----Message d'origine----- >De : MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] De >la part de Peter Nitschke >EnvoyC) : 19 juin 2015 02:21 >C href="mailto:mailscanner at lists.mailscanner.info">mailscanner at lists.mailscanner.info >Objet : Check which rules hit > >I have built up a large number of rules for SA to use with MS and many >are probably now obsolete. > >How can I monitor which rules are getting hits? > >Thanks. > >Peter > > > > >-- >MailScanner mailing list >mailscanner at lists.mailscanner.info >http://lists.mailscanner.info/listinfo/mailscanner > > -- MailScanner mailing >list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: