From blaurila at sbcglobal.net Tue Sep 1 21:21:37 2015 From: blaurila at sbcglobal.net (Bryan Laurila) Date: Tue, 1 Sep 2015 21:21:37 +0000 (UTC) Subject: Rule for Calendar Appointments In-Reply-To: <55E0AC88.9050607@replies.cyways.com> References: <55E0AC88.9050607@replies.cyways.com> Message-ID: <826852091.2995965.1441142497996.JavaMail.yahoo@mail.yahoo.com> Peter, There hasn't been anything in common that I have been able to determine with any sort of reliability. That's why I was wondering if anyone has created any meeting invitation/ical invitation rules. Thanks, Bryan From: Peter H. Lemieux To: MailScanner Discussion Sent: Friday, August 28, 2015 1:46 PM Subject: Re: Rule for Calendar Appointments Do they have features in common like the From address or the originating server? You can use them to whitelist the announcements in MailScanner or use custom SpamAssassin rules to lower their scores. Peter On 8/28/2015 2:37 PM, Bryan Laurila wrote: > I have noticed over the past couple months that I have had an increase > in the number of spam false positives for calendar appointments. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailbag at partnersolutions.ca Wed Sep 2 16:03:13 2015 From: mailbag at partnersolutions.ca (PSI Mailbag) Date: Wed, 2 Sep 2015 16:03:13 +0000 Subject: "Archives: Filename Rules" is being bypassed by badly formatted Content-Type header Message-ID: Hello, World! (aka, MailScanner list..), I had a batch of viruses come through yesterday within a zip that managed to bypass our checks in "Archives: Filename Rules". My rule file is configured to not let .exe attachments through, even if they're in zip files, which has been working fine up until this specific message (to my knowledge, at least). After putting MS in debug on a test server and uncommenting a lot of the print to STDERR's, it turns out that there's an extra newline in the Content-Type header right before the name= segment. When this is found on a separate line, the attachment isn't decoded and is stored in the work folder in the original base64 format. I wasn't able to track where this was happening specifically, but I'm guessing it's with MIME::Parser under Explode(). The files are named nmsg--.dat. Since the attachment isn't properly decoded, UnpackZip() fails to extract the content and it gets sent happily on its way. This happened to me with MS 4.84.6 on CentOS 6.7, but it also happens on 4.85.2 (validated this morning). I've tested it against perl-MIME-tools 5.427 from the base CentOS repo, as well as 5.503 from FSL's old MailScaner gold repo. I haven't had a chance to confirm against the latest 5.506 from CPAN, though. Broken header that skips the extraction: --- Content-Type: application/x-zip-compressed; name="7636557481_Trantow-Deckow_Jewel Mosciski.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="7636557481_Trantow-Deckow_Jewel Mosciski.zip" --- Working header that properly extracts: --- Content-Type: application/x-zip-compressed; name="7636557481_Trantow-Deckow_Jewel Mosciski.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="7636557481_Trantow-Deckow_Jewel Mosciski.zip" --- Has anyone else run into this or have more time to properly track and kill this bug? I can provide a copy of the raw message for test purposes as well. Thanks -Joshua From pas at unh.edu Thu Sep 3 16:00:47 2015 From: pas at unh.edu (Paul Sand) Date: Thu, 3 Sep 2015 12:00:47 -0400 Subject: www.google.com in phishing.bad.sites.conf? Message-ID: <20150903160047.GA100429@cisunix.unh.edu> Hi -- It seems "www.google.com" got into the phishing.bad.sites.conf file at some point over the past few days. That seems problematic to me, or am I missing something? -- -- Paul A Sand -- Information Technology / University of New Hampshire -- http://pubpages.unh.edu/~pas -- Sent without the express written consent of Major League Baseball. From jerry.benton at mailborder.com Thu Sep 3 17:16:06 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Thu, 3 Sep 2015 13:16:06 -0400 Subject: www.google.com in phishing.bad.sites.conf? In-Reply-To: <20150903160047.GA100429@cisunix.unh.edu> References: <20150903160047.GA100429@cisunix.unh.edu> Message-ID: <43AE38FF-F6AD-4D49-A082-72039456E229@mailborder.com> Are you using the updater from here? http://phishing.mailborder.com/update_phishing_sites Add www.google.com to the phishing.safe.sites.custom in /etc/MailScanner after running this script once. I will look into why it is making the list. It should not be. (Even though a ton of malware is being hosted on Google Docs.) - Jerry Benton www.mailborder.com > On Sep 3, 2015, at 12:00 PM, Paul Sand wrote: > > Hi -- > > It seems "www.google.com" got into the phishing.bad.sites.conf > file at some point over the past few days. That seems problematic > to me, or am I missing something? > > -- > -- Paul A Sand > -- Information Technology / University of New Hampshire > -- http://pubpages.unh.edu/~pas > -- Sent without the express written consent of Major League Baseball. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From pas at unh.edu Thu Sep 3 17:54:42 2015 From: pas at unh.edu (Paul Sand) Date: Thu, 3 Sep 2015 13:54:42 -0400 Subject: www.google.com in phishing.bad.sites.conf? In-Reply-To: <43AE38FF-F6AD-4D49-A082-72039456E229@mailborder.com> References: <20150903160047.GA100429@cisunix.unh.edu> <43AE38FF-F6AD-4D49-A082-72039456E229@mailborder.com> Message-ID: <20150903175442.GA109499@cisunix.unh.edu> * Jerry Benton [2015-09-03 13:17]: > Are you using the updater from here? > http://phishing.mailborder.com/update_phishing_sites Not quite, but close. The version I have uses the --compressed option to curl on line 53-4; that's the only significant change. [Similar difference on update_bad_phishing_sites] > Add www.google.com to the phishing.safe.sites.custom in /etc/MailScanner > after running this script once. Done, thanks. (I see "*.google.com" in phishing.safe.sites.conf, but that doesn't seem to override the explicit www.google.com in phishing.bad.sites.conf. Is it supposed to?) > I will look into why it is making the list. It should not be. (Even though > a ton of malware is being hosted on Google Docs.) Our user was innocently trying to send a link to directions on Google Maps. She was pretty sure she was doing something wrong; so was I, before I tried it myself. -- -- Paul A Sand -- Information Technology / University of New Hampshire -- http://pubpages.unh.edu/~pas -- Some restrictions apply. From jerry.benton at mailborder.com Thu Sep 3 19:03:38 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Thu, 3 Sep 2015 15:03:38 -0400 Subject: www.google.com in phishing.bad.sites.conf? In-Reply-To: <20150903175442.GA109499@cisunix.unh.edu> References: <20150903160047.GA100429@cisunix.unh.edu> <43AE38FF-F6AD-4D49-A082-72039456E229@mailborder.com> <20150903175442.GA109499@cisunix.unh.edu> Message-ID: Yeah, I am looking at the script that builds it now. It should not be including it. - Jerry Benton www.mailborder.com > On Sep 3, 2015, at 1:54 PM, Paul Sand wrote: > > * Jerry Benton [2015-09-03 13:17]: >> Are you using the updater from here? >> http://phishing.mailborder.com/update_phishing_sites > > Not quite, but close. The version I have uses the --compressed option to > curl on line 53-4; that's the only significant change. > > [Similar difference on update_bad_phishing_sites] > >> Add www.google.com to the phishing.safe.sites.custom in /etc/MailScanner >> after running this script once. > > Done, thanks. > > (I see "*.google.com" in phishing.safe.sites.conf, but that doesn't > seem to override the explicit www.google.com in phishing.bad.sites.conf. > Is it supposed to?) > >> I will look into why it is making the list. It should not be. (Even though >> a ton of malware is being hosted on Google Docs.) > > Our user was innocently trying to send a link to directions > on Google Maps. She was pretty sure she was doing something wrong; so was I, > before I tried it myself. > > -- > -- Paul A Sand > -- Information Technology / University of New Hampshire > -- http://pubpages.unh.edu/~pas > -- Some restrictions apply. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From jerry.benton at mailborder.com Thu Sep 3 19:51:37 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Thu, 3 Sep 2015 15:51:37 -0400 Subject: www.google.com in phishing.bad.sites.conf? In-Reply-To: <20150903175442.GA109499@cisunix.unh.edu> References: <20150903160047.GA100429@cisunix.unh.edu> <43AE38FF-F6AD-4D49-A082-72039456E229@mailborder.com> <20150903175442.GA109499@cisunix.unh.edu> Message-ID: Ok, I made some tweaks. - Jerry Benton www.mailborder.com > On Sep 3, 2015, at 1:54 PM, Paul Sand wrote: > > * Jerry Benton [2015-09-03 13:17]: >> Are you using the updater from here? >> http://phishing.mailborder.com/update_phishing_sites > > Not quite, but close. The version I have uses the --compressed option to > curl on line 53-4; that's the only significant change. > > [Similar difference on update_bad_phishing_sites] > >> Add www.google.com to the phishing.safe.sites.custom in /etc/MailScanner >> after running this script once. > > Done, thanks. > > (I see "*.google.com" in phishing.safe.sites.conf, but that doesn't > seem to override the explicit www.google.com in phishing.bad.sites.conf. > Is it supposed to?) > >> I will look into why it is making the list. It should not be. (Even though >> a ton of malware is being hosted on Google Docs.) > > Our user was innocently trying to send a link to directions > on Google Maps. She was pretty sure she was doing something wrong; so was I, > before I tried it myself. > > -- > -- Paul A Sand > -- Information Technology / University of New Hampshire > -- http://pubpages.unh.edu/~pas > -- Some restrictions apply. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From Amelein at Dantumadiel.eu Fri Sep 4 09:45:32 2015 From: Amelein at Dantumadiel.eu (Arjan Melein) Date: Fri, 04 Sep 2015 11:45:32 +0200 Subject: docx trash files Message-ID: <55E9845C0200008E00033AC2@GroupWise.Dantumadiel.eu> Hello, I'm running into a small issue where docx files are being blocked as DOS Programs ('No programs allowed') because of a 0000.dat file in a [trash] folder inside the docx. I've found a few other instances of people running into this on Google but nothing for me to change in MS to allow this file. Anyone any suggestions on how to go about this ? - Arjan From jerry.benton at mailborder.com Fri Sep 4 09:49:42 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Fri, 4 Sep 2015 05:49:42 -0400 Subject: docx trash files In-Reply-To: <55E9845C0200008E00033AC2@GroupWise.Dantumadiel.eu> References: <55E9845C0200008E00033AC2@GroupWise.Dantumadiel.eu> Message-ID: <7F2C56B7-3C90-48BF-8310-E6C120DC4070@mailborder.com> Did you add the docx extension to your filename.rules? If you did and it is still being blocked, it is probably an Office 2007 docx which looks like an executable MIME type to the Linux “file” command. - Jerry Benton www.mailborder.com > On Sep 4, 2015, at 5:45 AM, Arjan Melein wrote: > > Hello, > > I'm running into a small issue where docx files are being blocked as DOS Programs ('No programs allowed') because of a 0000.dat file in a [trash] folder inside the docx. > I've found a few other instances of people running into this on Google but nothing for me to change in MS to allow this file. > Anyone any suggestions on how to go about this ? > > - > Arjan > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From mailbag at partnersolutions.ca Fri Sep 4 12:27:23 2015 From: mailbag at partnersolutions.ca (PSI Mailbag) Date: Fri, 4 Sep 2015 12:27:23 +0000 Subject: docx trash files In-Reply-To: <7F2C56B7-3C90-48BF-8310-E6C120DC4070@mailborder.com> References: <55E9845C0200008E00033AC2@GroupWise.Dantumadiel.eu> <7F2C56B7-3C90-48BF-8310-E6C120DC4070@mailborder.com> Message-ID: > Did you add the docx extension to your filename.rules? If you did and it is still being blocked, it is probably an Office > 2007 docx which looks like an executable MIME type to the Linux “file” command. Adding it to the filename.rules will have no impact, as the conflict is on the filetype.rules which are triggering on the 0000.dat within the docx (as the docx format is really just a glorified zip file). Without allowing all executables, you could edit and recompile your "magic" file (/usr/share/misc/magic on RHEL 6), which controls how the "file" command interprets what type of file you're looking at. If I'm not mistaken, it's one of the first definitions after the comment with ".COM formats (Daniel Quinlan, quinlan at yggdrasil.com)". You'll find it defined twice in the file as well. If you do decide to edit the file, you'll have to compile it to the magic.mgc (in the same directly), which is what actually controls the logic. You should probably make the files immutable as well, or a future update will wipe out your edits. Note that this does remove some filetype detections for other generic COM files as well. Cheers -Joshua From mailbag at partnersolutions.ca Fri Sep 4 12:48:41 2015 From: mailbag at partnersolutions.ca (PSI Mailbag) Date: Fri, 4 Sep 2015 12:48:41 +0000 Subject: "Archives: Filename Rules" is being bypassed by badly formatted Content-Type header In-Reply-To: References: Message-ID: Re-hello, As a follow-up to my message, this can also be used to bypass all filename and filetype rules (not just inside zip files). MIME-tools 5.506 had no impact for me on my test system. MailScanner skips the content validation and passes it on as if it was just a simple message. My mail client properly interprets the badly formed header and displays the attachment. Jerry or one of the other developers? This is a problem that needs some love and care by the development team.. Thanks -Joshua From wilson.galafassi at gmail.com Sun Sep 6 12:40:58 2015 From: wilson.galafassi at gmail.com (Wilson A. Galafassi Jr. [Gmail]) Date: Sun, 6 Sep 2015 09:40:58 -0300 Subject: RES: RES: pdf corruption In-Reply-To: <4C1B0338-A96A-47B1-B169-E1DD5987F431@mailborder.com> References: <174f01d0c93a$1ddf3d40$599db7c0$@gmail.com> <0958DB54-40A4-4F51-AED8-DECF644B9CC1@mailborder.com> <18cd01d0c951$7d565c10$78031430$@gmail.com> <4C1B0338-A96A-47B1-B169-E1DD5987F431@mailborder.com> Message-ID: <018101d0e8a1$4ac81670$e0584350$@gmail.com> I have some news about the issue: I have reinstalled mailscanner from scracht on ubuntu 14 to test. 1. pdf is generated by oracle 2. the issue only accour if the pdf is sent from Microsoft outlook (tested on 2010 and 2013) and processed by mailscanner. 3. if i disable mailscanner and email pass only on postfix: no problem Ie: if sent from webmail or thunderbird no problem Thanks, Wilson -----Mensagem original----- De: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] Em nome de Jerry Benton Enviada em: terça-feira, 28 de julho de 2015 13:29 Para: MailScanner Discussion Assunto: Re: RES: pdf corruption I’ve never heard a report of this issue. What virus scanner are you using? Aside from running the “file” command to check MIME types and extracting a copy of archives for scanning, MailScanner doesn’t change file attachments. (Unless you have zip attachments enabled.) We can test this if you like. Send one of these PDFs to support at linuxref.com. This is a domain in my lab. If it comes through ok, I would make the educated guess that you probably have something somewhere else corrupting them. - Jerry Benton www.mailborder.com > On Jul 28, 2015, at 12:21 PM, Wilson A. Galafassi Jr. [Gmail] wrote: > > Same problem... > > -----Mensagem original----- > De: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] Em > nome de Jerry Benton Enviada em: terça-feira, 28 de julho de 2015 > 12:38 > Para: MailScanner Discussion > Assunto: Re: pdf corruption > > Upgrade to 4.85.2? > > - > Jerry Benton > www.mailborder.com > > > >> On Jul 28, 2015, at 9:34 AM, Wilson A. Galafassi Jr. [Gmail] wrote: >> >> Hi, >> >> I'm currently using 4.84.5 to store all my messages. I have a problem >> with some PDF files been corrupted after mailscanner process the files. >> >> Some ide ato fix this issue or tell mailscanner to don't process pdf files? >> >> Thanks, >> Wilson >> >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner From nagylzs at gmail.com Thu Sep 10 12:50:13 2015 From: nagylzs at gmail.com (Les) Date: Thu, 10 Sep 2015 14:50:13 +0200 Subject: Cannot test spamassassin, what is going on here? Message-ID: Given a test file "test.eml" I can run this test: spamassassin -t test.eml and I get this: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Spam detection software, running on the system "shopzeus.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see The administrator of that system for details. Content preview: We've run into ths bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=148581 [libc] fopen(3) fails with EMFILE if there are more than SHORT_MAX fds open [...] Content analysis details: (-5.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/, high trust [8.8.178.116 listed in list.dnswl.org] However, the very same email went through postfix/Mailscanner and resulted in these headers: X-shopzeus-MailScanner-Information: Please contact the ISP for more information X-shopzeus-MailScanner-ID: 4FFF48895E15.AB608 X-shopzeus-MailScanner: Found to be clean X-shopzeus-MailScanner-SpamCheck: spam, JUNKEMAIL X-shopzeus-MailScanner-From: owner-freebsd-questions at freebsd.org X-Spam-Status: Yes So the "spamassassin -t" command gives -5.0 score identifying as ham, but when the email actually comes in then it is identified as spam. Looks like spamassassin is using different rules/settings when it is ran from the mailscanner daemon. The configuration should be the same ( /usr/local/etc/mail/spamassassin is a symbolic link to /usr/local/etc/MailScanner/spam.assassin.prefs.conf ) I cannot test spamassassin with the same user, because it is postfix which is disabled: # su postfix " spamassassin -t test.eml " This account is currently not available. How to overcome this problem? What is going on here? Mailscanner version: MailScanner-4.84.6 Spamassassin version: 3.4.1 Thanks Laszlo -------------- next part -------------- An HTML attachment was scrubbed... URL: From wilson.galafassi at gmail.com Thu Sep 10 13:19:08 2015 From: wilson.galafassi at gmail.com (Wilson A. Galafassi Jr. [Gmail]) Date: Thu, 10 Sep 2015 10:19:08 -0300 Subject: RES: RES: pdf corruption In-Reply-To: <4C1B0338-A96A-47B1-B169-E1DD5987F431@mailborder.com> References: <174f01d0c93a$1ddf3d40$599db7c0$@gmail.com> <0958DB54-40A4-4F51-AED8-DECF644B9CC1@mailborder.com> <18cd01d0c951$7d565c10$78031430$@gmail.com> <4C1B0338-A96A-47B1-B169-E1DD5987F431@mailborder.com> Message-ID: <08c401d0ebcb$49bbfe90$dd33fbb0$@gmail.com> Hi, I have some new info about this issue: 1. pdf is generated by oracle 2. the issue only accour if the pdf is sent from Microsoft outlook (tested on 2010 and 2013) and processed by mailscanner. 3. if i disable mailscanner and email pass only on postfix: no problem Ie: if sent from webmail or thunderbird no problem Thanks, Wilson -----Mensagem original----- De: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] Em nome de Jerry Benton Enviada em: terça-feira, 28 de julho de 2015 13:29 Para: MailScanner Discussion Assunto: Re: RES: pdf corruption I’ve never heard a report of this issue. What virus scanner are you using? Aside from running the “file” command to check MIME types and extracting a copy of archives for scanning, MailScanner doesn’t change file attachments. (Unless you have zip attachments enabled.) We can test this if you like. Send one of these PDFs to support at linuxref.com. This is a domain in my lab. If it comes through ok, I would make the educated guess that you probably have something somewhere else corrupting them. - Jerry Benton www.mailborder.com > On Jul 28, 2015, at 12:21 PM, Wilson A. Galafassi Jr. [Gmail] wrote: > > Same problem... > > -----Mensagem original----- > De: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] Em > nome de Jerry Benton Enviada em: terça-feira, 28 de julho de 2015 > 12:38 > Para: MailScanner Discussion > Assunto: Re: pdf corruption > > Upgrade to 4.85.2? > > - > Jerry Benton > www.mailborder.com > > > >> On Jul 28, 2015, at 9:34 AM, Wilson A. Galafassi Jr. [Gmail] wrote: >> >> Hi, >> >> I'm currently using 4.84.5 to store all my messages. I have a problem >> with some PDF files been corrupted after mailscanner process the files. >> >> Some ide ato fix this issue or tell mailscanner to don't process pdf files? >> >> Thanks, >> Wilson >> >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner From Amelein at Dantumadiel.eu Thu Sep 10 14:22:49 2015 From: Amelein at Dantumadiel.eu (Arjan Melein) Date: Thu, 10 Sep 2015 16:22:49 +0200 Subject: Betr.: RE: docx trash files In-Reply-To: References: <55E9845C0200008E00033AC2@GroupWise.Dantumadiel.eu> <7F2C56B7-3C90-48BF-8310-E6C120DC4070@mailborder.com> Message-ID: <55F1AE590200008E00033E7B@GroupWise.Dantumadiel.eu> I'm guessing with docx it's triggering on the 'Archives: Filetype Rules' setting (or any of the 'Archives:' ones) I'm assuming it still won't work if I add a regexp to the allow filenames, I really can't risk accidentally allowing any (archived) executable these days with all the cryptocrap. It would be nice if we can somehow get a bit more fine control with allow/deny exceptions. >>> PSI Mailbag 4-9-2015 14:27 >>> > Did you add the docx extension to your filename.rules? If you did and it is still being blocked, it is probably an Office > 2007 docx which looks like an executable MIME type to the Linux *file* command. Adding it to the filename.rules will have no impact, as the conflict is on the filetype.rules which are triggering on the 0000.dat within the docx (as the docx format is really just a glorified zip file). Without allowing all executables, you could edit and recompile your "magic" file (/usr/share/misc/magic on RHEL 6), which controls how the "file" command interprets what type of file you're looking at. If I'm not mistaken, it's one of the first definitions after the comment with ".COM formats (Daniel Quinlan, quinlan at yggdrasil.com)". You'll find it defined twice in the file as well. If you do decide to edit the file, you'll have to compile it to the magic.mgc (in the same directly), which is what actually controls the logic. You should probably make the files immutable as well, or a future update will wipe out your edits. Note that this does remove some filetype detections for other generic COM files as well. Cheers -Joshua -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner From maxsec at gmail.com Thu Sep 10 15:37:23 2015 From: maxsec at gmail.com (Martin Hepworth) Date: Thu, 10 Sep 2015 16:37:23 +0100 Subject: Cannot test spamassassin, what is going on here? In-Reply-To: References: Message-ID: Laszio make sure you're running the same configs by running as the same user that Mailscanners is (the RunAs parameter in mailscanner.conf) and using the same config so it's picking up the mailscanner.cf spamassassin -t test.email -C /directory/where/mailscanner.cf/is -- Martin Hepworth, CISSP Oxford, UK On 10 September 2015 at 13:50, Les wrote: > Given a test file "test.eml" I can run this test: > > spamassassin -t test.eml > > and I get this: > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > Spam detection software, running on the system "shopzeus.com", > has NOT identified this incoming email as spam. The original > message has been attached to this so you can view it or label > similar future email. If you have any questions, see > The administrator of that system for details. > > Content preview: We've run into ths bug: > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=148581 > [libc] fopen(3) fails with EMFILE if there are more than SHORT_MAX fds > open > [...] > > Content analysis details: (-5.0 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/, > high > trust > [8.8.178.116 listed in list.dnswl.org] > > > However, the very same email went through postfix/Mailscanner and resulted > in these headers: > > X-shopzeus-MailScanner-Information: Please contact the ISP for more > information > X-shopzeus-MailScanner-ID: 4FFF48895E15.AB608 > X-shopzeus-MailScanner: Found to be clean > X-shopzeus-MailScanner-SpamCheck: spam, JUNKEMAIL > X-shopzeus-MailScanner-From: owner-freebsd-questions at freebsd.org > X-Spam-Status: Yes > > > So the "spamassassin -t" command gives -5.0 score identifying as ham, but > when the email actually comes in then it is identified as spam. > > Looks like spamassassin is using different rules/settings when it is ran > from the mailscanner daemon. The configuration should be the same ( > /usr/local/etc/mail/spamassassin is a symbolic link to > /usr/local/etc/MailScanner/spam.assassin.prefs.conf ) > > I cannot test spamassassin with the same user, because it is postfix which > is disabled: > > > # su postfix " spamassassin -t test.eml " > This account is currently not available. > > > > How to overcome this problem? What is going on here? > > Mailscanner version: MailScanner-4.84.6 > Spamassassin version: 3.4.1 > > Thanks > > Laszlo > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nagylzs at gmail.com Thu Sep 10 15:55:10 2015 From: nagylzs at gmail.com (Les) Date: Thu, 10 Sep 2015 17:55:10 +0200 Subject: Cannot test spamassassin, what is going on here? In-Reply-To: References: Message-ID: Strange, that gives me: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. (no report template found) There is a symbolic link from mailscanner.cf to /usr/local/etc/MailScanner/spam.assassin.prefs.conf but executing spamassassing -t test.eml -C /usr/local/etc/MailScanner does not test the email. It starts processing the emails in the spool instead. :-( 2015-09-10 17:37 GMT+02:00 Martin Hepworth : > Laszio > > make sure you're running the same configs by running as the same user that > Mailscanners is (the RunAs parameter in mailscanner.conf) and using the > same config so it's picking up the mailscanner.cf > > spamassassin -t test.email -C /directory/where/mailscanner.cf/is > > -- > Martin Hepworth, CISSP > Oxford, UK > > On 10 September 2015 at 13:50, Les wrote: > >> Given a test file "test.eml" I can run this test: >> >> spamassassin -t test.eml >> >> and I get this: >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> Spam detection software, running on the system "shopzeus.com", >> has NOT identified this incoming email as spam. The original >> message has been attached to this so you can view it or label >> similar future email. If you have any questions, see >> The administrator of that system for details. >> >> Content preview: We've run into ths bug: >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=148581 >> [libc] fopen(3) fails with EMFILE if there are more than SHORT_MAX fds >> open >> [...] >> >> Content analysis details: (-5.0 points, 5.0 required) >> >> pts rule name description >> ---- ---------------------- >> -------------------------------------------------- >> -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/, >> high >> trust >> [8.8.178.116 listed in list.dnswl.org] >> >> >> However, the very same email went through postfix/Mailscanner and >> resulted in these headers: >> >> X-shopzeus-MailScanner-Information: Please contact the ISP for more >> information >> X-shopzeus-MailScanner-ID: 4FFF48895E15.AB608 >> X-shopzeus-MailScanner: Found to be clean >> X-shopzeus-MailScanner-SpamCheck: spam, JUNKEMAIL >> X-shopzeus-MailScanner-From: owner-freebsd-questions at freebsd.org >> X-Spam-Status: Yes >> >> >> So the "spamassassin -t" command gives -5.0 score identifying as ham, but >> when the email actually comes in then it is identified as spam. >> >> Looks like spamassassin is using different rules/settings when it is ran >> from the mailscanner daemon. The configuration should be the same ( >> /usr/local/etc/mail/spamassassin is a symbolic link to >> /usr/local/etc/MailScanner/spam.assassin.prefs.conf ) >> >> I cannot test spamassassin with the same user, because it is postfix >> which is disabled: >> >> >> # su postfix " spamassassin -t test.eml " >> This account is currently not available. >> >> >> >> How to overcome this problem? What is going on here? >> >> Mailscanner version: MailScanner-4.84.6 >> Spamassassin version: 3.4.1 >> >> Thanks >> >> Laszlo >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> >> >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nagylzs at gmail.com Thu Sep 10 16:01:03 2015 From: nagylzs at gmail.com (Les) Date: Thu, 10 Sep 2015 18:01:03 +0200 Subject: Cannot test spamassassin, what is going on here? In-Reply-To: References: Message-ID: My wrong. Forgot the -C. # spamassassin -t test.eml -C /usr/local/etc/MailScanner config: no rules were found! Do you need to run 'sa-update'? at /usr/local/bin/spamassassin line 413. I guess it is looking for master.cf, this is why it does not work. Using the config directory /usr/local/etc/mail/spamassassin (where master.cf resides) results in the "no report template found" message, and I cannot see the rules applied. 2015-09-10 17:55 GMT+02:00 Les : > Strange, that gives me: > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > (no report template found) > > > There is a symbolic link from mailscanner.cf to > /usr/local/etc/MailScanner/spam.assassin.prefs.conf > but executing > > spamassassing -t test.eml -C /usr/local/etc/MailScanner > > does not test the email. It starts processing the emails in the spool > instead. :-( > > 2015-09-10 17:37 GMT+02:00 Martin Hepworth : > >> Laszio >> >> make sure you're running the same configs by running as the same user >> that Mailscanners is (the RunAs parameter in mailscanner.conf) and using >> the same config so it's picking up the mailscanner.cf >> >> spamassassin -t test.email -C /directory/where/mailscanner.cf/is >> >> -- >> Martin Hepworth, CISSP >> Oxford, UK >> >> On 10 September 2015 at 13:50, Les wrote: >> >>> Given a test file "test.eml" I can run this test: >>> >>> spamassassin -t test.eml >>> >>> and I get this: >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> Spam detection software, running on the system "shopzeus.com", >>> has NOT identified this incoming email as spam. The original >>> message has been attached to this so you can view it or label >>> similar future email. If you have any questions, see >>> The administrator of that system for details. >>> >>> Content preview: We've run into ths bug: >>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=148581 >>> [libc] fopen(3) fails with EMFILE if there are more than SHORT_MAX >>> fds open >>> [...] >>> >>> Content analysis details: (-5.0 points, 5.0 required) >>> >>> pts rule name description >>> ---- ---------------------- >>> -------------------------------------------------- >>> -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/, >>> high >>> trust >>> [8.8.178.116 listed in list.dnswl.org] >>> >>> >>> However, the very same email went through postfix/Mailscanner and >>> resulted in these headers: >>> >>> X-shopzeus-MailScanner-Information: Please contact the ISP for more >>> information >>> X-shopzeus-MailScanner-ID: 4FFF48895E15.AB608 >>> X-shopzeus-MailScanner: Found to be clean >>> X-shopzeus-MailScanner-SpamCheck: spam, JUNKEMAIL >>> X-shopzeus-MailScanner-From: owner-freebsd-questions at freebsd.org >>> X-Spam-Status: Yes >>> >>> >>> So the "spamassassin -t" command gives -5.0 score identifying as ham, >>> but when the email actually comes in then it is identified as spam. >>> >>> Looks like spamassassin is using different rules/settings when it is ran >>> from the mailscanner daemon. The configuration should be the same ( >>> /usr/local/etc/mail/spamassassin is a symbolic link to >>> /usr/local/etc/MailScanner/spam.assassin.prefs.conf ) >>> >>> I cannot test spamassassin with the same user, because it is postfix >>> which is disabled: >>> >>> >>> # su postfix " spamassassin -t test.eml " >>> This account is currently not available. >>> >>> >>> >>> How to overcome this problem? What is going on here? >>> >>> Mailscanner version: MailScanner-4.84.6 >>> Spamassassin version: 3.4.1 >>> >>> Thanks >>> >>> Laszlo >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/listinfo/mailscanner >>> >>> >>> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nagylzs at gmail.com Thu Sep 10 16:40:34 2015 From: nagylzs at gmail.com (Les) Date: Thu, 10 Sep 2015 18:40:34 +0200 Subject: Cannot test spamassassin, what is going on here? In-Reply-To: References: Message-ID: > make sure you're running the same configs by running as the same user that Mailscanners is (the RunAs parameter in mailscanner.conf) and using the same config so it's picking up the mailscanner.cf Cannot do it with the same user. It is postfix and it cannot run shell commands. -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrew at topdog.za.net Thu Sep 10 21:19:28 2015 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Thu, 10 Sep 2015 23:19:28 +0200 Subject: Cannot test spamassassin, what is going on here? In-Reply-To: References: Message-ID: <6ABB47B3-BB42-4B36-8DFD-98F8F96EE07D@topdog.za.net> On 10 Sep 2015, at 6:40 PM, Les wrote: > Cannot do it with the same user. It is postfix and it cannot run shell commands. You can by overriding. su - postfix -s /bin/bash -c 'spamassassin -t test.eml -C /usr/local/etc/MailScanner' -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: From mailscanner-list at okla.com Fri Sep 11 00:02:12 2015 From: mailscanner-list at okla.com (Tracy Greggs) Date: Thu, 10 Sep 2015 19:02:12 -0500 Subject: MS Gateway for Exchange 2013 - Any LDAP documentation? In-Reply-To: <003401d0d623$3c9ce8e0$b5d6baa0$@okla.com> References: <00f201d0d3aa$89785490$9c68fdb0$@okla.com> <01e801d0d474$faa449b0$efecdd10$@okla.com> <3F7304EF-4494-49B8-B151-2B36D4E44831@mailborder.com> <201508112250.23815.Antony.Stone@mailscanner.open.source.it> <55CBFF3D.1030308@huntley.net> <003401d0d623$3c9ce8e0$b5d6baa0$@okla.com> Message-ID: <018e01d0ec25$20270e80$60752b80$@okla.com> Just an update for everyone involved in this thread: I have managed to get milter-ahead to do the call ahead over port 2525 and then deliver over port 25 to the Exchange 2013 server. If anyone would like any details on how I did it I will be happy to provide them. Best wishes to all, Tracy -----Original Message----- From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Tracy Greggs Sent: Thursday, August 13, 2015 6:53 PM To: 'MailScanner Discussion' Subject: RE: MS Gateway for Exchange 2013 - Any LDAP documentation? Thanks to all for your responses. I am going to see what I can do with the Edge Transport and will let everyone know how that works out. I have several ways to make this work so no worries. Tracy Greggs -----Original Message----- From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Michael Huntley Sent: Wednesday, August 12, 2015 9:22 PM To: mailscanner at lists.mailscanner.info Subject: Re: MS Gateway for Exchange 2013 - Any LDAP documentation? I use getadsmtp.py to get a list of acceptable recipients. I just run it every hour and let the smtp server check the list. https://gist.github.com/liveaverage/4503265 Cheers! Michael Huntley On 8/11/2015 1:50 PM, Antony Stone wrote: > On Tuesday 11 August 2015 at 22:40:51, Jerry Benton wrote: > >> I am sure it can be done with sendmail. I am also sure Exchange 2013 >> has this setting. I have not spun up Exchange 2013 in the lab yet, so >> I can’t give you exact instructions. > I'm absolutely no expert on MS Exchange, but is it possible that > https://technet.microsoft.com/en-us/library/bb123891(v=exchg.150).aspx > at least points you in the right direction? > > Antony. > >>> On Aug 11, 2015, at 4:33 PM, Tracy Greggs wrote: >>> >>> Thanks for the info Jerry. My installation is with Sendmail and not >>> postfix. Your video is great but it is for Exchange 2010. The >>> Exchange >>> 2013 Admin Center does not have the applicable section to reject >>> messages to users that do not exist. >>> >>> Maybe my head is in the wrong place. >>> >>> Does anyone on this list have a Mailscanner/Sendmail gateway in >>> production use with Exchange 2013? If so, how are you doing >>> recipient verification from the MS gateway? >>> >>> It’s not that I am 100% unwilling to go the postfix route, but I >>> have been using Sendmail for 20 years and hate to change now. It >>> has always just worked flawlessly even in the MS gateway >>> configuration with Exchange 2010 and milter-ahead to perform the call ahead. >>> >>> The quick fix for me is to use Exchange 2010 for this installation >>> but I would like to be able to get this working. >>> >>> Again, maybe my head is in my arse! >>> >>> Thanks, >>> Tracy Greggs -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From nagylzs at gmail.com Fri Sep 11 05:16:26 2015 From: nagylzs at gmail.com (Les) Date: Fri, 11 Sep 2015 07:16:26 +0200 Subject: Cannot test spamassassin, what is going on here? In-Reply-To: <6ABB47B3-BB42-4B36-8DFD-98F8F96EE07D@topdog.za.net> References: <6ABB47B3-BB42-4B36-8DFD-98F8F96EE07D@topdog.za.net> Message-ID: root at shopzeus:~ # su - postfix -s /bin/csh -c 'spamassassin -t /root/test.eml -C /usr/local/etc/MailScanner ' This account is currently not available. Anyway, have changed the shell to csh and then: root at shopzeus:~ # chmod 777 /tmp/test.eml root at shopzeus:~ # su postfix -c 'spamassassin -t /tmp/test.eml -C /usr/local/etc/MailScanner ' config: no rules were found! Do you need to run 'sa-update'? at /usr/local/bin/spamassassin line 413. root at shopzeus:~ # sa-update root at shopzeus:~ # su postfix -c 'spamassassin -t /tmp/test.eml -C /usr/local/etc/MailScanner ' config: no rules were found! Do you need to run 'sa-update'? at /usr/local/bin/spamassassin line 413. What's next? 2015-09-10 23:19 GMT+02:00 Andrew Colin Kissa : > > On 10 Sep 2015, at 6:40 PM, Les wrote: > > > Cannot do it with the same user. It is postfix and it cannot run shell > commands. > > You can by overriding. > > su - postfix -s /bin/bash -c 'spamassassin -t test.eml -C > /usr/local/etc/MailScanner' > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrew at topdog.za.net Fri Sep 11 12:11:32 2015 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Fri, 11 Sep 2015 14:11:32 +0200 Subject: Cannot test spamassassin, what is going on here? In-Reply-To: References: <6ABB47B3-BB42-4B36-8DFD-98F8F96EE07D@topdog.za.net> Message-ID: <80491288-6987-4741-AB1B-97227D586B03@topdog.za.net> On 11 Sep 2015, at 7:16 AM, Les wrote: > What's next? Is /usr/local/etc/MailScanner a valid spamassassin configuration directory ? I think what you want is su postfix -c 'spamassassin -p /usr/local/etc/MailScanner/spam.assassin.prefs.conf < /tmp/test.eml ' -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: From nagylzs at gmail.com Fri Sep 11 12:33:28 2015 From: nagylzs at gmail.com (Les) Date: Fri, 11 Sep 2015 14:33:28 +0200 Subject: Cannot test spamassassin, what is going on here? In-Reply-To: <80491288-6987-4741-AB1B-97227D586B03@topdog.za.net> References: <6ABB47B3-BB42-4B36-8DFD-98F8F96EE07D@topdog.za.net> <80491288-6987-4741-AB1B-97227D586B03@topdog.za.net> Message-ID: > > What's next? > > Is /usr/local/etc/MailScanner a valid spamassassin configuration directory > ? > It's not. > > I think what you want is > > su postfix -c 'spamassassin -p > /usr/local/etc/MailScanner/spam.assassin.prefs.conf < /tmp/test.eml ' > Also need the -t option. su postfix -c 'spamassassin -p /usr/local/etc/MailScanner/spam.assassin.prefs.conf -t < /tmp/test.eml ' Result is this: Content analysis details: (-5.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/, high trust [8.8.178.116 listed in list.dnswl.org] 0.0 T_TVD_MIME_EPI BODY: No description available. So it is still identified as ham. But the live server has identified it as spam. :-( -------------- next part -------------- An HTML attachment was scrubbed... URL: From pparsons at techeez.com Mon Sep 14 21:25:31 2015 From: pparsons at techeez.com (Philip Parsons) Date: Mon, 14 Sep 2015 21:25:31 +0000 Subject: SPF check question Message-ID: <11D8E491D9562549A61FD3186F36342002699F1377@exchange.techeez.com> I have changed the amount of score for #SPF Fail Check score SPF_FAIL 1.0 In mailscanner.cf I have restarted MailScanner and have sent from an email address that has NO SPF records on it through the server and I assume it should get a score of one. But it looks like if there is no SPF record then it does not score it at all? If that is the case does anyone know what I can set to start to score domains without SPF records? Thank you. Philip Parsons -------------- next part -------------- An HTML attachment was scrubbed... URL: From richard at fastnet.co.uk Tue Sep 15 08:51:00 2015 From: richard at fastnet.co.uk (Richard Mealing) Date: Tue, 15 Sep 2015 08:51:00 +0000 Subject: SPF check question In-Reply-To: <11D8E491D9562549A61FD3186F36342002699F1377@exchange.techeez.com> References: <11D8E491D9562549A61FD3186F36342002699F1377@exchange.techeez.com> Message-ID: <6EE47AF64C339A4F8F7F50507241B3795F13E088@BTN-EXCHANGE-V1.fastnet.local> Hi Philip, If it helps, I use a sendmail milter for my SPF checks and the following rules in spamassassin - header SPF_CHECK_PASS Received-SPF=~ /\bPass\b/ describe SPF_CHECK_PASS SPF reports sender as permitted score SPF_CHECK_PASS -1.5 header SPF_CHECK_SOFT_FAIL Received-SPF=~ /\bSoftFail\b/ describe SPF_CHECK_SOFT_FAIL SPF reports sender host as NOT permitted score SPF_CHECK_SOFT_FAIL 2.5 header SPF_CHECK_FAIL Received-SPF=~ /\bFail\b/ describe SPF_CHECK_FAIL SPF reports sender host as NOT permitted score SPF_CHECK_FAIL 5.0 header SPF_CHECK_NONE Received-SPF=~ /\bNone\b/ describe SPF_CHECK_NONE SPF None score SPF_CHECK_NONE 0.0 header SPF_CHECK_NEUTRAL Received-SPF=~ /\bNeutral\b/ describe SPF_CHECK_NEUTRAL SPF no action on record score SPF_CHECK_NEUTRAL 0.5 I guess you would need to match the regex with what you have in your maillog. Thanks, Rich From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Philip Parsons Sent: 14 September 2015 22:26 To: MailScanner Discussion Subject: SPF check question I have changed the amount of score for #SPF Fail Check score SPF_FAIL 1.0 In mailscanner.cf I have restarted MailScanner and have sent from an email address that has NO SPF records on it through the server and I assume it should get a score of one. But it looks like if there is no SPF record then it does not score it at all? If that is the case does anyone know what I can set to start to score domains without SPF records? Thank you. Philip Parsons -------------- next part -------------- An HTML attachment was scrubbed... URL: From l at avc.su Tue Sep 15 09:38:11 2015 From: l at avc.su (L) Date: Tue, 15 Sep 2015 12:38:11 +0300 Subject: Check 'MIME From' and SMTP 'MAIL FROM' against SPF Message-ID: <01e701d0ef9a$3e8044a0$bb80cde0$@avc.su> Hello. We've stumbled upon SPF recently: when a foreign domain has valid SPF for himself, it can send emails to our domain with smtp 'mail from: anyaddress at domain.com ', but state 'From: user at ourdomain.com ' in MIME header, and it won't cause SPF checks in SpamAssassin to fail. Is there any way I can check MIME from against SPF? Seems like I'm missing something here. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nagylzs at gmail.com Tue Sep 15 10:34:54 2015 From: nagylzs at gmail.com (Les) Date: Tue, 15 Sep 2015 12:34:54 +0200 Subject: Cannot test spamassassin, what is going on here? In-Reply-To: References: <6ABB47B3-BB42-4B36-8DFD-98F8F96EE07D@topdog.za.net> <80491288-6987-4741-AB1B-97227D586B03@topdog.za.net> Message-ID: I'm a bit closer to the solution now. Here is what I have found in the message headers: X-shopzeus-MailScanner-SpamCheck: spam, JUNKEMAIL And there is a JUNKEMAIL RBL list setting indeed: # grep JUNKE spam.lists.conf JUNKEMAIL hostkarma.junkemailfilter.com. I have realized that most of the false positives came from this RBL. After removing JUNKEMAIL RBL list from the checks, most non-spam mails are not classified as spam. This still does not explain why spamassassin is giving different results when ran from the command line. The strangest thing is that I cannot find any blacklisting of any of the addresses at junkemail. The problem is almost solved, but I'm really curious. What is happening here? 2015-09-11 14:33 GMT+02:00 Les : > > > What's next? >> >> Is /usr/local/etc/MailScanner a valid spamassassin configuration >> directory ? >> > It's not. > >> >> I think what you want is >> >> su postfix -c 'spamassassin -p >> /usr/local/etc/MailScanner/spam.assassin.prefs.conf < /tmp/test.eml ' >> > > Also need the -t option. > > su postfix -c 'spamassassin -p > /usr/local/etc/MailScanner/spam.assassin.prefs.conf -t < /tmp/test.eml ' > > Result is this: > > > Content analysis details: (-5.0 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/, > high > trust > [8.8.178.116 listed in list.dnswl.org] > 0.0 T_TVD_MIME_EPI BODY: No description available. > > So it is still identified as ham. But the live server has identified it as > spam. :-( > -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrew at topdog.za.net Tue Sep 15 10:45:59 2015 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Tue, 15 Sep 2015 12:45:59 +0200 Subject: Cannot test spamassassin, what is going on here? In-Reply-To: References: <6ABB47B3-BB42-4B36-8DFD-98F8F96EE07D@topdog.za.net> <80491288-6987-4741-AB1B-97227D586B03@topdog.za.net> Message-ID: <3EFB3A48-F047-4AC9-BFCB-892698C11136@topdog.za.net> On 15 Sep 2015, at 12:34 PM, Les wrote: > The problem is almost solved, but I'm really curious. What is happening here? In mailscanner, the spam assassin check and RBL check are two different operations, the result of the RBL check is used to increase the spam score externally not from within spam assassin that is why you have the differing scores. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: From mark at msapiro.net Tue Sep 15 14:46:55 2015 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 15 Sep 2015 07:46:55 -0700 Subject: Check 'MIME From' and SMTP 'MAIL FROM' against SPF In-Reply-To: <01e701d0ef9a$3e8044a0$bb80cde0$@avc.su> References: <01e701d0ef9a$3e8044a0$bb80cde0$@avc.su> Message-ID: <55F82F5F.3000004@msapiro.net> On 09/15/2015 02:38 AM, L wrote: > > We’ve stumbled upon SPF recently: when a foreign domain has valid SPF > for himself, it can send emails to our domain with smtp ‘mail from: > anyaddress at domain.com ‘, but state ‘From: > user at ourdomain.com ’ in MIME header, and it > won’t cause SPF checks in SpamAssassin to fail. Is there any way I can > check MIME from against SPF? Seems like I’m missing something here. The short answer is No. SPF is designed to work with the domain of the envelope sender (SMTP MAIL FROM address). It pays no attention to the address in any From: header. You may be interested in DMARC . -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From john at tradoc.fr Tue Sep 15 14:56:58 2015 From: john at tradoc.fr (John Wilcock) Date: Tue, 15 Sep 2015 16:56:58 +0200 Subject: Check 'MIME From' and SMTP 'MAIL FROM' against SPF In-Reply-To: <55F82F5F.3000004@msapiro.net> References: <01e701d0ef9a$3e8044a0$bb80cde0$@avc.su> <55F82F5F.3000004@msapiro.net> Message-ID: <55F831BA.9090005@tradoc.fr> Le 15/09/2015 16:46, Mark Sapiro a écrit : > The short answer is No. SPF is designed to work with the domain of the > envelope sender (SMTP MAIL FROM address). It pays no attention to the > address in any From: header. The slightly longer answer is that this is an essential feature of SPF. For a start, mailing list messages would fail SPF tests if you looked at the "From:" header. Likewise, legitimate opt-in commercial e-mail is often sent out via third parties, and it is not generally considered practical to add the third party servers to a domain's SPF records. While it would no doubt be possible write some code to conduct SPF tests against the From: header, there would be an awful lot of false positives... FWIW. -- John From nagylzs at gmail.com Wed Sep 16 08:14:33 2015 From: nagylzs at gmail.com (Les) Date: Wed, 16 Sep 2015 10:14:33 +0200 Subject: How to disable RBL check when SASL authenticated? Message-ID: Some of my users are sending emails from their mobile phones. They connect to my SMTP server with SSL + dovecot auth. Sometimes they are assigned a dynamic IP address that is listed in an RBL. (IP addresses are assigned by the mobile provider.) When they send the email, it becomes a spam because of the sender IP. Is there a way to disable RBL checks for SASL authenticated users? Maybe it could be given as a rule in spam.whitelist.rules, but I don't know how. Spamassassin is turned on by default. It will also do RBL checks with pyzor, so I may have to create two rules - one for MailScanner and one for spamassassin? Thanks, Laszlo -------------- next part -------------- An HTML attachment was scrubbed... URL: From nagylzs at gmail.com Wed Sep 16 11:15:10 2015 From: nagylzs at gmail.com (Les) Date: Wed, 16 Sep 2015 13:15:10 +0200 Subject: How to disable RBL check when SASL authenticated? In-Reply-To: References: Message-ID: In the MailScanner documentation on page 62, I see this: ______________________ RBLs may be used in any combination of three methods: 1. Blocking at the MTA level: This is an MTA configuration level option. Messages blocked at the MTA level are not accepted for delivery. Blocking at this level reduces the load on you system but you assume the risk of rejecting some amount of real email. 2. MailScanner RBL checking: MailScanner checks to see if the sender or a relay of the message is listed in Spam List = or Spam Domains =. If found, the message is marked as spam. If the message is found in multiple RBL lists, the Spam Lists To Reach High Score = setting is used to determine if the message should be treated as High Scoring Spam. 3. SpamAssassin scoring: SpamAssassin by default checks various RBL and adds to the spam score each time sender or relay of the message is found in an RBL. ______________________ Option (1) is not good because I do not want to block all messages based on RBL. I need something more intelligent - e.g. if it is listed on multiple RBLs then block, otherwise just mark as spam. Option (2) would be good, except that RBL checking should not be done for emails coming through authenticated submission ports. I do not see any way to conditionally turn on/off RBL checking based on headers. Option (3) would be almost as good as Option (2), but I could not find a way to do conditional RBL checks in spamassassin either. Other options: - I can use postfix regexp header_checks to bypass MailScanner for authenticated users, but then it will also disable checks for phissing, executeable file attachments etc. and I do not want to bypass all of that. - I could possibly configure two MailScanners, picking up emails from two different spool directories, and use different configuration files for them. Then I could write a program that conditionally moves emails from the postfix HOLD directory, based on sasl authentication headers. But this solution seems extremely complicated. There should be a way to do it right, right? 2015-09-16 10:14 GMT+02:00 Les : > Some of my users are sending emails from their mobile phones. They connect > to my SMTP server with SSL + dovecot auth. Sometimes they are assigned a > dynamic IP address that is listed in an RBL. (IP addresses are assigned by > the mobile provider.) When they send the email, it becomes a spam because > of the sender IP. > > Is there a way to disable RBL checks for SASL authenticated users? Maybe > it could be given as a rule in spam.whitelist.rules, but I don't know how. > > Spamassassin is turned on by default. It will also do RBL checks with > pyzor, so I may have to create two rules - one for MailScanner and one for > spamassassin? > > > Thanks, > > Laszlo > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sbanderson at impromed.com Thu Sep 17 13:59:03 2015 From: sbanderson at impromed.com (Scott B. Anderson) Date: Thu, 17 Sep 2015 13:59:03 +0000 Subject: quick question Message-ID: <8e8d8132b4354f239bdae896b1f4469d@ES4.impromed.com> When using a ruleset to determine which emails to convert to plain text for both the htmltotext.rules and htmltotext_danger.rules options, is it possible to more granularly determine which emails to convert, rather than just on email address or domain, is it possible to look into the email itself and find, say : Content-Type: text/calendar; charset="utf-8"; method=REQUEST Content-Transfer-Encoding: base64 And tell it not to convert exchange calendar emails, for example ? (ideally the html to text processor would rip out the meeting details and drop that into plain text, but I know that is asking a lot. ) So then I could set up a rule to say something like: regardless of where it came from, if content is "text/calendar*" don't convert. Syntax would be something like: * type="text/calendar" no Scott Anderson IT Administrator ... -- Rely On Us. ImproMed LLC -- From lists at fonant.com Tue Sep 22 10:47:36 2015 From: lists at fonant.com (Anthony Cartmell) Date: Tue, 22 Sep 2015 11:47:36 +0100 Subject: Random CLAMAV error killing MailScanner Message-ID: <560131C8.7070901@fonant.com> Last night I noticed exactly 50 messages failing to be processed. Oddly six of these were duplicate copies of a message sent to me that were processed and delivered without trouble. It was only one of the three recipients (a local server mail account) that didn't get the message delivered: it would seem that the message itself wasn't the problem. The first processing attempt I get this error in the maillog: Sep 22 03:51:31 gus MailScanner[13973]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./t8M2nAIC012697.header/Access denied. ERROR :: /var/spool/MailScanner/incoming/13973 but then MailScanner tries five more attempts, and on the repeated attempts this error is not repeated. The message is then quarantined. Sep 22 03:52:54 gus MailScanner[14389]: Making attempt 2 at processing message t8M2nAIC012697 Sep 22 03:58:30 gus MailScanner[16248]: Making attempt 3 at processing message t8M2nAIC012697 Sep 22 04:03:00 gus MailScanner[18438]: Making attempt 4 at processing message t8M2nAIC012697 Sep 22 04:05:12 gus MailScanner[19789]: Making attempt 5 at processing message t8M2nAIC012697 Sep 22 04:10:50 gus MailScanner[22281]: Making attempt 6 at processing message t8M2nAIC012697 Sep 22 04:10:56 gus MailScanner[22382]: Warning: skipping message t8M2nAIC012697 as it has been attempted too many times Sep 22 04:10:56 gus MailScanner[22382]: Quarantined message t8M2nAIC012697 as it caused MailScanner to crash several times Sep 22 04:10:56 gus MailScanner[22382]: Saved entire message to /var/spool/MailScanner/quarantine/20150922/t8M2nAIC012697 Looks like an odd permission problem, but this is on a server that has been running MailScanner happily for years. CentOS 6.7, MailScanner 4.84.5, no SELinux. Anyone seen this before? Anthony -- www.fonant.com - Quality web sites Tel. 01903 867 810 Fonant Ltd is registered in England and Wales, company No. 7006596 Registered office: Amelia House, Crescent Road, Worthing, West Sussex, BN11 1QR From jerry.benton at mailborder.com Tue Sep 22 10:55:14 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 22 Sep 2015 06:55:14 -0400 Subject: Random CLAMAV error killing MailScanner In-Reply-To: <560131C8.7070901@fonant.com> References: <560131C8.7070901@fonant.com> Message-ID: Yes, it is a permission problem. To avoid this problem I create a group called mtagroup and added MailScanner, the MTA, and Clam user to that group. I then set these in MailScanner.conf: | Run As Group | mtagroup | Run As User | postfix | Incoming Work Permissions | 0660 | Incoming Work User | clamav | Quarantine Group | mtagroup | Quarantine Permissions | 0660 | Quarantine User | postfix To fix you current queue problems: find /var/spool/MailScanner -type d -exec chmod 0775 {} \; find /var/spool/MailScanner -type f -exec chmod 0660 {} \; - Jerry Benton www.mailborder.com > On Sep 22, 2015, at 6:47 AM, Anthony Cartmell wrote: > > Last night I noticed exactly 50 messages failing to be processed. Oddly > six of these were duplicate copies of a message sent to me that were > processed and delivered without trouble. It was only one of the three > recipients (a local server mail account) that didn't get the message > delivered: it would seem that the message itself wasn't the problem. > > The first processing attempt I get this error in the maillog: > > Sep 22 03:51:31 gus MailScanner[13973]: Clamd::ERROR:: UNKNOWN CLAMD > RETURN ./t8M2nAIC012697.header/Access denied. ERROR :: > /var/spool/MailScanner/incoming/13973 > > but then MailScanner tries five more attempts, and on the repeated > attempts this error is not repeated. The message is then quarantined. > > Sep 22 03:52:54 gus MailScanner[14389]: Making attempt 2 at processing > message t8M2nAIC012697 > Sep 22 03:58:30 gus MailScanner[16248]: Making attempt 3 at processing > message t8M2nAIC012697 > Sep 22 04:03:00 gus MailScanner[18438]: Making attempt 4 at processing > message t8M2nAIC012697 > Sep 22 04:05:12 gus MailScanner[19789]: Making attempt 5 at processing > message t8M2nAIC012697 > Sep 22 04:10:50 gus MailScanner[22281]: Making attempt 6 at processing > message t8M2nAIC012697 > Sep 22 04:10:56 gus MailScanner[22382]: Warning: skipping message > t8M2nAIC012697 as it has been attempted too many times > Sep 22 04:10:56 gus MailScanner[22382]: Quarantined message > t8M2nAIC012697 as it caused MailScanner to crash several times > Sep 22 04:10:56 gus MailScanner[22382]: Saved entire message to > /var/spool/MailScanner/quarantine/20150922/t8M2nAIC012697 > > Looks like an odd permission problem, but this is on a server that has > been running MailScanner happily for years. CentOS 6.7, MailScanner > 4.84.5, no SELinux. > > Anyone seen this before? > > Anthony > -- > www.fonant.com - Quality web sites > Tel. 01903 867 810 > Fonant Ltd is registered in England and Wales, company No. 7006596 > Registered office: Amelia House, Crescent Road, Worthing, West Sussex, > BN11 1QR > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From jerry.benton at mailborder.com Tue Sep 22 11:03:54 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 22 Sep 2015 07:03:54 -0400 Subject: Random CLAMAV error killing MailScanner In-Reply-To: <560131C8.7070901@fonant.com> References: <560131C8.7070901@fonant.com> Message-ID: <1434B782-63A4-4E9E-91A9-022FC7A8DA2A@mailborder.com> P.S. You should upgrade: https://www.mailscanner.info/downloads/ - Jerry Benton www.mailborder.com > On Sep 22, 2015, at 6:47 AM, Anthony Cartmell wrote: > > Last night I noticed exactly 50 messages failing to be processed. Oddly > six of these were duplicate copies of a message sent to me that were > processed and delivered without trouble. It was only one of the three > recipients (a local server mail account) that didn't get the message > delivered: it would seem that the message itself wasn't the problem. > > The first processing attempt I get this error in the maillog: > > Sep 22 03:51:31 gus MailScanner[13973]: Clamd::ERROR:: UNKNOWN CLAMD > RETURN ./t8M2nAIC012697.header/Access denied. ERROR :: > /var/spool/MailScanner/incoming/13973 > > but then MailScanner tries five more attempts, and on the repeated > attempts this error is not repeated. The message is then quarantined. > > Sep 22 03:52:54 gus MailScanner[14389]: Making attempt 2 at processing > message t8M2nAIC012697 > Sep 22 03:58:30 gus MailScanner[16248]: Making attempt 3 at processing > message t8M2nAIC012697 > Sep 22 04:03:00 gus MailScanner[18438]: Making attempt 4 at processing > message t8M2nAIC012697 > Sep 22 04:05:12 gus MailScanner[19789]: Making attempt 5 at processing > message t8M2nAIC012697 > Sep 22 04:10:50 gus MailScanner[22281]: Making attempt 6 at processing > message t8M2nAIC012697 > Sep 22 04:10:56 gus MailScanner[22382]: Warning: skipping message > t8M2nAIC012697 as it has been attempted too many times > Sep 22 04:10:56 gus MailScanner[22382]: Quarantined message > t8M2nAIC012697 as it caused MailScanner to crash several times > Sep 22 04:10:56 gus MailScanner[22382]: Saved entire message to > /var/spool/MailScanner/quarantine/20150922/t8M2nAIC012697 > > Looks like an odd permission problem, but this is on a server that has > been running MailScanner happily for years. CentOS 6.7, MailScanner > 4.84.5, no SELinux. > > Anyone seen this before? > > Anthony > -- > www.fonant.com - Quality web sites > Tel. 01903 867 810 > Fonant Ltd is registered in England and Wales, company No. 7006596 > Registered office: Amelia House, Crescent Road, Worthing, West Sussex, > BN11 1QR > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From richard at fastnet.co.uk Tue Sep 22 13:29:50 2015 From: richard at fastnet.co.uk (Richard Mealing) Date: Tue, 22 Sep 2015 13:29:50 +0000 Subject: Random CLAMAV error killing MailScanner In-Reply-To: <560131C8.7070901@fonant.com> References: <560131C8.7070901@fonant.com> Message-ID: <6EE47AF64C339A4F8F7F50507241B3795F142693@BTN-EXCHANGE-V1.fastnet.local> Hi Anthony, I did this about 3 years ago and I've never looked back since - Maximum Processing Attempts = 0 The reason being is that once I started getting those errors in the logs, MailScanner would quarantine everything until it got restarted, so it was a nightmare for me. Then again, I know my permissions are fine, so your problem might be different. Thanks, Rich -----Original Message----- From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Anthony Cartmell Sent: 22 September 2015 11:48 To: MailScanner discussion Subject: Random CLAMAV error killing MailScanner Last night I noticed exactly 50 messages failing to be processed. Oddly six of these were duplicate copies of a message sent to me that were processed and delivered without trouble. It was only one of the three recipients (a local server mail account) that didn't get the message delivered: it would seem that the message itself wasn't the problem. The first processing attempt I get this error in the maillog: Sep 22 03:51:31 gus MailScanner[13973]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./t8M2nAIC012697.header/Access denied. ERROR :: /var/spool/MailScanner/incoming/13973 but then MailScanner tries five more attempts, and on the repeated attempts this error is not repeated. The message is then quarantined. Sep 22 03:52:54 gus MailScanner[14389]: Making attempt 2 at processing message t8M2nAIC012697 Sep 22 03:58:30 gus MailScanner[16248]: Making attempt 3 at processing message t8M2nAIC012697 Sep 22 04:03:00 gus MailScanner[18438]: Making attempt 4 at processing message t8M2nAIC012697 Sep 22 04:05:12 gus MailScanner[19789]: Making attempt 5 at processing message t8M2nAIC012697 Sep 22 04:10:50 gus MailScanner[22281]: Making attempt 6 at processing message t8M2nAIC012697 Sep 22 04:10:56 gus MailScanner[22382]: Warning: skipping message t8M2nAIC012697 as it has been attempted too many times Sep 22 04:10:56 gus MailScanner[22382]: Quarantined message t8M2nAIC012697 as it caused MailScanner to crash several times Sep 22 04:10:56 gus MailScanner[22382]: Saved entire message to /var/spool/MailScanner/quarantine/20150922/t8M2nAIC012697 Looks like an odd permission problem, but this is on a server that has been running MailScanner happily for years. CentOS 6.7, MailScanner 4.84.5, no SELinux. Anyone seen this before? Anthony -- www.fonant.com - Quality web sites Tel. 01903 867 810 Fonant Ltd is registered in England and Wales, company No. 7006596 Registered office: Amelia House, Crescent Road, Worthing, West Sussex, BN11 1QR -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner From gao at pztop.com Tue Sep 22 22:19:36 2015 From: gao at pztop.com (Gao) Date: Tue, 22 Sep 2015 15:19:36 -0700 Subject: spamasassin always score twice, Message-ID: <5601D3F8.2000407@pztop.com> Hi, list, I just setup a mail server with MailScanner and I found that spamasassin always score twice, one is "not cached" and the other is "cached". Is this a normal behavior? here is a sample header: X-mycompany-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-0.098, required 5, autolearn=not spam, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, FREEMAIL_FROM 0.00, HTML_MESSAGE 0.00, SPF_PASS -0.00, URIBL_BLOCKED 0.00), not spam (whitelisted), SpamAssassin (cached, score=-0.098, required 5, autolearn=not spam, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, FREEMAIL_FROM 0.00, HTML_MESSAGE 0.00, SPF_PASS -0.00, URIBL_BLOCKED 0.00) Thanks for help. From alvaro at hostalia.com Wed Sep 23 15:52:47 2015 From: alvaro at hostalia.com (=?ISO-8859-15?Q?Alvaro_Mar=EDn?=) Date: Wed, 23 Sep 2015 17:52:47 +0200 Subject: Scan Messages and CustomFunction Message-ID: <5602CACF.30307@hostalia.com> Hello, I'm writing a CustomFunction to check the "Scan Messages" value in a database: Scan Messages = &ScanMsgs I've done the same with : Spam Checks (for avoid mails being scanned, that is, whitelisting) Is Definitely Spam (for blacklisting) and these 2 functions run fine. The problem with "Scan Messages" is that the function is executed two times for each message: Sep 23 17:15:05 MailScanner[22554]: 4694D2180A7.AC573: ScanMsgs checking. Sep 23 17:15:05 MailScanner[22554]: 4694D2180A7.AC573: ScanMsgs checking. and I see in MySQL logs that the queries are done 2 times. Simplifying the code to: ======== package MailScanner::CustomConfig; sub InitScanMsgs { MailScanner::Log::InfoLog("Starting ScanMsgs..."); } sub ScanMsgs { my($message) = @_; my $msgid=$message->{id}; MailScanner::Log::WarnLog("$msgid: ScanMsgs checking."); return 0; } sub EndScanMsgs { MailScanner::Log::InfoLog("Ending ScanMsgs..."); exit; } 1; ======== the problem still occurs. Any idea? Is strange because, as I've said, white and blacklisting work fine with similar code. Thank you. Regards, -- Alvaro Marín Illera Hostalia Internet www.hostalia.com From wt at dld2000.com Wed Sep 23 19:42:06 2015 From: wt at dld2000.com (Walt Thiessen) Date: Wed, 23 Sep 2015 15:42:06 -0400 Subject: Mailscanner Status = Stopped In-Reply-To: <41EF5653-F15D-4D1F-B64B-6781E87292AC@mailborder.com> References: <55A50C01.7040204@dld2000.com> <41EF5653-F15D-4D1F-B64B-6781E87292AC@mailborder.com> Message-ID: <5603008E.6060407@dld2000.com> MailScanner's status on my server keeps showing stopped whenever I check it via WHM, but the logs in MailWatch show continuous activity. In particular, between 7 AM and nearly 10 AM today, I kept getting email notifications from my server that the MailScanner service was down, even though emails were passing through MailScanner's logs (as shown in MailWatch). After 34 failed attempts to restart during that time, it successfully restarted at just before 10 AM. That wasn't the end of the problem, just a time slice of it. However, I haven't received email notifications since then of the service being down, even though it currently shows that the service is stopped in WHM. The Message Listing log in MailWatch periodically shows entries like this one (I've replaced specific names with generic placeholders in square brackets): 23/09/15 09:00:44 root@ [hostname] root@[hostname] lfd on [hostname]: Excessive resource usage: [account-on-hostname] (1468 (Parent PID:30444)) 1Kb 0.00 W/L Clicking MailScanner Restart in ConfigServer MailScanner FE doesn't help to solve this issue. Can anyone advise me why this might be happening? My server admins have looked at it, and they're stumped so far. Walt From greminn at gmail.com Thu Sep 24 01:51:23 2015 From: greminn at gmail.com (Simon) Date: Thu, 24 Sep 2015 13:51:23 +1200 Subject: SPF_FAIL = 0.00 score Message-ID: Hi All, We just noticed that we have had some mail come in using the domain from a local bank... but a SA report shows that SPF_FAIL = 0.00. Any idea where to begin looking into why a SPF fail would not add to the SPAM score? Many thanks! Note: Latest mailscanner running on Centos 6.7 with postfix. Simon -------------- next part -------------- An HTML attachment was scrubbed... URL: From it at festa.bg Thu Sep 24 07:38:24 2015 From: it at festa.bg (Valentin Laskov) Date: Thu, 24 Sep 2015 10:38:24 +0300 Subject: SPF_FAIL = 0.00 score In-Reply-To: References: Message-ID: <5603A870.1080006@festa.bg> Hi all! Recently I installed MailScanner, SpamAssassin and all other staff manually by CPAN. All packets are installed without errors but Mail::SPF. It can't pass tests and can be installed only by force install. I'm not sure that it is working correctly installing this way. I tried different versions - same result. Errors are DNS errors. There are bugs reported but not resolved: https://rt.cpan.org/Public/Dist/Display.html?Name=Mail-SPF According this https://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_SPF.html I tried the legacy Mail::SPF::Query - same result. Tests are not passed. Regards Valentin Laskov From alvaro at hostalia.com Thu Sep 24 08:42:55 2015 From: alvaro at hostalia.com (=?UTF-8?B?QWx2YXJvIE1hcsOtbg==?=) Date: Thu, 24 Sep 2015 10:42:55 +0200 Subject: Scan Messages and CustomFunction In-Reply-To: <5602CACF.30307@hostalia.com> References: <5602CACF.30307@hostalia.com> Message-ID: <5603B78F.1090402@hostalia.com> Hi again, debugging the code, I've found those 2 calls to "Scan Messages" function: [+] Message.pm, new (constructor, called by Postfix.pm's CreateBatch function): # Decide if we want to scan this message at all $this->{scanmail} = MailScanner::Config::Value('scanmail', $this); if ($this->{scanmail} =~ /[12]/) { $this->{scanmail} = 1; } else { # Make sure it is set to something, and not left as undef. $this->{scanmail} = 0; } if ($this->{scanmail} !~ /1/) { $this->{scanvirusonly} = 1; } else { $this->{scanvirusonly} = 0; } [+] Postfix.pm, in CreateBatch function: if (MailScanner::Config::Value("scanmail", $newmessage) =~ /[12]/ || MailScanner::Config::Value("virusscan", $newmessage) =~ /1/ || MailScanner::Config::Value("dangerscan", $newmessage) =~ /1/) { $newmessage->NeedsScanning(1); So in that Postfix.pm's code, insted of read the value of $newmessage's variable "scanmail", that was created in Message.pm code that I've pasted before, it calls again to MailScanner::Config::Value function that searchs again for that value (if is a ruleset it will look for the rule in the rules file or if it's a function, like in my configuration, it will execute it one more time). Changing that code by: if ($newmessage->{"scanmail"} =~ /[12]/ || $newmessage->{"virusscan"} =~ /1/ || $newmessage->{"dangerscan"} =~ /1/) { $newmessage->NeedsScanning(1); it reads the value from the variable filled by Message.pm, and doesn't call again to the function. Can you confirm if this is correct? Thanks. Regards, El 23/09/15 a las 17:52, Alvaro Marín escribió: > Hello, > > I'm writing a CustomFunction to check the "Scan Messages" value in a > database: > > Scan Messages = &ScanMsgs > > I've done the same with : > > Spam Checks (for avoid mails being scanned, that is, whitelisting) > Is Definitely Spam (for blacklisting) > > and these 2 functions run fine. > > The problem with "Scan Messages" is that the function is executed two > times for each message: > > Sep 23 17:15:05 MailScanner[22554]: 4694D2180A7.AC573: ScanMsgs checking. > Sep 23 17:15:05 MailScanner[22554]: 4694D2180A7.AC573: ScanMsgs checking. > > and I see in MySQL logs that the queries are done 2 times. > Simplifying the code to: > > ======== > package MailScanner::CustomConfig; > sub InitScanMsgs { > MailScanner::Log::InfoLog("Starting ScanMsgs..."); > } > sub ScanMsgs { > my($message) = @_; > my $msgid=$message->{id}; > MailScanner::Log::WarnLog("$msgid: ScanMsgs checking."); > return 0; > } > sub EndScanMsgs { > MailScanner::Log::InfoLog("Ending ScanMsgs..."); > exit; > } > 1; > ======== > > the problem still occurs. > Any idea? Is strange because, as I've said, white and blacklisting work > fine with similar code. > > Thank you. > Regards, > -- Alvaro Marín Illera Hostalia Internet www.hostalia.com From mailscanner at replies.cyways.com Thu Sep 24 10:59:11 2015 From: mailscanner at replies.cyways.com (Peter H. Lemieux) Date: Thu, 24 Sep 2015 06:59:11 -0400 Subject: SPF_FAIL = 0.00 score In-Reply-To: References: Message-ID: <5603D77F.9080704@replies.cyways.com> I'm pretty sure that the SpamAssassin default for SPF_FAIL is zero because of the possibility for false positives. That's the value given in /usr/share/spamassassin/50_scores.cf. I increased the score for both SPF_FAIL and SPF_HELO_FAIL to 2.0 by adding a custom rule to a file in /etc/mail/spamassassin where all my local rules reside. Peter On 9/23/2015 9:51 PM, Simon wrote: > Hi All, > > We just noticed that we have had some mail come in using the domain from > a local bank... but a SA report shows that SPF_FAIL = 0.00. > > Any idea where to begin looking into why a SPF fail would not add to the > SPAM score? > > Many thanks!i > > Note: Latest mailscanner running on Centos 6.7 with postfix. > > Simon > > > > From greminn at gmail.com Fri Sep 25 03:53:22 2015 From: greminn at gmail.com (Simon Buchanan) Date: Fri, 25 Sep 2015 15:53:22 +1200 Subject: SPF_FAIL = 0.00 score In-Reply-To: <5603D77F.9080704@replies.cyways.com> References: <5603D77F.9080704@replies.cyways.com> Message-ID: Many thanks Peter. > On 24/09/2015, at 10:59 PM, Peter H. Lemieux wrote: > > I'm pretty sure that the SpamAssassin default for SPF_FAIL is zero because of the possibility for false positives. That's the value given in /usr/share/spamassassin/50_scores.cf. I increased the score for both SPF_FAIL and SPF_HELO_FAIL to 2.0 by adding a custom rule to a file in /etc/mail/spamassassin where all my local rules reside. > > Peter > > > On 9/23/2015 9:51 PM, Simon wrote: >> Hi All, >> >> We just noticed that we have had some mail come in using the domain from >> a local bank... but a SA report shows that SPF_FAIL = 0.00. >> >> Any idea where to begin looking into why a SPF fail would not add to the >> SPAM score? >> >> Many thanks!i >> >> Note: Latest mailscanner running on Centos 6.7 with postfix. >> >> Simon >> >> >> >> > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From wt at dld2000.com Fri Sep 25 12:45:46 2015 From: wt at dld2000.com (Walt Thiessen) Date: Fri, 25 Sep 2015 08:45:46 -0400 Subject: outgoing scanning? In-Reply-To: <41EF5653-F15D-4D1F-B64B-6781E87292AC@mailborder.com> References: <55A50C01.7040204@dld2000.com> <41EF5653-F15D-4D1F-B64B-6781E87292AC@mailborder.com> Message-ID: <560541FA.60603@dld2000.com> Is there a way to have MailScanner scan outbound emails as well? I particularly want to avoid sending emails to addresses on RBL blacklisted servers. On the page: http://www.configserver.com/techfaq/faqlist.php?catid=5&faqid=91&page=7 I found a reference to a Spam Scanning setting under Advanced Settings, but that setting doesn't seem to exist any more. So I wondered: is there an alternative way to accomplish this? Walt Thiessen From alex at vidadigital.com.pa Fri Sep 25 13:06:13 2015 From: alex at vidadigital.com.pa (Alex Neuman) Date: Fri, 25 Sep 2015 08:06:13 -0500 Subject: outgoing scanning? In-Reply-To: <560541FA.60603@dld2000.com> References: <55A50C01.7040204@dld2000.com> <41EF5653-F15D-4D1F-B64B-6781E87292AC@mailborder.com> <560541FA.60603@dld2000.com> Message-ID: MailScanner doesn't know or care if email is outgoing. It scans everything unless your conf files say otherwise. On Sep 25, 2015 7:45 AM, "Walt Thiessen" wrote: > Is there a way to have MailScanner scan outbound emails as well? I > particularly want to avoid sending emails to addresses on RBL blacklisted > servers. > > On the page: > http://www.configserver.com/techfaq/faqlist.php?catid=5&faqid=91&page=7 > I found a reference to a Spam Scanning setting under Advanced Settings, > but that setting doesn't seem to exist any more. So I wondered: is there an > alternative way to accomplish this? > > Walt Thiessen > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From gao at pztop.com Mon Sep 28 22:51:18 2015 From: gao at pztop.com (Gao) Date: Mon, 28 Sep 2015 15:51:18 -0700 Subject: Forwarded spam email problem Message-ID: <5609C466.2020304@pztop.com> Hello, I upgraded our mail server to a new server. I did fresh installation and configuration on the new server. Now I am having a problem: All the spam scored between 5 to 10 used to forward to an email address on the old server. But on the new server it is send to local postmaster mailer-daemon at szeta.mycompany.com, which in turn end up into my mail inbox. My new system is CentOS7/MailScanner 4.8.5. The old system is CentOS5/MailScanner 4.8.1. Here is the maillog from the new server: Sep 28 13:03:54 szeta MailScanner[4853]: Spam Actions: message C12B74022E75A.A3B93 actions are forward,spamholder at mycompany.com Sep 28 13:03:54 szeta MailScanner[4853]: Requeue: C12B74022E75A.A3B93 to 2D8044022E767 Sep 28 13:03:54 szeta postfix/qmgr[4831]: 2D8044022E767: from=<>, size=1039, nrcpt=1 (queue active) Sep 28 13:03:54 szeta MailScanner[4853]: Uninfected: Delivered 1 messages Sep 28 13:03:54 szeta postfix/pickup[6681]: 9519C4022E75A: uid=5001 from= Sep 28 13:03:54 szeta postfix/pipe[7329]: 2D8044022E767: to=, relay=autoresponder, delay=3.1, delays=3.1/0/0/0.05, dsn=2.0.0, status=sent (delivered via autoresponder service) Sep 28 13:03:54 szeta postfix/qmgr[4831]: 2D8044022E767: removed *Sep 28 13:03:54 szeta postfix/cleanup[7315]: 9519C4022E75A: hold: header Received: by szeta.mycompany.com (Postfix, from userid 5001)??id 9519C4022E75A; Mon, 28 Sep 2015 13:03:54 -0700 (PDT) from local; from=<> to=* Sep 28 13:03:54 szeta postfix/cleanup[7315]: 9519C4022E75A: message-id=<20150928200354.9519C4022E75A at szeta.mycompany.com> Sep 28 13:03:54 szeta MailScanner[4853]: Deleted 1 messages from processing-database Sep 28 13:03:54 szeta MailScanner[4853]: New Batch: Scanning 1 messages, 2171 bytes Sep 28 13:03:54 szeta MailScanner[4853]: Requeue: 9519C4022E75A.AF06D to BCE564022E767 Sep 28 13:03:54 szeta MailScanner[4853]: Unscanned: Delivered 1 messages Sep 28 13:03:54 szeta postfix/qmgr[4831]: BCE564022E767: from=<>, size=1925, nrcpt=1 (queue active) Sep 28 13:03:54 szeta MailScanner[4853]: Spam Checks: Starting Sep 28 13:03:54 szeta postfix/cleanup[7315]: ACCC94022E75A: message-id=<20150928200354.9519C4022E75A at szeta.mycompany.com> Sep 28 13:03:54 szeta postfix/local[7374]: BCE564022E767: to=, relay=local, delay=0.17, delays=0.13/0/0/0.04, dsn=2.0.0, status=sent (forwarded as ACCC94022E75A) Sep 28 13:03:54 szeta postfix/qmgr[4831]: ACCC94022E75A: from=<>, size=2082, nrcpt=1 (queue active) Sep 28 13:03:54 szeta postfix/qmgr[4831]: BCE564022E767: removed Sep 28 13:03:54 szeta postfix/virtual[7339]: ACCC94022E75A: to=, relay=virtual, delay=0.09, delays=0.04/0/0/0.05, dsn=2.0.0, status=sent (delivered to maildir) Sep 28 13:03:54 szeta postfix/qmgr[4831]: ACCC94022E75A: removed Sep 28 13:03:54 szeta MailScanner[4853]: Deleted 1 messages from processing-database I looked the maillog from the old system and it looks like this: Sep 26 04:26:02 zeta MailScanner[2970]: Spam Actions: message 0774980C8.A80AC actions are spamholder at mycompany.com,forward Sep 26 04:26:02 zeta MailScanner[2970]: Requeue: 0774980C8.A80AC to 3CD1780D3 Sep 26 04:26:02 zeta MailScanner[2970]: Uninfected: Delivered 1 messages Sep 26 04:26:02 zeta postfix/qmgr[2966]: 3CD1780D3: from=<>, size=1409, nrcpt=1 (queue active) Sep 26 04:26:02 zeta MailScanner[2970]: Deleted 1 messages from processing-database Sep 26 04:26:02 zeta postfix/pickup[2965]: C9F6C8127: uid=5001 from= Sep 26 04:26:02 zeta postfix/cleanup[3350]: C9F6C8127: hold: header Received: by zeta.mycompany.com (Postfix, from userid 5001)??id C9F6$ Sep 26 04:26:02 zeta postfix/pipe[3358]: 3CD1780D3: to=, relay=autoresponder, delay=8.2, delays=8.2/0.01/0/0.02, d$ Sep 26 04:26:02 zeta postfix/qmgr[2966]: 3CD1780D3: removed Sep 26 04:26:02 zeta postfix/cleanup[3350]: C9F6C8127: message-id=<20150926112555.0774980C8 at zeta.mycompany.com> Sep 26 04:26:06 zeta MailScanner[2973]: New Batch: Scanning 1 messages, 1718 bytes Sep 26 04:26:06 zeta MailScanner[2973]: Virus and Content Scanning: Starting Sep 26 04:26:07 zeta MailScanner[2973]: Spam Checks: Starting Sep 26 04:26:08 zeta MailScanner[2973]: Message C9F6C8127.A12D0 from 127.0.0.1 () to mycompany.com is spam, SpamAssassin (not cached, sc$ Sep 26 04:26:08 zeta MailScanner[2973]: Spam Checks: Found 1 spam messages Sep 26 04:26:08 zeta MailScanner[2973]: Spam Actions: message C9F6C8127.A12D0 actions are spamholder at mycompany.com,forward Sep 26 04:26:08 zeta MailScanner[2973]: Requeue: C9F6C8127.A12D0 to 0689F80C8 Sep 26 04:26:08 zeta postfix/qmgr[2966]: 0689F80C8: from=<>, size=1745, nrcpt=1 (queue active) Sep 26 04:26:08 zeta MailScanner[2973]: Uninfected: Delivered 1 messages Sep 26 04:26:08 zeta MailScanner[2973]: Deleted 1 messages from processing-database Sep 26 04:26:08 zeta postfix/virtual[3373]: 0689F80C8: to=, relay=virtual, delay=5.9, delays=5.9/0.01/0/0.01, dsn=$ Sep 26 04:26:08 zeta postfix/qmgr[2966]: 0689F80C8: removed I couldn't figure out what happend here on my new server. Could someone give me a help to troubleshoot this issue please? Here is my master.cf [root at szeta postfix]# cat master.cf | egrep -v "^\#" smtp inet n - n - - smtpd -o content_filter=autoresponder:dummy -o smtpd_tls_security_level=none -o smtpd_sasl_auth_enable=no submission inet n - n - - smtpd -o content_filter=autoresponder:dummy -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache autoresponder unix - n n - - pipe flags=Fq user=autoresponse argv=/usr/local/sbin/autoresponse -s ${sender} -r ${original_recipient} -S ${sasl_username} -C ${client_address} policy unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/local/sbin/postfix-policyd-spf-perl Here I use an autoresponder which is a bash script. see http://nefaria.com/autoresponse/ Thanks a lot! Gao -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Tue Sep 29 01:50:19 2015 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 28 Sep 2015 18:50:19 -0700 Subject: Forwarded spam email problem In-Reply-To: <5609C466.2020304@pztop.com> References: <5609C466.2020304@pztop.com> Message-ID: <5609EE5B.6010905@msapiro.net> On 09/28/2015 03:51 PM, Gao wrote: > > I upgraded our mail server to a new server. I did fresh installation and > configuration on the new server. Now I am having a problem: All the spam > scored between 5 to 10 used to forward to an email address on the old > server. But on the new server it is send to local postmaster > mailer-daemon at szeta.mycompany.com, which in turn end up into my mail inbox. This is controlled by the configuration 'Spam Action'. See -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mat.krawczyk at gmail.com Wed Sep 30 09:14:54 2015 From: mat.krawczyk at gmail.com (Mateusz Krawczyk) Date: Wed, 30 Sep 2015 11:14:54 +0200 Subject: Reject mail only if it's not a spam Message-ID: Hello, I'm trying to write a custom perl function for "Reject Mail" config parameter. I would like to bounce / reject mails only if there are definitely not spam. Is it possible to check SA score at this level ? Like using: $message->{sascore}; $message->{is spam}; Thanks in advance for any suggestions. Regards, Mateusz Krawczyk From mat.krawczyk at gmail.com Wed Sep 30 10:12:04 2015 From: mat.krawczyk at gmail.com (Mateusz Krawczyk) Date: Wed, 30 Sep 2015 12:12:04 +0200 Subject: Reject message only if it's not a spam Message-ID: Hello, I'm trying to write a custom perl function for "Reject Message" config parameter. I would like to bounce / reject mails only if there are definitely not spam. Is it possible to check SA score at this level ? Like using: $message->{sascore}; $message->{isspam}; Thanks in advance for any suggestions. Regards, Mateusz Krawczyk From Antony.Stone at mailscanner.open.source.it Wed Sep 30 10:19:23 2015 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Wed, 30 Sep 2015 12:19:23 +0200 Subject: Reject message only if it's not a spam In-Reply-To: References: Message-ID: <201509301219.23741.Antony.Stone@mailscanner.open.source.it> On Wednesday 30 September 2015 at 12:12:04, Mateusz Krawczyk wrote: > Hello, Yes, we saw your message the first time. No need to send a duplicate. > I'm trying to write a custom perl function for "Reject Message" config > parameter. I would like to bounce / reject mails only if there are > definitely not spam. Okay, so you want to bounce, or reject, only non-spam... What are you doing with spam? Hopefully rejecting or discarding. So, ignoring the bounce option for the time being, why do you need to know whether an email is spam or not in order to reject or discard it? Just do it. (I'm assuming that by "reject" you mean "discard once your mail server has accepted it" and not "reject during SMTP dialogue", since this is all MailScanner can do - you would need other tools to reject at the SMTP stage.) And, returning to the bounce option, why would you ever want to do this? The only reason which occurs to me at present is for no-longer valid email addresses - in which case you should be rejecting at the SMTP stage, at which point valid senders will be told "your message could not be delivered". Regards, Antony. -- If the human brain were so simple that we could understand it, we'd be so simple that we couldn't. Please reply to the list; please *don't* CC me. From mat.krawczyk at gmail.com Wed Sep 30 10:47:41 2015 From: mat.krawczyk at gmail.com (Mateusz Krawczyk) Date: Wed, 30 Sep 2015 12:47:41 +0200 Subject: Reject message only if it's not a spam In-Reply-To: <201509301219.23741.Antony.Stone@mailscanner.open.source.it> References: <201509301219.23741.Antony.Stone@mailscanner.open.source.it> Message-ID: Antony, Thank you for your prompt answer. I would like to inform sender that sending message to some combination of recipients is not possible. Until now we were using custom milter scripts in postfix and I would like to migrate it in to the MailScanner environment. I don't want to send reject messages to fake/spam recipients.I think that at the level of "reject message" it should be possible to send reject answer message only to messages which are believed not to be a spam. Regards, Mateusz Krawczyk 2015-09-30 12:19 GMT+02:00 Antony Stone : > On Wednesday 30 September 2015 at 12:12:04, Mateusz Krawczyk wrote: > >> Hello, > > Yes, we saw your message the first time. No need to send a duplicate. > >> I'm trying to write a custom perl function for "Reject Message" config >> parameter. I would like to bounce / reject mails only if there are >> definitely not spam. > > Okay, so you want to bounce, or reject, only non-spam... > > What are you doing with spam? Hopefully rejecting or discarding. > > So, ignoring the bounce option for the time being, why do you need to know > whether an email is spam or not in order to reject or discard it? Just do it. > > (I'm assuming that by "reject" you mean "discard once your mail server has > accepted it" and not "reject during SMTP dialogue", since this is all > MailScanner can do - you would need other tools to reject at the SMTP stage.) > > And, returning to the bounce option, why would you ever want to do this? The > only reason which occurs to me at present is for no-longer valid email > addresses - in which case you should be rejecting at the SMTP stage, at which > point valid senders will be told "your message could not be delivered". > > > Regards, > > > Antony. > > -- > If the human brain were so simple that we could understand it, > we'd be so simple that we couldn't. > > Please reply to the list; > please *don't* CC me. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From Antony.Stone at mailscanner.open.source.it Wed Sep 30 11:09:20 2015 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Wed, 30 Sep 2015 13:09:20 +0200 Subject: Reject message only if it's not a spam In-Reply-To: References: <201509301219.23741.Antony.Stone@mailscanner.open.source.it> Message-ID: <201509301309.20704.Antony.Stone@mailscanner.open.source.it> On Wednesday 30 September 2015 at 12:47:41, Mateusz Krawczyk wrote: > Antony, > > Thank you for your prompt answer. > > I would like to inform sender that sending message to some combination > of recipients is not possible. Okay - sounds a bit strange to me, but anyway... > Until now we were using custom milter scripts in postfix and I would like to > migrate it in to the MailScanner environment. Sounds fair enough. > I don't want to send reject messages to fake/spam recipients.I think > that at the level of "reject message" it should be possible to send > reject answer message only to messages which are believed not to be a > spam. Agreed - you don't want to send backscatter to faked senders. I assume you're already using DKIM / SPF etc as far as possible, to verify the senders? However, are you really seeing spam being sent to the "combinations of recipients which are not possible"? I would have expected the spam you receive to be addressed to either: - single recipients, in which case the combination effect does not apply and there's no bounce / notify to be sent - (very) large numbers of recipients within your domain/s, which I suspect would not match your "impossible combinations" (or is this a miscalculation on my part?) - large numbers of recipients at both your and other domains (which of course you can only see from the From: header, not from the SMTP envelope), which are also not going to match your "impossible combinations" (or does this checking process include external domains in some way?) Basically what I'm saying is that I can't see a use case where you get spam which should trip your bounce criteria, therefore sending the notification in cases where the combination of recipients is invalid should always be safe? Maybe if we understood a bit more about the criteria you use for deciding to send a bounce / notify, that might help. Regards, Antony. -- "In fact I wanted to be John Cleese and it took me some time to realise that the job was already taken." - Douglas Adams Please reply to the list; please *don't* CC me. From it at festa.bg Wed Sep 30 11:23:08 2015 From: it at festa.bg (Valentin Laskov) Date: Wed, 30 Sep 2015 14:23:08 +0300 Subject: Reject message only if it's not a spam In-Reply-To: <201509301309.20704.Antony.Stone@mailscanner.open.source.it> References: <201509301219.23741.Antony.Stone@mailscanner.open.source.it> <201509301309.20704.Antony.Stone@mailscanner.open.source.it> Message-ID: <560BC61C.70702@festa.bg> Hi Mateusz Your start point may be Non Spam Actions = %rules-dir%/Non.Spam.Actions.rules in MailScanner.conf and arrange some rules in Non.Spam.Actions.rules or if Non Spam Actions = custom # custom(parameter) - Call the CustomAction function in /usr/lib/Mail- # Scanner/MailScanner/CustomFunctions/CustomAction # .pm with the 'parameter' passed in. This can be # used to implement any custom action you require. # Regards! Valentin Laskov From pparsons at techeez.com Wed Sep 30 18:13:33 2015 From: pparsons at techeez.com (Philip Parsons) Date: Wed, 30 Sep 2015 18:13:33 +0000 Subject: Does any one know why Message-ID: <11D8E491D9562549A61FD3186F3634200269A442A7@exchange.techeez.com> /var/spool/MailScanner/incoming/SpamAssassin-Temp Is full will tmp files ? Is there a script that can keep it clean.. Thank you. Philip Parsons -------------- next part -------------- An HTML attachment was scrubbed... URL: From mat.krawczyk at gmail.com Wed Sep 30 18:19:53 2015 From: mat.krawczyk at gmail.com (Mateusz Krawczyk) Date: Wed, 30 Sep 2015 20:19:53 +0200 Subject: Reject message only if it's not a spam In-Reply-To: <560BC61C.70702@festa.bg> References: <201509301219.23741.Antony.Stone@mailscanner.open.source.it> <201509301309.20704.Antony.Stone@mailscanner.open.source.it> <560BC61C.70702@festa.bg> Message-ID: OK - thanks. The "Non Spam Actions = custom" looks really interesting. One problem only. I have no idea how to send a reject mail in my custom sub. Is it possible to do it in some MailScanner way or just using Perl functions ? Regards, Mateusz Krawczyk 2015-09-30 13:23 GMT+02:00 Valentin Laskov : > Hi Mateusz > > Your start point may be > > Non Spam Actions = %rules-dir%/Non.Spam.Actions.rules > > in MailScanner.conf > > and arrange some rules in Non.Spam.Actions.rules > > or if > Non Spam Actions = custom > > # custom(parameter) - Call the CustomAction function in > /usr/lib/Mail- > # Scanner/MailScanner/CustomFunctions/CustomAction > # .pm with the 'parameter' passed in. This can > be > # used to implement any custom action you > require. > # > > > Regards! > Valentin Laskov > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From Antony.Stone at mailscanner.open.source.it Wed Sep 30 18:24:01 2015 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Wed, 30 Sep 2015 20:24:01 +0200 Subject: Reject message only if it's not a spam In-Reply-To: References: <560BC61C.70702@festa.bg> Message-ID: <201509302024.01715.Antony.Stone@mailscanner.open.source.it> On Wednesday 30 September 2015 at 20:19:53, Mateusz Krawczyk wrote: > OK - thanks. The "Non Spam Actions = custom" looks really interesting. > > One problem only. I have no idea how to send a reject mail in my > custom sub. Is it possible to do it in some MailScanner way or just > using Perl functions ? You write your Perl function to return one of the specific actions listed at https://www.mailscanner.info/MailScanner.conf.index.html#Non Spam Actions That's how MailScanner then knows what to do with the email - the action is specified y your script, instead of by a configuration file. Antony. -- "The future is already here. It's just not evenly distributed yet." - William Gibson Please reply to the list; please *don't* CC me. From mark at msapiro.net Wed Sep 30 18:26:31 2015 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 30 Sep 2015 11:26:31 -0700 Subject: Does any one know why In-Reply-To: <11D8E491D9562549A61FD3186F3634200269A442A7@exchange.techeez.com> References: <11D8E491D9562549A61FD3186F3634200269A442A7@exchange.techeez.com> Message-ID: <560C2957.1090400@msapiro.net> On 09/30/2015 11:13 AM, Philip Parsons wrote: > /var/spool/MailScanner/incoming/SpamAssassin-Temp > > Is full will tmp files ? > > Is there a script that can keep it clean.. How about find /var/spool/MailScanner/incoming/SpamAssassin-Temp/ \ -type f -mmin +60 -exec rm '{}' \; Or if you want to be more conservative, -mtime +1 instead of -mmin +60 -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From pparsons at techeez.com Wed Sep 30 18:43:41 2015 From: pparsons at techeez.com (Philip Parsons) Date: Wed, 30 Sep 2015 18:43:41 +0000 Subject: Does any one know why In-Reply-To: <560C2957.1090400@msapiro.net> References: <11D8E491D9562549A61FD3186F3634200269A442A7@exchange.techeez.com> <560C2957.1090400@msapiro.net> Message-ID: <11D8E491D9562549A61FD3186F3634200269A44594@exchange.techeez.com> Great that cleans it but do you know why it is getting full. -----Original Message----- From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mark Sapiro Sent: September-30-15 11:27 AM To: mailscanner at lists.mailscanner.info Subject: Re: Does any one know why On 09/30/2015 11:13 AM, Philip Parsons wrote: > /var/spool/MailScanner/incoming/SpamAssassin-Temp > > Is full will tmp files ? > > Is there a script that can keep it clean.. How about find /var/spool/MailScanner/incoming/SpamAssassin-Temp/ \ -type f -mmin +60 -exec rm '{}' \; Or if you want to be more conservative, -mtime +1 instead of -mmin +60 -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Wed Sep 30 19:01:43 2015 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 30 Sep 2015 12:01:43 -0700 Subject: Does any one know why In-Reply-To: <11D8E491D9562549A61FD3186F3634200269A44594@exchange.techeez.com> References: <11D8E491D9562549A61FD3186F3634200269A442A7@exchange.techeez.com> <560C2957.1090400@msapiro.net> <11D8E491D9562549A61FD3186F3634200269A44594@exchange.techeez.com> Message-ID: <560C3197.1040601@msapiro.net> On 09/30/2015 11:43 AM, Philip Parsons wrote: > Great that cleans it but do you know why it is getting full. There used to be a lot of these temp files left behind due to bugs in MailScanner/bitdefender-wrapper MailScanner/clamav-wrapper MailScanner/kaspersky-wrapper MailScanner/trend-autoupdate MailScanner/MailScanner/CustomFunctions/Ruleset-from-Function.pm that would sometimes fail to remove temp files they created. I think these were all fixed as of sometime in the 4.84.x series. If you are not running the current 4.85.2-3 version, I suggest upgrading. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From jerry.benton at mailborder.com Wed Sep 30 19:52:28 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Wed, 30 Sep 2015 15:52:28 -0400 Subject: Scan Messages and CustomFunction In-Reply-To: <5603B78F.1090402@hostalia.com> References: <5602CACF.30307@hostalia.com> <5603B78F.1090402@hostalia.com> Message-ID: anyone have any feedback on this? I haven't had time to take a look at it, - Jerry Benton www.mailborder.com Sent from my iPhone > On Sep 24, 2015, at 04:42, Alvaro Marín wrote: > > Hi again, > > debugging the code, I've found those 2 calls to "Scan Messages" function: > > [+] Message.pm, new (constructor, called by Postfix.pm's CreateBatch > function): > > # Decide if we want to scan this message at all > $this->{scanmail} = MailScanner::Config::Value('scanmail', $this); > if ($this->{scanmail} =~ /[12]/) { > $this->{scanmail} = 1; > } else { > # Make sure it is set to something, and not left as undef. > $this->{scanmail} = 0; > } > if ($this->{scanmail} !~ /1/) { > $this->{scanvirusonly} = 1; > } else { > $this->{scanvirusonly} = 0; > } > > [+] Postfix.pm, in CreateBatch function: > > if (MailScanner::Config::Value("scanmail", $newmessage) =~ /[12]/ || > MailScanner::Config::Value("virusscan", $newmessage) =~ /1/ || > MailScanner::Config::Value("dangerscan", $newmessage) =~ /1/) { > $newmessage->NeedsScanning(1); > > > So in that Postfix.pm's code, insted of read the value of $newmessage's > variable "scanmail", that was created in Message.pm code that I've > pasted before, it calls again to MailScanner::Config::Value function > that searchs again for that value (if is a ruleset it will look for the > rule in the rules file or if it's a function, like in my configuration, > it will execute it one more time). > Changing that code by: > > if ($newmessage->{"scanmail"} =~ /[12]/ || > $newmessage->{"virusscan"} =~ /1/ || > $newmessage->{"dangerscan"} =~ /1/) { > $newmessage->NeedsScanning(1); > > it reads the value from the variable filled by Message.pm, and doesn't > call again to the function. > > Can you confirm if this is correct? > Thanks. > > Regards, > >> El 23/09/15 a las 17:52, Alvaro Marín escribió: >> Hello, >> >> I'm writing a CustomFunction to check the "Scan Messages" value in a >> database: >> >> Scan Messages = &ScanMsgs >> >> I've done the same with : >> >> Spam Checks (for avoid mails being scanned, that is, whitelisting) >> Is Definitely Spam (for blacklisting) >> >> and these 2 functions run fine. >> >> The problem with "Scan Messages" is that the function is executed two >> times for each message: >> >> Sep 23 17:15:05 MailScanner[22554]: 4694D2180A7.AC573: ScanMsgs checking. >> Sep 23 17:15:05 MailScanner[22554]: 4694D2180A7.AC573: ScanMsgs checking. >> >> and I see in MySQL logs that the queries are done 2 times. >> Simplifying the code to: >> >> ======== >> package MailScanner::CustomConfig; >> sub InitScanMsgs { >> MailScanner::Log::InfoLog("Starting ScanMsgs..."); >> } >> sub ScanMsgs { >> my($message) = @_; >> my $msgid=$message->{id}; >> MailScanner::Log::WarnLog("$msgid: ScanMsgs checking."); >> return 0; >> } >> sub EndScanMsgs { >> MailScanner::Log::InfoLog("Ending ScanMsgs..."); >> exit; >> } >> 1; >> ======== >> >> the problem still occurs. >> Any idea? Is strange because, as I've said, white and blacklisting work >> fine with similar code. >> >> Thank you. >> Regards, > > > -- > Alvaro Marín Illera > Hostalia Internet > www.hostalia.com > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From pparsons at techeez.com Wed Sep 30 20:40:04 2015 From: pparsons at techeez.com (Philip Parsons) Date: Wed, 30 Sep 2015 20:40:04 +0000 Subject: Does any one know why In-Reply-To: <560C3197.1040601@msapiro.net> References: <11D8E491D9562549A61FD3186F3634200269A442A7@exchange.techeez.com> <560C2957.1090400@msapiro.net> <11D8E491D9562549A61FD3186F3634200269A44594@exchange.techeez.com> <560C3197.1040601@msapiro.net> Message-ID: <11D8E491D9562549A61FD3186F3634200269A44A66@exchange.techeez.com> I am running 4.84.6 will look into upgrading -----Original Message----- From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mark Sapiro Sent: September-30-15 12:02 PM To: mailscanner at lists.mailscanner.info Subject: Re: Does any one know why On 09/30/2015 11:43 AM, Philip Parsons wrote: > Great that cleans it but do you know why it is getting full. There used to be a lot of these temp files left behind due to bugs in MailScanner/bitdefender-wrapper MailScanner/clamav-wrapper MailScanner/kaspersky-wrapper MailScanner/trend-autoupdate MailScanner/MailScanner/CustomFunctions/Ruleset-from-Function.pm that would sometimes fail to remove temp files they created. I think these were all fixed as of sometime in the 4.84.x series. If you are not running the current 4.85.2-3 version, I suggest upgrading. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jerry.benton at mailborder.com Wed Sep 30 21:21:51 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Wed, 30 Sep 2015 17:21:51 -0400 Subject: Does any one know why In-Reply-To: <11D8E491D9562549A61FD3186F3634200269A44A66@exchange.techeez.com> References: <11D8E491D9562549A61FD3186F3634200269A442A7@exchange.techeez.com> <560C2957.1090400@msapiro.net> <11D8E491D9562549A61FD3186F3634200269A44594@exchange.techeez.com> <560C3197.1040601@msapiro.net> <11D8E491D9562549A61FD3186F3634200269A44A66@exchange.techeez.com> Message-ID: <1DB72AED-057C-4485-8D84-EFC795664302@mailborder.com> The new upgrade is pretty painless. - Jerry Benton www.mailborder.com Sent from my iPhone > On Sep 30, 2015, at 16:40, Philip Parsons wrote: > > I am running 4.84.6 will look into upgrading > > -----Original Message----- > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mark Sapiro > Sent: September-30-15 12:02 PM > To: mailscanner at lists.mailscanner.info > Subject: Re: Does any one know why > >> On 09/30/2015 11:43 AM, Philip Parsons wrote: >> Great that cleans it but do you know why it is getting full. > > > There used to be a lot of these temp files left behind due to bugs in > > MailScanner/bitdefender-wrapper > MailScanner/clamav-wrapper > MailScanner/kaspersky-wrapper > MailScanner/trend-autoupdate > MailScanner/MailScanner/CustomFunctions/Ruleset-from-Function.pm > > that would sometimes fail to remove temp files they created. > > I think these were all fixed as of sometime in the 4.84.x series. If you > are not running the current 4.85.2-3 version, I suggest upgrading. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From pparsons at techeez.com Wed Sep 30 21:56:07 2015 From: pparsons at techeez.com (Philip Parsons) Date: Wed, 30 Sep 2015 21:56:07 +0000 Subject: Does any one know why In-Reply-To: <1DB72AED-057C-4485-8D84-EFC795664302@mailborder.com> References: <11D8E491D9562549A61FD3186F3634200269A442A7@exchange.techeez.com> <560C2957.1090400@msapiro.net> <11D8E491D9562549A61FD3186F3634200269A44594@exchange.techeez.com> <560C3197.1040601@msapiro.net> <11D8E491D9562549A61FD3186F3634200269A44A66@exchange.techeez.com> <1DB72AED-057C-4485-8D84-EFC795664302@mailborder.com> Message-ID: <11D8E491D9562549A61FD3186F3634200269A44D6E@exchange.techeez.com> So one more question once I update to the new version will it automatically clean that folder or do I need to do that first.. -----Original Message----- From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: September-30-15 2:22 PM To: MailScanner Discussion Subject: Re: Does any one know why The new upgrade is pretty painless. - Jerry Benton www.mailborder.com Sent from my iPhone > On Sep 30, 2015, at 16:40, Philip Parsons wrote: > > I am running 4.84.6 will look into upgrading > > -----Original Message----- > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mark Sapiro > Sent: September-30-15 12:02 PM > To: mailscanner at lists.mailscanner.info > Subject: Re: Does any one know why > >> On 09/30/2015 11:43 AM, Philip Parsons wrote: >> Great that cleans it but do you know why it is getting full. > > > There used to be a lot of these temp files left behind due to bugs in > > MailScanner/bitdefender-wrapper > MailScanner/clamav-wrapper > MailScanner/kaspersky-wrapper > MailScanner/trend-autoupdate > MailScanner/MailScanner/CustomFunctions/Ruleset-from-Function.pm > > that would sometimes fail to remove temp files they created. > > I think these were all fixed as of sometime in the 4.84.x series. If you > are not running the current 4.85.2-3 version, I suggest upgrading. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jerry.benton at mailborder.com Wed Sep 30 21:57:25 2015 From: jerry.benton at mailborder.com (Jerry Benton) Date: Wed, 30 Sep 2015 17:57:25 -0400 Subject: Does any one know why In-Reply-To: <11D8E491D9562549A61FD3186F3634200269A44D6E@exchange.techeez.com> References: <11D8E491D9562549A61FD3186F3634200269A442A7@exchange.techeez.com> <560C2957.1090400@msapiro.net> <11D8E491D9562549A61FD3186F3634200269A44594@exchange.techeez.com> <560C3197.1040601@msapiro.net> <11D8E491D9562549A61FD3186F3634200269A44A66@exchange.techeez.com> <1DB72AED-057C-4485-8D84-EFC795664302@mailborder.com> <11D8E491D9562549A61FD3186F3634200269A44D6E@exchange.techeez.com> Message-ID: You will have to try it. I don’t have the answer to that. However, cleaning out that folder is pretty painless. - Jerry Benton www.mailborder.com > On Sep 30, 2015, at 5:56 PM, Philip Parsons wrote: > > So one more question once I update to the new version will it automatically clean that folder or do I need to do that first.. > > -----Original Message----- > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton > Sent: September-30-15 2:22 PM > To: MailScanner Discussion > Subject: Re: Does any one know why > > The new upgrade is pretty painless. > > - > Jerry Benton > www.mailborder.com > Sent from my iPhone > >> On Sep 30, 2015, at 16:40, Philip Parsons wrote: >> >> I am running 4.84.6 will look into upgrading >> >> -----Original Message----- >> From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mark Sapiro >> Sent: September-30-15 12:02 PM >> To: mailscanner at lists.mailscanner.info >> Subject: Re: Does any one know why >> >>> On 09/30/2015 11:43 AM, Philip Parsons wrote: >>> Great that cleans it but do you know why it is getting full. >> >> >> There used to be a lot of these temp files left behind due to bugs in >> >> MailScanner/bitdefender-wrapper >> MailScanner/clamav-wrapper >> MailScanner/kaspersky-wrapper >> MailScanner/trend-autoupdate >> MailScanner/MailScanner/CustomFunctions/Ruleset-from-Function.pm >> >> that would sometimes fail to remove temp files they created. >> >> I think these were all fixed as of sometime in the 4.84.x series. If you >> are not running the current 4.85.2-3 version, I suggest upgrading. >> >> -- >> Mark Sapiro The highway is for gamblers, >> San Francisco Bay Area, California better use your sense - B. Dylan >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > From pparsons at techeez.com Wed Sep 30 22:01:13 2015 From: pparsons at techeez.com (Philip Parsons) Date: Wed, 30 Sep 2015 22:01:13 +0000 Subject: Does any one know why In-Reply-To: References: <11D8E491D9562549A61FD3186F3634200269A442A7@exchange.techeez.com> <560C2957.1090400@msapiro.net> <11D8E491D9562549A61FD3186F3634200269A44594@exchange.techeez.com> <560C3197.1040601@msapiro.net> <11D8E491D9562549A61FD3186F3634200269A44A66@exchange.techeez.com> <1DB72AED-057C-4485-8D84-EFC795664302@mailborder.com> <11D8E491D9562549A61FD3186F3634200269A44D6E@exchange.techeez.com> Message-ID: <11D8E491D9562549A61FD3186F3634200269A44E43@exchange.techeez.com> Not that painless when there are couple of million files per server ..hahahaha -----Original Message----- From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: September-30-15 2:57 PM To: MailScanner Discussion Subject: Re: Does any one know why You will have to try it. I don’t have the answer to that. However, cleaning out that folder is pretty painless. - Jerry Benton www.mailborder.com > On Sep 30, 2015, at 5:56 PM, Philip Parsons wrote: > > So one more question once I update to the new version will it automatically clean that folder or do I need to do that first.. > > -----Original Message----- > From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton > Sent: September-30-15 2:22 PM > To: MailScanner Discussion > Subject: Re: Does any one know why > > The new upgrade is pretty painless. > > - > Jerry Benton > www.mailborder.com > Sent from my iPhone > >> On Sep 30, 2015, at 16:40, Philip Parsons wrote: >> >> I am running 4.84.6 will look into upgrading >> >> -----Original Message----- >> From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mark Sapiro >> Sent: September-30-15 12:02 PM >> To: mailscanner at lists.mailscanner.info >> Subject: Re: Does any one know why >> >>> On 09/30/2015 11:43 AM, Philip Parsons wrote: >>> Great that cleans it but do you know why it is getting full. >> >> >> There used to be a lot of these temp files left behind due to bugs in >> >> MailScanner/bitdefender-wrapper >> MailScanner/clamav-wrapper >> MailScanner/kaspersky-wrapper >> MailScanner/trend-autoupdate >> MailScanner/MailScanner/CustomFunctions/Ruleset-from-Function.pm >> >> that would sometimes fail to remove temp files they created. >> >> I think these were all fixed as of sometime in the 4.84.x series. If you >> are not running the current 4.85.2-3 version, I suggest upgrading. >> >> -- >> Mark Sapiro The highway is for gamblers, >> San Francisco Bay Area, California better use your sense - B. Dylan >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/listinfo/mailscanner >> > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/listinfo/mailscanner > -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.