From Warwick.x.Brown at serco.com Wed Nov 2 15:22:55 2016 From: Warwick.x.Brown at serco.com (Warwick Brown) Date: Wed, 2 Nov 2016 15:22:55 +0000 Subject: duplicate subject lines in headers (again) Message-ID: Hi All, I have that historic issue of sending email to yahoo due to duplicate subject lines. I can see there is a work-around of setting "Multiple Headers" from "add" to "append", but I was wondering whether there was any appetite to get it fixed? Also - what exactly are the implications for using "append" as opposed to "add" because there seems to be some anecdotal comments regarding breaking DKIM. Thanks, Warwick -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Thu Nov 3 03:22:48 2016 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 2 Nov 2016 20:22:48 -0700 Subject: duplicate subject lines in headers (again) In-Reply-To: References: Message-ID: <4e41b092-c7cb-3ece-946d-b71ed1043dd5@msapiro.net> On 11/02/2016 08:22 AM, Warwick Brown wrote: > > I have that historic issue of sending email to yahoo due to duplicate > subject lines. Huh? Can you be more specific about what the issue is? If by "historical" you mean something in the archives, a link to an archived thread may help. > I can see there is a work-around of setting ?Multiple Headers? from > ?add? to ?append?, but I was wondering whether there was any appetite to > get it fixed? Again, what exactly is the issue. Does the Multiple Headers setting actually affect Subject: headers. > Also - what exactly are the implications for using ?append? as opposed > to ?add? because there seems to be some anecdotal comments regarding > breaking DKIM. If an incoming message has MailScanner headers and those headers are DKIM signed, changing them in any way or adding additional headers with the same name will break the DKIM sig. On the other hand, if those headers have a different org-name in the X-%org-name%-MailScanner prefix, Multiple Headers = append or replace will modify those headers and break the DKIM sig, but add will add new headers with a different org-name and won't affect the existing DKIM sig. But then, many other transformations will break the DKIM sig anyway - things like tagging the Subject: or modifying the message body in any way, e.g. by disarming web bugs. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From Warwick.x.Brown at serco.com Thu Nov 3 09:58:52 2016 From: Warwick.x.Brown at serco.com (Warwick Brown) Date: Thu, 3 Nov 2016 09:58:52 +0000 Subject: duplicate subject lines in headers (again) In-Reply-To: <4e41b092-c7cb-3ece-946d-b71ed1043dd5@msapiro.net> References: <4e41b092-c7cb-3ece-946d-b71ed1043dd5@msapiro.net> Message-ID: -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+warwick.x.brown=serco.com at lists.mailscanner.info] On Behalf Of Mark Sapiro Sent: 03 November 2016 03:23 To: mailscanner at lists.mailscanner.info Subject: Re: duplicate subject lines in headers (again) On 11/02/2016 08:22 AM, Warwick Brown wrote: > > I have that historic issue of sending email to yahoo due to duplicate > subject lines. Huh? Can you be more specific about what the issue is? If by "historical" you mean something in the archives, a link to an archived thread may help. > I can see there is a work-around of setting "Multiple Headers" from > "add" to "append", but I was wondering whether there was any appetite to > get it fixed? Again, what exactly is the issue. Does the Multiple Headers setting actually affect Subject: headers. > Also - what exactly are the implications for using "append" as opposed > to "add" because there seems to be some anecdotal comments regarding > breaking DKIM. If an incoming message has MailScanner headers and those headers are DKIM signed, changing them in any way or adding additional headers with the same name will break the DKIM sig. On the other hand, if those headers have a different org-name in the X-%org-name%-MailScanner prefix, Multiple Headers = append or replace will modify those headers and break the DKIM sig, but add will add new headers with a different org-name and won't affect the existing DKIM sig. But then, many other transformations will break the DKIM sig anyway - things like tagging the Subject: or modifying the message body in any way, e.g. by disarming web bugs. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ----- Hi Mark Thanks for your response. I've hit upon an issue where Yahoo is being funny about RFC compliance and rejecting mail which has two subject lines in the headers. I notice that one of the headers always has a trailing space, and the other does not. This causes a mismatch between the two subject lines and thus I believe that is where the confusion comes in. I am using Exim 4.86, ClamAV 0.99, SpamAssassin 3.4.0 with MailScanner 4.85.2 on RHEL7.2. I have "Multiple Headers" set to "add" as our future plans is to use DKIM, hence why I don't want to use the published work-around of setting "Multiple Headers" to "append" if I can help it. We have set %org-name% appropriately as to not clobber other people's headers. I have also turned off all of the disarm features as we experienced issues with corporate apps which used the kind of code snippets that disarm acts upon, and changing all the corporate application emails was beyond my control. I can see from the mailing list archives that this issue has cropped up many times on this list and others, and I can also see there are multiple entries for "$global::MS->{mta}->UniqHeader($this, 'Subject:');" in the Message.pm module, only a mail which passes the checks does not enact any of the functions which would call UniqHeader, so it doesn't get made unique. One nuance of this bug I noticed is that when MailScanner parses the subject line - it strips off any whitespace at the end of the subject. I suspect this is where the problem may lie. I have considered using an Exim system filter to strip off the trailing space on receiving the mail, but as you rightly state, it would break DKIM, so again something I can't easily do. So the issue remains - that where whitespace is present in the trailing part of the subject line - MailScanner is discarding that trailing whitespace and adding a second copy of the subject without whitespace, presumably because it believes (due to a difference in the length of a Subject line) that the subject has been changed as part of the scanning process. The only place I can see the length of the subject is considered is within the DeliverFiles function of Message.pm I'm admittedly not a perl programmer and am reluctant to go hacking the code up in a (now) production environment. We are informing the affected users to check for trailing whitespace before they click send, but it'd be nice if we didn't have to do that. Thanks again, Warwick From daniel at hostgeek.com.au Thu Nov 3 05:11:02 2016 From: daniel at hostgeek.com.au (Daniel Cole) Date: Thu, 3 Nov 2016 05:11:02 +0000 Subject: Help with new mailscanner install w/ sendmail CentOS7 Message-ID: <1478149862524.86731@hostgeek.com.au> Hi There, Just trying to get a new MailScanner install going. Have followed the guide and have it just about working, however MailScanner is not picking up the mail and processing it! I believe the issue is that Sendmail is not configured to run separate for inbound and outbound as per https://www.mailscanner.info/sendmail/?. If I send mail I can see that sendmail is processing it (and it gets delivered as expected), but MailScanner doesnt touch it. The details on that page dont quite match up wit systemd on CentOS 7. Can anyone point me in the right direction please? Thanks, Daniel -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Thu Nov 3 15:48:28 2016 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 3 Nov 2016 08:48:28 -0700 Subject: Help with new mailscanner install w/ sendmail CentOS7 In-Reply-To: <1478149862524.86731@hostgeek.com.au> References: <1478149862524.86731@hostgeek.com.au> Message-ID: <8ae06613-ba2e-6cc4-26d2-aaaaac27053b@msapiro.net> On 11/02/2016 10:11 PM, Daniel Cole wrote: > > I believe the issue is that Sendmail is not configured to run separate > for inbound and outbound as per https://www.mailscanner.info/sendmail/?. > If I send mail I can see that sendmail is processing it (and it gets > delivered as expected), but MailScanner doesnt touch it. > > > The details on that page dont quite match up wit systemd on CentOS 7. > Can anyone point me in the right direction please? The information in the issue at may help. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From sales at edenusa.com Thu Nov 3 21:44:27 2016 From: sales at edenusa.com (Paul Scott) Date: Thu, 3 Nov 2016 21:44:27 +0000 Subject: Too Many Attachements OR Virus Found? Message-ID: Hello everybody! We are receiving the following message inside emails quite frequently now, and it is confusing since it conveys two different messages, which are "Too many attachments", OR "Infected." This is occurring when RECEIVING an email from an outside company. So my question is, when this message is received, what is the actual issue. A virus, or too many attachments? And where is the total number of attachments defined in the MailScanner.conf file? And is there a way to create a ruleset file to tell MailScanner to NOT scan for viruses or check for number of attachments for a certain domain name (in this case, it would be "mp-eng.com"). -----Original Message----- From: Greg Chehey [mailto:GChehey at pachydro.com] Sent: Thursday, November 03, 2016 2:30 PM To: Robert Skands > Cc: Patrick Emanuel >; Jeff Chambers >; Jerry Castillo >; Jon Austin > Subject: RE: Back-up pump for Sewer Lift Station Warning: This message has had one or more attachments removed Warning: (the entire message). Warning: Please read the "EdenUSAInc-Attachment-Warning.txt" attachment(s) for more information. This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------------------- The original e-mail attachment "the entire message" was believed to be dangerous and/or infected by a virus and has been replaced by this warning message. Due to limitations placed on us by the Regulation of Investigatory Powers Act 2000, we were unable to keep a copy of the infected attachment. Please ask the sender of the message to disinfect their original version and send you a clean copy. At Thu Nov 3 14:30:35 2016 the scanner said: Too many attachments in message Sincerely, Paul Scott Sales Engineer, Eden USA Las Vegas, New York, Los Angeles Phone: 866.501.3336 Fax: 866.502.3336 FACEBOOK: http://www.facebook.com/edenusainc -------------- next part -------------- An HTML attachment was scrubbed... URL: From sales at edenusa.com Thu Nov 3 23:35:33 2016 From: sales at edenusa.com (Paul Scott) Date: Thu, 3 Nov 2016 23:35:33 +0000 Subject: FW: Too Many Attachements OR Virus Found? In-Reply-To: References: Message-ID: Sending again. Rejected first time around. From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Paul Scott Sent: Thursday, November 03, 2016 2:44 PM To: MailScanner Discussion Subject: Too Many Attachements OR Virus Found? This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing Feedback Hello everybody! We are receiving the following message inside emails quite frequently now, and it is confusing since it conveys two different messages, which are "Too many attachments", OR "Infected." This is occurring when RECEIVING an email from an outside company. So my question is, when this message is received, what is the actual issue. A virus, or too many attachments? And where is the total number of attachments defined in the MailScanner.conf file? And is there a way to create a ruleset file to tell MailScanner to NOT scan for viruses or check for number of attachments for a certain domain name (in this case, it would be "mp-eng.com"). -----Original Message----- From: Greg Chehey [mailto:GChehey at pachydro.com] Sent: Thursday, November 03, 2016 2:30 PM To: Robert Skands > Cc: Patrick Emanuel >; Jeff Chambers >; Jerry Castillo >; Jon Austin > Subject: RE: Back-up pump for Sewer Lift Station Warning: This message has had one or more attachments removed Warning: (the entire message). Warning: Please read the "EdenUSAInc-Attachment-Warning.txt" attachment(s) for more information. This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------------------- The original e-mail attachment "the entire message" was believed to be dangerous and/or infected by a virus and has been replaced by this warning message. Due to limitations placed on us by the Regulation of Investigatory Powers Act 2000, we were unable to keep a copy of the infected attachment. Please ask the sender of the message to disinfect their original version and send you a clean copy. At Thu Nov 3 14:30:35 2016 the scanner said: Too many attachments in message Sincerely, Paul Scott Sales Engineer, Eden USA Las Vegas, New York, Los Angeles Phone: 866.501.3336 Fax: 866.502.3336 FACEBOOK: http://www.facebook.com/edenusainc -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ATT00001.txt URL: From sales at edenusa.com Thu Nov 3 23:37:37 2016 From: sales at edenusa.com (Paul Scott) Date: Thu, 3 Nov 2016 23:37:37 +0000 Subject: Help with new mailscanner install w/ sendmail CentOS7 In-Reply-To: <8ae06613-ba2e-6cc4-26d2-aaaaac27053b@msapiro.net> References: <1478149862524.86731@hostgeek.com.au> <8ae06613-ba2e-6cc4-26d2-aaaaac27053b@msapiro.net> Message-ID: The MailScanner Discussion list is now rejecting me. Any idea why? -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Mark Sapiro Sent: Thursday, November 03, 2016 8:48 AM To: mailscanner at lists.mailscanner.info Subject: Re: Help with new mailscanner install w/ sendmail CentOS7 On 11/02/2016 10:11 PM, Daniel Cole wrote: > > I believe the issue is that Sendmail is not configured to run separate > for inbound and outbound as per https://www.mailscanner.info/sendmail/?. > If I send mail I can see that sendmail is processing it (and it gets > delivered as expected), but MailScanner doesnt touch it. > > > The details on that page dont quite match up wit systemd on CentOS 7. > Can anyone point me in the right direction please? The information in the issue at may help. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From jerry.benton at mailborder.com Thu Nov 3 23:40:25 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Thu, 3 Nov 2016 19:40:25 -0400 Subject: Help with new mailscanner install w/ sendmail CentOS7 In-Reply-To: References: <1478149862524.86731@hostgeek.com.au> <8ae06613-ba2e-6cc4-26d2-aaaaac27053b@msapiro.net> Message-ID: I see the email you sent. - Jerry Benton www.mailborder.com +1 844-436-6245 ext 707 sent via mobile > On Nov 3, 2016, at 19:37, Paul Scott wrote: > > The MailScanner Discussion list is now rejecting me. Any idea why? > > -----Original Message----- > From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Mark Sapiro > Sent: Thursday, November 03, 2016 8:48 AM > To: mailscanner at lists.mailscanner.info > Subject: Re: Help with new mailscanner install w/ sendmail CentOS7 > >> On 11/02/2016 10:11 PM, Daniel Cole wrote: >> >> I believe the issue is that Sendmail is not configured to run separate >> for inbound and outbound as per https://www.mailscanner.info/sendmail/?. >> If I send mail I can see that sendmail is processing it (and it gets >> delivered as expected), but MailScanner doesnt touch it. >> >> >> The details on that page dont quite match up wit systemd on CentOS 7. >> Can anyone point me in the right direction please? > > > The information in the issue at > may help. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sales at edenusa.com Thu Nov 3 23:44:18 2016 From: sales at edenusa.com (Paul Scott) Date: Thu, 3 Nov 2016 23:44:18 +0000 Subject: Help with new mailscanner install w/ sendmail CentOS7 In-Reply-To: References: <1478149862524.86731@hostgeek.com.au> <8ae06613-ba2e-6cc4-26d2-aaaaac27053b@msapiro.net> Message-ID: Hello Jerry. Interesting. I see this message coming back on each send: This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing Not sure why. Paul Scott From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: Thursday, November 03, 2016 4:40 PM To: MailScanner Discussion Subject: Re: Help with new mailscanner install w/ sendmail CentOS7 I see the email you sent. - Jerry Benton www.mailborder.com +1 844-436-6245 ext 707 sent via mobile On Nov 3, 2016, at 19:37, Paul Scott > wrote: The MailScanner Discussion list is now rejecting me. Any idea why? -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Mark Sapiro Sent: Thursday, November 03, 2016 8:48 AM To: mailscanner at lists.mailscanner.info Subject: Re: Help with new mailscanner install w/ sendmail CentOS7 On 11/02/2016 10:11 PM, Daniel Cole wrote: I believe the issue is that Sendmail is not configured to run separate for inbound and outbound as per https://www.mailscanner.info/sendmail/?. If I send mail I can see that sendmail is processing it (and it gets delivered as expected), but MailScanner doesnt touch it. The details on that page dont quite match up wit systemd on CentOS 7. Can anyone point me in the right direction please? The information in the issue at may help. -- Mark Sapiro > The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevin.miller at juneau.org Thu Nov 3 23:45:05 2016 From: kevin.miller at juneau.org (Kevin Miller) Date: Thu, 3 Nov 2016 23:45:05 +0000 Subject: Help with new mailscanner install w/ sendmail CentOS7 In-Reply-To: References: <1478149862524.86731@hostgeek.com.au> <8ae06613-ba2e-6cc4-26d2-aaaaac27053b@msapiro.net> Message-ID: <5c03d867c6b24649ad9dad85f4bf6ceb@City-Exch-DB1.cbj.local> Me too. Log onto the list server where you manage your subscription and make sure the box not to send your own posts isn?t selected, Mark. ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357 From: MailScanner [mailto:mailscanner-bounces+kevin.miller=juneau.org at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: Thursday, November 03, 2016 3:40 PM To: MailScanner Discussion Subject: Re: Help with new mailscanner install w/ sendmail CentOS7 I see the email you sent. - Jerry Benton www.mailborder.com +1 844-436-6245 ext 707 sent via mobile On Nov 3, 2016, at 19:37, Paul Scott > wrote: The MailScanner Discussion list is now rejecting me. Any idea why? -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Mark Sapiro Sent: Thursday, November 03, 2016 8:48 AM To: mailscanner at lists.mailscanner.info Subject: Re: Help with new mailscanner install w/ sendmail CentOS7 On 11/02/2016 10:11 PM, Daniel Cole wrote: I believe the issue is that Sendmail is not configured to run separate for inbound and outbound as per https://www.mailscanner.info/sendmail/?. If I send mail I can see that sendmail is processing it (and it gets delivered as expected), but MailScanner doesnt touch it. The details on that page dont quite match up wit systemd on CentOS 7. Can anyone point me in the right direction please? The information in the issue at may help. -- Mark Sapiro > The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Thu Nov 3 23:45:29 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Thu, 3 Nov 2016 19:45:29 -0400 Subject: Help with new mailscanner install w/ sendmail CentOS7 In-Reply-To: References: <1478149862524.86731@hostgeek.com.au> <8ae06613-ba2e-6cc4-26d2-aaaaac27053b@msapiro.net> Message-ID: Maybe Mark can provide more info when he has time. On Thursday, November 3, 2016, Paul Scott wrote: > Hello Jerry. Interesting. I see this message coming back on each send: > > > > This sender failed our fraud detection checks and may not > be who they appear to be. Learn about spoofing > > > > > > > Not sure why. > > > > Paul Scott > > > > > > *From:* MailScanner [mailto:mailscanner-bounces+sales > = > edenusa.com at lists.mailscanner.info > ] *On > Behalf Of *Jerry Benton > *Sent:* Thursday, November 03, 2016 4:40 PM > *To:* MailScanner Discussion > > *Subject:* Re: Help with new mailscanner install w/ sendmail CentOS7 > > > > I see the email you sent. > > - > > Jerry Benton > > www.mailborder.com > > +1 844-436-6245 ext 707 > > sent via mobile > > > On Nov 3, 2016, at 19:37, Paul Scott > wrote: > > The MailScanner Discussion list is now rejecting me. Any idea why? > > -----Original Message----- > From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists. > mailscanner.info > ] > On Behalf Of Mark Sapiro > Sent: Thursday, November 03, 2016 8:48 AM > To: mailscanner at lists.mailscanner.info > > Subject: Re: Help with new mailscanner install w/ sendmail CentOS7 > > On 11/02/2016 10:11 PM, Daniel Cole wrote: > > > > I believe the issue is that Sendmail is not configured to run separate > > for inbound and outbound as per https://www.mailscanner.info/sendmail/?. > > If I send mail I can see that sendmail is processing it (and it gets > > delivered as expected), but MailScanner doesnt touch it. > > > > > > The details on that page dont quite match up wit systemd on CentOS 7. > > Can anyone point me in the right direction please? > > > > The information in the issue at > may help. > > -- > Mark Sapiro > The highway is > for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- -- Jerry Benton Mailborder Systems www.mailborder.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From sales at edenusa.com Thu Nov 3 23:57:22 2016 From: sales at edenusa.com (Paul Scott) Date: Thu, 3 Nov 2016 23:57:22 +0000 Subject: Too Many Attachements OR Virus Found? In-Reply-To: References: Message-ID: Okay, I made the change as suggested by Kevin, and am now sending again. Thank you very much! Sincerely, Paul Scott Sales Engineer, Eden USA Las Vegas, New York, Los Angeles Phone: 866.501.3336 Fax: 866.502.3336 FACEBOOK: http://www.facebook.com/edenusainc From: Paul Scott Sent: Thursday, November 03, 2016 2:44 PM To: 'MailScanner Discussion' Subject: Too Many Attachements OR Virus Found? Hello everybody! We are receiving the following message inside emails quite frequently now, and it is confusing since it conveys two different messages, which are "Too many attachments", OR "Infected." This is occurring when RECEIVING an email from an outside company. So my question is, when this message is received, what is the actual issue. A virus, or too many attachments? And where is the total number of attachments defined in the MailScanner.conf file? And is there a way to create a ruleset file to tell MailScanner to NOT scan for viruses or check for number of attachments for a certain domain name (in this case, it would be "mp-eng.com"). -----Original Message----- From: Greg Chehey [mailto:GChehey at pachydro.com] Sent: Thursday, November 03, 2016 2:30 PM To: Robert Skands > Cc: Patrick Emanuel >; Jeff Chambers >; Jerry Castillo >; Jon Austin > Subject: RE: Back-up pump for Sewer Lift Station Warning: This message has had one or more attachments removed Warning: (the entire message). Warning: Please read the "EdenUSAInc-Attachment-Warning.txt" attachment(s) for more information. This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------------------- The original e-mail attachment "the entire message" was believed to be dangerous and/or infected by a virus and has been replaced by this warning message. Due to limitations placed on us by the Regulation of Investigatory Powers Act 2000, we were unable to keep a copy of the infected attachment. Please ask the sender of the message to disinfect their original version and send you a clean copy. At Thu Nov 3 14:30:35 2016 the scanner said: Too many attachments in message Sincerely, Paul Scott Sales Engineer, Eden USA Las Vegas, New York, Los Angeles Phone: 866.501.3336 Fax: 866.502.3336 FACEBOOK: http://www.facebook.com/edenusainc -------------- next part -------------- An HTML attachment was scrubbed... URL: From sales at edenusa.com Fri Nov 4 00:14:15 2016 From: sales at edenusa.com (Paul Scott) Date: Fri, 4 Nov 2016 00:14:15 +0000 Subject: Help with new mailscanner install w/ sendmail CentOS7 In-Reply-To: <5c03d867c6b24649ad9dad85f4bf6ceb@City-Exch-DB1.cbj.local> References: <1478149862524.86731@hostgeek.com.au> <8ae06613-ba2e-6cc4-26d2-aaaaac27053b@msapiro.net> <5c03d867c6b24649ad9dad85f4bf6ceb@City-Exch-DB1.cbj.local> Message-ID: Hello Kevin, I did this and it worked (I checked the Archives and see my messages there okay). Thank you very much! Paul From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Kevin Miller Sent: Thursday, November 03, 2016 4:45 PM To: 'MailScanner Discussion' Subject: RE: Help with new mailscanner install w/ sendmail CentOS7 Me too. Log onto the list server where you manage your subscription and make sure the box not to send your own posts isn?t selected, Mark. ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357 From: MailScanner [mailto:mailscanner-bounces+kevin.miller=juneau.org at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: Thursday, November 03, 2016 3:40 PM To: MailScanner Discussion Subject: Re: Help with new mailscanner install w/ sendmail CentOS7 I see the email you sent. - Jerry Benton www.mailborder.com +1 844-436-6245 ext 707 sent via mobile On Nov 3, 2016, at 19:37, Paul Scott > wrote: The MailScanner Discussion list is now rejecting me. Any idea why? -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Mark Sapiro Sent: Thursday, November 03, 2016 8:48 AM To: mailscanner at lists.mailscanner.info Subject: Re: Help with new mailscanner install w/ sendmail CentOS7 On 11/02/2016 10:11 PM, Daniel Cole wrote: I believe the issue is that Sendmail is not configured to run separate for inbound and outbound as per https://www.mailscanner.info/sendmail/?. If I send mail I can see that sendmail is processing it (and it gets delivered as expected), but MailScanner doesnt touch it. The details on that page dont quite match up wit systemd on CentOS 7. Can anyone point me in the right direction please? The information in the issue at may help. -- Mark Sapiro > The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Fri Nov 4 03:03:54 2016 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 3 Nov 2016 20:03:54 -0700 Subject: duplicate subject lines in headers (again) In-Reply-To: References: <4e41b092-c7cb-3ece-946d-b71ed1043dd5@msapiro.net> Message-ID: On 11/03/2016 02:58 AM, Warwick Brown wrote: > > So the issue remains - that where whitespace is present in the > trailing part of the subject line - MailScanner is discarding that > trailing whitespace and adding a second copy of the subject without > whitespace, presumably because it believes (due to a difference in > the length of a Subject line) that the subject has been changed as > part of the scanning process. I do not see this. I have sent test messages that pass through two MailScanner instances - one on the way out of my desktop and one on the way in to my MX server - with Subject headers with trailing whitespace and the headers are never duplicated and the whitespace isn't stripped. In both MailScanner instances "Multiple Headers" is set to add. I have tried one trailing space, two trailing spaces and a trailing tab. In all cases the result is the same except for the specific whitespace in the Subject: of the delivered message, one of which is attached. If I'm not doing the correct test, please explain in more detail what the issue is so I can understand how to test. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -------------- next part -------------- An embedded message was scrubbed... From: Mark Sapiro Subject: Test trailing space Date: Thu, 3 Nov 2016 19:43:44 -0700 Size: 1592 URL: From mark at msapiro.net Fri Nov 4 03:16:17 2016 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 3 Nov 2016 20:16:17 -0700 Subject: Too Many Attachements OR Virus Found? In-Reply-To: References: Message-ID: On 11/03/2016 04:57 PM, Paul Scott wrote: > Okay, I made the change as suggested by Kevin, and am now sending again. All of your posts reach the list. If you look in the archive at . It is your own incoming MTA that is adding the "This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing Feedback" message to the copy of your post delivered back to you. This is not a rejection notice. It is your copy of the post from the list. Kevin's suggestion prevented Mailman from sending your copy of the post back to you, so you no longer received it, but as I said it was only your copy from the list being flagged by your own incoming mail service. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Fri Nov 4 03:25:09 2016 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 3 Nov 2016 20:25:09 -0700 Subject: Too Many Attachements OR Virus Found? In-Reply-To: References: Message-ID: <165fc4ad-a7d4-d427-f828-48a452d916b2@msapiro.net> On 11/03/2016 02:44 PM, Paul Scott wrote: > > We are receiving the following message inside emails quite frequently > now, and it is confusing since it conveys two different messages, which > are ?Too many attachments?, OR ?Infected.? > > This is occurring when RECEIVING an email from an outside company. > > So my question is, when this message is received, what is the actual > issue. A virus, or too many attachments? The issue is your virus scanner (what is it) is reporting back to MailScanner with the message "Too many attachments in message". MailScanner sees that and thinks it's a report of an infection from the virus scanner. > And where is the total number of attachments defined in the > MailScanner.conf file? It isn't. It's in your virus scanner which is ? > And is there a way to create a ruleset file to tell MailScanner to NOT > scan for viruses or check for number of attachments for a certain domain > name (in this case, it would be ?mp-eng.com?). Yes, see . -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From sales at edenusa.com Fri Nov 4 10:19:49 2016 From: sales at edenusa.com (Paul Scott) Date: Fri, 4 Nov 2016 10:19:49 +0000 Subject: Too Many Attachements OR Virus Found? In-Reply-To: <165fc4ad-a7d4-d427-f828-48a452d916b2@msapiro.net> References: <165fc4ad-a7d4-d427-f828-48a452d916b2@msapiro.net> Message-ID: Thank you Mark. The virus scanner is ClamD. Paul -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Mark Sapiro Sent: Thursday, November 03, 2016 8:25 PM To: mailscanner at lists.mailscanner.info Subject: Re: Too Many Attachements OR Virus Found? On 11/03/2016 02:44 PM, Paul Scott wrote: > > We are receiving the following message inside emails quite frequently > now, and it is confusing since it conveys two different messages, > which are "Too many attachments", OR "Infected." > > This is occurring when RECEIVING an email from an outside company. > > So my question is, when this message is received, what is the actual > issue. A virus, or too many attachments? The issue is your virus scanner (what is it) is reporting back to MailScanner with the message "Too many attachments in message". MailScanner sees that and thinks it's a report of an infection from the virus scanner. > And where is the total number of attachments defined in the > MailScanner.conf file? It isn't. It's in your virus scanner which is ? > And is there a way to create a ruleset file to tell MailScanner to NOT > scan for viruses or check for number of attachments for a certain > domain name (in this case, it would be "mp-eng.com"). Yes, see . -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From sales at edenusa.com Fri Nov 4 10:22:26 2016 From: sales at edenusa.com (Paul Scott) Date: Fri, 4 Nov 2016 10:22:26 +0000 Subject: Too Many Attachements OR Virus Found? In-Reply-To: References: Message-ID: Hello Mark, Yes, you are right. Microsoft's Exchange in the cloud is what I am using for my MTA. Extremely complex routing. New feature they just added to try to thwart spoofing. Thanks again! Paul -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Mark Sapiro Sent: Thursday, November 03, 2016 8:16 PM To: mailscanner at lists.mailscanner.info Subject: Re: Too Many Attachements OR Virus Found? On 11/03/2016 04:57 PM, Paul Scott wrote: > Okay, I made the change as suggested by Kevin, and am now sending again. All of your posts reach the list. If you look in the archive at . It is your own incoming MTA that is adding the "This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing Feedback" message to the copy of your post delivered back to you. This is not a rejection notice. It is your copy of the post from the list. Kevin's suggestion prevented Mailman from sending your copy of the post back to you, so you no longer received it, but as I said it was only your copy from the list being flagged by your own incoming mail service. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From daniel at hostgeek.com.au Fri Nov 4 10:54:58 2016 From: daniel at hostgeek.com.au (Daniel Cole) Date: Fri, 4 Nov 2016 10:54:58 +0000 Subject: Help with new mailscanner install w/ sendmail CentOS7 In-Reply-To: <8ae06613-ba2e-6cc4-26d2-aaaaac27053b@msapiro.net> References: <1478149862524.86731@hostgeek.com.au>, <8ae06613-ba2e-6cc4-26d2-aaaaac27053b@msapiro.net> Message-ID: <1478256897281.31230@hostgeek.com.au> Hi Mark, Thanks for the pointer - all working beautifully now! Cheers, Daniel ________________________________________ From: MailScanner on behalf of Mark Sapiro Sent: Friday, 4 November 2016 2:48 AM To: mailscanner at lists.mailscanner.info Subject: Re: Help with new mailscanner install w/ sendmail CentOS7 On 11/02/2016 10:11 PM, Daniel Cole wrote: > > I believe the issue is that Sendmail is not configured to run separate > for inbound and outbound as per https://www.mailscanner.info/sendmail/?. > If I send mail I can see that sendmail is processing it (and it gets > delivered as expected), but MailScanner doesnt touch it. > > > The details on that page dont quite match up wit systemd on CentOS 7. > Can anyone point me in the right direction please? The information in the issue at may help. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From mailinglists at feedmebits.nl Fri Nov 4 13:17:06 2016 From: mailinglists at feedmebits.nl (Maarten) Date: Fri, 04 Nov 2016 14:17:06 +0100 Subject: filename.rules.conf Message-ID: Hello, I'm running mailscanner-4.85.2-3, and I've added two custom rules to filename.rules.conf. However it seems to files don't get blocked. Here are two examples of rules I"ve added: deny SCAN_2016_.*\.zip$ TEST TEST deny Incasso\.zip$ TEST TEST I'm not seeing any syntax errors in my logs referring to filename.rules.conf, when I had the syntax wrong before I say errors complaining about it. Am I missing something? From iversons at rushville.k12.in.us Fri Nov 4 14:24:50 2016 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Fri, 4 Nov 2016 10:24:50 -0400 Subject: filename.rules.conf In-Reply-To: References: Message-ID: Are you using tabs instead of spaces? That's a tricky thing about MailScanner. On Fri, Nov 4, 2016 at 9:17 AM, Maarten wrote: > Hello, > > I'm running mailscanner-4.85.2-3, and I've added two custom rules to > filename.rules.conf. However it seems to files don't get blocked. Here are > two examples of rules I"ve added: > > deny SCAN_2016_.*\.zip$ TEST TEST > deny Incasso\.zip$ TEST TEST > > I'm not seeing any syntax errors in my logs referring to > filename.rules.conf, when I had the syntax wrong before I say errors > complaining about it. Am I missing something? > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Fri Nov 4 14:42:09 2016 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Fri, 4 Nov 2016 10:42:09 -0400 Subject: filename.rules.conf In-Reply-To: <24a4eda13565f147eeee1037cce5e5a7@webmail.feedmebits.nl> References: <24a4eda13565f147eeee1037cce5e5a7@webmail.feedmebits.nl> Message-ID: Yes, that is correct. I should have said it the other way around. On Fri, Nov 4, 2016 at 10:40 AM, Maarten wrote: > I was using tabs since at the top it of the config file it says: > > # NOTE: Fields are separated by TAB characters --- Important! > > Using spaces now, still the filenames aren't getting blocked: > > > deny SCAN_2016_.*\.zip$ "TEST "TEST" > deny Incasso\.zip "TEST" "TEST > > > > > > On 2016-11-04 15:24, Shawn Iverson wrote: > >> Are you using tabs instead of spaces? That's a tricky thing about >> MailScanner. >> >> On Fri, Nov 4, 2016 at 9:17 AM, Maarten >> wrote: >> >> Hello, >>> >>> I'm running mailscanner-4.85.2-3, and I've added two custom rules to >>> filename.rules.conf. However it seems to files don't get blocked. >>> Here are two examples of rules I"ve added: >>> >>> deny SCAN_2016_.*\.zip$ TEST TEST >>> deny Incasso\.zip$ TEST TEST >>> >>> I'm not seeing any syntax errors in my logs referring to >>> filename.rules.conf, when I had the syntax wrong before I say errors >>> complaining about it. Am I missing something? >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner [1] >>> >> >> -- >> >> Shawn Iverson >> Director of Technology >> Rush County Schools >> 765-932-3901 x271 >> iversons at rushville.k12.in.us >> >> >> >> Links: >> ------ >> [1] http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner at replies.cyways.com Fri Nov 4 15:24:01 2016 From: mailscanner at replies.cyways.com (Peter Lemieux) Date: Fri, 4 Nov 2016 11:24:01 -0400 Subject: Help with new mailscanner install w/ sendmail CentOS7 In-Reply-To: References: <1478149862524.86731@hostgeek.com.au> <8ae06613-ba2e-6cc4-26d2-aaaaac27053b@msapiro.net> Message-ID: <5a00a562-22c4-1f84-fa70-63ec56134c7b@replies.cyways.com> This is something that Microsoft implemented for accounts using their hosted mail services without thinking about the effects it might have on listservers. They are following in the "august" footsteps of Yahoo and AOL whose implementation of DMARC has also caused serious problems for listserver administrators. This list, like the ones I manage, puts the sender's From address in the headers rather than using a generic one like owner-listname at example.com. Microsoft has now chosen to view all messages where the From address matches the recipient's address as "spoofed." This policy only affects the copy of the message being sent back to you. Other subscribers will see the message when redistributed by the listserver. Microsoft clearly refuses to believe the SPF record even when it indicates that the sending server is legitimate. I'm seeing this problem occur on the lists I manage despite having correct SPF data in my DNS. You can look into methods of whitelisting the sending server or sending domain, in this case lists.mailscanner.info. I've seen one complaint at http://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_other/listserv-messages-fail-o365s-fraud-detection/7ab75018-43fc-4d9e-b716-85f7f2418d3c. The reply from the Microsoft support person shows they are entirely clueless about why this policy affects listservers. I dealt with the Yahoo and AOL problems by rewriting the sender's address so it reads someone=yahoo.com at lists.example.com That passes the DMARC tests since the message originates on the legitimate server for lists.example.com. I hope not to have to add Outlook and company to the list of domains for which I do rewriting, but I suspect it may come to that. Google and GMail also treat messages where the From and To are identical as likely spam. I've had to tell my subscribers using those services to look in their spam folders when they don't see their postings to my listserver in their inboxes. Peter On 11/03/2016 07:45 PM, Jerry Benton wrote: > Maybe Mark can provide more info when he has time. > > > On Thursday, November 3, 2016, Paul Scott > wrote: > > Hello Jerry. Interesting. I see this message coming back on each send:____ > > __ __ > > > > This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing > ____ > > __ __ > > __ __ > > Not sure why.____ > > __ __ > > Paul Scott____ > > __ __ > > __ __ > > *From:*MailScanner [mailto:mailscanner-bounces+sales > =edenusa.com at lists.mailscanner.info > ] > *On Behalf Of *Jerry Benton > *Sent:* Thursday, November 03, 2016 4:40 PM > *To:* MailScanner Discussion > > *Subject:* Re: Help with new mailscanner install w/ sendmail CentOS7____ > > __ __ > > I see the email you sent.____ > > -____ > > Jerry Benton____ > > www.mailborder.com ____ > > +1 844-436-6245 ext 707____ > > sent via mobile____ > > > On Nov 3, 2016, at 19:37, Paul Scott > wrote:____ > > The MailScanner Discussion list is now rejecting me. Any idea why? > > -----Original Message----- > From: MailScanner > [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info > ] > On Behalf Of Mark Sapiro > Sent: Thursday, November 03, 2016 8:48 AM > To: mailscanner at lists.mailscanner.info > > Subject: Re: Help with new mailscanner install w/ sendmail CentOS7 > > On 11/02/2016 10:11 PM, Daniel Cole wrote: > > ____ > > __ __ > > I believe the issue is that Sendmail is not configured to run > separate ____ > > for inbound and outbound as per > https://www.mailscanner.info/sendmail/ > ?.____ > > If I send mail I can see that sendmail is processing it (and it > gets ____ > > delivered as expected), but MailScanner doesnt touch it.____ > > __ __ > > __ __ > > The details on that page dont quite match up wit systemd on > CentOS 7.____ > > Can anyone point me in the right direction please?____ > > > > The information in the issue at > > may help. > > -- > Mark Sapiro > The > highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > ____ > > > > -- > > -- > Jerry Benton > Mailborder Systems > www.mailborder.com > > > > > From jerry.benton at mailborder.com Fri Nov 4 15:26:51 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Fri, 4 Nov 2016 08:26:51 -0700 Subject: Help with new mailscanner install w/ sendmail CentOS7 In-Reply-To: <5a00a562-22c4-1f84-fa70-63ec56134c7b@replies.cyways.com> References: <1478149862524.86731@hostgeek.com.au> <8ae06613-ba2e-6cc4-26d2-aaaaac27053b@msapiro.net> <5a00a562-22c4-1f84-fa70-63ec56134c7b@replies.cyways.com> Message-ID: You can also implement SRS on your server. https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme - Jerry Benton www.mailborder.com +1 - 844-436-6245 -----Original Message----- From:?Peter Lemieux Reply:?MailScanner Discussion Date:?November 4, 2016 at 11:24:24 AM To:?MailScanner Discussion Subject:? Re: Help with new mailscanner install w/ sendmail CentOS7 > This is something that Microsoft implemented for accounts using their hosted > mail services without thinking about the effects it might have on > listservers. They are following in the "august" footsteps of Yahoo and AOL > whose implementation of DMARC has also caused serious problems for > listserver administrators. > > This list, like the ones I manage, puts the sender's From address in the > headers rather than using a generic one like owner-listname at example.com. > Microsoft has now chosen to view all messages where the From address matches > the recipient's address as "spoofed." This policy only affects the copy of > the message being sent back to you. Other subscribers will see the message > when redistributed by the listserver. > > Microsoft clearly refuses to believe the SPF record even when it indicates > that the sending server is legitimate. I'm seeing this problem occur on the > lists I manage despite having correct SPF data in my DNS. > > You can look into methods of whitelisting the sending server or sending > domain, in this case lists.mailscanner.info. I've seen one complaint at > http://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_other/listserv-messages-fail-o365s-fraud-detection/7ab75018-43fc-4d9e-b716-85f7f2418d3c. > The reply from the Microsoft support person shows they are entirely > clueless about why this policy affects listservers. > > I dealt with the Yahoo and AOL problems by rewriting the sender's address so > it reads > someone=yahoo.com at lists.example.com > That passes the DMARC tests since the message originates on the legitimate > server for lists.example.com. I hope not to have to add Outlook and company > to the list of domains for which I do rewriting, but I suspect it may come > to that. > > Google and GMail also treat messages where the From and To are identical as > likely spam. I've had to tell my subscribers using those services to look > in their spam folders when they don't see their postings to my listserver in > their inboxes. > > Peter > > > On 11/03/2016 07:45 PM, Jerry Benton wrote: > > Maybe Mark can provide more info when he has time. > > > > > > On Thursday, November 3, 2016, Paul Scott > > > wrote: > > > > Hello Jerry. Interesting. I see this message coming back on each send:____ > > > > __ __ > > > > > > > > This sender failed our fraud detection checks and may not be who they appear to be. Learn > about spoofing > > ____ > > > > __ __ > > > > __ __ > > > > Not sure why.____ > > > > __ __ > > > > Paul Scott____ > > > > __ __ > > > > __ __ > > > > *From:*MailScanner [mailto:mailscanner-bounces+sales > > <_e(%7B%7D,'cvml','mailscanner-bounces%2Bsales');>=edenusa.com at lists.mailscanner.info > > <_e(%7B%7D,'cvml','edenusa.com at lists.mailscanner.info');>] > > *On Behalf Of *Jerry Benton > > *Sent:* Thursday, November 03, 2016 4:40 PM > > *To:* MailScanner Discussion > > <_e(%7B%7D,'cvml','mailscanner at lists.mailscanner.info');>> > > *Subject:* Re: Help with new mailscanner install w/ sendmail CentOS7____ > > > > __ __ > > > > I see the email you sent.____ > > > > -____ > > > > Jerry Benton____ > > > > www.mailborder.com ____ > > > > +1 844-436-6245 ext 707____ > > > > sent via mobile____ > > > > > > On Nov 3, 2016, at 19:37, Paul Scott > > <_e(%7B%7D,'cvml','sales at edenusa.com');>> wrote:____ > > > > The MailScanner Discussion list is now rejecting me. Any idea why? > > > > -----Original Message----- > > From: MailScanner > > [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info > > <_e(%7B%7D,'cvml','mailscanner-bounces%2Bsales%5Cx3dedenusa.com at lists.mailscanner.info');>] > > On Behalf Of Mark Sapiro > > Sent: Thursday, November 03, 2016 8:48 AM > > To: mailscanner at lists.mailscanner.info > > <_e(%7B%7D,'cvml','mailscanner at lists.mailscanner.info');> > > Subject: Re: Help with new mailscanner install w/ sendmail CentOS7 > > > > On 11/02/2016 10:11 PM, Daniel Cole wrote: > > > > ____ > > > > __ __ > > > > I believe the issue is that Sendmail is not configured to run > > separate ____ > > > > for inbound and outbound as per > > https://www.mailscanner.info/sendmail/ > > ?.____ > > > > If I send mail I can see that sendmail is processing it (and it > > gets ____ > > > > delivered as expected), but MailScanner doesnt touch it.____ > > > > __ __ > > > > __ __ > > > > The details on that page dont quite match up wit systemd on > > CentOS 7.____ > > > > Can anyone point me in the right direction please?____ > > > > > > > > The information in the issue at > > > > > may help. > > > > -- > > Mark Sapiro > > <_e(%7B%7D,'cvml','mark at msapiro.net');>> The > > highway is for gamblers, > > San Francisco Bay Area, California better use your sense - B. Dylan > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > <_e(%7B%7D,'cvml','mailscanner at lists.mailscanner.info');> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > <_e(%7B%7D,'cvml','mailscanner at lists.mailscanner.info');> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > ____ > > > > > > > > -- > > > > -- > > Jerry Benton > > Mailborder Systems > > www.mailborder.com > > > > > > > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From mailinglists at feedmebits.nl Fri Nov 4 14:40:34 2016 From: mailinglists at feedmebits.nl (Maarten) Date: Fri, 04 Nov 2016 15:40:34 +0100 Subject: filename.rules.conf In-Reply-To: References: Message-ID: <24a4eda13565f147eeee1037cce5e5a7@webmail.feedmebits.nl> I was using tabs since at the top it of the config file it says: # NOTE: Fields are separated by TAB characters --- Important! Using spaces now, still the filenames aren't getting blocked: deny SCAN_2016_.*\.zip$ "TEST "TEST" deny Incasso\.zip "TEST" "TEST On 2016-11-04 15:24, Shawn Iverson wrote: > Are you using tabs instead of spaces? That's a tricky thing about > MailScanner. > > On Fri, Nov 4, 2016 at 9:17 AM, Maarten > wrote: > >> Hello, >> >> I'm running mailscanner-4.85.2-3, and I've added two custom rules to >> filename.rules.conf. However it seems to files don't get blocked. >> Here are two examples of rules I"ve added: >> >> deny SCAN_2016_.*\.zip$ TEST TEST >> deny Incasso\.zip$ TEST TEST >> >> I'm not seeing any syntax errors in my logs referring to >> filename.rules.conf, when I had the syntax wrong before I say errors >> complaining about it. Am I missing something? >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner [1] > > -- > > Shawn Iverson > Director of Technology > Rush County Schools > 765-932-3901 x271 > iversons at rushville.k12.in.us > > > > Links: > ------ > [1] http://lists.mailscanner.info/mailman/listinfo/mailscanner From mailinglists at feedmebits.nl Fri Nov 4 14:53:00 2016 From: mailinglists at feedmebits.nl (Maarten) Date: Fri, 04 Nov 2016 15:53:00 +0100 Subject: filename.rules.conf In-Reply-To: References: <24a4eda13565f147eeee1037cce5e5a7@webmail.feedmebits.nl> Message-ID: <2700ed3f75077e092ea751832fe0b19d@webmail.feedmebits.nl> Yes using tabs: deny SCAN_2016_.*\.zip$ TEST TEST" deny Incasso\.zip TEST TEST The normal filename blocks seem to be work(one of the default listed ones), cuz when I sent a test email with an attachment named test.bat it gets filtered out. deny \.reg$ Possible Windows registry attack Windows registry entries are very dangerous in email On 2016-11-04 15:42, Shawn Iverson wrote: > Yes, that is correct. I should have said it the other way around. > > On Fri, Nov 4, 2016 at 10:40 AM, Maarten > wrote: > >> I was using tabs since at the top it of the config file it says: >> >> # NOTE: Fields are separated by TAB characters --- Important! >> >> Using spaces now, still the filenames aren't getting blocked: >> >> deny SCAN_2016_.*\.zip$ "TEST "TEST" >> deny Incasso\.zip "TEST" "TEST >> >> On 2016-11-04 15:24, Shawn Iverson wrote: >> Are you using tabs instead of spaces? That's a tricky thing about >> MailScanner. >> >> On Fri, Nov 4, 2016 at 9:17 AM, Maarten >> wrote: >> >> Hello, >> >> I'm running mailscanner-4.85.2-3, and I've added two custom rules to >> filename.rules.conf. However it seems to files don't get blocked. >> Here are two examples of rules I"ve added: >> >> deny SCAN_2016_.*\.zip$ TEST TEST >> deny Incasso\.zip$ TEST TEST >> >> I'm not seeing any syntax errors in my logs referring to >> filename.rules.conf, when I had the syntax wrong before I say errors >> complaining about it. Am I missing something? >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner [1] [1] >> >> -- >> >> Shawn Iverson >> Director of Technology >> Rush County Schools >> 765-932-3901 x271 [2] >> iversons at rushville.k12.in.us >> >> Links: >> ------ >> [1] http://lists.mailscanner.info/mailman/listinfo/mailscanner [1] > > -- > > Shawn Iverson > Director of Technology > Rush County Schools > 765-932-3901 x271 > iversons at rushville.k12.in.us > > > > Links: > ------ > [1] http://lists.mailscanner.info/mailman/listinfo/mailscanner > [2] tel:765-932-3901%20x271 From mailscanner at replies.cyways.com Fri Nov 4 15:32:58 2016 From: mailscanner at replies.cyways.com (Peter Lemieux) Date: Fri, 4 Nov 2016 11:32:58 -0400 Subject: Help with new mailscanner install w/ sendmail CentOS7 In-Reply-To: References: <1478149862524.86731@hostgeek.com.au> <8ae06613-ba2e-6cc4-26d2-aaaaac27053b@msapiro.net> <5a00a562-22c4-1f84-fa70-63ec56134c7b@replies.cyways.com> Message-ID: <5a739385-b72e-2e9e-de82-1a9b22a62eeb@replies.cyways.com> I don't think SRS will help because the "spoofing" error depends on the From address in the message body, not the envelope sender. All my outbound listserver traffic has owner-listname at lists.example.com as the envelope sender. If Microsoft relied only on the envelope and ignored the From header in the message body, this problem would disappear. Peter On 11/04/2016 11:26 AM, Jerry Benton wrote: > You can also implement SRS on your server. > https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme > > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > -----Original Message----- > From: Peter Lemieux > Reply: MailScanner Discussion > Date: November 4, 2016 at 11:24:24 AM > To: MailScanner Discussion > Subject: Re: Help with new mailscanner install w/ sendmail CentOS7 > >> This is something that Microsoft implemented for accounts using their hosted >> mail services without thinking about the effects it might have on >> listservers. They are following in the "august" footsteps of Yahoo and AOL >> whose implementation of DMARC has also caused serious problems for >> listserver administrators. >> >> This list, like the ones I manage, puts the sender's From address in the >> headers rather than using a generic one like owner-listname at example.com. >> Microsoft has now chosen to view all messages where the From address matches >> the recipient's address as "spoofed." This policy only affects the copy of >> the message being sent back to you. Other subscribers will see the message >> when redistributed by the listserver. >> >> Microsoft clearly refuses to believe the SPF record even when it indicates >> that the sending server is legitimate. I'm seeing this problem occur on the >> lists I manage despite having correct SPF data in my DNS. >> >> You can look into methods of whitelisting the sending server or sending >> domain, in this case lists.mailscanner.info. I've seen one complaint at >> http://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_other/listserv-messages-fail-o365s-fraud-detection/7ab75018-43fc-4d9e-b716-85f7f2418d3c. >> The reply from the Microsoft support person shows they are entirely >> clueless about why this policy affects listservers. >> >> I dealt with the Yahoo and AOL problems by rewriting the sender's address so >> it reads >> someone=yahoo.com at lists.example.com >> That passes the DMARC tests since the message originates on the legitimate >> server for lists.example.com. I hope not to have to add Outlook and company >> to the list of domains for which I do rewriting, but I suspect it may come >> to that. >> >> Google and GMail also treat messages where the From and To are identical as >> likely spam. I've had to tell my subscribers using those services to look >> in their spam folders when they don't see their postings to my listserver in >> their inboxes. >> >> Peter >> >> >> On 11/03/2016 07:45 PM, Jerry Benton wrote: >>> Maybe Mark can provide more info when he has time. >>> >>> >>> On Thursday, November 3, 2016, Paul Scott > > > wrote: >>> >>> Hello Jerry. Interesting. I see this message coming back on each send:____ >>> >>> __ __ >>> >>> >>> >>> This sender failed our fraud detection checks and may not be who they appear to be. Learn >> about spoofing >>> ____ >>> >>> __ __ >>> >>> __ __ >>> >>> Not sure why.____ >>> >>> __ __ >>> >>> Paul Scott____ >>> >>> __ __ >>> >>> __ __ >>> >>> *From:*MailScanner [mailto:mailscanner-bounces+sales >>> <_e(%7B%7D,'cvml','mailscanner-bounces%2Bsales');>=edenusa.com at lists.mailscanner.info >>> <_e(%7B%7D,'cvml','edenusa.com at lists.mailscanner.info');>] >>> *On Behalf Of *Jerry Benton >>> *Sent:* Thursday, November 03, 2016 4:40 PM >>> *To:* MailScanner Discussion > > <_e(%7B%7D,'cvml','mailscanner at lists.mailscanner.info');>> >>> *Subject:* Re: Help with new mailscanner install w/ sendmail CentOS7____ >>> >>> __ __ >>> >>> I see the email you sent.____ >>> >>> -____ >>> >>> Jerry Benton____ >>> >>> www.mailborder.com ____ >>> >>> +1 844-436-6245 ext 707____ >>> >>> sent via mobile____ >>> >>> >>> On Nov 3, 2016, at 19:37, Paul Scott > > <_e(%7B%7D,'cvml','sales at edenusa.com');>> wrote:____ >>> >>> The MailScanner Discussion list is now rejecting me. Any idea why? >>> >>> -----Original Message----- >>> From: MailScanner >>> [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info >>> <_e(%7B%7D,'cvml','mailscanner-bounces%2Bsales%5Cx3dedenusa.com at lists.mailscanner.info');>] >>> On Behalf Of Mark Sapiro >>> Sent: Thursday, November 03, 2016 8:48 AM >>> To: mailscanner at lists.mailscanner.info >>> <_e(%7B%7D,'cvml','mailscanner at lists.mailscanner.info');> >>> Subject: Re: Help with new mailscanner install w/ sendmail CentOS7 >>> >>> On 11/02/2016 10:11 PM, Daniel Cole wrote: >>> >>> ____ >>> >>> __ __ >>> >>> I believe the issue is that Sendmail is not configured to run >>> separate ____ >>> >>> for inbound and outbound as per >>> https://www.mailscanner.info/sendmail/ >>> ?.____ >>> >>> If I send mail I can see that sendmail is processing it (and it >>> gets ____ >>> >>> delivered as expected), but MailScanner doesnt touch it.____ >>> >>> __ __ >>> >>> __ __ >>> >>> The details on that page dont quite match up wit systemd on >>> CentOS 7.____ >>> >>> Can anyone point me in the right direction please?____ >>> >>> >>> >>> The information in the issue at >>>>>> may help. >>> >>> -- >>> Mark Sapiro > > <_e(%7B%7D,'cvml','mark at msapiro.net');>> The >>> highway is for gamblers, >>> San Francisco Bay Area, California better use your sense - B. Dylan >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> <_e(%7B%7D,'cvml','mailscanner at lists.mailscanner.info');> >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> <_e(%7B%7D,'cvml','mailscanner at lists.mailscanner.info');> >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> ____ >>> >>> >>> >>> -- >>> >>> -- >>> Jerry Benton >>> Mailborder Systems >>> www.mailborder.com >>> >>> >>> >>> >>> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > From mailinglists at feedmebits.nl Fri Nov 4 16:17:21 2016 From: mailinglists at feedmebits.nl (Maarten) Date: Fri, 04 Nov 2016 17:17:21 +0100 Subject: filename.rules.conf In-Reply-To: <2700ed3f75077e092ea751832fe0b19d@webmail.feedmebits.nl> References: <24a4eda13565f147eeee1037cce5e5a7@webmail.feedmebits.nl> <2700ed3f75077e092ea751832fe0b19d@webmail.feedmebits.nl> Message-ID: The custom filenamerules don't work under my install. I have an older system running mailscanner-4.81.4-1 with the same filename rules and when the mails go through that system the files do get blocked. So Since the default blocks work on my new system with mailscanner-4.85.2-3.noarch and the custom ones don't. I'm probably missing something? > Yes using tabs: > > deny SCAN_2016_.*\.zip$ TEST TEST" > deny Incasso\.zip TEST TEST > > > The normal filename blocks seem to be work(one of the default listed > ones), cuz when I sent a test email with an attachment named test.bat > it gets filtered out. > deny \.reg$ Possible Windows registry attack Windows registry > entries are very dangerous in email > > > > On 2016-11-04 15:42, Shawn Iverson wrote: >> Yes, that is correct. I should have said it the other way around. >> >> On Fri, Nov 4, 2016 at 10:40 AM, Maarten >> wrote: >> >>> I was using tabs since at the top it of the config file it says: >>> >>> # NOTE: Fields are separated by TAB characters --- Important! >>> >>> Using spaces now, still the filenames aren't getting blocked: >>> >>> deny SCAN_2016_.*\.zip$ "TEST "TEST" >>> deny Incasso\.zip "TEST" "TEST >>> >>> On 2016-11-04 15:24, Shawn Iverson wrote: >>> Are you using tabs instead of spaces? That's a tricky thing about >>> MailScanner. >>> >>> On Fri, Nov 4, 2016 at 9:17 AM, Maarten >>> wrote: >>> >>> Hello, >>> >>> I'm running mailscanner-4.85.2-3, and I've added two custom rules to >>> filename.rules.conf. However it seems to files don't get blocked. >>> Here are two examples of rules I"ve added: >>> >>> deny SCAN_2016_.*\.zip$ TEST TEST >>> deny Incasso\.zip$ TEST TEST >>> >>> I'm not seeing any syntax errors in my logs referring to >>> filename.rules.conf, when I had the syntax wrong before I say errors >>> complaining about it. Am I missing something? >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner [1] [1] >>> >>> -- >>> >>> Shawn Iverson >>> Director of Technology >>> Rush County Schools >>> 765-932-3901 x271 [2] >>> iversons at rushville.k12.in.us >>> >>> Links: >>> ------ >>> [1] http://lists.mailscanner.info/mailman/listinfo/mailscanner [1] >> >> -- >> >> Shawn Iverson >> Director of Technology >> Rush County Schools >> 765-932-3901 x271 >> iversons at rushville.k12.in.us >> >> >> >> Links: >> ------ >> [1] http://lists.mailscanner.info/mailman/listinfo/mailscanner >> [2] tel:765-932-3901%20x271 From mark at msapiro.net Sat Nov 5 03:08:08 2016 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 4 Nov 2016 20:08:08 -0700 Subject: filename.rules.conf In-Reply-To: References: <24a4eda13565f147eeee1037cce5e5a7@webmail.feedmebits.nl> <2700ed3f75077e092ea751832fe0b19d@webmail.feedmebits.nl> Message-ID: <07d91e83-3f57-1c38-b98d-4ca59d1a2566@msapiro.net> On 11/04/2016 09:17 AM, Maarten wrote: > The custom filenamerules don't work under my install. I have an older > system running mailscanner-4.81.4-1 with the same filename rules and > when the mails go through that > system the files do get blocked. So Since the default blocks work on my > new system with mailscanner-4.85.2-3.noarch and the custom ones don't. > I'm probably missing something? > > >> Yes using tabs: >> >> deny SCAN_2016_.*\.zip$ TEST TEST" >> deny Incasso\.zip TEST TEST Those rules have to come before the the default allow \.zip$ - - rule and any other allow rules that might match. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Sat Nov 5 06:25:09 2016 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 4 Nov 2016 23:25:09 -0700 Subject: Too Many Attachements OR Virus Found? In-Reply-To: References: <165fc4ad-a7d4-d427-f828-48a452d916b2@msapiro.net> Message-ID: <77f37a7c-ebc9-db26-96eb-5cd51d0de14f@msapiro.net> On 11/04/2016 03:19 AM, Paul Scott wrote: > Thank you Mark. The virus scanner is ClamD. I don't think Clamd has a setting for maximum attachments in a message. Anyway, I did some testing, and it seems the mention of virus scanner in the message (from my test) At Fri Nov 4 23:16:20 2016 the virus scanner said: MailScanner: Too many attachments in message is a red herring. It is MailScanner itself complaining about too many attachments. This is controlled by the MailScanner Maximum Attachments Per Message setting (default 200). -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From jonas at jkvinge.net Sat Nov 5 12:03:52 2016 From: jonas at jkvinge.net (Jonas Kvinge) Date: Sat, 5 Nov 2016 13:03:52 +0100 Subject: MailScanner on seperate servers Message-ID: <5803bd02-65cd-a5ae-eb3a-4f6c5b36f572@jkvinge.net> Hi, I've been using a setup of sendmail/Procmail/SpamAssassin/Dovecot for many years, but recently switched to MailScanner. I've installed it on 2 seperate sendmail servers and use mailtable to forward the mail for the domains to the imap server with the mailboxes. The purpose of this was to take the load of the main server as well as having 2 servers if one goes down. It's working great and detecting more spam than previously, except for bayesian filtering, since the folders for individual users are on the imap server where the users directories are in /home/user/.spamassassin/ The imap server is running procmail to put the spam in the Spam folder. Each user has a /home/user/Maildir/.Spam/ and /home/Maildir/.LearnSpam/ directory and sa-learn is run every night by crontab. What would be the best way to implement this so that the bayesian work on both mailscanner servers? Could I just rsync /home/*/.spamassassin/ to the 2 mailscanner servers? Jonas From jerry.benton at mailborder.com Sat Nov 5 12:25:09 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Sat, 5 Nov 2016 08:25:09 -0400 Subject: MailScanner on seperate servers In-Reply-To: <5803bd02-65cd-a5ae-eb3a-4f6c5b36f572@jkvinge.net> References: <5803bd02-65cd-a5ae-eb3a-4f6c5b36f572@jkvinge.net> Message-ID: Hi, Yes, you could rsync it or use Union. You could also use shared network drives. - Jerry Benton www.mailborder.com +1 - 844-436-6245 -----Original Message----- From:?Jonas Kvinge Reply:?MailScanner Discussion Date:?November 5, 2016 at 8:22:19 AM To:?mailscanner at lists.mailscanner.info Subject:? MailScanner on seperate servers > Hi, > > I've been using a setup of sendmail/Procmail/SpamAssassin/Dovecot for > many years, but recently switched to MailScanner. I've installed it on 2 > seperate sendmail servers and use mailtable to forward the mail for the > domains to the imap server with the mailboxes. > > The purpose of this was to take the load of the main server as well as > having 2 servers if one goes down. > > It's working great and detecting more spam than previously, except for > bayesian filtering, since the folders for individual users are on the > imap server where the users directories are in /home/user/.spamassassin/ > > The imap server is running procmail to put the spam in the Spam folder. > > Each user has a /home/user/Maildir/.Spam/ and /home/Maildir/.LearnSpam/ > directory and sa-learn is run every night by crontab. > > What would be the best way to implement this so that the bayesian work > on both mailscanner servers? > > Could I just rsync /home/*/.spamassassin/ to the 2 mailscanner servers? > > Jonas > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From info at digitalessence.net Sat Nov 5 14:46:47 2016 From: info at digitalessence.net (Hedley Phillips) Date: Sat, 5 Nov 2016 14:46:47 -0000 Subject: HOWTO: Change rule score and stop Blacklisted emails being delivered. Message-ID: <011b01d23773$6fd12570$4f737050$@digitalessence.net> Hi, I'm new to MailScanner and trying to get my head round the system and how best to tweak it to suit my needs. I'm reading the User Guide and Training Manual, have Googled this and checked the MailScanner forum and KB but am none the wiser. Whether that's because I couldn't find the right information or am not understanding it correctly remains to be seen... I've got MailScanner v5.0.2 installed on CentOS in /usr/mailscanner/etc/ and am having trouble with incoming blacklisted emails not being marked as such and being delivered to my users resulting in a lot of spam. The emails are getting a score of 1.70 from URIBL_BLACK and then being delivered. The Blacklist tab in MailControl also shows no emails. Here is an example from the Front-End. I know in this example it is getting an overall score that marks it as high spam but quite often blacklisted emails are sneaking through and not even being marked as possible spam. BAYES_99 5.00 Bayes spam probability is 99 to 100% BAYES_999 0.20 Bayes spam probability is 99.9 to 100% DCC_CHECK 1.10 Detected as bulk mail by DCC (dcc-servers.net) DIGEST_MULTIPLE 0.29 Message hits more than one network digest check DKIM_SIGNED 0.10 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.10 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.10 Message has a valid DKIM or DK signature from author's domain HTML_FONT_LOW_CONTRAST 0.00 HTML font color similar or identical to background HTML_MESSAGE 0.00 HTML included in message KAM_INFOUSMEBIZ 0.75 Prevalent use of .info|.us|.me|.me.uk|.biz domains in spam/malware KAM_INSURE 3.50 Life, Health, Auto, etc. Insurance SPAMs KAM_WARRANTY 1.50 Spammers hawking home warranties KAM_WARRANTY2 3.50 Spammers pushing home warranties LOTS_OF_MONEY 0.00 RAZOR2_CF_RANGE_51_100 0.50 Razor2 gives confidence level above 50% RAZOR2_CF_RANGE_E8_51_100 1.89 Razor2 gives engine 8 confidence level above 50% RAZOR2_CHECK 0.92 Listed in Razor2 (http://razor.sf.net/) RCVD_IN_PSBL 2.70 Received via a relay in PSBL RDNS_NONE 0.79 Delivered to internal network by a host with no rDNS SPF_SOFTFAIL 0.67 SPF: sender does not match SPF record (softfail) T_REMOTE_IMAGE 0.01 URIBL_BLACK 1.70 Contains an URL listed in the URIBL blacklist SpamAssassin Score 24.92 SpamAssassin Auto Learn not learned I've tried editing /usr/mailscanner/etc/spam.assassin.prefs.conf and adding the following rule: Score URIBL_BLACK 10.0 Then restarted with: Service MailScanner reload But it made no difference to the score so this is not the right place to edit. My questions: 1) Which file do I edit to change the rule scores 2) How can I get MailScanner to delete all emails that come from Blacklisted addresses? Thanks. I've included a header as an example. X-DigitalEssence-MailScanner-Information: Please contact the ISP for more information X-DigitalEssence-MailScanner-ID: 1c2fS6-0000fr-TM X-DigitalEssence-MailScanner: Found to be clean X-DigitalEssence-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=4.403, required 5, BAYES_50 0.80, DCC_CHECK 1.10, HTML_FONT_LOW_CONTRAST 0.00, HTML_MESSAGE 0.00, RDNS_NONE 0.79, SPF_HELO_PASS -0.00, SPF_PASS -0.00, T_REMOTE_IMAGE 0.01, URIBL_BLACK 1.70) X-DigitalEssence-MailScanner-SpamScore: ssss X-DigitalEssence-MailScanner-From: burnishment at omilo.stream X-Spam-Status: No X-Antivirus: avast! (VPS 161104-0, 04/11/2016), Inbound message X-Antivirus-Status: Clean From mark at msapiro.net Sat Nov 5 17:26:34 2016 From: mark at msapiro.net (Mark Sapiro) Date: Sat, 5 Nov 2016 10:26:34 -0700 Subject: {Spam?} HOWTO: Change rule score and stop Blacklisted emails being delivered. In-Reply-To: <011b01d23773$6fd12570$4f737050$@digitalessence.net> References: <011b01d23773$6fd12570$4f737050$@digitalessence.net> Message-ID: <999a8834-f671-41b4-01a1-e8eb871a51f3@msapiro.net> On 11/05/2016 07:46 AM, Hedley Phillips via MailScanner wrote: > > I've tried editing /usr/mailscanner/etc/spam.assassin.prefs.conf and adding > the following rule: > > Score URIBL_BLACK 10.0 > > Then restarted with: > > Service MailScanner reload > > But it made no difference to the score so this is not the right place to > edit. > > My questions: > > 1) Which file do I edit to change the rule scores It depends. It looks like you may have installed some distro's MailScanner package because if you install from source, there is no /usr/mailscanner/ directory. Normally, SpamAssassin rules and scores are in .cf files in /etc/spamassassin. In my installation, included there are local.cf - a normal spamassassin file for local changes MailScanner.cf - a symlink to /etc/MailScanner/spamassassin.conf x-GPC-local.cf - my own 'local' file You should be able to put rules and scores in any of these. I think they are parsed in alpha-numeric order after all the rules in /var/lib/spamassassin/**. Note that if something appears more than once, the last found is the effective one. > 2) How can I get MailScanner to delete all emails that come from Blacklisted > addresses? See -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From ervandepol at gmail.com Sat Nov 5 17:00:59 2016 From: ervandepol at gmail.com (Polleke) Date: Sat, 05 Nov 2016 18:00:59 +0100 Subject: Very slow processing of postfix incoming queue Message-ID: <20161105180059.2372.3FC183F3@gmail.com> As you can in the below logs, processing of the postfix incoming mail queue (after mailscanner scanning the messages...) is veeeeerrrrry slow It takes almost 4 minutes before the postfix quemanager picks op the mail from the incoming queue Any ideas on this ? Nov 5 17:29:43 myhost cyrus/master[1868]: process 2364 exited, status 0 Nov 5 17:30:05 myhost postfix/pickup[2147]: 625CCB60FB4: uid=0 from= Nov 5 17:30:05 myhost postfix/cleanup[2372]: 625CCB60FB4: hold: header Received: by myhost.myhost.org (Postfix, from userid 0)??id 625CCB60FB4; Sat, 5 Nov 2016 17:30:05 +0100 (CET) from local; from= Nov 5 17:30:05 myhost postfix/cleanup[2372]: 625CCB60FB4: message-id=<20161105163005.625CCB60FB4 at myhost.myhost.org> Nov 5 17:30:07 myhost MailScanner[1811]: New Batch: Scanning 1 messages, 570 bytes Nov 5 17:30:07 myhost MailScanner[1811]: Virus and Content Scanning: Starting Nov 5 17:30:23 myhost MailScanner[1811]: Requeue: 625CCB60FB4.A9074 to BE4ADB60FB1 Nov 5 17:30:23 myhost MailScanner[1811]: Uninfected: Delivered 1 messages Nov 5 17:30:23 myhost MailScanner[1811]: Deleted 1 messages from processing-database Nov 5 17:34:11 myhost postfix/qmgr[2148]: BE4ADB60FB1: from=, size=340, nrcpt=1 (queue active) Nov 5 17:34:12 myhost cyrus/lmtpunix[2363]: telling master 2 Nov 5 17:34:12 myhost cyrus/lmtpunix[2363]: accepted connection Nov 5 17:34:12 myhost cyrus/lmtpunix[2363]: telling master 3 Nov 5 17:34:12 myhost cyrus/lmtpunix[2363]: lmtp connection preauth'd as postman Nov 5 17:34:12 myhost cyrus/master[1868]: service lmtpunix pid 2363 in READY state: now unavailable and in BUSY state Nov 5 17:34:12 myhost cyrus/lmtpunix[2363]: WARNING: sieve script /var/spool/sieve/t/test/defaultbc doesn't exist: No such file or directory Nov 5 17:34:12 myhost cyrus/master[1868]: service lmtpunix now has 0 ready workers Nov 5 17:34:12 myhost cyrus/master[1868]: service lmtpunix pid 2363 in BUSY state: now serving connection Nov 5 17:34:12 myhost cyrus/master[1868]: service lmtpunix now has 0 ready workers Nov 5 17:34:12 myhost cyrus/master[2961]: set maximum file descriptors to 256/256 Nov 5 17:34:12 myhost cyrus/master[2961]: about to exec /usr/lib/cyrus/bin/lmtpd Nov 5 17:34:12 myhost cyrus/lmtpunix[2961]: executed Nov 5 17:34:12 myhost cyrus/lmtpunix[2363]: Delivered: <20161105163005.625CCB60FB4 at myhost.myhost.org> to mailbox: user.test Nov 5 17:34:12 myhost cyrus/idled[1878]: IDLE_NOTIFY 'user.test' Nov 5 17:34:12 myhost cyrus/lmtpunix[2363]: USAGE test user: 0.000000 sys: 0.020000 Nov 5 17:34:12 myhost cyrus/lmtpunix[2363]: telling master 1 Nov 5 17:34:12 myhost cyrus/master[1868]: service lmtpunix pid 2363 in BUSY state: now available and in READY state Nov 5 17:34:12 myhost cyrus/master[1868]: service lmtpunix now has 2 ready workers Nov 5 17:34:12 myhost postfix/pipe[2959]: BE4ADB60FB1: to=, relay=cyrus, delay=247, delays=247/0.05/0/0.05, dsn=2.0.0, status=sent (delivered via cyrus service) Nov 5 17:34:12 myhost postfix/qmgr[2148]: BE4ADB60FB1: removed -- Polleke From mark at msapiro.net Sat Nov 5 18:24:48 2016 From: mark at msapiro.net (Mark Sapiro) Date: Sat, 5 Nov 2016 11:24:48 -0700 Subject: Very slow processing of postfix incoming queue In-Reply-To: <20161105180059.2372.3FC183F3@gmail.com> References: <20161105180059.2372.3FC183F3@gmail.com> Message-ID: On 11/05/2016 10:00 AM, Polleke wrote: > As you can in the below logs, processing of the postfix incoming mail > queue (after mailscanner scanning the messages...) is veeeeerrrrry slow > > It takes almost 4 minutes before the postfix quemanager picks op the > mail from the incoming queue This is really a Postfix qmgr question. You might have more success asking on a Postfix list. That said, Mailscanner queues the incoming message in Postfix's incoming queue in the WriteHeader subroutine in MailScanner/PFDiskStore.pm. This subroutine updates timestamps on the incoming/ and subordinate directories and file, but it doesn't notify qmgr with an 'I' message (see man qmgr), but I don't know how to do that. There is also a potential race in that it updates the timestamps before placing the file in the queue. Maybe someone with more knowledge of Postfix internals can help. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From jerry.benton at mailborder.com Sat Nov 5 18:30:49 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Sat, 5 Nov 2016 14:30:49 -0400 Subject: Very slow processing of postfix incoming queue In-Reply-To: References: <20161105180059.2372.3FC183F3@gmail.com> Message-ID: <9ADD2AD2-D112-43D8-9692-4DCB09F8DF9E@mailborder.com> Change qmgr to fifo is master.cf The install script does this for you. You should use it. - Jerry Benton www.mailborder.com +1 844-436-6245 ext 707 sent via mobile > On Nov 5, 2016, at 14:24, Mark Sapiro wrote: > >> On 11/05/2016 10:00 AM, Polleke wrote: >> As you can in the below logs, processing of the postfix incoming mail >> queue (after mailscanner scanning the messages...) is veeeeerrrrry slow >> >> It takes almost 4 minutes before the postfix quemanager picks op the >> mail from the incoming queue > > > This is really a Postfix qmgr question. You might have more success > asking on a Postfix list. > > That said, Mailscanner queues the incoming message in Postfix's incoming > queue in the WriteHeader subroutine in MailScanner/PFDiskStore.pm. This > subroutine updates timestamps on the incoming/ and subordinate > directories and file, but it doesn't notify qmgr with an 'I' message > (see man qmgr), but I don't know how to do that. > > There is also a potential race in that it updates the timestamps before > placing the file in the queue. > > Maybe someone with more knowledge of Postfix internals can help. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailinglists at feedmebits.nl Sat Nov 5 19:38:37 2016 From: mailinglists at feedmebits.nl (Maarten) Date: Sat, 05 Nov 2016 20:38:37 +0100 Subject: filename.rules.conf In-Reply-To: <07d91e83-3f57-1c38-b98d-4ca59d1a2566@msapiro.net> References: <24a4eda13565f147eeee1037cce5e5a7@webmail.feedmebits.nl> <2700ed3f75077e092ea751832fe0b19d@webmail.feedmebits.nl> <07d91e83-3f57-1c38-b98d-4ca59d1a2566@msapiro.net> Message-ID: Thanks, that seems to work. On 2016-11-05 04:08, Mark Sapiro wrote: > On 11/04/2016 09:17 AM, Maarten wrote: >> The custom filenamerules don't work under my install. I have an older >> system running mailscanner-4.81.4-1 with the same filename rules and >> when the mails go through that >> system the files do get blocked. So Since the default blocks work on >> my >> new system with mailscanner-4.85.2-3.noarch and the custom ones >> don't. >> I'm probably missing something? >> >> >>> Yes using tabs: >>> >>> deny SCAN_2016_.*\.zip$ TEST TEST" >>> deny Incasso\.zip TEST TEST > > > Those rules have to come before the the default > > allow \.zip$ - - > > rule and any other allow rules that might match. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan From ervandepol at gmail.com Sun Nov 6 13:05:10 2016 From: ervandepol at gmail.com (Polleke) Date: Sun, 06 Nov 2016 14:05:10 +0100 Subject: Very slow processing of postfix incoming queue In-Reply-To: <9ADD2AD2-D112-43D8-9692-4DCB09F8DF9E@mailborder.com> References: <9ADD2AD2-D112-43D8-9692-4DCB09F8DF9E@mailborder.com> Message-ID: <20161106140510.A037.3FC183F3@gmail.com> Thanx, but qmgr is already set to fifo... -- Polleke -------------- next part -------------- An HTML attachment was scrubbed... URL: From ervandepol at gmail.com Sun Nov 6 13:13:40 2016 From: ervandepol at gmail.com (Polleke) Date: Sun, 06 Nov 2016 14:13:40 +0100 Subject: (SOLVED) Very slow processing of postfix incoming queue In-Reply-To: <9ADD2AD2-D112-43D8-9692-4DCB09F8DF9E@mailborder.com> References: <9ADD2AD2-D112-43D8-9692-4DCB09F8DF9E@mailborder.com> Message-ID: <20161106141340.A03C.3FC183F3@gmail.com> Dough! qmgr was set to fifo with a timeout of 300... Changed it to 60... -- Polleke -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Sun Nov 6 14:11:25 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Sun, 6 Nov 2016 09:11:25 -0500 Subject: Very slow processing of postfix incoming queue In-Reply-To: <20161106140510.A037.3FC183F3@gmail.com> References: <9ADD2AD2-D112-43D8-9692-4DCB09F8DF9E@mailborder.com> <20161106140510.A037.3FC183F3@gmail.com> Message-ID: Is pickup set to fifo too ? - Jerry Benton www.mailborder.com +1 - 844-436-6245 -----Original Message----- From:?Polleke Reply:?MailScanner Discussion Date:?November 6, 2016 at 8:07:00 AM To:?MailScanner Discussion Subject:? Re: Very slow processing of postfix incoming queue > Thanx, but qmgr is already set to fifo... > > > -- > Polleke > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From Warwick.x.Brown at serco.com Mon Nov 7 11:57:11 2016 From: Warwick.x.Brown at serco.com (Warwick Brown) Date: Mon, 7 Nov 2016 11:57:11 +0000 Subject: duplicate subject lines in headers (again) In-Reply-To: References: <4e41b092-c7cb-3ece-946d-b71ed1043dd5@msapiro.net> Message-ID: > I do not see this. I have sent test messages that pass through two > MailScanner instances - one on the way out of my desktop and one on the > way in to my MX server - with Subject headers with trailing whitespace > and the headers are never duplicated and the whitespace isn't stripped. > In both MailScanner instances "Multiple Headers" is set to add. > I have tried one trailing space, two trailing spaces and a trailing tab. > In all cases the result is the same except for the specific whitespace > in the Subject: of the delivered message, one of which is attached. > If I'm not doing the correct test, please explain in more detail what >the issue is so I can understand how to test. -- Hi Mark, Thanks for taking a look. It is difficult to replicate because there appears to be some yahoo MXs that cause the mail to fail the check, and others which let it succeed. Here is the MIME from a mail that succeeded (heavily obfuscated): -Apparently-To: yahoo_recipient at yahoo.com; Mon, 07 Nov 2016 11:27:54 +0000 Return-Path: Received-SPF: none (domain of domain.com does not designate permitted sender hosts) X-YMailISG: YUKT5o8WLDtItuOErV1n0YBy3SqwMNtbPX5Bg1YUO9IYVPo6 ggdMf2ksknQU_zpy4JlibiQ23ZayBzX1IxbLlt6bIqlEE0Y_nKCmv93.VZxM 8u8kq4oHFuGQCRN8gGjbKycdKPWjnkdF89beBkvMkTp.NXSmMg7J.C3MNfF4 6dhy3kNNy9BsVmkNLnFhuBVp8hGrQOhXN44CyIFO3krRertda6e10r.DRl6x CdPtZbKJ70Un3PPxRD0Ds.PjNuU3vGoySbJthIRFDzb242n45.QHQZCaaSkP HOs18747XlWR6MJeq_C.kmjLTEgGWSxgsm35RYIVevxGJtC6SLXz1rYQNhel rKINbCYrnLEnoACdrgCbRVou0zGcDfmzpqM64pc6Q6LJIUM8KRUSRGnkFxg. sayWN77gpXxwsIyw68rPetLmS6eZPklIrXvrtnN0ZkuSx.LsRLqJuCneKzeS Leu.duRtgrKgcwVEsYOCmdy3Kpb0xIcCGt6Y_i6VBRrhlbZ30yAfapvtTVoI w5t3ITP_A4Kl1WuvTs8AccftdLYBlYhmcQPvJH5IHwYS6vIeL62bCT0uQo.m Yt8N8WKvSyPvpMN1ZTbwzF60F_ghj_lr8pjNSBG4nM6dIwp9RiDJ298TZKtd pcKfITiuXPcRpeJIbGU_r2ienZlg2xRt2AEZGVUhVU6vNySv60Oj9wp1u765 wxh5X10IZ3ARa9PdgNLh5eN24hS0leqVuhDgvl3X0BHCxy78nFbGPI52gZNb ESEuUIYK8CRIU21D4LL51jnP_fDedaUJXa22ZX_EruzJOrSSzlPf8Xas0ZAv _E4lO95zhp.kqe5WhzNyBS1oGxJIIGiraMBNtEcxr9sc9cpXGnhW5QfjEwi5 Dsgf.Sy6Ilt54eUXfg4QDxvpBw8Y7pDitUgV7PEVe0DjJhPtLhUohgmHshPz EKC1.I4780FgVl9.lyQlNtWdZi1_Elwyy_0unhMwdeO8mOmk_QFxwJ8qcSDh ZkEqhg8KU5kPqWvi9WHnT5MSN9e_25Fu9o2WYHcpBtMLcQMshvZ8KFnuEfeJ aJpzwIHL8mcyJ2iWfKQMZ8xHccGIw0xPUvCUw9kMl6JEdF.RF5oOKqpnLIxt sF.mxvrUJBA7a8Chr4rz8veMTOuOf0HXJiPNQVeSjRNBH1tMR1O6KB5j_mC1 RVB40GcjhKV9FTB0WPfjKlRSB8to8ys7_f32iW0AeVhIIpVUKCBJpi28E1x_ daDnI_mGF4.L4pNLZfwRG14ZdK77drqNkHWlGhmeT4dxwfzf_DG_z2IkQXTw gNm3GtAQCu59jo2D.YdAOVtNF_J.d8l9ZQ6lLD5lkn_6iZm3.ua0NJbTVMx0 gevdxR.PaD6nbH5FKLY7UWZGlgOcKVVIY4RcwQJPJmQC64hh5aa4fbf.H8yl oLYnbQ-- X-Originating-IP: [195.245.230.169] Authentication-Results: mta1489.mail.ne1.yahoo.com from=; domainkeys=neutral (no sig); from=domain.com; dkim=neutral (no sig) Received: from 127.0.0.1 (EHLO mail1.bemta3.messagelabs.com) (195.245.230.169) by mta1489.mail.ne1.yahoo.com with SMTP; Mon, 07 Nov 2016 11:27:53 +0000 Return-Path: Received: from [85.158.137.99] by server-9.bemta-3.messagelabs.com id ED/C3-08915-63560285; Mon, 07 Nov 2016 11:27:50 +0000 X-Env-Sender: sender at domain.com X-Msg-Ref: server-12.tower-217.messagelabs.com!1478518069!63055818!1 X-Originating-IP: [1.2.3.4] X-StarScan-Received: X-StarScan-Version: 9.0.13; banners=-,-,- X-VirusChecked: Checked Received: (qmail 12279 invoked from network); 7 Nov 2016 11:27:49 -0000 Received: from mailserver.core.domain.com (HELO smtp.domain.com) (1.2.3.4) by server-12.tower-217.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 7 Nov 2016 11:27:49 -0000 X-Spam-Status: No X-ObfuscatedOrg-MailScanner-Watermark: 1479122774.1594 at isZRSJkNKmb8yF20npzFJw Subject: double space at beginning an end X-ObfuscatedOrg-MailScanner-From: sender at domain.com X-ObfuscatedOrg-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-0.999, required 6, ALL_TRUSTED -1.00, HTML_MESSAGE 0.00) X-ObfuscatedOrg-MailScanner: Found to be clean X-ObfuscatedOrg-MailScanner-ID: 1c3i45-0002bU-SE X-ObfuscatedOrg-MailScanner-Information: Please report any suspicious emails to phishing at domain.com Received: from [10.20.30.40] (port=39922 helo=MYEXCHANGEHUB.ad.domain.com) by smtp.domain.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.86) (envelope-from ) id 1c3i45-0002bU-SE for yahoo_recipient at yahoo.com; Mon, 07 Nov 2016 11:26:13 +0000 Received: from MYEXCHANGECCR.ad.domain.com ([169.254.1.220]) by MYEXCHANGEHUB.ad.domain.com ([10.20.30.40]) with mapi; Mon, 7 Nov 2016 11:26:13 +0000 From: Warwick Brown To: "yahoo_recipient at yahoo.com" Date: Mon, 7 Nov 2016 11:26:12 +0000 Subject: double space at beginning an end Thread-Topic: double space at beginning an end Thread-Index: AdI46bzVFQGRGM8hSuyvNH7B9ZFnVA== Message-ID: Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: acceptlanguage: en-US, en-GB Content-Type: multipart/related; boundary="_004_B193F700BB84AD49A27D83F37C775F6203488C1803MYEXCHANGECCR_"; type="multipart/alternative" MIME-Version: 1.0 Content-Length: 13829 As can be seen - the subject inserted by outlook strips the leading whitespace but preserves the trailing whitespace. The subject added by MailScanner omits the trailing whitespace. I can also confirm that there is no re-occurrence of the Subject: line in the absence of trailing spaces. Hope this helps Regards, Warwick From it at festa.bg Tue Nov 8 11:14:24 2016 From: it at festa.bg (Valentin Laskov) Date: Tue, 8 Nov 2016 13:14:24 +0200 Subject: HOWTO: Change rule score and stop Blacklisted emails being delivered. In-Reply-To: <011b01d23773$6fd12570$4f737050$@digitalessence.net> References: <011b01d23773$6fd12570$4f737050$@digitalessence.net> Message-ID: <955fd9c6-264e-86bf-dda9-64d1193d4d05@festa.bg> See also https://www.mailscanner.info/MailScanner.conf.index.html#Required%20SpamAssassin%20Score and https://www.mailscanner.info/MailScanner.conf.index.html#High%20SpamAssassin%20Score At my setup they are 3 and 6 respectively and also https://www.mailscanner.info/MailScanner.conf.index.html#Spam%20Actions and https://www.mailscanner.info/MailScanner.conf.index.html#High%20Scoring%20Spam%20Actions At my setup they are Spam Actions = deliver attachment header "X-Spam-Status: Yes" High Scoring Spam Actions = delete Regards Valentin Laskov From mailinglists at feedmebits.nl Tue Nov 8 15:11:53 2016 From: mailinglists at feedmebits.nl (Maarten) Date: Tue, 08 Nov 2016 16:11:53 +0100 Subject: Life Cycle MailScanner Message-ID: Hello, Where can I find what the lifecycles are for the different versions of MailScanner, so that I can upgrade before EOL for each version I'm running? From jerry.benton at mailborder.com Tue Nov 8 17:00:02 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 8 Nov 2016 12:00:02 -0500 Subject: Life Cycle MailScanner In-Reply-To: References: Message-ID: Yeah, I am not that high speed yet. - v4 is retired and no longer developed. - v5 will be maintained for several years to come. - Jerry Benton www.mailborder.com +1 - 844-436-6245 -----Original Message----- From:?Maarten Reply:?MailScanner Discussion Date:?November 8, 2016 at 10:12:33 AM To:?mailscanner at lists.mailscanner.info Subject:? Life Cycle MailScanner > Hello, > > Where can I find what the lifecycles are for the different versions of > MailScanner, so that I can upgrade before EOL for each version I'm > running? > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From heino.backhaus at fink-computer.de Wed Nov 9 09:51:48 2016 From: heino.backhaus at fink-computer.de (Heino Backhaus) Date: Wed, 9 Nov 2016 10:51:48 +0100 Subject: Clamd does not detect all Makros. Message-ID: Hi, again a Virus (Worddocument-Virus) made it's way through a clamav with OLE2BlockMacros yes in /etc/clamd.conf For a long time we felt pretty save with this option enabled. But now obfuscated Makros are going around and the only option seems to block officedocuments in general, wich is not really an option... A database based Virusscanner is to be considered as an unsecure filter because of it's latancy, which is a security risk, even if it's less than an hour. So imho. the only way to a reliable email-security is to block all executable code, wich doesn't work anymore... what are you doing to block those kind of viruses? -- Cheers Heino Backhaus "In retrospect it becomes clear that hindsight is definitely overrated!" -Alfred E. Neumann -------------- next part -------------- An HTML attachment was scrubbed... URL: From steveb_clamav at sanesecurity.com Wed Nov 9 10:31:45 2016 From: steveb_clamav at sanesecurity.com (Steve Basford) Date: Wed, 9 Nov 2016 10:31:45 -0000 Subject: Clamd does not detect all Makros. In-Reply-To: References: Message-ID: <593589cf838d0c904e6e4380cca7186f.squirrel@sirius.servers.eqx.misp.co.uk> On Wed, November 9, 2016 9:51 am, Heino Backhaus wrote: > Hi, > > > again a Virus (Worddocument-Virus) made it's way through a clamav with > > OLE2BlockMacros yes > in /etc/clamd.conf > what are you doing to block those kind of viruses? a) There's already a bugzilla entry if you want to add a sample: https://bugs.clamav.net/show_bug.cgi?id=11651 b) 3rd party badmacro.ndb / phish.ndb / rogue.hdb may be able to help -- Cheers, Steve Twitter: @sanesecurity From bisc_edi2 at hotmail.com Thu Nov 10 16:53:25 2016 From: bisc_edi2 at hotmail.com (Edson Hernandez) Date: Thu, 10 Nov 2016 16:53:25 +0000 Subject: conect eset file security or eset mail security to mailscanner for linux Message-ID: hello, how i do a conection of eset file security to mailscanner using linux -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Thu Nov 10 17:31:02 2016 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 10 Nov 2016 09:31:02 -0800 Subject: conect eset file security or eset mail security to mailscanner for linux In-Reply-To: References: Message-ID: On 11/10/2016 08:53 AM, Edson Hernandez wrote: > hello, how i do a conection of eset file security to mailscanner using > linux You need two things. You need to create an appropriate wrapper script at, e.g. /usr/lib/MailScanner/wrapper/eset-wrapper This script needs to invoke the scanner on it's arguments. See the existing /usr/lib/MailScanner/wrapper/*-wrapper scripts for examples You need to add an entry in /etc/MailScanner/virus.scanners.conf similar to eset /usr/lib/MailScanner/wrapper/eset-wrapper path where path is the path up to but not including the 'bin/' directory that contains the scanner software. See the doc at the beginning of the file and the existing entries. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From jerry.benton at mailborder.com Thu Nov 10 18:04:25 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Thu, 10 Nov 2016 12:04:25 -0600 Subject: conect eset file security or eset mail security to mailscanner for linux In-Reply-To: References: Message-ID: Esets is included in v5.0.3. - Jerry Benton www.mailborder.com +1 - 844-436-6245 -----Original Message----- From:?Mark Sapiro Reply:?MailScanner Discussion Date:?November 10, 2016 at 12:31:19 PM To:?mailscanner at lists.mailscanner.info Subject:? Re: conect eset file security or eset mail security to mailscanner for linux > On 11/10/2016 08:53 AM, Edson Hernandez wrote: > > hello, how i do a conection of eset file security to mailscanner using > > linux > > > You need two things. > > You need to create an appropriate wrapper script at, e.g. > > /usr/lib/MailScanner/wrapper/eset-wrapper > > This script needs to invoke the scanner on it's arguments. See the > existing /usr/lib/MailScanner/wrapper/*-wrapper scripts for examples > > You need to add an entry in /etc/MailScanner/virus.scanners.conf similar to > > eset /usr/lib/MailScanner/wrapper/eset-wrapper path > > where path is the path up to but not including the 'bin/' directory that > contains the scanner software. See the doc at the beginning of the file > and the existing entries. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From jerry.benton at mailborder.com Thu Nov 10 18:31:54 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Thu, 10 Nov 2016 13:31:54 -0500 Subject: v5.0.4-3 Message-ID: I have a release ready, but I wanted to get some feedback/testing before I put it out as the current version. Can some people do some testing on these please? I prefer to have more than 1 set of eyeballs and sanity checks on releases. Most of the changes are in the install.sh scripts. Debian https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.deb.tar.gz Nix https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.nix.tar.gz RHEL https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.rhel.tar.gz SuSE https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.suse.tar.gz - Jerry Benton www.mailborder.com +1 - 844-436-6245 From mark at msapiro.net Fri Nov 11 00:44:53 2016 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 10 Nov 2016 16:44:53 -0800 Subject: v5.0.4-3 In-Reply-To: References: Message-ID: <677d135b-0163-0753-2ab7-815e5b2066fc@msapiro.net> On 11/10/2016 10:31 AM, Jerry Benton wrote: > I have a release ready, but I wanted to get some feedback/testing > before I put it out as the current version. Can some people do some > testing on these please? I prefer to have more than 1 set of eyeballs > and sanity checks on releases. Most of the changes are in the > install.sh scripts. > > > Debian > https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.deb.tar.gz I downloaded the above and ran the install.sh script on a test platform. Everything looked good, so I repeated the process on my production server where it's been running for about 3.5 hours now with no problems. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From thom at vdb.nl Fri Nov 11 03:19:47 2016 From: thom at vdb.nl (Thom van der Boon) Date: Fri, 11 Nov 2016 04:19:47 +0100 (CET) Subject: v5.0.4-3 In-Reply-To: References: Message-ID: <86108416.315833.1478834387763.JavaMail.zimbra@vdb.nl> Hi Jerry, I found a possible problem: Update from 5.0.3 to 5.0.4 on RHEL: /etc/MailScanner/MailScanner.conf gets completely overwritten. There is no "old" or "backup" backup file of this file. I trusted you a little to much and did not backup my MailScanner.conf, had to reconfigure it :) Met vriendelijke groet, Best regards, Thom van der Boon E-Mail: thom at vdb.nl ===== Thom.H. van der Boon b.v. Transito 4 6909 DA Babberich Tel.: +31 (0)88 4272727 Fax: +31 (0)88 4272789 Home Page: http://www.vdb.nl/ Van: "Jerry Benton" Aan: "MailScanner Discussion" Verzonden: Donderdag 10 november 2016 19:31:54 Onderwerp: v5.0.4-3 I have a release ready, but I wanted to get some feedback/testing before I put it out as the current version. Can some people do some testing on these please? I prefer to have more than 1 set of eyeballs and sanity checks on releases. Most of the changes are in the install.sh scripts. Debian https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.deb.tar.gz Nix https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.nix.tar.gz RHEL https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.rhel.tar.gz SuSE https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.suse.tar.gz - Jerry Benton www.mailborder.com +1 - 844-436-6245 -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From thom at vdb.nl Fri Nov 11 03:35:13 2016 From: thom at vdb.nl (Thom van der Boon) Date: Fri, 11 Nov 2016 04:35:13 +0100 (CET) Subject: v5.0.4-3 In-Reply-To: <86108416.315833.1478834387763.JavaMail.zimbra@vdb.nl> References: <86108416.315833.1478834387763.JavaMail.zimbra@vdb.nl> Message-ID: <1274032232.315894.1478835313621.JavaMail.zimbra@vdb.nl> Hi Jerry, Had to revert from 5.0.4-3 to 5.0.3-7 on my production machine, due to multiple problems: a) MailScanner.conf is not updated but overwritten I noted that as I installed the 5.0.3 version, the previous MailScanner.conf placed by the 5.0.4 even gets updated Installing the MailScanner RPM ... Preparing... ################################################## MailScanner ################################################## Added new: Web Bug Replacement = https://s3.amazonaws.com/msv5/images/spacer.gif Added new: Lockfile Dir = /var/spool/MailScanner/incoming/Locks Added new: include /etc/MailScanner/conf.d/* Summary ------- Read 361 settings from old /etc/MailScanner/MailScanner.conf.original Used 359 settings from old /etc/MailScanner/MailScanner.conf.original Used 4 default settings from new /etc/MailScanner/MailScanner.conf.dist b) After update from 5.0.3 to 5.0.4 I get error of Clamd Nov 11 04:20:14 BBCK003 postfix/cleanup[30285]: 4E6B5408C3: hold: header Received: from ms1.mailscanner.info (ms1.mailscanner.info [52.73.170.51])??by mail.vdb.eu (Postfix) with ESMTP id 4E6B5408C3??for ; Fri, 11 Nov 2016 04:20:14 +0100 (CET) from ms1.mailscanner.info[52.73.170.51]; from= to= proto=ESMTP helo= Nov 11 04:20:14 BBCK003 postfix/cleanup[30285]: 4E6B5408C3: message-id=<86108416.315833.1478834387763.JavaMail.zimbra at vdb.nl> Nov 11 04:20:14 BBCK003 postfix/smtpd[30282]: disconnect from ms1.mailscanner.info[52.73.170.51] Nov 11 04:20:16 BBCK003 MailScanner[30219]: New Batch: Scanning 1 messages, 11537 bytes Nov 11 04:20:16 BBCK003 MailScanner[30219]: Virus and Content Scanning: Starting Nov 11 04:20:16 BBCK003 MailScanner[30219]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/30219 Nov 11 04:20:16 BBCK003 MailScanner[30219]: Virus Scanning: Clamd found 1 infections Nov 11 04:20:16 BBCK003 MailScanner[30219]: Virus Scanning: Found 1 viruses Nov 11 04:20:19 BBCK003 MailScanner[30219]: Requeue: 4E6B5408C3.A5A1F to 15E7E0 Nov 11 04:20:19 BBCK003 postfix/qmgr[28003]: 15E7E0: from=, size=10857, nrcpt=1 (queue active) Nov 11 04:20:19 BBCK003 MailScanner[30219]: Uninfected: Delivered 1 messages Nov 11 04:20:19 BBCK003 MailScanner[30219]: Deleted 1 messages from processing-database Nov 11 04:20:19 BBCK003 postfix/smtp[30292]: 15E7E0: to=, relay=collectix.vdb.nl[81.171.0.79]:25, delay=5.7, delays=5.4/0.02/0.01/0.24, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as B7E931D4003E) After reverting version from 5.0.4 to 5.0.3 error is gone again. Met vriendelijke groet, Best regards, Thom van der Boon E-Mail: thom at vdb.nl ===== Thom.H. van der Boon b.v. Transito 4 6909 DA Babberich Tel.: +31 (0)88 4272727 Fax: +31 (0)88 4272789 Home Page: http://www.vdb.nl/ Van: "Thom van der Boon" Aan: "MailScanner Discussion" Verzonden: Vrijdag 11 november 2016 04:19:47 Onderwerp: Re: v5.0.4-3 Hi Jerry, I found a possible problem: Update from 5.0.3 to 5.0.4 on RHEL: /etc/MailScanner/MailScanner.conf gets completely overwritten. There is no "old" or "backup" backup file of this file. I trusted you a little to much and did not backup my MailScanner.conf, had to reconfigure it :) Met vriendelijke groet, Best regards, Thom van der Boon E-Mail: thom at vdb.nl ===== Thom.H. van der Boon b.v. Transito 4 6909 DA Babberich Tel.: +31 (0)88 4272727 Fax: +31 (0)88 4272789 Home Page: http://www.vdb.nl/ Van: "Jerry Benton" Aan: "MailScanner Discussion" Verzonden: Donderdag 10 november 2016 19:31:54 Onderwerp: v5.0.4-3 I have a release ready, but I wanted to get some feedback/testing before I put it out as the current version. Can some people do some testing on these please? I prefer to have more than 1 set of eyeballs and sanity checks on releases. Most of the changes are in the install.sh scripts. Debian https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.deb.tar.gz Nix https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.nix.tar.gz RHEL https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.rhel.tar.gz SuSE https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.suse.tar.gz - Jerry Benton www.mailborder.com +1 - 844-436-6245 -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Fri Nov 11 04:28:48 2016 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 10 Nov 2016 20:28:48 -0800 Subject: v5.0.4-3 In-Reply-To: <86108416.315833.1478834387763.JavaMail.zimbra@vdb.nl> References: <86108416.315833.1478834387763.JavaMail.zimbra@vdb.nl> Message-ID: <48c4a307-c713-4c8e-65cd-67a5b2e57ec1@msapiro.net> On 11/10/2016 07:19 PM, Thom van der Boon wrote: > Hi Jerry, > > I found a possible problem: Update from 5.0.3 to 5.0.4 on RHEL: > > /etc/MailScanner/MailScanner.conf gets completely overwritten. There is > no "old" or "backup" backup file of this file. Files are backed up in ms_upgrade/ in your home directory. There should be a ms_upgrade/saved.pppp/etc/MailScanner/MailScanner.conf.original with your original MailScanner.conf. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From jerry.benton at mailborder.com Fri Nov 11 04:43:41 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Thu, 10 Nov 2016 23:43:41 -0500 Subject: v5.0.4-3 In-Reply-To: <48c4a307-c713-4c8e-65cd-67a5b2e57ec1@msapiro.net> References: <86108416.315833.1478834387763.JavaMail.zimbra@vdb.nl> <48c4a307-c713-4c8e-65cd-67a5b2e57ec1@msapiro.net> Message-ID: The lstat() errors are permissions related. This has to do with your ?Run as User? and ?Run as Group? in addition to the working permissions of your /var/spool/MailScanner Under v5 acrhitecture, you should be using mtagroup as the group and have those permissions set appropriately on /var/spool/MailScanner. - Jerry Benton www.mailborder.com +1 - 844-436-6245 -----Original Message----- From:?Mark Sapiro Reply:?MailScanner Discussion Date:?November 10, 2016 at 11:29:04 PM To:?mailscanner at lists.mailscanner.info Subject:? Re: v5.0.4-3 > On 11/10/2016 07:19 PM, Thom van der Boon wrote: > > Hi Jerry, > > > > I found a possible problem: Update from 5.0.3 to 5.0.4 on RHEL: > > > > /etc/MailScanner/MailScanner.conf gets completely overwritten. There is > > no "old" or "backup" backup file of this file. > > > Files are backed up in ms_upgrade/ in your home directory. There should > be a ms_upgrade/saved.pppp/etc/MailScanner/MailScanner.conf.original > with your original MailScanner.conf. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From mark at msapiro.net Fri Nov 11 04:46:28 2016 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 10 Nov 2016 20:46:28 -0800 Subject: v5.0.4-3 In-Reply-To: <1274032232.315894.1478835313621.JavaMail.zimbra@vdb.nl> References: <86108416.315833.1478834387763.JavaMail.zimbra@vdb.nl> <1274032232.315894.1478835313621.JavaMail.zimbra@vdb.nl> Message-ID: On 11/10/2016 07:35 PM, Thom van der Boon wrote: > > a) MailScanner.conf is not updated but overwritten > I noted that as I installed the 5.0.3 version, the previous > MailScanner.conf placed by the 5.0.4 even gets updated As noted in my prior reply, files are backed up in ms_upgrade/ in your home directory. There should be a ms_upgrade/saved.pppp/etc/MailScanner/MailScanner.conf.original with your original MailScanner.conf. > b) After update from 5.0.3 to 5.0.4 I get error of Clamd > ... > Nov 11 04:20:16 BBCK003 MailScanner[30219]: Clamd::ERROR:: UNKNOWN CLAMD > RETURN ./lstat() failed: Permission denied. ERROR :: > /var/spool/MailScanner/incoming/30219 What is ownership and permissions on /var/spool/MailScanner/incoming? What do you get from ms-peek incomingworkpermissions /etc/MailScanner/MailScanner.conf and ms-peek incomingworkgroup /etc/MailScanner/MailScanner.conf and groups clamav (or whatever the clamd user is) -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From thom at vdb.nl Fri Nov 11 07:16:40 2016 From: thom at vdb.nl (Thom van der Boon) Date: Fri, 11 Nov 2016 08:16:40 +0100 (CET) Subject: v5.0.4-3 In-Reply-To: References: <86108416.315833.1478834387763.JavaMail.zimbra@vdb.nl> <1274032232.315894.1478835313621.JavaMail.zimbra@vdb.nl> Message-ID: <237127038.316664.1478848600968.JavaMail.zimbra@vdb.nl> Mark, I took a look at the first directory of the updates (5.0.3 -> 5.0.4), but instead of a backupfile of the 5.0.3 MailScanner.conf the fresh 5.0.4 MailScanner.conf was written there as MailScanner.conf.original Met vriendelijke groet, Best regards, Thom van der Boon E-Mail: thom at vdb.nl ===== Thom.H. van der Boon b.v. Transito 4 6909 DA Babberich Tel.: +31 (0)88 4272727 Fax: +31 (0)88 4272789 Home Page: http://www.vdb.nl/ Van: "Mark Sapiro" Aan: mailscanner at lists.mailscanner.info Verzonden: Vrijdag 11 november 2016 05:46:28 Onderwerp: Re: v5.0.4-3 On 11/10/2016 07:35 PM, Thom van der Boon wrote: > > a) MailScanner.conf is not updated but overwritten > I noted that as I installed the 5.0.3 version, the previous > MailScanner.conf placed by the 5.0.4 even gets updated As noted in my prior reply, files are backed up in ms_upgrade/ in your home directory. There should be a ms_upgrade/saved.pppp/etc/MailScanner/MailScanner.conf.original with your original MailScanner.conf. > b) After update from 5.0.3 to 5.0.4 I get error of Clamd > ... > Nov 11 04:20:16 BBCK003 MailScanner[30219]: Clamd::ERROR:: UNKNOWN CLAMD > RETURN ./lstat() failed: Permission denied. ERROR :: > /var/spool/MailScanner/incoming/30219 What is ownership and permissions on /var/spool/MailScanner/incoming? What do you get from ms-peek incomingworkpermissions /etc/MailScanner/MailScanner.conf and ms-peek incomingworkgroup /etc/MailScanner/MailScanner.conf and groups clamav (or whatever the clamd user is) -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From info at digitalessence.net Fri Nov 11 16:24:41 2016 From: info at digitalessence.net (Hedley Phillips) Date: Fri, 11 Nov 2016 16:24:41 -0000 Subject: HOWTO: Change rule score and stop Blacklisted emails Message-ID: <007101d23c38$1b1d0ed0$51572c70$@digitalessence.net> Hi Valentin, Thank you for your reply. I'm in the process of reading through the information you linked to. Many thanks, Hedley ---------------------------------------------------------------------- See also https://www.mailscanner.info/MailScanner.conf.index.html#Required%20SpamAssa ssin%20Score and https://www.mailscanner.info/MailScanner.conf.index.html#High%20SpamAssassin %20Score At my setup they are 3 and 6 respectively and also https://www.mailscanner.info/MailScanner.conf.index.html#Spam%20Actions and https://www.mailscanner.info/MailScanner.conf.index.html#High%20Scoring%20Sp am%20Actions At my setup they are Spam Actions = deliver attachment header "X-Spam-Status: Yes" High Scoring Spam Actions = delete Regards Valentin Laskov From jfgavilanes at edinun.com Fri Nov 11 16:46:59 2016 From: jfgavilanes at edinun.com (Juan Fco. Gavilanes N.) Date: Fri, 11 Nov 2016 11:46:59 -0500 Subject: archive Message-ID: <000e01d23c3b$38e7fb70$aab7f250$@edinun.com> good morning Please help if you have a .sh file to start the mailscanner and stop the sendmail before they helped me but the equipment was damaged Thank you -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Fri Nov 11 17:57:47 2016 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 11 Nov 2016 09:57:47 -0800 Subject: archive In-Reply-To: <000e01d23c3b$38e7fb70$aab7f250$@edinun.com> References: <000e01d23c3b$38e7fb70$aab7f250$@edinun.com> Message-ID: <34bd2af2-b367-bf4a-9e65-c7870564f844@msapiro.net> On 11/11/2016 08:46 AM, Juan Fco. Gavilanes N. wrote: > > Please help if you have a .sh file to start the mailscanner and stop the > sendmail before they helped me but the equipment was damaged The previous thread on this is in the archive starting at Also, , including , may be helpful. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From enrique at ibicsa.co.cu Fri Nov 11 23:39:13 2016 From: enrique at ibicsa.co.cu (Enrique) Date: Fri, 11 Nov 2016 15:39:13 -0800 Subject: to_address, to_domain fields are empty help please! Message-ID: <007b01d23c74$ced42c10$6c7c8430$@ibicsa.co.cu> I had postfix,mysql,postfixadmin+mailscanner working fine, so I put MailWatch.pm 1.2.0-master login to mysql database and web so all looks fine except the loggin to the database, some field do not loggin, enabling loggin on mailwach.pm look this. same empty field are undef and NULL all other field are logged fine Perl 5.14.2 For example to_address and to_domain ares blank in log table. Mailscanner 5 0.3 -> execute for DBD::mysql::st (DBI::st=HASH(0x3478e88)~0x3479110 '2016-11-03 01:28:31' '1396BE150B.A133C' 1848 'enrique at bicsa.co.cu' 'bicsa.co.cu' '' '' '3333333333333333333333333333' '127.0.0.1' '' undef undef undef undef undef undef undef undef 0 0 0 '' undef undef undef undef undef undef undef 'temis.bicsa.co.cu' '2016-11-03' '01:28:31' 'Received: from 172.16.1.16 (localhost [127.0.0.1]) by temis.bicsa.co.cu (Postfix) with ESMTP id 1396BE150B for ; Thu, 3 Nov 2016 01:28:17 -0500 (CST) the entire log file go as attachment sorry about my English -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: dbitrace.txt URL: From mark at msapiro.net Sat Nov 12 00:05:16 2016 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 11 Nov 2016 16:05:16 -0800 Subject: to_address, to_domain fields are empty help please! In-Reply-To: <007b01d23c74$ced42c10$6c7c8430$@ibicsa.co.cu> References: <007b01d23c74$ced42c10$6c7c8430$@ibicsa.co.cu> Message-ID: <34482abf-ad04-8354-ac55-2ab48c48f58a@msapiro.net> On 11/11/2016 03:39 PM, Enrique wrote: > > I had postfix,mysql,postfixadmin+mailscanner working fine, so I put > MailWatch.pm 1.2.0-master login to mysql database and web so all > looks fine except the loggin to the database, some field do not loggin, > enabling loggin on mailwach.pm look this? same empty field are undef and > NULL all other field are logged fine MailWatch has it's own list at . Please post MailWatch issues there. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From Antony.Stone at mailscanner.open.source.it Sat Nov 12 00:06:18 2016 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Sat, 12 Nov 2016 01:06:18 +0100 Subject: to_address, to_domain fields are empty help please! In-Reply-To: <007b01d23c74$ced42c10$6c7c8430$@ibicsa.co.cu> References: <007b01d23c74$ced42c10$6c7c8430$@ibicsa.co.cu> Message-ID: <201611120106.18319.Antony.Stone@mailscanner.open.source.it> On Saturday 12 November 2016 at 00:39:13, Enrique wrote: > I had postfix,mysql,postfixadmin+mailscanner working fine, so I put > MailWatch.pm 1.2.0-master login to mysql database and web so all looks > fine except the loggin to the database, some field do not loggin, enabling > loggin on mailwach.pm look this. same empty field are undef and NULL all > other field are logged fine MailScanner does not use MySQL. This is a MailWatch problem. I recommend you ask on the MailWatch list for assistance. https://lists.sourceforge.net/lists/listinfo/mailwatch-users Antony. -- I have an excellent memory. I can't think of a single thing I've forgotten. Please reply to the list; please *don't* CC me. From iversons at rushville.k12.in.us Sat Nov 12 13:19:43 2016 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Sat, 12 Nov 2016 08:19:43 -0500 Subject: v5.0.4-3 In-Reply-To: References: Message-ID: Beginning testing here. Will report results. On Thu, Nov 10, 2016 at 1:31 PM, Jerry Benton wrote: > I have a release ready, but I wanted to get some feedback/testing > before I put it out as the current version. Can some people do some > testing on these please? I prefer to have more than 1 set of eyeballs > and sanity checks on releases. Most of the changes are in the > install.sh scripts. > > > Debian > https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.deb.tar.gz > > Nix > https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.nix.tar.gz > > RHEL > https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.rhel.tar.gz > > SuSE > https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.suse.tar.gz > > > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Sat Nov 12 16:50:05 2016 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Sat, 12 Nov 2016 11:50:05 -0500 Subject: v5.0.4-3 In-Reply-To: References: Message-ID: I am having trouble doing some debugging on RHEL. I need to examine the rpm spec file. [test at test MailScanner-5.0.4-3]$ rpm -qp MailScanner-5.0.4-3.noarch.rpm --specfile error: malformed hdrid: MailScanner-5.0.4-3.noarch.rpm On Sat, Nov 12, 2016 at 8:19 AM, Shawn Iverson wrote: > Beginning testing here. Will report results. > > On Thu, Nov 10, 2016 at 1:31 PM, Jerry Benton > wrote: > >> I have a release ready, but I wanted to get some feedback/testing >> before I put it out as the current version. Can some people do some >> testing on these please? I prefer to have more than 1 set of eyeballs >> and sanity checks on releases. Most of the changes are in the >> install.sh scripts. >> >> >> Debian >> https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.deb.tar.gz >> >> Nix >> https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.nix.tar.gz >> >> RHEL >> https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.rhel.tar.gz >> >> SuSE >> https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.suse.tar.gz >> >> >> >> - >> Jerry Benton >> www.mailborder.com >> +1 - 844-436-6245 >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > > -- > Shawn Iverson > Director of Technology > Rush County Schools > 765-932-3901 x271 > iversons at rushville.k12.in.us > > > -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Sat Nov 12 16:53:22 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Sat, 12 Nov 2016 11:53:22 -0500 Subject: v5.0.4-3 In-Reply-To: References: Message-ID: <6D98B206-15A9-42E6-BF3D-FF64E9E7594A@mailborder.com> Shawn, Thanks for testing. Here is the spec file: https://github.com/MailScanner/v5/blob/master/rhel/mailscanner.spec - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Nov 12, 2016, at 11:50 AM, Shawn Iverson wrote: > > malformed hdrid -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Sat Nov 12 20:35:41 2016 From: mark at msapiro.net (Mark Sapiro) Date: Sat, 12 Nov 2016 12:35:41 -0800 Subject: duplicate subject lines in headers (again) In-Reply-To: References: <4e41b092-c7cb-3ece-946d-b71ed1043dd5@msapiro.net> Message-ID: On 11/07/2016 03:57 AM, Warwick Brown wrote: > > Thanks for taking a look. It is difficult to replicate because there appears to be some yahoo MXs that cause the mail to fail the check, and others which let it succeed. However, you shouldn't have to rely on Yahoo to complain about the message. If MailScanner is duplicating the Subject: header, this almost certainly doesn't depend on the mail being sent to Yahoo nor on Yahoo ultimately bouncing it. I would expect it to occur with all mail that has trailing spaces in the Subject:, even a message you just send to yourself. > Here is the MIME from a mail that succeeded (heavily obfuscated): > ... > Received: from mailserver.core.domain.com (HELO smtp.domain.com) (1.2.3.4) > by server-12.tower-217.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 7 Nov 2016 11:27:49 -0000 > X-Spam-Status: No > X-ObfuscatedOrg-MailScanner-Watermark: 1479122774.1594 at isZRSJkNKmb8yF20npzFJw > Subject: double space at beginning an end > X-ObfuscatedOrg-MailScanner-From: sender at domain.com > X-ObfuscatedOrg-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, > score=-0.999, required 6, ALL_TRUSTED -1.00, HTML_MESSAGE 0.00) > X-ObfuscatedOrg-MailScanner: Found to be clean > X-ObfuscatedOrg-MailScanner-ID: 1c3i45-0002bU-SE > X-ObfuscatedOrg-MailScanner-Information: Please report any suspicious emails to phishing at domain.com > Received: from [10.20.30.40] (port=39922 helo=MYEXCHANGEHUB.ad.domain.com) > by smtp.domain.com with esmtps (TLSv1:AES128-SHA:128) > (Exim 4.86) > (envelope-from ) > id 1c3i45-0002bU-SE > for yahoo_recipient at yahoo.com; Mon, 07 Nov 2016 11:26:13 +0000 > Received: from MYEXCHANGECCR.ad.domain.com ([169.254.1.220]) by > MYEXCHANGEHUB.ad.domain.com ([10.20.30.40]) with mapi; Mon, 7 Nov 2016 > 11:26:13 +0000 > From: Warwick Brown > To: "yahoo_recipient at yahoo.com" > Date: Mon, 7 Nov 2016 11:26:12 +0000 > Subject: double space at beginning an end ... >From the above, it seems that you have both Use Watermarking = Yes Place New Headers At Top Of Message = Yes in your MailScanner config, but even with those settings and testing with both messages that do and do not tag the Subject:, I still can't duplicate this. But, your MTA is Exim, and other info (see below) seems to say that this may only be an issue when Exim is the MTA. It seems clear that the second, "stripped" Subject is added by MailScanner between adding its normal reporting headers and the watermark header, but again, I can't duplicate this. To test further, I'd like to know everything in your MailScanner config that's different from default. Hopefully, you have all your changes in /etc/MailScanner/conf.d/* and you can just send me or post those, but if not, send me /etc/MailScanner/MailScanner.conf. Also, if you can test with a simple message to yourself and find one that reliably triggers the problem, I'd like to see that, both as it is sent and as it is received after MailScanner duplicates the Subject:. Also, I finally looked for and found the thread at , and while it does contain some additional info, I'm still unable to duplicate the issue. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From Warwick.x.Brown at serco.com Sat Nov 12 23:44:56 2016 From: Warwick.x.Brown at serco.com (Warwick Brown) Date: Sat, 12 Nov 2016 23:44:56 +0000 Subject: duplicate subject lines in headers (again) In-Reply-To: References: <4e41b092-c7cb-3ece-946d-b71ed1043dd5@msapiro.net> Message-ID: > However, you shouldn't have to rely on Yahoo to complain about the > message. If MailScanner is duplicating the Subject: header, this almost > certainly doesn't depend on the mail being sent to Yahoo nor on Yahoo > ultimately bouncing it. Its not just Yahoo, however Yahoo is the only service which makes a big issue out of it citing RFC compliance > > I would expect it to occur with all mail that has trailing spaces in the > Subject:, even a message you just send to yourself. Yes..that is repeatable > From the above, it seems that you have both > > Use Watermarking = Yes > Place New Headers At Top Of Message = Yes Yes - correct > in your MailScanner config, but even with those settings and testing > with both messages that do and do not tag the Subject:, I still can't > duplicate this. Have you an Exim setup to test? You've got me thinking...i have a personal VM I can burn which I am willing to set-up and provide access for you if you like? It won't be an *exact* match of what I am working on, but at least will a likeness > But, your MTA is Exim, and other info (see below) seems to say that this > may only be an issue when Exim is the MTA. Most likely, but our poison of choice is Exim because our mail environment is/was horrendously complex and Exim was the only MTA which allowed us the flexibility we required at the time when it was chosen (I would have much preferred sendmail ;-) and was not part of that selection process) > It seems clear that the second, "stripped" Subject is added by > MailScanner between adding its normal reporting headers and the > watermark header, but again, I can't duplicate this. > > To test further, I'd like to know everything in your MailScanner config > that's different from default. Hopefully, you have all your changes in > /etc/MailScanner/conf.d/* and you can just send me or post those, but if > not, send me /etc/MailScanner/MailScanner.conf. Also, if you can test > with a simple message to yourself and find one that reliably triggers > the problem, I'd like to see that, both as it is sent and as it is > received after MailScanner duplicates the Subject:. > > Also, I finally looked for and found the thread at > December/101817.html>, > and while it does contain some additional info, I'm still unable to > duplicate the issue. Hence why my subject line includes "again", it seems to be a regressive bug/feature at least in my configuration that uses Exim. Here is my Mailscanner.conf (I have it installed into /opt/MailScanner and have redacted a few things such as the org name and watermark salt): # egrep -v '^[ ]*$|^[ ]*\#' /opt/MailScanner/etc/MailScanner.conf %org-name% = MyCustomOrgName %org-long-name% = My Custom Organisation Name %web-site% = www.myorgdomain.com %etc-dir% = /opt/MailScanner/etc %report-dir% = /opt/MailScanner/etc/reports/en %rules-dir% = /opt/MailScanner/etc/rules %mcp-dir% = /opt/MailScanner/etc/mcp Max Children = 12 Run As User = exim Run As Group = exim Queue Scan Interval = 6 Incoming Queue Dir = /var/spool/exim.in/input Outgoing Queue Dir = /var/spool/exim.out/input Incoming Work Dir = /var/spool/MailScanner/incoming Quarantine Dir = /var/spool/MailScanner/quarantine PID file = /opt/MailScanner/var/MailScanner.pid Restart Every = 7200 MTA = exim Sendmail = /usr/sbin/exim Sendmail2 = /usr/bin/exim -C /etc/exim/exim_out.conf Incoming Work User = Incoming Work Group = clamscan Incoming Work Permissions = 0640 Quarantine User = Quarantine Group = Quarantine Permissions = 0600 Max Unscanned Bytes Per Scan = 100m Max Unsafe Bytes Per Scan = 50m Max Unscanned Messages Per Scan = 50 Max Unsafe Messages Per Scan = 50 Max Normal Queue Size = 10000 Scan Messages = yes Reject Message = no Maximum Processing Attempts = 6 Processing Attempts Database = /var/spool/MailScanner/incoming/Processing.db Maximum Attachments Per Message = 200 Expand TNEF = yes Use TNEF Contents = no Deliver Unparsable TNEF = no TNEF Expander = /usr/bin/tnef --maxsize=100000000 TNEF Timeout = 120 File Command = /usr/bin/file File Timeout = 60 Gunzip Command = /bin/gunzip Gunzip Timeout = 60 Unrar Command = /usr/local/bin/unrar Unrar Timeout = 60 Find UU-Encoded Files = yes Maximum Message Size = %rules-dir%/max.message.size.rules Maximum Attachment Size = -1 Minimum Attachment Size = -1 Maximum Archive Depth = 8 Find Archives By Content = yes Unpack Microsoft Documents = yes Zip Attachments = no Attachments Zip Filename = MessageAttachments.zip Attachments Min Total Size To Zip = 100k Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg .jpeg .mpg .mpe .mpeg .mp3 .rpm .htm .html .eml .gz .bz2 .xz Add Text Of Doc = no Antiword = /usr/bin/antiword -f Antiword Timeout = 50 Unzip Maximum Files Per Archive = 0 Unzip Maximum File Size = 50k Unzip Filenames = *.txt *.ini *.log *.csv Unzip MimeType = text/plain Virus Scanning = yes Virus Scanners = clamd Virus Scanner Timeout = 600 Deliver Disinfected Files = no Silent Viruses = HTML-IFrame All-Viruses Still Deliver Silent Viruses = no Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar Spam-Virus Header = X-%org-name%-MailScanner-SpamVirus-Report: Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/* *Phish* Block Encrypted Messages = no Block Unencrypted Messages = no Allow Password-Protected Archives = yes Check Filenames In Password-Protected Archives = yes Allowed Sophos Error Messages = Sophos IDE Dir = /opt/sophos-av/lib/sav Sophos Lib Dir = /opt/sophos-av/lib Monitors For Sophos Updates = /opt/sophos-av/lib/sav/*.ide Monitors for ClamAV Updates = /usr/local/share/clamav/*.cld /usr/local/share/clamav/*.cvd /var/lib/clamav/*.inc/* /var/lib/clamav/*.?db /var/lib/clamav/*.cvd ClamAVmodule Maximum Recursion Level = 8 ClamAVmodule Maximum Files = 1000 ClamAVmodule Maximum File Size = 100000000 # (100 Mbytes) ClamAVmodule Maximum Compression Ratio = 250 Clamd Port = 3310 Clamd Lock File = # /var/lock/subsys/clamd Clamd Use Threads = yes ClamAV Full Message Scan = yes Fpscand Port = 10200 Dangerous Content Scanning = yes Allow Partial Messages = no Allow External Message Bodies = no Find Phishing Fraud = yes Also Find Numeric Phishing = yes Use Stricter Phishing Net = yes Highlight Phishing Fraud = no Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf %etc-dir%/phishing.safe.sites.custom Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf Country Sub-Domains List = %etc-dir%/country.domains.conf Allow IFrame Tags = %rules-dir%/disarm.rules Allow Form Tags = %rules-dir%/disarm.rules Allow Script Tags = %rules-dir%/disarm.rules Allow WebBugs = %rules-dir%/disarm.rules Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap shim Known Web Bug Servers = msgtag.com Web Bug Replacement = http://cdn.mailscanner.info/1x1spacer.gif Allow Object Codebase Tags = disarm Convert Dangerous HTML To Text = no Convert HTML To Text = no Archives Are = zip rar ole uu tnef Allow Filenames = Deny Filenames = Filename Rules = %etc-dir%/filename.rules.conf Allow Filetypes = Allow File MIME Types = Deny Filetypes = Deny File MIME Types = Filetype Rules = %etc-dir%/filetype.rules.conf Archives: Allow Filenames = Archives: Deny Filenames = Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf Archives: Allow Filetypes = Archives: Allow File MIME Types = Archives: Deny Filetypes = Archives: Deny File MIME Types = Archives: Filetype Rules = %etc-dir%/archives.filetype.rules.conf Default Rename Pattern = __FILENAME__.disarmed Quarantine Infections = yes Quarantine Silent Viruses = no Quarantine Modified Body = no Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = yes Keep Spam And MCP Archive Clean = no Language Strings = %report-dir%/languages.conf Rejection Report = %report-dir%/rejection.report.txt Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt Deleted Size Message Report = %report-dir%/deleted.size.message.txt Stored Bad Content Message Report = %report-dir%/stored.content.message.txt Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt Stored Virus Message Report = %report-dir%/stored.virus.message.txt Stored Size Message Report = %report-dir%/stored.size.message.txt Disinfected Report = %report-dir%/disinfected.report.txt Inline HTML Signature = %report-dir%/inline.sig.html Inline Text Signature = %report-dir%/inline.sig.txt Signature Image Filename = %report-dir%/sig.jpg Signature Image Filename = signature.jpg Inline HTML Warning = %report-dir%/inline.warning.html Inline Text Warning = %report-dir%/inline.warning.txt Sender Content Report = %report-dir%/sender.content.report.txt Sender Error Report = %report-dir%/sender.error.report.txt Sender Bad Filename Report = %report-dir%/sender.filename.report.txt Sender Virus Report = %report-dir%/sender.virus.report.txt Sender Size Report = %report-dir%/sender.size.report.txt Hide Incoming Work Dir = yes Include Scanner Name In Reports = yes Mail Header = X-%org-name%-MailScanner: Spam Header = X-%org-name%-MailScanner-SpamCheck: Spam Score Header = X-%org-name%-MailScanner-SpamScore: Information Header = X-%org-name%-MailScanner-Information: Add Envelope From Header = yes Add Envelope To Header = no Envelope From Header = X-%org-name%-MailScanner-From: Envelope To Header = X-%org-name%-MailScanner-To: ID Header = X-%org-name%-MailScanner-ID: IP Protocol Version Header = # X-%org-name%-MailScanner-IP-Protocol: Spam Score Character = s SpamScore Number Instead Of Stars = yes Minimum Stars If On Spam List = 0 Clean Header Value = Found to be clean Infected Header Value = Found to be infected Disinfected Header Value = Disinfected Information Header Value = Please report any suspicious emails to phishing at myorgdomain.com Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = yes Multiple Headers = add Place New Headers At Top Of Message = yes Hostname = %org-name% Core MTA $HOSTNAME Sign Messages Already Processed = no Sign Clean Messages = no Attach Image To Signature = no Attach Image To HTML Message Only = yes Allow Multiple HTML Signatures = no Dont Sign HTML If Headers Exist = # In-Reply-To: References: Mark Infected Messages = yes Mark Unscanned Messages = yes Unscanned Header Value = Not scanned Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: Deliver Cleaned Messages = no Notify Senders = no Notify Senders Of Viruses = no Notify Senders Of Blocked Filenames Or Filetypes = no Notify Senders Of Blocked Size Attachments = no Notify Senders Of Other Blocked Content = no Never Notify Senders Of Precedence = list bulk Scanned Modify Subject = no # end Scanned Subject Text = {Scanned} Virus Modify Subject = start Virus Subject Text = {Virus?} Filename Modify Subject = start Filename Subject Text = {Filename?} Content Modify Subject = start Content Subject Text = {Dangerous Content?} Size Modify Subject = start Size Subject Text = {Size} Disarmed Modify Subject = start Disarmed Subject Text = {Disarmed} Phishing Modify Subject = start Phishing Subject Text = {Fraud?} Spam Modify Subject = start Spam Subject Text = {Spam?} High Scoring Spam Modify Subject = start High Scoring Spam Subject Text = {Spam?} Warning Is Attachment = yes Attachment Warning Filename = %org-name%-Attachment-Warning.txt Attachment Encoding Charset = ISO-8859-1 Archive Mail = Missing Mail Archive Is = directory Send Notices = yes Notices Include Full Headers = yes Hide Incoming Work Dir in Notices = no Notice Signature = -- \ Core MTA Service\nwww.myorgdomain.com\n Notices From = MailScanner Notices To = phishing at myorg.com Local Postmaster = phishing at myorg.com Spam List Definitions = %etc-dir%/spam.lists.conf Virus Scanner Definitions = %etc-dir%/virus.scanners.conf Spam Checks = yes Spam List = # spamhaus-ZEN # You can un-comment this to enable them Spam Domain List = Spam Lists To Be Spam = 1 Spam Lists To Reach High Score = 3 Spam List Timeout = 10 Max Spam List Timeouts = 7 Spam List Timeouts History = 10 Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules Is Definitely Spam = no Definite Spam Is High Scoring = no Ignore Spam Whitelist If Recipients Exceed = 20 Max Spam Check Size = 2097152k Use Watermarking = yes Add Watermark = yes Check Watermarks With No Sender = yes Treat Invalid Watermarks With No Sender as Spam = nothing Check Watermarks To Skip Spam Checks = yes Watermark Secret = redacted ;-) Watermark Lifetime = 604800 Watermark Header = X-%org-name%-MailScanner-Watermark: Use SpamAssassin = yes Max SpamAssassin Size = 2097152k Required SpamAssassin Score = 6 High SpamAssassin Score = 10 SpamAssassin Auto Whitelist = yes SpamAssassin Timeout = 300 Max SpamAssassin Timeouts = 10 SpamAssassin Timeouts History = 30 Check SpamAssassin If On Spam List = yes Include Binary Attachments In SpamAssassin = no Spam Score = yes Cache SpamAssassin Results = yes SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db Rebuild Bayes Every = 0 Wait During Bayes Rebuild = no Use Custom Spam Scanner = no Max Custom Spam Scanner Size = 20k Custom Spam Scanner Timeout = 20 Max Custom Spam Scanner Timeouts = 10 Custom Spam Scanner Timeout History = 20 Spam Actions = deliver header "X-Spam-Status: Yes" High Scoring Spam Actions = store Non Spam Actions = deliver header "X-Spam-Status: No" SpamAssassin Rule Actions = Sender Spam Report = %report-dir%/sender.spam.report.txt Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt Inline Spam Warning = %report-dir%/inline.spam.warning.txt Recipient Spam Report = %report-dir%/recipient.spam.report.txt Enable Spam Bounce = %rules-dir%/bounce.rules Bounce Spam As Attachment = no Syslog Facility = mail Log Speed = yes Log Spam = yes Log Non Spam = yes Log Delivery And Non-Delivery = yes Log Permitted Filenames = yes Log Permitted Filetypes = yes Log Permitted File MIME Types = yes Log Silent Viruses = yes Log Dangerous HTML Tags = yes Log SpamAssassin Rule Actions = yes SpamAssassin Temporary Dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin User State Dir = SpamAssassin Install Prefix = SpamAssassin Site Rules Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = SpamAssassin Local State Dir = # /var/lib/spamassassin SpamAssassin Default Rules Dir = DB DSN = DB Username = sauser DB Password = pickyourown! SQL Serial Number = SQL Quick Peek = SQL Config = SQL Ruleset = SQL SpamAssassin Config = SQL Debug = no MCP Checks = no First Check = spam MCP Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Error Score = 1 MCP Header = X-%org-name%-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = deliver High Scoring MCP Actions = deliver Bounce MCP As Attachment = no MCP Modify Subject = start MCP Subject Text = {MCP?} High Scoring MCP Modify Subject = start High Scoring MCP Subject Text = {MCP?} Is Definitely MCP = no Is Definitely Not MCP = no Definite MCP Is High Scoring = no Always Include MCP Report = no Detailed MCP Report = yes Include Scores In MCP Report = no Log MCP = no MCP Max SpamAssassin Timeouts = 20 MCP Max SpamAssassin Size = 100k MCP SpamAssassin Timeout = 10 MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf MCP SpamAssassin User State Dir = MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% Recipient MCP Report = %report-dir%/recipient.mcp.report.txt Sender MCP Report = %report-dir%/sender.mcp.report.txt Use Default Rules With Multiple Recipients = no Read IP Address From Received Header = no Spam Score Number Format = %d MailScanner Version Number = 4.85.2 SpamAssassin Cache Timings = 1800,300,10800,172800,600 Debug = no Debug SpamAssassin = no Run In Foreground = no Always Looked Up Last = no Always Looked Up Last After Batch = no Deliver In Background = yes Delivery Method = queue Split Exim Spool = no Lockfile Dir = /var/spool/MailScanner/incoming/Locks Custom Functions Dir = /opt/MailScanner/lib/MailScanner/CustomFunctions Lock Type = Syslog Socket Type = Automatic Syntax Check = yes Minimum Code Status = supported include /opt/MailScanner/etc/conf.d/* The contents of /opt/MailScanner/etc/conf.d/* is empty. My rules are as follows:- # egrep -v '^[ ]*$|^[ ]*\#' /opt/MailScanner/etc/rules/spam.whitelist.rules /opt/MailScanner/etc/rules/disarm.rules /opt/MailScanner/etc/rules/bounce.rules /opt/MailScanner/etc/rules/spam.whitelist.rules:From: noreply at redacted.com yes /opt/MailScanner/etc/rules/spam.whitelist.rules:From: /^cmailcampaignname-[0-9a-zA-Z]+ at cmail[0-9]*.com$/ yes /opt/MailScanner/etc/rules/spam.whitelist.rules:From: 10.1.2.3 yes /opt/MailScanner/etc/rules/spam.whitelist.rules:FromOrTo: default no /opt/MailScanner/etc/rules/disarm.rules:From: cmailcampaignname-*@cmail*\.com yes /opt/MailScanner/etc/rules/disarm.rules:FromOrTo: default yes /opt/MailScanner/etc/rules/bounce.rules:FromOrTo: default no I have met all the perl dependencies (except MySQL, which I don't think is material to this issue) and the lint report is as follows: # ./MailScanner --lint Trying to setlogsock(unix) Reading configuration file /opt/MailScanner/etc/MailScanner.conf Reading configuration file /opt/MailScanner/etc/conf.d/README Read 870 hostnames from the phishing whitelist Read 5807 hostnames from the phishing blacklists Checking version numbers... Version number in MailScanner.conf (4.85.2) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. MailScanner setting GID to (93) MailScanner setting UID to (93) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database plugin: eval failed: install_driver(mysql) failed: Can't locate DBD/mysql.pm in @INC (you may need to install the DBD::mysql module) (@INC contains: lib . ./MailScanner /opt/MailScanner/lib /opt/MailScanner/lib/perl5/site_perl/5.22.1/x86_64-linux-thread-multi /opt/MailScanner/lib/perl5/site_perl/5.22.1 /opt/MailScanner/lib/perl5/5.22.1/x86_64-linux-thread-multi /opt/MailScanner/lib/perl5/5.22.1) at (eval 1199) line 3. Perhaps the DBD::mysql perl module hasn't been fully installed, or perhaps the capitalisation of 'mysql' isn't right. Available drivers: DBM, ExampleP, File, Gofer, Proxy, SQLite, Sponge. at /opt/MailScanner/lib/perl5/site_perl/5.22.1/Mail/SpamAssassin/BayesStore/MySQL.pm line 654. plugin: eval failed: install_driver(mysql) failed: Can't locate DBD/mysql.pm in @INC (you may need to install the DBD::mysql module) (@INC contains: lib . ./MailScanner /opt/MailScanner/lib /opt/MailScanner/lib/perl5/site_perl/5.22.1/x86_64-linux-thread-multi /opt/MailScanner/lib/perl5/site_perl/5.22.1 /opt/MailScanner/lib/perl5/5.22.1/x86_64-linux-thread-multi /opt/MailScanner/lib/perl5/5.22.1) at (eval 1209) line 3. Perhaps the DBD::mysql perl module hasn't been fully installed, or perhaps the capitalisation of 'mysql' isn't right. Available drivers: DBM, ExampleP, File, Gofer, Proxy, SQLite, Sponge. at /opt/MailScanner/lib/perl5/site_perl/5.22.1/Mail/SpamAssassin/BayesStore/MySQL.pm line 654. SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 2 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = clamd" Found these virus scanners installed: clamavmodule, clamd =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Filetype Checks: Allowing 1 eicar.com Other Checks: Found 1 problems Virus and Content Scanning: Starting Clamd::INFECTED::Eicar-Test-Signature :: ./1/ Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com Virus Scanning: Clamd found 2 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 2 viruses =========================================================================== Virus Scanner test reports: Clamd said "eicar.com was infected: Eicar-Test-Signature" If any of your virus scanners (clamavmodule,clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Let me know if you need any more info/configs... Thanks again, Warwick From mark at msapiro.net Sun Nov 13 00:35:55 2016 From: mark at msapiro.net (Mark Sapiro) Date: Sat, 12 Nov 2016 16:35:55 -0800 Subject: duplicate subject lines in headers (again) In-Reply-To: References: <4e41b092-c7cb-3ece-946d-b71ed1043dd5@msapiro.net> Message-ID: <7bdc2689-f203-c25b-86be-8bf99ebcca0d@msapiro.net> On 11/12/2016 03:44 PM, Warwick Brown wrote: > > Have you an Exim setup to test? You've got me thinking...i have a personal VM I can burn which I am willing to set-up and provide access for you if you like? It won't be an *exact* match of what I am working on, but at least will a likeness Thanks for the offer, but for now I'll continue testing on my own boxes. And thanks for the config and other info. That will help. > Most likely, but our poison of choice is Exim because our mail environment is/was horrendously complex and Exim was the only MTA which allowed us the flexibility we required at the time when it was chosen (I would have much preferred sendmail ;-) and was not part of that selection process) It does seem likely that this is specific to MailScanner with Exim, and it (at least the older issue) is reportedly fixed before your 4.85.2 which makes me think that your "horrendously complex" environment and resultant Exim config may be at least part of the issue. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From iversons at rushville.k12.in.us Sun Nov 13 01:01:50 2016 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Sat, 12 Nov 2016 20:01:50 -0500 Subject: v5.0.4-3 In-Reply-To: References: Message-ID: Jerry, It appears there is something wrong with the RHEL v5.0.4-3 RPM package. Scripts are not running, even when invoked directly with RPM (bypassing install.sh entirely). On Sat, Nov 12, 2016 at 8:19 AM, Shawn Iverson wrote: > Beginning testing here. Will report results. > > On Thu, Nov 10, 2016 at 1:31 PM, Jerry Benton > wrote: > >> I have a release ready, but I wanted to get some feedback/testing >> before I put it out as the current version. Can some people do some >> testing on these please? I prefer to have more than 1 set of eyeballs >> and sanity checks on releases. Most of the changes are in the >> install.sh scripts. >> >> >> Debian >> https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.deb.tar.gz >> >> Nix >> https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.nix.tar.gz >> >> RHEL >> https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.rhel.tar.gz >> >> SuSE >> https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.suse.tar.gz >> >> >> >> - >> Jerry Benton >> www.mailborder.com >> +1 - 844-436-6245 >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > > -- > Shawn Iverson > Director of Technology > Rush County Schools > 765-932-3901 x271 > iversons at rushville.k12.in.us > > > -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Sun Nov 13 01:04:43 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Sat, 12 Nov 2016 20:04:43 -0500 Subject: v5.0.4-3 In-Reply-To: References: Message-ID: <0A241652-AD75-49B0-A708-40B029FC62D9@mailborder.com> Ok I will review over the weekend. - Jerry Benton www.mailborder.com +1 844-436-6245 ext 707 sent via mobile > On Nov 12, 2016, at 20:01, Shawn Iverson wrote: > > Jerry, > > It appears there is something wrong with the RHEL v5.0.4-3 RPM package. Scripts are not running, even when invoked directly with RPM (bypassing install.sh entirely). > > > >> On Sat, Nov 12, 2016 at 8:19 AM, Shawn Iverson wrote: >> Beginning testing here. Will report results. >> >>> On Thu, Nov 10, 2016 at 1:31 PM, Jerry Benton wrote: >>> I have a release ready, but I wanted to get some feedback/testing >>> before I put it out as the current version. Can some people do some >>> testing on these please? I prefer to have more than 1 set of eyeballs >>> and sanity checks on releases. Most of the changes are in the >>> install.sh scripts. >>> >>> >>> Debian >>> https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.deb.tar.gz >>> >>> Nix >>> https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.nix.tar.gz >>> >>> RHEL >>> https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.rhel.tar.gz >>> >>> SuSE >>> https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.suse.tar.gz >>> >>> >>> >>> - >>> Jerry Benton >>> www.mailborder.com >>> +1 - 844-436-6245 >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >> >> >> >> -- >> Shawn Iverson >> Director of Technology >> Rush County Schools >> 765-932-3901 x271 >> iversons at rushville.k12.in.us >> >> > > > > -- > Shawn Iverson > Director of Technology > Rush County Schools > 765-932-3901 x271 > iversons at rushville.k12.in.us > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Warwick.x.Brown at serco.com Sun Nov 13 02:11:07 2016 From: Warwick.x.Brown at serco.com (Warwick Brown) Date: Sun, 13 Nov 2016 02:11:07 +0000 Subject: duplicate subject lines in headers (again) In-Reply-To: <7bdc2689-f203-c25b-86be-8bf99ebcca0d@msapiro.net> References: <4e41b092-c7cb-3ece-946d-b71ed1043dd5@msapiro.net> <7bdc2689-f203-c25b-86be-8bf99ebcca0d@msapiro.net> Message-ID: > It does seem likely that this is specific to MailScanner with Exim, and > it (at least the older issue) is reportedly fixed before your 4.85.2 > which makes me think that your "horrendously complex" environment and > resultant Exim config may be at least part of the issue. I will privately mail you my exim config....don't really want it in public domain From pascal.maes at uclouvain.be Sun Nov 13 08:01:58 2016 From: pascal.maes at uclouvain.be (Pascal Maes) Date: Sun, 13 Nov 2016 08:01:58 +0000 Subject: v5.0.4-3 In-Reply-To: References: Message-ID: <3D8A274C-E4C6-4368-9064-15C9F0653914@uclouvain.be> > Le 10 nov. 2016 ? 19:31, Jerry Benton a ?crit : > > I have a release ready, but I wanted to get some feedback/testing > before I put it out as the current version. Can some people do some > testing on these please? I prefer to have more than 1 set of eyeballs > and sanity checks on releases. Most of the changes are in the > install.sh scripts. > > > Debian > https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.deb.tar.gz > Installed on Debian yesterday without any problem. The old MailScanner.conf file has been reused except for the version number. I wonder why we have to choose the MTA because, even we choose postfix, the new MailScanner.conf contains sendmail. Thanks -- Pascal From jerry.benton at mailborder.com Sun Nov 13 08:10:10 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Sun, 13 Nov 2016 03:10:10 -0500 Subject: v5.0.4-3 In-Reply-To: <3D8A274C-E4C6-4368-9064-15C9F0653914@uclouvain.be> References: <3D8A274C-E4C6-4368-9064-15C9F0653914@uclouvain.be> Message-ID: The installer asks which MTA simply to install it for you. It does not setup the MailScanner.conf for you. - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Nov 13, 2016, at 3:01 AM, Pascal Maes wrote: > > >> Le 10 nov. 2016 ? 19:31, Jerry Benton a ?crit : >> >> I have a release ready, but I wanted to get some feedback/testing >> before I put it out as the current version. Can some people do some >> testing on these please? I prefer to have more than 1 set of eyeballs >> and sanity checks on releases. Most of the changes are in the >> install.sh scripts. >> >> >> Debian >> https://s3.amazonaws.com/msv5/release/MailScanner-5.0.4-3.deb.tar.gz >> > > Installed on Debian yesterday without any problem. > The old MailScanner.conf file has been reused except for the version number. > > > I wonder why we have to choose the MTA because, even we choose postfix, the new MailScanner.conf contains sendmail. > > > Thanks > -- > Pascal > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jonas at jkvinge.net Sun Nov 13 12:12:44 2016 From: jonas at jkvinge.net (Jonas Kvinge) Date: Sun, 13 Nov 2016 13:12:44 +0100 Subject: MailScanner on seperate servers In-Reply-To: References: <5803bd02-65cd-a5ae-eb3a-4f6c5b36f572@jkvinge.net> Message-ID: <853cef3d-7f4f-d498-3d3a-4ea77042b1a0@jkvinge.net> I don't see how user-based bayesian learning can work with mailscanner since sendmail only delivers the queue directly to mailscanner before it knows what mailbox it's going to. So how can mailscanner possible know where to look for the bayes data? The only solution I've found to this is to keep running spamc from procmail on imap server the way I've done before, except adding both mailscanner relays to internal_networks and trusted_networks and adding all the mailscanner headers to bayes_ignore_header. But even if I was to run mailscanner on the imap server, how would it know where to look for the bayesian data for each user when mailscanner is run before sendmail processes what mailbox it should go to? On 11/05/2016 01:25 PM, Jerry Benton wrote: > Hi, > > Yes, you could rsync it or use Union. You could also use shared network drives. > > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > -----Original Message----- > From: Jonas Kvinge > Reply: MailScanner Discussion > Date: November 5, 2016 at 8:22:19 AM > To: mailscanner at lists.mailscanner.info > Subject: MailScanner on seperate servers > >> Hi, >> >> I've been using a setup of sendmail/Procmail/SpamAssassin/Dovecot for >> many years, but recently switched to MailScanner. I've installed it on 2 >> seperate sendmail servers and use mailtable to forward the mail for the >> domains to the imap server with the mailboxes. >> >> The purpose of this was to take the load of the main server as well as >> having 2 servers if one goes down. >> >> It's working great and detecting more spam than previously, except for >> bayesian filtering, since the folders for individual users are on the >> imap server where the users directories are in /home/user/.spamassassin/ >> >> The imap server is running procmail to put the spam in the Spam folder. >> >> Each user has a /home/user/Maildir/.Spam/ and /home/Maildir/.LearnSpam/ >> directory and sa-learn is run every night by crontab. >> >> What would be the best way to implement this so that the bayesian work >> on both mailscanner servers? >> >> Could I just rsync /home/*/.spamassassin/ to the 2 mailscanner servers? >> >> Jonas >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > From mark at msapiro.net Sun Nov 13 17:45:28 2016 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 13 Nov 2016 09:45:28 -0800 Subject: duplicate subject lines in headers (again) In-Reply-To: References: <4e41b092-c7cb-3ece-946d-b71ed1043dd5@msapiro.net> <7bdc2689-f203-c25b-86be-8bf99ebcca0d@msapiro.net> Message-ID: <366d198f-fe02-bd67-d92b-794dd3984864@msapiro.net> On 11/12/2016 06:11 PM, Warwick Brown wrote: >> It does seem likely that this is specific to MailScanner with Exim, and >> it (at least the older issue) is reportedly fixed before your 4.85.2 >> which makes me think that your "horrendously complex" environment and >> resultant Exim config may be at least part of the issue. > > I will privately mail you my exim config....don't really want it in public domain Thanks for sending all the info. See the post at . This shows an excerpt from an Exim queue entry with a duplicate Subject:. The key is that the line 015 Subject: test should actually be 015* Subject: test to tell Exim to delete that line. The missing asterisk issue was "fixed" a long time ago. The current code has the fix. Can you try a test for me? The test would be 1) stop the outgoing Exim only - leave the incoming Exim running. 2) send yourself a message with trailing space(s) in Subject: 3) copy /var/spool/exim.out for later examination 4) start the outgoing Exim Then examine the copy of /var/spool/exim.out and find your message which should have two 'nnn Subject: ...' lines (nnn is the number of characters in the header). What you should see is the original one with nnn Subject: ... and the added one (probably above the original) with trailing spaces removed and an asterisk. nnn* Subject: ... If there is no asterisk, There is a problem with MailScanner. If there is an asterisk and the message gets delivered with two Subject: headers, the problem is in the outgoing Exim. If you can do this test, let us know what you find. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From Warwick.x.Brown at serco.com Sun Nov 13 20:36:44 2016 From: Warwick.x.Brown at serco.com (Warwick Brown) Date: Sun, 13 Nov 2016 20:36:44 +0000 Subject: duplicate subject lines in headers (again) In-Reply-To: <366d198f-fe02-bd67-d92b-794dd3984864@msapiro.net> References: <4e41b092-c7cb-3ece-946d-b71ed1043dd5@msapiro.net> <7bdc2689-f203-c25b-86be-8bf99ebcca0d@msapiro.net> <366d198f-fe02-bd67-d92b-794dd3984864@msapiro.net> Message-ID: > Can you try a test for me? > > The test would be > > 1) stop the outgoing Exim only - leave the incoming Exim running. > 2) send yourself a message with trailing space(s) in Subject: > 3) copy /var/spool/exim.out for later examination > 4) start the outgoing Exim > > Then examine the copy of /var/spool/exim.out and find your message which > should have two 'nnn Subject: ...' lines (nnn is the number of > characters in the header). What you should see is the original one with > > nnn Subject: ... > > and the added one (probably above the original) with trailing spaces > removed and an asterisk. > > nnn* Subject: ... > > If there is no asterisk, There is a problem with MailScanner. If there > is an asterisk and the message gets delivered with two Subject: headers, > the problem is in the outgoing Exim. > > If you can do this test, let us know what you find. Nice and quick test.....not the answer you were hoping for though: 018 X-Spam-Status: No 076 X-MyOrg-MailScanner-Watermark: 1479672988.91017 at AfSF0dfSQNo9m+YscRQWqA 033 Subject: Has two trailing spaces 048 X-MyOrg-MailScanner-From: me at externaldomain.com 038 X-MyOrg-MailScanner-SpamScore: 4 204 X-MyOrg-MailScanner-SpamCheck: not spam, SpamAssassin (score=4.107, required 6, ALL_TRUSTED -1.00, INVALID_MSGID 1.17, MISSING_DATE 1.40, MISSING_FROM 1.00, MISSING_HEADERS 1.21, MSGID_SHORT 0.34) 044 X-MyOrg-MailScanner: Found to be clean 046 X-MyOrg-MailScanner-ID: 1c61C4-0001vp-58 096 X-MyOrg-MailScanner-Information: Please report any suspicious emails to phishing at myorg.com 253P Received: from [10.11.12.13] (port=57525 helo=moo) by smtp.myorg.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.86) (envelope-from ) id 1c61C4-0001vp-58 for warwick at myorg.com; Sun, 13 Nov 2016 20:16:28 +0000 024I Message-ID: Faked-By-Me 035 Subject: Has two trailing spaces I checked the file in vi and the subject on the bottom line definitely has the trailing spaces. The delivered mail contains both subject lines - interestingly - Exchange seems to strip the modified subject line, but I did another test and sent it to a courier IMAP server, the mail file clearly shows both subjects: Return-path: Envelope-to: Roleaccount-Postmaster at post.myorg.com Delivery-date: Sun, 13 Nov 2016 20:28:00 +0000 Received: from [2.3.4.5] (helo=smtp.myorg.com) by mail.myorg.com with esmtps (TLSv1:ECDHE-RSA-AES256-SHA:256) (Exim 4.85) (envelope-from ) id 1c61Ng-0001Yo-Fx for Roleaccount-Postmaster at post.myorg.com; Sun, 13 Nov 2016 20:28:00 +0000 X-Spam-Status: Yes X-MyOrg-MailScanner-Watermark: 1479673632.70114 at SuInET/cJzqXOwWxS3aXHw Subject: {Spam?} Trailing spaces X-MyOrg-MailScanner-From: me at externaldomain.com X-MyOrg-MailScanner-SpamScore: 9 X-MyOrg-MailScanner-SpamCheck: spam, SpamAssassin (score=9.96, required 6, BODY_SINGLE_WORD 1.08, FSL_HELO_NON_FQDN_1 0.00, INVALID_MSGID 1.17, MISSING_DATE 1.40, MISSING_FROM 1.00, MISSING_HEADERS 1.21, MSGID_SHORT 0.34, RDNS_NONE 1.27, TVD_SPACE_RATIO 0.00, TVD_SPACE_RATIO_MINFP 2.50) X-MyOrg-MailScanner: Found to be clean X-MyOrg-MailScanner-ID: 1c61MZ-0003FP-BR X-MyOrg-MailScanner-Information: Please report any suspicious emails to phishing at myorg.com Received: from [2.3.4.6] (port=36355 helo=moo) by smtp.myorg.com with esmtps (TLSv1:ECDHE-RSA-AES256-SHA:256) (Exim 4.86) (envelope-from ) id 1c61MZ-0003FP-BR for postmaster at myorg.com; Sun, 13 Nov 2016 20:27:12 +0000 Message-ID: Faked-By-Me Subject: Trailing spaces Blah So I'm afraid it does look like MailScanner rather than exim.... do we need to dig down into perl modules? When I built MailScanner, I gave it it's own installation of Perl so it wouldn't get messed up by the system-provided (RPM based) perl (so perl is installed in /opt/Mailscanner/bin/perl) and I updated all the install and run-time scripts to use this specific version of perl. See below: # /opt/MailScanner/bin/perl -v This is perl 5, version 22, subversion 1 (v5.22.1) built for x86_64-linux-thread-multi Copyright 1987-2015, Larry Wall Perl may be copied only under the terms of either the Artistic License or the GNU General Public License, which may be found in the Perl 5 source kit. Complete documentation for Perl, including FAQ lists, should be found on this system using "man perl" or "perldoc perl". If you have access to the Internet, point your browser at http://www.perl.org/, the Perl Home Page. # grep perl MailScanner #!/opt/MailScanner/bin/perl -U -I/opt/MailScanner/lib if ($path =~ m#/usr/(local/)?lib\d*/perl\d*/\d\.\d#) { # perl5 paths in @corepaths. We want notcore + core, so the notcore ones print STDERR "\n\n**** ERROR: You must upgrade your perl IO module to at least\n**** ERROR: version 1.2301 or MailScanner will not work!\n\n"; print STDERR "\n\n**** ERROR: You must upgrade your perl IO::Stringy module to at least\n**** ERROR: version 2.110 or MailScanner will not work!\n\n"; # Read the configuration file properly # Read the configuration file properly # Read the configuration file properly # This child's parent is perl MailScanner::Log::WarnLog("WARNING: You are trying to use the Processing Attempts Database but your DBI and/or DBD::SQLite Perl modules are not properly installed!"); MailScanner::Log::WarnLog("WARNING: You are trying to use the Processing Attempts Database but your DBI and/or DBD::SQLite Perl modules are not properly installed!"); # The perl has all the right modules installed, however I am aware I need to do some work (as per the lint output) on the DBI module Thanks again, Warwick From mark at msapiro.net Sun Nov 13 20:56:37 2016 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 13 Nov 2016 12:56:37 -0800 Subject: duplicate subject lines in headers (again) In-Reply-To: References: <4e41b092-c7cb-3ece-946d-b71ed1043dd5@msapiro.net> <7bdc2689-f203-c25b-86be-8bf99ebcca0d@msapiro.net> <366d198f-fe02-bd67-d92b-794dd3984864@msapiro.net> Message-ID: <7ae9cc64-e374-66d6-366e-37cad781b442@msapiro.net> On 11/13/2016 12:36 PM, Warwick Brown wrote: > > Nice and quick test.....not the answer you were hoping for though: But good information. > 018 X-Spam-Status: No > 076 X-MyOrg-MailScanner-Watermark: 1479672988.91017 at AfSF0dfSQNo9m+YscRQWqA > 033 Subject: Has two trailing spaces > 048 X-MyOrg-MailScanner-From: me at externaldomain.com > 038 X-MyOrg-MailScanner-SpamScore: 4 > 204 X-MyOrg-MailScanner-SpamCheck: not spam, SpamAssassin (score=4.107, > required 6, ALL_TRUSTED -1.00, INVALID_MSGID 1.17, MISSING_DATE 1.40, > MISSING_FROM 1.00, MISSING_HEADERS 1.21, MSGID_SHORT 0.34) > 044 X-MyOrg-MailScanner: Found to be clean > 046 X-MyOrg-MailScanner-ID: 1c61C4-0001vp-58 > 096 X-MyOrg-MailScanner-Information: Please report any suspicious emails to phishing at myorg.com > 253P Received: from [10.11.12.13] (port=57525 helo=moo) > by smtp.myorg.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) > (Exim 4.86) > (envelope-from ) > id 1c61C4-0001vp-58 > for warwick at myorg.com; Sun, 13 Nov 2016 20:16:28 +0000 > 024I Message-ID: Faked-By-Me > 035 Subject: Has two trailing spaces > > I checked the file in vi and the subject on the bottom line definitely has the trailing spaces. So it is definitely a MailScanner issue, but it was supposed to be fixed a long time ago. Look at . At line 845 is the DeleteHeader subroutine. The previous issue was that lines 863 and 864 used to be next if !$usingregexp && lc($metadata->{headers}[$hdrnum]{name}) ne lc $key; instead of next if !$usingregexp && lc(quotemeta($metadata->{headers}[$hdrnum]{name})) ne lc $key; This is the fix that Jules referred to at . Compare that routine to the one in your MailScanner/Exim.pm and see if you are missing the 'quotemeta' or if there are other differences. ... > So I'm afraid it does look like MailScanner rather than exim.... Yes, I think so. > do we need to dig down into perl modules? I don't think so. I think it's in that DeleteHeader routine, so let's look at your version. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From Warwick.x.Brown at serco.com Sun Nov 13 23:04:25 2016 From: Warwick.x.Brown at serco.com (Warwick Brown) Date: Sun, 13 Nov 2016 23:04:25 +0000 Subject: duplicate subject lines in headers (again) In-Reply-To: <7ae9cc64-e374-66d6-366e-37cad781b442@msapiro.net> References: <4e41b092-c7cb-3ece-946d-b71ed1043dd5@msapiro.net> <7bdc2689-f203-c25b-86be-8bf99ebcca0d@msapiro.net> <366d198f-fe02-bd67-d92b-794dd3984864@msapiro.net> <7ae9cc64-e374-66d6-366e-37cad781b442@msapiro.net> Message-ID: > So it is definitely a MailScanner issue, but it was supposed to be fixed > a long time ago. > > Look at > nner/Exim.pm>. > At line 845 is the DeleteHeader subroutine. > > The previous issue was that lines 863 and 864 used to be > > next if !$usingregexp && > lc($metadata->{headers}[$hdrnum]{name}) ne lc $key; > > instead of > > next if !$usingregexp && > lc(quotemeta($metadata->{headers}[$hdrnum]{name})) ne lc $key; > > > This is the fix that Jules referred to at > September/093266.html>. > > Compare that routine to the one in your MailScanner/Exim.pm and see if > you are missing the 'quotemeta' or if there are other differences. > > ... > > So I'm afraid it does look like MailScanner rather than exim.... > > Yes, I think so. Hi Mark, I have the latter line, as I built the whole platform from fresh source code only 2 months ago. I notice that in Exim.pm, from line 645 to line 854 there is some acknowledgement to the issue of trailing whitespace in relation to ISO encoded subject lines...I wonder if that 'fixup' may be more appropriate in a broader sense. I'm kicking myself for not being a perlmonger and while I can almost 'read' the code, I'm by no means competent to change it with any assurance. But from my 'spider-sense' I am wondering if all subjects should be treated in the same way? Kind regards, Warwick From michael at weiser.dinsnail.net Sun Nov 13 21:00:15 2016 From: michael at weiser.dinsnail.net (Michael Weiser) Date: Sun, 13 Nov 2016 22:00:15 +0100 Subject: MailScanner 5 on Gentoo Message-ID: <20161113210015.GA28847@dinsnail.net> Hey guys and especially Jerry, I know I'm ridiculously late to the party here but I still need to get this off my chest: Jerry, you're my hero! :) I just updated my Gentoo-based MailScanner installation from something ancient to MailScanner 5.0.3-7 and just couldn't believe how insanely sane this new MailScanner is. So I went right ahead and reworked the Gentoo package to reflect that. I couldn't resist sticking with Gentoo's /etc/conf.d for what /etc/MailScanner/defaults does now. Also I couldn't bring myself to even try to install ms-init and stuck with an updated openrc start-stop-daemon-based init script. And finally I patched around in ms-check because I couldn't really wrap my head around the benefit of having a stopped_lockfile *and* a run_mailscanner setting. I've tried to formulate my thoughts on all this in a README.Gentoo (https://584524.bugs.gentoo.org/attachment.cgi?id=453228). Anyway, I found an already open bug on updating the Gentoo package and stuck my stuff into it. There's lots of explanations and rationale in the ebuild, the ms-check patch and the README.Gentoo if anyone's interested: https://bugs.gentoo.org/show_bug.cgi?id=584524. Now we'll have to see if it gets picked up. Here are some additional points for your consideration hidden away as comments in the ebuild: On /etc/conf.d/MailScanner (aka /etc/MailScanner/defaults): - nothing is using the ms_re2c setting (ms-update-sa finds it on its own) - ms_etc isn't used anywhere On calls to ms-init in /usr/sbin/ms-update-bad-emails and /usr/sbin/ms-update-sa: change restarts via ms-init after e.g. rules updates into reloads via /etc/init.d/MailScanner a.) reloads should be enough because they restart all children and the parent MailScanner doesn't do anything so doesn't need the update b.) this way we'll never accidentally start MailScanner when it's supposed to be switched off without mucking about with $run_mailscanner and $stopped_lockfile What I mean there is: A simple SIGHUP instead of ms-init restart should do the trick and be safer at the same time, shouldn't it? Feel free to bash me (a bit :) for stuff I got wrong. And thanks again! This is awesome! :) -- Michael From jerry.benton at mailborder.com Mon Nov 14 04:05:37 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Sun, 13 Nov 2016 23:05:37 -0500 Subject: MailScanner 5 on Gentoo In-Reply-To: <20161113210015.GA28847@dinsnail.net> References: <20161113210015.GA28847@dinsnail.net> Message-ID: <3FF96ECD-DB17-4197-9006-57D020E6A231@mailborder.com> Ok, I can?t tell if you are happy about v5 or not. So, here is some of the logic: - I put the config in /etc/MailScanner/defaults because configs are in a different place on every distro. This keeps it in one place no matter what distro you are using. I support a lot of different distros, and trying to find it in 5 different places on 5 different distros is a pain in the ass. I would suggest leaving it where it is and using a symlink for your distro. - The same logic was used for ms-init, /var/lock/subsys/Mailscanner, and /var/log/MailScanner.off - run_mailscanner is in place so that MailScanner does not get started accidentally before MailScanner.conf has been setup. - The PID of the mater process is put in the PID file. If ms-check does not find a matching PID of what it should be, it restarts everything. If you have some suggestions for changes that will work across all distros, please do post it here so I can review and implement them. Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Nov 13, 2016, at 4:00 PM, Michael Weiser wrote: > > Hey guys and especially Jerry, > > I know I'm ridiculously late to the party here but I still need to get > this off my chest: Jerry, you're my hero! :) > > I just updated my Gentoo-based MailScanner installation from something > ancient to MailScanner 5.0.3-7 and just couldn't believe how insanely > sane this new MailScanner is. So I went right ahead and reworked the > Gentoo package to reflect that. > > I couldn't resist sticking with Gentoo's /etc/conf.d for what > /etc/MailScanner/defaults does now. Also I couldn't bring myself to even > try to install ms-init and stuck with an updated openrc > start-stop-daemon-based init script. And finally I patched around in > ms-check because I couldn't really wrap my head around the benefit of > having a stopped_lockfile *and* a run_mailscanner setting. I've tried to > formulate my thoughts on all this in a README.Gentoo > (https://584524.bugs.gentoo.org/attachment.cgi?id=453228). > > Anyway, I found an already open bug on updating the Gentoo package and > stuck my stuff into it. There's lots of explanations and rationale in > the ebuild, the ms-check patch and the README.Gentoo if anyone's > interested: https://bugs.gentoo.org/show_bug.cgi?id=584524. > Now we'll have to see if it gets picked up. > > Here are some additional points for your consideration hidden away as > comments in the ebuild: > > On /etc/conf.d/MailScanner (aka /etc/MailScanner/defaults): > - nothing is using the ms_re2c setting (ms-update-sa finds it on its own) > - ms_etc isn't used anywhere > > On calls to ms-init in /usr/sbin/ms-update-bad-emails and > /usr/sbin/ms-update-sa: > > change restarts via ms-init after e.g. rules updates into > reloads via /etc/init.d/MailScanner > a.) reloads should be enough because they restart all children and the > parent MailScanner doesn't do anything so doesn't need the update > b.) this way we'll never accidentally start MailScanner when it's > supposed to be switched off without mucking about with > $run_mailscanner and $stopped_lockfile > > What I mean there is: A simple SIGHUP instead of ms-init restart > should do the trick and be safer at the same time, shouldn't it? > > Feel free to bash me (a bit :) for stuff I got wrong. > > And thanks again! This is awesome! :) > -- > Michael > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Mon Nov 14 06:36:41 2016 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 13 Nov 2016 22:36:41 -0800 Subject: duplicate subject lines in headers (again) In-Reply-To: References: <4e41b092-c7cb-3ece-946d-b71ed1043dd5@msapiro.net> <7bdc2689-f203-c25b-86be-8bf99ebcca0d@msapiro.net> <366d198f-fe02-bd67-d92b-794dd3984864@msapiro.net> <7ae9cc64-e374-66d6-366e-37cad781b442@msapiro.net> Message-ID: <380fd76b-9ec7-3dec-4802-2d85a746ee21@msapiro.net> On 11/13/2016 03:04 PM, Warwick Brown wrote: > > I notice that in Exim.pm, from line 645 to line 854 there is some acknowledgement to the issue of trailing whitespace in relation to ISO encoded subject lines...I wonder if that 'fixup' may be more appropriate in a broader sense. I'm kicking myself for not being a perlmonger and while I can almost 'read' the code, I'm by no means competent to change it with any assurance. But from my 'spider-sense' I am wondering if all subjects should be treated in the same way? Actually, it's much simpler than that. If you look further down beginning at line 902 you'll see sub ReplaceHeader { my($this, $message, $key, $newvalue) = @_; # DKIM: Don't do DeleteHeader if adding all headers at top $this->DeleteHeader($message, $key) unless $message->{dkimfriendly}; $this->AddHeader($message, $key, $newvalue); return 1; } dkimfriendly is set in Message.pm if Multiple Headers = add and Place New Headers At Top Of Message = yes which is the way you are configured. I.e., this behavior is intentional with your configuration. So the question is do you care if you break DKIM signatures on incoming mail. You need to consider your mail flow. If you don't relay mail through your server, you don't care. If you care about validating DKIM sigs on incoming mail, Spamassassin does that for MailScanner, I'm sure before MailScanner adds any headers, and if you're DKIM signing outgoing mail, you should be doing that in the outgoing Exim after MailScanner. The only signatures you might care about breaking are ones in incoming mail that you will relay to another server. There, it can be important because of DMARC, and possibly you are caught between the proverbial rock and hard place. Even with Place New Headers At Top Of Message = no You probably won't actually break the sig unless the incoming message has trailing spaces on the Subject:. So, If you consider an incoming message with trailing spaces on the Subject: that originated From: another domain (not yours) that publishes DMARC p=reject and is DKIM signed by that domain, if you leave your MS config as is, you may not break the DKIM sig so DMARC will pass, but Yahoo will reject the relayed mail because of two Subject: headers. If you set Place New Headers At Top Of Message = no you won't wind up with two Subject: headers, but you'll break the From: domain's DKIM sig so DMARC will fail and more than just Yahoo will reject the mail for DMARC policy. Now, for mail From: your domain, there's no issue. You just DKIM sign on the way out and that sig is good. I know this is complex and probably difficult for most people to grasp, so if you have specific scenarios you want to ask about, please do. Another possibility is to modify MailScanner itself to not strip trailing space from the Subject: ever. I don't think that would be hard, but I haven't looked at exactly how to do it. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From john at tradoc.fr Mon Nov 14 08:26:18 2016 From: john at tradoc.fr (John Wilcock) Date: Mon, 14 Nov 2016 09:26:18 +0100 Subject: MailScanner 5 on Gentoo In-Reply-To: <20161113210015.GA28847@dinsnail.net> References: <20161113210015.GA28847@dinsnail.net> Message-ID: Le 13/11/2016 ? 22:00, Michael Weiser a ?crit : > I just updated my Gentoo-based MailScanner installation from something > ancient to MailScanner 5.0.3-7 and just couldn't believe how insanely > sane this new MailScanner is. So I went right ahead and reworked the > Gentoo package to reflect that. Thanks for your work on this, Michael. I've been holding off on doing the update on my gentoo boxes due to lack of time ? and hesitations as to whether to move to amavisd instead, as I'm keen on the possibility of doing before-queue spamassassin, but not so clear on whether there's a good amavisd equivalent to MailWatch. Anyway, I'll give your ebuild a try on a test box later this week and get back to you with my thoughts. -- John From michael at weiser.dinsnail.net Mon Nov 14 08:49:07 2016 From: michael at weiser.dinsnail.net (Michael Weiser) Date: Mon, 14 Nov 2016 09:49:07 +0100 Subject: MailScanner 5 on Gentoo In-Reply-To: <3FF96ECD-DB17-4197-9006-57D020E6A231@mailborder.com> References: <20161113210015.GA28847@dinsnail.net> <3FF96ECD-DB17-4197-9006-57D020E6A231@mailborder.com> Message-ID: <20161114084907.GA2683@weiser.dinsnail.net> Hi Jerry, On Sun, Nov 13, 2016 at 11:05:37PM -0500, Jerry Benton wrote: > Ok, I can???t tell if you are happy about v5 or not. Now I can't tell if you're joking: I'm very happy, honest. Because it's FHS-compliant now, packaging became much more straight-forward. I like the new naming scheme for commands and ms-cron for cronjobs. I think it's a huge improvement all around and I basically like all about it. > So, here is some of the logic: > - I put the config in /etc/MailScanner/defaults because configs are in > a different place on every distro. This keeps it in one place no > matter what distro you are using. I support a lot of different > distros, and trying to find it in 5 different places on 5 different > distros is a pain in the ass. I would suggest leaving it where it is > and using a symlink for your distro. > - The same logic was used for ms-init, /var/lock/subsys/Mailscanner, > and /var/log/MailScanner.off I feel your pain and I read and understood the list archives for the rationale. Gentoo users and supporters being able to find things as per their known path conventions is just as valid a point, IMO. AFAIK Gentoo users are encouraged to report to the Gentoo bugzilla first (in the assumption that the packager screwed up :) and possibly take it upstream from there having the package maintainer as a reproducer, qualifier and translator. > - run_mailscanner is in place so that MailScanner does not get started > accidentally before MailScanner.conf has been setup. > - The PID of the mater process is put in the PID file. If ms-check > does not find a matching PID of what it should be, it restarts > everything. My niggle here is that ms-check also restarts the daemon if the PID file is missing altogether. That makes it a masked start script. Consider the following workflow: A user installs MailScanner and as always first goes into /etc/conf.d/$service (or /etc/MailScanner/defaults in this case) and looks for general overall stuff to adjust. Obviously he'll decide to set run_mailscanner to 1 because he'll want the service to run eventually. Then he'll turn his attention to MailScanner.conf and get lost in its plenthora of options. Meanwhile cron.hourly runs ms-cron which runs ms-check and starts the daemon with an unfinished config. I guess this is not a problem with the a stock tarball install because it doesn't install cron jobs automatically. But I'd like to provide them as part of the package. And I see that the RPM package does so as well. I guess we could have an additional run_cron defaulting to 0 with a fat warning to only set that to 1 after everything is configured. Or add such a warning to run_mailscanner. But is there an actual error condition that would cause MailScanner to stop unintentionally and still clean up its PID file? -- Thanks, Michael From mark at msapiro.net Wed Nov 16 18:24:28 2016 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 16 Nov 2016 10:24:28 -0800 Subject: v5.0.4-3 - Postfix queue id issue In-Reply-To: References: Message-ID: <034d11e3-905d-d3bd-d95b-17a625945541@msapiro.net> See my comment "Since I installed 5.0.4-3, Mailscanner is requeuing using short IDs." at which I just reopened. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From donnerk at gmail.com Wed Nov 16 16:46:43 2016 From: donnerk at gmail.com (Nerk Nerk) Date: Wed, 16 Nov 2016 17:46:43 +0100 Subject: Updating SpamAssassin to 3.4.1 safe? And how do I update MailScanner? Message-ID: Is it safe to update SpamAssassin that is installed by MailScanner (via yum) to 3.4.1 on CentOS7? It uses the 'base' repo that has version 3.4.0 but I would like 3.4.1 instead. I can install that via cpan I think, but I am wondering if that's a safe thing to do. I can also install a RPM or compile it myself. Will that give any troubles? Also would like to know how I can update MailScanner after it was installed, when there is a new version available? I pulled the original from Github and used the install.sh file to install it. Thanks for a great product! -------------- next part -------------- An HTML attachment was scrubbed... URL: From alvaro at hostalia.com Wed Nov 16 19:24:14 2016 From: alvaro at hostalia.com (=?UTF-8?Q?Alvaro_Mar=c3=adn?=) Date: Wed, 16 Nov 2016 20:24:14 +0100 Subject: v5.0.4-3 - Postfix queue id issue In-Reply-To: <034d11e3-905d-d3bd-d95b-17a625945541@msapiro.net> References: <034d11e3-905d-d3bd-d95b-17a625945541@msapiro.net> Message-ID: Hi, thank you, I've fixed it and attached the new files in github. It's been a mistake generating a clean file (without my debug code) to send to github and one "if condition", sorry. The diff: PFDiskStore.pm: @@ -87,7 +87,7 @@ # my $long_queue_id=0; my $hex=$this->{hdname}; - if ( ($this->{hdname} =~ /[A-Za-z0-9]{15}$/) && ($MailScanner::SMDiskStore::HashDirDepth > 0)) { + if ($this->{hdname} =~ /[A-Za-z0-9]{15}$/) { # long queue id $long_queue_id=1; # With long queue IDs, when hash queues is enabled, the directory hierarchy Postfix.pm: @@ -246,7 +246,7 @@ # Bad hash key $file = sprintf("%05X%lX", time % 1000000, (stat($file))[1]); # Add 1 so the number is never zero (defensive programming) - $file = sprintf("%05X%lX", int(rand 1000000)+1, (stat($file))[1]); + #$file = sprintf("%05X%lX", int(rand 1000000)+1, (stat($file))[1]); #print STDERR "New Filename is $file\n"; # @@ -277,7 +277,7 @@ # my $long_queue_id=0; my $hex; - if ( ($file =~ /\-[A-Za-z0-9]{15}\.[A-Za-z0-9]{5}$/) && ($MailScanner::SMDiskStore::HashDirDepth > 0) ) { + if ($file =~ /\-[A-Za-z0-9]{15}\.[A-Za-z0-9]{5}$/) { # Long queue IDs $long_queue_id=1; use Time::HiRes qw( gettimeofday ); Please, test it with the new patch. Is working for me: 2016-11-16 20:01:58 MailScanner[31134]: Requeue: 3tJtsZ1lrQzJX8f.A943F to 3tJtsf6yjyzJX8p Regards, El 16/11/16 a las 19:24, Mark Sapiro escribi?: > See my comment "Since I installed 5.0.4-3, Mailscanner is requeuing > using short IDs." at which > I just reopened. > -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From mark at msapiro.net Wed Nov 16 20:39:34 2016 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 16 Nov 2016 12:39:34 -0800 Subject: v5.0.4-3 - Postfix queue id issue In-Reply-To: References: <034d11e3-905d-d3bd-d95b-17a625945541@msapiro.net> Message-ID: On 11/16/2016 11:24 AM, Alvaro Mar?n wrote: > > Please, test it with the new patch. Is working for me: Yes. As noted at , I am now running with the files from and it seems OK. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From jerry.benton at mailborder.com Wed Nov 16 23:25:39 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Wed, 16 Nov 2016 18:25:39 -0500 Subject: Updating SpamAssassin to 3.4.1 safe? And how do I update MailScanner? In-Reply-To: References: Message-ID: <7E7E2FE2-98CD-4260-87E8-8A83EFFD44B6@mailborder.com> 1 - yes 2 - I suggest using the released versions from https://www.mailscanner.info/downloads/ as GitHub tend to be a works in progress. The packages on the site have been tested. - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Nov 16, 2016, at 11:46 AM, Nerk Nerk wrote: > > Is it safe to update SpamAssassin that is installed by MailScanner (via yum) to 3.4.1 on CentOS7? > > It uses the 'base' repo that has version 3.4.0 but I would like 3.4.1 instead. I can install that via cpan I think, but I am wondering if that's a safe thing to do. I can also install a RPM or compile it myself. Will that give any troubles? > > Also would like to know how I can update MailScanner after it was installed, when there is a new version available? I pulled the original from Github and used the install.sh file to install it. > > Thanks for a great product! > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From donnerk at gmail.com Thu Nov 17 12:27:21 2016 From: donnerk at gmail.com (Nerk Nerk) Date: Thu, 17 Nov 2016 13:27:21 +0100 Subject: Updating SpamAssassin to 3.4.1 safe? And how do I update MailScanner? In-Reply-To: <7E7E2FE2-98CD-4260-87E8-8A83EFFD44B6@mailborder.com> References: <7E7E2FE2-98CD-4260-87E8-8A83EFFD44B6@mailborder.com> Message-ID: Dear Jerry, Thank you for your answers. Concerning the packages, is it just a matter of downloading the new version and executing the install.sh script to override the old version, or is it a different method to upgrade? Thanks a lot! 2016-11-17 0:25 GMT+01:00 Jerry Benton : > 1 - yes > 2 - I suggest using the released versions from https://www.mailscanner. > info/downloads/ as GitHub tend to be a works in progress. The packages on > the site have been tested. > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > > On Nov 16, 2016, at 11:46 AM, Nerk Nerk wrote: > > Is it safe to update SpamAssassin that is installed by MailScanner (via > yum) to 3.4.1 on CentOS7? > > It uses the 'base' repo that has version 3.4.0 but I would like 3.4.1 > instead. I can install that via cpan I think, but I am wondering if that's > a safe thing to do. I can also install a RPM or compile it myself. Will > that give any troubles? > > Also would like to know how I can update MailScanner after it was > installed, when there is a new version available? I pulled the original > from Github and used the install.sh file to install it. > > Thanks for a great product! > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Thu Nov 17 12:34:23 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Thu, 17 Nov 2016 07:34:23 -0500 Subject: Updating SpamAssassin to 3.4.1 safe? And how do I update MailScanner? In-Reply-To: References: <7E7E2FE2-98CD-4260-87E8-8A83EFFD44B6@mailborder.com> Message-ID: <5C10922A-9671-42AA-9D4E-7E1AC63236B9@mailborder.com> If you are upgrading from MailScanner v5 to another v5 package, you can just install the new RPM. You can also use the install.sh script. If you are upgrading from v4 to v5, you need to use the install.sh script. - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Nov 17, 2016, at 7:27 AM, Nerk Nerk wrote: > > Dear Jerry, > > Thank you for your answers. > > Concerning the packages, is it just a matter of downloading the new version and executing the install.sh script to override the old version, or is it a different method to upgrade? > > Thanks a lot! > > 2016-11-17 0:25 GMT+01:00 Jerry Benton >: > 1 - yes > 2 - I suggest using the released versions from https://www.mailscanner.info/downloads/ as GitHub tend to be a works in progress. The packages on the site have been tested. > > - > Jerry Benton > www.mailborder.com > +1 -?844-436-6245 > > > >> On Nov 16, 2016, at 11:46 AM, Nerk Nerk > wrote: >> >> Is it safe to update SpamAssassin that is installed by MailScanner (via yum) to 3.4.1 on CentOS7? >> >> It uses the 'base' repo that has version 3.4.0 but I would like 3.4.1 instead. I can install that via cpan I think, but I am wondering if that's a safe thing to do. I can also install a RPM or compile it myself. Will that give any troubles? >> >> Also would like to know how I can update MailScanner after it was installed, when there is a new version available? I pulled the original from Github and used the install.sh file to install it. >> >> Thanks for a great product! >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Mon Nov 21 18:35:33 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 21 Nov 2016 13:35:33 -0500 Subject: phishing safe sites Message-ID: <445A4CE9-C4A9-4D98-88B5-5106D985853D@mailborder.com> Alexa wants to start charging for their list of web sites. I cannot seem to find a copy of a recent version of the phishing.safe.sites file. If anyone has a copy, I would appreciate it if you sent a copy my way. It never really changed much, so it will become a mostly static and occasionally manually updated file on the update server until I can find another reliable source to dynamically create that file. The phishing.bad.sites is still updated as before. - Jerry Benton www.mailborder.com +1 - 844-436-6245 From jerry.benton at mailborder.com Mon Nov 21 19:06:54 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 21 Nov 2016 14:06:54 -0500 Subject: phishing safe sites In-Reply-To: <445A4CE9-C4A9-4D98-88B5-5106D985853D@mailborder.com> References: <445A4CE9-C4A9-4D98-88B5-5106D985853D@mailborder.com> Message-ID: I have fixed the update server to put out a the phishing.safe.sites.conf every day. Amazon in all of their douchebaggery bought Alexa and now wants to charge .25 per 100 domains downloaded. Do the math and it is $2500 for the full list. Assholes. - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Nov 21, 2016, at 1:35 PM, Jerry Benton wrote: > > Alexa wants to start charging for their list of web sites. I cannot seem to find a copy of a recent version of the phishing.safe.sites file. If anyone has a copy, I would appreciate it if you sent a copy my way. It never really changed much, so it will become a mostly static and occasionally manually updated file on the update server until I can find another reliable source to dynamically create that file. > > The phishing.bad.sites is still updated as before. > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Tue Nov 22 00:02:37 2016 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Mon, 21 Nov 2016 19:02:37 -0500 Subject: phishing safe sites In-Reply-To: References: <445A4CE9-C4A9-4D98-88B5-5106D985853D@mailborder.com> Message-ID: Thanks for your help! Not a bit surprised. On Mon, Nov 21, 2016 at 2:06 PM, Jerry Benton wrote: > I have fixed the update server to put out a the phishing.safe.sites.conf > every day. Amazon in all of their douchebaggery bought Alexa and now wants > to charge .25 per 100 domains downloaded. Do the math and it is $2500 for > the full list. Assholes. > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > > On Nov 21, 2016, at 1:35 PM, Jerry Benton > wrote: > > Alexa wants to start charging for their list of web sites. I cannot seem > to find a copy of a recent version of the phishing.safe.sites file. If > anyone has a copy, I would appreciate it if you sent a copy my way. It > never really changed much, so it will become a mostly static and > occasionally manually updated file on the update server until I can find > another reliable source to dynamically create that file. > > The phishing.bad.sites is still updated as before. > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From jlovejoy at lovejoytech.com Mon Nov 21 18:51:10 2016 From: jlovejoy at lovejoytech.com (James Lovejoy) Date: Mon, 21 Nov 2016 13:51:10 -0500 Subject: phishing safe sites In-Reply-To: <445A4CE9-C4A9-4D98-88B5-5106D985853D@mailborder.com> References: <445A4CE9-C4A9-4D98-88B5-5106D985853D@mailborder.com> Message-ID: <822f4b15-93c3-b704-dac6-3e5f0ab015d2@lovejoytech.com> The last version I have updated is from 2016-11-16 @ 06:11 CET. Hopefully it's closer to what you're looking for. On 11/21/2016 1:35 PM, Jerry Benton wrote: > Alexa wants to start charging for their list of web sites. I cannot seem to find a copy of a recent version of the phishing.safe.sites file. If anyone has a copy, I would appreciate it if you sent a copy my way. It never really changed much, so it will become a mostly static and occasionally manually updated file on the update server until I can find another reliable source to dynamically create that file. > > The phishing.bad.sites is still updated as before. > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: phishing.safe.sites.zip Type: application/zip Size: 6495 bytes Desc: not available URL: From jerry.benton at mailborder.com Tue Nov 22 04:49:58 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 21 Nov 2016 23:49:58 -0500 Subject: v5 and RHEL Message-ID: I noticed some odd behavior on a server I was looking at today. It seems that some of the perl modules were having problems from what may be conflicts. Has anyone installed the v5 package and seen any issues on RHEL? How about CentOS? This may be related to installing missing modules via CPAN. - Jerry Benton www.mailborder.com +1 - 844-436-6245 From thom at vdb.nl Tue Nov 22 06:32:07 2016 From: thom at vdb.nl (Thom van der Boon) Date: Tue, 22 Nov 2016 07:32:07 +0100 (CET) Subject: v5 and RHEL In-Reply-To: References: Message-ID: <1773489273.34012.1479796327119.JavaMail.zimbra@vdb.nl> Hi Jerry, 5.0.3 on CentOS 6 without any major problems Pyzor and Razor give both a problem, but these problems are well documented how to solve them Met vriendelijke groet, Best regards, Thom van der Boon E-Mail: thom at vdb.nl ===== Thom.H. van der Boon b.v. Transito 4 6909 DA Babberich Tel.: +31 (0)88 4272727 Fax: +31 (0)88 4272789 Home Page: http://www.vdb.nl/ Van: "Jerry Benton" Aan: "MailScanner Discussion" Verzonden: Dinsdag 22 november 2016 05:49:58 Onderwerp: v5 and RHEL I noticed some odd behavior on a server I was looking at today. It seems that some of the perl modules were having problems from what may be conflicts. Has anyone installed the v5 package and seen any issues on RHEL? How about CentOS? This may be related to installing missing modules via CPAN. - Jerry Benton www.mailborder.com +1 - 844-436-6245 -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From walt at onlinemarketingguild.com Tue Nov 22 12:46:39 2016 From: walt at onlinemarketingguild.com (Walt Thiessen) Date: Tue, 22 Nov 2016 07:46:39 -0500 Subject: v5 and RHEL In-Reply-To: References: Message-ID: <9a21126c-2a98-30a4-3211-5e7ac1e3d7f4@onlinemarketingguild.com> Hi Jerry, We installed v5 on my new CentOS7 server running Cpanel in September, and we did have issues. At the time, I wondered the same thing about whether there were modules that didn't install properly. I don't know everything that my admins did, although they did reinstall MailScanner for me. However, I do not know to what extent perl scripts may have been involved, if at all. Sorry, but that's the best info I have. I do know that we ended up running into a Redhat bug that prevented logging from properly occurring in MailScanner, which also impacted our attempts to get the MailScanner Front End working properly as well. The folks at Configserver ultimately ended up helping us by identifying the bug and recommending a fix. This doesn't seem directly related to what you're seeing, but maybe it will prove helpful to you anyway. Walt On 11/21/2016 11:49 PM, Jerry Benton wrote: > I noticed some odd behavior on a server I was looking at today. It seems that some of the perl modules were having problems from what may be conflicts. Has anyone installed the v5 package and seen any issues on RHEL? How about CentOS? This may be related to installing missing modules via CPAN. > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Tue Nov 22 14:52:47 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 22 Nov 2016 09:52:47 -0500 Subject: v5 and RHEL In-Reply-To: <9a21126c-2a98-30a4-3211-5e7ac1e3d7f4@onlinemarketingguild.com> References: <9a21126c-2a98-30a4-3211-5e7ac1e3d7f4@onlinemarketingguild.com> Message-ID: <9D22CDB3-2BE1-4566-993B-2AE01C5E71F2@mailborder.com> What mailscanner front end? - Jerry Benton www.mailborder.com +1 844-436-6245 ext 707 sent via mobile > On Nov 22, 2016, at 07:46, Walt Thiessen via MailScanner wrote: > > Hi Jerry, > > We installed v5 on my new CentOS7 server running Cpanel in September, and we did have issues. At the time, I wondered the same thing about whether there were modules that didn't install properly. > > I don't know everything that my admins did, although they did reinstall MailScanner for me. > > However, I do not know to what extent perl scripts may have been involved, if at all. Sorry, but that's the best info I have. > > I do know that we ended up running into a Redhat bug that prevented logging from properly occurring in MailScanner, which also impacted our attempts to get the MailScanner Front End working properly as well. The folks at Configserver ultimately ended up helping us by identifying the bug and recommending a fix. This doesn't seem directly related to what you're seeing, but maybe it will prove helpful to you anyway. > > Walt > > > >> On 11/21/2016 11:49 PM, Jerry Benton wrote: >> I noticed some odd behavior on a server I was looking at today. It seems that some of the perl modules were having problems from what may be conflicts. Has anyone installed the v5 package and seen any issues on RHEL? How about CentOS? This may be related to installing missing modules via CPAN. >> >> - >> Jerry Benton >> www.mailborder.com >> +1 - 844-436-6245 >> >> >> >> >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From walt at onlinemarketingguild.com Tue Nov 22 15:07:40 2016 From: walt at onlinemarketingguild.com (Walt Thiessen) Date: Tue, 22 Nov 2016 10:07:40 -0500 Subject: v5 and RHEL In-Reply-To: <9D22CDB3-2BE1-4566-993B-2AE01C5E71F2@mailborder.com> References: <9a21126c-2a98-30a4-3211-5e7ac1e3d7f4@onlinemarketingguild.com> <9D22CDB3-2BE1-4566-993B-2AE01C5E71F2@mailborder.com> Message-ID: <92a1ebb7-9fc3-c0d2-7003-7c64c2c9067b@onlinemarketingguild.com> Sorry about the omission ... MailWatch. On 11/22/2016 9:52 AM, Jerry Benton wrote: > What mailscanner front end? > > - > Jerry Benton > www.mailborder.com > +1 844-436-6245 ext 707 > sent via mobile > > On Nov 22, 2016, at 07:46, Walt Thiessen via MailScanner > > wrote: > >> Hi Jerry, >> >> We installed v5 on my new CentOS7 server running Cpanel in September, >> and we did have issues. At the time, I wondered the same thing about >> whether there were modules that didn't install properly. >> >> I don't know everything that my admins did, although they did >> reinstall MailScanner for me. >> >> However, I do not know to what extent perl scripts may have been >> involved, if at all. Sorry, but that's the best info I have. >> >> I do know that we ended up running into a Redhat bug that prevented >> logging from properly occurring in MailScanner, which also impacted >> our attempts to get the MailScanner Front End working properly as >> well. The folks at Configserver ultimately ended up helping us by >> identifying the bug and recommending a fix. This doesn't seem >> directly related to what you're seeing, but maybe it will prove >> helpful to you anyway. >> >> Walt >> >> >> >> On 11/21/2016 11:49 PM, Jerry Benton wrote: >>> I noticed some odd behavior on a server I was looking at today. It seems that some of the perl modules were having problems from what may be conflicts. Has anyone installed the v5 package and seen any issues on RHEL? How about CentOS? This may be related to installing missing modules via CPAN. >>> >>> - >>> Jerry Benton >>> www.mailborder.com >>> +1 - 844-436-6245 >>> >>> >>> >>> >>> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From endelwar at aregar.it Tue Nov 22 23:32:58 2016 From: endelwar at aregar.it (Manuel Dalla Lana) Date: Wed, 23 Nov 2016 00:32:58 +0100 Subject: [Mailwatch-users] the (deprecated) Mysql extension PHP7 Ubuntu 16.04 In-Reply-To: <004e01d2451a$3603a340$a20ae9c0$@ibicsa.co.cu> References: <004e01d2451a$3603a340$a20ae9c0$@ibicsa.co.cu> Message-ID: <891DE8A4-68FC-42EE-ACB3-98B322B769A6@aregar.it> > Il giorno 23 nov 2016, alle ore 00:43, Enrique ha scritto: > > Hi all > I?m try running mailscanner on Ubuntu 16.04 LTS, all except mailwach work fine and see this error: > MailWatch needs the (deprecated) Mysql extension to work: PHP7 has removed this extension Hi, MailScanner works just fine on ubuntu 16.04, but you have to wait till next month for MailWatch php 7 support. Manuel -------------- next part -------------- An HTML attachment was scrubbed... URL: From bisc_edi2 at hotmail.com Fri Nov 25 06:37:19 2016 From: bisc_edi2 at hotmail.com (Edson Hernandez) Date: Fri, 25 Nov 2016 06:37:19 +0000 Subject: conect eset mail security to mailscanner for linux and configure In-Reply-To: References: , Message-ID: hello, how i do a conection of eset mail security to mailscanner using linux and how to configure eset -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmgomess at gmail.com Fri Nov 25 18:41:03 2016 From: mmgomess at gmail.com (Marcelo Machado) Date: Fri, 25 Nov 2016 16:41:03 -0200 Subject: Phishing Score Message-ID: Hi everybody. Is possible create a score or something like that, when Mailscanner find a phishing in a message? Marcelo Gomes -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Fri Nov 25 18:59:07 2016 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Fri, 25 Nov 2016 13:59:07 -0500 Subject: Phishing Score In-Reply-To: References: Message-ID: I don't think that MailScanner can assign a score to phishing that it detects. I use Sanesecurity unofficial rules in clamav to detect various forms of phishing, which get's passed back and flagged as spam by MailScanner. On Fri, Nov 25, 2016 at 1:41 PM, Marcelo Machado wrote: > Hi everybody. > > Is possible create a score or something like that, when Mailscanner find a > phishing in a message? > > > Marcelo Gomes > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmgomess at gmail.com Fri Nov 25 19:27:59 2016 From: mmgomess at gmail.com (Marcelo Machado) Date: Fri, 25 Nov 2016 17:27:59 -0200 Subject: Phishing Score In-Reply-To: References: Message-ID: Thank for your answer Shawn. Marcelo 2016-11-25 16:59 GMT-02:00 Shawn Iverson : > I don't think that MailScanner can assign a score to phishing that it > detects. > > I use Sanesecurity unofficial rules in clamav to detect various forms of > phishing, which get's passed back and flagged as spam by MailScanner. > > On Fri, Nov 25, 2016 at 1:41 PM, Marcelo Machado > wrote: > >> Hi everybody. >> >> Is possible create a score or something like that, when Mailscanner find >> a phishing in a message? >> >> >> Marcelo Gomes >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> > > > -- > Shawn Iverson > Director of Technology > Rush County Schools > 765-932-3901 x271 > iversons at rushville.k12.in.us > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Fri Nov 25 20:09:12 2016 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 25 Nov 2016 12:09:12 -0800 Subject: conect eset mail security to mailscanner for linux and configure In-Reply-To: References: Message-ID: <43fabacb-9276-4230-e149-3f7eb6f25e07@msapiro.net> On 11/24/2016 10:37 PM, Edson Hernandez wrote: > hello, how i do a conection of eset mail security to mailscanner using > linux and how to configure eset To connect esets to MailScanner, put Virus Scanners = esets in your MailScanner config. For configuration of esets itself, if no one on this list with esets evperience responds, try . -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From bisc_edi2 at hotmail.com Fri Nov 25 20:42:01 2016 From: bisc_edi2 at hotmail.com (Edson Hernandez) Date: Fri, 25 Nov 2016 20:42:01 +0000 Subject: conect eset mail security to mailscanner for linux and configure In-Reply-To: <43fabacb-9276-4230-e149-3f7eb6f25e07@msapiro.net> References: , <43fabacb-9276-4230-e149-3f7eb6f25e07@msapiro.net> Message-ID: hi, I have a question about the mailscanner configuration, can you help me? My questions are: 1) Mailscaneer is running right with those files configuration? Otherwise, Could you indicate or give me some suggestion? about, How I do correctly configuration of mailscanner? I modifly 2 lines, those are: 1) # This *cannot* be the filename of a ruleset. Virus Scanners = eset 2) esets /usr/lib/MailScanner/esets-wrapper /opt/eset/esets/sbin ________________________________ De: MailScanner en nombre de Mark Sapiro Enviado: viernes, 25 de noviembre de 2016 02:09 p. m. Para: mailscanner at lists.mailscanner.info Asunto: Re: conect eset mail security to mailscanner for linux and configure On 11/24/2016 10:37 PM, Edson Hernandez wrote: > hello, how i do a conection of eset mail security to mailscanner using > linux and how to configure eset To connect esets to MailScanner, put Virus Scanners = esets in your MailScanner config. For configuration of esets itself, if no one on this list with esets evperience responds, try . ESET | Antivirus, Internet Security Software & Virus ... www.eset.com ESET provides award-winning antivirus and security software trusted by over 100 million users worldwide. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner MailScanner Discussion lists.mailscanner.info About the List A public discussion list for the MailScanner open source project. This is the primary means for getting MailScanner support from community members. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: virus.scanners.conf Type: application/octet-stream Size: 3006 bytes Desc: virus.scanners.conf URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: MailScanner.conf Type: application/octet-stream Size: 146603 bytes Desc: MailScanner.conf URL: From mark at msapiro.net Fri Nov 25 20:45:28 2016 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 25 Nov 2016 12:45:28 -0800 Subject: conect eset mail security to mailscanner for linux and configure In-Reply-To: References: <43fabacb-9276-4230-e149-3f7eb6f25e07@msapiro.net> Message-ID: <92cee734-a467-9c29-9cdf-f05f9ea14d9c@msapiro.net> On 11/25/2016 12:42 PM, Edson Hernandez wrote: > > 1) Mailscaneer is running right with those files configuration? What is reported when you run sudo MailScanner --lint -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From bisc_edi2 at hotmail.com Fri Nov 25 20:50:20 2016 From: bisc_edi2 at hotmail.com (Edson Hernandez) Date: Fri, 25 Nov 2016 20:50:20 +0000 Subject: conect eset mail security to mailscanner for linux and configure In-Reply-To: <92cee734-a467-9c29-9cdf-f05f9ea14d9c@msapiro.net> References: <43fabacb-9276-4230-e149-3f7eb6f25e07@msapiro.net> , <92cee734-a467-9c29-9cdf-f05f9ea14d9c@msapiro.net> Message-ID: [root at smtp /]# sudo MailScanner --lint Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 1501 hostnames from the phishing whitelist Read 14954 hostnames from the phishing blacklists Config: calling custom init function SQLBlacklist Starting up SQL Blacklist Read 0 blacklist entries Config: calling custom init function MailWatchLogging Started SQL Logging child Config: calling custom init function SQLWhitelist Starting up SQL Whitelist Read 0 whitelist entries Checking version numbers... Version number in MailScanner.conf (5.0.3) is correct. Your envelope_sender_header in spamassassin.conf is correct. MailScanner setting GID to (89) MailScanner setting UID to (89) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database pyzor: check failed: internal error, python traceback seen in response SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 2 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = esets" Found these virus scanners installed: clamd, esets =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Filetype Checks: Allowing 1 eicar.com Other Checks: Found 1 problems Virus and Content Scanning: Starting Cannot lock /var/spool/MailScanner/incoming/Locks/esetsBusy.lock, No existe el fichero o el directorio at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 751 Esets::INFECTED::Eicar test file Virus Scanning: esets found 1 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 1 viruses =========================================================================== Virus Scanner test reports: Esets said "found Eicar test file in eicar.com" Esets Actions said "cleaned by deleting" Esets Additional Info said "none" If any of your virus scanners (clamd,esets) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Config: calling custom end function SQLBlacklist Closing down SQL Blacklist Config: calling custom end function MailWatchLogging Config: calling custom end function SQLWhitelist Closing down SQL Whitelist ________________________________ De: MailScanner en nombre de Mark Sapiro Enviado: viernes, 25 de noviembre de 2016 02:45 p. m. Para: mailscanner at lists.mailscanner.info Asunto: Re: conect eset mail security to mailscanner for linux and configure On 11/25/2016 12:42 PM, Edson Hernandez wrote: > > 1) Mailscaneer is running right with those files configuration? What is reported when you run sudo MailScanner --lint -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner MailScanner Discussion lists.mailscanner.info About the List A public discussion list for the MailScanner open source project. This is the primary means for getting MailScanner support from community members. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bisc_edi2 at hotmail.com Fri Nov 25 20:59:10 2016 From: bisc_edi2 at hotmail.com (Edson Hernandez) Date: Fri, 25 Nov 2016 20:59:10 +0000 Subject: conect eset mail security to mailscanner for linux and configure In-Reply-To: References: <43fabacb-9276-4230-e149-3f7eb6f25e07@msapiro.net> , <92cee734-a467-9c29-9cdf-f05f9ea14d9c@msapiro.net>, Message-ID: error, the correctly configuration of this line is: esets /usr/lib/MailScanner/wrapper/esets-wrapper /opt/eset/esets/sbin ________________________________ De: MailScanner en nombre de Edson Hernandez Enviado: viernes, 25 de noviembre de 2016 02:50 p. m. Para: MailScanner Discussion Asunto: Re: conect eset mail security to mailscanner for linux and configure [root at smtp /]# sudo MailScanner --lint Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 1501 hostnames from the phishing whitelist Read 14954 hostnames from the phishing blacklists Config: calling custom init function SQLBlacklist Starting up SQL Blacklist Read 0 blacklist entries Config: calling custom init function MailWatchLogging Started SQL Logging child Config: calling custom init function SQLWhitelist Starting up SQL Whitelist Read 0 whitelist entries Checking version numbers... Version number in MailScanner.conf (5.0.3) is correct. Your envelope_sender_header in spamassassin.conf is correct. MailScanner setting GID to (89) MailScanner setting UID to (89) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database pyzor: check failed: internal error, python traceback seen in response SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 2 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = esets" Found these virus scanners installed: clamd, esets =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Filetype Checks: Allowing 1 eicar.com Other Checks: Found 1 problems Virus and Content Scanning: Starting Cannot lock /var/spool/MailScanner/incoming/Locks/esetsBusy.lock, No existe el fichero o el directorio at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 751 Esets::INFECTED::Eicar test file Virus Scanning: esets found 1 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 1 viruses =========================================================================== Virus Scanner test reports: Esets said "found Eicar test file in eicar.com" Esets Actions said "cleaned by deleting" Esets Additional Info said "none" If any of your virus scanners (clamd,esets) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Config: calling custom end function SQLBlacklist Closing down SQL Blacklist Config: calling custom end function MailWatchLogging Config: calling custom end function SQLWhitelist Closing down SQL Whitelist ________________________________ De: MailScanner en nombre de Mark Sapiro Enviado: viernes, 25 de noviembre de 2016 02:45 p. m. Para: mailscanner at lists.mailscanner.info Asunto: Re: conect eset mail security to mailscanner for linux and configure On 11/25/2016 12:42 PM, Edson Hernandez wrote: > > 1) Mailscaneer is running right with those files configuration? What is reported when you run sudo MailScanner --lint -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner MailScanner Discussion lists.mailscanner.info About the List A public discussion list for the MailScanner open source project. This is the primary means for getting MailScanner support from community members. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Fri Nov 25 21:12:06 2016 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 25 Nov 2016 13:12:06 -0800 Subject: conect eset mail security to mailscanner for linux and configure In-Reply-To: References: <43fabacb-9276-4230-e149-3f7eb6f25e07@msapiro.net> <92cee734-a467-9c29-9cdf-f05f9ea14d9c@msapiro.net> Message-ID: <6adcf331-fa02-14ff-aea9-8b0ce41d82c9@msapiro.net> On 11/25/2016 12:59 PM, Edson Hernandez wrote: > error, the correctly configuration of this line is: > > > esets /usr/lib/MailScanner/wrapper/esets-wrapper > /opt/eset/esets/sbin I'm sorry, I'm having great difficulty understanding what you're trying to tell me. The above line is exactly what's in /etc/MailScanner/virus.scanners.conf as distributed. What's the error? ... > [root at smtp /]# sudo MailScanner --lint This seems OK. > Trying to setlogsock(unix) > > Reading configuration file /etc/MailScanner/MailScanner.conf > Reading configuration file /etc/MailScanner/conf.d/README > Read 1501 hostnames from the phishing whitelist > Read 14954 hostnames from the phishing blacklists > Config: calling custom init function SQLBlacklist > Starting up SQL Blacklist > Read 0 blacklist entries > Config: calling custom init function MailWatchLogging > Started SQL Logging child > Config: calling custom init function SQLWhitelist > Starting up SQL Whitelist > Read 0 whitelist entries > > Checking version numbers... > Version number in MailScanner.conf (5.0.3) is correct. > > Your envelope_sender_header in spamassassin.conf is correct. > MailScanner setting GID to (89) > MailScanner setting UID to (89) > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > pyzor: check failed: internal error, python traceback seen in response > SpamAssassin reported no errors. > Connected to Processing Attempts Database > Created Processing Attempts Database successfully > There are 2 messages in the Processing Attempts Database > Using locktype = posix > MailScanner.conf says "Virus Scanners = esets" > Found these virus scanners installed: clamd, esets MailScanner is finding both esets and clamd. > =========================================================================== > Filename Checks: Windows/DOS Executable (1 eicar.com) > Filetype Checks: Allowing 1 eicar.com > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > Cannot lock /var/spool/MailScanner/incoming/Locks/esetsBusy.lock, No > existe el fichero o el directorio at > /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 751 The above appears to be an issue with MailScanner. If you touch /var/spool/MailScanner/incoming/Locks/esetsBusy.lock and then ensure that file has the same ownership and mode as the other files in /var/spool/MailScanner/incoming/Locks/, the "Cannot lock" message will probably go away. In any case, > Esets::INFECTED::Eicar test file > Virus Scanning: esets found 1 infections > Infected message 1 came from 10.1.1.1 > Virus Scanning: Found 1 viruses > =========================================================================== > Virus Scanner test reports: > Esets said "found Eicar test file in eicar.com" > Esets Actions said "cleaned by deleting" > Esets Additional Info said "none" MailScanner invoked esets on the message and esets correctly found the Eicar test file. > If any of your virus scanners (clamd,esets) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its virus.scanners.conf. > Config: calling custom end function SQLBlacklist > Closing down SQL Blacklist > Config: calling custom end function MailWatchLogging > Config: calling custom end function SQLWhitelist > Closing down SQL Whitelist -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From bisc_edi2 at hotmail.com Fri Nov 25 21:17:43 2016 From: bisc_edi2 at hotmail.com (Edson Hernandez) Date: Fri, 25 Nov 2016 21:17:43 +0000 Subject: conect eset mail security to mailscanner for linux and configure In-Reply-To: <6adcf331-fa02-14ff-aea9-8b0ce41d82c9@msapiro.net> References: <43fabacb-9276-4230-e149-3f7eb6f25e07@msapiro.net> <92cee734-a467-9c29-9cdf-f05f9ea14d9c@msapiro.net> , <6adcf331-fa02-14ff-aea9-8b0ce41d82c9@msapiro.net> Message-ID: Mi question is. the conection is correct? Enviado desde mi smartphone Samsung Galaxy. -------- Mensaje original -------- De: Mark Sapiro Fecha: 25/11/2016 3:12 PM (GMT-06:00) Para: mailscanner at lists.mailscanner.info Asunto: Re: conect eset mail security to mailscanner for linux and configure On 11/25/2016 12:59 PM, Edson Hernandez wrote: > error, the correctly configuration of this line is: > > > esets /usr/lib/MailScanner/wrapper/esets-wrapper > /opt/eset/esets/sbin I'm sorry, I'm having great difficulty understanding what you're trying to tell me. The above line is exactly what's in /etc/MailScanner/virus.scanners.conf as distributed. What's the error? ... > [root at smtp /]# sudo MailScanner --lint This seems OK. > Trying to setlogsock(unix) > > Reading configuration file /etc/MailScanner/MailScanner.conf > Reading configuration file /etc/MailScanner/conf.d/README > Read 1501 hostnames from the phishing whitelist > Read 14954 hostnames from the phishing blacklists > Config: calling custom init function SQLBlacklist > Starting up SQL Blacklist > Read 0 blacklist entries > Config: calling custom init function MailWatchLogging > Started SQL Logging child > Config: calling custom init function SQLWhitelist > Starting up SQL Whitelist > Read 0 whitelist entries > > Checking version numbers... > Version number in MailScanner.conf (5.0.3) is correct. > > Your envelope_sender_header in spamassassin.conf is correct. > MailScanner setting GID to (89) > MailScanner setting UID to (89) > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > pyzor: check failed: internal error, python traceback seen in response > SpamAssassin reported no errors. > Connected to Processing Attempts Database > Created Processing Attempts Database successfully > There are 2 messages in the Processing Attempts Database > Using locktype = posix > MailScanner.conf says "Virus Scanners = esets" > Found these virus scanners installed: clamd, esets MailScanner is finding both esets and clamd. > =========================================================================== > Filename Checks: Windows/DOS Executable (1 eicar.com) > Filetype Checks: Allowing 1 eicar.com > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > Cannot lock /var/spool/MailScanner/incoming/Locks/esetsBusy.lock, No > existe el fichero o el directorio at > /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 751 The above appears to be an issue with MailScanner. If you touch /var/spool/MailScanner/incoming/Locks/esetsBusy.lock and then ensure that file has the same ownership and mode as the other files in /var/spool/MailScanner/incoming/Locks/, the "Cannot lock" message will probably go away. In any case, > Esets::INFECTED::Eicar test file > Virus Scanning: esets found 1 infections > Infected message 1 came from 10.1.1.1 > Virus Scanning: Found 1 viruses > =========================================================================== > Virus Scanner test reports: > Esets said "found Eicar test file in eicar.com" > Esets Actions said "cleaned by deleting" > Esets Additional Info said "none" MailScanner invoked esets on the message and esets correctly found the Eicar test file. > If any of your virus scanners (clamd,esets) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its virus.scanners.conf. > Config: calling custom end function SQLBlacklist > Closing down SQL Blacklist > Config: calling custom end function MailWatchLogging > Config: calling custom end function SQLWhitelist > Closing down SQL Whitelist -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Fri Nov 25 21:21:16 2016 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 25 Nov 2016 13:21:16 -0800 Subject: conect eset mail security to mailscanner for linux and configure In-Reply-To: References: <43fabacb-9276-4230-e149-3f7eb6f25e07@msapiro.net> <92cee734-a467-9c29-9cdf-f05f9ea14d9c@msapiro.net> <6adcf331-fa02-14ff-aea9-8b0ce41d82c9@msapiro.net> Message-ID: On 11/25/2016 01:17 PM, Edson Hernandez wrote: > Mi question is. the conection is correct? Yes as evidenced by >> Esets::INFECTED::Eicar test file >> Virus Scanning: esets found 1 infections >> Infected message 1 came from 10.1.1.1 >> Virus Scanning: Found 1 viruses >> =========================================================================== >> Virus Scanner test reports: >> Esets said "found Eicar test file in eicar.com" >> Esets Actions said "cleaned by deleting" >> Esets Additional Info said "none" -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Fri Nov 25 21:24:18 2016 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 25 Nov 2016 13:24:18 -0800 Subject: Phishing Score In-Reply-To: References: Message-ID: On 11/25/2016 10:41 AM, Marcelo Machado wrote: > Hi everybody. > > Is possible create a score or something like that, when Mailscanner find > a phishing in a message? MailScanner runs Spamassassin before it does the phishing tests so the phishing results can't be used to affect Spamassassin scores. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From richard at fastnet.co.uk Mon Nov 28 11:18:04 2016 From: richard at fastnet.co.uk (Richard Mealing) Date: Mon, 28 Nov 2016 11:18:04 +0000 Subject: MailScanner / Sendmail / FreeBSD - writing to /var/spool/MailScanner/quarantine/20161123/uANNOfAO00xxx/message: No such file or directory Message-ID: <6EE47AF64C339A4F8F7F50507241B3795F7A893E@BTN-EXCHANGE-V1.fastnet.local> Hi everyone, It's been a while since I posted to this list. I've had a few problems recently with a very large amount of incoming mail with viruses. We would usually see around 10M - 50M of quarantined items reaching us on a daily basis, but over the last week we have seen a dramatic increase, for example - /var/spool/MailScanner/quarantine # du -h -d0 * 10M 20161120 286M 20161121 508M 20161122 450M 20161123 517M 20161124 26M 20161125 61M 20161126 7.8M 20161127 90M 20161128 I am alerted by our monitoring software of my mailq.in directory reaching over 500 emails. When I look at mailscanner I see the following entries in my maillog - Nov 23 23:59:06 btn-mailfilter-v3 MailScanner[32258]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip Nov 23 23:59:06 btn-mailfilter-v3 MailScanner[32258]: Infected message uANNO06T008551 came from 186.54.46.177 Nov 23 23:59:11 btn-mailfilter-v3 MailScanner[32316]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip Nov 23 23:59:11 btn-mailfilter-v3 MailScanner[32316]: Infected message uANNO06T008551 came from 186.54.46.177 Nov 23 23:59:16 btn-mailfilter-v3 MailScanner[32368]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip Nov 23 23:59:16 btn-mailfilter-v3 MailScanner[32368]: Infected message uANNO06T008551 came from 186.54.46.177 Nov 23 23:59:21 btn-mailfilter-v3 MailScanner[32419]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip Nov 23 23:59:21 btn-mailfilter-v3 MailScanner[32419]: Infected message uANNO06T008551 came from 186.54.46.177 Nov 23 23:59:26 btn-mailfilter-v3 MailScanner[32475]: Clamd::INFECTED::Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/ Nov 23 23:59:26 btn-mailfilter-v3 MailScanner[32475]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip Nov 23 23:59:26 btn-mailfilter-v3 MailScanner[32475]: Infected message uANNO06T008551 came from 186.54.46.177 Nov 23 23:59:36 btn-mailfilter-v3 MailScanner[32577]: Clamd::INFECTED::Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/ Nov 23 23:59:36 btn-mailfilter-v3 MailScanner[32577]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip Nov 23 23:59:36 btn-mailfilter-v3 MailScanner[32577]: Infected message uANNO06T008551 came from 186.54.46.177 Nov 23 23:59:36 btn-mailfilter-v3 MailScanner[32577]: Saved entire message to /var/spool/MailScanner/quarantine/20161123/uANNO06T008551 Nov 23 23:59:36 btn-mailfilter-v3 MailScanner[32577]: writing to /var/spool/MailScanner/quarantine/20161123/uANNO06T008551/message: No such file or directory Nov 23 23:59:41 btn-mailfilter-v3 MailScanner[32635]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip Nov 23 23:59:41 btn-mailfilter-v3 MailScanner[32635]: Infected message uANNO06T008551 came from 186.54.46.177 Nov 23 23:59:46 btn-mailfilter-v3 MailScanner[32678]: Clamd::INFECTED::Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/ Nov 23 23:59:46 btn-mailfilter-v3 MailScanner[32678]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip Nov 23 23:59:46 btn-mailfilter-v3 MailScanner[32678]: Infected message uANNO06T008551 came from 186.54.46.177 Nov 23 23:59:46 btn-mailfilter-v3 MailScanner[32678]: Saved entire message to /var/spool/MailScanner/quarantine/20161123/uANNO06T008551 Nov 23 23:59:46 btn-mailfilter-v3 MailScanner[32678]: writing to /var/spool/MailScanner/quarantine/20161123/uANNO06T008551/message: No such file or directory Nov 23 23:59:51 btn-mailfilter-v3 MailScanner[32736]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip Nov 23 23:59:51 btn-mailfilter-v3 MailScanner[32736]: Infected message uANNO06T008551 came from 186.54.46.177 This just goes on and on and from what I can tell MailScanner cannot process the email to my quarantine directory. Permissions are fine - since all emails prior to this where quarantined. The fix seems to be me removing the /var/spool/MailScanner/quarantine/20161123 folder altogether and letting mailscanner create it again. When I remove the directory and restart mailscanner, everything works fine again and the emails get sent to their respective folders that were in my queue. I assume mailscanner tries to read this directory and runs out of memory or something, since it has grown so large? I only ever get this problem when the directory is at a certain size, otherwise I never see any problems with mailscanner. Does anyone think this is a mailscanner problem, or something else? I'm wondering how to test this, maybe put some very large files in that directory and see how mailscanner copes? Or I could just put all the files in one of the large folders into today's folder and see what happens, possibly run a -lint with the -D switch? Thanks, Rich -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Mon Nov 28 11:19:29 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 28 Nov 2016 06:19:29 -0500 Subject: MailScanner / Sendmail / FreeBSD - writing to /var/spool/MailScanner/quarantine/20161123/uANNOfAO00xxx/message: No such file or directory In-Reply-To: <6EE47AF64C339A4F8F7F50507241B3795F7A893E@BTN-EXCHANGE-V1.fastnet.local> References: <6EE47AF64C339A4F8F7F50507241B3795F7A893E@BTN-EXCHANGE-V1.fastnet.local> Message-ID: <77621C6A-4C4C-4B93-B324-A43C9968C4F1@mailborder.com> Have you considered /var is out of space? - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Nov 28, 2016, at 6:18 AM, Richard Mealing wrote: > > Hi everyone, > > It?s been a while since I posted to this list. > > I?ve had a few problems recently with a very large amount of incoming mail with viruses. We would usually see around 10M ? 50M of quarantined items reaching us on a daily basis, but over the last week we have seen a dramatic increase, for example ? > > /var/spool/MailScanner/quarantine # du -h -d0 * > 10M 20161120 > 286M 20161121 > 508M 20161122 > 450M 20161123 > 517M 20161124 > 26M 20161125 > 61M 20161126 > 7.8M 20161127 > 90M 20161128 > > I am alerted by our monitoring software of my mailq.in directory reaching over 500 emails. When I look at mailscanner I see the following entries in my maillog ? > > Nov 23 23:59:06 btn-mailfilter-v3 MailScanner[32258]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip > Nov 23 23:59:06 btn-mailfilter-v3 MailScanner[32258]: Infected message uANNO06T008551 came from 186.54.46.177 > Nov 23 23:59:11 btn-mailfilter-v3 MailScanner[32316]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip > Nov 23 23:59:11 btn-mailfilter-v3 MailScanner[32316]: Infected message uANNO06T008551 came from 186.54.46.177 > Nov 23 23:59:16 btn-mailfilter-v3 MailScanner[32368]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip > Nov 23 23:59:16 btn-mailfilter-v3 MailScanner[32368]: Infected message uANNO06T008551 came from 186.54.46.177 > Nov 23 23:59:21 btn-mailfilter-v3 MailScanner[32419]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip > Nov 23 23:59:21 btn-mailfilter-v3 MailScanner[32419]: Infected message uANNO06T008551 came from 186.54.46.177 > Nov 23 23:59:26 btn-mailfilter-v3 MailScanner[32475]: Clamd::INFECTED::Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/ > Nov 23 23:59:26 btn-mailfilter-v3 MailScanner[32475]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip > Nov 23 23:59:26 btn-mailfilter-v3 MailScanner[32475]: Infected message uANNO06T008551 came from 186.54.46.177 > Nov 23 23:59:36 btn-mailfilter-v3 MailScanner[32577]: Clamd::INFECTED::Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/ > Nov 23 23:59:36 btn-mailfilter-v3 MailScanner[32577]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip > Nov 23 23:59:36 btn-mailfilter-v3 MailScanner[32577]: Infected message uANNO06T008551 came from 186.54.46.177 > Nov 23 23:59:36 btn-mailfilter-v3 MailScanner[32577]: Saved entire message to /var/spool/MailScanner/quarantine/20161123/uANNO06T008551 > Nov 23 23:59:36 btn-mailfilter-v3 MailScanner[32577]: writing to /var/spool/MailScanner/quarantine/20161123/uANNO06T008551/message: No such file or directory > Nov 23 23:59:41 btn-mailfilter-v3 MailScanner[32635]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip > Nov 23 23:59:41 btn-mailfilter-v3 MailScanner[32635]: Infected message uANNO06T008551 came from 186.54.46.177 > Nov 23 23:59:46 btn-mailfilter-v3 MailScanner[32678]: Clamd::INFECTED::Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/ > Nov 23 23:59:46 btn-mailfilter-v3 MailScanner[32678]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip > Nov 23 23:59:46 btn-mailfilter-v3 MailScanner[32678]: Infected message uANNO06T008551 came from 186.54.46.177 > Nov 23 23:59:46 btn-mailfilter-v3 MailScanner[32678]: Saved entire message to /var/spool/MailScanner/quarantine/20161123/uANNO06T008551 > Nov 23 23:59:46 btn-mailfilter-v3 MailScanner[32678]: writing to /var/spool/MailScanner/quarantine/20161123/uANNO06T008551/message: No such file or directory > Nov 23 23:59:51 btn-mailfilter-v3 MailScanner[32736]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip > Nov 23 23:59:51 btn-mailfilter-v3 MailScanner[32736]: Infected message uANNO06T008551 came from 186.54.46.177 > > This just goes on and on and from what I can tell MailScanner cannot process the email to my quarantine directory. Permissions are fine ? since all emails prior to this where quarantined. The fix seems to be me removing the /var/spool/MailScanner/quarantine/20161123 folder altogether and letting mailscanner create it again. > > When I remove the directory and restart mailscanner, everything works fine again and the emails get sent to their respective folders that were in my queue. I assume mailscanner tries to read this directory and runs out of memory or something, since it has grown so large? I only ever get this problem when the directory is at a certain size, otherwise I never see any problems with mailscanner. > > Does anyone think this is a mailscanner problem, or something else? I?m wondering how to test this, maybe put some very large files in that directory and see how mailscanner copes? Or I could just put all the files in one of the large folders into today?s folder and see what happens, possibly run a ?lint with the ?D switch? > > Thanks, > Rich > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From richard at fastnet.co.uk Mon Nov 28 11:34:18 2016 From: richard at fastnet.co.uk (Richard Mealing) Date: Mon, 28 Nov 2016 11:34:18 +0000 Subject: MailScanner / Sendmail / FreeBSD - writing to /var/spool/MailScanner/quarantine/20161123/uANNOfAO00xxx/message: No such file or directory In-Reply-To: <77621C6A-4C4C-4B93-B324-A43C9968C4F1@mailborder.com> References: <6EE47AF64C339A4F8F7F50507241B3795F7A893E@BTN-EXCHANGE-V1.fastnet.local> <77621C6A-4C4C-4B93-B324-A43C9968C4F1@mailborder.com> Message-ID: <6EE47AF64C339A4F8F7F50507241B3795F7A8981@BTN-EXCHANGE-V1.fastnet.local> Hi Jerry, That was my initial thought and all have adequate space. Some of them have 100+G for /var. I was seeing this on 3 ? 4 servers in my cluster. Some of them are physical, some are virtual. One of my physical servers I can see has a similar high amount of quarantined items, but that didn?t have any problems. It was very strange! Thanks, Rich From: MailScanner [mailto:mailscanner-bounces+richard=fastnet.co.uk at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: Monday, November 28, 2016 11:19 To: MailScanner Discussion Subject: Re: MailScanner / Sendmail / FreeBSD - writing to /var/spool/MailScanner/quarantine/20161123/uANNOfAO00xxx/message: No such file or directory Have you considered /var is out of space? - Jerry Benton www.mailborder.com +1 - 844-436-6245 On Nov 28, 2016, at 6:18 AM, Richard Mealing > wrote: Hi everyone, It?s been a while since I posted to this list. I?ve had a few problems recently with a very large amount of incoming mail with viruses. We would usually see around 10M ? 50M of quarantined items reaching us on a daily basis, but over the last week we have seen a dramatic increase, for example ? /var/spool/MailScanner/quarantine # du -h -d0 * 10M 20161120 286M 20161121 508M 20161122 450M 20161123 517M 20161124 26M 20161125 61M 20161126 7.8M 20161127 90M 20161128 I am alerted by our monitoring software of my mailq.in directory reaching over 500 emails. When I look at mailscanner I see the following entries in my maillog ? Nov 23 23:59:06 btn-mailfilter-v3 MailScanner[32258]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip Nov 23 23:59:06 btn-mailfilter-v3 MailScanner[32258]: Infected message uANNO06T008551 came from 186.54.46.177 Nov 23 23:59:11 btn-mailfilter-v3 MailScanner[32316]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip Nov 23 23:59:11 btn-mailfilter-v3 MailScanner[32316]: Infected message uANNO06T008551 came from 186.54.46.177 Nov 23 23:59:16 btn-mailfilter-v3 MailScanner[32368]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip Nov 23 23:59:16 btn-mailfilter-v3 MailScanner[32368]: Infected message uANNO06T008551 came from 186.54.46.177 Nov 23 23:59:21 btn-mailfilter-v3 MailScanner[32419]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip Nov 23 23:59:21 btn-mailfilter-v3 MailScanner[32419]: Infected message uANNO06T008551 came from 186.54.46.177 Nov 23 23:59:26 btn-mailfilter-v3 MailScanner[32475]: Clamd::INFECTED::Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/ Nov 23 23:59:26 btn-mailfilter-v3 MailScanner[32475]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip Nov 23 23:59:26 btn-mailfilter-v3 MailScanner[32475]: Infected message uANNO06T008551 came from 186.54.46.177 Nov 23 23:59:36 btn-mailfilter-v3 MailScanner[32577]: Clamd::INFECTED::Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/ Nov 23 23:59:36 btn-mailfilter-v3 MailScanner[32577]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip Nov 23 23:59:36 btn-mailfilter-v3 MailScanner[32577]: Infected message uANNO06T008551 came from 186.54.46.177 Nov 23 23:59:36 btn-mailfilter-v3 MailScanner[32577]: Saved entire message to /var/spool/MailScanner/quarantine/20161123/uANNO06T008551 Nov 23 23:59:36 btn-mailfilter-v3 MailScanner[32577]: writing to /var/spool/MailScanner/quarantine/20161123/uANNO06T008551/message: No such file or directory Nov 23 23:59:41 btn-mailfilter-v3 MailScanner[32635]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip Nov 23 23:59:41 btn-mailfilter-v3 MailScanner[32635]: Infected message uANNO06T008551 came from 186.54.46.177 Nov 23 23:59:46 btn-mailfilter-v3 MailScanner[32678]: Clamd::INFECTED::Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/ Nov 23 23:59:46 btn-mailfilter-v3 MailScanner[32678]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip Nov 23 23:59:46 btn-mailfilter-v3 MailScanner[32678]: Infected message uANNO06T008551 came from 186.54.46.177 Nov 23 23:59:46 btn-mailfilter-v3 MailScanner[32678]: Saved entire message to /var/spool/MailScanner/quarantine/20161123/uANNO06T008551 Nov 23 23:59:46 btn-mailfilter-v3 MailScanner[32678]: writing to /var/spool/MailScanner/quarantine/20161123/uANNO06T008551/message: No such file or directory Nov 23 23:59:51 btn-mailfilter-v3 MailScanner[32736]: Clamd::INFECTED:: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL :: ./uANNO06T008551/receipt_staton.zip Nov 23 23:59:51 btn-mailfilter-v3 MailScanner[32736]: Infected message uANNO06T008551 came from 186.54.46.177 This just goes on and on and from what I can tell MailScanner cannot process the email to my quarantine directory. Permissions are fine ? since all emails prior to this where quarantined. The fix seems to be me removing the /var/spool/MailScanner/quarantine/20161123 folder altogether and letting mailscanner create it again. When I remove the directory and restart mailscanner, everything works fine again and the emails get sent to their respective folders that were in my queue. I assume mailscanner tries to read this directory and runs out of memory or something, since it has grown so large? I only ever get this problem when the directory is at a certain size, otherwise I never see any problems with mailscanner. Does anyone think this is a mailscanner problem, or something else? I?m wondering how to test this, maybe put some very large files in that directory and see how mailscanner copes? Or I could just put all the files in one of the large folders into today?s folder and see what happens, possibly run a ?lint with the ?D switch? Thanks, Rich -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at weiser.dinsnail.net Mon Nov 28 13:28:41 2016 From: michael at weiser.dinsnail.net (Michael Weiser) Date: Mon, 28 Nov 2016 14:28:41 +0100 Subject: MailScanner / Sendmail / FreeBSD - writing to /var/spool/MailScanner/quarantine/20161123/uANNOfAO00xxx/message: No such file or directory In-Reply-To: <6EE47AF64C339A4F8F7F50507241B3795F7A8981@BTN-EXCHANGE-V1.fastnet.local> References: <6EE47AF64C339A4F8F7F50507241B3795F7A893E@BTN-EXCHANGE-V1.fastnet.local> <77621C6A-4C4C-4B93-B324-A43C9968C4F1@mailborder.com> <6EE47AF64C339A4F8F7F50507241B3795F7A8981@BTN-EXCHANGE-V1.fastnet.local> Message-ID: <20161128132841.GE4314@weiser.dinsnail.net> Hi Richard, On Mon, Nov 28, 2016 at 11:34:18AM +0000, Richard Mealing wrote: > That was my initial thought and all have adequate space. Some of them > have 100+G for /var. Could /var have run out of inodes instead (df -i /var)? -- Regads, Michael From richard at fastnet.co.uk Mon Nov 28 14:32:54 2016 From: richard at fastnet.co.uk (Richard Mealing) Date: Mon, 28 Nov 2016 14:32:54 +0000 Subject: MailScanner / Sendmail / FreeBSD - writing to /var/spool/MailScanner/quarantine/20161123/uANNOfAO00xxx/message: No such file or directory In-Reply-To: <20161128132841.GE4314@weiser.dinsnail.net> References: <6EE47AF64C339A4F8F7F50507241B3795F7A893E@BTN-EXCHANGE-V1.fastnet.local> <77621C6A-4C4C-4B93-B324-A43C9968C4F1@mailborder.com> <6EE47AF64C339A4F8F7F50507241B3795F7A8981@BTN-EXCHANGE-V1.fastnet.local> <20161128132841.GE4314@weiser.dinsnail.net> Message-ID: <6EE47AF64C339A4F8F7F50507241B3795F7A8BCC@BTN-EXCHANGE-V1.fastnet.local> Hi Michael, It doesn't appear so. I did check that since I thought at first it was a permissions issue or a disk / inodes issue. I do have a mixture of servers but one of them had 200G space free using entire disk. I had this issue on a few servers all with different disks. Some virtual and some physical. Here's one of them that had the problem - # df -i /var Filesystem 1K-blocks Used Avail Capacity iused ifree %iused Mounted on /dev/da0s1e 20308398 11043200 7640528 59% 586627 2051195 22% /var # df -h Filesystem Size Used Avail Capacity Mounted on /dev/da0s1a 4.8G 1.1G 3.3G 25% / devfs 1.0K 1.0K 0B 100% /dev /dev/da0s1f 6.8G 128M 6.1G 2% /rich /dev/da0s1d 19G 12G 5.6G 69% /usr /dev/da0s1e 19G 11G 7.3G 59% /var tmpfs 17G 4.0K 17G 0% /tmp tmpfs 17G 7.0M 17G 0% /tmpfs fdescfs 1.0K 1.0K 0B 100% /dev/fd devfs 1.0K 1.0K 0B 100% /var/named/dev /usr/local/lib/engines 19G 12G 5.6G 69% /var/named/usr/local/lib/engines Here's another - df -i /var Filesystem 1K-blocks Used Avail Capacity iused ifree %iused Mounted on /dev/mfid0p2 467188404 47435968 382377364 11% 1019908 59412858 2% / df -h Filesystem Size Used Avail Capacity Mounted on /dev/mfid0p2 446G 45G 365G 11% / devfs 1.0K 1.0K 0B 100% /dev tmpfs 4.2G 5.5M 4.2G 0% /tmpfs tmpfs 4.2G 476K 4.2G 0% /tmp devfs 1.0K 1.0K 0B 100% /var/named/dev /usr/local/lib/engines 446G 45G 365G 11% /var/named/usr/local/lib/engines Both had the same problem, nearly at the same time. I'm wondering if mailscanner has an open handle to that directory or if it just knows where to write to that directory, or if it somehow needs to read that directory? I'm sure I could try and reproduce the error. I'll see what I can do from here and report back. Thanks, Rich -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+richard=fastnet.co.uk at lists.mailscanner.info] On Behalf Of Michael Weiser Sent: Monday, November 28, 2016 13:29 To: MailScanner Discussion Subject: Re: MailScanner / Sendmail / FreeBSD - writing to /var/spool/MailScanner/quarantine/20161123/uANNOfAO00xxx/message: No such file or directory Hi Richard, On Mon, Nov 28, 2016 at 11:34:18AM +0000, Richard Mealing wrote: > That was my initial thought and all have adequate space. Some of them > have 100+G for /var. Could /var have run out of inodes instead (df -i /var)? -- Regads, Michael -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From brian.ipsen at rg47c.dk Mon Nov 28 21:15:57 2016 From: brian.ipsen at rg47c.dk (Brian Ipsen) Date: Mon, 28 Nov 2016 22:15:57 +0100 Subject: Email address extension handling =?utf-8?q?=3F?= Message-ID: <3319-583c9e80-1-74fe770@216236065> Hi ?I have been looking at mailscanner for a souple of weeks, in order to try to identify the functionality in it - compared to more simple solutions, I have been used some years ago for at small email server for my family and a couple of friends... Mailscanner seems to be a step forward - but still something (not much) is missing, compared to an old qmail based setup, I ran some years ago... On that system, I installed TMDA (www.tmda.net). Of course, it was on a local/target mail server, and it could really keep the amount of spam on a minimum.? Compared with the situation today, I think the RBL's and SpamAssassin have improved much - so it is not so much the challenge/response functionality of TMDA, that I will miss.... It is the option top have time-limited email addresses, and keyword-tagged addresses. The time limited address will continue to work, until they expore - and when expired you could choose to have the sender confirm the message, bounce it or drop it... Dropping it would be sufficient for me :-) As for keyword addresses - a filter can be set up only to accept mails from specific senders to specific receipients (and a couple of other possibiities)...? The common thing for these is that multiple virtual addresses can exist for a single target mailbox... I wonder if similar functionality can be achieved in mailscanner? Postfix supports extensions - but some will probably be required in order to grab the extension addresses and ensure that they are in the right format (email+sender.498fa2e5 at domain.com - where?sender.498fa2e5 is the extension, sender indicates that a checksum or similar should be made on the sender address, and the hex value will be used to verify against a user-specific key-value - in order to validate the sender and allow the mail to pass)... Regards Brian ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Tue Nov 29 22:58:21 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 29 Nov 2016 17:58:21 -0500 Subject: Perl Error Message-ID: Anyone have any ideas? Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in chmod while running with -T switch at /usr/local/share/perl5/Archive/Zip/Member.pm line 517. Insecure dependency in chmod while running with -T switch at /usr/local/share/perl5/Archive/Zip/Member.pm line 517. - Jerry Benton www.mailborder.com +1 - 844-436-6245 From jerry.benton at mailborder.com Tue Nov 29 23:14:26 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 29 Nov 2016 18:14:26 -0500 Subject: Perl Error In-Reply-To: References: Message-ID: <94B57AE7-63B1-4C91-B2C1-DE419BE77C5C@mailborder.com> More info: Then Dangerous Content Scanning is on, these errors happen. If you turn it off, they go away. I think this may be related to a change in a Perl module somewhere. Maybe IO::File ? Anyway, I am trying to track this down. So far I have only seen this on CentOS. If anyone can lend a hand, I would appreciate it. - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Nov 29, 2016, at 5:58 PM, Jerry Benton wrote: > > Anyone have any ideas? > > > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in chmod while running with -T switch at /usr/local/share/perl5/Archive/Zip/Member.pm line 517. > Insecure dependency in chmod while running with -T switch at /usr/local/share/perl5/Archive/Zip/Member.pm line 517. > > > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcooper at dwford.com Tue Nov 29 23:19:12 2016 From: rcooper at dwford.com (Rick Cooper) Date: Tue, 29 Nov 2016 18:19:12 -0500 Subject: Perl Error In-Reply-To: <94B57AE7-63B1-4C91-B2C1-DE419BE77C5C@mailborder.com> References: <94B57AE7-63B1-4C91-B2C1-DE419BE77C5C@mailborder.com> Message-ID: <0BB551AD-2935-4CFD-8F1D-F9D39091952D@dwford.com> Look for the tainted item at those lines and untaint them? On November 29, 2016 6:14:26 PM EST, Jerry Benton wrote: >More info: > >Then Dangerous Content Scanning is on, these errors happen. If you turn >it off, they go away. I think this may be related to a change in a Perl >module somewhere. Maybe IO::File ? Anyway, I am trying to track this >down. So far I have only seen this on CentOS. If anyone can lend a >hand, I would appreciate it. > >- >Jerry Benton >www.mailborder.com >+1 - 844-436-6245 > > > >> On Nov 29, 2016, at 5:58 PM, Jerry Benton > wrote: >> >> Anyone have any ideas? >> >> >> Insecure dependency in open while running with -T switch at >/usr/lib64/perl5/IO/File.pm line 185. >> Insecure dependency in open while running with -T switch at >/usr/lib64/perl5/IO/File.pm line 185. >> Insecure dependency in chmod while running with -T switch at >/usr/local/share/perl5/Archive/Zip/Member.pm line 517. >> Insecure dependency in chmod while running with -T switch at >/usr/local/share/perl5/Archive/Zip/Member.pm line 517. >> >> >> >> - >> Jerry Benton >> www.mailborder.com >> +1 - 844-436-6245 >> >> >> > > > >------------------------------------------------------------------------ > > > >-- >MailScanner mailing list >mailscanner at lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Rick Cooper Cell 260-414-8566 Fax 260-434-4400 -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Tue Nov 29 23:26:19 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 29 Nov 2016 18:26:19 -0500 Subject: Perl Error In-Reply-To: <0BB551AD-2935-4CFD-8F1D-F9D39091952D@dwford.com> References: <94B57AE7-63B1-4C91-B2C1-DE419BE77C5C@mailborder.com> <0BB551AD-2935-4CFD-8F1D-F9D39091952D@dwford.com> Message-ID: Rick, If it were only that easy. Those files are the Perl modules. The problem is buried in the MailScanner code ? somewhere ? - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Nov 29, 2016, at 6:19 PM, Rick Cooper wrote: > > Look for the tainted item at those lines and untaint them? > > On November 29, 2016 6:14:26 PM EST, Jerry Benton wrote: > More info: > > Then Dangerous Content Scanning is on, these errors happen. If you turn it off, they go away. I think this may be related to a change in a Perl module somewhere. Maybe IO::File ? Anyway, I am trying to track this down. So far I have only seen this on CentOS. If anyone can lend a hand, I would appreciate it. > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > >> On Nov 29, 2016, at 5:58 PM, Jerry Benton > wrote: >> >> Anyone have any ideas? >> >> >> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. >> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. >> Insecure dependency in chmod while running with -T switch at /usr/local/share/perl5/Archive/Zip/Member.pm line 517. >> Insecure dependency in chmod while running with -T switch at /usr/local/share/perl5/Archive/Zip/Member.pm line 517. >> >> >> >> - >> Jerry Benton >> www.mailborder.com >> +1 - 844-436-6245 >> >> >> > > > > > -- > Rick Cooper > Cell 260-414-8566 > Fax 260-434-4400 -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Tue Nov 29 23:51:58 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 29 Nov 2016 18:51:58 -0500 Subject: Perl Error In-Reply-To: References: <94B57AE7-63B1-4C91-B2C1-DE419BE77C5C@mailborder.com> <0BB551AD-2935-4CFD-8F1D-F9D39091952D@dwford.com> Message-ID: <842F8BC3-A833-41A9-9A8D-7C481B2FDD3F@mailborder.com> I removed the -U from /usr/sbin/MailScanner and that seems to have cleared the issue. Now I forgot why I added -U a couple of years ago ? - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Nov 29, 2016, at 6:26 PM, Jerry Benton wrote: > > Rick, > > If it were only that easy. > > Those files are the Perl modules. The problem is buried in the MailScanner code ? somewhere ? > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > >> On Nov 29, 2016, at 6:19 PM, Rick Cooper > wrote: >> >> Look for the tainted item at those lines and untaint them? >> >> On November 29, 2016 6:14:26 PM EST, Jerry Benton > wrote: >> More info: >> >> Then Dangerous Content Scanning is on, these errors happen. If you turn it off, they go away. I think this may be related to a change in a Perl module somewhere. Maybe IO::File ? Anyway, I am trying to track this down. So far I have only seen this on CentOS. If anyone can lend a hand, I would appreciate it. >> >> - >> Jerry Benton >> www.mailborder.com >> +1 - 844-436-6245 >> >> >> >>> On Nov 29, 2016, at 5:58 PM, Jerry Benton > wrote: >>> >>> Anyone have any ideas? >>> >>> >>> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. >>> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. >>> Insecure dependency in chmod while running with -T switch at /usr/local/share/perl5/Archive/Zip/Member.pm line 517. >>> Insecure dependency in chmod while running with -T switch at /usr/local/share/perl5/Archive/Zip/Member.pm line 517. >>> >>> >>> >>> - >>> Jerry Benton >>> www.mailborder.com >>> +1 - 844-436-6245 >>> >>> >>> >> >> >> >> >> -- >> Rick Cooper >> Cell 260-414-8566 >> Fax 260-434-4400 > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Wed Nov 30 00:16:36 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 29 Nov 2016 19:16:36 -0500 Subject: Perl Error In-Reply-To: <842F8BC3-A833-41A9-9A8D-7C481B2FDD3F@mailborder.com> References: <94B57AE7-63B1-4C91-B2C1-DE419BE77C5C@mailborder.com> <0BB551AD-2935-4CFD-8F1D-F9D39091952D@dwford.com> <842F8BC3-A833-41A9-9A8D-7C481B2FDD3F@mailborder.com> Message-ID: <678AA47A-0386-4AEE-8800-39DA9E7F0529@mailborder.com> Ok, now it is not doing file checks at all. Apparently that is why I added ?-U? a couple years ago. Issue is still an issue ? - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Nov 29, 2016, at 6:51 PM, Jerry Benton wrote: > > I removed the -U from /usr/sbin/MailScanner and that seems to have cleared the issue. > > Now I forgot why I added -U a couple of years ago ? > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > >> On Nov 29, 2016, at 6:26 PM, Jerry Benton > wrote: >> >> Rick, >> >> If it were only that easy. >> >> Those files are the Perl modules. The problem is buried in the MailScanner code ? somewhere ? >> >> - >> Jerry Benton >> www.mailborder.com >> +1 - 844-436-6245 >> >> >> >>> On Nov 29, 2016, at 6:19 PM, Rick Cooper > wrote: >>> >>> Look for the tainted item at those lines and untaint them? >>> >>> On November 29, 2016 6:14:26 PM EST, Jerry Benton > wrote: >>> More info: >>> >>> Then Dangerous Content Scanning is on, these errors happen. If you turn it off, they go away. I think this may be related to a change in a Perl module somewhere. Maybe IO::File ? Anyway, I am trying to track this down. So far I have only seen this on CentOS. If anyone can lend a hand, I would appreciate it. >>> >>> - >>> Jerry Benton >>> www.mailborder.com >>> +1 - 844-436-6245 >>> >>> >>> >>>> On Nov 29, 2016, at 5:58 PM, Jerry Benton > wrote: >>>> >>>> Anyone have any ideas? >>>> >>>> >>>> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. >>>> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. >>>> Insecure dependency in chmod while running with -T switch at /usr/local/share/perl5/Archive/Zip/Member.pm line 517. >>>> Insecure dependency in chmod while running with -T switch at /usr/local/share/perl5/Archive/Zip/Member.pm line 517. >>>> >>>> >>>> >>>> - >>>> Jerry Benton >>>> www.mailborder.com >>>> +1 - 844-436-6245 >>>> >>>> >>>> >>> >>> >>> >>> >>> -- >>> Rick Cooper >>> Cell 260-414-8566 >>> Fax 260-434-4400 >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevin.miller at juneau.org Wed Nov 30 00:34:20 2016 From: kevin.miller at juneau.org (Kevin Miller) Date: Wed, 30 Nov 2016 00:34:20 +0000 Subject: Perl Error In-Reply-To: <678AA47A-0386-4AEE-8800-39DA9E7F0529@mailborder.com> References: <94B57AE7-63B1-4C91-B2C1-DE419BE77C5C@mailborder.com> <0BB551AD-2935-4CFD-8F1D-F9D39091952D@dwford.com> <842F8BC3-A833-41A9-9A8D-7C481B2FDD3F@mailborder.com> <678AA47A-0386-4AEE-8800-39DA9E7F0529@mailborder.com> Message-ID: Does this page help? http://www.perlmonks.org/?node=663148 ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357 From: MailScanner [mailto:mailscanner-bounces+kevin.miller=juneau.org at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: Tuesday, November 29, 2016 3:17 PM To: MailScanner Discussion Subject: Re: Perl Error Ok, now it is not doing file checks at all. Apparently that is why I added ?-U? a couple years ago. Issue is still an issue ? - Jerry Benton www.mailborder.com +1 - 844-436-6245 On Nov 29, 2016, at 6:51 PM, Jerry Benton > wrote: I removed the -U from /usr/sbin/MailScanner and that seems to have cleared the issue. Now I forgot why I added -U a couple of years ago ? - Jerry Benton www.mailborder.com +1 - 844-436-6245 On Nov 29, 2016, at 6:26 PM, Jerry Benton > wrote: Rick, If it were only that easy. Those files are the Perl modules. The problem is buried in the MailScanner code ? somewhere ? - Jerry Benton www.mailborder.com +1 - 844-436-6245 On Nov 29, 2016, at 6:19 PM, Rick Cooper > wrote: Look for the tainted item at those lines and untaint them? On November 29, 2016 6:14:26 PM EST, Jerry Benton > wrote: More info: Then Dangerous Content Scanning is on, these errors happen. If you turn it off, they go away. I think this may be related to a change in a Perl module somewhere. Maybe IO::File ? Anyway, I am trying to track this down. So far I have only seen this on CentOS. If anyone can lend a hand, I would appreciate it. - Jerry Benton www.mailborder.com +1 - 844-436-6245 On Nov 29, 2016, at 5:58 PM, Jerry Benton > wrote: Anyone have any ideas? Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. Insecure dependency in chmod while running with -T switch at /usr/local/share/perl5/Archive/Zip/Member.pm line 517. Insecure dependency in chmod while running with -T switch at /usr/local/share/perl5/Archive/Zip/Member.pm line 517. - Jerry Benton www.mailborder.com +1 - 844-436-6245 -- Rick Cooper Cell 260-414-8566 Fax 260-434-4400 -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Wed Nov 30 06:35:31 2016 From: jerry.benton at mailborder.com (Jerry Benton) Date: Wed, 30 Nov 2016 01:35:31 -0500 Subject: Perl Error In-Reply-To: References: <94B57AE7-63B1-4C91-B2C1-DE419BE77C5C@mailborder.com> <0BB551AD-2935-4CFD-8F1D-F9D39091952D@dwford.com> <842F8BC3-A833-41A9-9A8D-7C481B2FDD3F@mailborder.com> <678AA47A-0386-4AEE-8800-39DA9E7F0529@mailborder.com> Message-ID: <6F4B99A7-51DA-4DF8-BE4C-7FA2BD457FCE@mailborder.com> No really, no :) - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Nov 29, 2016, at 7:34 PM, Kevin Miller wrote: > > Does this page help? > http://www.perlmonks.org/?node=663148 > > ...Kevin > -- > Kevin Miller > Network/email Administrator, CBJ MIS Dept. > 155 South Seward Street > Juneau, Alaska 99801 > Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357 > > From: MailScanner [mailto:mailscanner-bounces+kevin.miller=juneau.org at lists.mailscanner.info] On Behalf Of Jerry Benton > Sent: Tuesday, November 29, 2016 3:17 PM > To: MailScanner Discussion > Subject: Re: Perl Error > > Ok, now it is not doing file checks at all. Apparently that is why I added ?-U? a couple years ago. > > Issue is still an issue ? > > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > > On Nov 29, 2016, at 6:51 PM, Jerry Benton > wrote: > > I removed the -U from /usr/sbin/MailScanner and that seems to have cleared the issue. > > Now I forgot why I added -U a couple of years ago ? > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > > On Nov 29, 2016, at 6:26 PM, Jerry Benton > wrote: > > Rick, > > If it were only that easy. > > Those files are the Perl modules. The problem is buried in the MailScanner code ? somewhere ? > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > > On Nov 29, 2016, at 6:19 PM, Rick Cooper > wrote: > > Look for the tainted item at those lines and untaint them? > > On November 29, 2016 6:14:26 PM EST, Jerry Benton > wrote: > More info: > > Then Dangerous Content Scanning is on, these errors happen. If you turn it off, they go away. I think this may be related to a change in a Perl module somewhere. Maybe IO::File ? Anyway, I am trying to track this down. So far I have only seen this on CentOS. If anyone can lend a hand, I would appreciate it. > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > > On Nov 29, 2016, at 5:58 PM, Jerry Benton > wrote: > > Anyone have any ideas? > > > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185. > Insecure dependency in chmod while running with -T switch at /usr/local/share/perl5/Archive/Zip/Member.pm line 517. > Insecure dependency in chmod while running with -T switch at /usr/local/share/perl5/Archive/Zip/Member.pm line 517. > > > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > > > > > > -- > Rick Cooper > Cell 260-414-8566 > Fax 260-434-4400 > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: