From norbuurgen at gmail.com Fri Apr 7 09:47:16 2017 From: norbuurgen at gmail.com (Urgen Sherpa) Date: Fri, 7 Apr 2017 15:32:16 +0545 Subject: How Spam List mapping is done to spam.lists.conf file Message-ID: Greetings !! Mailscanner version: MailScanner-5.0.3-7 Ubuntu 14.04.5 # cat /etc/MailScanner/spam.lists.conf SORBS dnsbl.sorbs.net SPAMHAUS zen.spamhaus.org SPAMCOP bl.spamcop.net # cat /etc/MailScanner.conf ... Spam List Definitions = %etc-dir%/spam.lists.conf Spam Checks = yes Spam Domain List = Spam List = SBL+XBL How is spam list mapped to the spam.lists.conf file, i cant find any key ? for example how is SBL+XBL or spamhaus-ZEN mapped to ? the SBL+XBL or spamhaus-ZEN is nowhere in spam.lists.conf file too -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Fri Apr 7 18:54:40 2017 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 7 Apr 2017 11:54:40 -0700 Subject: How Spam List mapping is done to spam.lists.conf file In-Reply-To: References: Message-ID: <82ae0e05-3dd2-74bd-1d52-44fe6299da59@msapiro.net> On 04/07/2017 02:47 AM, Urgen Sherpa wrote: > Greetings !! > Mailscanner version: MailScanner-5.0.3-7 Ubuntu 14.04.5 > > # cat /etc/MailScanner/spam.lists.conf > > SORBS dnsbl.sorbs.net > SPAMHAUS zen.spamhaus.org > SPAMCOP bl.spamcop.net > > > # cat /etc/MailScanner.conf > ... > Spam List Definitions = %etc-dir%/spam.lists.conf > Spam Checks = yes > Spam Domain List = > Spam List = SBL+XBL > > How is spam list mapped to the spam.lists.conf file, i cant find any key ? > for example how is SBL+XBL or spamhaus-ZEN mapped to ? the SBL+XBL or > spamhaus-ZEN is nowhere in spam.lists.conf file too The spam.lists.conf file was updated a long time ago, but the comment in MailScanner.conf Spam List = # spamhaus-ZEN # You can un-comment this to enable them was never changed. You can see the old contents of spam.lists.conf at Spam List is for lists based on IP and Spam Domain List is for lists based on domain name, but the names put in those settings must all be defined in the Spam List Definitions file. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Fri Apr 7 19:01:59 2017 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 7 Apr 2017 12:01:59 -0700 Subject: How Spam List mapping is done to spam.lists.conf file In-Reply-To: <82ae0e05-3dd2-74bd-1d52-44fe6299da59@msapiro.net> References: <82ae0e05-3dd2-74bd-1d52-44fe6299da59@msapiro.net> Message-ID: On 04/07/2017 11:54 AM, Mark Sapiro wrote: > > Spam List is for lists based on IP and Spam Domain List is for lists > based on domain name, but the names put in those settings must all be > defined in the Spam List Definitions file. And I meant to add that many people ignore these settings in MailScanner in favor of the SpamAssassin DNSBL checking . -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From remko at FreeBSD.org Fri Apr 7 19:04:35 2017 From: remko at FreeBSD.org (Remko Lodder) Date: Fri, 7 Apr 2017 21:04:35 +0200 Subject: How Spam List mapping is done to spam.lists.conf file In-Reply-To: References: <82ae0e05-3dd2-74bd-1d52-44fe6299da59@msapiro.net> Message-ID: > On 7 Apr 2017, at 21:01, Mark Sapiro wrote: > > On 04/07/2017 11:54 AM, Mark Sapiro wrote: >> >> Spam List is for lists based on IP and Spam Domain List is for lists >> based on domain name, but the names put in those settings must all be >> defined in the Spam List Definitions file. > > > And I meant to add that many people ignore these settings in MailScanner > in favor of the SpamAssassin DNSBL checking > . or postscreen? ;-) > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP URL: From jerry.benton at mailborder.com Fri Apr 7 22:58:45 2017 From: jerry.benton at mailborder.com (Jerry Benton) Date: Fri, 7 Apr 2017 18:58:45 -0400 Subject: Perl Check - Need Help Message-ID: <5FBBEAB2-425A-4A36-AAF6-6943F06D9224@mailborder.com> I am trying to update some Perl code that checks if a socket is FIFO or UNIX and then executes appropriately. I am not entirely sure about the UNIX socket I am creating here. Can any Perl gurus chime in? use IO::Socket::UNIX; my $pf_connection = '/var/spool/postfix/public/qmgr'; if(-p $pf_connection){ # FIFO my $fh = new FileHandle; $fh->open($pf_connection) or MailScanner::Log::WarnLog("KickMessage coould not write to FIFO " . "%s, %s", "$public/qmgr", $!); print $fh "I"; $fh->close; }elsif(-S $pf_connection){ # UNIX my $fh = IO::Socket::UNIX->new( Type => SOCK_STREAM, Peer => $pf_connection, ) or MailScanner::Log::WarnLog("KickMessage coould not write to UNIX " . "%s, %s", "$public/qmgr", $!); print $fh "I"; $fh->close; }else{ MailScanner::Log::WarnLog("Unable to determine socket type (FIFO/UNIX) " . "%s, %s", "$public/qmgr", $!); } - Jerry Benton www.mailborder.com +1 - 844-436-6245 From jerry.benton at mailborder.com Sat Apr 8 05:46:38 2017 From: jerry.benton at mailborder.com (Jerry Benton) Date: Sat, 8 Apr 2017 01:46:38 -0400 Subject: Perl Check - Need Help In-Reply-To: <5FBBEAB2-425A-4A36-AAF6-6943F06D9224@mailborder.com> References: <5FBBEAB2-425A-4A36-AAF6-6943F06D9224@mailborder.com> Message-ID: I have it working under both FIFO and UNIX, so I guess I did it right. Final code for record keeper?s sake: use IO::Socket::UNIX; sub KickMessage { my($queue2ids, $sendmail2) = @_; my($queue); # Do a kick for every queue that contains some message ids foreach $queue (keys %$queue2ids) { next unless $queue2ids->{$queue}; my $pf_connection = '/var/spool/postfix/public/qmgr'; if(-S $pf_connection){ # UNIX my $fh = IO::Socket::UNIX->new( Type => SOCK_STREAM, Peer => $pf_connection, ) or MailScanner::Log::WarnLog("KickMessage coould not write to UNIX > $pf_connection"); print $fh "I"; close $fh; }elsif(-p $pf_connection){ # FIFO my $fh = new FileHandle; open(my $fh, '>', $pf_connection) or MailScanner::Log::WarnLog("KickMessage coould not write to FIFO > $pf_connection"); print $fh "I"; close $fh; }else{ MailScanner::Log::WarnLog("Unable to determine socket type (FIFO/UNIX) > $pf_connection"); } } return 0; } - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Apr 7, 2017, at 6:58 PM, Jerry Benton wrote: > > I am trying to update some Perl code that checks if a socket is FIFO or UNIX and then executes appropriately. I am not entirely sure about the UNIX socket I am creating here. Can any Perl gurus chime in? > > use IO::Socket::UNIX; > > > my $pf_connection = '/var/spool/postfix/public/qmgr'; > if(-p $pf_connection){ > # FIFO > my $fh = new FileHandle; > $fh->open($pf_connection) or > MailScanner::Log::WarnLog("KickMessage coould not write to FIFO " . > "%s, %s", "$public/qmgr", $!); > print $fh "I"; > $fh->close; > }elsif(-S $pf_connection){ > # UNIX > my $fh = IO::Socket::UNIX->new( > Type => SOCK_STREAM, > Peer => $pf_connection, > ) or > MailScanner::Log::WarnLog("KickMessage coould not write to UNIX " . > "%s, %s", "$public/qmgr", $!); > print $fh "I"; > $fh->close; > }else{ > MailScanner::Log::WarnLog("Unable to determine socket type (FIFO/UNIX) " . > "%s, %s", "$public/qmgr", $!); > } > > > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Sat Apr 8 05:52:09 2017 From: jerry.benton at mailborder.com (Jerry Benton) Date: Sat, 8 Apr 2017 01:52:09 -0400 Subject: Perl Check - Need Help In-Reply-To: References: <5FBBEAB2-425A-4A36-AAF6-6943F06D9224@mailborder.com> Message-ID: <687AD903-BE09-4EF2-BD0F-451F9BC3DF8B@mailborder.com> One last update to remove useless line. use IO::Socket::UNIX; sub KickMessage { my($queue2ids, $sendmail2) = @_; my($queue); # Do a kick for every queue that contains some message ids foreach $queue (keys %$queue2ids) { next unless $queue2ids->{$queue}; my $pf_connection = '/var/spool/postfix/public/qmgr'; if(-S $pf_connection){ # UNIX my $fh = IO::Socket::UNIX->new( Type => SOCK_STREAM, Peer => $pf_connection, ) or MailScanner::Log::WarnLog("KickMessage coould not write to UNIX > $pf_connection"); print $fh "I"; close $fh; }elsif(-p $pf_connection){ # FIFO open(my $fh, '>', $pf_connection) or MailScanner::Log::WarnLog("KickMessage coould not write to FIFO > $pf_connection"); print $fh "I"; close $fh; }else{ MailScanner::Log::WarnLog("Unable to determine socket type (FIFO/UNIX) > $pf_connection"); } } return 0; } - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Apr 8, 2017, at 1:46 AM, Jerry Benton wrote: > > I have it working under both FIFO and UNIX, so I guess I did it right. Final code for record keeper?s sake: > > > use IO::Socket::UNIX; > > sub KickMessage { > my($queue2ids, $sendmail2) = @_; > my($queue); > > # Do a kick for every queue that contains some message ids > foreach $queue (keys %$queue2ids) { > next unless $queue2ids->{$queue}; > > my $pf_connection = '/var/spool/postfix/public/qmgr'; > > if(-S $pf_connection){ > # UNIX > my $fh = IO::Socket::UNIX->new( > Type => SOCK_STREAM, > Peer => $pf_connection, > ) or > MailScanner::Log::WarnLog("KickMessage coould not write to UNIX > $pf_connection"); > print $fh "I"; > close $fh; > }elsif(-p $pf_connection){ > # FIFO > my $fh = new FileHandle; > open(my $fh, '>', $pf_connection) or > MailScanner::Log::WarnLog("KickMessage coould not write to FIFO > $pf_connection"); > print $fh "I"; > close $fh; > }else{ > MailScanner::Log::WarnLog("Unable to determine socket type (FIFO/UNIX) > $pf_connection"); > } > } > return 0; > } > > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > >> On Apr 7, 2017, at 6:58 PM, Jerry Benton > wrote: >> >> I am trying to update some Perl code that checks if a socket is FIFO or UNIX and then executes appropriately. I am not entirely sure about the UNIX socket I am creating here. Can any Perl gurus chime in? >> >> use IO::Socket::UNIX; >> >> >> my $pf_connection = '/var/spool/postfix/public/qmgr'; >> if(-p $pf_connection){ >> # FIFO >> my $fh = new FileHandle; >> $fh->open($pf_connection) or >> MailScanner::Log::WarnLog("KickMessage coould not write to FIFO " . >> "%s, %s", "$public/qmgr", $!); >> print $fh "I"; >> $fh->close; >> }elsif(-S $pf_connection){ >> # UNIX >> my $fh = IO::Socket::UNIX->new( >> Type => SOCK_STREAM, >> Peer => $pf_connection, >> ) or >> MailScanner::Log::WarnLog("KickMessage coould not write to UNIX " . >> "%s, %s", "$public/qmgr", $!); >> print $fh "I"; >> $fh->close; >> }else{ >> MailScanner::Log::WarnLog("Unable to determine socket type (FIFO/UNIX) " . >> "%s, %s", "$public/qmgr", $!); >> } >> >> >> >> - >> Jerry Benton >> www.mailborder.com >> +1 - 844-436-6245 >> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Sat Apr 8 11:10:09 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Sat, 8 Apr 2017 07:10:09 -0400 Subject: Perl Check - Need Help In-Reply-To: <687AD903-BE09-4EF2-BD0F-451F9BC3DF8B@mailborder.com> References: <5FBBEAB2-425A-4A36-AAF6-6943F06D9224@mailborder.com> <687AD903-BE09-4EF2-BD0F-451F9BC3DF8B@mailborder.com> Message-ID: Hi Jerry, Just looked over your code. It looks straightforward and complete to me. My only question I may have is "/var/spool/postfix/public/qmgr" being hard coded. Is it possible for this path to vary depending on the postfix configuration on other systems? On Sat, Apr 8, 2017 at 1:52 AM, Jerry Benton wrote: > One last update to remove useless line. > > > use IO::Socket::UNIX; > > sub KickMessage { > my($queue2ids, $sendmail2) = @_; > my($queue); > > # Do a kick for every queue that contains some message ids > foreach $queue (keys %$queue2ids) { > next unless $queue2ids->{$queue}; > > my $pf_connection = '/var/spool/postfix/public/qmgr'; > > if(-S $pf_connection){ > # UNIX > my $fh = IO::Socket::UNIX->new( > Type => SOCK_STREAM, > Peer => $pf_connection, > ) or > MailScanner::Log::WarnLog("KickMessage coould not write to UNIX > > $pf_connection"); > print $fh "I"; > close $fh; > }elsif(-p $pf_connection){ > # FIFO > open(my $fh, '>', $pf_connection) or > MailScanner::Log::WarnLog("KickMessage coould not write to FIFO > > $pf_connection"); > print $fh "I"; > close $fh; > }else{ > MailScanner::Log::WarnLog("Unable to determine socket type (FIFO/UNIX) > > $pf_connection"); > } > } > return 0; > } > > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 <(844)%20436-6245> > > > > On Apr 8, 2017, at 1:46 AM, Jerry Benton > wrote: > > I have it working under both FIFO and UNIX, so I guess I did it right. > Final code for record keeper?s sake: > > > use IO::Socket::UNIX; > > sub KickMessage { > my($queue2ids, $sendmail2) = @_; > my($queue); > > # Do a kick for every queue that contains some message ids > foreach $queue (keys %$queue2ids) { > next unless $queue2ids->{$queue}; > > my $pf_connection = '/var/spool/postfix/public/qmgr'; > > if(-S $pf_connection){ > # UNIX > my $fh = IO::Socket::UNIX->new( > Type => SOCK_STREAM, > Peer => $pf_connection, > ) or > MailScanner::Log::WarnLog("KickMessage coould not write to UNIX > > $pf_connection"); > print $fh "I"; > close $fh; > }elsif(-p $pf_connection){ > # FIFO > my $fh = new FileHandle; > open(my $fh, '>', $pf_connection) or > MailScanner::Log::WarnLog("KickMessage coould not write to FIFO > > $pf_connection"); > print $fh "I"; > close $fh; > }else{ > MailScanner::Log::WarnLog("Unable to determine socket type (FIFO/UNIX) > > $pf_connection"); > } > } > return 0; > } > > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 <(844)%20436-6245> > > > > On Apr 7, 2017, at 6:58 PM, Jerry Benton > wrote: > > I am trying to update some Perl code that checks if a socket is FIFO or > UNIX and then executes appropriately. I am not entirely sure about the UNIX > socket I am creating here. Can any Perl gurus chime in? > > use IO::Socket::UNIX; > > > my $pf_connection = '/var/spool/postfix/public/qmgr'; > if(-p $pf_connection){ > # FIFO > my $fh = new FileHandle; > $fh->open($pf_connection) or > MailScanner::Log::WarnLog("KickMessage coould not write to FIFO " . > "%s, %s", "$public/qmgr", $!); > print $fh "I"; > $fh->close; > }elsif(-S $pf_connection){ > # UNIX > my $fh = IO::Socket::UNIX->new( > Type => SOCK_STREAM, > Peer => $pf_connection, > ) or > MailScanner::Log::WarnLog("KickMessage coould not write to UNIX " . > "%s, %s", "$public/qmgr", $!); > print $fh "I"; > $fh->close; > }else{ > MailScanner::Log::WarnLog("Unable to determine socket type (FIFO/UNIX) > " . > "%s, %s", "$public/qmgr", $!); > } > > > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 <(844)%20436-6245> > > > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Sat Apr 8 16:06:34 2017 From: mark at msapiro.net (Mark Sapiro) Date: Sat, 8 Apr 2017 09:06:34 -0700 Subject: Perl Check - Need Help In-Reply-To: References: <5FBBEAB2-425A-4A36-AAF6-6943F06D9224@mailborder.com> <687AD903-BE09-4EF2-BD0F-451F9BC3DF8B@mailborder.com> Message-ID: On 04/08/2017 04:10 AM, Shawn Iverson wrote: > Hi Jerry, > > Just looked over your code. It looks straightforward and complete to me. > > My only question I may have is "/var/spool/postfix/public/qmgr" being > hard coded. Is it possible for this path to vary depending on the > postfix configuration on other systems? It's possible. The actual path is $queue_directory/public/qmgr where queue_directory is defined in Postfix main.cf. This can be obtained via `postconf -h queue_directory`. I.e., my $qdir = `postconf -h queue_directory`; $qdir =~ s/\R//; my $pf_connection = $qdir . '/public/qmgr'; Also, in Jerry's code, "could" is misspelled in two "KickMessage coould not write to ..." messages. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From jerry.benton at mailborder.com Sat Apr 8 16:06:42 2017 From: jerry.benton at mailborder.com (Jerry Benton) Date: Sat, 8 Apr 2017 12:06:42 -0400 Subject: Perl Check - Need Help In-Reply-To: References: <5FBBEAB2-425A-4A36-AAF6-6943F06D9224@mailborder.com> <687AD903-BE09-4EF2-BD0F-451F9BC3DF8B@mailborder.com> Message-ID: <782C3995-5A55-41C2-A514-F6AC9597E9AC@mailborder.com> Yes. I updated the code already and tested it. This will be the final. Thanks for taking a look. sub KickMessage { my($queue2ids, $sendmail2) = @_; my($queue); # Do a kick for every queue that contains some message ids foreach $queue (keys %$queue2ids) { next unless $queue2ids->{$queue}; my $pf_dir = $queue; $pf_dir =~ s/[^\/]+$/public/; $pf_dir = "$pf_dir/qmgr"; if(-S $pf_dir){ # UNIX my $fh = IO::Socket::UNIX->new( Type => SOCK_STREAM, Peer => $pf_dir, ) or MailScanner::Log::WarnLog("KickMessage coould not write to UNIX > $pf_dir"); print $fh "I"; close $fh; }elsif(-p $pf_dir){ # FIFO open(my $fh, '>', $pf_dir) or MailScanner::Log::WarnLog("KickMessage coould not write to FIFO > $pf_dir"); print $fh "I"; close $fh; }else{ MailScanner::Log::WarnLog("Unable to determine socket type (FIFO/UNIX) > $pf_dir"); } } return 0; } - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Apr 8, 2017, at 7:10 AM, Shawn Iverson wrote: > > Hi Jerry, > > Just looked over your code. It looks straightforward and complete to me. > > My only question I may have is "/var/spool/postfix/public/qmgr" being hard coded. Is it possible for this path to vary depending on the postfix configuration on other systems? > > On Sat, Apr 8, 2017 at 1:52 AM, Jerry Benton > wrote: > One last update to remove useless line. > > > use IO::Socket::UNIX; > > sub KickMessage { > my($queue2ids, $sendmail2) = @_; > my($queue); > > # Do a kick for every queue that contains some message ids > foreach $queue (keys %$queue2ids) { > next unless $queue2ids->{$queue}; > > my $pf_connection = '/var/spool/postfix/public/qmgr'; > > if(-S $pf_connection){ > # UNIX > my $fh = IO::Socket::UNIX->new( > Type => SOCK_STREAM, > Peer => $pf_connection, > ) or > MailScanner::Log::WarnLog("KickMessage coould not write to UNIX > $pf_connection"); > print $fh "I"; > close $fh; > }elsif(-p $pf_connection){ > # FIFO > open(my $fh, '>', $pf_connection) or > MailScanner::Log::WarnLog("KickMessage coould not write to FIFO > $pf_connection"); > print $fh "I"; > close $fh; > }else{ > MailScanner::Log::WarnLog("Unable to determine socket type (FIFO/UNIX) > $pf_connection"); > } > } > return 0; > } > > > - > Jerry Benton > www.mailborder.com > +1 -?844-436-6245 > > > >> On Apr 8, 2017, at 1:46 AM, Jerry Benton > wrote: >> >> I have it working under both FIFO and UNIX, so I guess I did it right. Final code for record keeper?s sake: >> >> >> use IO::Socket::UNIX; >> >> sub KickMessage { >> my($queue2ids, $sendmail2) = @_; >> my($queue); >> >> # Do a kick for every queue that contains some message ids >> foreach $queue (keys %$queue2ids) { >> next unless $queue2ids->{$queue}; >> >> my $pf_connection = '/var/spool/postfix/public/qmgr'; >> >> if(-S $pf_connection){ >> # UNIX >> my $fh = IO::Socket::UNIX->new( >> Type => SOCK_STREAM, >> Peer => $pf_connection, >> ) or >> MailScanner::Log::WarnLog("KickMessage coould not write to UNIX > $pf_connection"); >> print $fh "I"; >> close $fh; >> }elsif(-p $pf_connection){ >> # FIFO >> my $fh = new FileHandle; >> open(my $fh, '>', $pf_connection) or >> MailScanner::Log::WarnLog("KickMessage coould not write to FIFO > $pf_connection"); >> print $fh "I"; >> close $fh; >> }else{ >> MailScanner::Log::WarnLog("Unable to determine socket type (FIFO/UNIX) > $pf_connection"); >> } >> } >> return 0; >> } >> >> >> - >> Jerry Benton >> www.mailborder.com >> +1 -?844-436-6245 >> >> >> >>> On Apr 7, 2017, at 6:58 PM, Jerry Benton > wrote: >>> >>> I am trying to update some Perl code that checks if a socket is FIFO or UNIX and then executes appropriately. I am not entirely sure about the UNIX socket I am creating here. Can any Perl gurus chime in? >>> >>> use IO::Socket::UNIX; >>> >>> >>> my $pf_connection = '/var/spool/postfix/public/qmgr'; >>> if(-p $pf_connection){ >>> # FIFO >>> my $fh = new FileHandle; >>> $fh->open($pf_connection) or >>> MailScanner::Log::WarnLog("KickMessage coould not write to FIFO " . >>> "%s, %s", "$public/qmgr", $!); >>> print $fh "I"; >>> $fh->close; >>> }elsif(-S $pf_connection){ >>> # UNIX >>> my $fh = IO::Socket::UNIX->new( >>> Type => SOCK_STREAM, >>> Peer => $pf_connection, >>> ) or >>> MailScanner::Log::WarnLog("KickMessage coould not write to UNIX " . >>> "%s, %s", "$public/qmgr", $!); >>> print $fh "I"; >>> $fh->close; >>> }else{ >>> MailScanner::Log::WarnLog("Unable to determine socket type (FIFO/UNIX) " . >>> "%s, %s", "$public/qmgr", $!); >>> } >>> >>> >>> >>> - >>> Jerry Benton >>> www.mailborder.com >>> +1 - 844-436-6245 >>> >>> >>> >> > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > -- > Shawn Iverson > Director of Technology > Rush County Schools > 765-932-3901 x271 > iversons at rushville.k12.in.us > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Sat Apr 8 16:12:36 2017 From: jerry.benton at mailborder.com (Jerry Benton) Date: Sat, 8 Apr 2017 12:12:36 -0400 Subject: Perl Check - Need Help In-Reply-To: References: <5FBBEAB2-425A-4A36-AAF6-6943F06D9224@mailborder.com> <687AD903-BE09-4EF2-BD0F-451F9BC3DF8B@mailborder.com>

Message-ID: <47A07001-2F5D-4920-9925-5832300173A3@mailborder.com> I updated the ?could? :) Do you think it would be faster to get the directory using postconf or to just use the regex? - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Apr 8, 2017, at 12:06 PM, Mark Sapiro wrote: > > On 04/08/2017 04:10 AM, Shawn Iverson wrote: >> Hi Jerry, >> >> Just looked over your code. It looks straightforward and complete to me. >> >> My only question I may have is "/var/spool/postfix/public/qmgr" being >> hard coded. Is it possible for this path to vary depending on the >> postfix configuration on other systems? > > > It's possible. The actual path is $queue_directory/public/qmgr where > queue_directory is defined in Postfix main.cf. This can be obtained via > `postconf -h queue_directory`. I.e., > > my $qdir = `postconf -h queue_directory`; > $qdir =~ s/\R//; > my $pf_connection = $qdir . '/public/qmgr'; > > Also, in Jerry's code, "could" is misspelled in two "KickMessage coould > not write to ..." messages. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Sat Apr 8 16:16:52 2017 From: mark at msapiro.net (Mark Sapiro) Date: Sat, 8 Apr 2017 09:16:52 -0700 Subject: Perl Check - Need Help In-Reply-To: <47A07001-2F5D-4920-9925-5832300173A3@mailborder.com> References: <5FBBEAB2-425A-4A36-AAF6-6943F06D9224@mailborder.com> <687AD903-BE09-4EF2-BD0F-451F9BC3DF8B@mailborder.com>

<47A07001-2F5D-4920-9925-5832300173A3@mailborder.com> Message-ID: <2b952a15-6a39-aff6-42b2-8c14844c9eae@msapiro.net> On 04/08/2017 09:12 AM, Jerry Benton wrote: > I updated the ?could? :) > > Do you think it would be faster to get the directory using postconf or > to just use the regex? Our emails crossed. I think the way you have it now is fine. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From alkazee at gmail.com Mon Apr 17 11:58:58 2017 From: alkazee at gmail.com (Filipe Ferreira) Date: Mon, 17 Apr 2017 12:58:58 +0100 Subject: Spam being classified as Clean and delivered Message-ID: Hi, I?m seeing a lot of spam being classified as ?Clean? and delivered in my mailscanner. I have MailScanner 4.84.3, clamav 0.98 and spamassassin 3.3.1. As you can see in the conf, I have 1.5 as High SpamAssassin score, but I?m seeing a lot of emails with SA scores > 1.5 being labeled as ?Clean? and delivered to the MailBoxes. I?m still seeing a lot of emails being classified as spam in the quarantine, but all of this spam is ?Listed in RBL?. All the emails with SA score bigger then 1.5 that aren?t "listed in RBLs", aren't being labeled as spam. So, I think that I have some small problem with my config because it?s only moving to quarantine emails that are listed in RBL and delivering emails with sa scores bigger then 1.5, but not listed in rbl. Best Regards, Jos? Ferreira -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: MailScanner.conf Type: application/octet-stream Size: 13766 bytes Desc: not available URL: From kenneth at khansen-it.dk Mon Apr 17 15:33:40 2017 From: kenneth at khansen-it.dk (Kenneth Hansen) Date: Mon, 17 Apr 2017 17:33:40 +0200 Subject: MailScanner setup with CentOS 7 Message-ID: Hi I am working on building a MailScanner server using CentOS 7.3 However, I am facing some issues with the mail delivery to this server. I have used firewall-cmd to allow smtp and smiths into the server, but there are a few things that I cannot seem to find out. I am using sendmail as my MTA. In the installation guide it tells me to change the start command for sendmail, but this cannot be done, as the mentioned files are not there. Where should I make this change and is it even needed. The required mqueue.in directory was already created for me. I am also having an issue with clamav. I have set the MailScanner.conf to use clamd as the virus scanner, but in the output from systemctl status MailScanner -l, it states that it ?Cannot find Socket (/var/run/clamav/clamd.sock)? And also ?Virus Scanning: No virus scanners worked, so message batch was abandoned and retried? These seem like minor issues, but there is one quite big issue that I am facing. I cannot connect on port 25 and deliver mail to this server. To make sure that it was configured correctly, I tried to use telnet from a local server on the same network and connect on port 25, 587 and 465, but they all state connection refused. Looking at the server that was trying to send a test email, it is also getting connection refused. Can someone point me to a full step by step guide on how to correctly install and configure MailScanner with Sendmail on CentOS 7 Have great evening Kenneth -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex at vidadigital.com.pa Mon Apr 17 17:25:59 2017 From: alex at vidadigital.com.pa (alex at vidadigital.com.pa) Date: Mon, 17 Apr 2017 12:25:59 -0500 Subject: Spam being classified as Clean and delivered In-Reply-To: References: Message-ID: <57CE83CC-D194-4EA1-8DF4-4D76F0B6DDDB@vidadigital.com.pa> You should really update CLAM. Do you have any log snippets of a single message going through the whole process? Alex Neuman van der Hans Producer/Host, Vida Digital +1 (440) 253-9789 | +507 6781-9505 | Panama |alex at vidadigital.com.pa | http://vidadigital.com.pa/ | Skype:alexneuman | wiseintro.co/alexneuman > On Apr 17, 2017, at 6:58 AM, Filipe Ferreira wrote: > > Hi, > > > I?m seeing a lot of spam being classified as ?Clean? and delivered in my mailscanner. I have MailScanner 4.84.3, clamav 0.98 and spamassassin 3.3.1. As you can see in the conf, I have 1.5 as High SpamAssassin score, but I?m seeing a lot of emails with SA scores > 1.5 being labeled as ?Clean? and delivered to the MailBoxes. I?m still seeing a lot of emails being classified as spam in the quarantine, but all of this spam is ?Listed in RBL?. All the emails with SA score bigger then 1.5 that aren?t "listed in RBLs", aren't being labeled as spam. So, I think that I have some small problem with my config because it?s only moving to quarantine emails that are listed in RBL and delivering emails with sa scores bigger then 1.5, but not listed in rbl. > > > > Best Regards, > > Jos? Ferreira > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alkazee at gmail.com Tue Apr 18 09:06:35 2017 From: alkazee at gmail.com (Filipe Ferreira) Date: Tue, 18 Apr 2017 10:06:35 +0100 Subject: Spam being classified as Clean and delivered In-Reply-To: <57CE83CC-D194-4EA1-8DF4-4D76F0B6DDDB@vidadigital.com.pa> References: <57CE83CC-D194-4EA1-8DF4-4D76F0B6DDDB@vidadigital.com.pa> Message-ID: Hi Alex Hans, I updated the clamav today, thanks for the reminder. I did some more digging yesterday and I found that in the SpamAssassin, Spam Report when I selected the emails on mailscanner the required value was 6, that's why the emails with the score bigger than 1.5 and not listed in rbl were considered as "clean". I searched the MailScanner.conf and I found the "Required SpamAssassin Score" entry, I changed it to 1.5 and after reload, I'm now seeing the required valued as 1.5 and the emails not listed in rbl but with score bigger than 1.5 are being blocked. Best Regards, Jos? Filipe Ferreira. On Mon, Apr 17, 2017 at 6:25 PM, wrote: > You should really update CLAM. > Do you have any log snippets of a single message going through the whole > process? > > [image: logo] > *Alex Neuman van der Hans* *Producer/Host**, Vida Digital* > +1 (440) 253-9789 <+1%20(440)%20253-9789> | +507 6781-9505 > <+507%206781-9505> | Panama |alex at vidadigital.com.pa | http:// > vidadigital.com.pa/ | Skype:alexneuman > > | wiseintro.co/alexneuman > > > > > > > > > > > On Apr 17, 2017, at 6:58 AM, Filipe Ferreira wrote: > > Hi, > > > I?m seeing a lot of spam being classified as ?Clean? and delivered in my > mailscanner. I have MailScanner 4.84.3, clamav 0.98 and spamassassin 3.3.1. > As you can see in the conf, I have 1.5 as High SpamAssassin score, but I?m > seeing a lot of emails with SA scores > 1.5 being labeled as ?Clean? and > delivered to the MailBoxes. I?m still seeing a lot of emails being > classified as spam in the quarantine, but all of this spam is ?Listed in > RBL?. All the emails with SA score bigger then 1.5 that aren?t "listed in > RBLs", aren't being labeled as spam. So, I think that I have some small > problem with my config because it?s only moving to quarantine emails that > are listed in RBL and delivering emails with sa scores bigger then 1.5, but > not listed in rbl. > > > Best Regards, > > Jos? Ferreira > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Tue Apr 18 20:58:16 2017 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 18 Apr 2017 16:58:16 -0400 Subject: Permission denied References: Message-ID: Has anyone you encountered the errors below before? I have already replaced the MailWatch.pm file with a known-good file. Spamassassin is also not loading. Not sure if it is a permissions problems or maybe system resources? It does not do this every time. Apr 18 15:52:27 smtp2 MailScanner[4395]: MailScanner Email Processor version 5.0.3 starting... Apr 18 15:52:27 smtp2 MailScanner[4395]: Could not use Custom Function code /usr/share/MailScanner/perl/custom/MailWatch.pm, it could not be "require"d. Make sure the last line is "1;" and the module is correct with perl -wc (Error: Can't locate Storable.pm: Permission denied at /usr/share/MailScanner/perl/custom/MailWatch.pm line 35. Apr 18 15:52:27 smtp2 MailScanner[4395]: BEGIN failed--compilation aborted at /usr/share/MailScanner/perl/custom/MailWatch.pm line 35. Apr 18 15:52:27 smtp2 MailScanner[4395]: Compilation failed in require at /usr/share/MailScanner/perl/MailScanner/Config.pm line 752. Apr 18 15:52:27 smtp2 MailScanner[4395]: ) Apr 18 15:52:27 smtp2 MailScanner[4395]: Reading configuration file /etc/MailScanner/MailScanner.conf Apr 18 15:52:27 smtp2 MailScanner[4395]: Read 1501 hostnames from the phishing whitelist Apr 18 15:52:28 smtp2 MailScanner[4395]: Read 14628 hostnames from the phishing blacklists Apr 18 15:52:28 smtp2 MailScanner[4395]: Config: calling custom init function MailWatchLogging Apr 18 15:52:28 smtp2 MailScanner[4395]: You want to use SpamAssassin but have not installed it. Apr 18 15:52:28 smtp2 MailScanner[4395]: I will run without SpamAssassin for now, you will not detect much spam until you install SpamAssassin. Apr 18 15:52:28 smtp2 MailScanner[4395]: Connected to Processing Attempts Database Apr 18 15:52:28 smtp2 MailScanner[4395]: Found 0 messages in the Processing Attempts Database Apr 18 15:52:28 smtp2 MailScanner[4395]: Using locktype = flock - Jerry Benton www.mailborder.com +1 - 844-436-6245 -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Tue Apr 18 21:18:42 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Tue, 18 Apr 2017 17:18:42 -0400 Subject: Permission denied In-Reply-To: References:

Message-ID: That's kind've bizzare, a permission denied loading Storable.pm? Smells like selinux or apparmor... On Tue, Apr 18, 2017 at 4:58 PM, Jerry Benton wrote: > > Has anyone you encountered the errors below before? I have already > replaced the MailWatch.pm file with a known-good file. Spamassassin is also > not loading. Not sure if it is a permissions problems or maybe system > resources? It does not do this every time. > > > > Apr 18 15:52:27 smtp2 MailScanner[4395]: MailScanner Email Processor > version 5.0.3 starting... > Apr 18 15:52:27 smtp2 MailScanner[4395]: Could not use Custom Function > code /usr/share/MailScanner/perl/custom/MailWatch.pm, it could not be > "require"d. Make sure the last line is "1;" and the module is correct with > perl -wc (Error: Can't locate Storable.pm: Permission denied at > /usr/share/MailScanner/perl/custom/MailWatch.pm line 35. > Apr 18 15:52:27 smtp2 MailScanner[4395]: BEGIN failed--compilation aborted > at /usr/share/MailScanner/perl/custom/MailWatch.pm line 35. > Apr 18 15:52:27 smtp2 MailScanner[4395]: Compilation failed in require at > /usr/share/MailScanner/perl/MailScanner/Config.pm line 752. > Apr 18 15:52:27 smtp2 MailScanner[4395]: ) > Apr 18 15:52:27 smtp2 MailScanner[4395]: Reading configuration file > /etc/MailScanner/MailScanner.conf > Apr 18 15:52:27 smtp2 MailScanner[4395]: Read 1501 hostnames from the > phishing whitelist > Apr 18 15:52:28 smtp2 MailScanner[4395]: Read 14628 hostnames from the > phishing blacklists > Apr 18 15:52:28 smtp2 MailScanner[4395]: Config: calling custom init > function MailWatchLogging > Apr 18 15:52:28 smtp2 MailScanner[4395]: You want to use SpamAssassin but > have not installed it. > Apr 18 15:52:28 smtp2 MailScanner[4395]: I will run without SpamAssassin > for now, you will not detect much spam until you install SpamAssassin. > Apr 18 15:52:28 smtp2 MailScanner[4395]: Connected to Processing Attempts > Database > Apr 18 15:52:28 smtp2 MailScanner[4395]: Found 0 messages in the > Processing Attempts Database > Apr 18 15:52:28 smtp2 MailScanner[4395]: Using locktype = flock > > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 <(844)%20436-6245> > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Tue Apr 18 21:22:49 2017 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 18 Apr 2017 14:22:49 -0700 Subject: Permission denied In-Reply-To: References:

Message-ID: <959890cc-5293-d628-a8aa-1c590e2e896a@msapiro.net> On 04/18/2017 01:58 PM, Jerry Benton wrote: > > Apr 18 15:52:27 smtp2 MailScanner[4395]: MailScanner Email Processor > version 5.0.3 starting... > Apr 18 15:52:27 smtp2 MailScanner[4395]: Could not use Custom Function > code /usr/share/MailScanner/perl/custom/MailWatch.pm, it could not be > "require"d. Make sure the last line is "1;" and the module is correct > with perl -wc (Error: Can't locate Storable.pm: Permission denied at > /usr/share/MailScanner/perl/custom/MailWatch.pm line 35. It appears that MailWatch.pm at its line 35 is trying to 'use Storable' which can't be found. Is it installed, world readable, in perl's search path ...? What, if anything, does perl -e 'use Storable;' say? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From jerry.benton at mailborder.com Tue Apr 18 21:26:23 2017 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 18 Apr 2017 17:26:23 -0400 Subject: Permission denied In-Reply-To: <959890cc-5293-d628-a8aa-1c590e2e896a@msapiro.net> References:

<959890cc-5293-d628-a8aa-1c590e2e896a@msapiro.net> Message-ID: <7DD414E8-506F-4485-A985-E1DE21710F40@mailborder.com> Yes, it is installed. It seems to only do this when MailScanner restarts itself. If you start it from the CLI it does not do this. - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Apr 18, 2017, at 5:22 PM, Mark Sapiro wrote: > > On 04/18/2017 01:58 PM, Jerry Benton wrote: >> >> Apr 18 15:52:27 smtp2 MailScanner[4395]: MailScanner Email Processor >> version 5.0.3 starting... >> Apr 18 15:52:27 smtp2 MailScanner[4395]: Could not use Custom Function >> code /usr/share/MailScanner/perl/custom/MailWatch.pm, it could not be >> "require"d. Make sure the last line is "1;" and the module is correct >> with perl -wc (Error: Can't locate Storable.pm: Permission denied at >> /usr/share/MailScanner/perl/custom/MailWatch.pm line 35. > > > It appears that MailWatch.pm at its line 35 is trying to 'use Storable' > which can't be found. Is it installed, world readable, in perl's search > path ...? > > What, if anything, does > > perl -e 'use Storable;' > > say? > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Tue Apr 18 21:57:18 2017 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 18 Apr 2017 14:57:18 -0700 Subject: Permission denied In-Reply-To: <7DD414E8-506F-4485-A985-E1DE21710F40@mailborder.com> References:

<959890cc-5293-d628-a8aa-1c590e2e896a@msapiro.net> <7DD414E8-506F-4485-A985-E1DE21710F40@mailborder.com> Message-ID: <7a7d7bf1-dfda-23d5-b1ba-d50bb9b4483a@msapiro.net> On 04/18/2017 02:26 PM, Jerry Benton wrote: > Yes, it is installed. It seems to only do this when MailScanner restarts > itself. If you start it from the CLI it does not do this. What if you start from the command line as the MailScanner Run As User? What if you do perl -e 'use Storable;' as the MailScanner Run As User? As Shawn suggested, it could be a SELinux or apparmor issue. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From jerry.benton at mailborder.com Tue Apr 18 21:59:05 2017 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 18 Apr 2017 17:59:05 -0400 Subject: Permission denied In-Reply-To: <7a7d7bf1-dfda-23d5-b1ba-d50bb9b4483a@msapiro.net> References:

<959890cc-5293-d628-a8aa-1c590e2e896a@msapiro.net> <7DD414E8-506F-4485-A985-E1DE21710F40@mailborder.com> <7a7d7bf1-dfda-23d5-b1ba-d50bb9b4483a@msapiro.net> Message-ID: <2913E67A-795E-40E9-8E82-1696CB8A8489@mailborder.com> I will check out the apparmor angle. I guess that should always be my default starting position. - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Apr 18, 2017, at 5:57 PM, Mark Sapiro wrote: > > On 04/18/2017 02:26 PM, Jerry Benton wrote: >> Yes, it is installed. It seems to only do this when MailScanner restarts >> itself. If you start it from the CLI it does not do this. > > > What if you start from the command line as the MailScanner Run As User? > > What if you do > > perl -e 'use Storable;' > > as the MailScanner Run As User? > > As Shawn suggested, it could be a SELinux or apparmor issue. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From robbertdewaard at hotmail.com Fri Apr 21 13:12:54 2017 From: robbertdewaard at hotmail.com (Robbert Verwaard) Date: Fri, 21 Apr 2017 13:12:54 +0000 Subject: Acting upon "MailScanner has detected a possible fraud attempt from..." Message-ID: Hi all, MailScanner still relays messages after adding a an extra statement "MailScanner has detected a possible fraud attempt from..." in the mail body. It might as well just rate it as spam. Which setting can I use to increased the weight for this trigger / or just have the mail directly triggered as spam? Kind regards, Robbert -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Fri Apr 21 19:31:59 2017 From: jerry.benton at mailborder.com (Jerry Benton) Date: Fri, 21 Apr 2017 15:31:59 -0400 Subject: Acting upon "MailScanner has detected a possible fraud attempt from..." In-Reply-To: References: Message-ID: <85CB224B-1385-4D20-8C6B-E7F07C59CE36@mailborder.com> It is not always spam. These days this usually triggers when a company has a display name of their domain but in the link they actually have something related to a tracker before it takes them to their domain. The link is still legit, but MailScanner has a hissy over it. The code currently does not support treating the message as spam as far as I am aware. - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Apr 21, 2017, at 9:12 AM, Robbert Verwaard wrote: > > Hi all, > > MailScanner still relays messages after adding a an extra statement "MailScanner has detected a possible fraud attempt from..." in the mail body. > > It might as well just rate it as spam. Which setting can I use to increased the weight for this trigger / or just have the mail directly triggered as spam? > > Kind regards, > Robbert > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From vlad at vladville.com Fri Apr 21 23:24:18 2017 From: vlad at vladville.com (Vlad Mazek) Date: Fri, 21 Apr 2017 19:24:18 -0400 Subject: Rules for phishing Message-ID: About the following options, can they be defined as a rule file, so I can have a different text for every domain? Filename Modify Subject = yes Filename Subject Text = [BLOCKED] Content Modify Subject = no Content Subject Text = [DANGER] Size Modify Subject = no Size Subject Text = {Size} Disarmed Modify Subject = no Disarmed Subject Text =[DISARMED] Phishing Modify Subject = no Phishing Subject Text = [FRAUD] Vlad Mazek -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Fri Apr 21 23:48:42 2017 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 21 Apr 2017 16:48:42 -0700 Subject: Rules for phishing In-Reply-To: References: Message-ID: On 04/21/2017 04:24 PM, Vlad Mazek wrote: > About the following options, can they be defined as a rule file, so I > can have a different text for every domain? > > Filename Modify Subject = yes > Filename Subject Text = [BLOCKED] > Content Modify Subject = no > Content Subject Text = [DANGER] > Size Modify Subject = no > Size Subject Text = {Size} > Disarmed Modify Subject = no > Disarmed Subject Text =[DISARMED] > Phishing Modify Subject = no > Phishing Subject Text = [FRAUD] Any of the above can be a ruleset. If you go to you will find a listing of all the MailScanner config settings including whether or not the setting can be a ruleset and if so, whether it's First Match or All Match. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From vlad at vladville.com Tue Apr 25 09:22:03 2017 From: vlad at vladville.com (Vlad Mazek) Date: Tue, 25 Apr 2017 05:22:03 -0400 Subject: Documentation for Use Custom Spam Scanner Message-ID: I've got a few general questions about the custom spam scanner function and how it's executed, reported, and prioritized along with SpamAssassin and other stuff. Is custom spam spam scanner executed after SpamAssassin or is it run in parallel? What I'm asking is if messages are only sent to it after it's passed SA as non-spam and other virus scanning? When the custom spam scanner returns a score is that used as the overall score or is it added to the SpamAssassin score? MailScanner whitelists still override it, right? So even if the custom spam scanner returns a high score, whitelist will get it delivered regardless of spam settings of store/delete? -Vlad -------------- next part -------------- An HTML attachment was scrubbed... URL: From danita at caledonia.net Tue Apr 25 16:05:27 2017 From: danita at caledonia.net (Danita Zanre) Date: Tue, 25 Apr 2017 18:05:27 +0200 Subject: Being hammered with viruses Message-ID: I have one site that I scan for that is just being inundated with spam and viruses. ?My poor server simply cannot keep up! ?We are right now getting hammered with viruses, for example. ?I need to figure out how to tweak this a bit. ?I could add more memory/CPU, but first I want to see if there are things I can do first to make the system run better. 1. ?I think I should stop sending email messages to ME when viruses happen, but I can?t figure out what?s sending me those. ?I also use Mailwatch, in case it?s involved. 2. ?Can I make some changes to postscreen that will make it drop more of these connections? ?I?m pretty much just using ?defaults?. 3. ?I don?t think in Postfix you can limit inbound connections really. ?The other email system I work with for my corporate email allows you to choose how many inbound threads and how many outbound threads. ?It?s our policy to always have twice as many outbound threads as inbound so that we can handle these kind of load systems. ?I?m accepting so much more JUNK than I have time to throw away. ?Especially with #1 above, where I?m getting sent thousands of virus notices ;-) I appreciate any pointers here! ?Thanks. Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia.Net?LLC Tel: (720) 319-8240 - Move Out of the Office -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner at replies.cyways.com Tue Apr 25 17:18:59 2017 From: mailscanner at replies.cyways.com (Peter H. Lemieux) Date: Tue, 25 Apr 2017 13:18:59 -0400 Subject: Being hammered with viruses In-Reply-To: References: Message-ID: <76efeb12-b053-a7bd-2533-6c9144d1d921@replies.cyways.com> I rely on a combination of iptables rules and a lengthy access.db in sendmail to handle these sorts of problems. You can add similar rules to a Postfix server using smtpd_client_restrictions, smtpd_sender_restrictions and smtpd_helo_restrictions in main.cf. In client_restrictions I have smtpd_client_restrictions = sleep 3, reject_unauth_pipelining, check_sender_access pcre:/etc/postfix/sender_access The first line enforces a three-second delay on the transaction which blocks spam flooding from senders that don't use the HELO/EHLO commands in the SMTP protocol. This is the Postfix equivalent of sendmail's "greetpause" directive. I also have a set of regex-based rules in the /etc/postfix/sender_access file like these: # no mail from outsiders claiming to be us /\.example\.com$/ REJECT /10-10-10/ REJECT # no two-letter country-code domains except us/ca /\.us$/ OK /\.ca$/ OK /\.[a-z][a-z]$/ REJECT US senders only The first rejects mail coming in claiming to be from senders in the local domain. That may not work for you if you support remote clients. The second line protects against mail claiming to be from senders using alleged hostnames that mimic the server's IP address. This client is a-US based community health center so they only want to accept mail from the US and CA country-code domains which gives rise to the second set of rules. If you don't need to accept mail from servers in .vn, .in, .ru, etc., rules like this can help. In the ruleset for helo_access I block a variety of the newer top-level domains that have become havens for spammers: /\.click$/ REJECT /\.date$/ REJECT /\.faith$/ REJECT /\.party$/ REJECT /\.link$/ REJECT /\.xyz$/ REJECT /\.download$/ REJECT /\.top$/ REJECT /\.space$/ REJECT /\.win$/ REJECT /\.stream$/ REJECT /\.gdn$/ REJECT /\.website$/ REJECT /\.bid$/ REJECT I run a script each day which scans the mail log and tallies up the number of rejections per IP address. Any IP address that generated ten or more spam rejections in a single day is blocked via an iptables rule. The overall objective here is to drop as much junk as possible at the doorstep so MailScanner need not bother with it. Peter On 04/25/2017 12:05 PM, Danita Zanre wrote: > I have one site that I scan for that is just being inundated with spam > and viruses. My poor server simply cannot keep up! From michael at huntley.net Tue Apr 25 17:33:51 2017 From: michael at huntley.net (Michael Huntley) Date: Tue, 25 Apr 2017 10:33:51 -0700 Subject: Being hammered with viruses In-Reply-To: References: Message-ID: <8027a0d38a568f2818d72555139e2dad@huntley.net> Danita - In postscreen do you have any rbls? This should help: postscreen_dnsbl_sites = psbl.surriel.com, bl.spamcop.net, zen.spamhaus.org postscreen_dnsbl_action = enforce postscreen_greet_action = enforce Keeping it simple. Zen stops a huge amount of spam. You can also use deep analysis with postscreen which closes the connection forcing senders to reconnect or use a greylist daemon. Peter's ideas in the other email to you are viable as well. Cheers, mph On 2017-04-25 09:05, Danita Zanre wrote: > I have one site that I scan for that is just being inundated with spam and viruses. My poor server simply cannot keep up! We are right now getting hammered with viruses, for example. I need to figure out how to tweak this a bit. I could add more memory/CPU, but first I want to see if there are things I can do first to make the system run better. > > 1. I think I should stop sending email messages to ME when viruses happen, but I can't figure out what's sending me those. I also use Mailwatch, in case it's involved. > 2. Can I make some changes to postscreen that will make it drop more of these connections? I'm pretty much just using "defaults". > 3. I don't think in Postfix you can limit inbound connections really. The other email system I work with for my corporate email allows you to choose how many inbound threads and how many outbound threads. It's our policy to always have twice as many outbound threads as inbound so that we can handle these kind of load systems. I'm accepting so much more JUNK than I have time to throw away. Especially with #1 above, where I'm getting sent thousands of virus notices ;-) > > I appreciate any pointers here! Thanks. > DANITA ZANR?, _Move Out of the Office_ > I love my job, and you can too! > Tel: (720) 319-7530 - Caledonia.Net [1] LLC > Tel: (720) 319-8240 - Move Out of the Office Links: ------ [1] http://caledonia.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner at replies.cyways.com Tue Apr 25 17:38:33 2017 From: mailscanner at replies.cyways.com (Peter H. Lemieux) Date: Tue, 25 Apr 2017 13:38:33 -0400 Subject: Being hammered with viruses In-Reply-To: <8027a0d38a568f2818d72555139e2dad@huntley.net> References: <8027a0d38a568f2818d72555139e2dad@huntley.net> Message-ID: I don't enforce RBLs at the SMTP level for fear of false positives. I let SpamAssassin consult the RBLs instead and score them accordingly, That does mean such messages will need to be handled by MailScanner and not blocked at the doorstep though. Peter On 04/25/2017 01:33 PM, Michael Huntley wrote: > Danita - > > In postscreen do you have any rbls? From michael at huntley.net Tue Apr 25 17:47:23 2017 From: michael at huntley.net (Michael Huntley) Date: Tue, 25 Apr 2017 10:47:23 -0700 Subject: Being hammered with viruses In-Reply-To: References: <8027a0d38a568f2818d72555139e2dad@huntley.net> Message-ID: True. I only trust the three rbls I use - I do realize spamcop may hit on a false positive from time-to-time. I wonder - Danita what are your various smtp/helo/client restrictions within postfix? Cheers, mph On 2017-04-25 10:38, Peter H. Lemieux wrote: > I don't enforce RBLs at the SMTP level for fear of false positives. I let SpamAssassin consult the RBLs instead and score them accordingly, That does mean such messages will need to be handled by MailScanner and not blocked at the doorstep though. > > Peter > > On 04/25/2017 01:33 PM, Michael Huntley wrote: > >> Danita - >> >> In postscreen do you have any rbls? -------------- next part -------------- An HTML attachment was scrubbed... URL: From maxsec at gmail.com Wed Apr 26 05:48:09 2017 From: maxsec at gmail.com (Martin Hepworth) Date: Wed, 26 Apr 2017 05:48:09 +0000 Subject: Being hammered with viruses In-Reply-To: References: <8027a0d38a568f2818d72555139e2dad@huntley.net> Message-ID: Also graylisting on the inbound connection Along with postfix doing unknown recipient rejection Martin On Tue, 25 Apr 2017 at 18:47, Michael Huntley wrote: > True. I only trust the three rbls I use - I do realize spamcop may hit on > a false positive from time-to-time. > > I wonder - > > Danita what are your various smtp/helo/client restrictions within postfix? > Cheers, > > mph > > On 2017-04-25 10:38, Peter H. Lemieux wrote: > > I don't enforce RBLs at the SMTP level for fear of false positives. I let > SpamAssassin consult the RBLs instead and score them accordingly, That does > mean such messages will need to be handled by MailScanner and not blocked > at the doorstep though. > > Peter > > > On 04/25/2017 01:33 PM, Michael Huntley wrote: > > Danita - > > In postscreen do you have any rbls? > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: From dave at jonesol.com Wed Apr 26 15:20:55 2017 From: dave at jonesol.com (Dave Jones) Date: Wed, 26 Apr 2017 10:20:55 -0500 Subject: Being hammered with viruses In-Reply-To: References: <8027a0d38a568f2818d72555139e2dad@huntley.net> Message-ID: Use Postscreen RBL weighting to help prevent false positives. It's amazing how well this works to make your filtering better than the expensive appliances out there like Barracuda's and IronPort's that can't do this. postscreen_cache_retention_time = 7d postscreen_bare_newline_ttl = 7d postscreen_greet_ttl = 7d postscreen_non_smtp_command_ttl = 7d postscreen_pipelining_ttl = 7d postscreen_dnsbl_ttl = 1m postscreen_dnsbl_threshold = 8 postscreen_dnsbl_action = enforce postscreen_greet_action = enforce postscreen_greet_wait = ${stress?1}${stress:11}s postscreen_bare_newline_action = enforce postscreen_bare_newline_enable = yes postscreen_non_smtp_command_enable = yes postscreen_pipelining_enable = yes postscreen_dnsbl_whitelist_threshold = -1 postscreen_blacklist_action = drop postscreen_dnsbl_sites = bl.sorbs.net=127.0.0.10*9 dnsbl.sorbs.net=127.0.0.14*9 zen.spamhaus.org=127.0.0.[10;11]*8 dnsbl.sorbs.net=127.0.0.5*7 zen.spamhaus.org=127.0.0.[4..7]*7 b.barracudacentral.org=127.0.0.2*7 zen.spamhaus.org=127.0.0.3*7 dnsbl.inps.de=127.0.0.2*7 hostkarma.junkemailfilter.com=127.0.0.2*4 dnsbl.sorbs.net=127.0.0.7*4 bl.spamcop.net=127.0.0.2*4 bl.spameatingmonkey.net=127.0.0.[2;3]*4 dnsrbl.swinog.ch=127.0.0.3*4 ix.dnsbl.manitu.net=127.0.0.2*4 psbl.surriel.com=127.0.0.2*4 bl.mailspike.net=127.0.0.[10;11;12]*4 bl.mailspike.net=127.0.0.2*4 zen.spamhaus.org=127.0.0.2*3 bl.spamcannibal.org=127.0.0.2*3 dnsbl-1.uceprotect.net=127.0.0.2*2 dnsbl.sorbs.net=127.0.0.6*3 dnsbl.sorbs.net=127.0.0.9*2 dnsbl.sorbs.net=127.0.0.8*2 score.senderscore.com=127.0.4.[0..29]*2 hostkarma.junkemailfilter.com=127.0.0.4*2 all.spamrats.com=127.0.0.38*2 bl.nszones.com=127.0.0.[2;3]*1 dnsbl-2.uceprotect.net=127.0.0.2*1 dnsbl.sorbs.net=127.0.0.2*1 dnsbl.sorbs.net=127.0.0.4*1 score.senderscore.com=127.0.4.[30..69]*1 dnsbl.sorbs.net=127.0.0.3*1 hostkarma.junkemailfilter.com=127.0.1.2*1 dnsbl.sorbs.net=127.0.0.15*1 ips.backscatterer.org=127.0.0.2*1 bl.nszones.com=127.0.0.5*-1 wl.mailspike.net=127.0.0.[18;19;20]*-2 hostkarma.junkemailfilter.com=127.0.0.1*-2 ips.whitelisted.org=127.0.0.2*-2 safe.dnsbl.sorbs.net=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].0*-2 dnswl.inps.de=127.0.[0;1].[2..10]*-2 list.dnswl.org=127.0.[0..255].1*-3 list.dnswl.org=127.0.[0..255].2*-4 list.dnswl.org=127.0.[0..255].3*-5 The above list is from years of adjustment and tuning to be just right for my environment. Each SA environment is a little different based on your location and recipients. Blocking outright on a single RBL hit is pretty risky so the weighting above makes it an aggregate score of many RBLs for better accuracy. If you turn up the sensitivity on your RBLs to block using the list above, then you have to whitelist major mail providers. Use postwhite on github to generate the postscreen_spf_whitelist.cidr daily. postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_spf_whitelist.cidr, cidr:/etc/postfix/postscreen_yahoo_whitelist.cidr, cidr:/etc/postfix/postscreen_access.cidr Yahoo doesn't publish a standard SPF record that can be parsed down to IP blocks so the postscreen_yahoo_whitelist.cidr is built from this command: elinks -dump https://help.yahoo.com/kb/SLN23997.html | grep -E '([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?' | awk '{print $1, "\t permit"}' > /etc/postfix/postscreen_yahoo_whitelist.cidr 2>&1 I add a few more custom hosts (SPF domains) to my /etc/postwhite.conf: # CUSTOM HOSTS # Enter custom hosts separated by a space, ex: "example.com example2.com example3.com" custom_hosts="comcast.net rr.com bluehost.com mxlogic.net messagelabs.com messagegears.net swiftwavenetwork.com authsmtp.com eventbrite.com trendmicro.com spf.mandrillapp.com amazonses.com radware.com zarca-inc.com embarqmail.com mailer.surveygizmo.com spf.ess.barracudanetworks.com" I filter for about 40K mailboxes with the configuration above along with greylisting and a high MX that tempfails everything. Postscreen blocks > 95% of the junk so SpamAssassin only has to handle a small percentage of spam based on content. Hope this helps, Dave On Wed, Apr 26, 2017 at 12:48 AM, Martin Hepworth wrote: > Also graylisting on the inbound connection > > Along with postfix doing unknown recipient rejection > > Martin > > On Tue, 25 Apr 2017 at 18:47, Michael Huntley wrote: > >> True. I only trust the three rbls I use - I do realize spamcop may hit >> on a false positive from time-to-time. >> >> I wonder - >> >> Danita what are your various smtp/helo/client restrictions within postfix? >> Cheers, >> >> mph >> >> On 2017-04-25 10:38, Peter H. Lemieux wrote: >> >> I don't enforce RBLs at the SMTP level for fear of false positives. I >> let SpamAssassin consult the RBLs instead and score them accordingly, That >> does mean such messages will need to be handled by MailScanner and not >> blocked at the doorstep though. >> >> Peter >> >> >> On 04/25/2017 01:33 PM, Michael Huntley wrote: >> >> Danita - >> >> In postscreen do you have any rbls? >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> -- > -- > Martin Hepworth, CISSP > Oxford, UK > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dwhile at while.org.uk Wed Apr 26 16:38:52 2017 From: dwhile at while.org.uk (David While) Date: Wed, 26 Apr 2017 17:38:52 +0100 Subject: Race condition on restart Message-ID: <73744da7-429d-aa64-dfc8-e9c0dcf62528@while.org.uk> There is a bug in MailScanner which leads to a race condition. The init script which starts/stops & restarts MailScanner removes the PID file when MailScanner is stopped. Unfortunately when MailScanner is issued with a SIGTERM (when issuing a restart or stop) then it also removes the PID file (line 1419 in MailScanner). What is happening is that the init script issues the kill and then continues. This doesn't kill MailScanner but simply sends the signal. MailScanner does some processing before dying. Consequently there is now a race as to who will remove the PID file. The worst case is that it is removed after MailScanner has been restarted. This leads to the hourly ms-check constantly restarting MailScanner. I fixed this in the init script by: 1. Removing the following lines from do_stop # remove pid file if [ -f $PIDFILE ] ; then rm -f $PIDFILE fi 2. Moving the following lines from restart to do_stop where the above lines were removed s='-\|/'; x=0 i=0 while [ "$x" -lt 300 -a -f $PIDFILE ]; do x=$((x+1)); i=$(( (i+1) %4 )); printf "\r${s:$i:1}"; sleep .1; done What this does is wait for MailScanner to die and remove the PID file before continuing. I don't think this is a permament fix as there ought to be a check that it has not timed out before continuing. David While From sales at edenusa.com Fri Apr 28 04:54:37 2017 From: sales at edenusa.com (Paul Scott) Date: Fri, 28 Apr 2017 04:54:37 +0000 Subject: Race condition on restart In-Reply-To: <73744da7-429d-aa64-dfc8-e9c0dcf62528@while.org.uk> References: <73744da7-429d-aa64-dfc8-e9c0dcf62528@while.org.uk> Message-ID: This is exactly what I thought. Every time I restarted MailScanner, it caused this problem and the system had to be restarted. Sincerely, Paul Scott, Engineer Eden USA, Incorporated Event Production Services Since 1995 Los Angeles-Las Vegas-New York sales at edenusa.com?OR?edenusasales at gmail.com Telephone(s): 866.501.3336 OR 951.505.6967 Fax: 866.502.3336? WEBSITE: https://www.edenusa.com FACEBOOK: http://www.facebook.com/edenusainc -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of David While Sent: Wednesday, April 26, 2017 9:39 AM To: mailscanner at lists.mailscanner.info Subject: Race condition on restart There is a bug in MailScanner which leads to a race condition. The init script which starts/stops & restarts MailScanner removes the PID file when MailScanner is stopped. Unfortunately when MailScanner is issued with a SIGTERM (when issuing a restart or stop) then it also removes the PID file (line 1419 in MailScanner). What is happening is that the init script issues the kill and then continues. This doesn't kill MailScanner but simply sends the signal. MailScanner does some processing before dying. Consequently there is now a race as to who will remove the PID file. The worst case is that it is removed after MailScanner has been restarted. This leads to the hourly ms-check constantly restarting MailScanner. I fixed this in the init script by: 1. Removing the following lines from do_stop # remove pid file if [ -f $PIDFILE ] ; then rm -f $PIDFILE fi 2. Moving the following lines from restart to do_stop where the above lines were removed s='-\|/'; x=0 i=0 while [ "$x" -lt 300 -a -f $PIDFILE ]; do x=$((x+1)); i=$(( (i+1) %4 )); printf "\r${s:$i:1}"; sleep .1; done What this does is wait for MailScanner to die and remove the PID file before continuing. I don't think this is a permament fix as there ought to be a check that it has not timed out before continuing. David While -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From jerry.benton at mailborder.com Fri Apr 28 04:57:18 2017 From: jerry.benton at mailborder.com (Jerry Benton) Date: Fri, 28 Apr 2017 00:57:18 -0400 Subject: Race condition on restart In-Reply-To: References: <73744da7-429d-aa64-dfc8-e9c0dcf62528@while.org.uk> Message-ID: If someone will create a pull request on GitHub I will implement it. - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Apr 28, 2017, at 12:54 AM, Paul Scott wrote: > > This is exactly what I thought. Every time I restarted MailScanner, it caused this problem and the system had to be restarted. > > Sincerely, > > Paul Scott, Engineer > Eden USA, Incorporated > Event Production Services Since 1995 > Los Angeles-Las Vegas-New York > sales at edenusa.com OR edenusasales at gmail.com > Telephone(s): 866.501.3336 OR 951.505.6967 > Fax: 866.502.3336 > > WEBSITE: https://www.edenusa.com > FACEBOOK: http://www.facebook.com/edenusainc > > -----Original Message----- > From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of David While > Sent: Wednesday, April 26, 2017 9:39 AM > To: mailscanner at lists.mailscanner.info > Subject: Race condition on restart > > There is a bug in MailScanner which leads to a race condition. > > The init script which starts/stops & restarts MailScanner removes the PID file when MailScanner is stopped. > > Unfortunately when MailScanner is issued with a SIGTERM (when issuing a restart or stop) then it also removes the PID file (line 1419 in MailScanner). > > What is happening is that the init script issues the kill and then continues. This doesn't kill MailScanner but simply sends the signal. > MailScanner does some processing before dying. Consequently there is now a race as to who will remove the PID file. The worst case is that it is removed after MailScanner has been restarted. This leads to the hourly ms-check constantly restarting MailScanner. > > I fixed this in the init script by: > > 1. Removing the following lines from do_stop > > # remove pid file > if [ -f $PIDFILE ] ; then > rm -f $PIDFILE > fi > > 2. Moving the following lines from restart to do_stop where the above lines were removed > > s='-\|/'; > x=0 > i=0 > while [ "$x" -lt 300 -a -f $PIDFILE ]; do > x=$((x+1)); > i=$(( (i+1) %4 )); > printf "\r${s:$i:1}"; > sleep .1; > done > > What this does is wait for MailScanner to die and remove the PID file before continuing. > > I don't think this is a permament fix as there ought to be a check that it has not timed out before continuing. > > David While > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dwhile at while.org.uk Fri Apr 28 08:53:59 2017 From: dwhile at while.org.uk (David While) Date: Fri, 28 Apr 2017 09:53:59 +0100 Subject: Race condition on restart In-Reply-To: References: <73744da7-429d-aa64-dfc8-e9c0dcf62528@while.org.uk>

Message-ID: <2d4fcdc7-b6e3-7846-4235-206d04c6a4df@while.org.uk> Done On 28/04/2017 05:57, Jerry Benton wrote: > If someone will create a pull request on GitHub I will implement it. > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > >> On Apr 28, 2017, at 12:54 AM, Paul Scott > > wrote: >> >> This is exactly what I thought. Every time I restarted MailScanner, >> it caused this problem and the system had to be restarted. >> >> Sincerely, >> >> Paul Scott, Engineer >> Eden USA, Incorporated >> Event Production Services Since 1995 >> Los Angeles-Las Vegas-New York >> sales at edenusa.com OR >> edenusasales at gmail.com >> Telephone(s): 866.501.3336 OR 951.505.6967 >> Fax: 866.502.3336 >> >> WEBSITE: https://www.edenusa.com >> FACEBOOK: http://www.facebook.com/edenusainc >> >> -----Original Message----- >> From: MailScanner >> [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] >> On Behalf Of David While >> Sent: Wednesday, April 26, 2017 9:39 AM >> To: mailscanner at lists.mailscanner.info >> >> Subject: Race condition on restart >> >> There is a bug in MailScanner which leads to a race condition. >> >> The init script which starts/stops & restarts MailScanner removes the >> PID file when MailScanner is stopped. >> >> Unfortunately when MailScanner is issued with a SIGTERM (when issuing >> a restart or stop) then it also removes the PID file (line 1419 in >> MailScanner). >> >> What is happening is that the init script issues the kill and then >> continues. This doesn't kill MailScanner but simply sends the signal. >> MailScanner does some processing before dying. Consequently there is >> now a race as to who will remove the PID file. The worst case is that >> it is removed after MailScanner has been restarted. This leads to the >> hourly ms-check constantly restarting MailScanner. >> >> I fixed this in the init script by: >> >> 1. Removing the following lines from do_stop >> >> # remove pid file >> if [ -f $PIDFILE ] ; then >> rm -f $PIDFILE >> fi >> >> 2. Moving the following lines from restart to do_stop where the above >> lines were removed >> >> s='-\|/'; >> x=0 >> i=0 >> while [ "$x" -lt 300 -a -f $PIDFILE ]; do >> x=$((x+1)); >> i=$(( (i+1) %4 )); >> printf "\r${s:$i:1}"; >> sleep .1; >> done >> >> What this does is wait for MailScanner to die and remove the PID file >> before continuing. >> >> I don't think this is a permament fix as there ought to be a check >> that it has not timed out before continuing. >> >> David While >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: