From mark at msapiro.net Wed Feb 1 01:22:36 2017 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 31 Jan 2017 17:22:36 -0800 Subject: Ruleset syntax In-Reply-To: References:

Message-ID: <4db15dbc-bd83-f14d-e242-d3ab09b9e3a6@msapiro.net> On 01/31/2017 02:37 AM, Marcelo Machado wrote: > It seems MailScanner is not reading the ruleset file from these parameters. > I did the test below and did not blocked the attachment > > Deny Filenames =%rules.dir%/deny.filenames.rules (MailScanenr.conf) > > From: *@netsol.com.br \.jpg$ (deny.filenames.rules) It's also not working for me in a test environment, even with a pattern like .*$ which should match anything. It works with patterns set as the Deny Filenames value, e.g. Deny Filenames = \.jpg$ but of course that's not what you want. I don't know why it isn't working with rule sets. I'm investigating. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Wed Feb 1 05:12:06 2017 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 31 Jan 2017 21:12:06 -0800 Subject: Ruleset syntax In-Reply-To: <4db15dbc-bd83-f14d-e242-d3ab09b9e3a6@msapiro.net> References:

<4db15dbc-bd83-f14d-e242-d3ab09b9e3a6@msapiro.net> Message-ID: On 01/31/2017 05:22 PM, Mark Sapiro wrote: > On 01/31/2017 02:37 AM, Marcelo Machado wrote: >> It seems MailScanner is not reading the ruleset file from these parameters. >> I did the test below and did not blocked the attachment >> >> Deny Filenames =%rules.dir%/deny.filenames.rules (MailScanenr.conf) >> >> From: *@netsol.com.br \.jpg$ (deny.filenames.rules) > > > It's also not working for me in a test environment, ... Actually, it's working fine. Try Deny Filenames = %rules-dir%/deny.filenames.rules i.e. $rules-dir%, not %rules.dir%. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From ok at addix.net Wed Feb 1 15:34:16 2017 From: ok at addix.net (Oliver Kutscher) Date: Wed, 1 Feb 2017 16:34:16 +0100 Subject: "Allow Script Tags" affects attachments? Message-ID: Hi, I wonder if "Allow Script Tags" is also affecting attachments? So if a HTML containing "" is attached will the email be dropped if "Allow Script Tags" is set to "no"? -- MrLINK From jerry.benton at mailborder.com Wed Feb 1 20:16:51 2017 From: jerry.benton at mailborder.com (Jerry Benton) Date: Wed, 1 Feb 2017 15:16:51 -0500 Subject: "Allow Script Tags" affects attachments? In-Reply-To: References: Message-ID: There should NEVER be scripts tags in email. This is not how images are inserted. - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Feb 1, 2017, at 10:34 AM, Oliver Kutscher wrote: > > Hi, > > I wonder if "Allow Script Tags" is also affecting attachments? So if a HTML containing "" is attached will the email be dropped if "Allow Script Tags" is set to "no"? > > -- > MrLINK > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ok at addix.net Wed Feb 1 20:27:49 2017 From: ok at addix.net (Oliver Kutscher) Date: Wed, 1 Feb 2017 21:27:49 +0100 Subject: "Allow Script Tags" affects attachments? In-Reply-To: References:

Message-ID: <5aa75b92-f6af-f4b7-c0af-49771b053832@addix.net> Thats right. Actually it is a cutomers mail server who wants be to ban script tags. I just ask myself if attachments are also affected. Right now I don't have a test server. -- MrLINK Am 01.02.2017 um 21:16 schrieb Jerry Benton: > There should NEVER be scripts tags in email. This is not how images are > inserted. > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > >> On Feb 1, 2017, at 10:34 AM, Oliver Kutscher > > wrote: >> >> Hi, >> >> I wonder if "Allow Script Tags" is also affecting attachments? So if a >> HTML containing "" is attached will the email be >> dropped if "Allow Script Tags" is set to "no"? >> >> -- >> MrLINK >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > > > > > From Antony.Stone at mailscanner.open.source.it Wed Feb 1 20:29:41 2017 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Wed, 1 Feb 2017 21:29:41 +0100 Subject: "Allow Script Tags" affects attachments? In-Reply-To: References:

Message-ID: <201702012129.41416.Antony.Stone@mailscanner.open.source.it> On Wednesday 01 February 2017 at 21:16:51, Jerry Benton wrote: > There should NEVER be scripts tags in email. This is not how images are > inserted. Surely the question was about script tags in HTML attachments to (plain text or HTML) emails, nothing to do with images...? Antony > > On Feb 1, 2017, at 10:34 AM, Oliver Kutscher wrote: > > > > Hi, > > > > I wonder if "Allow Script Tags" is also affecting attachments? So if a > > HTML containing "" is attached will the email be > > dropped if "Allow Script Tags" is set to "no"? > > > > -- > > MrLINK -- I don't know, maybe if we all waited then cosmic rays would write all our software for us. Of course it might take a while. - Ron Minnich, Los Alamos National Laboratory Please reply to the list; please *don't* CC me. From jerry.benton at mailborder.com Wed Feb 1 20:31:30 2017 From: jerry.benton at mailborder.com (Jerry Benton) Date: Wed, 1 Feb 2017 15:31:30 -0500 Subject: "Allow Script Tags" affects attachments? In-Reply-To: <201702012129.41416.Antony.Stone@mailscanner.open.source.it> References:

<201702012129.41416.Antony.Stone@mailscanner.open.source.it> Message-ID: <5FBC86D5-8B63-42FE-82A6-514B1A96B0A6@mailborder.com> Ok, attachments. The should NEVER be script tags in email. This is not how attachments are done. - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Feb 1, 2017, at 3:29 PM, Antony Stone wrote: > > On Wednesday 01 February 2017 at 21:16:51, Jerry Benton wrote: > >> There should NEVER be scripts tags in email. This is not how images are >> inserted. > > Surely the question was about script tags in HTML attachments to (plain text > or HTML) emails, nothing to do with images...? > > > Antony > >>> On Feb 1, 2017, at 10:34 AM, Oliver Kutscher wrote: >>> >>> Hi, >>> >>> I wonder if "Allow Script Tags" is also affecting attachments? So if a >>> HTML containing "" is attached will the email be >>> dropped if "Allow Script Tags" is set to "no"? >>> >>> -- >>> MrLINK > > -- > I don't know, maybe if we all waited then cosmic rays would write all our > software for us. Of course it might take a while. > > - Ron Minnich, Los Alamos National Laboratory > > Please reply to the list; > please *don't* CC me. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Antony.Stone at mailscanner.open.source.it Wed Feb 1 20:35:56 2017 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Wed, 1 Feb 2017 21:35:56 +0100 Subject: "Allow Script Tags" affects attachments? In-Reply-To: <5FBC86D5-8B63-42FE-82A6-514B1A96B0A6@mailborder.com> References: <201702012129.41416.Antony.Stone@mailscanner.open.source.it> <5FBC86D5-8B63-42FE-82A6-514B1A96B0A6@mailborder.com> Message-ID: <201702012135.56496.Antony.Stone@mailscanner.open.source.it> On Wednesday 01 February 2017 at 21:31:30, Jerry Benton wrote: > Ok, attachments. > > The should NEVER be script tags in email. This is not how attachments are > done. Sorry, am I misunderstanding? What's to stop me writing an HTML page, containing " is attached will the email be > >>> dropped if "Allow Script Tags" is set to "no"? > >>> > >>> -- > >>> MrLINK -- +++ Divide By Cucumber Error. Please Reinstall Universe And Reboot +++ Please reply to the list; please *don't* CC me. From ok at addix.net Wed Feb 1 20:40:57 2017 From: ok at addix.net (Oliver Kutscher) Date: Wed, 1 Feb 2017 21:40:57 +0100 Subject: "Allow Script Tags" affects attachments? In-Reply-To: <5FBC86D5-8B63-42FE-82A6-514B1A96B0A6@mailborder.com> References:

<201702012129.41416.Antony.Stone@mailscanner.open.source.it> <5FBC86D5-8B63-42FE-82A6-514B1A96B0A6@mailborder.com> Message-ID: I'm not asking for what tags should or should not be in email. I'm asking if "Allow Script Tags" will affect attachments. So if I attach 3 html files to the emal where one of them contains one or more script tags, will MailScanner drop the email if "Allow Script Tags" is set to "no"? -- MrLINK Am 01.02.2017 um 21:31 schrieb Jerry Benton: > Ok, attachments. > > The should NEVER be script tags in email. This is not how attachments > are done. > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > >> On Feb 1, 2017, at 3:29 PM, Antony Stone >> > > wrote: >> >> On Wednesday 01 February 2017 at 21:16:51, Jerry Benton wrote: >> >>> There should NEVER be scripts tags in email. This is not how images are >>> inserted. >> >> Surely the question was about script tags in HTML attachments to >> (plain text >> or HTML) emails, nothing to do with images...? >> >> >> Antony >> >>>> On Feb 1, 2017, at 10:34 AM, Oliver Kutscher >>> > wrote: >>>> >>>> Hi, >>>> >>>> I wonder if "Allow Script Tags" is also affecting attachments? So if a >>>> HTML containing "" is attached will the email be >>>> dropped if "Allow Script Tags" is set to "no"? >>>> >>>> -- >>>> MrLINK >> >> -- >> I don't know, maybe if we all waited then cosmic rays would write all our >> software for us. Of course it might take a while. >> >> - Ron Minnich, Los Alamos National Laboratory >> >> Please reply to the >> list; >> please *don't* >> CC me. >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > > > > > From mailscanner at replies.cyways.com Wed Feb 1 20:45:44 2017 From: mailscanner at replies.cyways.com (Peter H. Lemieux) Date: Wed, 1 Feb 2017 15:45:44 -0500 Subject: "Allow Script Tags" affects attachments? In-Reply-To: <201702012135.56496.Antony.Stone@mailscanner.open.source.it> References: <201702012129.41416.Antony.Stone@mailscanner.open.source.it> <5FBC86D5-8B63-42FE-82A6-514B1A96B0A6@mailborder.com> <201702012135.56496.Antony.Stone@mailscanner.open.source.it> Message-ID: <578a443a-e689-f0e7-b402-589f1b693b4b@replies.cyways.com> To me, script tags are inherently dangerous and should always be blocked. Sure you can construct a "legitimate" HTML page with embedded scripts, but I doubt most messages with scripts are legitimate. What about ones that announce that you opened a message, despite your having blocked such notifications? Or ones that are designed for advertising and tracking purposes? Or worse, what about ones that download malware from remote servers and run it locally? I can think of lots of reasons why I don't want scripts in any email I receive. I have a hard time thinking of any examples where they would enhance my email experience. Peter On 02/01/2017 03:35 PM, Antony Stone wrote: > On Wednesday 01 February 2017 at 21:31:30, Jerry Benton wrote: > >> Ok, attachments. >> >> The should NEVER be script tags in email. This is not how attachments are >> done. > > Sorry, am I misunderstanding? > > What's to stop me writing an HTML page, containing " is attached will the email be >>>>> dropped if "Allow Script Tags" is set to "no"? >>>>> >>>>> -- >>>>> MrLINK > From mark at msapiro.net Thu Feb 2 01:29:50 2017 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 1 Feb 2017 17:29:50 -0800 Subject: "Allow Script Tags" affects attachments? In-Reply-To: References:

<201702012129.41416.Antony.Stone@mailscanner.open.source.it> <5FBC86D5-8B63-42FE-82A6-514B1A96B0A6@mailborder.com> Message-ID: <7413fc7a-57e0-ebb8-9aea-af4fb696c2c4@msapiro.net> On 02/01/2017 12:40 PM, Oliver Kutscher wrote: > I'm not asking for what tags should or should not be in email. I'm > asking if "Allow Script Tags" will affect attachments. Yes. > So if I attach 3 > html files to the emal where one of them contains one or more script > tags, will MailScanner drop the email if "Allow Script Tags" is set to > "no"? No. That's not what MailScanner does. What it will do is replace the one text/html part that contains the script tags with the appropriate Attachment-Warning.txt message. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From ok at addix.net Thu Feb 2 08:15:23 2017 From: ok at addix.net (Oliver Kutscher) Date: Thu, 2 Feb 2017 09:15:23 +0100 Subject: "Allow Script Tags" affects attachments? In-Reply-To: <7413fc7a-57e0-ebb8-9aea-af4fb696c2c4@msapiro.net> References:

<201702012129.41416.Antony.Stone@mailscanner.open.source.it> <5FBC86D5-8B63-42FE-82A6-514B1A96B0A6@mailborder.com> <7413fc7a-57e0-ebb8-9aea-af4fb696c2c4@msapiro.net> Message-ID: Hi, thanks for that answer. So MailScanner will detect script tags whether they are in the message itself or found within one or more attachment. -- MrLINK Am 02.02.2017 um 02:29 schrieb Mark Sapiro: > On 02/01/2017 12:40 PM, Oliver Kutscher wrote: >> I'm not asking for what tags should or should not be in email. I'm >> asking if "Allow Script Tags" will affect attachments. > > > Yes. > >> So if I attach 3 >> html files to the emal where one of them contains one or more script >> tags, will MailScanner drop the email if "Allow Script Tags" is set to >> "no"? > > > No. That's not what MailScanner does. What it will do is replace the one > text/html part that contains the script tags with the appropriate > Attachment-Warning.txt message. > From glenn.steen at gmail.com Thu Feb 2 16:12:59 2017 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu, 2 Feb 2017 17:12:59 +0100 Subject: "Allow Script Tags" affects attachments? In-Reply-To: References:

<201702012129.41416.Antony.Stone@mailscanner.open.source.it> <5FBC86D5-8B63-42FE-82A6-514B1A96B0A6@mailborder.com> <7413fc7a-57e0-ebb8-9aea-af4fb696c2c4@msapiro.net> Message-ID: Lets be clear about one thing... "HTML e-mail" is by definition a misnomer, referring to messages with at least one HTML representation of the message as a MIME attachment. IOW no different to the third HTML file attached similarily. There should also be a plain text attachment, but at least some MUAs will ignore that standard stipulation. But in essence, there is no difference if they are "in the message [body, presumably]" or "attached as separate files". Cheers! -- -- Glenn 2017-02-02 9:15 GMT+01:00 Oliver Kutscher : > Hi, > > thanks for that answer. So MailScanner will detect script tags whether > they are in the message itself or found within one or more attachment. > > -- > MrLINK > > Am 02.02.2017 um 02:29 schrieb Mark Sapiro: > >> On 02/01/2017 12:40 PM, Oliver Kutscher wrote: >> >>> I'm not asking for what tags should or should not be in email. I'm >>> asking if "Allow Script Tags" will affect attachments. >>> >> >> >> Yes. >> >> So if I attach 3 >>> html files to the emal where one of them contains one or more script >>> tags, will MailScanner drop the email if "Allow Script Tags" is set to >>> "no"? >>> >> >> >> No. That's not what MailScanner does. What it will do is replace the one >> text/html part that contains the script tags with the appropriate >> Attachment-Warning.txt message. >> >> > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Thu Feb 2 16:32:39 2017 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 2 Feb 2017 08:32:39 -0800 Subject: "Allow Script Tags" affects attachments? In-Reply-To: References:

<201702012129.41416.Antony.Stone@mailscanner.open.source.it> <5FBC86D5-8B63-42FE-82A6-514B1A96B0A6@mailborder.com> <7413fc7a-57e0-ebb8-9aea-af4fb696c2c4@msapiro.net> Message-ID: <21b9884c-b665-dc71-9891-ed23ef31f4c8@msapiro.net> On 02/02/2017 12:15 AM, Oliver Kutscher wrote: > Hi, > > thanks for that answer. So MailScanner will detect script tags whether > they are in the message itself or found within one or more attachment. Yes, notwithstanding the fact that in a MIME multipart message, there is often no clear understanding of which MIME parts are the 'message itself' vs. an 'attachment'. MailScanner looks at each MIME part individually without regard to what some MUA or person thinks is the message or an attachment, and if it is a text/html part and contains script tags, deals with that part according to the applicable Allow Script Tags value. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From ok at addix.net Fri Feb 3 08:57:41 2017 From: ok at addix.net (Oliver Kutscher) Date: Fri, 3 Feb 2017 09:57:41 +0100 Subject: "Allow Script Tags" affects attachments? In-Reply-To: <21b9884c-b665-dc71-9891-ed23ef31f4c8@msapiro.net> References:

<201702012129.41416.Antony.Stone@mailscanner.open.source.it> <5FBC86D5-8B63-42FE-82A6-514B1A96B0A6@mailborder.com> <7413fc7a-57e0-ebb8-9aea-af4fb696c2c4@msapiro.net> <21b9884c-b665-dc71-9891-ed23ef31f4c8@msapiro.net> Message-ID: Thanks. -- MrLINK Am 02.02.2017 um 17:32 schrieb Mark Sapiro: > On 02/02/2017 12:15 AM, Oliver Kutscher wrote: >> Hi, >> >> thanks for that answer. So MailScanner will detect script tags whether >> they are in the message itself or found within one or more attachment. > > > Yes, notwithstanding the fact that in a MIME multipart message, there is > often no clear understanding of which MIME parts are the 'message > itself' vs. an 'attachment'. > > MailScanner looks at each MIME part individually without regard to what > some MUA or person thinks is the message or an attachment, and if it is > a text/html part and contains script tags, deals with that part > according to the applicable Allow Script Tags value. > From sales at edenusa.com Mon Feb 6 00:06:58 2017 From: sales at edenusa.com (Paul Scott) Date: Mon, 6 Feb 2017 00:06:58 +0000 Subject: "Allow Script Tags" affects attachments? In-Reply-To: References:

<201702012129.41416.Antony.Stone@mailscanner.open.source.it> <5FBC86D5-8B63-42FE-82A6-514B1A96B0A6@mailborder.com> <7413fc7a-57e0-ebb8-9aea-af4fb696c2c4@msapiro.net> <21b9884c-b665-dc71-9891-ed23ef31f4c8@msapiro.net> Message-ID: In the MAILSCANNER.CONF file, I find this statement: # In the "Filename Rules" and "Filetype Rules" rule files, you can # say that you want particular attachment names or types to be "disarmed" # by being renamed. See the sample files for examples of this. First, I do not know where these "sample files" are. I have searched for them, but cannot find them. I am having issues with allowing my users the ability to attach .PDF and .DOC and other types of files, and either send or receive them. This issue only started after the upgrade to the 5.0 version. Does someone have a clear explanation on how to go ahead and allow users to send/receive emails with .PDFs and .DOC (Word) files (just to start with)? I may also need to allow users to send/receive images and other file types. Your assistance is greatly appreciated! Thank you very much! Sincerely, Paul Scott Engineer, Eden USA Las Vegas, New York, Los Angeles Phone: 866.501.3336 Fax: 866.502.3336 FACEBOOK: http://www.facebook.com/edenusainc -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Oliver Kutscher Sent: Friday, February 03, 2017 12:58 AM To: mailscanner at lists.mailscanner.info Subject: Re: "Allow Script Tags" affects attachments? Thanks. -- MrLINK Am 02.02.2017 um 17:32 schrieb Mark Sapiro: > On 02/02/2017 12:15 AM, Oliver Kutscher wrote: >> Hi, >> >> thanks for that answer. So MailScanner will detect script tags >> whether they are in the message itself or found within one or more attachment. > > > Yes, notwithstanding the fact that in a MIME multipart message, there > is often no clear understanding of which MIME parts are the 'message > itself' vs. an 'attachment'. > > MailScanner looks at each MIME part individually without regard to > what some MUA or person thinks is the message or an attachment, and if > it is a text/html part and contains script tags, deals with that part > according to the applicable Allow Script Tags value. > -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From mark at msapiro.net Mon Feb 6 00:34:40 2017 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 5 Feb 2017 16:34:40 -0800 Subject: File(name|type) rules - was hijacked: "Allow Script Tags" affects attachments? In-Reply-To: References:

<201702012129.41416.Antony.Stone@mailscanner.open.source.it> <5FBC86D5-8B63-42FE-82A6-514B1A96B0A6@mailborder.com> <7413fc7a-57e0-ebb8-9aea-af4fb696c2c4@msapiro.net> <21b9884c-b665-dc71-9891-ed23ef31f4c8@msapiro.net> <3e0710e8-c05e-8fef-8c83-ed76866dda7e@msapiro.net> Message-ID: <1d7f148c-4d1b-4438-9cb3-226c4dc5740e@msapiro.net> On 02/06/2017 12:20 PM, Paul Scott wrote: > Hello Mark, and thank you so much for your quick reply! > ... > As you'll see in the return message above, it is confusing, because there are two different issues being reported. > > One of the issues is as follows: > > The original e-mail attachment "the entire message" > was believed to be dangerous and/or infected by a virus and has been > replaced by this warning message. > > > The OTHER issue is as follows: > > At Mon Jan 9 14:51:21 2017 the scanner said: > Too many attachments in message > > > So, which is the true issue, and how to get this fixed, is the question. Thank you very much! Normally they would both be correct. MailScanner reporting that the configured virus scanner reported a problem and the virus scanner reporting the problem as "Too many attachments in message" There is a thread on this (involving you and me) in the archives starting at . Much of it is noise, but my reply at indicates that this situation is triggered by MailScanner's Maximum Attachments Per Message setting being exceeded. I haven't looked at this further since last November, but if that doesn't seem to be the issue, let me know and I'll check further. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From diederik at webrelated.nl Tue Feb 7 15:05:46 2017 From: diederik at webrelated.nl (diederik at webrelated.nl) Date: Tue, 7 Feb 2017 15:05:46 +0000 (UTC) Subject: Inconsistent SpamAssassin report In-Reply-To: 92A5BDFE-7EDF-41F8-813F-ACDD6F0F38F4@mailborder.com References: <6BC08B22-C0E3-4A67-B947-58EDDEC6CAFE@webrelated.nl> <92A5BDFE-7EDF-41F8-813F-ACDD6F0F38F4@mailborder.com> Message-ID: <20170207150546.608A2FA544@beta.mail.webrelated.nl> Dear Jerry, I have not changed the default setting for the max spamassassin size. It's at 200k. Best regards, Diederik > Does the size of the email exceed your setting for Max spamassassin Size ? > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 -- Diederik van den Burger From diederik at webrelated.nl Tue Feb 7 15:46:57 2017 From: diederik at webrelated.nl (diederik at webrelated.nl) Date: Tue, 7 Feb 2017 15:46:57 +0000 (UTC) Subject: Inconsistent SpamAssassin report In-Reply-To: References: <6BC08B22-C0E3-4A67-B947-58EDDEC6CAFE@webrelated.nl> Message-ID: <20170207154657.EABB2FA54F@beta.mail.webrelated.nl> Dear Shawn, Indeed, running that command produces another set of results, so now I have three different SA reports on the same email. Interesting to note is the following things: 1. This command throws me the following warning: Feb 7 15:39:27.217 [3250] warn: config: path "/root/.spamassassin" is inaccessible: Permission denied Feb 7 15:39:27.218 [3250] warn: config: path "/root/.spamassassin/user_prefs" is inaccessible: Permission denied Feb 7 15:39:27.218 [3250] warn: config: default user preference file /root/.spamassassin/user_prefs not accessible: Permission denied 2. In found out that whenever I run MailScanner --lint in the /root directory, I get an error saying that SpamAssassin is not installed. 3. Similar to the previous point, whenever I run the command you proposed in the /root folder, I get the following errors: Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/SpamCop.pm: lib/Mail/SpamAssassin/Plugin/SpamCop.pm: Permission denied at (eval 35) line 1. Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm: lib/Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm: Permission denied at (eval 36) line 1. Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/WhiteListSubject.pm: lib/Mail/SpamAssassin/Plugin/WhiteListSubject.pm: Permission denied at (eval 37) line 1. Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/MIMEHeader.pm: lib/Mail/SpamAssassin/Plugin/MIMEHeader.pm: Permission denied at (eval 38) line 1. This continues for another 20 lines or so. I do not know whether point two and three are related to my initial problem, but I thought it was worth mentioning. Thanks in advance, Diederik > Diederik, > > Does this also produce yet a different set of results? > > sudo su - postfix -c "spamassassin -t -d < path/to/spamemail" From jerry.benton at mailborder.com Tue Feb 7 17:38:43 2017 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 7 Feb 2017 12:38:43 -0500 Subject: Inconsistent SpamAssassin report In-Reply-To: <20170207150546.608A2FA544@beta.mail.webrelated.nl> References: <6BC08B22-C0E3-4A67-B947-58EDDEC6CAFE@webrelated.nl> <92A5BDFE-7EDF-41F8-813F-ACDD6F0F38F4@mailborder.com> <20170207150546.608A2FA544@beta.mail.webrelated.nl> Message-ID: <5EC15346-DC7F-4DC0-BC3F-2F931FDC08E8@mailborder.com> Was the message that was clean bigger than 200k? If so, it was not scanned. - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Feb 7, 2017, at 10:05 AM, diederik at webrelated.nl wrote: > > Dear Jerry, > > I have not changed the default setting for the max spamassassin size. It's at 200k. > > Best regards, > Diederik > > >> Does the size of the email exceed your setting for Max spamassassin Size ? >> >> - >> Jerry Benton >> www.mailborder.com >> +1 - 844-436-6245 > > -- > Diederik van den Burger > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From diederik at webrelated.nl Tue Feb 7 17:45:32 2017 From: diederik at webrelated.nl (Diederik van den Burger) Date: Tue, 7 Feb 2017 18:45:32 +0100 Subject: Inconsistent SpamAssassin report In-Reply-To: <5EC15346-DC7F-4DC0-BC3F-2F931FDC08E8@mailborder.com> References: <6BC08B22-C0E3-4A67-B947-58EDDEC6CAFE@webrelated.nl> <92A5BDFE-7EDF-41F8-813F-ACDD6F0F38F4@mailborder.com> <20170207150546.608A2FA544@beta.mail.webrelated.nl> <5EC15346-DC7F-4DC0-BC3F-2F931FDC08E8@mailborder.com> Message-ID: The message was just 2.19kB, so I don't believe that's the problem. Regardless, MailWatch does say it was scanned, it's just that the score is different (and lower than I would expect) compared to when I run Spamassassin on the email manually. Best regards, Diederik > On 07 Feb 2017, at 18:38, Jerry Benton wrote: > > Was the message that was clean bigger than 200k? If so, it was not scanned. > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > >> On Feb 7, 2017, at 10:05 AM, diederik at webrelated.nl wrote: >> >> Dear Jerry, >> >> I have not changed the default setting for the max spamassassin size. It's at 200k. >> >> Best regards, >> Diederik >> >> >>> Does the size of the email exceed your setting for Max spamassassin Size ? >>> >>> - >>> Jerry Benton >>> www.mailborder.com >>> +1 - 844-436-6245 >> >> -- >> Diederik van den Burger >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Tue Feb 7 17:48:55 2017 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 7 Feb 2017 12:48:55 -0500 Subject: Inconsistent SpamAssassin report In-Reply-To: References: <6BC08B22-C0E3-4A67-B947-58EDDEC6CAFE@webrelated.nl> <92A5BDFE-7EDF-41F8-813F-ACDD6F0F38F4@mailborder.com> <20170207150546.608A2FA544@beta.mail.webrelated.nl> <5EC15346-DC7F-4DC0-BC3F-2F931FDC08E8@mailborder.com> Message-ID: You have to run spamassassin pointing to the /etc/MailScanner/spamassassin.conf file. - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Feb 7, 2017, at 12:45 PM, Diederik van den Burger wrote: > > The message was just 2.19kB, so I don't believe that's the problem. Regardless, MailWatch does say it was scanned, it's just that the score is different (and lower than I would expect) compared to when I run Spamassassin on the email manually. > > Best regards, > Diederik > > >> On 07 Feb 2017, at 18:38, Jerry Benton > wrote: >> >> Was the message that was clean bigger than 200k? If so, it was not scanned. >> >> - >> Jerry Benton >> www.mailborder.com >> +1 - 844-436-6245 >> >> >> >>> On Feb 7, 2017, at 10:05 AM, diederik at webrelated.nl wrote: >>> >>> Dear Jerry, >>> >>> I have not changed the default setting for the max spamassassin size. It's at 200k. >>> >>> Best regards, >>> Diederik >>> >>> >>>> Does the size of the email exceed your setting for Max spamassassin Size ? >>>> >>>> - >>>> Jerry Benton >>>> www.mailborder.com >>>> +1 - 844-436-6245 >>> >>> -- >>> Diederik van den Burger >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Tue Feb 7 17:52:32 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Tue, 7 Feb 2017 12:52:32 -0500 Subject: Inconsistent SpamAssassin report In-Reply-To: <20170207154657.EABB2FA54F@beta.mail.webrelated.nl> References: <6BC08B22-C0E3-4A67-B947-58EDDEC6CAFE@webrelated.nl> <20170207154657.EABB2FA54F@beta.mail.webrelated.nl> Message-ID: Ahh yes, see Jerry's later reply. You need to point to the /etc/MailScanner/spamassassin.conf. Hence the error messages also in this case. Although, assuming MailScanner is running as the postfix user, you may need to continue looking into this deeper. On Tue, Feb 7, 2017 at 10:46 AM, Diederik van den Burger < diederik at webrelated.nl> wrote: > Dear Shawn, > > Indeed, running that command produces another set of results, so now I > have three different SA reports on the same email. Interesting to note is > the following things: > > 1. This command throws me the following warning: > Feb 7 15:39:27.217 [3250] warn: config: path "/root/.spamassassin" is > inaccessible: Permission denied > Feb 7 15:39:27.218 [3250] warn: config: path "/root/.spamassassin/user_prefs" > is inaccessible: Permission denied > Feb 7 15:39:27.218 [3250] warn: config: default user preference file > /root/.spamassassin/user_prefs not accessible: Permission denied > > 2. In found out that whenever I run MailScanner --lint in the /root > directory, I get an error saying that SpamAssassin is not installed. > > 3. Similar to the previous point, whenever I run the command you proposed > in the /root folder, I get the following errors: > Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from > @INC): Can't locate Mail/SpamAssassin/Plugin/SpamCop.pm: > lib/Mail/SpamAssassin/Plugin/SpamCop.pm: Permission denied at (eval 35) > line 1. > Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from > @INC): Can't locate Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm: > lib/Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm: Permission denied at > (eval 36) line 1. > Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from > @INC): Can't locate Mail/SpamAssassin/Plugin/WhiteListSubject.pm: > lib/Mail/SpamAssassin/Plugin/WhiteListSubject.pm: Permission denied at > (eval 37) line 1. > Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from > @INC): Can't locate Mail/SpamAssassin/Plugin/MIMEHeader.pm: > lib/Mail/SpamAssassin/Plugin/MIMEHeader.pm: Permission denied at (eval > 38) line 1. > > This continues for another 20 lines or so. I do not know whether point two > and three are related to my initial problem, but I thought it was worth > mentioning. > > > Thanks in advance, > Diederik > > > > > Diederik, > > > > Does this also produce yet a different set of results? > > > > sudo su - postfix -c "spamassassin -t -d < path/to/spamemail" > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From diederik at webrelated.nl Tue Feb 7 17:54:54 2017 From: diederik at webrelated.nl (Diederik van den Burger) Date: Tue, 7 Feb 2017 18:54:54 +0100 Subject: Inconsistent SpamAssassin report In-Reply-To: References: <6BC08B22-C0E3-4A67-B947-58EDDEC6CAFE@webrelated.nl> <92A5BDFE-7EDF-41F8-813F-ACDD6F0F38F4@mailborder.com> <20170207150546.608A2FA544@beta.mail.webrelated.nl> <5EC15346-DC7F-4DC0-BC3F-2F931FDC08E8@mailborder.com>

Message-ID: <2576BAD9-4028-4D0D-9283-B55654D731C1@webrelated.nl> Thanks for your help by the way. When I run the following command: spamassassin -t -d -C /etc/MailScanner/spamassassin.conf < spamemail or even sudo su postfix -p -c "spamassassin -t -d -C /etc/MailScanner/spamassassin.conf < spamemail" I still get the following warnings: Feb 7 17:52:36.156 [4359] warn: config: path "/root/.spamassassin" is inaccessible: Permission denied Feb 7 17:52:36.157 [4359] warn: config: path "/root/.spamassassin/user_prefs" is inaccessible: Permission denied Feb 7 17:52:36.157 [4359] warn: config: default user preference file /root/.spamassassin/user_prefs not accessible: Permission denied And furthermore, I also don't get a spam report anymore. It says: "(no report template found)" Is this expected behaviour? Best regards, Diederik > On 07 Feb 2017, at 18:48, Jerry Benton wrote: > > You have to run spamassassin pointing to the /etc/MailScanner/spamassassin.conf file. > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > >> On Feb 7, 2017, at 12:45 PM, Diederik van den Burger > wrote: >> >> The message was just 2.19kB, so I don't believe that's the problem. Regardless, MailWatch does say it was scanned, it's just that the score is different (and lower than I would expect) compared to when I run Spamassassin on the email manually. >> >> Best regards, >> Diederik >> >> >>> On 07 Feb 2017, at 18:38, Jerry Benton > wrote: >>> >>> Was the message that was clean bigger than 200k? If so, it was not scanned. >>> >>> - >>> Jerry Benton >>> www.mailborder.com >>> +1 - 844-436-6245 >>> >>> >>> >>>> On Feb 7, 2017, at 10:05 AM, diederik at webrelated.nl wrote: >>>> >>>> Dear Jerry, >>>> >>>> I have not changed the default setting for the max spamassassin size. It's at 200k. >>>> >>>> Best regards, >>>> Diederik >>>> >>>> >>>>> Does the size of the email exceed your setting for Max spamassassin Size ? >>>>> >>>>> - >>>>> Jerry Benton >>>>> www.mailborder.com >>>>> +1 - 844-436-6245 >>>> >>>> -- >>>> Diederik van den Burger >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner at lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sales at edenusa.com Tue Feb 7 17:55:04 2017 From: sales at edenusa.com (Paul Scott) Date: Tue, 7 Feb 2017 17:55:04 +0000 Subject: Inconsistent SpamAssassin report In-Reply-To: References: <6BC08B22-C0E3-4A67-B947-58EDDEC6CAFE@webrelated.nl> <20170207154657.EABB2FA54F@beta.mail.webrelated.nl> Message-ID: <482DA9E2372B7C61.4200b191-21a1-44b4-8ff5-373b29e67a49@mail.outlook.com> Where is this pointing to done? Paul Scott Eden USA, Inc. 866.501.3336 On Tue, Feb 7, 2017 at 9:53 AM -0800, "Shawn Iverson" > wrote: Ahh yes, see Jerry's later reply. You need to point to the /etc/MailScanner/spamassassin.conf. Hence the error messages also in this case. Although, assuming MailScanner is running as the postfix user, you may need to continue looking into this deeper. On Tue, Feb 7, 2017 at 10:46 AM, Diederik van den Burger > wrote: Dear Shawn, Indeed, running that command produces another set of results, so now I have three different SA reports on the same email. Interesting to note is the following things: 1. This command throws me the following warning: Feb 7 15:39:27.217 [3250] warn: config: path "/root/.spamassassin" is inaccessible: Permission denied Feb 7 15:39:27.218 [3250] warn: config: path "/root/.spamassassin/user_prefs" is inaccessible: Permission denied Feb 7 15:39:27.218 [3250] warn: config: default user preference file /root/.spamassassin/user_prefs not accessible: Permission denied 2. In found out that whenever I run MailScanner --lint in the /root directory, I get an error saying that SpamAssassin is not installed. 3. Similar to the previous point, whenever I run the command you proposed in the /root folder, I get the following errors: Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/SpamCop.pm: lib/Mail/SpamAssassin/Plugin/SpamCop.pm: Permission denied at (eval 35) line 1. Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm: lib/Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm: Permission denied at (eval 36) line 1. Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/WhiteListSubject.pm: lib/Mail/SpamAssassin/Plugin/WhiteListSubject.pm: Permission denied at (eval 37) line 1. Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/MIMEHeader.pm: lib/Mail/SpamAssassin/Plugin/MIMEHeader.pm: Permission denied at (eval 38) line 1. This continues for another 20 lines or so. I do not know whether point two and three are related to my initial problem, but I thought it was worth mentioning. Thanks in advance, Diederik > Diederik, > > Does this also produce yet a different set of results? > > sudo su - postfix -c "spamassassin -t -d < path/to/spamemail" -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us [https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_cy1OZFNIZ0drYVU&revid=0Bw5iD0ToYvs_UitIcHVIWkJVVTl2VGpxVUE0d0FQcHBIRXk4PQ] -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ATT00001.txt URL: From iversons at rushville.k12.in.us Tue Feb 7 18:08:47 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Tue, 7 Feb 2017 13:08:47 -0500 Subject: Inconsistent SpamAssassin report In-Reply-To: <482DA9E2372B7C61.4200b191-21a1-44b4-8ff5-373b29e67a49@mail.outlook.com> References: <6BC08B22-C0E3-4A67-B947-58EDDEC6CAFE@webrelated.nl> <20170207154657.EABB2FA54F@beta.mail.webrelated.nl> <482DA9E2372B7C61.4200b191-21a1-44b4-8ff5-373b29e67a49@mail.outlook.com> Message-ID: Using the -c option. On Tue, Feb 7, 2017 at 12:55 PM, Paul Scott wrote: > Where is this pointing to done? > > Paul Scott > Eden USA, Inc. > 866.501.3336 <(866)%20501-3336> > > > > > On Tue, Feb 7, 2017 at 9:53 AM -0800, "Shawn Iverson" < > iversons at rushville.k12.in.us> wrote: > > Ahh yes, see Jerry's later reply. You need to point to the >> /etc/MailScanner/spamassassin.conf. Hence the error messages also in >> this case. Although, assuming MailScanner is running as the postfix user, >> you may need to continue looking into this deeper. >> >> On Tue, Feb 7, 2017 at 10:46 AM, Diederik van den Burger < >> diederik at webrelated.nl> wrote: >> >>> Dear Shawn, >>> >>> Indeed, running that command produces another set of results, so now I >>> have three different SA reports on the same email. Interesting to note is >>> the following things: >>> >>> 1. This command throws me the following warning: >>> Feb 7 15:39:27.217 [3250] warn: config: path "/root/.spamassassin" is >>> inaccessible: Permission denied >>> Feb 7 15:39:27.218 [3250] warn: config: path >>> "/root/.spamassassin/user_prefs" is inaccessible: Permission denied >>> Feb 7 15:39:27.218 [3250] warn: config: default user preference file >>> /root/.spamassassin/user_prefs not accessible: Permission denied >>> >>> 2. In found out that whenever I run MailScanner --lint in the /root >>> directory, I get an error saying that SpamAssassin is not installed. >>> >>> 3. Similar to the previous point, whenever I run the command you >>> proposed in the /root folder, I get the following errors: >>> Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from >>> @INC): Can't locate Mail/SpamAssassin/Plugin/SpamCop.pm: >>> lib/Mail/SpamAssassin/Plugin/SpamCop.pm: Permission denied at (eval 35) >>> line 1. >>> Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from >>> @INC): Can't locate Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm: >>> lib/Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm: Permission denied >>> at (eval 36) line 1. >>> Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from >>> @INC): Can't locate Mail/SpamAssassin/Plugin/WhiteListSubject.pm: >>> lib/Mail/SpamAssassin/Plugin/WhiteListSubject.pm: Permission denied at >>> (eval 37) line 1. >>> Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from >>> @INC): Can't locate Mail/SpamAssassin/Plugin/MIMEHeader.pm: >>> lib/Mail/SpamAssassin/Plugin/MIMEHeader.pm: Permission denied at (eval >>> 38) line 1. >>> >>> This continues for another 20 lines or so. I do not know whether point >>> two and three are related to my initial problem, but I thought it was worth >>> mentioning. >>> >>> >>> Thanks in advance, >>> Diederik >>> >>> >>> >>> > Diederik, >>> > >>> > Does this also produce yet a different set of results? >>> > >>> > sudo su - postfix -c "spamassassin -t -d < path/to/spamemail" >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> >> >> >> -- >> Shawn Iverson >> Director of Technology >> Rush County Schools >> 765-932-3901 x271 <(765)%20932-3901> >> iversons at rushville.k12.in.us >> >> >> > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Tue Feb 7 18:09:42 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Tue, 7 Feb 2017 13:09:42 -0500 Subject: Inconsistent SpamAssassin report In-Reply-To: References: <6BC08B22-C0E3-4A67-B947-58EDDEC6CAFE@webrelated.nl> <20170207154657.EABB2FA54F@beta.mail.webrelated.nl> <482DA9E2372B7C61.4200b191-21a1-44b4-8ff5-373b29e67a49@mail.outlook.com> Message-ID: Correction -C (caps) On Tue, Feb 7, 2017 at 1:08 PM, Shawn Iverson wrote: > Using the -c option. > > On Tue, Feb 7, 2017 at 12:55 PM, Paul Scott wrote: > >> Where is this pointing to done? >> >> Paul Scott >> Eden USA, Inc. >> 866.501.3336 <(866)%20501-3336> >> >> >> >> >> On Tue, Feb 7, 2017 at 9:53 AM -0800, "Shawn Iverson" < >> iversons at rushville.k12.in.us> wrote: >> >> Ahh yes, see Jerry's later reply. You need to point to the >>> /etc/MailScanner/spamassassin.conf. Hence the error messages also in >>> this case. Although, assuming MailScanner is running as the postfix user, >>> you may need to continue looking into this deeper. >>> >>> On Tue, Feb 7, 2017 at 10:46 AM, Diederik van den Burger < >>> diederik at webrelated.nl> wrote: >>> >>>> Dear Shawn, >>>> >>>> Indeed, running that command produces another set of results, so now I >>>> have three different SA reports on the same email. Interesting to note is >>>> the following things: >>>> >>>> 1. This command throws me the following warning: >>>> Feb 7 15:39:27.217 [3250] warn: config: path "/root/.spamassassin" is >>>> inaccessible: Permission denied >>>> Feb 7 15:39:27.218 [3250] warn: config: path >>>> "/root/.spamassassin/user_prefs" is inaccessible: Permission denied >>>> Feb 7 15:39:27.218 [3250] warn: config: default user preference file >>>> /root/.spamassassin/user_prefs not accessible: Permission denied >>>> >>>> 2. In found out that whenever I run MailScanner --lint in the /root >>>> directory, I get an error saying that SpamAssassin is not installed. >>>> >>>> 3. Similar to the previous point, whenever I run the command you >>>> proposed in the /root folder, I get the following errors: >>>> Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from >>>> @INC): Can't locate Mail/SpamAssassin/Plugin/SpamCop.pm: >>>> lib/Mail/SpamAssassin/Plugin/SpamCop.pm: Permission denied at (eval >>>> 35) line 1. >>>> Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from >>>> @INC): Can't locate Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm: >>>> lib/Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm: Permission denied >>>> at (eval 36) line 1. >>>> Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from >>>> @INC): Can't locate Mail/SpamAssassin/Plugin/WhiteListSubject.pm: >>>> lib/Mail/SpamAssassin/Plugin/WhiteListSubject.pm: Permission denied at >>>> (eval 37) line 1. >>>> Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from >>>> @INC): Can't locate Mail/SpamAssassin/Plugin/MIMEHeader.pm: >>>> lib/Mail/SpamAssassin/Plugin/MIMEHeader.pm: Permission denied at (eval >>>> 38) line 1. >>>> >>>> This continues for another 20 lines or so. I do not know whether point >>>> two and three are related to my initial problem, but I thought it was worth >>>> mentioning. >>>> >>>> >>>> Thanks in advance, >>>> Diederik >>>> >>>> >>>> >>>> > Diederik, >>>> > >>>> > Does this also produce yet a different set of results? >>>> > >>>> > sudo su - postfix -c "spamassassin -t -d < path/to/spamemail" >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner at lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> >>> >>> >>> -- >>> Shawn Iverson >>> Director of Technology >>> Rush County Schools >>> 765-932-3901 x271 <(765)%20932-3901> >>> iversons at rushville.k12.in.us >>> >>> >>> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> > > > -- > Shawn Iverson > Director of Technology > Rush County Schools > 765-932-3901 x271 <(765)%20932-3901> > iversons at rushville.k12.in.us > > > -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From diederik at webrelated.nl Tue Feb 7 18:11:37 2017 From: diederik at webrelated.nl (Diederik van den Burger) Date: Tue, 7 Feb 2017 19:11:37 +0100 Subject: Inconsistent SpamAssassin report In-Reply-To: References: <6BC08B22-C0E3-4A67-B947-58EDDEC6CAFE@webrelated.nl> <20170207154657.EABB2FA54F@beta.mail.webrelated.nl> <482DA9E2372B7C61.4200b191-21a1-44b4-8ff5-373b29e67a49@mail.outlook.com>

Message-ID: I've done this, see the thread with Jerry. Still seeing warnings and suddenly the SA report vanishes. > On 07 Feb 2017, at 19:09, Shawn Iverson wrote: > > Correction -C (caps) > > On Tue, Feb 7, 2017 at 1:08 PM, Shawn Iverson > wrote: > Using the -c option. > > On Tue, Feb 7, 2017 at 12:55 PM, Paul Scott > wrote: > Where is this pointing to done? > > > Paul Scott > Eden USA, Inc. > 866.501.3336 > > > > > On Tue, Feb 7, 2017 at 9:53 AM -0800, "Shawn Iverson" > wrote: > > Ahh yes, see Jerry's later reply. You need to point to the /etc/MailScanner/spamassassin.conf. Hence the error messages also in this case. Although, assuming MailScanner is running as the postfix user, you may need to continue looking into this deeper. > > On Tue, Feb 7, 2017 at 10:46 AM, Diederik van den Burger > wrote: > Dear Shawn, > > Indeed, running that command produces another set of results, so now I have three different SA reports on the same email. Interesting to note is the following things: > > 1. This command throws me the following warning: > Feb 7 15:39:27.217 [3250] warn: config: path "/root/.spamassassin" is inaccessible: Permission denied > Feb 7 15:39:27.218 [3250] warn: config: path "/root/.spamassassin/user_prefs" is inaccessible: Permission denied > Feb 7 15:39:27.218 [3250] warn: config: default user preference file /root/.spamassassin/user_prefs not accessible: Permission denied > > 2. In found out that whenever I run MailScanner --lint in the /root directory, I get an error saying that SpamAssassin is not installed. > > 3. Similar to the previous point, whenever I run the command you proposed in the /root folder, I get the following errors: > Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/SpamCop.pm : lib/Mail/SpamAssassin/Plugin/SpamCop.pm: Permission denied at (eval 35) line 1. > Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm: lib/Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm: Permission denied at (eval 36) line 1. > Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/WhiteListSubject.pm: lib/Mail/SpamAssassin/Plugin/WhiteListSubject.pm: Permission denied at (eval 37) line 1. > Feb 7 15:41:20.572 [3263] warn: plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/MIMEHeader.pm : lib/Mail/SpamAssassin/Plugin/MIMEHeader.pm: Permission denied at (eval 38) line 1. > > This continues for another 20 lines or so. I do not know whether point two and three are related to my initial problem, but I thought it was worth mentioning. > > > Thanks in advance, > Diederik > > > > > Diederik, > > > > Does this also produce yet a different set of results? > > > > sudo su - postfix -c "spamassassin -t -d < path/to/spamemail" > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > -- > Shawn Iverson > Director of Technology > Rush County Schools > 765-932-3901 x271 > iversons at rushville.k12.in.us > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > -- > Shawn Iverson > Director of Technology > Rush County Schools > 765-932-3901 x271 > iversons at rushville.k12.in.us > > > > > > -- > Shawn Iverson > Director of Technology > Rush County Schools > 765-932-3901 x271 > iversons at rushville.k12.in.us > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner at replies.cyways.com Tue Feb 7 18:11:54 2017 From: mailscanner at replies.cyways.com (Peter Lemieux) Date: Tue, 7 Feb 2017 13:11:54 -0500 Subject: Inconsistent SpamAssassin report In-Reply-To: <2576BAD9-4028-4D0D-9283-B55654D731C1@webrelated.nl> References: <6BC08B22-C0E3-4A67-B947-58EDDEC6CAFE@webrelated.nl> <92A5BDFE-7EDF-41F8-813F-ACDD6F0F38F4@mailborder.com> <20170207150546.608A2FA544@beta.mail.webrelated.nl> <5EC15346-DC7F-4DC0-BC3F-2F931FDC08E8@mailborder.com>

<2576BAD9-4028-4D0D-9283-B55654D731C1@webrelated.nl> Message-ID: On most implementations only root will have access to /root/.spamassassin since /root usually has 700 permissions or more limited ones. Is MailScanner running as the postfix user or as root? If the latter, those permission errors shouldn't arise during scans run from MailScanner. What happens if you run your tests as root? Did I miss it, or did you not identify which platform you're running MailScanner on? I stick with CentOS for servers. In my experience MailScanner has installed and run flawlessly on that distribution for years. Peter On 02/07/2017 12:54 PM, Diederik van den Burger wrote: > Thanks for your help by the way. When I run the following command: > > spamassassin -t -d -C /etc/MailScanner/spamassassin.conf < spamemail > or even > sudo su postfix -p -c "spamassassin -t -d -C > /etc/MailScanner/spamassassin.conf < spamemail" > > I still get the following warnings: > > Feb 7 17:52:36.156 [4359] warn: config: path "/root/.spamassassin" is > inaccessible: Permission denied > Feb 7 17:52:36.157 [4359] warn: config: path > "/root/.spamassassin/user_prefs" is inaccessible: Permission denied > Feb 7 17:52:36.157 [4359] warn: config: default user preference file > /root/.spamassassin/user_prefs not accessible: Permission denied > > And furthermore, I also don't get a spam report anymore. It says: > "(no report template found)" > Is this expected behaviour? > > > Best regards, > Diederik From diederik at webrelated.nl Tue Feb 7 18:17:56 2017 From: diederik at webrelated.nl (Diederik van den Burger) Date: Tue, 7 Feb 2017 19:17:56 +0100 Subject: Inconsistent SpamAssassin report In-Reply-To: References: <6BC08B22-C0E3-4A67-B947-58EDDEC6CAFE@webrelated.nl> <92A5BDFE-7EDF-41F8-813F-ACDD6F0F38F4@mailborder.com> <20170207150546.608A2FA544@beta.mail.webrelated.nl> <5EC15346-DC7F-4DC0-BC3F-2F931FDC08E8@mailborder.com>

<2576BAD9-4028-4D0D-9283-B55654D731C1@webrelated.nl> Message-ID: <488F45F3-1B66-48AE-8545-E36FAC9A433E@webrelated.nl> MailScanner is running as the postfix user. If I run the spamassassin command as root I do not see any errors. Is there any way to see logs on the spamassassin command as MailScanner runs it? And indeed I have not mentioned my OS yet. I am running Ubuntu 16.04.1. While I respect your advise on using CentOS, I am willing to try and debug this first. As MailScanner lists Ubuntu as supported, I believe it should work. If I really cannot figure it out I will think of switching to CentOS. Thanks though ;). > On 07 Feb 2017, at 19:11, Peter Lemieux wrote: > > On most implementations only root will have access to /root/.spamassassin since /root usually has 700 permissions or more limited ones. > > Is MailScanner running as the postfix user or as root? If the latter, those permission errors shouldn't arise during scans run from MailScanner. > > What happens if you run your tests as root? > > Did I miss it, or did you not identify which platform you're running MailScanner on? I stick with CentOS for servers. In my experience MailScanner has installed and run flawlessly on that distribution for years. > > Peter > > > On 02/07/2017 12:54 PM, Diederik van den Burger wrote: >> Thanks for your help by the way. When I run the following command: >> >> spamassassin -t -d -C /etc/MailScanner/spamassassin.conf < spamemail >> or even >> sudo su postfix -p -c "spamassassin -t -d -C >> /etc/MailScanner/spamassassin.conf < spamemail" >> >> I still get the following warnings: >> >> Feb 7 17:52:36.156 [4359] warn: config: path "/root/.spamassassin" is >> inaccessible: Permission denied >> Feb 7 17:52:36.157 [4359] warn: config: path >> "/root/.spamassassin/user_prefs" is inaccessible: Permission denied >> Feb 7 17:52:36.157 [4359] warn: config: default user preference file >> /root/.spamassassin/user_prefs not accessible: Permission denied >> >> And furthermore, I also don't get a spam report anymore. It says: >> "(no report template found)" >> Is this expected behaviour? >> >> >> Best regards, >> Diederik > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > From mark at msapiro.net Tue Feb 7 18:20:32 2017 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 7 Feb 2017 10:20:32 -0800 Subject: Inconsistent SpamAssassin report In-Reply-To: <488F45F3-1B66-48AE-8545-E36FAC9A433E@webrelated.nl> References: <6BC08B22-C0E3-4A67-B947-58EDDEC6CAFE@webrelated.nl> <92A5BDFE-7EDF-41F8-813F-ACDD6F0F38F4@mailborder.com> <20170207150546.608A2FA544@beta.mail.webrelated.nl> <5EC15346-DC7F-4DC0-BC3F-2F931FDC08E8@mailborder.com>

<2576BAD9-4028-4D0D-9283-B55654D731C1@webrelated.nl> <488F45F3-1B66-48AE-8545-E36FAC9A433E@webrelated.nl> Message-ID: <58ee5957-b194-7be7-2f2a-f31efe1b4ed7@msapiro.net> On 02/07/2017 10:17 AM, Diederik van den Burger wrote: > > And indeed I have not mentioned my OS yet. I am running Ubuntu 16.04.1. While I respect your advise on using CentOS, I am willing to try and debug this first. As MailScanner lists Ubuntu as supported, I believe it should work. If I really cannot figure it out I will think of switching to CentOS. You shouldn't need to switch. MailScanner runs fine for me on Ubuntu 16.04. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mailscanner at replies.cyways.com Tue Feb 7 18:39:32 2017 From: mailscanner at replies.cyways.com (Peter Lemieux) Date: Tue, 7 Feb 2017 13:39:32 -0500 Subject: Inconsistent SpamAssassin report In-Reply-To: <488F45F3-1B66-48AE-8545-E36FAC9A433E@webrelated.nl> References: <6BC08B22-C0E3-4A67-B947-58EDDEC6CAFE@webrelated.nl> <92A5BDFE-7EDF-41F8-813F-ACDD6F0F38F4@mailborder.com> <20170207150546.608A2FA544@beta.mail.webrelated.nl> <5EC15346-DC7F-4DC0-BC3F-2F931FDC08E8@mailborder.com>

<2576BAD9-4028-4D0D-9283-B55654D731C1@webrelated.nl> <488F45F3-1B66-48AE-8545-E36FAC9A433E@webrelated.nl> Message-ID: I can see running the incoming daemon as the postfix user, but I don't see any reason to run MailScanner itself that way. PL On 02/07/2017 01:17 PM, Diederik van den Burger wrote: > MailScanner is running as the postfix user. If I run the spamassassin > command as root I do not see any errors. Is there any way to see logs on > the spamassassin command as MailScanner runs it? From mark at msapiro.net Tue Feb 7 19:10:11 2017 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 7 Feb 2017 11:10:11 -0800 Subject: Inconsistent SpamAssassin report In-Reply-To: References: <6BC08B22-C0E3-4A67-B947-58EDDEC6CAFE@webrelated.nl> <92A5BDFE-7EDF-41F8-813F-ACDD6F0F38F4@mailborder.com> <20170207150546.608A2FA544@beta.mail.webrelated.nl> <5EC15346-DC7F-4DC0-BC3F-2F931FDC08E8@mailborder.com>

<2576BAD9-4028-4D0D-9283-B55654D731C1@webrelated.nl> <488F45F3-1B66-48AE-8545-E36FAC9A433E@webrelated.nl> Message-ID: On 02/07/2017 10:39 AM, Peter Lemieux wrote: > I can see running the incoming daemon as the postfix user, but I don't see > any reason to run MailScanner itself that way. MailScanner runs as the postfix user so it can dequeue messages from Postfix's hold queue and after scanning queue them in Postfix's incoming queue. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From sales at edenusa.com Tue Feb 7 21:16:53 2017 From: sales at edenusa.com (Paul Scott) Date: Tue, 7 Feb 2017 21:16:53 +0000 Subject: File(name|type) rules - was hijacked: "Allow Script Tags" affects attachments? In-Reply-To: <1d7f148c-4d1b-4438-9cb3-226c4dc5740e@msapiro.net> References:

<201702012129.41416.Antony.Stone@mailscanner.open.source.it> <5FBC86D5-8B63-42FE-82A6-514B1A96B0A6@mailborder.com> <7413fc7a-57e0-ebb8-9aea-af4fb696c2c4@msapiro.net> <21b9884c-b665-dc71-9891-ed23ef31f4c8@msapiro.net> <3e0710e8-c05e-8fef-8c83-ed76866dda7e@msapiro.net> <1d7f148c-4d1b-4438-9cb3-226c4dc5740e@msapiro.net> <1813f6fc-8854-071c-105e-dee269789772@msapiro.net> <378148dd-1f8e-5eb2-8267-900903ac4080@msapiro.net> Message-ID: Scott, Could you please report the values for all your maximum settings? Do something like: egrep "^Max" /etc/MailScanner/MailScanner.conf There used to be a logical trap/bug in the setting of Maximum Spam Check Size and Maximum Spamassassin Size (both theese need be relatively "huge". or you'll mess up SpamAssassin results badly). With the latter a bit smaller than the former... I've got: Max Spam Check Size = 6500000 Max SpamAssassin Size = 3600000 Also, pay attention to the Spamassassin timout value. Further, a comment on your "I've turned everyting off" statement... This is sometimes easier said than done. There are a number of settings you need change, apart from the ones you mention. I suspect you would find more ... interresting... facts (and not alternative ones, at that) if you ensure that the failures actually do get quarantined. That way you can inspect the actual raw message/queue file for discrepacies. Cheers! -- -- Glenn 2017-02-10 6:28 GMT+01:00 Paul Scott : > Hello Mark, > > I pretty much managed to get mailscanner to restart a bit better. Still > working on that, but I think I can nail it eventually. > > With regards to the attachments issue, I think I might finally be starting > to get to the bottom of this. Here is the entry from the log which > corresponds to the generation of the odd message that my clients get when a > sender sends an email with attachments: > > Feb 8 15:41:46 mail MailScanner[14031]: Message v18NfGNg014804 from > 216.205.24.106 (betty.tran at ioausa.com) to mp-eng.com is too big for spam > checks (1572191 > 150000 bytes) > > So, of course when an email has attachments, it is quite large. This > message is generated incorrectly, for two reasons: > > 1. It is not the NUMBER of attachments which is generating this message, > but that is what the message says. > > 2. When the size of an email is too large for spam checks, it is supposed > to be processed through without modification or error, as is indicated by > this section of the MAILSCANNER.CONF file: > > # Spammers do not have the power to send out huge messages to everyone as > # it costs them too much (more smaller messages makes more profit than less > # very large messages). So if a message is bigger than a certain size, it > # is highly unlikely to be spam. Limiting this saves a lot of time checking > # huge messages. > # Disable this option by setting it to a huge value. > # This is measured in bytes. > # This can also be the filename of a ruleset. > Max Spam Check Size = 150k > > > So there you have it. This is exactly where the breakdown is. Just > because the message is too big for spam checks, the Mailscanner system is > removing all of the attachments, and generating the bounce-back message to > my clients. > > I suppose I could "Disable this option by setting it to a huge value", but > eventually, the same thing will happen (e.g, when 10 large attachments are > sent, which excess the new setting). I honestly think there is a bug here > somewhere, or something not right in the programming or configuration > logic, or at the very least, the wrong message is being generated and the > client is being penalized by their valid email being rejected. > > In addition, the file that the message claims to be attached > (EdenUSAInc-Attachment-Warning.txt), does NOT exist anywhere on the > server's HD. > > At any rate, something is just not right here. > > Please let me know. > > Thank you! > Paul Scott > > > -----Original Message----- > From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists. > mailscanner.info] On Behalf Of Mark Sapiro > Sent: Thursday, February 09, 2017 8:31 AM > To: mailscanner at lists.mailscanner.info > Subject: Re: File(name|type) rules - was hijacked: "Allow Script Tags" > affects attachments? > > On 02/08/2017 03:39 PM, Paul Scott wrote: > > > > Unfortunately, in the meantime, I also had another incident where a > sender sending an attachment resulted in this bounce-back email again (I > added those "--START OF MESSAGE-- and --END..." banners): > > > > > > --START OF MESSAGE-- > > Warning: This message has had one or more attachments removed > > Warning: (the entire message). > > Warning: Please read the "EdenUSAInc-Attachment-Warning.txt" > attachment(s) for more information. > > > > This is a message from the MailScanner E-Mail Virus Protection Service > > ---------------------------------------------------------------------- > > The original e-mail attachment "the entire message" > > was believed to be dangerous and/or infected by a virus and has been > replaced by this warning message. > > > > Due to limitations placed on us by the Regulation of Investigatory > Powers Act 2000, we were unable to keep a copy of the infected attachment. > Please ask the sender of the message to disinfect their original version > and send you a clean copy. > > > > At Wed Feb 8 07:28:11 2017 the scanner said: > > Too many attachments in message > > > > -- > > Postmaster > > Eden USA, Inc. > > www.edenitservices.com > > > > For all your IT requirements visit: http://www.transtec.co.uk --END OF > > MESSAGE-- > > > I am unable to duplicate this exactly, so I can't help much, but in > another post you said > > > 1. I already had the number of attachments allowed set to allow as many > as a client wishes (the -1 setting). > > > If you are thinking of "Maximum Attachment Size", thois is OK, but if you > really mean "Maximum Attachments Per Message", there is no "unlimited" > value, but '-1' might be interpreted as a very large, unsigned number, so > it might be OK. > > > > Also, where is that very last line coming from? "For all your IT > requirements visit: http://www.transteck.co.uk" > > > From some ISP's MTA, either the sender or the recipient of the message. > > > > I really need to get this fixed. Do you have any more ideas? I simply > need to SHUT OFF all file attachment scanning, and tell MailScanner somehow > to stop doing anything at all with attachments. I just want to allow > everything through, in terms of attachments. > > > What does MailScanner log in the mail log for this message? > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Fri Feb 10 16:04:05 2017 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 10 Feb 2017 08:04:05 -0800 Subject: File(name|type) rules - was hijacked: "Allow Script Tags" affects attachments? In-Reply-To: References: <5FBC86D5-8B63-42FE-82A6-514B1A96B0A6@mailborder.com> <7413fc7a-57e0-ebb8-9aea-af4fb696c2c4@msapiro.net> <21b9884c-b665-dc71-9891-ed23ef31f4c8@msapiro.net> <3e0710e8-c05e-8fef-8c83-ed76866dda7e@msapiro.net> <1d7f148c-4d1b-4438-9cb3-226c4dc5740e@msapiro.net> <1813f6fc-8854-071c-105e-dee269789772@msapiro.net> <378148dd-1f8e-5eb2-8267-900903ac4080@msapiro.net> Message-ID: On 02/09/2017 09:28 PM, Paul Scott wrote: > > With regards to the attachments issue, I think I might finally be starting to get to the bottom of this. Here is the entry from the log which corresponds to the generation of the odd message that my clients get when a sender sends an email with attachments: > > Feb 8 15:41:46 mail MailScanner[14031]: Message v18NfGNg014804 from 216.205.24.106 (betty.tran at ioausa.com) to mp-eng.com is too big for spam checks (1572191 > 150000 bytes) > > So, of course when an email has attachments, it is quite large. This message is generated incorrectly, for two reasons: The above message is not why you get the "too many attachments message". All that should do is skip SpamAssassin entirely for that message. What messages do you see if you grep the log for 'Feb 8 15:41:4.*MailScanner.14031' (dropping the last digit of the seconds and replacing [ with . are intentional). -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From sales at edenusa.com Fri Feb 10 18:20:36 2017 From: sales at edenusa.com (Paul Scott) Date: Fri, 10 Feb 2017 18:20:36 +0000 Subject: File(name|type) rules - was hijacked: "Allow Script Tags" affects attachments? In-Reply-To: References: <5FBC86D5-8B63-42FE-82A6-514B1A96B0A6@mailborder.com> <7413fc7a-57e0-ebb8-9aea-af4fb696c2c4@msapiro.net> <21b9884c-b665-dc71-9891-ed23ef31f4c8@msapiro.net> <3e0710e8-c05e-8fef-8c83-ed76866dda7e@msapiro.net> <1d7f148c-4d1b-4438-9cb3-226c4dc5740e@msapiro.net> <1813f6fc-8854-071c-105e-dee269789772@msapiro.net> <378148dd-1f8e-5eb2-8267-900903ac4080@msapiro.net>

Message-ID: Hello Mark, This is what I get: [root at mail log]# grep 'Feb 8 15:41:4.*MailScanner.14031' maillog Feb 8 15:41:46 mail MailScanner[14031]: Message v18NfGNg014804 from 216.205.24.106 (betty.tran at ioausa.com) to mp-eng.com is too big for spam checks (1572191 > 150000 bytes) Feb 8 15:41:46 mail MailScanner[14031]: Spam Checks: Found 1 spam messages Feb 8 15:41:48 mail MailScanner[14031]: Cleaned: Delivered 1 cleaned messages Feb 8 15:41:48 mail MailScanner[14031]: Deleted 2 messages from processing-database Feb 8 15:41:48 mail MailScanner[14031]: Logging message v18NfJdu014805 to SQL Feb 8 15:41:48 mail MailScanner[14031]: Logging message v18NfGNg014804 to SQL So, yes...the message was still delivered, along with the odd warning message, but the 7 attachments that she was sending were stripped and gone, and the message "Too many attachments" was in the warning message. And can you please let me know where this " EdenUSAInc-Attachment-Warning.txt" file is supposed to be, if it is supposed to be a part of the system, or? I know where the "EdenUSAInc" is coming from. It is as defined in the mailscanner.conf file here: Enter a short identifying name for your organisation below, this is # used to make the X-MailScanner headers unique for your organisation. # Multiple servers within one site should use an identical value here # to avoid adding multiple redundant headers where mail has passed # through several servers within your organisation. # # Note: Some Symantec scanners complain (incorrectly) about "." # ***** characters appearing in the names of headers. # Some other mail servers complain about "_" characters # appearing in the names of headers as well. # So don't put "." or "_" in this setting. # # **** RULE: It must not contain any spaces! **** %org-name% = EdenUSAInc The rest of the file name is being generated within MailScanner. Thank you again, Paul Scott Eden USA, Inc. -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Mark Sapiro Sent: Friday, February 10, 2017 8:04 AM To: mailscanner at lists.mailscanner.info Subject: Re: File(name|type) rules - was hijacked: "Allow Script Tags" affects attachments? On 02/09/2017 09:28 PM, Paul Scott wrote: > > With regards to the attachments issue, I think I might finally be starting to get to the bottom of this. Here is the entry from the log which corresponds to the generation of the odd message that my clients get when a sender sends an email with attachments: > > Feb 8 15:41:46 mail MailScanner[14031]: Message v18NfGNg014804 from > 216.205.24.106 (betty.tran at ioausa.com) to mp-eng.com is too big for > spam checks (1572191 > 150000 bytes) > > So, of course when an email has attachments, it is quite large. This message is generated incorrectly, for two reasons: The above message is not why you get the "too many attachments message". All that should do is skip SpamAssassin entirely for that message. What messages do you see if you grep the log for 'Feb 8 15:41:4.*MailScanner.14031' (dropping the last digit of the seconds and replacing [ with . are intentional). -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From sales at edenusa.com Fri Feb 10 18:26:58 2017 From: sales at edenusa.com (Paul Scott) Date: Fri, 10 Feb 2017 18:26:58 +0000 Subject: File(name|type) rules - was hijacked: "Allow Script Tags" affects attachments? In-Reply-To: References:

Message-ID: Hello Glenn, Thank you very much for your reply. Here is the result: [root at mail MailScanner]# egrep "^Max" /etc/MailScanner/MailScanner.conf Max Children = 5 Max Unscanned Bytes Per Scan = 100m Max Unsafe Bytes Per Scan = 50m Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 Max Normal Queue Size = 30 Maximum Processing Attempts = 10 Maximum Attachments Per Message = 20 Maximum Message Size = %rules-dir%/max.message.size.rules Maximum Attachment Size = -1 Maximum Archive Depth = 0 Max Spam List Timeouts = 10 Max Spam Check Size = 15000k Max SpamAssassin Size = 40k Max SpamAssassin Timeouts = 90 Max Custom Spam Scanner Size = 20000 Max Custom Spam Scanner Timeouts = 10 [root at mail MailScanner]# NOTE: Does using the ?k? screw anything up? That?s what was in there before, but it was ?150k?, which was obviously too small. I see that your values are huge, but there is no ?k? indicated: Max Spam Check Size = 6500000 Max SpamAssassin Size = 3600000 And this is the content of the max.message.size.rules file, which is setting a max for this particular client to 1GB, and 20MB for everyone else: # # The following line specifies the default result used when none of the # other rules match. In this example, # Maximum Message Size = 0 # means that there is no limit to the size of the message. # To: *@mp-eng.com 1000M From: *@mp-eng.com 1000M FromOrTo: default 20M Thank you again! Paul Scott From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Friday, February 10, 2017 4:31 AM To: MailScanner Discussion Subject: Re: File(name|type) rules - was hijacked: "Allow Script Tags" affects attachments? Scott, Could you please report the values for all your maximum settings? Do something like: egrep "^Max" /etc/MailScanner/MailScanner.conf There used to be a logical trap/bug in the setting of Maximum Spam Check Size and Maximum Spamassassin Size (both theese need be relatively "huge". or you'll mess up SpamAssassin results badly). With the latter a bit smaller than the former... I've got: Max Spam Check Size = 6500000 Max SpamAssassin Size = 3600000 Also, pay attention to the Spamassassin timout value. Further, a comment on your "I've turned everyting off" statement... This is sometimes easier said than done. There are a number of settings you need change, apart from the ones you mention. I suspect you would find more ... interresting... facts (and not alternative ones, at that) if you ensure that the failures actually do get quarantined. That way you can inspect the actual raw message/queue file for discrepacies. Cheers! -- -- Glenn 2017-02-10 6:28 GMT+01:00 Paul Scott >: Hello Mark, I pretty much managed to get mailscanner to restart a bit better. Still working on that, but I think I can nail it eventually. With regards to the attachments issue, I think I might finally be starting to get to the bottom of this. Here is the entry from the log which corresponds to the generation of the odd message that my clients get when a sender sends an email with attachments: Feb 8 15:41:46 mail MailScanner[14031]: Message v18NfGNg014804 from 216.205.24.106 (betty.tran at ioausa.com) to mp-eng.com is too big for spam checks (1572191 > 150000 bytes) So, of course when an email has attachments, it is quite large. This message is generated incorrectly, for two reasons: 1. It is not the NUMBER of attachments which is generating this message, but that is what the message says. 2. When the size of an email is too large for spam checks, it is supposed to be processed through without modification or error, as is indicated by this section of the MAILSCANNER.CONF file: # Spammers do not have the power to send out huge messages to everyone as # it costs them too much (more smaller messages makes more profit than less # very large messages). So if a message is bigger than a certain size, it # is highly unlikely to be spam. Limiting this saves a lot of time checking # huge messages. # Disable this option by setting it to a huge value. # This is measured in bytes. # This can also be the filename of a ruleset. Max Spam Check Size = 150k So there you have it. This is exactly where the breakdown is. Just because the message is too big for spam checks, the Mailscanner system is removing all of the attachments, and generating the bounce-back message to my clients. I suppose I could "Disable this option by setting it to a huge value", but eventually, the same thing will happen (e.g, when 10 large attachments are sent, which excess the new setting). I honestly think there is a bug here somewhere, or something not right in the programming or configuration logic, or at the very least, the wrong message is being generated and the client is being penalized by their valid email being rejected. In addition, the file that the message claims to be attached (EdenUSAInc-Attachment-Warning.txt), does NOT exist anywhere on the server's HD. At any rate, something is just not right here. Please let me know. Thank you! Paul Scott -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Mark Sapiro Sent: Thursday, February 09, 2017 8:31 AM To: mailscanner at lists.mailscanner.info Subject: Re: File(name|type) rules - was hijacked: "Allow Script Tags" affects attachments? On 02/08/2017 03:39 PM, Paul Scott wrote: > > Unfortunately, in the meantime, I also had another incident where a sender sending an attachment resulted in this bounce-back email again (I added those "--START OF MESSAGE-- and --END..." banners): > > > --START OF MESSAGE-- > Warning: This message has had one or more attachments removed > Warning: (the entire message). > Warning: Please read the "EdenUSAInc-Attachment-Warning.txt" attachment(s) for more information. > > This is a message from the MailScanner E-Mail Virus Protection Service > ---------------------------------------------------------------------- > The original e-mail attachment "the entire message" > was believed to be dangerous and/or infected by a virus and has been replaced by this warning message. > > Due to limitations placed on us by the Regulation of Investigatory Powers Act 2000, we were unable to keep a copy of the infected attachment. Please ask the sender of the message to disinfect their original version and send you a clean copy. > > At Wed Feb 8 07:28:11 2017 the scanner said: > Too many attachments in message > > -- > Postmaster > Eden USA, Inc. > www.edenitservices.com > > For all your IT requirements visit: http://www.transtec.co.uk --END OF > MESSAGE-- I am unable to duplicate this exactly, so I can't help much, but in another post you said > 1. I already had the number of attachments allowed set to allow as many as a client wishes (the -1 setting). If you are thinking of "Maximum Attachment Size", thois is OK, but if you really mean "Maximum Attachments Per Message", there is no "unlimited" value, but '-1' might be interpreted as a very large, unsigned number, so it might be OK. > Also, where is that very last line coming from? "For all your IT requirements visit: http://www.transteck.co.uk" From some ISP's MTA, either the sender or the recipient of the message. > I really need to get this fixed. Do you have any more ideas? I simply need to SHUT OFF all file attachment scanning, and tell MailScanner somehow to stop doing anything at all with attachments. I just want to allow everything through, in terms of attachments. What does MailScanner log in the mail log for this message? -- Mark Sapiro > The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: From sales at edenusa.com Fri Feb 10 19:12:14 2017 From: sales at edenusa.com (Paul Scott) Date: Fri, 10 Feb 2017 19:12:14 +0000 Subject: File(name|type) rules - was hijacked: "Allow Script Tags" affects attachments? In-Reply-To: References:

Message-ID: Hello Glen, What do you set your Spamassissin timeout value to? Mine is set to 90 seconds. Thank you very much! Paul Scott From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Friday, February 10, 2017 4:31 AM To: MailScanner Discussion Subject: Re: File(name|type) rules - was hijacked: "Allow Script Tags" affects attachments? Scott, Could you please report the values for all your maximum settings? Do something like: egrep "^Max" /etc/MailScanner/MailScanner.conf There used to be a logical trap/bug in the setting of Maximum Spam Check Size and Maximum Spamassassin Size (both theese need be relatively "huge". or you'll mess up SpamAssassin results badly). With the latter a bit smaller than the former... I've got: Max Spam Check Size = 6500000 Max SpamAssassin Size = 3600000 Also, pay attention to the Spamassassin timout value. Further, a comment on your "I've turned everyting off" statement... This is sometimes easier said than done. There are a number of settings you need change, apart from the ones you mention. I suspect you would find more ... interresting... facts (and not alternative ones, at that) if you ensure that the failures actually do get quarantined. That way you can inspect the actual raw message/queue file for discrepacies. Cheers! -- -- Glenn 2017-02-10 6:28 GMT+01:00 Paul Scott >: Hello Mark, I pretty much managed to get mailscanner to restart a bit better. Still working on that, but I think I can nail it eventually. With regards to the attachments issue, I think I might finally be starting to get to the bottom of this. Here is the entry from the log which corresponds to the generation of the odd message that my clients get when a sender sends an email with attachments: Feb 8 15:41:46 mail MailScanner[14031]: Message v18NfGNg014804 from 216.205.24.106 (betty.tran at ioausa.com) to mp-eng.com is too big for spam checks (1572191 > 150000 bytes) So, of course when an email has attachments, it is quite large. This message is generated incorrectly, for two reasons: 1. It is not the NUMBER of attachments which is generating this message, but that is what the message says. 2. When the size of an email is too large for spam checks, it is supposed to be processed through without modification or error, as is indicated by this section of the MAILSCANNER.CONF file: # Spammers do not have the power to send out huge messages to everyone as # it costs them too much (more smaller messages makes more profit than less # very large messages). So if a message is bigger than a certain size, it # is highly unlikely to be spam. Limiting this saves a lot of time checking # huge messages. # Disable this option by setting it to a huge value. # This is measured in bytes. # This can also be the filename of a ruleset. Max Spam Check Size = 150k So there you have it. This is exactly where the breakdown is. Just because the message is too big for spam checks, the Mailscanner system is removing all of the attachments, and generating the bounce-back message to my clients. I suppose I could "Disable this option by setting it to a huge value", but eventually, the same thing will happen (e.g, when 10 large attachments are sent, which excess the new setting). I honestly think there is a bug here somewhere, or something not right in the programming or configuration logic, or at the very least, the wrong message is being generated and the client is being penalized by their valid email being rejected. In addition, the file that the message claims to be attached (EdenUSAInc-Attachment-Warning.txt), does NOT exist anywhere on the server's HD. At any rate, something is just not right here. Please let me know. Thank you! Paul Scott -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Mark Sapiro Sent: Thursday, February 09, 2017 8:31 AM To: mailscanner at lists.mailscanner.info Subject: Re: File(name|type) rules - was hijacked: "Allow Script Tags" affects attachments? On 02/08/2017 03:39 PM, Paul Scott wrote: > > Unfortunately, in the meantime, I also had another incident where a sender sending an attachment resulted in this bounce-back email again (I added those "--START OF MESSAGE-- and --END..." banners): > > > --START OF MESSAGE-- > Warning: This message has had one or more attachments removed > Warning: (the entire message). > Warning: Please read the "EdenUSAInc-Attachment-Warning.txt" attachment(s) for more information. > > This is a message from the MailScanner E-Mail Virus Protection Service > ---------------------------------------------------------------------- > The original e-mail attachment "the entire message" > was believed to be dangerous and/or infected by a virus and has been replaced by this warning message. > > Due to limitations placed on us by the Regulation of Investigatory Powers Act 2000, we were unable to keep a copy of the infected attachment. Please ask the sender of the message to disinfect their original version and send you a clean copy. > > At Wed Feb 8 07:28:11 2017 the scanner said: > Too many attachments in message > > -- > Postmaster > Eden USA, Inc. > www.edenitservices.com > > For all your IT requirements visit: http://www.transtec.co.uk --END OF > MESSAGE-- I am unable to duplicate this exactly, so I can't help much, but in another post you said > 1. I already had the number of attachments allowed set to allow as many as a client wishes (the -1 setting). If you are thinking of "Maximum Attachment Size", thois is OK, but if you really mean "Maximum Attachments Per Message", there is no "unlimited" value, but '-1' might be interpreted as a very large, unsigned number, so it might be OK. > Also, where is that very last line coming from? "For all your IT requirements visit: http://www.transteck.co.uk" From some ISP's MTA, either the sender or the recipient of the message. > I really need to get this fixed. Do you have any more ideas? I simply need to SHUT OFF all file attachment scanning, and tell MailScanner somehow to stop doing anything at all with attachments. I just want to allow everything through, in terms of attachments. What does MailScanner log in the mail log for this message? -- Mark Sapiro > The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: From sales at edenusa.com Fri Feb 10 19:27:57 2017 From: sales at edenusa.com (Paul Scott) Date: Fri, 10 Feb 2017 19:27:57 +0000 Subject: Spamassassin Upgrade Message-ID: My CentOS 5 system is currently running Spam Assassin v3.2.5-1.el5, which is the latest as picked up by yum updates. My question is, if I were to upgrade manually to the very latest version of Spam Assassin (3.4.1), what would need to be done to insure that MailScanner uses it? Has anybody already gone through this exercise? Sincerely, Paul Scott, Engineer Eden USA, Incorporated Event Production Services Since 1995 Los Angeles-Las Vegas-New York sales at edenusa.com OR edenusasales at gmail.com Telephone(s): 866.501.3336 OR 951.505.6967 Fax: 866.502.3336 WEBSITE: https://www.edenusa.com FACEBOOK: http://www.facebook.com/edenusainc -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Fri Feb 10 19:34:49 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Fri, 10 Feb 2017 14:34:49 -0500 Subject: Spamassassin Upgrade In-Reply-To: References: Message-ID: CentOS 5? On Fri, Feb 10, 2017 at 2:27 PM, Paul Scott wrote: > My CentOS 5 system is currently running Spam Assassin v3.2.5-1.el5, which > is the latest as picked up by yum updates. > > > > My question is, if I were to upgrade manually to the very latest version > of Spam Assassin (3.4.1), what would need to be done to insure that > MailScanner uses it? > > > > Has anybody already gone through this exercise? > > > > Sincerely, > > > > Paul Scott, Engineer > > Eden USA, Incorporated > Event Production Services Since 1995 > Los Angeles-Las Vegas-New York > sales at edenusa.com OR edenusasales at gmail.com > Telephone(s): 866.501.3336 <(866)%20501-3336> OR 951.505.6967 > <(951)%20505-6967> > Fax: 866.502.3336 <(866)%20502-3336> > > > > WEBSITE: https://www.edenusa.com > > FACEBOOK: http://www.facebook.com/edenusainc > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: