From danita at caledonia.net Sun Jan 1 22:18:00 2017 From: danita at caledonia.net (Danita Zanre) Date: Sun, 1 Jan 2017 16:18:00 -0600 Subject: Requeuing failed messages Message-ID: I am trying to integrate MailWatch with Mailscanner (I?m handling issues specific to MailWatch on their list), and ran into a glitch when I attempted to switch the blacklist/whitelist to SQL. ?When I did that, something went very wrong, and ultimately a number of messages were moved to folders off the root of the /var/spool/MailScanner/quarantine/20170101 folder. ?I?ve tried to put the messages back in the hold directory, but it doesn?t seem to be going anywhere. I have a couple of other problems, but I?ll list them separately! Thanks. Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Mon Jan 2 00:26:04 2017 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 1 Jan 2017 16:26:04 -0800 Subject: Requeuing failed messages In-Reply-To: References: Message-ID: <93fbfec6-ba34-0f42-1346-2b9d6a921017@msapiro.net> On 01/01/2017 02:18 PM, Danita Zanre wrote: > I am trying to integrate MailWatch with Mailscanner (I?m handling issues > specific to MailWatch on their list), and ran into a glitch when I > attempted to switch the blacklist/whitelist to SQL. When I did that, > something went very wrong, and ultimately a number of messages were > moved to folders off the root of the > /var/spool/MailScanner/quarantine/20170101 folder. I?ve tried to put > the messages back in the hold directory, but it doesn?t seem to be going > anywhere. Do you have "Quarantine Whole Messages As Queue Files" set to Yes in MailScanner's config? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From danita at caledonia.net Mon Jan 2 00:39:23 2017 From: danita at caledonia.net (Danita Zanre) Date: Sun, 1 Jan 2017 18:39:23 -0600 Subject: Requeuing failed messages In-Reply-To: <1725234233.5963.1483316787900.JavaMail.root@xeams> References: <1725234233.5963.1483316787900.JavaMail.root@xeams> Message-ID: No - because that specifically doesn?t work with MailWatch. ?In reality, these messages aren?t that important - it?s only for my ?test? domain, and I can trash them if necessary, but I guess you are saying that if this were to happen in the ?real world? I would not be able to easily requeue these? ?They look very ?mime?, but they are not saved as queue files. Thanks Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office On January 1, 2017 at 6:32:14 PM, Mark Sapiro (mark at msapiro.net) wrote: On 01/01/2017 02:18 PM, Danita Zanre wrote: > I am trying to integrate MailWatch with Mailscanner (I?m handling issues > specific to MailWatch on their list), and ran into a glitch when I > attempted to switch the blacklist/whitelist to SQL. When I did that, > something went very wrong, and ultimately a number of messages were > moved to folders off the root of the > /var/spool/MailScanner/quarantine/20170101 folder. I?ve tried to put > the messages back in the hold directory, but it doesn?t seem to be going > anywhere. Do you have "Quarantine Whole Messages As Queue Files" set to Yes in MailScanner's config? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner ------------------------------------------------------ Powered by Xeams. Visit xeams.com for more information ------------------------------------------------------ -- This message has been scanned for viruses and dangerous content by Iris MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Mon Jan 2 01:08:50 2017 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 1 Jan 2017 17:08:50 -0800 Subject: Requeuing failed messages In-Reply-To: References: <1725234233.5963.1483316787900.JavaMail.root@xeams> Message-ID: <707a5ce0-8fc0-7f94-72ce-043766c5e355@msapiro.net> On 01/01/2017 04:39 PM, Danita Zanre wrote: > No - because that specifically doesn?t work with MailWatch. In reality, > these messages aren?t that important - it?s only for my ?test? domain, > and I can trash them if necessary, but I guess you are saying that if > this were to happen in the ?real world? I would not be able to easily > requeue these? They look very ?mime?, but they are not saved as queue > files. If they are not saved as queue files, they are not in the correct format to be copied to (I assume Postfix's) hold queue. What you can do is just give them to Postfix as an incoming message. E.g. sendmail -i -t < quarantined_message_file which will process the message and presumably just put in in the hold queue for MailScanner. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From danita at caledonia.net Mon Jan 2 01:10:57 2017 From: danita at caledonia.net (Danita Zanre) Date: Sun, 1 Jan 2017 19:10:57 -0600 Subject: Requeuing failed messages In-Reply-To: <624634152.6686.1483319352781.JavaMail.root@xeams> References: <1725234233.5963.1483316787900.JavaMail.root@xeams> <624634152.6686.1483319352781.JavaMail.root@xeams> Message-ID: Thanks! ?I shall give that a try! ?And then tuck it away in a file to hopefully never need to use again! Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office On January 1, 2017 at 7:14:57 PM, Mark Sapiro (mark at msapiro.net) wrote: On 01/01/2017 04:39 PM, Danita Zanre wrote: > No - because that specifically doesn?t work with MailWatch. In reality, > these messages aren?t that important - it?s only for my ?test? domain, > and I can trash them if necessary, but I guess you are saying that if > this were to happen in the ?real world? I would not be able to easily > requeue these? They look very ?mime?, but they are not saved as queue > files. If they are not saved as queue files, they are not in the correct format to be copied to (I assume Postfix's) hold queue. What you can do is just give them to Postfix as an incoming message. E.g. sendmail -i -t < quarantined_message_file which will process the message and presumably just put in in the hold queue for MailScanner. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner ------------------------------------------------------ Powered by Xeams. Visit xeams.com for more information ------------------------------------------------------ -- This message has been scanned for viruses and dangerous content by Iris MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Tue Jan 3 01:05:15 2017 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 2 Jan 2017 17:05:15 -0800 Subject: Requeuing failed messages In-Reply-To: <707a5ce0-8fc0-7f94-72ce-043766c5e355@msapiro.net> References: <1725234233.5963.1483316787900.JavaMail.root@xeams> <707a5ce0-8fc0-7f94-72ce-043766c5e355@msapiro.net> Message-ID: <55d8c8ba-52bf-bbd9-a60d-4b9d45b2a0d0@msapiro.net> On 01/01/2017 05:08 PM, Mark Sapiro wrote: > > If they are not saved as queue files, they are not in the correct format > to be copied to (I assume Postfix's) hold queue. > > What you can do is just give them to Postfix as an incoming message. E.g. > > sendmail -i -t < quarantined_message_file > > which will process the message and presumably just put in in the hold > queue for MailScanner. On second thought, the above sendmail command is probably not a good idea. The issue is that -t will send the message to all To: and Cc: recipients in the message headers. This can include addresses which are in other domains and which probably already received the message and may not even include the intended recipient of the quarantined message (e.g., a Bcc:). It is better to do sendmail -i user at example.com < quarantined_message_file where user at example.com is the intended local recipient. Note that if the MTA is Postfix, the quarantined message will have a topmost Received: header of the form Received: from some server ... by your server ... for ... that will expose the recipient address. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From garry at glendown.de Tue Jan 3 13:11:17 2017 From: garry at glendown.de (Garry Glendown) Date: Tue, 3 Jan 2017 14:11:17 +0100 Subject: Problem with sendmail after MS installation (rcpt-check) Message-ID: <17ef6832-0d5f-ca09-6350-ac21aa7e79af@glendown.de> Hi, after running my old mailserver w/ MS for something like 8 years, I finally got around to migrate it to a new box/VM, everything is running fine for the most part. Anyway, I ran into one problem - after activating the split sendmail processing with just the receiver for mqueue.in and the mqueue queing process, the recipients aren't checked correctly anymore. That is, for any local domain, all recipient addresses are accepted on SMTP level. Once the system actually tries to deliver them, they fail, causing avoidable backscatter. I've been going through the configs but as the setup was running (as far as I can tell) before splitting up the sendmail processes, I'm somewhat at a loss as to what might have caused this problem. Has anybody here had a similar problem and could give some suggestions as to where to look for possible problems? Thanks! -- PGP Fingerprint: A79F A33F 5B13 BEB7 A51D 274F F99C 3AE2 4BCB 7015 From mark at msapiro.net Tue Jan 3 18:42:37 2017 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 3 Jan 2017 10:42:37 -0800 Subject: Problem with sendmail after MS installation (rcpt-check) In-Reply-To: <17ef6832-0d5f-ca09-6350-ac21aa7e79af@glendown.de> References: <17ef6832-0d5f-ca09-6350-ac21aa7e79af@glendown.de> Message-ID: <26ea593e-24dd-fd6f-1f39-392f97050af3@msapiro.net> On 01/03/2017 05:11 AM, Garry Glendown wrote: > > Anyway, I ran into one problem - after > activating the split sendmail processing with just the receiver for > mqueue.in and the mqueue queing process, the recipients aren't checked > correctly anymore. That is, for any local domain, all recipient > addresses are accepted on SMTP level. You need to configure the incoming sendmail process to do recipient verification. I don't know sendmail (only Postfix and Exim) so I can't give you the necessary incantation. This may help . -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Wed Jan 4 00:09:09 2017 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 3 Jan 2017 16:09:09 -0800 Subject: Requeuing failed messages In-Reply-To: <55d8c8ba-52bf-bbd9-a60d-4b9d45b2a0d0@msapiro.net> References: <1725234233.5963.1483316787900.JavaMail.root@xeams> <707a5ce0-8fc0-7f94-72ce-043766c5e355@msapiro.net> <55d8c8ba-52bf-bbd9-a60d-4b9d45b2a0d0@msapiro.net> Message-ID: <4afb064f-8f51-4e9d-bddc-edb1cb2e390a@msapiro.net> On 01/02/2017 05:05 PM, Mark Sapiro wrote: > > On second thought, the above sendmail command is probably not a good > idea. The issue is that -t will send the message to all To: and Cc: > recipients in the message headers. This can include addresses which are > in other domains and which probably already received the message and may > not even include the intended recipient of the quarantined message > (e.g., a Bcc:). > > It is better to do > > sendmail -i user at example.com < quarantined_message_file > > where user at example.com is the intended local recipient. Note that if the > MTA is Postfix, the quarantined message will have a topmost Received: > header of the form > > Received: from some server ... > by your server ... > for ... > > that will expose the recipient address. > On third thought, there will be issues with even the above because Postfix will have put a Delivered-To: header in the message so re-injecting it will result in it being rejected for a mail loop. I wrote a little Python 3 script to address this. It is attached. You can run it with the path to the saved message as the argument and it will read and parse the message, look for " for ;" in the Received: headers, delete any Delivered-To: headers and pipe the message to sendmail for user at example.com. If necessary, it could be fairly easily converted to Python 2. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -------------- next part -------------- #! /usr/bin/python3 """Read a file containing an email message and the name of which is the command argument. Find the recipient in a Received: header and pipe the message to sendmail to resend it to the recipient. """ import os import re import sys import email import subprocess def main(): if len(sys.argv) != 2: print( 'usage: {} input_file'.format(os.path.basename(sys.argv[0])), file=sys.stderr) sys.exit(1) try: fp = open(sys.argv[1], 'rb') except IOError as e: print( "Can't open {}: {}".format(sys.argv[1], e), file=sys.stderr) sys.exit(2) msg = email.message_from_binary_file(fp) for h in msg.get_all('received', []): mo = re.search('\sfor <([^>]*)>;', h) if mo: break if not mo: print("Can't find recipient in message.", file=sys.stderr) sys.exit(3) del msg['delivered-to'] try: p = subprocess.Popen( ['sendmail', '-i', mo.group(1)], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE ) except OSError as e: print('error: {}'.format(e), file=sys.stderr) sys.exit(2) so, se = p.communicate(msg.as_bytes()) if p.returncode: print('error: status={}: {}'.format(p.returncode, se), file=sys.stderr) sys.exit(3) if len(so) > 0: print(so) if __name__ == '__main__': main() From danita at caledonia.net Wed Jan 4 00:44:55 2017 From: danita at caledonia.net (Danita Zanre) Date: Tue, 03 Jan 2017 17:44:55 -0700 Subject: Requeuing failed messages In-Reply-To: <4afb064f-8f51-4e9d-bddc-edb1cb2e390a@msapiro.net> References: <1725234233.5963.1483316787900.JavaMail.root@xeams> <707a5ce0-8fc0-7f94-72ce-043766c5e355@msapiro.net> <55d8c8ba-52bf-bbd9-a60d-4b9d45b2a0d0@msapiro.net> <4afb064f-8f51-4e9d-bddc-edb1cb2e390a@msapiro.net> Message-ID: <586BE4660200005B000CEDE1@mail.caledonia.net> Thank you! I appreciate the extra effort. Danita Zanre, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office danita at caledonia.net | www.moveoutoftheoffice.com > On Jan 3, 2017, at 6:15 PM, Mark Sapiro wrote: > >> On 01/02/2017 05:05 PM, Mark Sapiro wrote: >> >> On second thought, the above sendmail command is probably not a good >> idea. The issue is that -t will send the message to all To: and Cc: >> recipients in the message headers. This can include addresses which are >> in other domains and which probably already received the message and may >> not even include the intended recipient of the quarantined message >> (e.g., a Bcc:). >> >> It is better to do >> >> sendmail -i user at example.com < quarantined_message_file >> >> where user at example.com is the intended local recipient. Note that if the >> MTA is Postfix, the quarantined message will have a topmost Received: >> header of the form >> >> Received: from some server ... >> by your server ... >> for ... >> >> that will expose the recipient address. >> > > > On third thought, there will be issues with even the above because > Postfix will have put a Delivered-To: header in the message so > re-injecting it will result in it being rejected for a mail loop. > > I wrote a little Python 3 script to address this. It is attached. You > can run it with the path to the saved message as the argument and it > will read and parse the message, look for " for ;" in > the Received: headers, delete any Delivered-To: headers and pipe the > message to sendmail for user at example.com. > > If necessary, it could be fairly easily converted to Python 2. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > > -- > This message has been scanned for viruses and > dangerous content by Iris MailScanner, and is > believed to be clean. > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jason at geeknocity.com Wed Jan 4 15:49:11 2017 From: jason at geeknocity.com (Jason Waters) Date: Wed, 4 Jan 2017 10:49:11 -0500 Subject: Allowing a filename Message-ID: I have a client that sends doc files but through their system and they come as COLXXX.tmp.doc The X's change so we would need to account for that. These are legit and would like to build a rule to allow them. I'm assuming it would be in filename.rules.conf? Could someone help me out? Also they always from from the same domain. I tried white listing that domain, but that didn't allow them to pass. Thanks. Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: From m.van.loon at ictvanloon.nl Wed Jan 4 12:37:13 2017 From: m.van.loon at ictvanloon.nl (Miguel van Loon) Date: Wed, 4 Jan 2017 12:37:13 +0000 Subject: mailscanner quarantine items Message-ID: <851b46d3.ADsAAF7LnpgAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbOx9@mailjet.com> Hello, I'm running mailscanner on freebsd and I am trying to create a cron job to delete emails out of the /var/spool/mailscanner/quarantine log. However you can't do it this way because there is no cron.daily.. Does someone know how to add or config this? Thanks for help! -------------- next part -------------- An HTML attachment was scrubbed... URL: From jason at geeknocity.com Wed Jan 4 15:57:23 2017 From: jason at geeknocity.com (Jason Waters) Date: Wed, 4 Jan 2017 10:57:23 -0500 Subject: mailscanner quarantine items In-Reply-To: <851b46d3.ADsAAF7LnpgAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbOx9@mailjet.com> References: <851b46d3.ADsAAF7LnpgAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbOx9@mailjet.com> Message-ID: type crontab -e then hit enter. Then setup your job there. I think that should work for you. On Wed, Jan 4, 2017 at 7:37 AM, Miguel van Loon wrote: > Hello, > > > > I?m running mailscanner on freebsd and I am trying to create a cron job to > delete emails out of the /var/spool/mailscanner/quarantine log. > > However you can?t do it this way because there is no cron.daily.. > > > > Does someone know how to add or config this? > > > > Thanks for help! > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From m.van.loon at ictvanloon.nl Wed Jan 4 16:44:37 2017 From: m.van.loon at ictvanloon.nl (Miguel van Loon) Date: Wed, 4 Jan 2017 16:44:37 +0000 Subject: mailscanner quarantine items In-Reply-To: References: <851b46d3.ADsAAF7LnpgAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbOx9@mailjet.com> Message-ID: <151f785b.AEQAHJsjlnQAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbSZ7@mailjet.com> I guess I can use a script like this..? #!/usr/bin/perl # # IMPORTANT NOTE: # # Change the next line to 0 instead of 1 to enable this script. # By default it will be disabled and will not do anything. # $disabled = 1; $quarantine_dir = '/var/spool/MailScanner/quarantine'; $days_to_keep = 30; exit if $disabled; # Standardise the format of the directory name die 'Path for quarantine_dir must be absolute' unless $quarantine_dir =~ /^\//; $quarantine_dir =~ s/\/$//; # Delete trailing slash # Now get the content list for the directory. opendir(QDIR, $quarantine_dir) or die "Couldn't read directory $quarantine_dir"; # Loop through this list looking for any *directory* which hasn't been # modified in the last $days_to_keep days. # Unfortunately this will do nothing if the filesystem is backed up using tar. while($entry = readdir(QDIR)) { next if $entry =~ /^\./; $entry = $quarantine_dir . '/' . $entry; system("rm -rf $entry") if -d $entry && -M $entry > $days_to_keep; } closedir(QDIR); I also remembered I can put it in crontab ?e Thanks for so far! Van: MailScanner [mailto:mailscanner-bounces+m.van.loon=ictvanloon.nl at lists.mailscanner.info] Namens Jason Waters Verzonden: woensdag 4 januari 2017 16:57 Aan: MailScanner Discussion Onderwerp: Re: mailscanner quarantine items type crontab -e then hit enter. Then setup your job there. I think that should work for you. On Wed, Jan 4, 2017 at 7:37 AM, Miguel van Loon > wrote: Hello, I?m running mailscanner on freebsd and I am trying to create a cron job to delete emails out of the /var/spool/mailscanner/quarantine log. However you can?t do it this way because there is no cron.daily.. Does someone know how to add or config this? Thanks for help! -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jason at geeknocity.com Wed Jan 4 16:46:48 2017 From: jason at geeknocity.com (Jason Waters) Date: Wed, 4 Jan 2017 11:46:48 -0500 Subject: mailscanner quarantine items In-Reply-To: <151f785b.AEQAHJsjlnQAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbSZ7@mailjet.com> References: <851b46d3.ADsAAF7LnpgAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbOx9@mailjet.com> <151f785b.AEQAHJsjlnQAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbSZ7@mailjet.com> Message-ID: Yeah they already have a script made in tools or something like that. You just need to configure it and then set it up to auto run. Jason On Wed, Jan 4, 2017 at 11:44 AM, Miguel van Loon wrote: > I guess I can use a script like this..? > > > > #!/usr/bin/perl > > # > > # IMPORTANT NOTE: > > # > > # Change the next line to 0 instead of 1 to enable this script. > > # By default it will be disabled and will not do anything. > > # > > > > $disabled = 1; > > $quarantine_dir = '/var/spool/MailScanner/quarantine'; > > $days_to_keep = 30; > > > > exit if $disabled; > > > > # Standardise the format of the directory name > > die 'Path for quarantine_dir must be absolute' unless $quarantine_dir =~ > /^\//; > > $quarantine_dir =~ s/\/$//; # Delete trailing slash > > > > # Now get the content list for the directory. > > opendir(QDIR, $quarantine_dir) or die "Couldn't read directory > $quarantine_dir"; > > > > # Loop through this list looking for any *directory* which hasn't been > > # modified in the last $days_to_keep days. > > # Unfortunately this will do nothing if the filesystem is backed up using > tar. > > while($entry = readdir(QDIR)) { > > next if $entry =~ /^\./; > > $entry = $quarantine_dir . '/' . $entry; > > system("rm -rf $entry") if -d $entry && > > -M $entry > $days_to_keep; > > } > > closedir(QDIR); > > > > I also remembered I can put it in crontab ?e > > > > Thanks for so far! > > *Van:* MailScanner [mailto:mailscanner-bounces+m.van.loon= > ictvanloon.nl at lists.mailscanner.info] *Namens *Jason Waters > *Verzonden:* woensdag 4 januari 2017 16:57 > *Aan:* MailScanner Discussion > *Onderwerp:* Re: mailscanner quarantine items > > > > type crontab -e then hit enter. Then setup your job there. I think that > should work for you. > > > > On Wed, Jan 4, 2017 at 7:37 AM, Miguel van Loon > wrote: > > Hello, > > > > I?m running mailscanner on freebsd and I am trying to create a cron job to > delete emails out of the /var/spool/mailscanner/quarantine log. > > However you can?t do it this way because there is no cron.daily.. > > > > Does someone know how to add or config this? > > > > Thanks for help! > > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From m.van.loon at ictvanloon.nl Wed Jan 4 16:47:27 2017 From: m.van.loon at ictvanloon.nl (Miguel van Loon) Date: Wed, 4 Jan 2017 16:47:27 +0000 Subject: mailscanner quarantine items In-Reply-To: References: <851b46d3.ADsAAF7LnpgAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbOx9@mailjet.com> Message-ID: You can create your own rules in a file for example with clamav. Met vriendelijke groet, Miguel van Loon Van: MailScanner [mailto:mailscanner-bounces+m.van.loon=ictvanloon.nl at lists.mailscanner.info] Namens Jason Waters Verzonden: woensdag 4 januari 2017 16:57 Aan: MailScanner Discussion Onderwerp: Re: mailscanner quarantine items type crontab -e then hit enter. Then setup your job there. I think that should work for you. On Wed, Jan 4, 2017 at 7:37 AM, Miguel van Loon > wrote: Hello, I?m running mailscanner on freebsd and I am trying to create a cron job to delete emails out of the /var/spool/mailscanner/quarantine log. However you can?t do it this way because there is no cron.daily.. Does someone know how to add or config this? Thanks for help! -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From danita at caledonia.net Wed Jan 4 16:50:42 2017 From: danita at caledonia.net (Danita Zanre) Date: Wed, 4 Jan 2017 10:50:42 -0600 Subject: Optimizing Anti-Spam Message-ID: Hi all! ?It?s been years since I?ve implemented something like Mailscanner as part of an anti-spam system, but I?ve used various Linux based systems like Maia Mailguard in the distant past. ?I've used appliances for quite awhile, but for various reasons have now chosen Mailscanner for the task. ?Right now I?m training and tweaking things on a smaller subset domain rather than flipping the switch for my entire system. ?I?ve only been running for about 5 days or so. ?I?m training the bayes database multiple times a day with both spam and ham, and Spamassassin is now active, but I have a lot of what I consider ?obvious? spam leaking through - vulgar words in the subject, sexual content, etc. ?While my users will forgive marketing and general ?junk?, they will be less forgiving of these things ;-) I?m doing some research on the best settings to optimize. ?I used to use things like Razor, DCC, selective greylisting, custom rule sets. ?I imagine that these things have changed a lot in the past 10 years. ?Can you give me some ideas on some optimizations you use to tighten things up? ? Thanks! Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office -------------- next part -------------- An HTML attachment was scrubbed... URL: From m.van.loon at ictvanloon.nl Wed Jan 4 16:56:19 2017 From: m.van.loon at ictvanloon.nl (Miguel van Loon) Date: Wed, 4 Jan 2017 16:56:19 +0000 Subject: Optimizing Anti-Spam In-Reply-To: References: Message-ID: <82b184fc.AEUAHJoAgqMAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbSk3@mailjet.com> Hi dear, I suggest to use razor, pyzor and dcc. Into a combination of these three, your spam will be counting down immediately! ? I use them on my own system and I?m very happy with it. Kind regards, Miguel Van: MailScanner [mailto:mailscanner-bounces+m.van.loon=ictvanloon.nl at lists.mailscanner.info] Namens Danita Zanre Verzonden: woensdag 4 januari 2017 17:51 Aan: mailscanner at lists.mailscanner.info Onderwerp: Optimizing Anti-Spam Hi all! It?s been years since I?ve implemented something like Mailscanner as part of an anti-spam system, but I?ve used various Linux based systems like Maia Mailguard in the distant past. I've used appliances for quite awhile, but for various reasons have now chosen Mailscanner for the task. Right now I?m training and tweaking things on a smaller subset domain rather than flipping the switch for my entire system. I?ve only been running for about 5 days or so. I?m training the bayes database multiple times a day with both spam and ham, and Spamassassin is now active, but I have a lot of what I consider ?obvious? spam leaking through - vulgar words in the subject, sexual content, etc. While my users will forgive marketing and general ?junk?, they will be less forgiving of these things ;-) I?m doing some research on the best settings to optimize. I used to use things like Razor, DCC, selective greylisting, custom rule sets. I imagine that these things have changed a lot in the past 10 years. Can you give me some ideas on some optimizations you use to tighten things up? Thanks! Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office -------------- next part -------------- An HTML attachment was scrubbed... URL: From jim at shout.net Wed Jan 4 17:00:45 2017 From: jim at shout.net (Jim Creason) Date: Wed, 04 Jan 2017 11:00:45 -0600 Subject: Allowing a filename In-Reply-To: References: Message-ID: Add something like this above the default rule in rules/filename.rules: FromOrTo: *@yourdomain.com /etc/MailScanner/filename.yourdomain.conf /etc/MailScanner/filename.rules.conf and then in filname.yourdomain.conf add the rule to match the file: allow - - On 2017-01-04 09:49, Jason Waters wrote: > I have a client that sends doc files but through their system and they > come as COLXXX.tmp.doc > > The X's change so we would need to account for that. These are legit > and would like to build a rule to allow them. I'm assuming it would be > in filename.rules.conf? Could someone help me out? Also they always > from from the same domain. I tried white listing that domain, but > that didn't allow them to pass. Thanks. > > Jason From m.van.loon at ictvanloon.nl Wed Jan 4 17:09:08 2017 From: m.van.loon at ictvanloon.nl (Miguel van Loon) Date: Wed, 4 Jan 2017 17:09:08 +0000 Subject: mailscanner quarantine items In-Reply-To: References: <851b46d3.ADsAAF7LnpgAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbOx9@mailjet.com> <151f785b.AEQAHJsjlnQAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbSZ7@mailjet.com> Message-ID: can not add because there would be gives errors in crontab to.. Also an idea why? Or is it easier to create a file and put it somewhere for crontab? #!/usr/bin/perl # # IMPORTANT NOTE: # # Change the next line to 0 instead of 1 to enable this script. # By default it will be disabled and will not do anything. # $disabled = 0; $quarantine_dir = '/var/spool/MailScanner/quarantine'; $days_to_keep = 20; exit if $disabled; # Standardise the format of the directory name die 'Path for quarantine_dir must be absolute' unless $quarantine_dir =~ /^\//; $quarantine_dir =~ s/\/$//; # Delete trailing slash # Now get the content list for the directory. opendir(QDIR, $quarantine_dir) or die "Couldn't read directory $quarantine_dir"; # Loop through this list looking for any *directory* which hasn't been # modified in the last $days_to_keep days. # Unfortunately this will do nothing if the filesystem is backed up using tar. while($entry = readdir(QDIR)) { next if $entry =~ /^\./; $entry = $quarantine_dir . '/' . $entry; system("rm -rf $entry") if -d $entry && -M $entry > $days_to_keep; } closedir(QDIR); Van: MailScanner [mailto:mailscanner-bounces+m.van.loon=ictvanloon.nl at lists.mailscanner.info] Namens Jason Waters Verzonden: woensdag 4 januari 2017 17:47 Aan: MailScanner Discussion Onderwerp: Re: mailscanner quarantine items Yeah they already have a script made in tools or something like that. You just need to configure it and then set it up to auto run. Jason On Wed, Jan 4, 2017 at 11:44 AM, Miguel van Loon > wrote: I guess I can use a script like this..? #!/usr/bin/perl # # IMPORTANT NOTE: # # Change the next line to 0 instead of 1 to enable this script. # By default it will be disabled and will not do anything. # $disabled = 1; $quarantine_dir = '/var/spool/MailScanner/quarantine'; $days_to_keep = 30; exit if $disabled; # Standardise the format of the directory name die 'Path for quarantine_dir must be absolute' unless $quarantine_dir =~ /^\//; $quarantine_dir =~ s/\/$//; # Delete trailing slash # Now get the content list for the directory. opendir(QDIR, $quarantine_dir) or die "Couldn't read directory $quarantine_dir"; # Loop through this list looking for any *directory* which hasn't been # modified in the last $days_to_keep days. # Unfortunately this will do nothing if the filesystem is backed up using tar. while($entry = readdir(QDIR)) { next if $entry =~ /^\./; $entry = $quarantine_dir . '/' . $entry; system("rm -rf $entry") if -d $entry && -M $entry > $days_to_keep; } closedir(QDIR); I also remembered I can put it in crontab ?e Thanks for so far! Van: MailScanner [mailto:mailscanner-bounces+m.van.loon=ictvanloon.nl at lists.mailscanner.info] Namens Jason Waters Verzonden: woensdag 4 januari 2017 16:57 Aan: MailScanner Discussion > Onderwerp: Re: mailscanner quarantine items type crontab -e then hit enter. Then setup your job there. I think that should work for you. On Wed, Jan 4, 2017 at 7:37 AM, Miguel van Loon > wrote: Hello, I?m running mailscanner on freebsd and I am trying to create a cron job to delete emails out of the /var/spool/mailscanner/quarantine log. However you can?t do it this way because there is no cron.daily.. Does someone know how to add or config this? Thanks for help! -- MailScanner mailing list mailscanner at lists.mailscanner.info MailScanner has detected a possible fraud attempt from "g3hx.mjt.lu" claiming to be http://lists.mailscanner.info/mailman/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jason at geeknocity.com Wed Jan 4 17:10:04 2017 From: jason at geeknocity.com (Jason Waters) Date: Wed, 4 Jan 2017 12:10:04 -0500 Subject: Allowing a filename In-Reply-To: References: Message-ID: Thanks! On Wed, Jan 4, 2017 at 12:00 PM, Jim Creason wrote: > Add something like this above the default rule in rules/filename.rules: > > FromOrTo: *@yourdomain.com /etc/MailScanner/filename.yourdomain.conf > /etc/MailScanner/filename.rules.conf > > and then in filname.yourdomain.conf add the rule to match the file: > > allow - - > > > > > On 2017-01-04 09:49, Jason Waters wrote: > >> I have a client that sends doc files but through their system and they >> come as COLXXX.tmp.doc >> >> The X's change so we would need to account for that. These are legit >> and would like to build a rule to allow them. I'm assuming it would be >> in filename.rules.conf? Could someone help me out? Also they always >> from from the same domain. I tried white listing that domain, but >> that didn't allow them to pass. Thanks. >> >> Jason >> > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Antony.Stone at mailscanner.open.source.it Wed Jan 4 17:20:30 2017 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Wed, 4 Jan 2017 18:20:30 +0100 Subject: mailscanner quarantine items In-Reply-To: References: <851b46d3.ADsAAF7LnpgAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbOx9@mailjet.com> Message-ID: <201701041820.30810.Antony.Stone@mailscanner.open.source.it> On Wednesday 04 January 2017 at 18:09:08, Miguel van Loon wrote: > can not add because there would be gives errors in crontab to.. What error do you get? > Also an idea why? What are you trying to add to crontab to get the error? > Or is it easier to create a file and put it somewhere for crontab? I'm not sure what you mean by this - you *are* saving the script somewhere like /usr/local/bin/scriptname and then adding an entry to crontab to run that script, aren't you? Tell what you're doing and what goes wrong, and we may be able to help. Antony. -- This is not a rehearsal. This is Real Life. Please reply to the list; please *don't* CC me. From m.van.loon at ictvanloon.nl Wed Jan 4 17:25:29 2017 From: m.van.loon at ictvanloon.nl (Miguel van Loon) Date: Wed, 4 Jan 2017 17:25:29 +0000 Subject: mailscanner quarantine items In-Reply-To: <201701041820.30810.Antony.Stone@mailscanner.open.source.it> References: <851b46d3.ADsAAF7LnpgAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbOx9@mailjet.com> <201701041820.30810.Antony.Stone@mailscanner.open.source.it> Message-ID: <729f6c76.AEUAHJqy-zMAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbTAN@mailjet.com> I get "crontab: errors in crontab file, can't install" I am trying to add a script to crontab that will delete quarantined items out of /var/spool/Mailscanner/quarantine Anotherone sayed I coud add it straight to crontab, but no results.. This is the script: #!/usr/bin/perl # # IMPORTANT NOTE: # # Change the next line to 0 instead of 1 to enable this script. # By default it will be disabled and will not do anything. # $disabled = 0; $quarantine_dir = '/var/spool/MailScanner/quarantine'; $days_to_keep = 20; exit if $disabled; # Standardise the format of the directory name die 'Path for quarantine_dir must be absolute' unless $quarantine_dir =~ /^\//; $quarantine_dir =~ s/\/$//; # Delete trailing slash # Now get the content list for the directory. opendir(QDIR, $quarantine_dir) or die "Couldn't read directory $quarantine_dir"; # Loop through this list looking for any *directory* which hasn't been # modified in the last $days_to_keep days. # Unfortunately this will do nothing if the filesystem is backed up using tar. while($entry = readdir(QDIR)) { next if $entry =~ /^\./; $entry = $quarantine_dir . '/' . $entry; system("rm -rf $entry") if -d $entry && -M $entry > $days_to_keep; } closedir(QDIR); Thanks! --------------------------------------------------------------------------------------------------------------------------------------------------------- On Wednesday 04 January 2017 at 18:09:08, Miguel van Loon wrote: > can not add because there would be gives errors in crontab to.. What error do you get? > Also an idea why? What are you trying to add to crontab to get the error? > Or is it easier to create a file and put it somewhere for crontab? I'm not sure what you mean by this - you *are* saving the script somewhere like /usr/local/bin/scriptname and then adding an entry to crontab to run that script, aren't you? Tell what you're doing and what goes wrong, and we may be able to help. Antony. -- This is not a rehearsal. This is Real Life. Please reply to the list; please *don't* CC me. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From mark at msapiro.net Wed Jan 4 18:09:24 2017 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 4 Jan 2017 10:09:24 -0800 Subject: mailscanner quarantine items In-Reply-To: <729f6c76.AEUAHJqy-zMAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbTAN@mailjet.com> References: <851b46d3.ADsAAF7LnpgAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbOx9@mailjet.com> <201701041820.30810.Antony.Stone@mailscanner.open.source.it> <729f6c76.AEUAHJqy-zMAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbTAN@mailjet.com> Message-ID: <89966645-21f4-d161-f876-a55735bad3da@msapiro.net> On 01/04/2017 09:25 AM, Miguel van Loon wrote: > I get "crontab: errors in crontab file, can't install" > > I am trying to add a script to crontab that will delete quarantined items out of /var/spool/Mailscanner/quarantine You can't put the script in a crontab. You put the script in an executable file and put something like, e.g. 25 5 * * * /path/to/script in the crontab to run the script every day at 05:25, or if it's a system crontab 25 5 * * * user /path/to/script where user is the user to run as (MailScanner's Incoming Work User). -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From jason at geeknocity.com Wed Jan 4 18:36:33 2017 From: jason at geeknocity.com (Jason Waters) Date: Wed, 4 Jan 2017 13:36:33 -0500 Subject: Optimizing Anti-Spam In-Reply-To: <82b184fc.AEUAHJoAgqMAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbSk3@mailjet.com> References: <82b184fc.AEUAHJoAgqMAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbSk3@mailjet.com> Message-ID: Also using grey listing will help a lot. You don't get your mail as "instant" but it really does cut spam down. On Wed, Jan 4, 2017 at 11:56 AM, Miguel van Loon wrote: > Hi dear, > > > > I suggest to use razor, pyzor and dcc. > > Into a combination of these three, your spam will be counting down > immediately! J > > I use them on my own system and I?m very happy with it. > > > > Kind regards, > > > > Miguel > > > > > > *Van:* MailScanner [mailto:mailscanner-bounces+m.van.loon=ictvanloo > n.nl at lists.mailscanner.info] *Namens *Danita Zanre > *Verzonden:* woensdag 4 januari 2017 17:51 > *Aan:* mailscanner at lists.mailscanner.info > *Onderwerp:* Optimizing Anti-Spam > > > > Hi all! It?s been years since I?ve implemented something like Mailscanner > as part of an anti-spam system, but I?ve used various Linux based systems > like Maia Mailguard in the distant past. I've used appliances for quite > awhile, but for various reasons have now chosen Mailscanner for the task. > Right now I?m training and tweaking things on a smaller subset domain > rather than flipping the switch for my entire system. I?ve only been > running for about 5 days or so. I?m training the bayes database multiple > times a day with both spam and ham, and Spamassassin is now active, but I > have a lot of what I consider ?obvious? spam leaking through - vulgar words > in the subject, sexual content, etc. While my users will forgive marketing > and general ?junk?, they will be less forgiving of these things ;-) > > > > I?m doing some research on the best settings to optimize. I used to use > things like Razor, DCC, selective greylisting, custom rule sets. I imagine > that these things have changed a lot in the past 10 years. Can you give me > some ideas on some optimizations you use to tighten things up? > > > > Thanks! > > > > *Danita Zanr?*, *Move Out of the Office* > > I love my job, and you can too! > > Tel: (720) 319-7530 - Caledonia Network Consulting > > Tel: (720) 319-8240 - Move Out of the Office > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Wed Jan 4 19:34:38 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Wed, 4 Jan 2017 14:34:38 -0500 Subject: Optimizing Anti-Spam In-Reply-To: References: <82b184fc.AEUAHJoAgqMAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbSk3@mailjet.com> Message-ID: Or use postscreen On Wed, Jan 4, 2017 at 1:36 PM, Jason Waters wrote: > Also using grey listing will help a lot. You don't get your mail as > "instant" but it really does cut spam down. > > On Wed, Jan 4, 2017 at 11:56 AM, Miguel van Loon > wrote: > >> Hi dear, >> >> >> >> I suggest to use razor, pyzor and dcc. >> >> Into a combination of these three, your spam will be counting down >> immediately! J >> >> I use them on my own system and I?m very happy with it. >> >> >> >> Kind regards, >> >> >> >> Miguel >> >> >> >> >> >> *Van:* MailScanner [mailto:mailscanner-bounces+m.van.loon=ictvanloo >> n.nl at lists.mailscanner.info] *Namens *Danita Zanre >> *Verzonden:* woensdag 4 januari 2017 17:51 >> *Aan:* mailscanner at lists.mailscanner.info >> *Onderwerp:* Optimizing Anti-Spam >> >> >> >> Hi all! It?s been years since I?ve implemented something like >> Mailscanner as part of an anti-spam system, but I?ve used various Linux >> based systems like Maia Mailguard in the distant past. I've used >> appliances for quite awhile, but for various reasons have now chosen >> Mailscanner for the task. Right now I?m training and tweaking things on a >> smaller subset domain rather than flipping the switch for my entire >> system. I?ve only been running for about 5 days or so. I?m training the >> bayes database multiple times a day with both spam and ham, and >> Spamassassin is now active, but I have a lot of what I consider ?obvious? >> spam leaking through - vulgar words in the subject, sexual content, etc. >> While my users will forgive marketing and general ?junk?, they will be less >> forgiving of these things ;-) >> >> >> >> I?m doing some research on the best settings to optimize. I used to use >> things like Razor, DCC, selective greylisting, custom rule sets. I imagine >> that these things have changed a lot in the past 10 years. Can you give me >> some ideas on some optimizations you use to tighten things up? >> >> >> >> Thanks! >> >> >> >> *Danita Zanr?*, *Move Out of the Office* >> >> I love my job, and you can too! >> >> Tel: (720) 319-7530 - Caledonia Network Consulting >> >> Tel: (720) 319-8240 - Move Out of the Office >> >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From jason at geeknocity.com Wed Jan 4 19:43:01 2017 From: jason at geeknocity.com (Jason Waters) Date: Wed, 4 Jan 2017 14:43:01 -0500 Subject: Optimizing Anti-Spam In-Reply-To: References: <82b184fc.AEUAHJoAgqMAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbSk3@mailjet.com> Message-ID: Would you prefer postscreen or postgrey? On Wed, Jan 4, 2017 at 2:34 PM, Shawn Iverson wrote: > Or use postscreen > > On Wed, Jan 4, 2017 at 1:36 PM, Jason Waters wrote: > >> Also using grey listing will help a lot. You don't get your mail as >> "instant" but it really does cut spam down. >> >> On Wed, Jan 4, 2017 at 11:56 AM, Miguel van Loon < >> m.van.loon at ictvanloon.nl> wrote: >> >>> Hi dear, >>> >>> >>> >>> I suggest to use razor, pyzor and dcc. >>> >>> Into a combination of these three, your spam will be counting down >>> immediately! J >>> >>> I use them on my own system and I?m very happy with it. >>> >>> >>> >>> Kind regards, >>> >>> >>> >>> Miguel >>> >>> >>> >>> >>> >>> *Van:* MailScanner [mailto:mailscanner-bounces+m.van.loon=ictvanloo >>> n.nl at lists.mailscanner.info] *Namens *Danita Zanre >>> *Verzonden:* woensdag 4 januari 2017 17:51 >>> *Aan:* mailscanner at lists.mailscanner.info >>> *Onderwerp:* Optimizing Anti-Spam >>> >>> >>> >>> Hi all! It?s been years since I?ve implemented something like >>> Mailscanner as part of an anti-spam system, but I?ve used various Linux >>> based systems like Maia Mailguard in the distant past. I've used >>> appliances for quite awhile, but for various reasons have now chosen >>> Mailscanner for the task. Right now I?m training and tweaking things on a >>> smaller subset domain rather than flipping the switch for my entire >>> system. I?ve only been running for about 5 days or so. I?m training the >>> bayes database multiple times a day with both spam and ham, and >>> Spamassassin is now active, but I have a lot of what I consider ?obvious? >>> spam leaking through - vulgar words in the subject, sexual content, etc. >>> While my users will forgive marketing and general ?junk?, they will be less >>> forgiving of these things ;-) >>> >>> >>> >>> I?m doing some research on the best settings to optimize. I used to use >>> things like Razor, DCC, selective greylisting, custom rule sets. I imagine >>> that these things have changed a lot in the past 10 years. Can you give me >>> some ideas on some optimizations you use to tighten things up? >>> >>> >>> >>> Thanks! >>> >>> >>> >>> *Danita Zanr?*, *Move Out of the Office* >>> >>> I love my job, and you can too! >>> >>> Tel: (720) 319-7530 - Caledonia Network Consulting >>> >>> Tel: (720) 319-8240 - Move Out of the Office >>> >>> >>> >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> >>> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> > > > -- > Shawn Iverson > Director of Technology > Rush County Schools > 765-932-3901 x271 <(765)%20932-3901> > iversons at rushville.k12.in.us > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From danita at caledonia.net Wed Jan 4 20:20:12 2017 From: danita at caledonia.net (Danita Zanre) Date: Wed, 4 Jan 2017 14:20:12 -0600 Subject: Optimizing Anti-Spam In-Reply-To: References: <82b184fc.AEUAHJoAgqMAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbSk3@mailjet.com> Message-ID: I?ll have to give Postscreen a look too! ?I used to have a ?selective greylisting? setup on my server, but it sounds like postscreen is a similar implementation since the last time I worked on this! Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office On January 4, 2017 at 2:08:37 PM, Shawn Iverson (iversons at rushville.k12.in.us) wrote: Or use postscreen On Wed, Jan 4, 2017 at 1:36 PM, Jason Waters wrote: Also using grey listing will help a lot.? You don't get your mail as "instant" but it really does cut spam down. On Wed, Jan 4, 2017 at 11:56 AM, Miguel van Loon wrote: Hi dear, ? I suggest to use razor, pyzor and dcc. Into a combination of these three, your spam will be counting down immediately! J I use them on my own system and I?m very happy with it. ? Kind regards, ? Miguel ? ? Van: MailScanner [mailto:mailscanner-bounces+m.van.loon=ictvanloon.nl at lists.mailscanner.info] Namens Danita Zanre Verzonden: woensdag 4 januari 2017 17:51 Aan: mailscanner at lists.mailscanner.info Onderwerp: Optimizing Anti-Spam ? Hi all!? It?s been years since I?ve implemented something like Mailscanner as part of an anti-spam system, but I?ve used various Linux based systems like Maia Mailguard in the distant past.? I've used appliances for quite awhile, but for various reasons have now chosen Mailscanner for the task.? Right now I?m training and tweaking things on a smaller subset domain rather than flipping the switch for my entire system.? I?ve only been running for about 5 days or so.? I?m training the bayes database multiple times a day with both spam and ham, and Spamassassin is now active, but I have a lot of what I consider ?obvious? spam leaking through - vulgar words in the subject, sexual content, etc.? While my users will forgive marketing and general ?junk?, they will be less forgiving of these things ;-) ? I?m doing some research on the best settings to optimize.? I used to use things like Razor, DCC, selective greylisting, custom rule sets.? I imagine that these things have changed a lot in the past 10 years.? Can you give me some ideas on some optimizations you use to tighten things up? ? ? Thanks! ? Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office ? -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -- This message has been scanned for viruses and dangerous content by Iris MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From danita at caledonia.net Wed Jan 4 20:29:15 2017 From: danita at caledonia.net (Danita Zanre) Date: Wed, 4 Jan 2017 14:29:15 -0600 Subject: Optimizing Anti-Spam In-Reply-To: References: <82b184fc.AEUAHJoAgqMAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbSk3@mailjet.com> Message-ID: I?ll have to wait on postscreen for awhile though - right now because I?m doing this is pre-production, it?s all coming through a relay server. ?I assume that would probably make this less useful. Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office On January 4, 2017 at 2:08:37 PM, Shawn Iverson (iversons at rushville.k12.in.us) wrote: Or use postscreen On Wed, Jan 4, 2017 at 1:36 PM, Jason Waters wrote: Also using grey listing will help a lot.? You don't get your mail as "instant" but it really does cut spam down. On Wed, Jan 4, 2017 at 11:56 AM, Miguel van Loon wrote: Hi dear, ? I suggest to use razor, pyzor and dcc. Into a combination of these three, your spam will be counting down immediately! J I use them on my own system and I?m very happy with it. ? Kind regards, ? Miguel ? ? Van: MailScanner [mailto:mailscanner-bounces+m.van.loon=ictvanloon.nl at lists.mailscanner.info] Namens Danita Zanre Verzonden: woensdag 4 januari 2017 17:51 Aan: mailscanner at lists.mailscanner.info Onderwerp: Optimizing Anti-Spam ? Hi all!? It?s been years since I?ve implemented something like Mailscanner as part of an anti-spam system, but I?ve used various Linux based systems like Maia Mailguard in the distant past.? I've used appliances for quite awhile, but for various reasons have now chosen Mailscanner for the task.? Right now I?m training and tweaking things on a smaller subset domain rather than flipping the switch for my entire system.? I?ve only been running for about 5 days or so.? I?m training the bayes database multiple times a day with both spam and ham, and Spamassassin is now active, but I have a lot of what I consider ?obvious? spam leaking through - vulgar words in the subject, sexual content, etc.? While my users will forgive marketing and general ?junk?, they will be less forgiving of these things ;-) ? I?m doing some research on the best settings to optimize.? I used to use things like Razor, DCC, selective greylisting, custom rule sets.? I imagine that these things have changed a lot in the past 10 years.? Can you give me some ideas on some optimizations you use to tighten things up? ? ? Thanks! ? Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office ? -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -- This message has been scanned for viruses and dangerous content by Iris MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcooper at dwford.com Wed Jan 4 22:34:11 2017 From: rcooper at dwford.com (Rick Cooper) Date: Wed, 4 Jan 2017 17:34:11 -0500 Subject: Allowing a filename In-Reply-To: References: Message-ID: Right at the top of filename.rules.conf place ( means hit the tab key) allowCOL.+\.tmp\.doc$Allow Special COLXXX.tmp.docAllow Special COLXXX.tmp.doc Your did not say if XXX was always a number or always an addition 3 chars if always number of at least 3 digits allowCOL\d{3,}\.tmp\.doc$Allow Special COLXXX.tmp.docAllow Special COLXXX.tmp.doc any three chars allowCOL.{3}\.tmp\.doc$Allow Special COLXXX.tmp.docAllow Special COLXXX.tmp.doc If it always comes from xyz at abc.com (and you trust them completely) then place the following in filename.rules From: xyz at abc.com if the local part can be different but always same domain the use From: *@abc.com If there is nothing on the right side of that address then no file name checking will be done. Bear in mind if you would just like that one pass made create a special version of the filename.rules.conf (like COLXXX.filename.rules.conf) and use From*@abc.com/your/path/to/MailScanner/etc/COLXXX.filename.rules.c onf and then only that domain would have the additional pass but all other rules would still apply. Look that those two files, there is a lot you can do. All of this assumes the file does not come in an archive (zip/rar) in which cases you would use the .archive version of those same files. Rick Cooper _____ From: MailScanner [mailto:mailscanner-bounces+rcooper=dwford.com at lists.mailscanner.info] On Behalf Of Jason Waters Sent: Wednesday, January 04, 2017 10:49 AM To: MailScanner Discussion Subject: Allowing a filename I have a client that sends doc files but through their system and they come as COLXXX.tmp.doc The X's change so we would need to account for that. These are legit and would like to build a rule to allow them. I'm assuming it would be in filename.rules.conf? Could someone help me out? Also they always from from the same domain. I tried white listing that domain, but that didn't allow them to pass. Thanks. Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Wed Jan 4 23:01:12 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Wed, 4 Jan 2017 18:01:12 -0500 Subject: Optimizing Anti-Spam In-Reply-To: References: <82b184fc.AEUAHJoAgqMAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbSk3@mailjet.com> Message-ID: Supposedly postscreen is supposed to be better, although I still use postgrey. Don't want to use both at the same time, though! On Wed, Jan 4, 2017 at 2:43 PM, Jason Waters wrote: > Would you prefer postscreen or postgrey? > > On Wed, Jan 4, 2017 at 2:34 PM, Shawn Iverson < > iversons at rushville.k12.in.us> wrote: > >> Or use postscreen >> >> On Wed, Jan 4, 2017 at 1:36 PM, Jason Waters >> wrote: >> >>> Also using grey listing will help a lot. You don't get your mail as >>> "instant" but it really does cut spam down. >>> >>> On Wed, Jan 4, 2017 at 11:56 AM, Miguel van Loon < >>> m.van.loon at ictvanloon.nl> wrote: >>> >>>> Hi dear, >>>> >>>> >>>> >>>> I suggest to use razor, pyzor and dcc. >>>> >>>> Into a combination of these three, your spam will be counting down >>>> immediately! J >>>> >>>> I use them on my own system and I?m very happy with it. >>>> >>>> >>>> >>>> Kind regards, >>>> >>>> >>>> >>>> Miguel >>>> >>>> >>>> >>>> >>>> >>>> *Van:* MailScanner [mailto:mailscanner-bounces+m.van.loon=ictvanloo >>>> n.nl at lists.mailscanner.info] *Namens *Danita Zanre >>>> *Verzonden:* woensdag 4 januari 2017 17:51 >>>> *Aan:* mailscanner at lists.mailscanner.info >>>> *Onderwerp:* Optimizing Anti-Spam >>>> >>>> >>>> >>>> Hi all! It?s been years since I?ve implemented something like >>>> Mailscanner as part of an anti-spam system, but I?ve used various Linux >>>> based systems like Maia Mailguard in the distant past. I've used >>>> appliances for quite awhile, but for various reasons have now chosen >>>> Mailscanner for the task. Right now I?m training and tweaking things on a >>>> smaller subset domain rather than flipping the switch for my entire >>>> system. I?ve only been running for about 5 days or so. I?m training the >>>> bayes database multiple times a day with both spam and ham, and >>>> Spamassassin is now active, but I have a lot of what I consider ?obvious? >>>> spam leaking through - vulgar words in the subject, sexual content, etc. >>>> While my users will forgive marketing and general ?junk?, they will be less >>>> forgiving of these things ;-) >>>> >>>> >>>> >>>> I?m doing some research on the best settings to optimize. I used to >>>> use things like Razor, DCC, selective greylisting, custom rule sets. I >>>> imagine that these things have changed a lot in the past 10 years. Can you >>>> give me some ideas on some optimizations you use to tighten things up? >>>> >>>> >>>> >>>> Thanks! >>>> >>>> >>>> >>>> *Danita Zanr?*, *Move Out of the Office* >>>> >>>> I love my job, and you can too! >>>> >>>> Tel: (720) 319-7530 - Caledonia Network Consulting >>>> >>>> Tel: (720) 319-8240 - Move Out of the Office >>>> >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner at lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> >>>> >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> >>> >> >> >> -- >> Shawn Iverson >> Director of Technology >> Rush County Schools >> 765-932-3901 x271 <(765)%20932-3901> >> iversons at rushville.k12.in.us >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From danita at caledonia.net Wed Jan 4 23:13:46 2017 From: danita at caledonia.net (Danita Zanre) Date: Wed, 4 Jan 2017 17:13:46 -0600 Subject: Not sure Bayes is actually doing anything Message-ID: While it ?seems? to me that bases is being called by SA, I?ve not seen one message have a Bayes score. ?I feel like I?m missing something basic here. ?How can I confirm that the bayes database is actually being used? ?I thought I might be able to search in the spam quarantine, but it looks to me like the headers are not actually changed in those messages to show what the spam score was. ?I searched through the config file, but I don?t see any obvious way to ask for that information in the quarantine. Anyway, I?m stumped! Thanks, Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevin.miller at juneau.org Wed Jan 4 23:24:28 2017 From: kevin.miller at juneau.org (Kevin Miller) Date: Wed, 4 Jan 2017 23:24:28 +0000 Subject: Not sure Bayes is actually doing anything In-Reply-To: References: Message-ID: What are the settings for ?Spam Header? and ?Spam Score Header? in MailScanner.conf? They, along with several other settigns allow you to add the spamassassin score information to the headers. You?ll need to look at the message header in whatever you use for a mail client though. IIRC, the messages stored in the quarantine directory(s) are saved in the same form as they can in as; i.e., they don?t contain the spamassassin stuff. But the message in our inbox will, so it?s easy to check it there. I use MailWatch for MailScanner which is a nice web front end for examining messages ? it displays the works, including the spam scores and such? ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357 From: MailScanner [mailto:mailscanner-bounces+kevin.miller=juneau.org at lists.mailscanner.info] On Behalf Of Danita Zanre Sent: Wednesday, January 04, 2017 2:14 PM To: MailScanner Discussion Subject: Not sure Bayes is actually doing anything While it ?seems? to me that bases is being called by SA, I?ve not seen one message have a Bayes score. I feel like I?m missing something basic here. How can I confirm that the bayes database is actually being used? I thought I might be able to search in the spam quarantine, but it looks to me like the headers are not actually changed in those messages to show what the spam score was. I searched through the config file, but I don?t see any obvious way to ask for that information in the quarantine. Anyway, I?m stumped! Thanks, Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office -------------- next part -------------- An HTML attachment was scrubbed... URL: From danita at caledonia.net Wed Jan 4 23:27:04 2017 From: danita at caledonia.net (Danita Zanre) Date: Wed, 4 Jan 2017 17:27:04 -0600 Subject: Optimizing Anti-Spam In-Reply-To: References: <82b184fc.AEUAHJoAgqMAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYbSk3@mailjet.com> Message-ID: It looks like I can have Mailscanner skip the relay host for the scanning, so maybe I?ll try it. ?It would be nice to emulate as closely as possible what the production server will do, but if I have to bypass postscreen/postgrey for now I?ll survive. Today the spam seems to be better. ?I think dcc/pyzor is helping - I?m also not sure that ?razor? is doing anything yet. ?If I could get MailWatch to work, I?d be almost ready to move a few other subdomains over for heavier testing. Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office On January 4, 2017 at 5:15:20 PM, Shawn Iverson (iversons at rushville.k12.in.us) wrote: Supposedly postscreen is supposed to be better, although I still use postgrey.? Don't want to use both at the same time, though! On Wed, Jan 4, 2017 at 2:43 PM, Jason Waters wrote: Would you prefer postscreen or postgrey? On Wed, Jan 4, 2017 at 2:34 PM, Shawn Iverson wrote: Or use postscreen On Wed, Jan 4, 2017 at 1:36 PM, Jason Waters wrote: Also using grey listing will help a lot.? You don't get your mail as "instant" but it really does cut spam down. On Wed, Jan 4, 2017 at 11:56 AM, Miguel van Loon wrote: Hi dear, ? I suggest to use razor, pyzor and dcc. Into a combination of these three, your spam will be counting down immediately! J I use them on my own system and I?m very happy with it. ? Kind regards, ? Miguel ? ? Van: MailScanner [mailto:mailscanner-bounces+m.van.loon=ictvanloon.nl at lists.mailscanner.info] Namens Danita Zanre Verzonden: woensdag 4 januari 2017 17:51 Aan: mailscanner at lists.mailscanner.info Onderwerp: Optimizing Anti-Spam ? Hi all!? It?s been years since I?ve implemented something like Mailscanner as part of an anti-spam system, but I?ve used various Linux based systems like Maia Mailguard in the distant past.? I've used appliances for quite awhile, but for various reasons have now chosen Mailscanner for the task.? Right now I?m training and tweaking things on a smaller subset domain rather than flipping the switch for my entire system.? I?ve only been running for about 5 days or so.? I?m training the bayes database multiple times a day with both spam and ham, and Spamassassin is now active, but I have a lot of what I consider ?obvious? spam leaking through - vulgar words in the subject, sexual content, etc.? While my users will forgive marketing and general ?junk?, they will be less forgiving of these things ;-) ? I?m doing some research on the best settings to optimize.? I used to use things like Razor, DCC, selective greylisting, custom rule sets.? I imagine that these things have changed a lot in the past 10 years.? Can you give me some ideas on some optimizations you use to tighten things up? ? ? Thanks! ? Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office ? -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -- This message has been scanned for viruses and dangerous content by Iris MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From danita at caledonia.net Wed Jan 4 23:41:48 2017 From: danita at caledonia.net (Danita Zanre) Date: Wed, 4 Jan 2017 17:41:48 -0600 Subject: Not sure Bayes is actually doing anything In-Reply-To: References: Message-ID: I?ve been trying to install MailWatch - well, actually it is installed, but something is wrong. ?I can see the ?recent messages?, and go to reports, etc., but when I click on the ?Quarantine? I get a list of directories and counts of how many messages are in the directories, but if I click on one of the directories, nothing shows up! ?I?ve asked over on the MailWatch list, but no bites yet. I also have an error sending the quarantine reports of? Failed opening required 'Mail/mime.php I know the Mail module is installed, but for the life of me I can?t find a ?mime.php? anywhere! Baby steps. ?At least I?m not getting sex spam any longer - hehe. Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office On January 4, 2017 at 5:39:40 PM, Kevin Miller (kevin.miller at juneau.org) wrote: What are the settings for ?Spam Header? and ?Spam Score Header? in MailScanner.conf?? They, along with several other settigns allow you to add the spamassassin score information to the headers.? You?ll need to look at the message header in whatever you use for a mail client though.? IIRC, the messages stored in the quarantine directory(s) are saved in the same form as they can in as; i.e., they don?t contain the spamassassin stuff.? But the message in our inbox will, so it?s easy to check it there. ? I use MailWatch for MailScanner which is a nice web front end for examining messages ? it displays the works, including the spam scores and such? ? ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357 ? From: MailScanner [mailto:mailscanner-bounces+kevin.miller=juneau.org at lists.mailscanner.info] On Behalf Of Danita Zanre Sent: Wednesday, January 04, 2017 2:14 PM To: MailScanner Discussion Subject: Not sure Bayes is actually doing anything ? While it ?seems? to me that bases is being called by SA, I?ve not seen one message have a Bayes score. ?I feel like I?m missing something basic here. ?How can I confirm that the bayes database is actually being used? ?I thought I might be able to search in the spam quarantine, but it looks to me like the headers are not actually changed in those messages to show what the spam score was. ?I searched through the config file, but I don?t see any obvious way to ask for that information in the quarantine. ? Anyway, I?m stumped! ? Thanks, ? Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office ? -- This message has been scanned for viruses and dangerous content by Iris MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From wt at dld2000.com Wed Jan 4 23:56:40 2017 From: wt at dld2000.com (Walt Thiessen) Date: Wed, 4 Jan 2017 18:56:40 -0500 Subject: Fwd: Find an eBook reader and keep the reading alive In-Reply-To: <217523152221664221752573475118512493@4x21r856.widecentral.stream> References: <217523152221664221752573475118512493@4x21r856.widecentral.stream> Message-ID: <61d6cef5-5460-37c9-770b-6cdbb772e7dc@dld2000.com> My server is getting a bunch of spam where the spammer ads 2000 words in useless sentences at end in order to get it past the bayesian filter. I've been training it for a few days now, but they're still not getting caught. The send domains are all different. The servers are all different. The IPs are all different. They end up on blacklists in due course, but by then they've moved on to their next "victim" server IP. Anyone else running into this stuff? Any idea how to block it? Walt From mark at msapiro.net Thu Jan 5 00:14:43 2017 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 4 Jan 2017 16:14:43 -0800 Subject: "random" spam - was: Fwd: Find an eBook reader and keep the reading alive In-Reply-To: <61d6cef5-5460-37c9-770b-6cdbb772e7dc@dld2000.com> References: <217523152221664221752573475118512493@4x21r856.widecentral.stream> <61d6cef5-5460-37c9-770b-6cdbb772e7dc@dld2000.com> Message-ID: On 01/04/2017 03:56 PM, Walt Thiessen wrote: > > The send domains are all different. The servers are all different. The > IPs are all different. They end up on blacklists in due course, but by > then they've moved on to their next "victim" server IP. > > Anyone else running into this stuff? Any idea how to block it? I use Botnet in SpamAssassin - It can help. You have to watch closely for a bit and possibly adjust the score, and you will still get occasional false positives, but I like it. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From wt at dld2000.com Thu Jan 5 02:31:30 2017 From: wt at dld2000.com (Walt Thiessen) Date: Wed, 4 Jan 2017 21:31:30 -0500 Subject: "random" spam In-Reply-To: References: <217523152221664221752573475118512493@4x21r856.widecentral.stream> <61d6cef5-5460-37c9-770b-6cdbb772e7dc@dld2000.com> Message-ID: Thanks Mark. What initial scoring would you recommend with it? Walt On 1/4/2017 7:14 PM, Mark Sapiro wrote: > On 01/04/2017 03:56 PM, Walt Thiessen wrote: >> The send domains are all different. The servers are all different. The >> IPs are all different. They end up on blacklists in due course, but by >> then they've moved on to their next "victim" server IP. >> >> Anyone else running into this stuff? Any idea how to block it? > > I use Botnet in SpamAssassin - > > It can help. You have to watch closely for a bit and possibly adjust the > score, and you will still get occasional false positives, but I like it. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Thu Jan 5 02:57:36 2017 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 4 Jan 2017 18:57:36 -0800 Subject: "random" spam In-Reply-To: References: <217523152221664221752573475118512493@4x21r856.widecentral.stream> <61d6cef5-5460-37c9-770b-6cdbb772e7dc@dld2000.com> Message-ID: <2aeb2a1f-f449-d61f-a99f-b527f6093062@msapiro.net> On 01/04/2017 06:31 PM, Walt Thiessen wrote: > Thanks Mark. What initial scoring would you recommend with it? There are a couple of ways to deal with the scores. Read the Botnet.txt and Botnet.variants.txt files for information. The BOTNET rule is actually a metarule which hits based on which other rules do and don't hit. The scores in the GitHub Botnet.cf file score most things as 1.0 and basically get a total score based on how many hit. This contrasts with the "original" distribution which scored the positive rules as 0.0 so the only score that actually counted was the BOTNET score. Here's a diff between the GitHub Botnet.cf and mine # diff .software/from_repo/Botnet.pm/Botnet.cf /etc/spamassassin/Botnet.cf 25c25,27 < botnet_pass_trusted public --- > #botnet_pass_trusted public > # Skip over the trusted relays to the first untrusted > botnet_pass_trusted ignore 75c77 < score BOTNET 1.0 --- > score BOTNET 4.25 83c85 < score BOTNET_NORDNS 1.0 --- > score BOTNET_NORDNS 0.0 87c89 < score BOTNET_BADDNS 1.0 --- > score BOTNET_BADDNS 0.0 91c93 < score BOTNET_CLIENT 1.0 --- > score BOTNET_CLIENT 0.0 95c97 < score BOTNET_IPINHOSTNAME 1.0 --- > score BOTNET_IPINHOSTNAME 0.0 99c101 < score BOTNET_CLIENTWORDS 1.0 --- > score BOTNET_CLIENTWORDS 0.0 See Botnet.txt for more info on what my botnet_pass_trusted ignore setting means. Also, I have a X-local.cf file that overrides the BOTNET score of 4.25 with score BOTNET 3.5 This is with MailScanner High SpamAssassin Score = 10 Required SpamAssassin Score = 5 These scores work well for me. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From thom at vdb.nl Thu Jan 5 06:35:33 2017 From: thom at vdb.nl (Thom van der Boon) Date: Thu, 5 Jan 2017 07:35:33 +0100 (CET) Subject: Optimizing Anti-Spam In-Reply-To: References: Message-ID: <761206701.476539.1483598133422.JavaMail.zimbra@vdb.nl> Hi I use 2 things: * Lower threshold: Spamassassin score: * 5: Mark as (possible) spam * 10 (in stead of 15): delete * use KAM.cf: KAM.cf is a very nice set of spammassassin rules file which catches a awfull lot of spam You can find the KAM.cf.sh script via Google Met vriendelijke groet, Best regards, Thom van der Boon E-Mail: thom at vdb.nl ===== Thom.H. van der Boon b.v. Transito 4 6909 DA Babberich Tel.: +31 (0)88 4272727 Fax: +31 (0)88 4272789 Home Page: http://www.vdb.nl/ Van: "Danita Zanre" Aan: mailscanner at lists.mailscanner.info Verzonden: Woensdag 4 januari 2017 17:50:42 Onderwerp: Optimizing Anti-Spam Hi all! It?s been years since I?ve implemented something like Mailscanner as part of an anti-spam system, but I?ve used various Linux based systems like Maia Mailguard in the distant past. I've used appliances for quite awhile, but for various reasons have now chosen Mailscanner for the task. Right now I?m training and tweaking things on a smaller subset domain rather than flipping the switch for my entire system. I?ve only been running for about 5 days or so. I?m training the bayes database multiple times a day with both spam and ham, and Spamassassin is now active, but I have a lot of what I consider ?obvious? spam leaking through - vulgar words in the subject, sexual content, etc. While my users will forgive marketing and general ?junk?, they will be less forgiving of these things ;-) I?m doing some research on the best settings to optimize. I used to use things like Razor, DCC, selective greylisting, custom rule sets. I imagine that these things have changed a lot in the past 10 years. Can you give me some ideas on some optimizations you use to tighten things up? Thanks! Danita Zanr? , Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From danita at caledonia.net Thu Jan 5 18:18:33 2017 From: danita at caledonia.net (Danita Zanre) Date: Thu, 5 Jan 2017 12:18:33 -0600 Subject: How big is too big? Message-ID: In checking and training our system, I?m noticing that a fair number of the leaky spam is large. ?One message I just looked at is 1.3MB! ?Right now, that?s the largest mail that has even come through the test system (my test users don?t get a lot of attachments). ?Is it unreasonable to have mailscanner actually check messages that are 2MB in size? ? I currently have 1700 items (in 6 days) that have a 0.00 score (that are not blacklisted). ?There are a few timeouts (need to figure that out), but most of these are due to size. ?And almost all of the 0.00 scores that are not timeouts are indeed spam that is just big. ?How large of a message do you scan for spam in your production environments? Thanks. Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office -------------- next part -------------- An HTML attachment was scrubbed... URL: From jason at geeknocity.com Thu Jan 5 18:52:48 2017 From: jason at geeknocity.com (Jason Waters) Date: Thu, 5 Jan 2017 13:52:48 -0500 Subject: How big is too big? In-Reply-To: References: Message-ID: I don't get enough large email to put a limit on this. I have it scan all emails. If down the road I notice a serious performance lag then I would put something in. Or if the company I put it in for emails large files on a regular basis. Jason On Thu, Jan 5, 2017 at 1:18 PM, Danita Zanre wrote: > In checking and training our system, I?m noticing that a fair number of > the leaky spam is large. One message I just looked at is 1.3MB! Right > now, that?s the largest mail that has even come through the test system (my > test users don?t get a lot of attachments). Is it unreasonable to have > mailscanner actually check messages that are 2MB in size? > > I currently have 1700 items (in 6 days) that have a 0.00 score (that are > not blacklisted). There are a few timeouts (need to figure that out), but > most of these are due to size. And almost all of the 0.00 scores that are > not timeouts are indeed spam that is just big. How large of a message do > you scan for spam in your production environments? > > Thanks. > > *Danita Zanr?*, *Move Out of the Office* > I love my job, and you can too! > Tel: (720) 319-7530 - Caledonia Network Consulting > Tel: (720) 319-8240 - Move Out of the Office > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From m.van.loon at ictvanloon.nl Thu Jan 5 19:00:02 2017 From: m.van.loon at ictvanloon.nl (Miguel van Loon) Date: Thu, 5 Jan 2017 19:00:02 +0000 Subject: quarantine options mailwatch Message-ID: Hello guys, I am using mailwatch to look into my emails from mailscanner. Normally you can set the option "define('QUARANTINE_USE_FLAG', true);" in your conf.php from mailwatch. I am running mailscanner version 4.84.6. Unfortunately, the options does not come into the mailwatch page. Does anyone know how to solve these problem..? Thanks for help! Kind regards, Miguel -------------- next part -------------- An HTML attachment was scrubbed... URL: From jason at geeknocity.com Thu Jan 5 19:00:48 2017 From: jason at geeknocity.com (Jason Waters) Date: Thu, 5 Jan 2017 14:00:48 -0500 Subject: Allowing a filename In-Reply-To: References: Message-ID: This worked great! It can be letters or numbers and it is 4 random characters, so I just adjusted it to {4}. Thanks! Jason On Wed, Jan 4, 2017 at 5:34 PM, Rick Cooper wrote: > Right at the top of filename.rules.conf place ( means hit the tab key) > > allowCOL.+\.tmp\.doc$Allow Special COLXXX.tmp.docAllow > Special COLXXX.tmp.doc > > Your did not say if XXX was always a number or always an addition 3 chars > if always number of at least 3 digits > allowCOL\d{3,}\.tmp\.doc$Allow Special COLXXX.tmp.docAllow > Special COLXXX.tmp.doc > > any three chars > allowCOL.{3}\.tmp\.doc$Allow Special COLXXX.tmp.docAllow > Special COLXXX.tmp.doc > > If it always comes from xyz at abc.com (and you trust them completely) then > place the following in filename.rules > > From: xyz at abc.com > > if the local part can be different but always same domain the use > From: *@abc.com > > If there is nothing on the right side of that address then no file name > checking will be done. Bear in mind if you would just like that one pass > made create a special version of the filename.rules.conf (like > COLXXX.filename.rules.conf) > and use > From*@abc.com/your/path/to/MailScanner/etc/ > COLXXX.filename.rules.conf > > and then only that domain would have the additional pass but all other > rules would still apply. Look that those two files, there is a lot you can > do. > > All of this assumes the file does not come in an archive (zip/rar) in > which cases you would use the .archive version of those same files. > > Rick Cooper > > ------------------------------ > *From:* MailScanner [mailto:mailscanner-bounces+rcooper=dwford.com at lists. > mailscanner.info] *On Behalf Of *Jason Waters > *Sent:* Wednesday, January 04, 2017 10:49 AM > *To:* MailScanner Discussion > *Subject:* Allowing a filename > > I have a client that sends doc files but through their system and they > come as COLXXX.tmp.doc > > The X's change so we would need to account for that. These are legit and > would like to build a rule to allow them. I'm assuming it would be > in filename.rules.conf? Could someone help me out? Also they always from > from the same domain. I tried white listing that domain, but that didn't > allow them to pass. Thanks. > > Jason > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Fri Jan 6 00:46:36 2017 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 5 Jan 2017 16:46:36 -0800 Subject: Optimizing Anti-Spam and "random" spam Message-ID: <806dc233-168d-3a32-52f2-df77122eff01@msapiro.net> A couple of recent threads have talked about improving/tuning MailScanner's spam detection. On the "old" web site, there was a page called "Getting The Best Out Of MailScanner" with links to various things. That page is still available from the wayback machine at . Some of it is out of date, and we should get an updated page on the current web site, but the information about ClamAV and third party sigs from SaneSecurity, and KAM rules, Razor, Pyzor and DCC for SpamAssassin is still relevant. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From dave at jonesol.com Fri Jan 6 02:12:15 2017 From: dave at jonesol.com (Dave Jones) Date: Thu, 5 Jan 2017 20:12:15 -0600 Subject: Optimizing Anti-Spam In-Reply-To: <761206701.476539.1483598133422.JavaMail.zimbra@vdb.nl> References: <761206701.476539.1483598133422.JavaMail.zimbra@vdb.nl> Message-ID: Definitely setup zen.spamhaus.org RBL but this won't help much unless it's an edge mail server. There are a lot of things that you can't do at the MTA level unless you are an edge mail server like HELO checks, DNS PTR checks, RBL checks, greylisting, etc. There are ways to make SpamAssassin ignore the relay server by adding it to internal_networks and trusted_networks but that won't help the MTA-level checks which are very important. You should try to block as much as possible at the MTA level so there will be proper bounce messages. Once the message reaches MailScanner, then it's basically dropped silently which could be considered bad. Download and take a look at the Postfix setup in https://efa-project.org/ to get some good ideas on how to tune your own server. You might find that you would like to switch over to the EFA server and make it an edge mail server to be the most effective. There are tons of other tricks to tune out a MailScanner server if you have to time to implement them. - postwhite - SQLgrey or postgrey - pypolicyd-spf to add an SPF check header used by SA - postscreen with many RBLs weighted to your needs - senderscore.org RBL is very helpful (search SA mailing list archives) - Postfix tuning (reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_non_fqdn_hostname, reject_unknown_sender_domain, reject_non_fqdn_helo_hostname - Postfix rate limiting - Postfwd to add custom headers, ex. etect large BCC and add a custom header that can be used by SA for scoring - opendkim to sign outbound messages for improved delivery - SA shortcircuit'ing to whitelist trusted senders - SA whitelist_auth list so you can bump up BAYES_* scores - SA BAYES_* score adjustment - SA bayes_ignore_header listing (search SA mailing list archives) - SA score tuning for reliable whitelists - SA ham shortcircuit for very reliable whitelists - ClamAV add extra signatures for more aggressive blocking (search clamav-unofficial-sigs.conf) - SA - custome rules download of 20_axb_misc.cf - SA - enable RelayCountry and add custom rules for bad countries for your users/region - SA - ok_languages and ok_locales .... Dave On Thu, Jan 5, 2017 at 12:35 AM, Thom van der Boon wrote: > Hi > > I use 2 things: > > > - Lower threshold: Spamassassin score: > - 5: Mark as (possible) spam > - 10 (in stead of 15): delete > - use KAM.cf: KAM.cf is a very nice set of spammassassin rules file > which catches a awfull lot of spam > > You can find the KAM.cf.sh script via Google > > Met vriendelijke groet, Best regards, > > > Thom van der Boon > E-Mail: thom at vdb.nl > > > > ===== > > > > Thom.H. van der Boon b.v. > Transito 4 > 6909 DA Babberich > Tel.: +31 (0)88 4272727 <+31%2088%20427%202727> > Fax: +31 (0)88 4272789 <+31%2088%20427%202789> > Home Page: http://www.vdb.nl/ > > ------------------------------ > *Van: *"Danita Zanre" > *Aan: *mailscanner at lists.mailscanner.info > *Verzonden: *Woensdag 4 januari 2017 17:50:42 > *Onderwerp: *Optimizing Anti-Spam > > Hi all! It?s been years since I?ve implemented something like Mailscanner > as part of an anti-spam system, but I?ve used various Linux based systems > like Maia Mailguard in the distant past. I've used appliances for quite > awhile, but for various reasons have now chosen Mailscanner for the task. > Right now I?m training and tweaking things on a smaller subset domain > rather than flipping the switch for my entire system. I?ve only been > running for about 5 days or so. I?m training the bayes database multiple > times a day with both spam and ham, and Spamassassin is now active, but I > have a lot of what I consider ?obvious? spam leaking through - vulgar words > in the subject, sexual content, etc. While my users will forgive marketing > and general ?junk?, they will be less forgiving of these things ;-) > > I?m doing some research on the best settings to optimize. I used to use > things like Razor, DCC, selective greylisting, custom rule sets. I imagine > that these things have changed a lot in the past 10 years. Can you give me > some ideas on some optimizations you use to tighten things up? > > Thanks! > > > *Danita Zanr?*, *Move Out of the Office* > I love my job, and you can too! > Tel: (720) 319-7530 - Caledonia Network Consulting > Tel: (720) 319-8240 - Move Out of the Office > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From danita at caledonia.net Fri Jan 6 02:38:46 2017 From: danita at caledonia.net (Danita Zanre) Date: Thu, 5 Jan 2017 20:38:46 -0600 Subject: Optimizing Anti-Spam In-Reply-To: References: <761206701.476539.1483598133422.JavaMail.zimbra@vdb.nl> Message-ID: I?ve used EFA before, but I need to keep this on a SLES server right now, and don?t really have time to figure out how to get EFA to run on it. ?This is an edge server, but right now it?s behind a relay. ?I?m testing it behind an existing appliance until I get it ready - so all of the edge processes will need to be added after I turn it live. ? Does Mailscanner have user or domain level SA config files? ?I haven?t figured that out yet. ?I?m getting sick of Portuguese spam, but I have users who receive Portuguese. ?I get German spam, but I also get real german mail. ?I also get Spanish spam, and don?t speak Spanish - hehe - but I can?t block any language system-wide or even domain-wide for that matter. ? Thanks for all of the suggestions. ?I?m only at about 30% spam blocking right now, and it?s really closer to 80%, so I have to figure out how to tighten it up a bit. ? Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office On January 5, 2017 at 8:18:33 PM, Dave Jones (dave at jonesol.com) wrote: Definitely setup zen.spamhaus.org RBL but this won't help much unless it's an edge mail server.? There are a lot of things that you can't do at the MTA level unless you are an edge mail server like HELO checks, DNS PTR checks, RBL checks, greylisting, etc. There are ways to make SpamAssassin ignore the relay server by adding it to internal_networks and trusted_networks but that won't help the MTA-level checks which are very important.? You should try to block as much as possible at the MTA level so there will be proper bounce messages.? Once the message reaches MailScanner, then it's basically dropped silently which could be considered bad. Download and take a look at the Postfix setup in?https://efa-project.org/ to get some good ideas on how to tune your own server.? You might find that you would like to switch over to the EFA server and make it an edge mail server to be the most effective. There are tons of other tricks to tune out a MailScanner server if you have to time to implement them. - postwhite - SQLgrey or postgrey -?pypolicyd-spf to add an SPF check header used by SA - postscreen with many RBLs weighted to your needs - senderscore.org RBL is very helpful (search SA mailing list archives) - Postfix tuning (reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_non_fqdn_hostname, reject_unknown_sender_domain,?reject_non_fqdn_helo_hostname - Postfix rate limiting - Postfwd to add custom headers, ex. etect large BCC and add a custom header that can be used by SA for scoring - opendkim to sign outbound messages for improved delivery - SA shortcircuit'ing to whitelist trusted senders - SA whitelist_auth list so you can bump up BAYES_* scores - SA BAYES_* score adjustment - SA?bayes_ignore_header listing (search SA mailing list archives) - SA score tuning for reliable whitelists - SA ham shortcircuit for very reliable whitelists - ClamAV add extra signatures for more aggressive blocking (search clamav-unofficial-sigs.conf) - SA - custome rules download of 20_axb_misc.cf - SA - enable?RelayCountry and add custom rules for bad countries for your users/region - SA - ok_languages?and?ok_locales .... Dave On Thu, Jan 5, 2017 at 12:35 AM, Thom van der Boon wrote: Hi I use 2 things: Lower threshold: Spamassassin score: 5:? Mark as (possible) spam 10 (in stead of 15): delete use KAM.cf: KAM.cf is a very nice set of spammassassin rules file which catches a awfull lot of spam You can find the KAM.cf.sh script via Google Met vriendelijke groet, Best regards, Thom van der Boon E-Mail: thom at vdb.nl ===== Thom.H. van der Boon b.v. Transito 4 6909 DA? Babberich Tel.: +31 (0)88 4272727 Fax: +31 (0)88 4272789 Home Page: http://www.vdb.nl/ Van: "Danita Zanre" Aan: mailscanner at lists.mailscanner.info Verzonden: Woensdag 4 januari 2017 17:50:42 Onderwerp: Optimizing Anti-Spam Hi all!? It?s been years since I?ve implemented something like Mailscanner as part of an anti-spam system, but I?ve used various Linux based systems like Maia Mailguard in the distant past.? I've used appliances for quite awhile, but for various reasons have now chosen Mailscanner for the task.? Right now I?m training and tweaking things on a smaller subset domain rather than flipping the switch for my entire system.? I?ve only been running for about 5 days or so.? I?m training the bayes database multiple times a day with both spam and ham, and Spamassassin is now active, but I have a lot of what I consider ?obvious? spam leaking through - vulgar words in the subject, sexual content, etc.? While my users will forgive marketing and general ?junk?, they will be less forgiving of these things ;-) I?m doing some research on the best settings to optimize.? I used to use things like Razor, DCC, selective greylisting, custom rule sets.? I imagine that these things have changed a lot in the past 10 years.? Can you give me some ideas on some optimizations you use to tighten things up? ? Thanks! Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by Iris MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From m.van.loon at ictvanloon.nl Fri Jan 6 08:14:07 2017 From: m.van.loon at ictvanloon.nl (Miguel van Loon) Date: Fri, 6 Jan 2017 08:14:07 +0000 Subject: Quarantine options Message-ID: <2c97530e.AEMAHL7LTNwAAAAAAAAAAGoWcEUAARpY35AAAAAAAAci1wBYb1Hc@mailjet.com> Hello guys, I am using mailwatch to look into my emails from mailscanner. Normally you can set the option "define('QUARANTINE_USE_FLAG', true);" in your conf.php from mailwatch. I am running mailscanner version 4.84.6. Unfortunately, the options does not come into the mailwatch page. Does anyone know how to solve these problem..? Thanks for help! Kind regards, Miguel -------------- next part -------------- An HTML attachment was scrubbed... URL: From danita at caledonia.net Fri Jan 6 15:50:30 2017 From: danita at caledonia.net (Danita Zanre) Date: Fri, 6 Jan 2017 09:50:30 -0600 Subject: Names in subject Message-ID: This is probably better for a spamassassin list, but everyone here seems pretty knowledgeable, so I?ll ask. ?We are getting a fair amount of spam that has the recipient?s name in parenthesis. ?I?d like to create a rule that will address these. ?I?m lousy with regex though, and I?m assuming I would need to have a rule that I just update with names as I notice them. ?I thought it would be something like: header NAME_IN_SUBJECT Subject =~ /\(danita|james|joe\)/ I specifically only want the rule to act on those with the parentheses in the subject - I don?t think my rule is working. Thanks Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Fri Jan 6 16:43:55 2017 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 6 Jan 2017 08:43:55 -0800 Subject: Names in subject In-Reply-To: References: Message-ID: On 01/06/2017 07:50 AM, Danita Zanre wrote: > > header NAME_IN_SUBJECT Subject =~ /\(danita|james|joe\)/ > > I specifically only want the rule to act on those with the parentheses > in the subject - I don?t think my rule is working. Your regex probably should be /\((danita|james|joe)\)/i to match either 'danita' or 'james' or 'joe' inside parens, case insensitively. What you have will match '(danita' or 'james' or 'joe)' case sensitively. I.e., danita needs the open paren but not a close, joe needs the closing paren but not the open and james needs no parens. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From danita at caledonia.net Fri Jan 6 18:31:41 2017 From: danita at caledonia.net (Danita Zanre) Date: Fri, 6 Jan 2017 12:31:41 -0600 Subject: Names in subject In-Reply-To: <1868493600.832.1483721063554.JavaMail.root@xeams> References: <1868493600.832.1483721063554.JavaMail.root@xeams> Message-ID: Perfect! ?There is a lot of ?real? mail that puts names in the subjects (mostly newsletters and such), but I?ve seen a lot of names in parentheses lately, and I don?t think they are EVER real. ?I?ll play with scoring to see what works best. ? Thanks so much! Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office On January 6, 2017 at 10:50:22 AM, Mark Sapiro (mark at msapiro.net) wrote: On 01/06/2017 07:50 AM, Danita Zanre wrote: > > header NAME_IN_SUBJECT Subject =~ /\(danita|james|joe\)/ > > I specifically only want the rule to act on those with the parentheses > in the subject - I don?t think my rule is working. Your regex probably should be /\((danita|james|joe)\)/i to match either 'danita' or 'james' or 'joe' inside parens, case insensitively. What you have will match '(danita' or 'james' or 'joe)' case sensitively. I.e., danita needs the open paren but not a close, joe needs the closing paren but not the open and james needs no parens. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner ------------------------------------------------------ Powered by Xeams. Visit xeams.com for more information ------------------------------------------------------ -- This message has been scanned for viruses and dangerous content by Iris MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ametzler at bebt.de Sat Jan 7 17:09:05 2017 From: ametzler at bebt.de (Andreas Metzler) Date: Sat, 7 Jan 2017 18:09:05 +0100 Subject: exim 4.88 named queue feature Message-ID: <20170107170905.d6jfxm7o326cyuqr@argenau.bebt.de> Hello, exim 4.88 features this change: 5. Facility for named queues: A command-line argument can specify the queue name for a queue operation, and an ACL modifier can set the queue to be used for a message. A $queue_name variable gives visibility. I think/hope that should make it possible to simplify mailscanner integration, doing away with the need for two exim processes, by making exim put all regular incoming messages in an alternative queue (acl_not_smtp/acl_smtp_mail set queue = tobescanned) and letting the normal queue runner deliver the clean messages. (I am not a mailscanner user myself, just wanted to provide a pointer.) cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' From andrew at topdog.za.net Sun Jan 8 07:09:00 2017 From: andrew at topdog.za.net (Andrew Colin Kissa) Date: Sun, 8 Jan 2017 09:09:00 +0200 Subject: exim 4.88 named queue feature In-Reply-To: <20170107170905.d6jfxm7o326cyuqr@argenau.bebt.de> References: <20170107170905.d6jfxm7o326cyuqr@argenau.bebt.de> Message-ID: <97D7771C-AADB-4090-89A0-638DE326EE5F@topdog.za.net> > On 07 Jan 2017, at 19:09, Andreas Metzler wrote: > > (I am not a mailscanner user myself, just wanted to provide a pointer.) The experimental queuefile transport may provide an even better option. With the named queue you still have to clean up the retry databases. - A -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: From rin2013 at outlook.com Tue Jan 10 06:15:59 2017 From: rin2013 at outlook.com (Rin Pisarn) Date: Tue, 10 Jan 2017 06:15:59 +0000 Subject: MailScanner Scan Twice (Intergrate with Zimbra) Message-ID: Hello, We have been using MailScanner for many years along with Zimbra but after we install new CentOS6.5 with Zimbra 8.7.1 integrate with MailScanner 5.0.3-7. The problem is MailScanner scans a message twice and mailwatch logs 2 messages. Can you point me the direction of this cause and solution, please? Note : No problem with the old Zimbra 7.1.4 and MailScanner4.85.2-3 Thank you in advance Logs below: Jan 10 12:52:47 zimbra /postfix-script[8394]: refreshing the Postfix mail system Jan 10 12:52:47 zimbra postfix/master[23699]: reload -- version 3.1.1, configuration /opt/zimbra/common/conf Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: connect from unknown[10.1.253.245] Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: Anonymous TLS connection established from unknown[10.1.253.245]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: NOQUEUE: filter: RCPT from unknown[10.1.253.245]: : Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from= to= proto=ESMTP helo= Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: DC948A2BF3: client=unknown[10.1.253.245], sasl_method=LOGIN, sasl_username=admin at zimbra.imperialhotels.com Jan 10 12:53:02 zimbra postfix/cleanup[8424]: DC948A2BF3: hold: header Received: from N4200007325 (unknown [10.1.253.245])??by zimbra.imperialhotels.com (Postfix) with ESMTPSA id DC948A2BF3??for ; Tue, 10 Jan 2017 12:53:02 +0700 (ICT) from unknown[10.1.253.245]; from= to= proto=ESMTP helo= Jan 10 12:53:02 zimbra postfix/cleanup[8424]: DC948A2BF3: message-id=<004f01d26b05$d374c760$7a5e5620$@zimbra.imperialhotels.com> Jan 10 12:53:04 zimbra MailScanner[30580]: New Batch: Scanning 1 messages, 3580 bytes Jan 10 12:53:04 zimbra MailScanner[30580]: Virus and Content Scanning: Starting Jan 10 12:53:04 zimbra MailScanner[30580]: Requeue: DC948A2BF3.A9381 to 05C31A2BFA Jan 10 12:53:04 zimbra MailScanner[30580]: Uninfected: Delivered 1 messages Jan 10 12:53:04 zimbra postfix/qmgr[8399]: 05C31A2BFA: from=, size=2775, nrcpt=1 (queue active) Jan 10 12:53:04 zimbra MailScanner[30580]: Deleted 1 messages from processing-database Jan 10 12:53:04 zimbra MailScanner[30580]: Logging message DC948A2BF3.A9381 to SQL Jan 10 12:53:04 zimbra postfix/dkimmilter/smtpd[8428]: connect from localhost[127.0.0.1] Jan 10 12:53:04 zimbra postfix/dkimmilter/smtpd[8428]: 70057A2BF3: client=localhost[127.0.0.1] Jan 10 12:53:04 zimbra postfix/cleanup[8424]: 70057A2BF3: hold: header Received: from loca lhost (localhost [127.0.0.1])??by zimbra.imperialhotels.com (Postfix) with ESMTP id 70057A2BF3??for ; Tue, 10 Jan 2017 12:53:04 +0700 (ICT) from localhost[127.0.0.1]; from= to= proto=ESMTP helo= Jan 10 12:53:04 zimbra postfix/cleanup[8424]: 70057A2BF3: message-id=<004f01d26b05$d374c760$7a5e5620$@zimbra.imperialhotels.com> Jan 10 12:53:04 zimbra postfix/dkimmilter/smtpd[8428]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 Jan 10 12:53:04 zimbra postfix/smtp[8426]: 05C31A2BFA: to=, relay=127.0.0.1[127.0.0.1]:10026, delay=1.7, delays=1.4/0.03/0.02/0.32, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 70057A2BF3) Jan 10 12:53:04 zimbra postfix/qmgr[8399]: 05C31A2BFA: removed Jan 10 12:53:04 zimbra MailScanner[30403]: New Batch: Scanning 1 messages, 4373 bytes Jan 10 12:53:04 zimbra MailScanner[30403]: Requeue: 70057A2BF3.ADBEC to 7BF78A2BFA Jan 10 12:53:04 zimbra MailScanner[30403]: Unscanned: Delivered 1 messages Jan 10 12:53:04 zimbra postfix/qmgr[8399]: 7BF78A2BFA: from=, size=3599, nrcpt=1 (queue active) Jan 10 12:53:04 zimbra MailScanner[30403]: Deleted 1 messages from processing-database Jan 10 12:53:04 zimbra MailScanner[30403]: Logging message 70057A2BF3.ADBEC to SQL Jan 10 12:53:05 zimbra postfix/submission/smtpd[8418]: disconnect from unknown[10.1.253.245] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8 Jan 10 12:53:14 zimbra postfix/amavisd/smtpd[8438]: connect from localhost[127.0.0.1] Jan 10 12:53:14 zimbra postfix/amavisd/smtpd[8438]: AEF48A2BF3: client=localhost[127.0.0.1] Jan 10 12:53:14 zimbra postfix/cleanup[8424]: AEF48A2BF3: message-id=<004f01d26b05$d374c760$7a5e5620$@zimbra.imperialhotels.com> Jan 10 12:53:14 zimbra postfix/amavisd/smtpd[8438]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 Jan 10 12:53:14 zimbra postfix/qmgr[8399]: AEF48A2BF3: from=, size=4209, nrcpt=1 (queue active) Jan 10 12:53:14 zimbra postfix/smtp[8426]: 7BF78A2BFA: to=, relay=127.0.0.1[127.0.0.1]:10032, delay=10, delays=0.17/0/0.02/10, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as AEF48A2BF3) Jan 10 12:53:14 zimbra postfix/qmgr[8399]: 7BF78A2BFA: removed Jan 10 12:53:15 zimbra postfix/lmtp[8439]: AEF48A2BF3: to=, relay=zimbra.imperialhotels.com[10.1.253.2]:7025, delay=0.92, delays=0.07/0.04/0.11/0.71, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK) Jan 10 12:53:15 zimbra postfix/qmgr[8399]: AEF48A2BF3: removed -------------- next part -------------- An HTML attachment was scrubbed... URL: From garry at glendown.de Tue Jan 10 06:44:41 2017 From: garry at glendown.de (Garry Glendown) Date: Tue, 10 Jan 2017 07:44:41 +0100 Subject: ICAP Support for MS? Message-ID: <2ebee921-4ce9-9bf2-ea44-699031788281@glendown.de> Hi, while doing a Sandbox setup for a customer, I was looking into whether there is an easy way to implement ICAP-scanning into their MS installation ... so far, without success ... haven't been able to find any way ... am I missing anything? Thanks, -garry -- PGP Fingerprint: A79F A33F 5B13 BEB7 A51D 274F F99C 3AE2 4BCB 7015 From garry at glendown.de Tue Jan 10 07:45:10 2017 From: garry at glendown.de (Garry Glendown) Date: Tue, 10 Jan 2017 08:45:10 +0100 Subject: ICAP Support for MS? In-Reply-To: <2ebee921-4ce9-9bf2-ea44-699031788281@glendown.de> References: <2ebee921-4ce9-9bf2-ea44-699031788281@glendown.de> Message-ID: <1ed33e31-cc36-66af-a557-b4b3be2cb5a0@glendown.de> Guten Tag, > Hi, > > while doing a Sandbox setup for a customer, I was looking into whether > there is an easy way to implement ICAP-scanning into their MS > installation ... so far, without success ... haven't been able to find > any way ... am I missing anything? P.S - came across one milter - smtp-vilter - which is supposed to have ICAP support, but the download page for the sources doesn't exist anymore ... haven't been able to find any mirrors, though, even if it seems to be included in some *BSD distris ... anybody have an idea where I can get a hold of it? Thanks! -- PGP Fingerprint: A79F A33F 5B13 BEB7 A51D 274F F99C 3AE2 4BCB 7015 -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmgomess at gmail.com Tue Jan 10 09:53:16 2017 From: mmgomess at gmail.com (Marcelo Machado) Date: Tue, 10 Jan 2017 07:53:16 -0200 Subject: MailScanner Scan Twice (Intergrate with Zimbra) In-Reply-To: References: Message-ID: Hi Rin. If you are using the "/ ^ Received: / HOLD" line in the header_checks file, try instead to use the "static:hold" parameter in the smtpd_recipient_restrictions.cf file like below: ... permit_sasl_authenticated permit_mynetworks reject_unlisted_recipient static:hold ... For me this solved this problem. Marcelo Gomes 2017-01-10 4:15 GMT-02:00 Rin Pisarn : > Hello, > > > > We have been using MailScanner for many years along with Zimbra but after we > install new CentOS6.5 with Zimbra 8.7.1 integrate with MailScanner 5.0.3-7. > The problem is MailScanner scans a message twice and mailwatch logs 2 > messages. Can you point me the direction of this cause and solution, please? > > > > Note : No problem with the old Zimbra 7.1.4 and MailScanner4.85.2-3 > > > > Thank you in advance > > > > Logs below: > > > > Jan 10 12:52:47 zimbra /postfix-script[8394]: refreshing the Postfix mail > system > > Jan 10 12:52:47 zimbra postfix/master[23699]: reload -- version 3.1.1, > configuration /opt/zimbra/common/conf > > Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: connect from > unknown[10.1.253.245] > > Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: Anonymous TLS > connection established from unknown[10.1.253.245]: TLSv1.2 with cipher > ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) > > Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: NOQUEUE: filter: RCPT > from unknown[10.1.253.245]: : Sender > address triggers FILTER smtp-amavis:[127.0.0.1]:10026; > from= to= > proto=ESMTP helo= > > Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: DC948A2BF3: > client=unknown[10.1.253.245], sasl_method=LOGIN, > sasl_username=admin at zimbra.imperialhotels.com > > Jan 10 12:53:02 zimbra postfix/cleanup[8424]: DC948A2BF3: hold: header > Received: from N4200007325 (unknown [10.1.253.245])??by > zimbra.imperialhotels.com (Postfix) with ESMTPSA id DC948A2BF3??for > ; Tue, 10 Jan 2017 12:53:02 +0700 (ICT) > from unknown[10.1.253.245]; from= > to= proto=ESMTP helo= > > Jan 10 12:53:02 zimbra postfix/cleanup[8424]: DC948A2BF3: > message-id=<004f01d26b05$d374c760$7a5e5620$@zimbra.imperialhotels.com> > > Jan 10 12:53:04 zimbra MailScanner[30580]: New Batch: Scanning 1 messages, > 3580 bytes > > Jan 10 12:53:04 zimbra MailScanner[30580]: Virus and Content Scanning: > Starting > > Jan 10 12:53:04 zimbra MailScanner[30580]: Requeue: DC948A2BF3.A9381 to > 05C31A2BFA > > Jan 10 12:53:04 zimbra MailScanner[30580]: Uninfected: Delivered 1 messages > > Jan 10 12:53:04 zimbra postfix/qmgr[8399]: 05C31A2BFA: > from=, size=2775, nrcpt=1 (queue active) > > Jan 10 12:53:04 zimbra MailScanner[30580]: Deleted 1 messages from > processing-database > > Jan 10 12:53:04 zimbra MailScanner[30580]: Logging message DC948A2BF3.A9381 > to SQL > > Jan 10 12:53:04 zimbra postfix/dkimmilter/smtpd[8428]: connect from > localhost[127.0.0.1] > > Jan 10 12:53:04 zimbra postfix/dkimmilter/smtpd[8428]: 70057A2BF3: > client=localhost[127.0.0.1] > > Jan 10 12:53:04 zimbra postfix/cleanup[8424]: 70057A2BF3: hold: header > Received: from loca > > lhost (localhost [127.0.0.1])??by zimbra.imperialhotels.com (Postfix) with > ESMTP id 70057A2BF3??for ; Tue, 10 Jan 2017 > 12:53:04 +0700 (ICT) from localhost[127.0.0.1]; > from= to= > proto=ESMTP helo= > > Jan 10 12:53:04 zimbra postfix/cleanup[8424]: 70057A2BF3: > message-id=<004f01d26b05$d374c760$7a5e5620$@zimbra.imperialhotels.com> > > Jan 10 12:53:04 zimbra postfix/dkimmilter/smtpd[8428]: disconnect from > localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 > > Jan 10 12:53:04 zimbra postfix/smtp[8426]: 05C31A2BFA: > to=, relay=127.0.0.1[127.0.0.1]:10026, > delay=1.7, delays=1.4/0.03/0.02/0.32, dsn=2.0.0, status=sent (250 2.0.0 from > MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 70057A2BF3) > > Jan 10 12:53:04 zimbra postfix/qmgr[8399]: 05C31A2BFA: removed > > Jan 10 12:53:04 zimbra MailScanner[30403]: New Batch: Scanning 1 messages, > 4373 bytes > > Jan 10 12:53:04 zimbra MailScanner[30403]: Requeue: 70057A2BF3.ADBEC to > 7BF78A2BFA > > Jan 10 12:53:04 zimbra MailScanner[30403]: Unscanned: Delivered 1 messages > > Jan 10 12:53:04 zimbra postfix/qmgr[8399]: 7BF78A2BFA: > from=, size=3599, nrcpt=1 (queue active) > > Jan 10 12:53:04 zimbra MailScanner[30403]: Deleted 1 messages from > processing-database > > Jan 10 12:53:04 zimbra MailScanner[30403]: Logging message 70057A2BF3.ADBEC > to SQL > > Jan 10 12:53:05 zimbra postfix/submission/smtpd[8418]: disconnect from > unknown[10.1.253.245] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 > commands=8 > > Jan 10 12:53:14 zimbra postfix/amavisd/smtpd[8438]: connect from > localhost[127.0.0.1] > > Jan 10 12:53:14 zimbra postfix/amavisd/smtpd[8438]: AEF48A2BF3: > client=localhost[127.0.0.1] > > Jan 10 12:53:14 zimbra postfix/cleanup[8424]: AEF48A2BF3: > message-id=<004f01d26b05$d374c760$7a5e5620$@zimbra.imperialhotels.com> > > Jan 10 12:53:14 zimbra postfix/amavisd/smtpd[8438]: disconnect from > localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 > > Jan 10 12:53:14 zimbra postfix/qmgr[8399]: AEF48A2BF3: > from=, size=4209, nrcpt=1 (queue active) > > Jan 10 12:53:14 zimbra postfix/smtp[8426]: 7BF78A2BFA: > to=, relay=127.0.0.1[127.0.0.1]:10032, > delay=10, delays=0.17/0/0.02/10, dsn=2.0.0, status=sent (250 2.0.0 from > MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as AEF48A2BF3) > > Jan 10 12:53:14 zimbra postfix/qmgr[8399]: 7BF78A2BFA: removed > > Jan 10 12:53:15 zimbra postfix/lmtp[8439]: AEF48A2BF3: > to=, > relay=zimbra.imperialhotels.com[10.1.253.2]:7025, delay=0.92, > delays=0.07/0.04/0.11/0.71, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK) > > Jan 10 12:53:15 zimbra postfix/qmgr[8399]: AEF48A2BF3: removed > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From jlovejoy at lovejoytech.com Tue Jan 10 14:56:57 2017 From: jlovejoy at lovejoytech.com (James Lovejoy) Date: Tue, 10 Jan 2017 09:56:57 -0500 Subject: MailScanner Scan Twice (Intergrate with Zimbra) In-Reply-To: References: Message-ID: <7074b593-7e57-94e4-2e05-c90060fe65c1@lovejoytech.com> I found 1.3.6 at the following location: http://www.sourcefiles.org/Internet/Mail/Utilities/Other_Scripts/smtp-vilter-1.3.6.tgz On 1/10/2017 4:53 AM, Marcelo Machado wrote: > Hi Rin. > > If you are using the "/ ^ Received: / HOLD" line in the header_checks > file, try instead to use the "static:hold" parameter in the > smtpd_recipient_restrictions.cf file like below: > > ... > permit_sasl_authenticated > permit_mynetworks > reject_unlisted_recipient > static:hold > ... > > For me this solved this problem. > > Marcelo Gomes > > 2017-01-10 4:15 GMT-02:00 Rin Pisarn : >> Hello, >> >> >> >> We have been using MailScanner for many years along with Zimbra but after we >> install new CentOS6.5 with Zimbra 8.7.1 integrate with MailScanner 5.0.3-7. >> The problem is MailScanner scans a message twice and mailwatch logs 2 >> messages. Can you point me the direction of this cause and solution, please? >> >> >> >> Note : No problem with the old Zimbra 7.1.4 and MailScanner4.85.2-3 >> >> >> >> Thank you in advance >> >> >> >> Logs below: >> >> >> >> Jan 10 12:52:47 zimbra /postfix-script[8394]: refreshing the Postfix mail >> system >> >> Jan 10 12:52:47 zimbra postfix/master[23699]: reload -- version 3.1.1, >> configuration /opt/zimbra/common/conf >> >> Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: connect from >> unknown[10.1.253.245] >> >> Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: Anonymous TLS >> connection established from unknown[10.1.253.245]: TLSv1.2 with cipher >> ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) >> >> Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: NOQUEUE: filter: RCPT >> from unknown[10.1.253.245]: : Sender >> address triggers FILTER smtp-amavis:[127.0.0.1]:10026; >> from= to= >> proto=ESMTP helo= >> >> Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: DC948A2BF3: >> client=unknown[10.1.253.245], sasl_method=LOGIN, >> sasl_username=admin at zimbra.imperialhotels.com >> >> Jan 10 12:53:02 zimbra postfix/cleanup[8424]: DC948A2BF3: hold: header >> Received: from N4200007325 (unknown [10.1.253.245])??by >> zimbra.imperialhotels.com (Postfix) with ESMTPSA id DC948A2BF3??for >> ; Tue, 10 Jan 2017 12:53:02 +0700 (ICT) >> from unknown[10.1.253.245]; from= >> to= proto=ESMTP helo= >> >> Jan 10 12:53:02 zimbra postfix/cleanup[8424]: DC948A2BF3: >> message-id=<004f01d26b05$d374c760$7a5e5620$@zimbra.imperialhotels.com> >> >> Jan 10 12:53:04 zimbra MailScanner[30580]: New Batch: Scanning 1 messages, >> 3580 bytes >> >> Jan 10 12:53:04 zimbra MailScanner[30580]: Virus and Content Scanning: >> Starting >> >> Jan 10 12:53:04 zimbra MailScanner[30580]: Requeue: DC948A2BF3.A9381 to >> 05C31A2BFA >> >> Jan 10 12:53:04 zimbra MailScanner[30580]: Uninfected: Delivered 1 messages >> >> Jan 10 12:53:04 zimbra postfix/qmgr[8399]: 05C31A2BFA: >> from=, size=2775, nrcpt=1 (queue active) >> >> Jan 10 12:53:04 zimbra MailScanner[30580]: Deleted 1 messages from >> processing-database >> >> Jan 10 12:53:04 zimbra MailScanner[30580]: Logging message DC948A2BF3.A9381 >> to SQL >> >> Jan 10 12:53:04 zimbra postfix/dkimmilter/smtpd[8428]: connect from >> localhost[127.0.0.1] >> >> Jan 10 12:53:04 zimbra postfix/dkimmilter/smtpd[8428]: 70057A2BF3: >> client=localhost[127.0.0.1] >> >> Jan 10 12:53:04 zimbra postfix/cleanup[8424]: 70057A2BF3: hold: header >> Received: from loca >> >> lhost (localhost [127.0.0.1])??by zimbra.imperialhotels.com (Postfix) with >> ESMTP id 70057A2BF3??for ; Tue, 10 Jan 2017 >> 12:53:04 +0700 (ICT) from localhost[127.0.0.1]; >> from= to= >> proto=ESMTP helo= >> >> Jan 10 12:53:04 zimbra postfix/cleanup[8424]: 70057A2BF3: >> message-id=<004f01d26b05$d374c760$7a5e5620$@zimbra.imperialhotels.com> >> >> Jan 10 12:53:04 zimbra postfix/dkimmilter/smtpd[8428]: disconnect from >> localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 >> >> Jan 10 12:53:04 zimbra postfix/smtp[8426]: 05C31A2BFA: >> to=, relay=127.0.0.1[127.0.0.1]:10026, >> delay=1.7, delays=1.4/0.03/0.02/0.32, dsn=2.0.0, status=sent (250 2.0.0 from >> MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 70057A2BF3) >> >> Jan 10 12:53:04 zimbra postfix/qmgr[8399]: 05C31A2BFA: removed >> >> Jan 10 12:53:04 zimbra MailScanner[30403]: New Batch: Scanning 1 messages, >> 4373 bytes >> >> Jan 10 12:53:04 zimbra MailScanner[30403]: Requeue: 70057A2BF3.ADBEC to >> 7BF78A2BFA >> >> Jan 10 12:53:04 zimbra MailScanner[30403]: Unscanned: Delivered 1 messages >> >> Jan 10 12:53:04 zimbra postfix/qmgr[8399]: 7BF78A2BFA: >> from=, size=3599, nrcpt=1 (queue active) >> >> Jan 10 12:53:04 zimbra MailScanner[30403]: Deleted 1 messages from >> processing-database >> >> Jan 10 12:53:04 zimbra MailScanner[30403]: Logging message 70057A2BF3.ADBEC >> to SQL >> >> Jan 10 12:53:05 zimbra postfix/submission/smtpd[8418]: disconnect from >> unknown[10.1.253.245] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 >> commands=8 >> >> Jan 10 12:53:14 zimbra postfix/amavisd/smtpd[8438]: connect from >> localhost[127.0.0.1] >> >> Jan 10 12:53:14 zimbra postfix/amavisd/smtpd[8438]: AEF48A2BF3: >> client=localhost[127.0.0.1] >> >> Jan 10 12:53:14 zimbra postfix/cleanup[8424]: AEF48A2BF3: >> message-id=<004f01d26b05$d374c760$7a5e5620$@zimbra.imperialhotels.com> >> >> Jan 10 12:53:14 zimbra postfix/amavisd/smtpd[8438]: disconnect from >> localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 >> >> Jan 10 12:53:14 zimbra postfix/qmgr[8399]: AEF48A2BF3: >> from=, size=4209, nrcpt=1 (queue active) >> >> Jan 10 12:53:14 zimbra postfix/smtp[8426]: 7BF78A2BFA: >> to=, relay=127.0.0.1[127.0.0.1]:10032, >> delay=10, delays=0.17/0/0.02/10, dsn=2.0.0, status=sent (250 2.0.0 from >> MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as AEF48A2BF3) >> >> Jan 10 12:53:14 zimbra postfix/qmgr[8399]: 7BF78A2BFA: removed >> >> Jan 10 12:53:15 zimbra postfix/lmtp[8439]: AEF48A2BF3: >> to=, >> relay=zimbra.imperialhotels.com[10.1.253.2]:7025, delay=0.92, >> delays=0.07/0.04/0.11/0.71, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK) >> >> Jan 10 12:53:15 zimbra postfix/qmgr[8399]: AEF48A2BF3: removed >> >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > From jlovejoy at lovejoytech.com Tue Jan 10 14:57:46 2017 From: jlovejoy at lovejoytech.com (James Lovejoy) Date: Tue, 10 Jan 2017 09:57:46 -0500 Subject: MailScanner Scan Twice (Intergrate with Zimbra) In-Reply-To: <7074b593-7e57-94e4-2e05-c90060fe65c1@lovejoytech.com> References: <7074b593-7e57-94e4-2e05-c90060fe65c1@lovejoytech.com> Message-ID: <6b3e9867-eb2e-bfe9-34a2-56b70643ad8f@lovejoytech.com> Apologies for wrong thread, that was supposed to be in response to Garry's inquiry. On 1/10/2017 9:56 AM, James Lovejoy wrote: > I found 1.3.6 at the following location: > > http://www.sourcefiles.org/Internet/Mail/Utilities/Other_Scripts/smtp-vilter-1.3.6.tgz > > On 1/10/2017 4:53 AM, Marcelo Machado wrote: >> Hi Rin. >> >> If you are using the "/ ^ Received: / HOLD" line in the header_checks >> file, try instead to use the "static:hold" parameter in the >> smtpd_recipient_restrictions.cf file like below: >> >> ... >> permit_sasl_authenticated >> permit_mynetworks >> reject_unlisted_recipient >> static:hold >> ... >> >> For me this solved this problem. >> >> Marcelo Gomes >> >> 2017-01-10 4:15 GMT-02:00 Rin Pisarn : >>> Hello, >>> >>> >>> >>> We have been using MailScanner for many years along with Zimbra but after we >>> install new CentOS6.5 with Zimbra 8.7.1 integrate with MailScanner 5.0.3-7. >>> The problem is MailScanner scans a message twice and mailwatch logs 2 >>> messages. Can you point me the direction of this cause and solution, please? >>> >>> >>> >>> Note : No problem with the old Zimbra 7.1.4 and MailScanner4.85.2-3 >>> >>> >>> >>> Thank you in advance >>> >>> >>> >>> Logs below: >>> >>> >>> >>> Jan 10 12:52:47 zimbra /postfix-script[8394]: refreshing the Postfix mail >>> system >>> >>> Jan 10 12:52:47 zimbra postfix/master[23699]: reload -- version 3.1.1, >>> configuration /opt/zimbra/common/conf >>> >>> Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: connect from >>> unknown[10.1.253.245] >>> >>> Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: Anonymous TLS >>> connection established from unknown[10.1.253.245]: TLSv1.2 with cipher >>> ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) >>> >>> Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: NOQUEUE: filter: RCPT >>> from unknown[10.1.253.245]: : Sender >>> address triggers FILTER smtp-amavis:[127.0.0.1]:10026; >>> from= to= >>> proto=ESMTP helo= >>> >>> Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: DC948A2BF3: >>> client=unknown[10.1.253.245], sasl_method=LOGIN, >>> sasl_username=admin at zimbra.imperialhotels.com >>> >>> Jan 10 12:53:02 zimbra postfix/cleanup[8424]: DC948A2BF3: hold: header >>> Received: from N4200007325 (unknown [10.1.253.245])??by >>> zimbra.imperialhotels.com (Postfix) with ESMTPSA id DC948A2BF3??for >>> ; Tue, 10 Jan 2017 12:53:02 +0700 (ICT) >>> from unknown[10.1.253.245]; from= >>> to= proto=ESMTP helo= >>> >>> Jan 10 12:53:02 zimbra postfix/cleanup[8424]: DC948A2BF3: >>> message-id=<004f01d26b05$d374c760$7a5e5620$@zimbra.imperialhotels.com> >>> >>> Jan 10 12:53:04 zimbra MailScanner[30580]: New Batch: Scanning 1 messages, >>> 3580 bytes >>> >>> Jan 10 12:53:04 zimbra MailScanner[30580]: Virus and Content Scanning: >>> Starting >>> >>> Jan 10 12:53:04 zimbra MailScanner[30580]: Requeue: DC948A2BF3.A9381 to >>> 05C31A2BFA >>> >>> Jan 10 12:53:04 zimbra MailScanner[30580]: Uninfected: Delivered 1 messages >>> >>> Jan 10 12:53:04 zimbra postfix/qmgr[8399]: 05C31A2BFA: >>> from=, size=2775, nrcpt=1 (queue active) >>> >>> Jan 10 12:53:04 zimbra MailScanner[30580]: Deleted 1 messages from >>> processing-database >>> >>> Jan 10 12:53:04 zimbra MailScanner[30580]: Logging message DC948A2BF3.A9381 >>> to SQL >>> >>> Jan 10 12:53:04 zimbra postfix/dkimmilter/smtpd[8428]: connect from >>> localhost[127.0.0.1] >>> >>> Jan 10 12:53:04 zimbra postfix/dkimmilter/smtpd[8428]: 70057A2BF3: >>> client=localhost[127.0.0.1] >>> >>> Jan 10 12:53:04 zimbra postfix/cleanup[8424]: 70057A2BF3: hold: header >>> Received: from loca >>> >>> lhost (localhost [127.0.0.1])??by zimbra.imperialhotels.com (Postfix) with >>> ESMTP id 70057A2BF3??for ; Tue, 10 Jan 2017 >>> 12:53:04 +0700 (ICT) from localhost[127.0.0.1]; >>> from= to= >>> proto=ESMTP helo= >>> >>> Jan 10 12:53:04 zimbra postfix/cleanup[8424]: 70057A2BF3: >>> message-id=<004f01d26b05$d374c760$7a5e5620$@zimbra.imperialhotels.com> >>> >>> Jan 10 12:53:04 zimbra postfix/dkimmilter/smtpd[8428]: disconnect from >>> localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 >>> >>> Jan 10 12:53:04 zimbra postfix/smtp[8426]: 05C31A2BFA: >>> to=, relay=127.0.0.1[127.0.0.1]:10026, >>> delay=1.7, delays=1.4/0.03/0.02/0.32, dsn=2.0.0, status=sent (250 2.0.0 from >>> MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 70057A2BF3) >>> >>> Jan 10 12:53:04 zimbra postfix/qmgr[8399]: 05C31A2BFA: removed >>> >>> Jan 10 12:53:04 zimbra MailScanner[30403]: New Batch: Scanning 1 messages, >>> 4373 bytes >>> >>> Jan 10 12:53:04 zimbra MailScanner[30403]: Requeue: 70057A2BF3.ADBEC to >>> 7BF78A2BFA >>> >>> Jan 10 12:53:04 zimbra MailScanner[30403]: Unscanned: Delivered 1 messages >>> >>> Jan 10 12:53:04 zimbra postfix/qmgr[8399]: 7BF78A2BFA: >>> from=, size=3599, nrcpt=1 (queue active) >>> >>> Jan 10 12:53:04 zimbra MailScanner[30403]: Deleted 1 messages from >>> processing-database >>> >>> Jan 10 12:53:04 zimbra MailScanner[30403]: Logging message 70057A2BF3.ADBEC >>> to SQL >>> >>> Jan 10 12:53:05 zimbra postfix/submission/smtpd[8418]: disconnect from >>> unknown[10.1.253.245] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 >>> commands=8 >>> >>> Jan 10 12:53:14 zimbra postfix/amavisd/smtpd[8438]: connect from >>> localhost[127.0.0.1] >>> >>> Jan 10 12:53:14 zimbra postfix/amavisd/smtpd[8438]: AEF48A2BF3: >>> client=localhost[127.0.0.1] >>> >>> Jan 10 12:53:14 zimbra postfix/cleanup[8424]: AEF48A2BF3: >>> message-id=<004f01d26b05$d374c760$7a5e5620$@zimbra.imperialhotels.com> >>> >>> Jan 10 12:53:14 zimbra postfix/amavisd/smtpd[8438]: disconnect from >>> localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 >>> >>> Jan 10 12:53:14 zimbra postfix/qmgr[8399]: AEF48A2BF3: >>> from=, size=4209, nrcpt=1 (queue active) >>> >>> Jan 10 12:53:14 zimbra postfix/smtp[8426]: 7BF78A2BFA: >>> to=, relay=127.0.0.1[127.0.0.1]:10032, >>> delay=10, delays=0.17/0/0.02/10, dsn=2.0.0, status=sent (250 2.0.0 from >>> MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as AEF48A2BF3) >>> >>> Jan 10 12:53:14 zimbra postfix/qmgr[8399]: 7BF78A2BFA: removed >>> >>> Jan 10 12:53:15 zimbra postfix/lmtp[8439]: AEF48A2BF3: >>> to=, >>> relay=zimbra.imperialhotels.com[10.1.253.2]:7025, delay=0.92, >>> delays=0.07/0.04/0.11/0.71, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK) >>> >>> Jan 10 12:53:15 zimbra postfix/qmgr[8399]: AEF48A2BF3: removed >>> >>> >>> >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> >> >> From danita at caledonia.net Tue Jan 10 16:23:05 2017 From: danita at caledonia.net (Danita Zanre) Date: Tue, 10 Jan 2017 10:23:05 -0600 Subject: Offensive spam leaking through Message-ID: I have the KAM rules loaded, and I am getting some pretty offensive spam with the F-word in the subject line leaking through - the rule should definitely catch it. ?But the headers are interesting. SpamCheck: not spam, SpamAssassin (not cached, score=0.003, required 4, autolearn=not spam, HTML_MESSAGE 0.00, MSGID_FROM_MTA_HEADER 0.00, URIBL_BLOCKED 0.00 That one doesn?t have a timeout, is the URIBL_BLOCKED causing the whole thing to fail to scan? SpamCheck: not spam, SpamAssassin (not cached, score=2.602, required 4, ALL_TRUSTED 0.10, HTML_MESSAGE 0.00, KAM_BADPHP 2.50, MSGID_FROM_MTA_HEADER 0.00) This one hit a KAM rule, but despite the subject line having a banned word in it, the Explicit Sex rule didn?t hit. ?Any ideas? Thanks Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Tue Jan 10 17:03:08 2017 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 10 Jan 2017 09:03:08 -0800 Subject: ICAP Support for MS? In-Reply-To: <1ed33e31-cc36-66af-a557-b4b3be2cb5a0@glendown.de> References: <2ebee921-4ce9-9bf2-ea44-699031788281@glendown.de> <1ed33e31-cc36-66af-a557-b4b3be2cb5a0@glendown.de> Message-ID: On 01/09/2017 11:45 PM, Garry Glendown wrote: >> >> while doing a Sandbox setup for a customer, I was looking into whether >> there is an easy way to implement ICAP-scanning into their MS >> installation ... so far, without success ... haven't been able to find >> any way ... am I missing anything? Hard to say without knowing what you've tried. > P.S - came across one milter - smtp-vilter - which is supposed to have > ICAP support, but the download page for the sources doesn't exist > anymore ... haven't been able to find any mirrors, though, even if it > seems to be included in some *BSD distris ... anybody have an idea where > I can get a hold of it? Try . -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From jlovejoy at lovejoytech.com Tue Jan 10 17:11:44 2017 From: jlovejoy at lovejoytech.com (James Lovejoy) Date: Tue, 10 Jan 2017 12:11:44 -0500 Subject: ICAP Support for MS? In-Reply-To: <1ed33e31-cc36-66af-a557-b4b3be2cb5a0@glendown.de> References: <2ebee921-4ce9-9bf2-ea44-699031788281@glendown.de> <1ed33e31-cc36-66af-a557-b4b3be2cb5a0@glendown.de> Message-ID: <6898cea3-57bc-2219-33b8-1831b34ab4ba@lovejoytech.com> I had replied to a different thread (mistakenly) with this earlier. I found 1.3.6 at the following location: http://www.sourcefiles.org/Internet/Mail/Utilities/Other_Scripts/smtp-vilter-1.3.6.tgz On 1/10/2017 2:45 AM, Garry Glendown wrote: > Guten Tag, >> Hi, >> >> while doing a Sandbox setup for a customer, I was looking into whether >> there is an easy way to implement ICAP-scanning into their MS >> installation ... so far, without success ... haven't been able to find >> any way ... am I missing anything? > P.S - came across one milter - smtp-vilter - which is supposed to have > ICAP support, but the download page for the sources doesn't exist > anymore ... haven't been able to find any mirrors, though, even if it > seems to be included in some *BSD distris ... anybody have an idea where > I can get a hold of it? > Thanks! > -- > > PGP Fingerprint: A79F A33F 5B13 BEB7 A51D 274F F99C 3AE2 4BCB 7015 > > > > > From mark at msapiro.net Tue Jan 10 18:17:21 2017 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 10 Jan 2017 10:17:21 -0800 Subject: ICAP Support for MS? In-Reply-To: References: <2ebee921-4ce9-9bf2-ea44-699031788281@glendown.de> <1ed33e31-cc36-66af-a557-b4b3be2cb5a0@glendown.de> Message-ID: <8e1b4522-9117-3637-20fd-f26399356783@msapiro.net> On 01/10/2017 09:03 AM, Mark Sapiro wrote: > > Try > . Sorry, that won't work. There are several versions of the index page including the above at web.archive.org, but the actual linked .tgz files aren't there. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From danita at caledonia.net Tue Jan 10 20:05:27 2017 From: danita at caledonia.net (Danita Zanre) Date: Tue, 10 Jan 2017 14:05:27 -0600 Subject: Offensive spam leaking through In-Reply-To: References: Message-ID: Hmmm - my blacklists (SQL) no longer seem to be working - that accounts for a LOT of what I?m seeing. ? ?I cannot figure out why it has just stopped working through SQL - so I reenabled the file blacklist, and that?s working again. ?What should I be looking for here? Thanks! Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office On January 10, 2017 at 10:23:05 AM, Danita Zanre (danita at caledonia.net) wrote: I have the KAM rules loaded, and I am getting some pretty offensive spam with the F-word in the subject line leaking through - the rule should definitely catch it. ?But the headers are interesting. SpamCheck: not spam, SpamAssassin (not cached, score=0.003, required 4, autolearn=not spam, HTML_MESSAGE 0.00, MSGID_FROM_MTA_HEADER 0.00, URIBL_BLOCKED 0.00 That one doesn?t have a timeout, is the URIBL_BLOCKED causing the whole thing to fail to scan? SpamCheck: not spam, SpamAssassin (not cached, score=2.602, required 4, ALL_TRUSTED 0.10, HTML_MESSAGE 0.00, KAM_BADPHP 2.50, MSGID_FROM_MTA_HEADER 0.00) This one hit a KAM rule, but despite the subject line having a banned word in it, the Explicit Sex rule didn?t hit. ?Any ideas? Thanks Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office -------------- next part -------------- An HTML attachment was scrubbed... URL: From pparsons at techeez.com Tue Jan 10 22:59:25 2017 From: pparsons at techeez.com (Philip Parsons) Date: Tue, 10 Jan 2017 22:59:25 +0000 Subject: For testing purposes I want to disable all available scanning of messages in MailScanner Message-ID: <11D8E491D9562549A61FD3186F363420028521E653@exchange.techeez.com> Are these all of the settings..or is there anymore? Virus Scanning = no Dangerous Content Scanning = no Spam Checks = no Use SpamAssassin = no MCP Checks = no Thank you. Philip Parsons IT Specialist Techeez IT Consulting 250-818-2879 Skype ID: techeez www.techeez.com "Making IT easy" IMPORTANT NOTICE This e-mail is confidential, may be legally privileged, and is for the intended recipient only. Access, disclosure, copying and distribution or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and e-mail confirmation to the sender. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Wed Jan 11 02:12:38 2017 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 10 Jan 2017 21:12:38 -0500 Subject: For testing purposes I want to disable all available scanning of messages in MailScanner In-Reply-To: <11D8E491D9562549A61FD3186F363420028521E653@exchange.techeez.com> References: <11D8E491D9562549A61FD3186F363420028521E653@exchange.techeez.com> Message-ID: The big knob is ?Scan Messages" - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Jan 10, 2017, at 5:59 PM, Philip Parsons wrote: > > Are these all of the settings..or is there anymore? > > Virus Scanning = no > Dangerous Content Scanning = no > Spam Checks = no > Use SpamAssassin = no > MCP Checks = no > > > Thank you. > Philip Parsons > IT Specialist > Techeez IT Consulting > 250-818-2879 > Skype ID: techeez > www.techeez.com "Making IT easy" > > IMPORTANT NOTICE > This e-mail is confidential, may be legally privileged, and is for the intended recipient only. Access, disclosure, copying and distribution or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and e-mail confirmation to the sender. > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From rin2013 at outlook.com Wed Jan 11 02:59:05 2017 From: rin2013 at outlook.com (Rin Pisarn) Date: Wed, 11 Jan 2017 02:59:05 +0000 Subject: MailScanner Scan Twice (Intergrate with Zimbra) In-Reply-To: References: Message-ID: Hi Gomes, Thanks for the solution, unfortunately disable the HOLD in header_checks and enable static:hold in smtp_recipient_restrictions.cf seems that mailscanner not scans at all. Please advise Thanks Rin Logs below Jan 11 09:10:24 zimbra postfix/submission/smtpd[28150]: connect from unknown[10.1.253.245]Jan 11 09:10:24 zimbra postfix/submission/smtpd[28150]: Anonymous TLS connection established from unknown[10.1.253.245]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Jan 11 09:10:25 zimbra postfix/submission/smtpd[28150]: NOQUEUE: filter: RCPT from unknown[10.1.253.245]: : Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from= to= proto=ESMTP helo= Jan 11 09:10:25 zimbra postfix/submission/smtpd[28150]: 5283CA2709: client=unknown[10.1.253.245], sasl_method=LOGIN, sasl_username=admin at zimbra.imperialhotels.com Jan 11 09:10:25 zimbra postfix/cleanup[28166]: 5283CA2709: message-id=<004101d26baf$df1e7610$9d5b6230$@zimbra.imperialhotels.com> Jan 11 09:10:25 zimbra postfix/qmgr[16289]: 5283CA2709: from=, size=2775, nrcpt=1 (queue active) Jan 11 09:10:26 zimbra postfix/dkimmilter/smtpd[28169]: connect from localhost[127.0.0.1] Jan 11 09:10:26 zimbra postfix/dkimmilter/smtpd[28169]: 26ECCA2C03: client=localhost[127.0.0.1]Jan 11 09:10:26 zimbra postfix/cleanup[28166]: 26ECCA2C03: message-d=<004101d26baf$df1e7610$9d5b6230$@zimbra.imperialhotels.com> Jan 11 09:10:26 zimbra postfix/qmgr[16289]: 26ECCA2C03: from=, size=3308, nrcpt=1 (queue active) Jan 11 09:10:26 zimbra postfix/dkimmilter/smtpd[28169]: disconnect from localhost[127.0.0. 1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5Jan 11 09:10:26 zimbra postfix/smtp[28167]: 5283CA2709: to=, relay=127.0.0.1 [127.0.0.1]:10026, delay=1, delays=0.23/0.12/0.06/0.61, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 26ECCA2C03) Jan 11 09:10:26 zimbra postfix/qmgr[16289]: 5283CA2709: removed Jan 11 09:10:27 zimbra postfix/submission/smtpd[28150]: disconnect from unknown[10.1.253.245] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8 -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+rin2013=outlook.com at lists.mailscanner.info] On Behalf Of Marcelo Machado Sent: Tuesday, January 10, 2017 4:53 PM To: MailScanner Discussion ; MailScanner Discussion Subject: Re: MailScanner Scan Twice (Intergrate with Zimbra) Hi Rin. If you are using the "/ ^ Received: / HOLD" line in the header_checks file, try instead to use the "static:hold" parameter in the smtpd_recipient_restrictions.cf file like below: ... permit_sasl_authenticated permit_mynetworks reject_unlisted_recipient static:hold ... For me this solved this problem. Marcelo Gomes 2017-01-10 4:15 GMT-02:00 Rin Pisarn : > Hello, > > > > We have been using MailScanner for many years along with Zimbra but > after we install new CentOS6.5 with Zimbra 8.7.1 integrate with MailScanner 5.0.3-7. > The problem is MailScanner scans a message twice and mailwatch logs 2 > messages. Can you point me the direction of this cause and solution, please? > > > > Note : No problem with the old Zimbra 7.1.4 and MailScanner4.85.2-3 > > > > Thank you in advance > > > > Logs below: > > > > Jan 10 12:52:47 zimbra /postfix-script[8394]: refreshing the Postfix > mail system > > Jan 10 12:52:47 zimbra postfix/master[23699]: reload -- version 3.1.1, > configuration /opt/zimbra/common/conf > > Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: connect from > unknown[10.1.253.245] > > Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: Anonymous TLS > connection established from unknown[10.1.253.245]: TLSv1.2 with cipher > ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) > > Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: NOQUEUE: > filter: RCPT from unknown[10.1.253.245]: > : Sender address triggers FILTER > smtp-amavis:[127.0.0.1]:10026; from= > to= > proto=ESMTP helo= > > Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: DC948A2BF3: > client=unknown[10.1.253.245], sasl_method=LOGIN, > sasl_username=admin at zimbra.imperialhotels.com > > Jan 10 12:53:02 zimbra postfix/cleanup[8424]: DC948A2BF3: hold: header > Received: from N4200007325 (unknown [10.1.253.245])??by > zimbra.imperialhotels.com (Postfix) with ESMTPSA id DC948A2BF3??for > ; Tue, 10 Jan 2017 12:53:02 +0700 > (ICT) from unknown[10.1.253.245]; > from= > to= proto=ESMTP helo= > > Jan 10 12:53:02 zimbra postfix/cleanup[8424]: DC948A2BF3: > message-id=<004f01d26b05$d374c760$7a5e5620$@zimbra.imperialhotels.com> > > Jan 10 12:53:04 zimbra MailScanner[30580]: New Batch: Scanning 1 > messages, > 3580 bytes > > Jan 10 12:53:04 zimbra MailScanner[30580]: Virus and Content Scanning: > Starting > > Jan 10 12:53:04 zimbra MailScanner[30580]: Requeue: DC948A2BF3.A9381 > to 05C31A2BFA > > Jan 10 12:53:04 zimbra MailScanner[30580]: Uninfected: Delivered 1 > messages > > Jan 10 12:53:04 zimbra postfix/qmgr[8399]: 05C31A2BFA: > from=, size=2775, nrcpt=1 (queue > active) > > Jan 10 12:53:04 zimbra MailScanner[30580]: Deleted 1 messages from > processing-database > > Jan 10 12:53:04 zimbra MailScanner[30580]: Logging message > DC948A2BF3.A9381 to SQL > > Jan 10 12:53:04 zimbra postfix/dkimmilter/smtpd[8428]: connect from > localhost[127.0.0.1] > > Jan 10 12:53:04 zimbra postfix/dkimmilter/smtpd[8428]: 70057A2BF3: > client=localhost[127.0.0.1] > > Jan 10 12:53:04 zimbra postfix/cleanup[8424]: 70057A2BF3: hold: header > Received: from loca > > lhost (localhost [127.0.0.1])??by zimbra.imperialhotels.com (Postfix) > with ESMTP id 70057A2BF3??for ; Tue, > 10 Jan 2017 > 12:53:04 +0700 (ICT) from localhost[127.0.0.1]; > from= > to= > proto=ESMTP helo= > > Jan 10 12:53:04 zimbra postfix/cleanup[8424]: 70057A2BF3: > message-id=<004f01d26b05$d374c760$7a5e5620$@zimbra.imperialhotels.com> > > Jan 10 12:53:04 zimbra postfix/dkimmilter/smtpd[8428]: disconnect from > localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 > > Jan 10 12:53:04 zimbra postfix/smtp[8426]: 05C31A2BFA: > to=, > relay=127.0.0.1[127.0.0.1]:10026, delay=1.7, > delays=1.4/0.03/0.02/0.32, dsn=2.0.0, status=sent (250 2.0.0 from > MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 70057A2BF3) > > Jan 10 12:53:04 zimbra postfix/qmgr[8399]: 05C31A2BFA: removed > > Jan 10 12:53:04 zimbra MailScanner[30403]: New Batch: Scanning 1 > messages, > 4373 bytes > > Jan 10 12:53:04 zimbra MailScanner[30403]: Requeue: 70057A2BF3.ADBEC > to 7BF78A2BFA > > Jan 10 12:53:04 zimbra MailScanner[30403]: Unscanned: Delivered 1 > messages > > Jan 10 12:53:04 zimbra postfix/qmgr[8399]: 7BF78A2BFA: > from=, size=3599, nrcpt=1 (queue > active) > > Jan 10 12:53:04 zimbra MailScanner[30403]: Deleted 1 messages from > processing-database > > Jan 10 12:53:04 zimbra MailScanner[30403]: Logging message > 70057A2BF3.ADBEC to SQL > > Jan 10 12:53:05 zimbra postfix/submission/smtpd[8418]: disconnect from > unknown[10.1.253.245] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 > quit=1 > commands=8 > > Jan 10 12:53:14 zimbra postfix/amavisd/smtpd[8438]: connect from > localhost[127.0.0.1] > > Jan 10 12:53:14 zimbra postfix/amavisd/smtpd[8438]: AEF48A2BF3: > client=localhost[127.0.0.1] > > Jan 10 12:53:14 zimbra postfix/cleanup[8424]: AEF48A2BF3: > message-id=<004f01d26b05$d374c760$7a5e5620$@zimbra.imperialhotels.com> > > Jan 10 12:53:14 zimbra postfix/amavisd/smtpd[8438]: disconnect from > localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 > > Jan 10 12:53:14 zimbra postfix/qmgr[8399]: AEF48A2BF3: > from=, size=4209, nrcpt=1 (queue > active) > > Jan 10 12:53:14 zimbra postfix/smtp[8426]: 7BF78A2BFA: > to=, > relay=127.0.0.1[127.0.0.1]:10032, delay=10, delays=0.17/0/0.02/10, > dsn=2.0.0, status=sent (250 2.0.0 from > MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as AEF48A2BF3) > > Jan 10 12:53:14 zimbra postfix/qmgr[8399]: 7BF78A2BFA: removed > > Jan 10 12:53:15 zimbra postfix/lmtp[8439]: AEF48A2BF3: > to=, > relay=zimbra.imperialhotels.com[10.1.253.2]:7025, delay=0.92, > delays=0.07/0.04/0.11/0.71, dsn=2.1.5, status=sent (250 2.1.5 Delivery > OK) > > Jan 10 12:53:15 zimbra postfix/qmgr[8399]: AEF48A2BF3: removed > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From mmgomess at gmail.com Wed Jan 11 10:13:41 2017 From: mmgomess at gmail.com (Marcelo Machado) Date: Wed, 11 Jan 2017 08:13:41 -0200 Subject: MailScanner Scan Twice (Intergrate with Zimbra) In-Reply-To: References: Message-ID: Sorry Sin. I thought you wanted to check only incoming messages. To scan all messages put "static:hold" in smtp_recipient_restrictions.cf before "permit_mynetworks" and "permit_sasl_authenticated" like below: ... static:hold permit_mynetworks permit_sasl_authenticated permit_tls_clientcerts ... Marcelo Gomes 2017-01-11 0:59 GMT-02:00 Rin Pisarn : > Hi Gomes, > > Thanks for the solution, unfortunately disable the HOLD in header_checks and > enable static:hold in smtp_recipient_restrictions.cf seems that mailscanner > not scans at all. Please advise > > Thanks > Rin > > Logs below > > Jan 11 09:10:24 zimbra postfix/submission/smtpd[28150]: connect from > unknown[10.1.253.245]Jan 11 09:10:24 zimbra postfix/submission/smtpd[28150]: > Anonymous TLS connection established from unknown[10.1.253.245]: TLSv1.2 > with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) > Jan 11 09:10:25 zimbra postfix/submission/smtpd[28150]: NOQUEUE: filter: > RCPT from unknown[10.1.253.245]: : Sender > address triggers FILTER smtp-amavis:[127.0.0.1]:10026; > from= to= > proto=ESMTP helo= > Jan 11 09:10:25 zimbra postfix/submission/smtpd[28150]: 5283CA2709: > client=unknown[10.1.253.245], sasl_method=LOGIN, > sasl_username=admin at zimbra.imperialhotels.com > Jan 11 09:10:25 zimbra postfix/cleanup[28166]: 5283CA2709: > message-id=<004101d26baf$df1e7610$9d5b6230$@zimbra.imperialhotels.com> > Jan 11 09:10:25 zimbra postfix/qmgr[16289]: 5283CA2709: > from=, size=2775, nrcpt=1 (queue active) > Jan 11 09:10:26 zimbra postfix/dkimmilter/smtpd[28169]: connect from > localhost[127.0.0.1] > Jan 11 09:10:26 zimbra postfix/dkimmilter/smtpd[28169]: 26ECCA2C03: > client=localhost[127.0.0.1]Jan 11 09:10:26 zimbra postfix/cleanup[28166]: > 26ECCA2C03: > message-d=<004101d26baf$df1e7610$9d5b6230$@zimbra.imperialhotels.com> > Jan 11 09:10:26 zimbra postfix/qmgr[16289]: 26ECCA2C03: > from=, size=3308, nrcpt=1 (queue active) > Jan 11 09:10:26 zimbra postfix/dkimmilter/smtpd[28169]: disconnect from > localhost[127.0.0. > 1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5Jan 11 09:10:26 zimbra > postfix/smtp[28167]: 5283CA2709: to=, > relay=127.0.0.1 [127.0.0.1]:10026, delay=1, delays=0.23/0.12/0.06/0.61, > dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 > 2.0.0 Ok: queued as 26ECCA2C03) > Jan 11 09:10:26 zimbra postfix/qmgr[16289]: 5283CA2709: removed > Jan 11 09:10:27 zimbra postfix/submission/smtpd[28150]: disconnect from > unknown[10.1.253.245] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 > commands=8 > > > -----Original Message----- > From: MailScanner > [mailto:mailscanner-bounces+rin2013=outlook.com at lists.mailscanner.info] On > Behalf Of Marcelo Machado > Sent: Tuesday, January 10, 2017 4:53 PM > To: MailScanner Discussion ; MailScanner > Discussion > Subject: Re: MailScanner Scan Twice (Intergrate with Zimbra) > > Hi Rin. > > If you are using the "/ ^ Received: / HOLD" line in the header_checks file, > try instead to use the "static:hold" parameter in the > smtpd_recipient_restrictions.cf file like below: > > ... > permit_sasl_authenticated > permit_mynetworks > reject_unlisted_recipient > static:hold > ... > > For me this solved this problem. > > Marcelo Gomes > > 2017-01-10 4:15 GMT-02:00 Rin Pisarn : >> Hello, >> >> >> >> We have been using MailScanner for many years along with Zimbra but >> after we install new CentOS6.5 with Zimbra 8.7.1 integrate with > MailScanner 5.0.3-7. >> The problem is MailScanner scans a message twice and mailwatch logs 2 >> messages. Can you point me the direction of this cause and solution, > please? >> >> >> >> Note : No problem with the old Zimbra 7.1.4 and MailScanner4.85.2-3 >> >> >> >> Thank you in advance >> >> >> >> Logs below: >> >> >> >> Jan 10 12:52:47 zimbra /postfix-script[8394]: refreshing the Postfix >> mail system >> >> Jan 10 12:52:47 zimbra postfix/master[23699]: reload -- version 3.1.1, >> configuration /opt/zimbra/common/conf >> >> Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: connect from >> unknown[10.1.253.245] >> >> Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: Anonymous TLS >> connection established from unknown[10.1.253.245]: TLSv1.2 with cipher >> ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) >> >> Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: NOQUEUE: >> filter: RCPT from unknown[10.1.253.245]: >> : Sender address triggers FILTER >> smtp-amavis:[127.0.0.1]:10026; from= >> to= >> proto=ESMTP helo= >> >> Jan 10 12:53:02 zimbra postfix/submission/smtpd[8418]: DC948A2BF3: >> client=unknown[10.1.253.245], sasl_method=LOGIN, >> sasl_username=admin at zimbra.imperialhotels.com >> >> Jan 10 12:53:02 zimbra postfix/cleanup[8424]: DC948A2BF3: hold: header >> Received: from N4200007325 (unknown [10.1.253.245])??by >> zimbra.imperialhotels.com (Postfix) with ESMTPSA id DC948A2BF3??for >> ; Tue, 10 Jan 2017 12:53:02 +0700 >> (ICT) from unknown[10.1.253.245]; >> from= >> to= proto=ESMTP helo= >> >> Jan 10 12:53:02 zimbra postfix/cleanup[8424]: DC948A2BF3: >> message-id=<004f01d26b05$d374c760$7a5e5620$@zimbra.imperialhotels.com> >> >> Jan 10 12:53:04 zimbra MailScanner[30580]: New Batch: Scanning 1 >> messages, >> 3580 bytes >> >> Jan 10 12:53:04 zimbra MailScanner[30580]: Virus and Content Scanning: >> Starting >> >> Jan 10 12:53:04 zimbra MailScanner[30580]: Requeue: DC948A2BF3.A9381 >> to 05C31A2BFA >> >> Jan 10 12:53:04 zimbra MailScanner[30580]: Uninfected: Delivered 1 >> messages >> >> Jan 10 12:53:04 zimbra postfix/qmgr[8399]: 05C31A2BFA: >> from=, size=2775, nrcpt=1 (queue >> active) >> >> Jan 10 12:53:04 zimbra MailScanner[30580]: Deleted 1 messages from >> processing-database >> >> Jan 10 12:53:04 zimbra MailScanner[30580]: Logging message >> DC948A2BF3.A9381 to SQL >> >> Jan 10 12:53:04 zimbra postfix/dkimmilter/smtpd[8428]: connect from >> localhost[127.0.0.1] >> >> Jan 10 12:53:04 zimbra postfix/dkimmilter/smtpd[8428]: 70057A2BF3: >> client=localhost[127.0.0.1] >> >> Jan 10 12:53:04 zimbra postfix/cleanup[8424]: 70057A2BF3: hold: header >> Received: from loca >> >> lhost (localhost [127.0.0.1])??by zimbra.imperialhotels.com (Postfix) >> with ESMTP id 70057A2BF3??for ; Tue, >> 10 Jan 2017 >> 12:53:04 +0700 (ICT) from localhost[127.0.0.1]; >> from= >> to= >> proto=ESMTP helo= >> >> Jan 10 12:53:04 zimbra postfix/cleanup[8424]: 70057A2BF3: >> message-id=<004f01d26b05$d374c760$7a5e5620$@zimbra.imperialhotels.com> >> >> Jan 10 12:53:04 zimbra postfix/dkimmilter/smtpd[8428]: disconnect from >> localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 >> >> Jan 10 12:53:04 zimbra postfix/smtp[8426]: 05C31A2BFA: >> to=, >> relay=127.0.0.1[127.0.0.1]:10026, delay=1.7, >> delays=1.4/0.03/0.02/0.32, dsn=2.0.0, status=sent (250 2.0.0 from >> MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 70057A2BF3) >> >> Jan 10 12:53:04 zimbra postfix/qmgr[8399]: 05C31A2BFA: removed >> >> Jan 10 12:53:04 zimbra MailScanner[30403]: New Batch: Scanning 1 >> messages, >> 4373 bytes >> >> Jan 10 12:53:04 zimbra MailScanner[30403]: Requeue: 70057A2BF3.ADBEC >> to 7BF78A2BFA >> >> Jan 10 12:53:04 zimbra MailScanner[30403]: Unscanned: Delivered 1 >> messages >> >> Jan 10 12:53:04 zimbra postfix/qmgr[8399]: 7BF78A2BFA: >> from=, size=3599, nrcpt=1 (queue >> active) >> >> Jan 10 12:53:04 zimbra MailScanner[30403]: Deleted 1 messages from >> processing-database >> >> Jan 10 12:53:04 zimbra MailScanner[30403]: Logging message >> 70057A2BF3.ADBEC to SQL >> >> Jan 10 12:53:05 zimbra postfix/submission/smtpd[8418]: disconnect from >> unknown[10.1.253.245] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 >> quit=1 >> commands=8 >> >> Jan 10 12:53:14 zimbra postfix/amavisd/smtpd[8438]: connect from >> localhost[127.0.0.1] >> >> Jan 10 12:53:14 zimbra postfix/amavisd/smtpd[8438]: AEF48A2BF3: >> client=localhost[127.0.0.1] >> >> Jan 10 12:53:14 zimbra postfix/cleanup[8424]: AEF48A2BF3: >> message-id=<004f01d26b05$d374c760$7a5e5620$@zimbra.imperialhotels.com> >> >> Jan 10 12:53:14 zimbra postfix/amavisd/smtpd[8438]: disconnect from >> localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 >> >> Jan 10 12:53:14 zimbra postfix/qmgr[8399]: AEF48A2BF3: >> from=, size=4209, nrcpt=1 (queue >> active) >> >> Jan 10 12:53:14 zimbra postfix/smtp[8426]: 7BF78A2BFA: >> to=, >> relay=127.0.0.1[127.0.0.1]:10032, delay=10, delays=0.17/0/0.02/10, >> dsn=2.0.0, status=sent (250 2.0.0 from >> MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as AEF48A2BF3) >> >> Jan 10 12:53:14 zimbra postfix/qmgr[8399]: 7BF78A2BFA: removed >> >> Jan 10 12:53:15 zimbra postfix/lmtp[8439]: AEF48A2BF3: >> to=, >> relay=zimbra.imperialhotels.com[10.1.253.2]:7025, delay=0.92, >> delays=0.07/0.04/0.11/0.71, dsn=2.1.5, status=sent (250 2.1.5 Delivery >> OK) >> >> Jan 10 12:53:15 zimbra postfix/qmgr[8399]: AEF48A2BF3: removed >> >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > From richard at fastnet.co.uk Wed Jan 11 12:47:31 2017 From: richard at fastnet.co.uk (Richard Mealing) Date: Wed, 11 Jan 2017 12:47:31 +0000 Subject: "random" spam - was: Fwd: Find an eBook reader and keep the reading alive In-Reply-To: References: <217523152221664221752573475118512493@4x21r856.widecentral.stream> <61d6cef5-5460-37c9-770b-6cdbb772e7dc@dld2000.com> Message-ID: <6EE47AF64C339A4F8F7F50507241B3795F84B6D9@BTN-EXCHANGE-V1.fastnet.local> > >-----Original Message----- >From: MailScanner [mailto:mailscanner-bounces+richard=fastnet.co.uk at lists.mailscanner.info] On Behalf Of Mark Sapiro >Sent: Thursday, January 5, 2017 00:15 >To: mailscanner at lists.mailscanner.info >Subject: Re: "random" spam - was: Fwd: Find an eBook reader and keep the reading alive > >On 01/04/2017 03:56 PM, Walt Thiessen wrote: >> >> The send domains are all different. The servers are all different. The >> IPs are all different. They end up on blacklists in due course, but by >> then they've moved on to their next "victim" server IP. >> >> Anyone else running into this stuff? Any idea how to block it? > > >I use Botnet in SpamAssassin - >It can help. You have to watch closely for a bit and possibly adjust the score, and you will still get occasional false positives, but I like it. Hi Mark, This seems to be working very well for me. I didn't know about this one. Do you recommend any other modules / plugins for SA? Thanks! Rich > >-- >Mark Sapiro The highway is for gamblers, >San Francisco Bay Area, California better use your sense - B. Dylan > > >-- >MailScanner mailing list >mailscanner at lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner From danita at caledonia.net Wed Jan 11 16:05:34 2017 From: danita at caledonia.net (Danita Zanre) Date: Wed, 11 Jan 2017 10:05:34 -0600 Subject: Odd SQL issues Message-ID: This morning we added more memory to our VM running MailScanner/MailWatch. ?After reboot, MailScanner logged that it was sending messages to SQL, but no new entries were in the database. Jan 11 07:03:38 xeams MailScanner[31417]: Logging message 92CB8EDE48.AF3D2 to SQL Here is where we rebooted Jan 11 07:09:16 xeams MailScanner[4361]: Started SQL Logging child Jan 11 07:09:22 xeams MailScanner[4878]: Started SQL Logging child Jan 11 07:09:27 xeams MailScanner[5348]: Started SQL Logging child Jan 11 07:09:33 xeams MailScanner[5621]: Started SQL Logging child Jan 11 07:09:38 xeams MailScanner[5788]: Started SQL Logging child Jan 11 07:12:27 xeams MailScanner[4878]: Logging message 209C7EDE37.AA97A to SQL Jan 11 07:12:27 xeams MailScanner[5348]: Logging message 04FF9EDE3F.AA21D to SQL Jan 11 07:12:27 xeams MailScanner[5348]: Logging message DF6B9EDE3C.ABB06 to SQL Jan 11 07:12:32 xeams MailScanner[5788]: Logging message 049DAEDE40.A9BBD to SQL Jan 11 07:13:13 xeams MailScanner[5621]: Logging message 7383EEDE41.AADEE to SQL I tried all kinds of things, and then ultimately turned Debug SQL = yes just to see if I could SEE anything. ?It started updating the database. ?I turned it back to Debug SQL = no and it stopped updating the database! ?I?m leaving it at ?yes? for now - but why would this even matter? ?Is there any other downside to leaving this on? ?I can?t even see where it is logging any kind of ?debug? info, but it?s keeping the database updates happening, so I?m not touching it! Thanks for any insights here. Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Wed Jan 11 18:00:24 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Wed, 11 Jan 2017 13:00:24 -0500 Subject: Odd SQL issues In-Reply-To: References: Message-ID: Danita, Is there a stuck lock on the mysql table(s)? I am currently trying to figure out an issue with Mailscanner/mysql which is why I ask. On Wed, Jan 11, 2017 at 11:05 AM, Danita Zanre wrote: > This morning we added more memory to our VM running > MailScanner/MailWatch. After reboot, MailScanner logged that it was > sending messages to SQL, but no new entries were in the database. > > Jan 11 07:03:38 xeams MailScanner[31417]: Logging message 92CB8EDE48.AF3D2 > to SQL > > > Here is where we rebooted > > > Jan 11 07:09:16 xeams MailScanner[4361]: Started SQL Logging child > > Jan 11 07:09:22 xeams MailScanner[4878]: Started SQL Logging child > > Jan 11 07:09:27 xeams MailScanner[5348]: Started SQL Logging child > > Jan 11 07:09:33 xeams MailScanner[5621]: Started SQL Logging child > > Jan 11 07:09:38 xeams MailScanner[5788]: Started SQL Logging child > > Jan 11 07:12:27 xeams MailScanner[4878]: Logging message 209C7EDE37.AA97A > to SQL > > Jan 11 07:12:27 xeams MailScanner[5348]: Logging message 04FF9EDE3F.AA21D > to SQL > > Jan 11 07:12:27 xeams MailScanner[5348]: Logging message DF6B9EDE3C.ABB06 > to SQL > > Jan 11 07:12:32 xeams MailScanner[5788]: Logging message 049DAEDE40.A9BBD > to SQL > > Jan 11 07:13:13 xeams MailScanner[5621]: Logging message 7383EEDE41.AADEE > to SQL > > I tried all kinds of things, and then ultimately turned Debug SQL = yes > just to see if I could SEE anything. It started updating the database. I > turned it back to Debug SQL = no and it stopped updating the database! I?m > leaving it at ?yes? for now - but why would this even matter? Is there any > other downside to leaving this on? I can?t even see where it is logging > any kind of ?debug? info, but it?s keeping the database updates happening, > so I?m not touching it! > > Thanks for any insights here. > > *Danita Zanr?*, *Move Out of the Office* > I love my job, and you can too! > Tel: (720) 319-7530 - Caledonia Network Consulting > Tel: (720) 319-8240 - Move Out of the Office > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Wed Jan 11 18:08:02 2017 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 11 Jan 2017 10:08:02 -0800 Subject: "random" spam - was: Fwd: Find an eBook reader and keep the reading alive In-Reply-To: <6EE47AF64C339A4F8F7F50507241B3795F84B6D9@BTN-EXCHANGE-V1.fastnet.local> References: <217523152221664221752573475118512493@4x21r856.widecentral.stream> <61d6cef5-5460-37c9-770b-6cdbb772e7dc@dld2000.com> <6EE47AF64C339A4F8F7F50507241B3795F84B6D9@BTN-EXCHANGE-V1.fastnet.local> Message-ID: <468dc963-cbe1-cccd-38e5-f27cb82b014b@msapiro.net> On 01/11/2017 04:47 AM, Richard Mealing wrote: > > Do you recommend any other modules / plugins for SA? See . -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From danita at caledonia.net Wed Jan 11 18:12:09 2017 From: danita at caledonia.net (Danita Zanre) Date: Wed, 11 Jan 2017 12:12:09 -0600 Subject: Odd SQL issues In-Reply-To: References: Message-ID: Shawn, Not that I can see. ?I?ve had Mailscanner stop logging to the database before, and reboot has fixed it, which could point to a stuck lock, but this time I rebooted and it was still not logging. ?Next time it stops updating the database I?ll see if I can find a stuck lock. Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office On January 11, 2017 at 12:11:18 PM, Shawn Iverson (iversons at rushville.k12.in.us) wrote: Danita, Is there a stuck lock on the mysql table(s)?? I am currently trying to figure out an issue with Mailscanner/mysql which is why I ask. On Wed, Jan 11, 2017 at 11:05 AM, Danita Zanre wrote: This morning we added more memory to our VM running MailScanner/MailWatch.? After reboot, MailScanner logged that it was sending messages to SQL, but no new entries were in the database. Jan 11 07:03:38 xeams MailScanner[31417]: Logging message 92CB8EDE48.AF3D2 to SQL Here is where we rebooted Jan 11 07:09:16 xeams MailScanner[4361]: Started SQL Logging child Jan 11 07:09:22 xeams MailScanner[4878]: Started SQL Logging child Jan 11 07:09:27 xeams MailScanner[5348]: Started SQL Logging child Jan 11 07:09:33 xeams MailScanner[5621]: Started SQL Logging child Jan 11 07:09:38 xeams MailScanner[5788]: Started SQL Logging child Jan 11 07:12:27 xeams MailScanner[4878]: Logging message 209C7EDE37.AA97A to SQL Jan 11 07:12:27 xeams MailScanner[5348]: Logging message 04FF9EDE3F.AA21D to SQL Jan 11 07:12:27 xeams MailScanner[5348]: Logging message DF6B9EDE3C.ABB06 to SQL Jan 11 07:12:32 xeams MailScanner[5788]: Logging message 049DAEDE40.A9BBD to SQL Jan 11 07:13:13 xeams MailScanner[5621]: Logging message 7383EEDE41.AADEE to SQL I tried all kinds of things, and then ultimately turned Debug SQL = yes just to see if I could SEE anything.? It started updating the database.? I turned it back to Debug SQL = no and it stopped updating the database!? I?m leaving it at ?yes? for now - but why would this even matter?? Is there any other downside to leaving this on?? I can?t even see where it is logging any kind of ?debug? info, but it?s keeping the database updates happening, so I?m not touching it! Thanks for any insights here. Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -- This message has been scanned for viruses and dangerous content by Iris MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jason at geeknocity.com Wed Jan 11 18:15:48 2017 From: jason at geeknocity.com (Jason Waters) Date: Wed, 11 Jan 2017 13:15:48 -0500 Subject: Odd SQL issues In-Reply-To: References: Message-ID: Shawn, Did you see my DBITrace information? On Wed, Jan 11, 2017 at 1:12 PM, Danita Zanre wrote: > Shawn, > > Not that I can see. I?ve had Mailscanner stop logging to the database > before, and reboot has fixed it, which could point to a stuck lock, but > this time I rebooted and it was still not logging. Next time it stops > updating the database I?ll see if I can find a stuck lock. > > > *Danita Zanr?*, *Move Out of the Office* > I love my job, and you can too! > Tel: (720) 319-7530 - Caledonia Network Consulting > Tel: (720) 319-8240 - Move Out of the Office > > > On January 11, 2017 at 12:11:18 PM, Shawn Iverson ( > iversons at rushville.k12.in.us) wrote: > > Danita, > > Is there a stuck lock on the mysql table(s)? I am currently trying to > figure out an issue with Mailscanner/mysql which is why I ask. > > On Wed, Jan 11, 2017 at 11:05 AM, Danita Zanre > wrote: > >> This morning we added more memory to our VM running >> MailScanner/MailWatch. After reboot, MailScanner logged that it was >> sending messages to SQL, but no new entries were in the database. >> >> Jan 11 07:03:38 xeams MailScanner[31417]: Logging message >> 92CB8EDE48.AF3D2 to SQL >> >> >> Here is where we rebooted >> >> >> Jan 11 07:09:16 xeams MailScanner[4361]: Started SQL Logging child >> >> Jan 11 07:09:22 xeams MailScanner[4878]: Started SQL Logging child >> >> Jan 11 07:09:27 xeams MailScanner[5348]: Started SQL Logging child >> >> Jan 11 07:09:33 xeams MailScanner[5621]: Started SQL Logging child >> >> Jan 11 07:09:38 xeams MailScanner[5788]: Started SQL Logging child >> >> Jan 11 07:12:27 xeams MailScanner[4878]: Logging message 209C7EDE37.AA97A >> to SQL >> >> Jan 11 07:12:27 xeams MailScanner[5348]: Logging message 04FF9EDE3F.AA21D >> to SQL >> >> Jan 11 07:12:27 xeams MailScanner[5348]: Logging message DF6B9EDE3C.ABB06 >> to SQL >> >> Jan 11 07:12:32 xeams MailScanner[5788]: Logging message 049DAEDE40.A9BBD >> to SQL >> >> Jan 11 07:13:13 xeams MailScanner[5621]: Logging message 7383EEDE41.AADEE >> to SQL >> >> I tried all kinds of things, and then ultimately turned Debug SQL = yes >> just to see if I could SEE anything. It started updating the database. I >> turned it back to Debug SQL = no and it stopped updating the database! I?m >> leaving it at ?yes? for now - but why would this even matter? Is there any >> other downside to leaving this on? I can?t even see where it is logging >> any kind of ?debug? info, but it?s keeping the database updates happening, >> so I?m not touching it! >> >> Thanks for any insights here. >> >> *Danita Zanr?*, *Move Out of the Office* >> I love my job, and you can too! >> Tel: (720) 319-7530 - Caledonia Network Consulting >> Tel: (720) 319-8240 - Move Out of the Office >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> > > > -- > Shawn Iverson > Director of Technology > Rush County Schools > 765-932-3901 x271 <(765)%20932-3901> > iversons at rushville.k12.in.us > > > > -- > This message has been scanned for viruses and > dangerous content by *Iris MailScanner* , and > is > believed to be clean. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From faisal.telecomm at gmail.com Thu Jan 12 10:04:50 2017 From: faisal.telecomm at gmail.com (Faisal Naeem) Date: Thu, 12 Jan 2017 15:04:50 +0500 Subject: MailScanner - RHEL 7 Systemd Message-ID: Dear All, I need your support for setting up MailScanner with RHEL 7.2. Your support is highly appreciated for configuring MailScanner system unit to run the service properly along with ExecStart statements for both incoming and outgoing Exim. Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Antony.Stone at mailscanner.open.source.it Thu Jan 12 10:15:24 2017 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Thu, 12 Jan 2017 11:15:24 +0100 Subject: MailScanner - RHEL 7 Systemd In-Reply-To: References: Message-ID: <201701121115.24699.Antony.Stone@mailscanner.open.source.it> On Thursday 12 January 2017 at 11:04:50, Faisal Naeem wrote: > Dear All, > > I need your support for setting up MailScanner with RHEL 7.2. Your support > is highly appreciated for configuring MailScanner system unit to run the > service properly along with ExecStart statements for both incoming and > outgoing Exim. Are you asking for someone to install and configure MailScanner on your system for you, or have you tried to do it yourself and run into some problems which you'd like specific advice about? If you want someone to do the work for you, I suggest you investigate consultants in your area who have expertise in RedHat Linux, Exim and MailScanner, or try https://www.mailscanner.info/professional-support If you are instead looking for free advice from members of this list regarding some specific problems, then maybe you could tell us: 1. Have you already got a working MTA based on Exim? 2. Have you tried installing MailScanner on it and run into a problem (if so, what)? 3. Have you looked at https://www.mailscanner.info/install/exim/ and followed its guidelines? The more information you give us about what you've tried and what problems you encountered, the more we might be able to assist you. Regards, Antony. -- "The future is already here. It's just not evenly distributed yet." - William Gibson Please reply to the list; please *don't* CC me. From Warwick.x.Brown at serco.com Thu Jan 12 10:35:29 2017 From: Warwick.x.Brown at serco.com (Warwick Brown) Date: Thu, 12 Jan 2017 10:35:29 +0000 Subject: MailScanner - RHEL 7 Systemd In-Reply-To: References: Message-ID: From: MailScanner [mailto:mailscanner-bounces+warwick.x.brown=serco.com at lists.mailscanner.info] On Behalf Of Faisal Naeem Sent: 12 January 2017 10:05 To: mailscanner at lists.mailscanner.info Subject: Re: MailScanner - RHEL 7 Systemd Dear All, I need your support for setting up MailScanner with RHEL 7.2. Your support is highly appreciated for configuring MailScanner system unit to run the service properly along with ExecStart statements for both incoming and outgoing Exim. Thanks. If my hunch is right that you want to know how to start/stop exim from system with a dual daemon setup - try placing these two files to create the ?exim-in? and ?exim-out? services, and then enable the service like you would any other system service # cat /etc/systemd/system/exim-in.service [Unit] Description=Exim Mail Transport Agent Input Queue After=network.target Conflicts=sendmail.service postfix.service exim.service [Service] PrivateTmp=true Environment=QUEUE=1h EnvironmentFile=-/etc/sysconfig/exim ExecStartPre=-/usr/libexec/exim-gen-cert ExecStart=/usr/sbin/exim -bd [Install] WantedBy=multi-user.target # cat /etc/systemd/system/exim-out.service [Unit] Description=Exim Mail Transport Agent Output Queue After=network.target Conflicts=sendmail.service postfix.service exim.service [Service] PrivateTmp=true Environment=QUEUE=1m EnvironmentFile=-/etc/sysconfig/exim ExecStartPre=-/usr/libexec/exim-gen-cert ExecStart=/usr/sbin/exim -bd -q${QUEUE} -C /etc/exim/exim_out.conf -oP /var/run/exim-out.pid [Install] WantedBy=multi-user.target # Regards, Warwick -------------- next part -------------- An HTML attachment was scrubbed... URL: From faisal.telecomm at gmail.com Thu Jan 12 10:41:51 2017 From: faisal.telecomm at gmail.com (Faisal Naeem) Date: Thu, 12 Jan 2017 15:41:51 +0500 Subject: MailScanner - RHEL 7 Systemd In-Reply-To: References: Message-ID: Hi Warwick Thanks for pointing my exact issue. I'll try your suggestions. On Thursday, January 12, 2017, Warwick Brown wrote: > *From:* MailScanner [mailto:mailscanner-bounces+warwick.x.brown > = > serco.com at lists.mailscanner.info > ] *On > Behalf Of *Faisal Naeem > *Sent:* 12 January 2017 10:05 > *To:* mailscanner at lists.mailscanner.info > > *Subject:* Re: MailScanner - RHEL 7 Systemd > > > > Dear All, > > I need your support for setting up MailScanner with RHEL 7.2. Your support > is highly appreciated for configuring MailScanner system unit to run the > service properly along with ExecStart statements for both incoming and > outgoing Exim. > > Thanks. > > > > > > If my hunch is right that you want to know how to start/stop exim from > system with a dual daemon setup - try placing these two files to create the > ?exim-in? and ?exim-out? services, and then enable the service like you > would any other system service > > > > # cat /etc/systemd/system/exim-in.service > > [Unit] > > Description=Exim Mail Transport Agent Input Queue > > After=network.target > > Conflicts=sendmail.service postfix.service exim.service > > > > [Service] > > PrivateTmp=true > > Environment=QUEUE=1h > > EnvironmentFile=-/etc/sysconfig/exim > > ExecStartPre=-/usr/libexec/exim-gen-cert > > ExecStart=/usr/sbin/exim -bd > > > > [Install] > > WantedBy=multi-user.target > > > > # cat /etc/systemd/system/exim-out.service > > [Unit] > > Description=Exim Mail Transport Agent Output Queue > > After=network.target > > Conflicts=sendmail.service postfix.service exim.service > > > > [Service] > > PrivateTmp=true > > Environment=QUEUE=1m > > EnvironmentFile=-/etc/sysconfig/exim > > ExecStartPre=-/usr/libexec/exim-gen-cert > > ExecStart=/usr/sbin/exim -bd -q${QUEUE} -C /etc/exim/exim_out.conf -oP > /var/run/exim-out.pid > > > > [Install] > > WantedBy=multi-user.target > > > > # > > > > Regards, > > > > Warwick > -------------- next part -------------- An HTML attachment was scrubbed... URL: From z3us.linux at gmail.com Thu Jan 12 07:03:20 2017 From: z3us.linux at gmail.com (Z3us Linux) Date: Thu, 12 Jan 2017 08:03:20 +0100 Subject: Problem auto-filling SQL mtalog_ids from maillog Message-ID: Hi guys, I'm running the latest version of Mailscanner and Mailwatch with postfix on CentOS 6.8. Somehow the relay information for mails isn't showing anymore (on mailscanner/detail.php). I saw that in detail.php there is a SQL query matching tables mtalog and mtalog_ids so relay information is being display on the webpage. I also discovered that the SQL table mtalog_ids in DB mailscanner isn't being filled anymore. In my troubleshooting sessions I found out that /var/www/html/mailscanner/mailscanner_relay.php is looking into the postfix maillog for entries to fill in de DB in SQL: if (preg_match('/^.*MailScanner.*: Requeue: (\S+\.\S+) to (\S+)\s$/', $line, $explode)) When I'm looking into the postfix maillog, I can't find any lines with "Requeue" in it.... This stopped a few weeks a go. What is causing this issue? Why isn't MailScanner writing those lines in the maillog anymore? I tried looking into all configuration files from the date it stopped logging those lines, but I can't find anything useful. Thanks in advance! z3us. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmgomess at gmail.com Fri Jan 13 15:15:51 2017 From: mmgomess at gmail.com (Marcelo Machado) Date: Fri, 13 Jan 2017 13:15:51 -0200 Subject: Bypass my domain in Spam List Message-ID: HI everyone. How I make to bypass my domain with a "Spam List' ruleset? This is correct: FromOrTo: @mydomain.com.br no FromOrTo: default SPAMHAUS BARRACUDA SPAMCOP SORBS MAILSPIKE Marcelo Gomes From maxsec at gmail.com Fri Jan 13 15:44:39 2017 From: maxsec at gmail.com (Martin Hepworth) Date: Fri, 13 Jan 2017 15:44:39 +0000 Subject: Bypass my domain in Spam List In-Reply-To: References: Message-ID: thats not the correct setting... https://www.mailscanner.info/MailScanner.conf.index.html#Spam%20List I suggest you put a rule on "Scan Messages", however use your emailservers ip-address for this not the domain name - lots of span fakes the from domain to try and trick badly configured systems into letting the spam through -- Martin Hepworth, CISSP Oxford, UK On 13 January 2017 at 15:15, Marcelo Machado wrote: > HI everyone. > > How I make to bypass my domain with a "Spam List' ruleset? > > This is correct: > > FromOrTo: @mydomain.com.br no > FromOrTo: default SPAMHAUS BARRACUDA SPAMCOP SORBS MAILSPIKE > > > Marcelo Gomes > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From z3us.linux at gmail.com Fri Jan 13 12:20:16 2017 From: z3us.linux at gmail.com (Z3us Linux) Date: Fri, 13 Jan 2017 13:20:16 +0100 Subject: Problem auto-filling SQL mtalog_ids from maillog Message-ID: Already fixed this problem. I'm my CSF firewall configuration, I restricted access to the SYSLOG too much, so MailScanner didn't had proper access to it. That's why it didn't log it's actions properly in postfix maillog and my SQL didn't get filled with the mailscanner_relay.php script. Thanks anyway for today's topic! Greetings Z3us. 2017-01-13 13:00 GMT+01:00 : > Send MailScanner mailing list submissions to > mailscanner at lists.mailscanner.info > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.mailscanner.info/mailman/listinfo/mailscanner > or, via email, send a message with subject or body 'help' to > mailscanner-request at lists.mailscanner.info > > You can reach the person managing the list at > mailscanner-owner at lists.mailscanner.info > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of MailScanner digest..." > > > Today's Topics: > > 1. Problem auto-filling SQL mtalog_ids from maillog (Z3us Linux) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 12 Jan 2017 08:03:20 +0100 > From: Z3us Linux > To: mailscanner at lists.mailscanner.info > Subject: Problem auto-filling SQL mtalog_ids from maillog > Message-ID: > mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Hi guys, > > I'm running the latest version of Mailscanner and Mailwatch with postfix on > CentOS 6.8. > Somehow the relay information for mails isn't showing anymore (on > mailscanner/detail.php). > I saw that in detail.php there is a SQL query matching tables mtalog and > mtalog_ids so relay information is being display on the webpage. > I also discovered that the SQL table mtalog_ids in DB mailscanner isn't > being filled anymore. > In my troubleshooting sessions I found out > that /var/www/html/mailscanner/mailscanner_relay.php is looking into the > postfix maillog for entries to fill in de DB in SQL: > if (preg_match('/^.*MailScanner.*: Requeue: (\S+\.\S+) to (\S+)\s$/', > $line, $explode)) > > When I'm looking into the postfix maillog, I can't find any lines with > "Requeue" in it.... > This stopped a few weeks a go. > What is causing this issue? > Why isn't MailScanner writing those lines in the maillog anymore? > I tried looking into all configuration files from the date it stopped > logging those lines, but I can't find anything useful. > > Thanks in advance! > z3us. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: attachments/20170112/13d193e3/attachment-0001.html> > > ------------------------------ > > Subject: Digest Footer > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > ------------------------------ > > End of MailScanner Digest, Vol 133, Issue 14 > ******************************************** > -------------- next part -------------- An HTML attachment was scrubbed... URL: From faisal.telecomm at gmail.com Fri Jan 13 19:36:27 2017 From: faisal.telecomm at gmail.com (Faisal Naeem) Date: Sat, 14 Jan 2017 00:36:27 +0500 Subject: MailScanner - RHEL 7 Systemd In-Reply-To: References: Message-ID: Hi Warwick, I have applied your suggestions, but my outgoing exim is still not delivering emails automatically ........ however, when I push email (exim -M ) it gets delivered ........ Can you guide me on this issue as well ....... On Thu, Jan 12, 2017 at 3:41 PM, Faisal Naeem wrote: > Hi Warwick > > Thanks for pointing my exact issue. I'll try your suggestions. > > On Thursday, January 12, 2017, Warwick Brown > wrote: > >> *From:* MailScanner [mailto:mailscanner-bounces+warwick.x.brown= >> serco.com at lists.mailscanner.info] *On Behalf Of *Faisal Naeem >> *Sent:* 12 January 2017 10:05 >> *To:* mailscanner at lists.mailscanner.info >> *Subject:* Re: MailScanner - RHEL 7 Systemd >> >> >> >> Dear All, >> >> I need your support for setting up MailScanner with RHEL 7.2. Your >> support is highly appreciated for configuring MailScanner system unit to >> run the service properly along with ExecStart statements for both incoming >> and outgoing Exim. >> >> Thanks. >> >> >> >> >> >> If my hunch is right that you want to know how to start/stop exim from >> system with a dual daemon setup - try placing these two files to create the >> ?exim-in? and ?exim-out? services, and then enable the service like you >> would any other system service >> >> >> >> # cat /etc/systemd/system/exim-in.service >> >> [Unit] >> >> Description=Exim Mail Transport Agent Input Queue >> >> After=network.target >> >> Conflicts=sendmail.service postfix.service exim.service >> >> >> >> [Service] >> >> PrivateTmp=true >> >> Environment=QUEUE=1h >> >> EnvironmentFile=-/etc/sysconfig/exim >> >> ExecStartPre=-/usr/libexec/exim-gen-cert >> >> ExecStart=/usr/sbin/exim -bd >> >> >> >> [Install] >> >> WantedBy=multi-user.target >> >> >> >> # cat /etc/systemd/system/exim-out.service >> >> [Unit] >> >> Description=Exim Mail Transport Agent Output Queue >> >> After=network.target >> >> Conflicts=sendmail.service postfix.service exim.service >> >> >> >> [Service] >> >> PrivateTmp=true >> >> Environment=QUEUE=1m >> >> EnvironmentFile=-/etc/sysconfig/exim >> >> ExecStartPre=-/usr/libexec/exim-gen-cert >> >> ExecStart=/usr/sbin/exim -bd -q${QUEUE} -C /etc/exim/exim_out.conf -oP >> /var/run/exim-out.pid >> >> >> >> [Install] >> >> WantedBy=multi-user.target >> >> >> >> # >> >> >> >> Regards, >> >> >> >> Warwick >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Warwick.x.Brown at serco.com Fri Jan 13 20:22:00 2017 From: Warwick.x.Brown at serco.com (Warwick Brown) Date: Fri, 13 Jan 2017 20:22:00 +0000 Subject: MailScanner - RHEL 7 Systemd In-Reply-To: References: Message-ID: I can only think to check whether the service for exim-out points to the correct config file?..what does journalctl say? From: MailScanner [mailto:mailscanner-bounces+warwick.x.brown=serco.com at lists.mailscanner.info] On Behalf Of Faisal Naeem Sent: 13 January 2017 19:36 To: MailScanner Discussion Subject: Re: MailScanner - RHEL 7 Systemd Hi Warwick, I have applied your suggestions, but my outgoing exim is still not delivering emails automatically ........ however, when I push email (exim -M ) it gets delivered ........ Can you guide me on this issue as well ....... On Thu, Jan 12, 2017 at 3:41 PM, Faisal Naeem > wrote: Hi Warwick Thanks for pointing my exact issue. I'll try your suggestions. On Thursday, January 12, 2017, Warwick Brown > wrote: From: MailScanner [mailto:mailscanner-bounces+warwick.x.brown=serco.com at lists.mailscanner.info] On Behalf Of Faisal Naeem Sent: 12 January 2017 10:05 To: mailscanner at lists.mailscanner.info Subject: Re: MailScanner - RHEL 7 Systemd Dear All, I need your support for setting up MailScanner with RHEL 7.2. Your support is highly appreciated for configuring MailScanner system unit to run the service properly along with ExecStart statements for both incoming and outgoing Exim. Thanks. If my hunch is right that you want to know how to start/stop exim from system with a dual daemon setup - try placing these two files to create the ?exim-in? and ?exim-out? services, and then enable the service like you would any other system service # cat /etc/systemd/system/exim-in.service [Unit] Description=Exim Mail Transport Agent Input Queue After=network.target Conflicts=sendmail.service postfix.service exim.service [Service] PrivateTmp=true Environment=QUEUE=1h EnvironmentFile=-/etc/sysconfig/exim ExecStartPre=-/usr/libexec/exim-gen-cert ExecStart=/usr/sbin/exim -bd [Install] WantedBy=multi-user.target # cat /etc/systemd/system/exim-out.service [Unit] Description=Exim Mail Transport Agent Output Queue After=network.target Conflicts=sendmail.service postfix.service exim.service [Service] PrivateTmp=true Environment=QUEUE=1m EnvironmentFile=-/etc/sysconfig/exim ExecStartPre=-/usr/libexec/exim-gen-cert ExecStart=/usr/sbin/exim -bd -q${QUEUE} -C /etc/exim/exim_out.conf -oP /var/run/exim-out.pid [Install] WantedBy=multi-user.target # Regards, Warwick ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: From Warwick.x.Brown at serco.com Fri Jan 13 20:26:43 2017 From: Warwick.x.Brown at serco.com (Warwick Brown) Date: Fri, 13 Jan 2017 20:26:43 +0000 Subject: MailScanner - RHEL 7 Systemd In-Reply-To: References: Message-ID: Also?running exim from the command-line without the ?C /path/to/outbound/exim.conf just delivers from the inbound queue thus bypassing mailscanner altogether. It may be worth setting a command alias for ?exim ?C /path/to/outbound/exim.conf? for your convenience. Regards, warwick From: MailScanner [mailto:mailscanner-bounces+warwick.x.brown=serco.com at lists.mailscanner.info] On Behalf Of Faisal Naeem Sent: 13 January 2017 19:36 To: MailScanner Discussion Subject: Re: MailScanner - RHEL 7 Systemd Hi Warwick, I have applied your suggestions, but my outgoing exim is still not delivering emails automatically ........ however, when I push email (exim -M ) it gets delivered ........ Can you guide me on this issue as well ....... On Thu, Jan 12, 2017 at 3:41 PM, Faisal Naeem > wrote: Hi Warwick Thanks for pointing my exact issue. I'll try your suggestions. On Thursday, January 12, 2017, Warwick Brown > wrote: From: MailScanner [mailto:mailscanner-bounces+warwick.x.brown=serco.com at lists.mailscanner.info] On Behalf Of Faisal Naeem Sent: 12 January 2017 10:05 To: mailscanner at lists.mailscanner.info Subject: Re: MailScanner - RHEL 7 Systemd Dear All, I need your support for setting up MailScanner with RHEL 7.2. Your support is highly appreciated for configuring MailScanner system unit to run the service properly along with ExecStart statements for both incoming and outgoing Exim. Thanks. If my hunch is right that you want to know how to start/stop exim from system with a dual daemon setup - try placing these two files to create the ?exim-in? and ?exim-out? services, and then enable the service like you would any other system service # cat /etc/systemd/system/exim-in.service [Unit] Description=Exim Mail Transport Agent Input Queue After=network.target Conflicts=sendmail.service postfix.service exim.service [Service] PrivateTmp=true Environment=QUEUE=1h EnvironmentFile=-/etc/sysconfig/exim ExecStartPre=-/usr/libexec/exim-gen-cert ExecStart=/usr/sbin/exim -bd [Install] WantedBy=multi-user.target # cat /etc/systemd/system/exim-out.service [Unit] Description=Exim Mail Transport Agent Output Queue After=network.target Conflicts=sendmail.service postfix.service exim.service [Service] PrivateTmp=true Environment=QUEUE=1m EnvironmentFile=-/etc/sysconfig/exim ExecStartPre=-/usr/libexec/exim-gen-cert ExecStart=/usr/sbin/exim -bd -q${QUEUE} -C /etc/exim/exim_out.conf -oP /var/run/exim-out.pid [Install] WantedBy=multi-user.target # Regards, Warwick ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: From danita at caledonia.net Fri Jan 13 22:00:12 2017 From: danita at caledonia.net (Danita Zanre) Date: Fri, 13 Jan 2017 16:00:12 -0600 Subject: Relay access denied Message-ID: Sorry - this is a dumb postfix question I?m sure - it?s been awhile! In setting up my system, I had my mailscanner server behind our existing anti-spam server so that I could test it. ?So, everything was coming from the existing anti-spam server as a front-end relay server. ?Working perfectly, but now I?m ready to move forward. ? But when I redirect mail to come directly to the new mailscanner server, everything says?Relay access denied. So, for some reason, postfix is ONLY?accepting mail from the relay server. ?Here?s what is in main.cf - please tell me what silly thing I?ve overlooked! ?I?ve togged the sender_restrictions on and off thinking something was in there. ? Thanks inet_protocols = all biff = no mail_spool_directory = /var/mail canonical_maps = hash:/etc/postfix/canonical virtual_alias_maps = hash:/etc/postfix/virtual virtual_alias_domains = hash:/etc/postfix/virtual relocated_maps = hash:/etc/postfix/relocated transport_maps = hash:/etc/postfix/transport sender_canonical_maps = hash:/etc/postfix/sender_canonical masquerade_exceptions = root masquerade_classes = envelope_sender, header_sender, header_recipient myhostname = iris.caledonia.net delay_warning_time = 1h message_strip_characters = \0 #inet_interfaces = localhost inet_interfaces = all masquerade_domains =? mydestination = $myhostname, localhost.$mydomain defer_transports =? mynetworks_style = subnet disable_dns_lookups = no relayhost =? mailbox_command =? mailbox_transport =? strict_8bitmime = no disable_mime_output_conversion = no #smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_client_restrictions =? smtpd_helo_required = no smtpd_helo_restrictions =? strict_rfc821_envelopes = no smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination,reject_unknown_recipient_domain,reject_unverified_recipient,reject_unauth_pipelining,permit_auth_destination,reject smtp_sasl_auth_enable = no smtpd_sasl_auth_enable = no smtpd_use_tls = no smtp_use_tls = no smtp_enforce_tls = no alias_maps = hash:/etc/aliases mailbox_size_limit = 0 message_size_limit = 91820000 default_process_limit = 100 postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr postscreen_greet_action = ignore Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Fri Jan 13 22:08:09 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Fri, 13 Jan 2017 17:08:09 -0500 Subject: Relay access denied In-Reply-To: References: Message-ID: What's in your transport maps? On Fri, Jan 13, 2017 at 5:00 PM, Danita Zanre wrote: > Sorry - this is a dumb postfix question I?m sure - it?s been awhile! > > In setting up my system, I had my mailscanner server behind our existing > anti-spam server so that I could test it. So, everything was coming from > the existing anti-spam server as a front-end relay server. Working > perfectly, but now I?m ready to move forward. > > But when I redirect mail to come directly to the new mailscanner server, > everything says Relay access denied. > > So, for some reason, postfix is ONLY accepting mail from the relay > server. Here?s what is in main.cf - please tell me what silly thing I?ve > overlooked! I?ve togged the sender_restrictions on and off thinking > something was in there. > > Thanks > > inet_protocols = all > > biff = no > > mail_spool_directory = /var/mail > > canonical_maps = hash:/etc/postfix/canonical > > virtual_alias_maps = hash:/etc/postfix/virtual > > virtual_alias_domains = hash:/etc/postfix/virtual > > relocated_maps = hash:/etc/postfix/relocated > > transport_maps = hash:/etc/postfix/transport > > sender_canonical_maps = hash:/etc/postfix/sender_canonical > > masquerade_exceptions = root > > masquerade_classes = envelope_sender, header_sender, header_recipient > > myhostname = iris.caledonia.net > > delay_warning_time = 1h > > message_strip_characters = \0 > > #inet_interfaces = localhost > > inet_interfaces = all > > masquerade_domains = > > mydestination = $myhostname, localhost.$mydomain > > defer_transports = > > mynetworks_style = subnet > > disable_dns_lookups = no > > relayhost = > > mailbox_command = > > mailbox_transport = > > strict_8bitmime = no > > disable_mime_output_conversion = no > > #smtpd_sender_restrictions = hash:/etc/postfix/access > smtpd_client_restrictions = > > smtpd_helo_required = no > > smtpd_helo_restrictions = > > strict_rfc821_envelopes = no > > smtpd_recipient_restrictions = permit_mynetworks,reject_ > unauth_destination,reject_unknown_recipient_domain, > reject_unverified_recipient,reject_unauth_pipelining, > permit_auth_destination,reject > > smtp_sasl_auth_enable = no > > smtpd_sasl_auth_enable = no > > smtpd_use_tls = no > > smtp_use_tls = no > > smtp_enforce_tls = no > > alias_maps = hash:/etc/aliases > > mailbox_size_limit = 0 > > message_size_limit = 91820000 > > default_process_limit = 100 > > > postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_ > access.cidr > > postscreen_greet_action = ignore > > > *Danita Zanr?*, *Move Out of the Office* > I love my job, and you can too! > Tel: (720) 319-7530 - Caledonia Network Consulting > Tel: (720) 319-8240 - Move Out of the Office > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From danita at caledonia.net Fri Jan 13 22:21:25 2017 From: danita at caledonia.net (Danita Zanre) Date: Fri, 13 Jan 2017 16:21:25 -0600 Subject: Relay access denied In-Reply-To: References: Message-ID: so, for example,? caledonia.net ? smtp:192.223.10.61 And it works fine until we have mail coming directly to the mailscanner server. Full disclosure: We have a xeams server that we are replacing. ?It and mailscanner are on the same box. ?So, during the switchover, mail has been coming to the xeams server, it has been set to not scan anything, and then it relays to 127.0.0.1 for postfix to pick it up. ?I did it this way, because we have multiple domain names, and I was switching them over one at a time to make sure there were no problems. ?Xeams continued to scan for zanre.com, for example, and passed mail for caledonia.net?unscanned to postix/mailscanner via localhost.? So, if I set postfix to listen on all interfaces and turn the xeams server off, nothing has really changed except the mail is hitting postfix first. ?I also have postscreen on in ?ignore? mode until I can make sure that everything else works, and then I had intended to set postscreen to ?enable?. Thanks Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office On January 13, 2017 at 4:15:33 PM, Shawn Iverson (iversons at rushville.k12.in.us) wrote: What's in your transport maps? On Fri, Jan 13, 2017 at 5:00 PM, Danita Zanre wrote: Sorry - this is a dumb postfix question I?m sure - it?s been awhile! In setting up my system, I had my mailscanner server behind our existing anti-spam server so that I could test it.? So, everything was coming from the existing anti-spam server as a front-end relay server.? Working perfectly, but now I?m ready to move forward. ? But when I redirect mail to come directly to the new mailscanner server, everything says?Relay access denied. So, for some reason, postfix is ONLY?accepting mail from the relay server.? Here?s what is in main.cf - please tell me what silly thing I?ve overlooked!? I?ve togged the sender_restrictions on and off thinking something was in there. ? Thanks inet_protocols = all biff = no mail_spool_directory = /var/mail canonical_maps = hash:/etc/postfix/canonical virtual_alias_maps = hash:/etc/postfix/virtual virtual_alias_domains = hash:/etc/postfix/virtual relocated_maps = hash:/etc/postfix/relocated transport_maps = hash:/etc/postfix/transport sender_canonical_maps = hash:/etc/postfix/sender_canonical masquerade_exceptions = root masquerade_classes = envelope_sender, header_sender, header_recipient myhostname = iris.caledonia.net delay_warning_time = 1h message_strip_characters = \0 #inet_interfaces = localhost inet_interfaces = all masquerade_domains =? mydestination = $myhostname, localhost.$mydomain defer_transports =? mynetworks_style = subnet disable_dns_lookups = no relayhost =? mailbox_command =? mailbox_transport =? strict_8bitmime = no disable_mime_output_conversion = no #smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_client_restrictions =? smtpd_helo_required = no smtpd_helo_restrictions =? strict_rfc821_envelopes = no smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination,reject_unknown_recipient_domain,reject_unverified_recipient,reject_unauth_pipelining,permit_auth_destination,reject smtp_sasl_auth_enable = no smtpd_sasl_auth_enable = no smtpd_use_tls = no smtp_use_tls = no smtp_enforce_tls = no alias_maps = hash:/etc/aliases mailbox_size_limit = 0 message_size_limit = 91820000 default_process_limit = 100 postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr postscreen_greet_action = ignore Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -- This message has been scanned for viruses and dangerous content by Iris MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Fri Jan 13 22:25:15 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Fri, 13 Jan 2017 17:25:15 -0500 Subject: Relay access denied In-Reply-To: References: Message-ID: I don't see a relay_domains definition in your config relay_domains = hash:/etc/postfix/transport On Fri, Jan 13, 2017 at 5:21 PM, Danita Zanre wrote: > so, for example, > > caledonia.net smtp:192.223.10.61 > > > And it works fine until we have mail coming directly to the mailscanner > server. > > > Full disclosure: > > > We have a xeams server that we are replacing. It and mailscanner are on > the same box. So, during the switchover, mail has been coming to the xeams > server, it has been set to not scan anything, and then it relays to > 127.0.0.1 for postfix to pick it up. I did it this way, because we have > multiple domain names, and I was switching them over one at a time to make > sure there were no problems. Xeams continued to scan for zanre.com, for > example, and passed mail for caledonia.net unscanned to > postix/mailscanner via localhost. > > > So, if I set postfix to listen on all interfaces and turn the xeams server > off, nothing has really changed except the mail is hitting postfix first. > I also have postscreen on in ?ignore? mode until I can make sure that > everything else works, and then I had intended to set postscreen to > ?enable?. > > > Thanks > > *Danita Zanr?*, *Move Out of the Office* > I love my job, and you can too! > Tel: (720) 319-7530 - Caledonia Network Consulting > Tel: (720) 319-8240 - Move Out of the Office > > > On January 13, 2017 at 4:15:33 PM, Shawn Iverson ( > iversons at rushville.k12.in.us) wrote: > > What's in your transport maps? > > On Fri, Jan 13, 2017 at 5:00 PM, Danita Zanre > wrote: > >> Sorry - this is a dumb postfix question I?m sure - it?s been awhile! >> >> In setting up my system, I had my mailscanner server behind our existing >> anti-spam server so that I could test it. So, everything was coming from >> the existing anti-spam server as a front-end relay server. Working >> perfectly, but now I?m ready to move forward. >> >> But when I redirect mail to come directly to the new mailscanner server, >> everything says Relay access denied. >> >> So, for some reason, postfix is ONLY accepting mail from the relay >> server. Here?s what is in main.cf - please tell me what silly thing >> I?ve overlooked! I?ve togged the sender_restrictions on and off thinking >> something was in there. >> >> Thanks >> >> inet_protocols = all >> >> biff = no >> >> mail_spool_directory = /var/mail >> >> canonical_maps = hash:/etc/postfix/canonical >> >> virtual_alias_maps = hash:/etc/postfix/virtual >> >> virtual_alias_domains = hash:/etc/postfix/virtual >> >> relocated_maps = hash:/etc/postfix/relocated >> >> transport_maps = hash:/etc/postfix/transport >> >> sender_canonical_maps = hash:/etc/postfix/sender_canonical >> >> masquerade_exceptions = root >> >> masquerade_classes = envelope_sender, header_sender, header_recipient >> >> myhostname = iris.caledonia.net >> >> delay_warning_time = 1h >> >> message_strip_characters = \0 >> >> #inet_interfaces = localhost >> >> inet_interfaces = all >> >> masquerade_domains = >> >> mydestination = $myhostname, localhost.$mydomain >> >> defer_transports = >> >> mynetworks_style = subnet >> >> disable_dns_lookups = no >> >> relayhost = >> >> mailbox_command = >> >> mailbox_transport = >> >> strict_8bitmime = no >> >> disable_mime_output_conversion = no >> >> #smtpd_sender_restrictions = hash:/etc/postfix/access >> smtpd_client_restrictions = >> >> smtpd_helo_required = no >> >> smtpd_helo_restrictions = >> >> strict_rfc821_envelopes = no >> >> smtpd_recipient_restrictions = permit_mynetworks,reject_unaut >> h_destination,reject_unknown_recipient_domain,reject_ >> unverified_recipient,reject_unauth_pipelining,permit_auth_ >> destination,reject >> >> smtp_sasl_auth_enable = no >> >> smtpd_sasl_auth_enable = no >> >> smtpd_use_tls = no >> >> smtp_use_tls = no >> >> smtp_enforce_tls = no >> >> alias_maps = hash:/etc/aliases >> >> mailbox_size_limit = 0 >> >> message_size_limit = 91820000 >> >> default_process_limit = 100 >> >> >> postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_a >> ccess.cidr >> >> postscreen_greet_action = ignore >> >> >> *Danita Zanr?*, *Move Out of the Office* >> I love my job, and you can too! >> Tel: (720) 319-7530 - Caledonia Network Consulting >> Tel: (720) 319-8240 - Move Out of the Office >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> > > > -- > Shawn Iverson > Director of Technology > Rush County Schools > 765-932-3901 x271 <(765)%20932-3901> > iversons at rushville.k12.in.us > > > > -- > This message has been scanned for viruses and > dangerous content by *Iris MailScanner* , and > is > believed to be clean. > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From danita at caledonia.net Fri Jan 13 22:30:51 2017 From: danita at caledonia.net (Danita Zanre) Date: Fri, 13 Jan 2017 16:30:51 -0600 Subject: Relay access denied In-Reply-To: <409383972.2283.1484346370296.JavaMail.root@xeams> References: <409383972.2283.1484346370296.JavaMail.root@xeams> Message-ID: Ah! ?See, something simple! ?Because this was all coming from ?localhost? it was working - I think I know now! Let me work on that. Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office On January 13, 2017 at 4:32:33 PM, Shawn Iverson (iversons at rushville.k12.in.us) wrote: I don't see a relay_domains definition in your config relay_domains = hash:/etc/postfix/transport On Fri, Jan 13, 2017 at 5:21 PM, Danita Zanre wrote: so, for example,? caledonia.net ? smtp:192.223.10.61 And it works fine until we have mail coming directly to the mailscanner server. Full disclosure: We have a xeams server that we are replacing.? It and mailscanner are on the same box.? So, during the switchover, mail has been coming to the xeams server, it has been set to not scan anything, and then it relays to 127.0.0.1 for postfix to pick it up.? I did it this way, because we have multiple domain names, and I was switching them over one at a time to make sure there were no problems.? Xeams continued to scan for zanre.com, for example, and passed mail for caledonia.net?unscanned to postix/mailscanner via localhost.? So, if I set postfix to listen on all interfaces and turn the xeams server off, nothing has really changed except the mail is hitting postfix first.? I also have postscreen on in ?ignore? mode until I can make sure that everything else works, and then I had intended to set postscreen to ?enable?. Thanks Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office On January 13, 2017 at 4:15:33 PM, Shawn Iverson (iversons at rushville.k12.in.us) wrote: What's in your transport maps? On Fri, Jan 13, 2017 at 5:00 PM, Danita Zanre wrote: Sorry - this is a dumb postfix question I?m sure - it?s been awhile! In setting up my system, I had my mailscanner server behind our existing anti-spam server so that I could test it.? So, everything was coming from the existing anti-spam server as a front-end relay server.? Working perfectly, but now I?m ready to move forward. ? But when I redirect mail to come directly to the new mailscanner server, everything says?Relay access denied. So, for some reason, postfix is ONLY?accepting mail from the relay server.? Here?s what is in main.cf - please tell me what silly thing I?ve overlooked!? I?ve togged the sender_restrictions on and off thinking something was in there. ? Thanks inet_protocols = all biff = no mail_spool_directory = /var/mail canonical_maps = hash:/etc/postfix/canonical virtual_alias_maps = hash:/etc/postfix/virtual virtual_alias_domains = hash:/etc/postfix/virtual relocated_maps = hash:/etc/postfix/relocated transport_maps = hash:/etc/postfix/transport sender_canonical_maps = hash:/etc/postfix/sender_canonical masquerade_exceptions = root masquerade_classes = envelope_sender, header_sender, header_recipient myhostname = iris.caledonia.net delay_warning_time = 1h message_strip_characters = \0 #inet_interfaces = localhost inet_interfaces = all masquerade_domains =? mydestination = $myhostname, localhost.$mydomain defer_transports =? mynetworks_style = subnet disable_dns_lookups = no relayhost =? mailbox_command =? mailbox_transport =? strict_8bitmime = no disable_mime_output_conversion = no #smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_client_restrictions =? smtpd_helo_required = no smtpd_helo_restrictions =? strict_rfc821_envelopes = no smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination,reject_unknown_recipient_domain,reject_unverified_recipient,reject_unauth_pipelining,permit_auth_destination,reject smtp_sasl_auth_enable = no smtpd_sasl_auth_enable = no smtpd_use_tls = no smtp_use_tls = no smtp_enforce_tls = no alias_maps = hash:/etc/aliases mailbox_size_limit = 0 message_size_limit = 91820000 default_process_limit = 100 postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr postscreen_greet_action = ignore Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -- This message has been scanned for viruses and dangerous content by Iris MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us ------------------------------------------------------ Powered by Xeams. Visit xeams.com for more information ------------------------------------------------------ -- This message has been scanned for viruses and dangerous content by Iris MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner at replies.cyways.com Fri Jan 13 22:34:22 2017 From: mailscanner at replies.cyways.com (Peter Lemieux) Date: Fri, 13 Jan 2017 17:34:22 -0500 Subject: Relay access denied In-Reply-To: References: <409383972.2283.1484346370296.JavaMail.root@xeams> Message-ID: If mail is coming from all over the Internet to your host, setting mynetworks = 0.0.0.0/0 in main.cf works as well. Many modern distributions like Ubuntu have only 127.0.0.1 and similar local addresses in the mynetworks field by default. I recommend reading http://www.postfix.org/SMTPD_ACCESS_README.html for a comprehensive overview of how Postfix handles incoming mail. Peter On 01/13/2017 05:30 PM, Danita Zanre wrote: > Ah! See, something simple! Because this was all coming from ?localhost? it > was working - I think I know now! > > Let me work on that. > > > > *Danita Zanr?*, /Move Out of the Office/ > I love my job, and you can too! > Tel: (720) 319-7530 - Caledonia Network Consulting > Tel: (720) 319-8240 - Move Out of the Office > > > On January 13, 2017 at 4:32:33 PM, Shawn Iverson > (iversons at rushville.k12.in.us ) wrote: > >> I don't see a relay_domains definition in your config >> >> relay_domains = hash:/etc/postfix/transport >> >> On Fri, Jan 13, 2017 at 5:21 PM, Danita Zanre > > wrote: >> >> so, for example, >> >> caledonia.net smtp:192.223.10.61 >> >> >> And it works fine until we have mail coming directly to the >> mailscanner server. >> >> >> Full disclosure: >> >> >> We have a xeams server that we are replacing. It and mailscanner are >> on the same box. So, during the switchover, mail has been coming to >> the xeams server, it has been set to not scan anything, and then it >> relays to 127.0.0.1 for postfix to pick it up. I did it this way, >> because we have multiple domain names, and I was switching them over >> one at a time to make sure there were no problems. Xeams continued to >> scan for zanre.com , for example, and passed mail >> for caledonia.net unscanned to >> postix/mailscanner via localhost. >> >> >> So, if I set postfix to listen on all interfaces and turn the xeams >> server off, nothing has really changed except the mail is hitting >> postfix first. I also have postscreen on in ?ignore? mode until I can >> make sure that everything else works, and then I had intended to set >> postscreen to ?enable?. >> >> >> Thanks >> >> >> *Danita Zanr?*, /Move Out of the Office/ >> I love my job, and you can too! >> Tel: (720) 319-7530 - Caledonia Network Consulting >> Tel: (720) 319-8240 - Move Out of the Office >> >> >> On January 13, 2017 at 4:15:33 PM, Shawn Iverson >> (iversons at rushville.k12.in.us ) >> wrote: >> >>> What's in your transport maps? >>> >>> On Fri, Jan 13, 2017 at 5:00 PM, Danita Zanre >> > wrote: >>> >>> Sorry - this is a dumb postfix question I?m sure - it?s been awhile! >>> >>> In setting up my system, I had my mailscanner server behind our >>> existing anti-spam server so that I could test it. So, >>> everything was coming from the existing anti-spam server as a >>> front-end relay server. Working perfectly, but now I?m ready to >>> move forward. >>> >>> But when I redirect mail to come directly to the new mailscanner >>> server, everything says Relay access denied. >>> >>> So, for some reason, postfix is ONLY accepting mail from the >>> relay server. Here?s what is in main.cf - >>> please tell me what silly thing I?ve overlooked! I?ve togged the >>> sender_restrictions on and off thinking something was in there. >>> >>> Thanks >>> >>> inet_protocols = all >>> >>> biff = no >>> >>> mail_spool_directory = /var/mail >>> >>> canonical_maps = hash:/etc/postfix/canonical >>> >>> virtual_alias_maps = hash:/etc/postfix/virtual >>> >>> virtual_alias_domains = hash:/etc/postfix/virtual >>> >>> relocated_maps = hash:/etc/postfix/relocated >>> >>> transport_maps = hash:/etc/postfix/transport >>> >>> sender_canonical_maps = hash:/etc/postfix/sender_canonical >>> >>> masquerade_exceptions = root >>> >>> masquerade_classes = envelope_sender, header_sender, header_recipient >>> >>> myhostname = iris.caledonia.net >>> >>> delay_warning_time = 1h >>> >>> message_strip_characters = \0 >>> >>> #inet_interfaces = localhost >>> >>> inet_interfaces = all >>> >>> masquerade_domains = >>> >>> mydestination = $myhostname, localhost.$mydomain >>> >>> defer_transports = >>> >>> mynetworks_style = subnet >>> >>> disable_dns_lookups = no >>> >>> relayhost = >>> >>> mailbox_command = >>> >>> mailbox_transport = >>> >>> strict_8bitmime = no >>> >>> disable_mime_output_conversion = no >>> >>> #smtpd_sender_restrictions = hash:/etc/postfix/access >>> >>> smtpd_client_restrictions = >>> >>> smtpd_helo_required = no >>> >>> smtpd_helo_restrictions = >>> >>> strict_rfc821_envelopes = no >>> >>> smtpd_recipient_restrictions = >>> permit_mynetworks,reject_unauth_destination,reject_unknown_recipient_domain,reject_unverified_recipient,reject_unauth_pipelining,permit_auth_destination,reject >>> >>> smtp_sasl_auth_enable = no >>> >>> smtpd_sasl_auth_enable = no >>> >>> smtpd_use_tls = no >>> >>> smtp_use_tls = no >>> >>> smtp_enforce_tls = no >>> >>> alias_maps = hash:/etc/aliases >>> >>> mailbox_size_limit = 0 >>> >>> message_size_limit = 91820000 >>> >>> default_process_limit = 100 >>> >>> >>> postscreen_access_list = permit_mynetworks, >>> cidr:/etc/postfix/postscreen_access.cidr >>> >>> postscreen_greet_action = ignore >>> >>> >>> >>> *Danita Zanr?*, /Move Out of the Office/ >>> I love my job, and you can too! >>> Tel: (720) 319-7530 - Caledonia Network >>> Consulting >>> Tel: (720) 319-8240 - Move Out of the Office >>> >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> >>> >>> >>> >>> >>> -- >>> Shawn Iverson >>> Director of Technology >>> Rush County Schools >>> 765-932-3901 x271 >>> iversons at rushville.k12.in.us >>> >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by *Iris MailScanner* , >>> and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> >> >> >> >> -- >> Shawn Iverson >> Director of Technology >> Rush County Schools >> 765-932-3901 x271 >> iversons at rushville.k12.in.us >> >> >> ------------------------------------------------------ >> Powered by Xeams. Visit xeams.com for more information >> ------------------------------------------------------ >> >> -- >> This message has been scanned for viruses and >> dangerous content by *Iris MailScanner* , and is >> believed to be clean. > > > > From danita at caledonia.net Sat Jan 14 03:05:39 2017 From: danita at caledonia.net (Danita Zanre) Date: Fri, 13 Jan 2017 21:05:39 -0600 Subject: Relay access denied In-Reply-To: References: <409383972.2283.1484346370296.JavaMail.root@xeams> Message-ID: Thanks - it?s all working fine now. ? Final question. ?Are there any settings that should be optimized for postscreen? ?Or just turn it loose and let it do its thing?? Thanks. Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia Network Consulting Tel: (720) 319-8240 - Move Out of the Office On January 13, 2017 at 4:41:26 PM, Peter Lemieux (mailscanner at replies.cyways.com) wrote: If mail is coming from all over the Internet to your host, setting mynetworks = 0.0.0.0/0 in main.cf works as well. Many modern distributions like Ubuntu have only 127.0.0.1 and similar local addresses in the mynetworks field by default. I recommend reading http://www.postfix.org/SMTPD_ACCESS_README.html for a comprehensive overview of how Postfix handles incoming mail. Peter On 01/13/2017 05:30 PM, Danita Zanre wrote: > Ah! See, something simple! Because this was all coming from ?localhost? it > was working - I think I know now! > > Let me work on that. > > > > *Danita Zanr?*, /Move Out of the Office/ > I love my job, and you can too! > Tel: (720) 319-7530 - Caledonia Network Consulting > Tel: (720) 319-8240 - Move Out of the Office > > > On January 13, 2017 at 4:32:33 PM, Shawn Iverson > (iversons at rushville.k12.in.us ) wrote: > >> I don't see a relay_domains definition in your config >> >> relay_domains = hash:/etc/postfix/transport >> >> On Fri, Jan 13, 2017 at 5:21 PM, Danita Zanre > > wrote: >> >> so, for example, >> >> caledonia.net smtp:192.223.10.61 >> >> >> And it works fine until we have mail coming directly to the >> mailscanner server. >> >> >> Full disclosure: >> >> >> We have a xeams server that we are replacing. It and mailscanner are >> on the same box. So, during the switchover, mail has been coming to >> the xeams server, it has been set to not scan anything, and then it >> relays to 127.0.0.1 for postfix to pick it up. I did it this way, >> because we have multiple domain names, and I was switching them over >> one at a time to make sure there were no problems. Xeams continued to >> scan for zanre.com , for example, and passed mail >> for caledonia.net unscanned to >> postix/mailscanner via localhost. >> >> >> So, if I set postfix to listen on all interfaces and turn the xeams >> server off, nothing has really changed except the mail is hitting >> postfix first. I also have postscreen on in ?ignore? mode until I can >> make sure that everything else works, and then I had intended to set >> postscreen to ?enable?. >> >> >> Thanks >> >> >> *Danita Zanr?*, /Move Out of the Office/ >> I love my job, and you can too! >> Tel: (720) 319-7530 - Caledonia Network Consulting >> Tel: (720) 319-8240 - Move Out of the Office >> >> >> On January 13, 2017 at 4:15:33 PM, Shawn Iverson >> (iversons at rushville.k12.in.us ) >> wrote: >> >>> What's in your transport maps? >>> >>> On Fri, Jan 13, 2017 at 5:00 PM, Danita Zanre >> > wrote: >>> >>> Sorry - this is a dumb postfix question I?m sure - it?s been awhile! >>> >>> In setting up my system, I had my mailscanner server behind our >>> existing anti-spam server so that I could test it. So, >>> everything was coming from the existing anti-spam server as a >>> front-end relay server. Working perfectly, but now I?m ready to >>> move forward. >>> >>> But when I redirect mail to come directly to the new mailscanner >>> server, everything says Relay access denied. >>> >>> So, for some reason, postfix is ONLY accepting mail from the >>> relay server. Here?s what is in main.cf - >>> please tell me what silly thing I?ve overlooked! I?ve togged the >>> sender_restrictions on and off thinking something was in there. >>> >>> Thanks >>> >>> inet_protocols = all >>> >>> biff = no >>> >>> mail_spool_directory = /var/mail >>> >>> canonical_maps = hash:/etc/postfix/canonical >>> >>> virtual_alias_maps = hash:/etc/postfix/virtual >>> >>> virtual_alias_domains = hash:/etc/postfix/virtual >>> >>> relocated_maps = hash:/etc/postfix/relocated >>> >>> transport_maps = hash:/etc/postfix/transport >>> >>> sender_canonical_maps = hash:/etc/postfix/sender_canonical >>> >>> masquerade_exceptions = root >>> >>> masquerade_classes = envelope_sender, header_sender, header_recipient >>> >>> myhostname = iris.caledonia.net >>> >>> delay_warning_time = 1h >>> >>> message_strip_characters = \0 >>> >>> #inet_interfaces = localhost >>> >>> inet_interfaces = all >>> >>> masquerade_domains = >>> >>> mydestination = $myhostname, localhost.$mydomain >>> >>> defer_transports = >>> >>> mynetworks_style = subnet >>> >>> disable_dns_lookups = no >>> >>> relayhost = >>> >>> mailbox_command = >>> >>> mailbox_transport = >>> >>> strict_8bitmime = no >>> >>> disable_mime_output_conversion = no >>> >>> #smtpd_sender_restrictions = hash:/etc/postfix/access >>> >>> smtpd_client_restrictions = >>> >>> smtpd_helo_required = no >>> >>> smtpd_helo_restrictions = >>> >>> strict_rfc821_envelopes = no >>> >>> smtpd_recipient_restrictions = >>> permit_mynetworks,reject_unauth_destination,reject_unknown_recipient_domain,reject_unverified_recipient,reject_unauth_pipelining,permit_auth_destination,reject >>> >>> smtp_sasl_auth_enable = no >>> >>> smtpd_sasl_auth_enable = no >>> >>> smtpd_use_tls = no >>> >>> smtp_use_tls = no >>> >>> smtp_enforce_tls = no >>> >>> alias_maps = hash:/etc/aliases >>> >>> mailbox_size_limit = 0 >>> >>> message_size_limit = 91820000 >>> >>> default_process_limit = 100 >>> >>> >>> postscreen_access_list = permit_mynetworks, >>> cidr:/etc/postfix/postscreen_access.cidr >>> >>> postscreen_greet_action = ignore >>> >>> >>> >>> *Danita Zanr?*, /Move Out of the Office/ >>> I love my job, and you can too! >>> Tel: (720) 319-7530 - Caledonia Network >>> Consulting >>> Tel: (720) 319-8240 - Move Out of the Office >>> >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> >>> >>> >>> >>> >>> -- >>> Shawn Iverson >>> Director of Technology >>> Rush County Schools >>> 765-932-3901 x271 >>> iversons at rushville.k12.in.us >>> >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by *Iris MailScanner* , >>> and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> >> >> >> >> -- >> Shawn Iverson >> Director of Technology >> Rush County Schools >> 765-932-3901 x271 >> iversons at rushville.k12.in.us >> >> >> ------------------------------------------------------ >> Powered by Xeams. Visit xeams.com for more information >> ------------------------------------------------------ >> >> -- >> This message has been scanned for viruses and >> dangerous content by *Iris MailScanner* , and is >> believed to be clean. > > > > -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by Iris MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From faisal.telecomm at gmail.com Sun Jan 15 04:58:23 2017 From: faisal.telecomm at gmail.com (Faisal Naeem) Date: Sun, 15 Jan 2017 09:58:23 +0500 Subject: MailScanner - RHEL 7 Systemd In-Reply-To: References: Message-ID: Hi Warwick, Can you please share step by step instructions to set *MailScanner with Exim on CentOS 7*........ as I am looking to setup everything from scratch ........ Else, I have no choice to go back with *MailScanner with Exim on CentOS 6 ......... *because I am unable to have good tutorials/articles .........on *MailScanner with Exim on CentOS 7*. On Sat, Jan 14, 2017 at 1:26 AM, Warwick Brown wrote: > Also?running exim from the command-line without the ?C > /path/to/outbound/exim.conf just delivers from the inbound queue thus > bypassing mailscanner altogether. > > > > It may be worth setting a command alias for ?exim ?C > /path/to/outbound/exim.conf? for your convenience. > > > > Regards, > > > > warwick > > > > *From:* MailScanner [mailto:mailscanner-bounces+warwick.x.brown=serco.com@ > lists.mailscanner.info] *On Behalf Of *Faisal Naeem > *Sent:* 13 January 2017 19:36 > *To:* MailScanner Discussion > > *Subject:* Re: MailScanner - RHEL 7 Systemd > > > > Hi Warwick, > > I have applied your suggestions, but my outgoing exim is still not > delivering emails automatically ........ however, when I push email (exim > -M ) it gets delivered ........ > > Can you guide me on this issue as well ....... > > > > On Thu, Jan 12, 2017 at 3:41 PM, Faisal Naeem > wrote: > > Hi Warwick > > > > Thanks for pointing my exact issue. I'll try your suggestions. > > > On Thursday, January 12, 2017, Warwick Brown > wrote: > > *From:* MailScanner [mailto:mailscanner-bounces+warwick.x.brown=serco.com@ > lists.mailscanner.info > ] *On > Behalf Of *Faisal Naeem > *Sent:* 12 January 2017 10:05 > *To:* mailscanner at lists.mailscanner.info > *Subject:* Re: MailScanner - RHEL 7 Systemd > > > > Dear All, > > I need your support for setting up MailScanner with RHEL 7.2. Your support > is highly appreciated for configuring MailScanner system unit to run the > service properly along with ExecStart statements for both incoming and > outgoing Exim. > > Thanks. > > > > > > If my hunch is right that you want to know how to start/stop exim from > system with a dual daemon setup - try placing these two files to create the > ?exim-in? and ?exim-out? services, and then enable the service like you > would any other system service > > > > # cat /etc/systemd/system/exim-in.service > > [Unit] > > Description=Exim Mail Transport Agent Input Queue > > After=network.target > > Conflicts=sendmail.service postfix.service exim.service > > > > [Service] > > PrivateTmp=true > > Environment=QUEUE=1h > > EnvironmentFile=-/etc/sysconfig/exim > > ExecStartPre=-/usr/libexec/exim-gen-cert > > ExecStart=/usr/sbin/exim -bd > > > > [Install] > > WantedBy=multi-user.target > > > > # cat /etc/systemd/system/exim-out.service > > [Unit] > > Description=Exim Mail Transport Agent Output Queue > > After=network.target > > Conflicts=sendmail.service postfix.service exim.service > > > > [Service] > > PrivateTmp=true > > Environment=QUEUE=1m > > EnvironmentFile=-/etc/sysconfig/exim > > ExecStartPre=-/usr/libexec/exim-gen-cert > > ExecStart=/usr/sbin/exim -bd -q${QUEUE} -C /etc/exim/exim_out.conf -oP > /var/run/exim-out.pid > > > > [Install] > > WantedBy=multi-user.target > > > > # > > > > Regards, > > > > Warwick > > > > > ______________________________________________________________________ > This email has been scanned by the Symantec Email Security.cloud service. > For more information please visit http://www.symanteccloud.com > ______________________________________________________________________ > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Warwick.x.Brown at serco.com Mon Jan 16 15:08:45 2017 From: Warwick.x.Brown at serco.com (Warwick Brown) Date: Mon, 16 Jan 2017 15:08:45 +0000 Subject: MailScanner - RHEL 7 Systemd In-Reply-To: References: Message-ID: Sorry Faisal, There is good documentation out there already and I don?t have time to re-write it for you. Basically, (1) you need to have an exim config that works before you start, and (2) you need to read the integration guide https://www.mailscanner.info/exim/ to implement the required changes, and then (3) use the scripts I provided before to overcome the fact the documentation doesn?t currently cover systemd configuration. It is not something you can install out of the box and expect it ?just-to-work?. You need to have a real feel of what you?re doing and what you?re working with (e.g. strong prior knowledge of Exim and SMTP) If you don?t have time or the knowledge to do this ? then you may want to consider an appliance such as https://efa-project.org/ which has mailscanner built-in and will just ?get-you-there?. Regards, Warwick From: MailScanner [mailto:mailscanner-bounces+warwick.x.brown=serco.com at lists.mailscanner.info] On Behalf Of Faisal Naeem Sent: 15 January 2017 04:58 To: MailScanner Discussion Subject: Re: MailScanner - RHEL 7 Systemd Hi Warwick, Can you please share step by step instructions to set MailScanner with Exim on CentOS 7........ as I am looking to setup everything from scratch ........ Else, I have no choice to go back with MailScanner with Exim on CentOS 6 ......... because I am unable to have good tutorials/articles .........on MailScanner with Exim on CentOS 7. On Sat, Jan 14, 2017 at 1:26 AM, Warwick Brown > wrote: Also?running exim from the command-line without the ?C /path/to/outbound/exim.conf just delivers from the inbound queue thus bypassing mailscanner altogether. It may be worth setting a command alias for ?exim ?C /path/to/outbound/exim.conf? for your convenience. Regards, warwick From: MailScanner [mailto:mailscanner-bounces+warwick.x.brown=serco.com at lists.mailscanner.info] On Behalf Of Faisal Naeem Sent: 13 January 2017 19:36 To: MailScanner Discussion > Subject: Re: MailScanner - RHEL 7 Systemd Hi Warwick, I have applied your suggestions, but my outgoing exim is still not delivering emails automatically ........ however, when I push email (exim -M ) it gets delivered ........ Can you guide me on this issue as well ....... On Thu, Jan 12, 2017 at 3:41 PM, Faisal Naeem > wrote: Hi Warwick Thanks for pointing my exact issue. I'll try your suggestions. On Thursday, January 12, 2017, Warwick Brown > wrote: From: MailScanner [mailto:mailscanner-bounces+warwick.x.brown=serco.com at lists.mailscanner.info] On Behalf Of Faisal Naeem Sent: 12 January 2017 10:05 To: mailscanner at lists.mailscanner.info Subject: Re: MailScanner - RHEL 7 Systemd Dear All, I need your support for setting up MailScanner with RHEL 7.2. Your support is highly appreciated for configuring MailScanner system unit to run the service properly along with ExecStart statements for both incoming and outgoing Exim. Thanks. If my hunch is right that you want to know how to start/stop exim from system with a dual daemon setup - try placing these two files to create the ?exim-in? and ?exim-out? services, and then enable the service like you would any other system service # cat /etc/systemd/system/exim-in.service [Unit] Description=Exim Mail Transport Agent Input Queue After=network.target Conflicts=sendmail.service postfix.service exim.service [Service] PrivateTmp=true Environment=QUEUE=1h EnvironmentFile=-/etc/sysconfig/exim ExecStartPre=-/usr/libexec/exim-gen-cert ExecStart=/usr/sbin/exim -bd [Install] WantedBy=multi-user.target # cat /etc/systemd/system/exim-out.service [Unit] Description=Exim Mail Transport Agent Output Queue After=network.target Conflicts=sendmail.service postfix.service exim.service [Service] PrivateTmp=true Environment=QUEUE=1m EnvironmentFile=-/etc/sysconfig/exim ExecStartPre=-/usr/libexec/exim-gen-cert ExecStart=/usr/sbin/exim -bd -q${QUEUE} -C /etc/exim/exim_out.conf -oP /var/run/exim-out.pid [Install] WantedBy=multi-user.target # Regards, Warwick ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: From faisal.telecomm at gmail.com Wed Jan 18 17:18:50 2017 From: faisal.telecomm at gmail.com (Faisal Naeem) Date: Wed, 18 Jan 2017 22:18:50 +0500 Subject: MailScanner - RHEL 7 Systemd In-Reply-To: References: Message-ID: Hi Warwick, Thanks for your suggestion and support. I'll do follow all steps accordingly. I have one more question that configuring exim-in and exim-out services will not lead to port binding issue ? As when I setup exim-in and exim-out services, I got error on port conflict, that port 25 is already in use by exim-in. Could you please suggest some way forward. On Mon, Jan 16, 2017 at 8:08 PM, Warwick Brown wrote: > Sorry Faisal, > > > > There is good documentation out there already and I don?t have time to > re-write it for you. Basically, (1) you need to have an exim config that > works before you start, and (2) you need to read the integration guide > https://www.mailscanner.info/exim/ to implement the required changes, and > then (3) use the scripts I provided before to overcome the fact the > documentation doesn?t currently cover systemd configuration. > > > > It is not something you can install out of the box and expect it > ?just-to-work?. You need to have a real feel of what you?re doing and what > you?re working with (e.g. strong prior knowledge of Exim and SMTP) > > > > If you don?t have time or the knowledge to do this ? then you may want to > consider an appliance such as https://efa-project.org/ which has > mailscanner built-in and will just ?get-you-there?. > > > > Regards, > > > > Warwick > > > > *From:* MailScanner [mailto:mailscanner-bounces+warwick.x.brown=serco.com@ > lists.mailscanner.info] *On Behalf Of *Faisal Naeem > *Sent:* 15 January 2017 04:58 > > *To:* MailScanner Discussion > *Subject:* Re: MailScanner - RHEL 7 Systemd > > > > Hi Warwick, > > Can you please share step by step instructions to set *MailScanner with > Exim on CentOS 7*........ as I am looking to setup everything from > scratch ........ > > Else, I have no choice to go back with *MailScanner with Exim on CentOS > 6 ......... *because I am unable to have good tutorials/articles > .........on *MailScanner with Exim on CentOS 7*. > > > > On Sat, Jan 14, 2017 at 1:26 AM, Warwick Brown > wrote: > > Also?running exim from the command-line without the ?C > /path/to/outbound/exim.conf just delivers from the inbound queue thus > bypassing mailscanner altogether. > > > > It may be worth setting a command alias for ?exim ?C > /path/to/outbound/exim.conf? for your convenience. > > > > Regards, > > > > warwick > > > > *From:* MailScanner [mailto:mailscanner-bounces+warwick.x.brown=serco.com@ > lists.mailscanner.info] *On Behalf Of *Faisal Naeem > *Sent:* 13 January 2017 19:36 > *To:* MailScanner Discussion > > > *Subject:* Re: MailScanner - RHEL 7 Systemd > > > > Hi Warwick, > > I have applied your suggestions, but my outgoing exim is still not > delivering emails automatically ........ however, when I push email (exim > -M ) it gets delivered ........ > > Can you guide me on this issue as well ....... > > > > On Thu, Jan 12, 2017 at 3:41 PM, Faisal Naeem > wrote: > > Hi Warwick > > > > Thanks for pointing my exact issue. I'll try your suggestions. > > > On Thursday, January 12, 2017, Warwick Brown > wrote: > > *From:* MailScanner [mailto:mailscanner-bounces+warwick.x.brown=serco.com@ > lists.mailscanner.info > ] *On > Behalf Of *Faisal Naeem > *Sent:* 12 January 2017 10:05 > *To:* mailscanner at lists.mailscanner.info > *Subject:* Re: MailScanner - RHEL 7 Systemd > > > > Dear All, > > I need your support for setting up MailScanner with RHEL 7.2. Your support > is highly appreciated for configuring MailScanner system unit to run the > service properly along with ExecStart statements for both incoming and > outgoing Exim. > > Thanks. > > > > > > If my hunch is right that you want to know how to start/stop exim from > system with a dual daemon setup - try placing these two files to create the > ?exim-in? and ?exim-out? services, and then enable the service like you > would any other system service > > > > # cat /etc/systemd/system/exim-in.service > > [Unit] > > Description=Exim Mail Transport Agent Input Queue > > After=network.target > > Conflicts=sendmail.service postfix.service exim.service > > > > [Service] > > PrivateTmp=true > > Environment=QUEUE=1h > > EnvironmentFile=-/etc/sysconfig/exim > > ExecStartPre=-/usr/libexec/exim-gen-cert > > ExecStart=/usr/sbin/exim -bd > > > > [Install] > > WantedBy=multi-user.target > > > > # cat /etc/systemd/system/exim-out.service > > [Unit] > > Description=Exim Mail Transport Agent Output Queue > > After=network.target > > Conflicts=sendmail.service postfix.service exim.service > > > > [Service] > > PrivateTmp=true > > Environment=QUEUE=1m > > EnvironmentFile=-/etc/sysconfig/exim > > ExecStartPre=-/usr/libexec/exim-gen-cert > > ExecStart=/usr/sbin/exim -bd -q${QUEUE} -C /etc/exim/exim_out.conf -oP > /var/run/exim-out.pid > > > > [Install] > > WantedBy=multi-user.target > > > > # > > > > Regards, > > > > Warwick > > > > > ______________________________________________________________________ > This email has been scanned by the Symantec Email Security.cloud service. > For more information please visit http://www.symanteccloud.com > ______________________________________________________________________ > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > ______________________________________________________________________ > This email has been scanned by the Symantec Email Security.cloud service. > For more information please visit http://www.symanteccloud.com > ______________________________________________________________________ > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Antony.Stone at mailscanner.open.source.it Wed Jan 18 17:57:09 2017 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Wed, 18 Jan 2017 18:57:09 +0100 Subject: MailScanner - RHEL 7 Systemd In-Reply-To: References: Message-ID: <201701181857.10176.Antony.Stone@mailscanner.open.source.it> On Wednesday 18 January 2017 at 18:18:50, Faisal Naeem wrote: > Hi Warwick, > > Thanks for your suggestion and support. I'll do follow all steps > accordingly. I have one more question that configuring exim-in and exim-out > services will not lead to port binding issue ? > > As when I setup exim-in and exim-out services, I got error on port > conflict, that port 25 is already in use by exim-in. You should be running two instances of Exim, one with the "-bd" option and no "-q15m" option, and the other one with the "-q15m" option and no "-bd" option. The one with "-bd" will be listening on port 25; the one without that option will not attempt to bind to the port. See the paragraphs under "Running Exim" about halfway down the documentation recommended by Warwick: > On Mon, Jan 16, 2017 at 8:08 PM, Warwick Brown wrote: > > > > There is good documentation out there already and I don?t have time to > > re-write it for you. Basically, (1) you need to have an exim config that > > works before you start, and (2) you need to read the integration guide > > https://www.mailscanner.info/exim/ to implement the required changes, and > > then (3) use the scripts I provided before to overcome the fact the > > documentation doesn?t currently cover systemd configuration. -- "I find the whole business of religion profoundly interesting. But it does mystify me that otherwise intelligent people take it seriously." - Douglas Adams Please reply to the list; please *don't* CC me. From Warwick.x.Brown at serco.com Wed Jan 18 20:44:16 2017 From: Warwick.x.Brown at serco.com (Warwick Brown) Date: Wed, 18 Jan 2017 20:44:16 +0000 Subject: MailScanner - RHEL 7 Systemd In-Reply-To: References: Message-ID: Ah yes, I bound exim-out daemon to port 26 and made sure the local firewall didn?t permit access to it. It doesn?t matter what port it?s on?so long as it has something to bind to. From: MailScanner [mailto:mailscanner-bounces+warwick.x.brown=serco.com at lists.mailscanner.info] On Behalf Of Faisal Naeem Sent: 18 January 2017 17:19 To: MailScanner Discussion Subject: Re: MailScanner - RHEL 7 Systemd Hi Warwick, Thanks for your suggestion and support. I'll do follow all steps accordingly. I have one more question that configuring exim-in and exim-out services will not lead to port binding issue ? As when I setup exim-in and exim-out services, I got error on port conflict, that port 25 is already in use by exim-in. Could you please suggest some way forward. On Mon, Jan 16, 2017 at 8:08 PM, Warwick Brown > wrote: Sorry Faisal, There is good documentation out there already and I don?t have time to re-write it for you. Basically, (1) you need to have an exim config that works before you start, and (2) you need to read the integration guide https://www.mailscanner.info/exim/ to implement the required changes, and then (3) use the scripts I provided before to overcome the fact the documentation doesn?t currently cover systemd configuration. It is not something you can install out of the box and expect it ?just-to-work?. You need to have a real feel of what you?re doing and what you?re working with (e.g. strong prior knowledge of Exim and SMTP) If you don?t have time or the knowledge to do this ? then you may want to consider an appliance such as https://efa-project.org/ which has mailscanner built-in and will just ?get-you-there?. Regards, Warwick From: MailScanner [mailto:mailscanner-bounces+warwick.x.brown=serco.com at lists.mailscanner.info] On Behalf Of Faisal Naeem Sent: 15 January 2017 04:58 To: MailScanner Discussion > Subject: Re: MailScanner - RHEL 7 Systemd Hi Warwick, Can you please share step by step instructions to set MailScanner with Exim on CentOS 7........ as I am looking to setup everything from scratch ........ Else, I have no choice to go back with MailScanner with Exim on CentOS 6 ......... because I am unable to have good tutorials/articles .........on MailScanner with Exim on CentOS 7. On Sat, Jan 14, 2017 at 1:26 AM, Warwick Brown > wrote: Also?running exim from the command-line without the ?C /path/to/outbound/exim.conf just delivers from the inbound queue thus bypassing mailscanner altogether. It may be worth setting a command alias for ?exim ?C /path/to/outbound/exim.conf? for your convenience. Regards, warwick From: MailScanner [mailto:mailscanner-bounces+warwick.x.brown=serco.com at lists.mailscanner.info] On Behalf Of Faisal Naeem Sent: 13 January 2017 19:36 To: MailScanner Discussion > Subject: Re: MailScanner - RHEL 7 Systemd Hi Warwick, I have applied your suggestions, but my outgoing exim is still not delivering emails automatically ........ however, when I push email (exim -M ) it gets delivered ........ Can you guide me on this issue as well ....... On Thu, Jan 12, 2017 at 3:41 PM, Faisal Naeem > wrote: Hi Warwick Thanks for pointing my exact issue. I'll try your suggestions. On Thursday, January 12, 2017, Warwick Brown > wrote: From: MailScanner [mailto:mailscanner-bounces+warwick.x.brown=serco.com at lists.mailscanner.info] On Behalf Of Faisal Naeem Sent: 12 January 2017 10:05 To: mailscanner at lists.mailscanner.info Subject: Re: MailScanner - RHEL 7 Systemd Dear All, I need your support for setting up MailScanner with RHEL 7.2. Your support is highly appreciated for configuring MailScanner system unit to run the service properly along with ExecStart statements for both incoming and outgoing Exim. Thanks. If my hunch is right that you want to know how to start/stop exim from system with a dual daemon setup - try placing these two files to create the ?exim-in? and ?exim-out? services, and then enable the service like you would any other system service # cat /etc/systemd/system/exim-in.service [Unit] Description=Exim Mail Transport Agent Input Queue After=network.target Conflicts=sendmail.service postfix.service exim.service [Service] PrivateTmp=true Environment=QUEUE=1h EnvironmentFile=-/etc/sysconfig/exim ExecStartPre=-/usr/libexec/exim-gen-cert ExecStart=/usr/sbin/exim -bd [Install] WantedBy=multi-user.target # cat /etc/systemd/system/exim-out.service [Unit] Description=Exim Mail Transport Agent Output Queue After=network.target Conflicts=sendmail.service postfix.service exim.service [Service] PrivateTmp=true Environment=QUEUE=1m EnvironmentFile=-/etc/sysconfig/exim ExecStartPre=-/usr/libexec/exim-gen-cert ExecStart=/usr/sbin/exim -bd -q${QUEUE} -C /etc/exim/exim_out.conf -oP /var/run/exim-out.pid [Install] WantedBy=multi-user.target # Regards, Warwick ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmgomess at gmail.com Fri Jan 20 15:18:46 2017 From: mmgomess at gmail.com (Marcelo Machado) Date: Fri, 20 Jan 2017 13:18:46 -0200 Subject: Denial Of Service attack Message-ID: Hi everyone. Many users of my domain are receiving the message below and the original message is lost: MailScanner was attacked by a Denial Of Service attack, and has therefore deleted this part of the message. Please contact your e-mail providers for more information if you need it, giving them the whole of this report. Attack in: /var/spool/MailScanner/incoming/5106/5B02C7C002C8.A3986/nmsg-5106-92.html In log mail.log the correspondent error is: "Content Checks: Detected and have disarmed KILLED tags in HTML message in" Anyone can help me? Marcelo Gomes From jason at geeknocity.com Fri Jan 20 15:29:26 2017 From: jason at geeknocity.com (Jason Waters) Date: Fri, 20 Jan 2017 10:29:26 -0500 Subject: Denial Of Service attack In-Reply-To: References: Message-ID: Search your logs and see if it says status = 13, that is a permission thing. I had the same problem. cat /var/log/mail.log |grep "status = 13" -A4 On Fri, Jan 20, 2017 at 10:18 AM, Marcelo Machado wrote: > Hi everyone. > > Many users of my domain are receiving the message below and the > original message is lost: > > MailScanner was attacked by a Denial Of Service attack, and has > therefore deleted this part of the message. Please contact your e-mail > providers for more information if you need it, giving them the whole > of this report. Attack in: > /var/spool/MailScanner/incoming/5106/5B02C7C002C8.A3986/nmsg-5106-92.html > > In log mail.log the correspondent error is: > > "Content Checks: Detected and have disarmed KILLED tags in HTML message in" > > Anyone can help me? > > > Marcelo Gomes > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmgomess at gmail.com Fri Jan 20 16:21:37 2017 From: mmgomess at gmail.com (Marcelo Machado) Date: Fri, 20 Jan 2017 14:21:37 -0200 Subject: Denial Of Service attack In-Reply-To: References: Message-ID: Yes. So many lines with this message. And how did you resolv this issue? 2017-01-20 13:29 GMT-02:00 Jason Waters : > Search your logs and see if it says status = 13, that is a permission thing. > I had the same problem. > > cat /var/log/mail.log |grep "status = 13" -A4 > > > > On Fri, Jan 20, 2017 at 10:18 AM, Marcelo Machado > wrote: >> >> Hi everyone. >> >> Many users of my domain are receiving the message below and the >> original message is lost: >> >> MailScanner was attacked by a Denial Of Service attack, and has >> therefore deleted this part of the message. Please contact your e-mail >> providers for more information if you need it, giving them the whole >> of this report. Attack in: >> /var/spool/MailScanner/incoming/5106/5B02C7C002C8.A3986/nmsg-5106-92.html >> >> In log mail.log the correspondent error is: >> >> "Content Checks: Detected and have disarmed KILLED tags in HTML message >> in" >> >> Anyone can help me? >> >> >> Marcelo Gomes >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From jason at geeknocity.com Fri Jan 20 17:21:39 2017 From: jason at geeknocity.com (Jason Waters) Date: Fri, 20 Jan 2017 12:21:39 -0500 Subject: Denial Of Service attack In-Reply-To: References: Message-ID: I had a couple things wrong. I had some of the user/group settings in MailScanner.conf wrong, and then I needed to set the permissions on /var/spool/MailScanner correctly. On Fri, Jan 20, 2017 at 11:21 AM, Marcelo Machado wrote: > Yes. So many lines with this message. > > And how did you resolv this issue? > > 2017-01-20 13:29 GMT-02:00 Jason Waters : > > Search your logs and see if it says status = 13, that is a permission > thing. > > I had the same problem. > > > > cat /var/log/mail.log |grep "status = 13" -A4 > > > > > > > > On Fri, Jan 20, 2017 at 10:18 AM, Marcelo Machado > > wrote: > >> > >> Hi everyone. > >> > >> Many users of my domain are receiving the message below and the > >> original message is lost: > >> > >> MailScanner was attacked by a Denial Of Service attack, and has > >> therefore deleted this part of the message. Please contact your e-mail > >> providers for more information if you need it, giving them the whole > >> of this report. Attack in: > >> /var/spool/MailScanner/incoming/5106/5B02C7C002C8. > A3986/nmsg-5106-92.html > >> > >> In log mail.log the correspondent error is: > >> > >> "Content Checks: Detected and have disarmed KILLED tags in HTML message > >> in" > >> > >> Anyone can help me? > >> > >> > >> Marcelo Gomes > >> > >> > >> -- > >> MailScanner mailing list > >> mailscanner at lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > > > > > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevin.miller at juneau.org Fri Jan 20 23:37:40 2017 From: kevin.miller at juneau.org (Kevin Miller) Date: Fri, 20 Jan 2017 23:37:40 +0000 Subject: restarting MailScanner and/or MTA Message-ID: <09464edba18f4bda995dfc76d455b00e@City-Exch-DB2.cbj.local> Now that system seems to be taking over, I'm wondering what is the best way to stop/restart MailScanner and one's MTA of choice. I'm running Postfix on Debian Jesse. In the old days, the init.d script would start MailScanner, then the MTA. One stop shopping. Now they're started independently. If one started the MTA outside of the MailScanner start/stop script, you could end up with mail coming in and bypassing MailScanner altogether. What is the best practice now, with the two process being unbundled? Does one have to be started before the other? Can I stop/start either without stopping the other as well? TIA... ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357 From jerry.benton at mailborder.com Fri Jan 20 23:44:59 2017 From: jerry.benton at mailborder.com (Jerry Benton) Date: Fri, 20 Jan 2017 18:44:59 -0500 Subject: restarting MailScanner and/or MTA In-Reply-To: <09464edba18f4bda995dfc76d455b00e@City-Exch-DB2.cbj.local> References: <09464edba18f4bda995dfc76d455b00e@City-Exch-DB2.cbj.local> Message-ID: Mail will not be skipped by MailScanner if you are using Postfix. It goes int the Postfix?s hold directory and is picked up by MailScanner. If MailScanner is not running it would just sit there until MailScanner started. - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Jan 20, 2017, at 6:37 PM, Kevin Miller wrote: > > Now that system seems to be taking over, I'm wondering what is the best way to stop/restart MailScanner and one's MTA of choice. I'm running Postfix on Debian Jesse. In the old days, the init.d script would start MailScanner, then the MTA. One stop shopping. Now they're started independently. If one started the MTA outside of the MailScanner start/stop script, you could end up with mail coming in and bypassing MailScanner altogether. > > What is the best practice now, with the two process being unbundled? Does one have to be started before the other? Can I stop/start either without stopping the other as well? > > TIA... > > ...Kevin > -- > Kevin Miller > Network/email Administrator, CBJ MIS Dept. > 155 South Seward Street > Juneau, Alaska 99801 > Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357 > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevin.miller at juneau.org Sat Jan 21 01:01:53 2017 From: kevin.miller at juneau.org (Kevin Miller) Date: Sat, 21 Jan 2017 01:01:53 +0000 Subject: restarting MailScanner and/or MTA In-Reply-To: References: <09464edba18f4bda995dfc76d455b00e@City-Exch-DB2.cbj.local> Message-ID: So, in other words, for me at least it doesn?t matter what order I start things? From: MailScanner [mailto:mailscanner-bounces+kevin.miller=juneau.org at lists.mailscanner.info] On Behalf Of Jerry Benton Sent: Friday, January 20, 2017 2:45 PM To: MailScanner Discussion Subject: Re: restarting MailScanner and/or MTA Mail will not be skipped by MailScanner if you are using Postfix. It goes int the Postfix?s hold directory and is picked up by MailScanner. If MailScanner is not running it would just sit there until MailScanner started. - Jerry Benton www.mailborder.com +1 - 844-436-6245 On Jan 20, 2017, at 6:37 PM, Kevin Miller > wrote: Now that system seems to be taking over, I'm wondering what is the best way to stop/restart MailScanner and one's MTA of choice. I'm running Postfix on Debian Jesse. In the old days, the init.d script would start MailScanner, then the MTA. One stop shopping. Now they're started independently. If one started the MTA outside of the MailScanner start/stop script, you could end up with mail coming in and bypassing MailScanner altogether. What is the best practice now, with the two process being unbundled? Does one have to be started before the other? Can I stop/start either without stopping the other as well? TIA... ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357 -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Sat Jan 21 01:08:00 2017 From: jerry.benton at mailborder.com (Jerry Benton) Date: Fri, 20 Jan 2017 20:08:00 -0500 Subject: restarting MailScanner and/or MTA In-Reply-To: References: <09464edba18f4bda995dfc76d455b00e@City-Exch-DB2.cbj.local> Message-ID: Kevin, Doesn?t matter. - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Jan 20, 2017, at 8:01 PM, Kevin Miller wrote: > > So, in other words, for me at least it doesn?t matter what order I start things? > > > From: MailScanner [mailto:mailscanner-bounces+kevin.miller=juneau.org at lists.mailscanner.info] On Behalf Of Jerry Benton > Sent: Friday, January 20, 2017 2:45 PM > To: MailScanner Discussion > Subject: Re: restarting MailScanner and/or MTA > > Mail will not be skipped by MailScanner if you are using Postfix. It goes int the Postfix?s hold directory and is picked up by MailScanner. If MailScanner is not running it would just sit there until MailScanner started. > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > > On Jan 20, 2017, at 6:37 PM, Kevin Miller > wrote: > > Now that system seems to be taking over, I'm wondering what is the best way to stop/restart MailScanner and one's MTA of choice. I'm running Postfix on Debian Jesse. In the old days, the init.d script would start MailScanner, then the MTA. One stop shopping. Now they're started independently. If one started the MTA outside of the MailScanner start/stop script, you could end up with mail coming in and bypassing MailScanner altogether. > > What is the best practice now, with the two process being unbundled? Does one have to be started before the other? Can I stop/start either without stopping the other as well? > > TIA... > > ...Kevin > -- > Kevin Miller > Network/email Administrator, CBJ MIS Dept. > 155 South Seward Street > Juneau, Alaska 99801 > Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357 > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmgomess at gmail.com Sat Jan 21 15:23:54 2017 From: mmgomess at gmail.com (Marcelo Machado) Date: Sat, 21 Jan 2017 13:23:54 -0200 Subject: Denial Of Service attack In-Reply-To: References: Message-ID: I've tried several combinations but I still keep the same error. What are the correct settings and permissions? Marcelo 2017-01-20 15:21 GMT-02:00 Jason Waters : > I had a couple things wrong. I had some of the user/group settings in > MailScanner.conf wrong, and then I needed to set the permissions on > /var/spool/MailScanner correctly. > > On Fri, Jan 20, 2017 at 11:21 AM, Marcelo Machado > wrote: >> >> Yes. So many lines with this message. >> >> And how did you resolv this issue? >> >> 2017-01-20 13:29 GMT-02:00 Jason Waters : >> > Search your logs and see if it says status = 13, that is a permission >> > thing. >> > I had the same problem. >> > >> > cat /var/log/mail.log |grep "status = 13" -A4 >> > >> > >> > >> > On Fri, Jan 20, 2017 at 10:18 AM, Marcelo Machado >> > wrote: >> >> >> >> Hi everyone. >> >> >> >> Many users of my domain are receiving the message below and the >> >> original message is lost: >> >> >> >> MailScanner was attacked by a Denial Of Service attack, and has >> >> therefore deleted this part of the message. Please contact your e-mail >> >> providers for more information if you need it, giving them the whole >> >> of this report. Attack in: >> >> >> >> /var/spool/MailScanner/incoming/5106/5B02C7C002C8.A3986/nmsg-5106-92.html >> >> >> >> In log mail.log the correspondent error is: >> >> >> >> "Content Checks: Detected and have disarmed KILLED tags in HTML message >> >> in" >> >> >> >> Anyone can help me? >> >> >> >> >> >> Marcelo Gomes >> >> >> >> >> >> -- >> >> MailScanner mailing list >> >> mailscanner at lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> > >> > >> > >> > >> > -- >> > MailScanner mailing list >> > mailscanner at lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From jason at geeknocity.com Sat Jan 21 16:12:03 2017 From: jason at geeknocity.com (Jason Waters) Date: Sat, 21 Jan 2017 11:12:03 -0500 Subject: Denial Of Service attack In-Reply-To: References: Message-ID: What does ls -l /var/spool/MailScanner On Jan 21, 2017 10:24 AM, "Marcelo Machado" wrote: > I've tried several combinations but I still keep the same error. > > What are the correct settings and permissions? > > Marcelo > > 2017-01-20 15:21 GMT-02:00 Jason Waters : > > I had a couple things wrong. I had some of the user/group settings in > > MailScanner.conf wrong, and then I needed to set the permissions on > > /var/spool/MailScanner correctly. > > > > On Fri, Jan 20, 2017 at 11:21 AM, Marcelo Machado > > wrote: > >> > >> Yes. So many lines with this message. > >> > >> And how did you resolv this issue? > >> > >> 2017-01-20 13:29 GMT-02:00 Jason Waters : > >> > Search your logs and see if it says status = 13, that is a permission > >> > thing. > >> > I had the same problem. > >> > > >> > cat /var/log/mail.log |grep "status = 13" -A4 > >> > > >> > > >> > > >> > On Fri, Jan 20, 2017 at 10:18 AM, Marcelo Machado > > >> > wrote: > >> >> > >> >> Hi everyone. > >> >> > >> >> Many users of my domain are receiving the message below and the > >> >> original message is lost: > >> >> > >> >> MailScanner was attacked by a Denial Of Service attack, and has > >> >> therefore deleted this part of the message. Please contact your > e-mail > >> >> providers for more information if you need it, giving them the whole > >> >> of this report. Attack in: > >> >> > >> >> /var/spool/MailScanner/incoming/5106/5B02C7C002C8. > A3986/nmsg-5106-92.html > >> >> > >> >> In log mail.log the correspondent error is: > >> >> > >> >> "Content Checks: Detected and have disarmed KILLED tags in HTML > message > >> >> in" > >> >> > >> >> Anyone can help me? > >> >> > >> >> > >> >> Marcelo Gomes > >> >> > >> >> > >> >> -- > >> >> MailScanner mailing list > >> >> mailscanner at lists.mailscanner.info > >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> >> > >> > > >> > > >> > > >> > > >> > -- > >> > MailScanner mailing list > >> > mailscanner at lists.mailscanner.info > >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > > >> > > >> > >> > >> -- > >> MailScanner mailing list > >> mailscanner at lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > > > > > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmgomess at gmail.com Sat Jan 21 16:52:15 2017 From: mmgomess at gmail.com (Marcelo Machado) Date: Sat, 21 Jan 2017 14:52:15 -0200 Subject: Denial Of Service attack In-Reply-To: References: Message-ID: ls -l /var/spool/MailScanner/ total 16 drwxrwxr-x 2 mail mtagroup 4096 Dec 27 15:08 archive drwxrwx--- 24 clamav mtagroup 4096 Jan 21 14:49 incoming drwxrwxr-x 20 clamav mtagroup 4096 Jan 21 01:27 quarantine drwx------ 2 postfix postfix 4096 Jan 21 14:31 spamassassin and my mtagroup - mtagroup:x:1001:clamav,postfix,mail 2017-01-21 14:12 GMT-02:00 Jason Waters : > What does ls -l /var/spool/MailScanner > > On Jan 21, 2017 10:24 AM, "Marcelo Machado" wrote: >> >> I've tried several combinations but I still keep the same error. >> >> What are the correct settings and permissions? >> >> Marcelo >> >> 2017-01-20 15:21 GMT-02:00 Jason Waters : >> > I had a couple things wrong. I had some of the user/group settings in >> > MailScanner.conf wrong, and then I needed to set the permissions on >> > /var/spool/MailScanner correctly. >> > >> > On Fri, Jan 20, 2017 at 11:21 AM, Marcelo Machado >> > wrote: >> >> >> >> Yes. So many lines with this message. >> >> >> >> And how did you resolv this issue? >> >> >> >> 2017-01-20 13:29 GMT-02:00 Jason Waters : >> >> > Search your logs and see if it says status = 13, that is a permission >> >> > thing. >> >> > I had the same problem. >> >> > >> >> > cat /var/log/mail.log |grep "status = 13" -A4 >> >> > >> >> > >> >> > >> >> > On Fri, Jan 20, 2017 at 10:18 AM, Marcelo Machado >> >> > >> >> > wrote: >> >> >> >> >> >> Hi everyone. >> >> >> >> >> >> Many users of my domain are receiving the message below and the >> >> >> original message is lost: >> >> >> >> >> >> MailScanner was attacked by a Denial Of Service attack, and has >> >> >> therefore deleted this part of the message. Please contact your >> >> >> e-mail >> >> >> providers for more information if you need it, giving them the whole >> >> >> of this report. Attack in: >> >> >> >> >> >> >> >> >> /var/spool/MailScanner/incoming/5106/5B02C7C002C8.A3986/nmsg-5106-92.html >> >> >> >> >> >> In log mail.log the correspondent error is: >> >> >> >> >> >> "Content Checks: Detected and have disarmed KILLED tags in HTML >> >> >> message >> >> >> in" >> >> >> >> >> >> Anyone can help me? >> >> >> >> >> >> >> >> >> Marcelo Gomes >> >> >> >> >> >> >> >> >> -- >> >> >> MailScanner mailing list >> >> >> mailscanner at lists.mailscanner.info >> >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> >> >> > >> >> > >> >> > >> >> > >> >> > -- >> >> > MailScanner mailing list >> >> > mailscanner at lists.mailscanner.info >> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > >> >> > >> >> >> >> >> >> -- >> >> MailScanner mailing list >> >> mailscanner at lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> > >> > >> > >> > >> > -- >> > MailScanner mailing list >> > mailscanner at lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From jason at geeknocity.com Sat Jan 21 17:05:25 2017 From: jason at geeknocity.com (Jason Waters) Date: Sat, 21 Jan 2017 12:05:25 -0500 Subject: Denial Of Service attack In-Reply-To: References: Message-ID: Try setting all of that to postfix:postfix recursively, restart and then see. My guess if you have things wrong in the conf file. What are all you user settings in MailScanner.conf On Jan 21, 2017 11:52 AM, "Marcelo Machado" wrote: > ls -l /var/spool/MailScanner/ > total 16 > drwxrwxr-x 2 mail mtagroup 4096 Dec 27 15:08 archive > drwxrwx--- 24 clamav mtagroup 4096 Jan 21 14:49 incoming > drwxrwxr-x 20 clamav mtagroup 4096 Jan 21 01:27 quarantine > drwx------ 2 postfix postfix 4096 Jan 21 14:31 spamassassin > > and my mtagroup - mtagroup:x:1001:clamav,postfix,mail > > 2017-01-21 14:12 GMT-02:00 Jason Waters : > > What does ls -l /var/spool/MailScanner > > > > On Jan 21, 2017 10:24 AM, "Marcelo Machado" wrote: > >> > >> I've tried several combinations but I still keep the same error. > >> > >> What are the correct settings and permissions? > >> > >> Marcelo > >> > >> 2017-01-20 15:21 GMT-02:00 Jason Waters : > >> > I had a couple things wrong. I had some of the user/group settings in > >> > MailScanner.conf wrong, and then I needed to set the permissions on > >> > /var/spool/MailScanner correctly. > >> > > >> > On Fri, Jan 20, 2017 at 11:21 AM, Marcelo Machado > > >> > wrote: > >> >> > >> >> Yes. So many lines with this message. > >> >> > >> >> And how did you resolv this issue? > >> >> > >> >> 2017-01-20 13:29 GMT-02:00 Jason Waters : > >> >> > Search your logs and see if it says status = 13, that is a > permission > >> >> > thing. > >> >> > I had the same problem. > >> >> > > >> >> > cat /var/log/mail.log |grep "status = 13" -A4 > >> >> > > >> >> > > >> >> > > >> >> > On Fri, Jan 20, 2017 at 10:18 AM, Marcelo Machado > >> >> > > >> >> > wrote: > >> >> >> > >> >> >> Hi everyone. > >> >> >> > >> >> >> Many users of my domain are receiving the message below and the > >> >> >> original message is lost: > >> >> >> > >> >> >> MailScanner was attacked by a Denial Of Service attack, and has > >> >> >> therefore deleted this part of the message. Please contact your > >> >> >> e-mail > >> >> >> providers for more information if you need it, giving them the > whole > >> >> >> of this report. Attack in: > >> >> >> > >> >> >> > >> >> >> /var/spool/MailScanner/incoming/5106/5B02C7C002C8. > A3986/nmsg-5106-92.html > >> >> >> > >> >> >> In log mail.log the correspondent error is: > >> >> >> > >> >> >> "Content Checks: Detected and have disarmed KILLED tags in HTML > >> >> >> message > >> >> >> in" > >> >> >> > >> >> >> Anyone can help me? > >> >> >> > >> >> >> > >> >> >> Marcelo Gomes > >> >> >> > >> >> >> > >> >> >> -- > >> >> >> MailScanner mailing list > >> >> >> mailscanner at lists.mailscanner.info > >> >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> >> >> > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > -- > >> >> > MailScanner mailing list > >> >> > mailscanner at lists.mailscanner.info > >> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> >> > > >> >> > > >> >> > >> >> > >> >> -- > >> >> MailScanner mailing list > >> >> mailscanner at lists.mailscanner.info > >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> >> > >> > > >> > > >> > > >> > > >> > -- > >> > MailScanner mailing list > >> > mailscanner at lists.mailscanner.info > >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > > >> > > >> > >> > >> -- > >> MailScanner mailing list > >> mailscanner at lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > > > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmgomess at gmail.com Sun Jan 22 17:42:14 2017 From: mmgomess at gmail.com (Marcelo Machado) Date: Sun, 22 Jan 2017 15:42:14 -0200 Subject: Denial Of Service attack In-Reply-To: References: Message-ID: What?s wrong? Run As User = postfix Run As Group = mtagroup Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming MTA = postfix Incoming Work Group = mtagroup Incoming Work Permissions = 0660 Below mtagroup in /etc/group mtagroup:x:1001:clamav,postfix,mail 2017-01-21 15:05 GMT-02:00 Jason Waters : > Try setting all of that to postfix:postfix recursively, restart and then > see. My guess if you have things wrong in the conf file. What are all you > user settings in MailScanner.conf > > On Jan 21, 2017 11:52 AM, "Marcelo Machado" wrote: >> >> ls -l /var/spool/MailScanner/ >> total 16 >> drwxrwxr-x 2 mail mtagroup 4096 Dec 27 15:08 archive >> drwxrwx--- 24 clamav mtagroup 4096 Jan 21 14:49 incoming >> drwxrwxr-x 20 clamav mtagroup 4096 Jan 21 01:27 quarantine >> drwx------ 2 postfix postfix 4096 Jan 21 14:31 spamassassin >> >> and my mtagroup - mtagroup:x:1001:clamav,postfix,mail >> >> 2017-01-21 14:12 GMT-02:00 Jason Waters : >> > What does ls -l /var/spool/MailScanner >> > >> > On Jan 21, 2017 10:24 AM, "Marcelo Machado" wrote: >> >> >> >> I've tried several combinations but I still keep the same error. >> >> >> >> What are the correct settings and permissions? >> >> >> >> Marcelo >> >> >> >> 2017-01-20 15:21 GMT-02:00 Jason Waters : >> >> > I had a couple things wrong. I had some of the user/group settings >> >> > in >> >> > MailScanner.conf wrong, and then I needed to set the permissions on >> >> > /var/spool/MailScanner correctly. >> >> > >> >> > On Fri, Jan 20, 2017 at 11:21 AM, Marcelo Machado >> >> > >> >> > wrote: >> >> >> >> >> >> Yes. So many lines with this message. >> >> >> >> >> >> And how did you resolv this issue? >> >> >> >> >> >> 2017-01-20 13:29 GMT-02:00 Jason Waters : >> >> >> > Search your logs and see if it says status = 13, that is a >> >> >> > permission >> >> >> > thing. >> >> >> > I had the same problem. >> >> >> > >> >> >> > cat /var/log/mail.log |grep "status = 13" -A4 >> >> >> > >> >> >> > >> >> >> > >> >> >> > On Fri, Jan 20, 2017 at 10:18 AM, Marcelo Machado >> >> >> > >> >> >> > wrote: >> >> >> >> >> >> >> >> Hi everyone. >> >> >> >> >> >> >> >> Many users of my domain are receiving the message below and the >> >> >> >> original message is lost: >> >> >> >> >> >> >> >> MailScanner was attacked by a Denial Of Service attack, and has >> >> >> >> therefore deleted this part of the message. Please contact your >> >> >> >> e-mail >> >> >> >> providers for more information if you need it, giving them the >> >> >> >> whole >> >> >> >> of this report. Attack in: >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> /var/spool/MailScanner/incoming/5106/5B02C7C002C8.A3986/nmsg-5106-92.html >> >> >> >> >> >> >> >> In log mail.log the correspondent error is: >> >> >> >> >> >> >> >> "Content Checks: Detected and have disarmed KILLED tags in HTML >> >> >> >> message >> >> >> >> in" >> >> >> >> >> >> >> >> Anyone can help me? >> >> >> >> >> >> >> >> >> >> >> >> Marcelo Gomes >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> >> MailScanner mailing list >> >> >> >> mailscanner at lists.mailscanner.info >> >> >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> >> >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > -- >> >> >> > MailScanner mailing list >> >> >> > mailscanner at lists.mailscanner.info >> >> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> > >> >> >> > >> >> >> >> >> >> >> >> >> -- >> >> >> MailScanner mailing list >> >> >> mailscanner at lists.mailscanner.info >> >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> >> >> > >> >> > >> >> > >> >> > >> >> > -- >> >> > MailScanner mailing list >> >> > mailscanner at lists.mailscanner.info >> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > >> >> > >> >> >> >> >> >> -- >> >> MailScanner mailing list >> >> mailscanner at lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> > >> > >> > >> > -- >> > MailScanner mailing list >> > mailscanner at lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From mark at msapiro.net Sun Jan 22 17:59:22 2017 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 22 Jan 2017 09:59:22 -0800 Subject: Denial Of Service attack In-Reply-To: References: Message-ID: On 01/22/2017 09:42 AM, Marcelo Machado wrote: > What?s wrong? > > Run As User = postfix > Run As Group = mtagroup > Incoming Queue Dir = /var/spool/postfix/hold > Outgoing Queue Dir = /var/spool/postfix/incoming > MTA = postfix > Incoming Work Group = mtagroup > Incoming Work Permissions = 0660 > > Below mtagroup in /etc/group > mtagroup:x:1001:clamav,postfix,mail Possibly the issue is a security manager (SELinix, apparmor, etc.) policy. If you are running any security manager, you might try temporarily disabling it or setting it to report only to see if that helps. If so, you will have to figure out how to modify its configuration to allow what's being denied. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mmgomess at gmail.com Sun Jan 22 18:32:50 2017 From: mmgomess at gmail.com (Marcelo Machado) Date: Sun, 22 Jan 2017 16:32:50 -0200 Subject: Denial Of Service attack In-Reply-To: References: Message-ID: Thanks Jason and Mark. I work with some Ubuntu servers with MailScanner installed and I noticed right now that this error does not occur in version 14.04, but only in version 16.04. 2017-01-22 15:59 GMT-02:00 Mark Sapiro : > On 01/22/2017 09:42 AM, Marcelo Machado wrote: >> What?s wrong? >> >> Run As User = postfix >> Run As Group = mtagroup >> Incoming Queue Dir = /var/spool/postfix/hold >> Outgoing Queue Dir = /var/spool/postfix/incoming >> MTA = postfix >> Incoming Work Group = mtagroup >> Incoming Work Permissions = 0660 >> >> Below mtagroup in /etc/group >> mtagroup:x:1001:clamav,postfix,mail > > > Possibly the issue is a security manager (SELinix, apparmor, etc.) > policy. If you are running any security manager, you might try > temporarily disabling it or setting it to report only to see if that > helps. If so, you will have to figure out how to modify its > configuration to allow what's being denied. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > From mark at msapiro.net Sun Jan 22 18:40:15 2017 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 22 Jan 2017 10:40:15 -0800 Subject: Denial Of Service attack In-Reply-To: References: Message-ID: <3c5edc49-0b25-dda7-e7e4-6d7329716c1c@msapiro.net> On 01/22/2017 10:32 AM, Marcelo Machado wrote: > > I work with some Ubuntu servers with MailScanner installed and I > noticed right now that this error does not occur in version 14.04, but > only in version 16.04. Which makes it likely that the issue is with apparmor. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From glenn.steen at gmail.com Mon Jan 23 09:43:08 2017 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon, 23 Jan 2017 10:43:08 +0100 Subject: Denial Of Service attack In-Reply-To: References: <3c5edc49-0b25-dda7-e7e4-6d7329716c1c@msapiro.net> Message-ID: Actually, unless the OP has done something to the user/group setup, this is simply a case of malconfihuration...:-) Looking at my 16.04 install, postfix runs as user postfix with group postfix, and I wouldn't even hazard a guess at whst clamd is running as... These things should be checked, and the MS config made to comply (use ps to learn more:), and fix any errors with chown (with MS/postfix shut down)... After that, things should start working;-) Cheers -- -- Glenn Den 22 jan. 2017 7:40 em skrev "Mark Sapiro" : On 01/22/2017 10:32 AM, Marcelo Machado wrote: > > I work with some Ubuntu servers with MailScanner installed and I > noticed right now that this error does not occur in version 14.04, but > only in version 16.04. Which makes it likely that the issue is with apparmor. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmgomess at gmail.com Mon Jan 23 09:59:13 2017 From: mmgomess at gmail.com (Marcelo Machado) Date: Mon, 23 Jan 2017 07:59:13 -0200 Subject: Denial Of Service attack In-Reply-To: <3c5edc49-0b25-dda7-e7e4-6d7329716c1c@msapiro.net> References: <3c5edc49-0b25-dda7-e7e4-6d7329716c1c@msapiro.net> Message-ID: I uninstalled Apparmor, but the error is still showing up. "MailScanner[9604]: Content Checks: Detected and have disarmed KILLED tags in HTML message in DF4662615BF.A551A" 2017-01-22 16:40 GMT-02:00 Mark Sapiro : > On 01/22/2017 10:32 AM, Marcelo Machado wrote: >> >> I work with some Ubuntu servers with MailScanner installed and I >> noticed right now that this error does not occur in version 14.04, but >> only in version 16.04. > > > Which makes it likely that the issue is with apparmor. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > From jason at geeknocity.com Mon Jan 23 13:03:11 2017 From: jason at geeknocity.com (Jason Waters) Date: Mon, 23 Jan 2017 08:03:11 -0500 Subject: Denial Of Service attack In-Reply-To: References: <3c5edc49-0b25-dda7-e7e4-6d7329716c1c@msapiro.net> Message-ID: I think mine was Clamav that was screwing with permissions. I changed the LocalSocketGroup postfix and that seemed to keep the error away. And honestly, that didn't make a whole lot of sense. Since clamav was in the mtagroup. But it has been 3 weeks since the error 13 has been in my log. Jason On Mon, Jan 23, 2017 at 4:59 AM, Marcelo Machado wrote: > I uninstalled Apparmor, but the error is still showing up. > > "MailScanner[9604]: Content Checks: Detected and have disarmed KILLED > tags in HTML message in DF4662615BF.A551A" > > 2017-01-22 16:40 GMT-02:00 Mark Sapiro : > > On 01/22/2017 10:32 AM, Marcelo Machado wrote: > >> > >> I work with some Ubuntu servers with MailScanner installed and I > >> noticed right now that this error does not occur in version 14.04, but > >> only in version 16.04. > > > > > > Which makes it likely that the issue is with apparmor. > > > > -- > > Mark Sapiro The highway is for gamblers, > > San Francisco Bay Area, California better use your sense - B. Dylan > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From glenn.steen at gmail.com Tue Jan 24 10:51:20 2017 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue, 24 Jan 2017 11:51:20 +0100 Subject: Denial Of Service attack In-Reply-To: References: <3c5edc49-0b25-dda7-e7e4-6d7329716c1c@msapiro.net> Message-ID: Marcelo, Could you please check the following: ps -ef |egrep "postfix|clamd" depending on the result, check the user running postfix and clamd with something like: id postfix id clamav change the users as needed/found in the ps listing. This will show what your MailScanner.conf settings need be for both clamd and postfix to be able to access the incoming work directory. The theory is quite simple, just set the user to the one needed by the postfix processes, and the group to match the clamd one. Now, stop Mailscanner the ususal way, and use chown to change the actual ownership on the actual files&directories. Something like chown -R postfix.clamscan /var/spool/MailScanner/incoming (adjust as neede, of course) Start Mailscanner the usual way, and try sending a messege through... Other things to check: The permissions on the SpamAssassin directory (either you use the ~postfix/.spamassassin, or /var/spool/MailScanner/spamassassin ... or both... it all depends...:)) Permissions on the quarantine directory Permissions on the configuration files (remember that MailScanner has to run as the postfix user, so all tests, like debugging and linting need be done as that user! "su - postfix -s /bin/bash" is your friend... You might need do a "sudo -i " first;-)). Cheers! -- -- Glenn 2017-01-23 10:43 GMT+01:00 Glenn Steen : > Actually, unless the OP has done something to the user/group setup, this > is simply a case of malconfihuration...:-) > > Looking at my 16.04 install, postfix runs as user postfix with group > postfix, and I wouldn't even hazard a guess at whst clamd is running as... > These things should be checked, and the MS config made to comply (use ps to > learn more:), and fix any errors with chown (with MS/postfix shut down)... > After that, things should start working;-) > > Cheers > -- > -- Glenn > > Den 22 jan. 2017 7:40 em skrev "Mark Sapiro" : > > On 01/22/2017 10:32 AM, Marcelo Machado wrote: > > > > I work with some Ubuntu servers with MailScanner installed and I > > noticed right now that this error does not occur in version 14.04, but > > only in version 16.04. > > > Which makes it likely that the issue is with apparmor. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: From glenn.steen at gmail.com Tue Jan 24 11:49:49 2017 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue, 24 Jan 2017 12:49:49 +0100 Subject: Relay access denied In-Reply-To: References: <409383972.2283.1484346370296.JavaMail.root@xeams> Message-ID: Why would you want this? In effect you'd defeat the whole purpose of the mynetworks setting, and with that the builtin relay security model in postfix... Not desirable at all;-). Cheerrs! -- -- Glenn 2017-01-13 23:34 GMT+01:00 Peter Lemieux : > If mail is coming from all over the Internet to your host, setting > > mynetworks = 0.0.0.0/0 > > in main.cf works as well. Many modern distributions like Ubuntu have > only 127.0.0.1 and similar local addresses in the mynetworks field by > default. > > I recommend reading http://www.postfix.org/SMTPD_ACCESS_README.html for a > comprehensive overview of how Postfix handles incoming mail. > > Peter > > > On 01/13/2017 05:30 PM, Danita Zanre wrote: > >> Ah! See, something simple! Because this was all coming from ?localhost? >> it >> was working - I think I know now! >> >> Let me work on that. >> >> >> >> *Danita Zanr?*, /Move Out of the Office/ >> I love my job, and you can too! >> Tel: (720) 319-7530 - Caledonia Network Consulting >> Tel: (720) 319-8240 - Move Out of the Office >> >> >> On January 13, 2017 at 4:32:33 PM, Shawn Iverson >> (iversons at rushville.k12.in.us ) >> wrote: >> >> I don't see a relay_domains definition in your config >>> >>> relay_domains = hash:/etc/postfix/transport >>> >>> On Fri, Jan 13, 2017 at 5:21 PM, Danita Zanre >> > wrote: >>> >>> so, for example, >>> >>> caledonia.net smtp:192.223.10.61 >>> >>> >>> And it works fine until we have mail coming directly to the >>> mailscanner server. >>> >>> >>> Full disclosure: >>> >>> >>> We have a xeams server that we are replacing. It and mailscanner are >>> on the same box. So, during the switchover, mail has been coming to >>> the xeams server, it has been set to not scan anything, and then it >>> relays to 127.0.0.1 for postfix to pick it up. I did it this way, >>> because we have multiple domain names, and I was switching them over >>> one at a time to make sure there were no problems. Xeams continued >>> to >>> scan for zanre.com , for example, and passed mail >>> for caledonia.net unscanned to >>> postix/mailscanner via localhost. >>> >>> >>> So, if I set postfix to listen on all interfaces and turn the xeams >>> server off, nothing has really changed except the mail is hitting >>> postfix first. I also have postscreen on in ?ignore? mode until I >>> can >>> make sure that everything else works, and then I had intended to set >>> postscreen to ?enable?. >>> >>> >>> Thanks >>> >>> >>> *Danita Zanr?*, /Move Out of the Office/ >>> I love my job, and you can too! >>> Tel: (720) 319-7530 - Caledonia Network >>> Consulting >>> Tel: (720) 319-8240 - Move Out of the Office >>> >>> >>> On January 13, 2017 at 4:15:33 PM, Shawn Iverson >>> (iversons at rushville.k12.in.us ) >>> wrote: >>> >>> What's in your transport maps? >>>> >>>> On Fri, Jan 13, 2017 at 5:00 PM, Danita Zanre >>> > wrote: >>>> >>>> Sorry - this is a dumb postfix question I?m sure - it?s been >>>> awhile! >>>> >>>> In setting up my system, I had my mailscanner server behind our >>>> existing anti-spam server so that I could test it. So, >>>> everything was coming from the existing anti-spam server as a >>>> front-end relay server. Working perfectly, but now I?m ready to >>>> move forward. >>>> >>>> But when I redirect mail to come directly to the new mailscanner >>>> server, everything says Relay access denied. >>>> >>>> So, for some reason, postfix is ONLY accepting mail from the >>>> relay server. Here?s what is in main.cf - >>>> please tell me what silly thing I?ve overlooked! I?ve togged >>>> the >>>> sender_restrictions on and off thinking something was in there. >>>> >>>> Thanks >>>> >>>> inet_protocols = all >>>> >>>> biff = no >>>> >>>> mail_spool_directory = /var/mail >>>> >>>> canonical_maps = hash:/etc/postfix/canonical >>>> >>>> virtual_alias_maps = hash:/etc/postfix/virtual >>>> >>>> virtual_alias_domains = hash:/etc/postfix/virtual >>>> >>>> relocated_maps = hash:/etc/postfix/relocated >>>> >>>> transport_maps = hash:/etc/postfix/transport >>>> >>>> sender_canonical_maps = hash:/etc/postfix/sender_canonical >>>> >>>> masquerade_exceptions = root >>>> >>>> masquerade_classes = envelope_sender, header_sender, >>>> header_recipient >>>> >>>> myhostname = iris.caledonia.net >>>> >>>> >>>> delay_warning_time = 1h >>>> >>>> message_strip_characters = \0 >>>> >>>> #inet_interfaces = localhost >>>> >>>> inet_interfaces = all >>>> >>>> masquerade_domains = >>>> >>>> mydestination = $myhostname, localhost.$mydomain >>>> >>>> defer_transports = >>>> >>>> mynetworks_style = subnet >>>> >>>> disable_dns_lookups = no >>>> >>>> relayhost = >>>> >>>> mailbox_command = >>>> >>>> mailbox_transport = >>>> >>>> strict_8bitmime = no >>>> >>>> disable_mime_output_conversion = no >>>> >>>> #smtpd_sender_restrictions = hash:/etc/postfix/access >>>> >>>> smtpd_client_restrictions = >>>> >>>> smtpd_helo_required = no >>>> >>>> smtpd_helo_restrictions = >>>> >>>> strict_rfc821_envelopes = no >>>> >>>> smtpd_recipient_restrictions = >>>> permit_mynetworks,reject_unauth_destination,reject_unknown_ >>>> recipient_domain,reject_unverified_recipient,reject_ >>>> unauth_pipelining,permit_auth_destination,reject >>>> >>>> smtp_sasl_auth_enable = no >>>> >>>> smtpd_sasl_auth_enable = no >>>> >>>> smtpd_use_tls = no >>>> >>>> smtp_use_tls = no >>>> >>>> smtp_enforce_tls = no >>>> >>>> alias_maps = hash:/etc/aliases >>>> >>>> mailbox_size_limit = 0 >>>> >>>> message_size_limit = 91820000 >>>> >>>> default_process_limit = 100 >>>> >>>> >>>> postscreen_access_list = permit_mynetworks, >>>> cidr:/etc/postfix/postscreen_access.cidr >>>> >>>> postscreen_greet_action = ignore >>>> >>>> >>>> >>>> *Danita Zanr?*, /Move Out of the Office/ >>>> I love my job, and you can too! >>>> Tel: (720) 319-7530 - Caledonia Network >>>> Consulting >>>> Tel: (720) 319-8240 - Move Out of the >>>> Office >>>> >>>> >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner at lists.mailscanner.info >>>> >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> Shawn Iverson >>>> Director of Technology >>>> Rush County Schools >>>> 765-932-3901 x271 >>>> iversons at rushville.k12.in.us >>>> >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by *Iris MailScanner* >>> >, >>>> and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner at lists.mailscanner.info >>>> >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> >>>> >>> >>> >>> -- >>> Shawn Iverson >>> Director of Technology >>> Rush County Schools >>> 765-932-3901 x271 >>> iversons at rushville.k12.in.us >>> >>> >>> ------------------------------------------------------ >>> Powered by Xeams. Visit xeams.com for more information >>> ------------------------------------------------------ >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by *Iris MailScanner* , >>> and is >>> believed to be clean. >>> >> >> >> >> >> > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: From Eoin.Kim at rcst.com.au Wed Jan 25 02:38:42 2017 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Wed, 25 Jan 2017 02:38:42 +0000 Subject: [Question] RE: sending warning message Message-ID: <5aa6245215a24dca9d9990b3159e10c2@rcst.com.au> Hi all, I am having a bit of trouble with configuring MailScanner regarding the notification. To be clear, my planned scenario is: 1. Sending email from my company to the Internet with a bad attachment - sender (company user) receives a warning message, recipient doesn't. 2. Sending email from the Internet to my company with a bad attachment - recipient (company user) receives a warning message, sender doesn't. So, what I have configured is: Notify Senders = %rules-dir%/notify_senders.rules Notify Senders Of Viruses = yes Notify Senders Of Blocked Filenames Or Filetypes = yes Notify Senders Of Blocked Size Attachments = yes Notify Senders Of Other Blocked Content = yes And the notify_senders.rules is: From: a.b.c.d yes FromOrTo: default no a.b.c.d is the IP address of our mail server. Now, what is happening is: 1. Sending email from my company to the Internet with a bad attachment - sender and recipient both receive a warning message. 2. Sending email from the Internet to my company - recipient (company user) receives a warning message, sender doesn't. So, my scenario #1 is not working at the moment. Is there anything I am missing or I have to add on? I would appreciate your help in advance. Eoin Kim Systems Administrator RCS Telecommunications Level 1, 133 Mary Street Brisbane, QLD, 4000 Office: 07 3228 0843 Mobile: 0419 726 231 Email: eoin.kim at rcst.com.au [RCST logo drop shadow] -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 3384 bytes Desc: image001.jpg URL: From mark at msapiro.net Wed Jan 25 03:28:23 2017 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 24 Jan 2017 19:28:23 -0800 Subject: [Question] RE: sending warning message In-Reply-To: <5aa6245215a24dca9d9990b3159e10c2@rcst.com.au> References: <5aa6245215a24dca9d9990b3159e10c2@rcst.com.au> Message-ID: <4581e2fa-66e4-c358-1dee-49f05f4a8c0a@msapiro.net> On 01/24/2017 06:38 PM, Eoin Kim wrote: > > I am having a bit of trouble with configuring MailScanner regarding the > notification. To be clear, my planned scenario is: > > 1. Sending email from my company to the Internet with a bad > attachment ? sender (company user) receives a warning message, recipient > doesn?t. What do you mean by the recipient doesn't receive a warning. Are you referring to the warning in the message that the attachment has been removed? It seems so. > 2. Sending email from the Internet to my company with a bad > attachment ? recipient (company user) receives a warning message, sender > doesn?t. ... > And the notify_senders.rules is: > > From: a.b.c.d yes > > FromOrTo: default no > > > > a.b.c.d is the IP address of our mail server. Now, what is happening is: > > 1. Sending email from my company to the Internet with a bad > attachment ? sender and recipient both receive a warning message. The sender receives a separate warning message because of your From: a.b.c.d yes notify senders rule. The recipient receives (I think) the message with the attachment replaced by a warning and no other message. If this is what you are seeing, this is the expected behavior What do you want to happen in this case. If you want the message to be sent without modification by MailScanner, you need a "Scan Messages" rule set with From: a.b.c.d no to not scan outgoing messages. If you want something else like, e.g., the attachment to be silently removed without any indication that this was done, you might be able to partially accomplish this with an "Attachment Warning Filename" ruleset with From: a.b.c.d /dev/null but I think that silently removing parts of a message is not a good idea. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From Eoin.Kim at rcst.com.au Wed Jan 25 03:54:44 2017 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Wed, 25 Jan 2017 03:54:44 +0000 Subject: [Question] RE: sending warning message In-Reply-To: <4581e2fa-66e4-c358-1dee-49f05f4a8c0a@msapiro.net> References: <5aa6245215a24dca9d9990b3159e10c2@rcst.com.au> <4581e2fa-66e4-c358-1dee-49f05f4a8c0a@msapiro.net> Message-ID: Hello Mark, Thanks for your message. Yes, you are right. At the moment, the receiver gets an email with an attachment (%org-name%-Attachment-Warning.txt). What I want to achieve is sending the message to the sender only because it's a sender's fault (e.g. double extension filename). So, it's a bit difficult to explain with my limited English but for example, when a company user sends an email with double extension filename attachment, then: MailScanner: hey, you are doing a bad thing (to sender) MailScanner: hey, he is doing a bad thing to you (to receiver) So, I don't want the second thing to happen. Is it possible? Thanks. Eoin -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+eoin.kim=rcst.com.au at lists.mailscanner.info] On Behalf Of Mark Sapiro Sent: Wednesday, 25 January 2017 1:28 PM To: mailscanner at lists.mailscanner.info Subject: Re: [Question] RE: sending warning message On 01/24/2017 06:38 PM, Eoin Kim wrote: > > I am having a bit of trouble with configuring MailScanner regarding > the notification. To be clear, my planned scenario is: > > 1. Sending email from my company to the Internet with a bad > attachment - sender (company user) receives a warning message, > recipient doesn't. What do you mean by the recipient doesn't receive a warning. Are you referring to the warning in the message that the attachment has been removed? It seems so. > 2. Sending email from the Internet to my company with a bad > attachment - recipient (company user) receives a warning message, > sender doesn't. ... > And the notify_senders.rules is: > > From: a.b.c.d yes > > FromOrTo: default no > > > > a.b.c.d is the IP address of our mail server. Now, what is happening is: > > 1. Sending email from my company to the Internet with a bad > attachment - sender and recipient both receive a warning message. The sender receives a separate warning message because of your From: a.b.c.d yes notify senders rule. The recipient receives (I think) the message with the attachment replaced by a warning and no other message. If this is what you are seeing, this is the expected behavior What do you want to happen in this case. If you want the message to be sent without modification by MailScanner, you need a "Scan Messages" rule set with From: a.b.c.d no to not scan outgoing messages. If you want something else like, e.g., the attachment to be silently removed without any indication that this was done, you might be able to partially accomplish this with an "Attachment Warning Filename" ruleset with From: a.b.c.d /dev/null but I think that silently removing parts of a message is not a good idea. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From mark at msapiro.net Wed Jan 25 04:12:49 2017 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 24 Jan 2017 20:12:49 -0800 Subject: [Question] RE: sending warning message In-Reply-To: References: <5aa6245215a24dca9d9990b3159e10c2@rcst.com.au> <4581e2fa-66e4-c358-1dee-49f05f4a8c0a@msapiro.net> Message-ID: <3ccb596f-c3ba-9fa4-4863-0a093efb9ccc@msapiro.net> On 01/24/2017 07:54 PM, Eoin Kim wrote: > > Thanks for your message. Yes, you are right. At the moment, the receiver gets an email with an attachment (%org-name%-Attachment-Warning.txt). What I want to achieve is sending the message to the sender only because it's a sender's fault (e.g. double extension filename). So, it's a bit difficult to explain with my limited English but for example, when a company user sends an email with double extension filename attachment, then: > > MailScanner: hey, you are doing a bad thing (to sender) > MailScanner: hey, he is doing a bad thing to you (to receiver) > > So, I don't want the second thing to happen. Is it possible? Thanks. What do you want the recipient to get? 1) A message as sent by the sender with no alteration. 2) A message with the attachment removed with no indication or explanation of that 3) Nothing at all. I'm not really sure if any of those options can be accomplished. My previous suggestion to use a Scan Messages rule set to not scan outbound mail will accomplish 1), but won't notify the sender. In any case, once you clarify what you want the recipient to receive if anything, I'll think about ways to accomplish it. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From Eoin.Kim at rcst.com.au Wed Jan 25 04:22:33 2017 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Wed, 25 Jan 2017 04:22:33 +0000 Subject: [Question] RE: sending warning message In-Reply-To: <3ccb596f-c3ba-9fa4-4863-0a093efb9ccc@msapiro.net> References: <5aa6245215a24dca9d9990b3159e10c2@rcst.com.au> <4581e2fa-66e4-c358-1dee-49f05f4a8c0a@msapiro.net> <3ccb596f-c3ba-9fa4-4863-0a093efb9ccc@msapiro.net> Message-ID: <8f972cec6cb2492ba6b1d0493e2bbb9f@rcst.com.au> Hello Mark, That is a good question indeed. - First option is definitely not desired. - Second option looks okay but I guess the other way (From the Internet to my company) will be affected as well. I mean it will affect my scenario #2. - Third option means dropping the email without any notification? It is a good question but very hard to determine. Let me think about it. Thanks a lot. Eoin -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+eoin.kim=rcst.com.au at lists.mailscanner.info] On Behalf Of Mark Sapiro Sent: Wednesday, 25 January 2017 2:13 PM To: MailScanner Discussion Subject: Re: [Question] RE: sending warning message On 01/24/2017 07:54 PM, Eoin Kim wrote: > > Thanks for your message. Yes, you are right. At the moment, the receiver gets an email with an attachment (%org-name%-Attachment-Warning.txt). What I want to achieve is sending the message to the sender only because it's a sender's fault (e.g. double extension filename). So, it's a bit difficult to explain with my limited English but for example, when a company user sends an email with double extension filename attachment, then: > > MailScanner: hey, you are doing a bad thing (to sender) > MailScanner: hey, he is doing a bad thing to you (to receiver) > > So, I don't want the second thing to happen. Is it possible? Thanks. What do you want the recipient to get? 1) A message as sent by the sender with no alteration. 2) A message with the attachment removed with no indication or explanation of that 3) Nothing at all. I'm not really sure if any of those options can be accomplished. My previous suggestion to use a Scan Messages rule set to not scan outbound mail will accomplish 1), but won't notify the sender. In any case, once you clarify what you want the recipient to receive if anything, I'll think about ways to accomplish it. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From glenn.steen at gmail.com Wed Jan 25 09:12:41 2017 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed, 25 Jan 2017 10:12:41 +0100 Subject: [Question] RE: sending warning message In-Reply-To: <8f972cec6cb2492ba6b1d0493e2bbb9f@rcst.com.au> References: <5aa6245215a24dca9d9990b3159e10c2@rcst.com.au> <4581e2fa-66e4-c358-1dee-49f05f4a8c0a@msapiro.net> <3ccb596f-c3ba-9fa4-4863-0a093efb9ccc@msapiro.net> <8f972cec6cb2492ba6b1d0493e2bbb9f@rcst.com.au> Message-ID: Hello Eoin, Remeber that the handling of the recipient part, the FromOrTo thing in this case, only looks at the first recipient in multi-recipient mails. You need configure your mta (incoming, in case you use a multi-mta setup... For Postfix, the split will happen too late, in a single instance setup, so you need find/use my very old "two-instance-split-per/recipient" wiki article... if at all possible... or DIY;-)) to split incoming e-mails/recipient. Cheers! -- -- Glenn 2017-01-25 5:22 GMT+01:00 Eoin Kim : > Hello Mark, > > That is a good question indeed. > - First option is definitely not desired. > - Second option looks okay but I guess the other way (From the > Internet to my company) will be affected as well. I mean it will affect my > scenario #2. > - Third option means dropping the email without any notification? > > It is a good question but very hard to determine. Let me think about it. > Thanks a lot. > > Eoin > > -----Original Message----- > From: MailScanner [mailto:mailscanner-bounces+eoin.kim=rcst.com.au at lists. > mailscanner.info] On Behalf Of Mark Sapiro > Sent: Wednesday, 25 January 2017 2:13 PM > To: MailScanner Discussion > Subject: Re: [Question] RE: sending warning message > > On 01/24/2017 07:54 PM, Eoin Kim wrote: > > > > Thanks for your message. Yes, you are right. At the moment, the receiver > gets an email with an attachment (%org-name%-Attachment-Warning.txt). > What I want to achieve is sending the message to the sender only because > it's a sender's fault (e.g. double extension filename). So, it's a bit > difficult to explain with my limited English but for example, when a > company user sends an email with double extension filename attachment, then: > > > > MailScanner: hey, you are doing a bad thing (to sender) > > MailScanner: hey, he is doing a bad thing to you (to receiver) > > > > So, I don't want the second thing to happen. Is it possible? Thanks. > > > What do you want the recipient to get? > > 1) A message as sent by the sender with no alteration. > 2) A message with the attachment removed with no indication or explanation > of that > 3) Nothing at all. > > I'm not really sure if any of those options can be accomplished. My > previous suggestion to use a Scan Messages rule set to not scan outbound > mail will accomplish 1), but won't notify the sender. > > In any case, once you clarify what you want the recipient to receive if > anything, I'll think about ways to accomplish it. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: From Eoin.Kim at rcst.com.au Wed Jan 25 10:54:58 2017 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Wed, 25 Jan 2017 10:54:58 +0000 Subject: [Question] RE: sending warning message In-Reply-To: References: <5aa6245215a24dca9d9990b3159e10c2@rcst.com.au> <4581e2fa-66e4-c358-1dee-49f05f4a8c0a@msapiro.net> <3ccb596f-c3ba-9fa4-4863-0a093efb9ccc@msapiro.net> <8f972cec6cb2492ba6b1d0493e2bbb9f@rcst.com.au>, Message-ID: <7d26841542784f6ba49d3acb9d29adbd@rcst.com.au> Hey Glenn, Thanks. I have been thinking about this for almost the whole day but doesn't look easy at my skill level. I need more time to think. Cheers. Eoin Kim Systems Administrator RCS Telecommunications Level 1, 133 Mary Street Brisbane, QLD, 4000 Office: 07 3228 0843 Mobile: 0419 726 231 Email: eoin.kim at rcst.com.au ________________________________ From: MailScanner on behalf of Glenn Steen Sent: Wednesday, 25 January 2017 7:12 PM To: MailScanner Discussion Subject: Re: [Question] RE: sending warning message Hello Eoin, Remeber that the handling of the recipient part, the FromOrTo thing in this case, only looks at the first recipient in multi-recipient mails. You need configure your mta (incoming, in case you use a multi-mta setup... For Postfix, the split will happen too late, in a single instance setup, so you need find/use my very old "two-instance-split-per/recipient" wiki article... if at all possible... or DIY;-)) to split incoming e-mails/recipient. Cheers! -- -- Glenn 2017-01-25 5:22 GMT+01:00 Eoin Kim >: Hello Mark, That is a good question indeed. - First option is definitely not desired. - Second option looks okay but I guess the other way (From the Internet to my company) will be affected as well. I mean it will affect my scenario #2. - Third option means dropping the email without any notification? It is a good question but very hard to determine. Let me think about it. Thanks a lot. Eoin -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+eoin.kim=rcst.com.au at lists.mailscanner.info] On Behalf Of Mark Sapiro Sent: Wednesday, 25 January 2017 2:13 PM To: MailScanner Discussion > Subject: Re: [Question] RE: sending warning message On 01/24/2017 07:54 PM, Eoin Kim wrote: > > Thanks for your message. Yes, you are right. At the moment, the receiver gets an email with an attachment (%org-name%-Attachment-Warning.txt). What I want to achieve is sending the message to the sender only because it's a sender's fault (e.g. double extension filename). So, it's a bit difficult to explain with my limited English but for example, when a company user sends an email with double extension filename attachment, then: > > MailScanner: hey, you are doing a bad thing (to sender) > MailScanner: hey, he is doing a bad thing to you (to receiver) > > So, I don't want the second thing to happen. Is it possible? Thanks. What do you want the recipient to get? 1) A message as sent by the sender with no alteration. 2) A message with the attachment removed with no indication or explanation of that 3) Nothing at all. I'm not really sure if any of those options can be accomplished. My previous suggestion to use a Scan Messages rule set to not scan outbound mail will accomplish 1), but won't notify the sender. In any case, once you clarify what you want the recipient to receive if anything, I'll think about ways to accomplish it. -- Mark Sapiro > The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmgomess at gmail.com Wed Jan 25 12:27:34 2017 From: mmgomess at gmail.com (Marcelo Machado) Date: Wed, 25 Jan 2017 10:27:34 -0200 Subject: Denial Of Service attack In-Reply-To: References: <3c5edc49-0b25-dda7-e7e4-6d7329716c1c@msapiro.net> Message-ID: Hi everyone. I have not said that I use MailWatch and it seems that the problem is related to it. See this. https://github.com/mailwatch/1.2.0/issues/430 2017-01-24 8:51 GMT-02:00 Glenn Steen : > Marcelo, > > Could you please check the following: > > ps -ef |egrep "postfix|clamd" > > depending on the result, check the user running postfix and clamd with > something like: > id postfix > id clamav > change the users as needed/found in the ps listing. > > This will show what your MailScanner.conf settings need be for both clamd > and postfix to be able to access the incoming work directory. The theory is > quite simple, just set the user to the one needed by the postfix processes, > and the group to match the clamd one. > Now, stop Mailscanner the ususal way, and use chown to change the actual > ownership on the actual files&directories. Something like > chown -R postfix.clamscan /var/spool/MailScanner/incoming > (adjust as neede, of course) > Start Mailscanner the usual way, and try sending a messege through... Other > things to check: > The permissions on the SpamAssassin directory (either you use the > ~postfix/.spamassassin, or /var/spool/MailScanner/spamassassin ... or > both... it all depends...:)) > Permissions on the quarantine directory > Permissions on the configuration files (remember that MailScanner has to run > as the postfix user, so all tests, like debugging and linting need be done > as that user! "su - postfix -s /bin/bash" is your friend... You might need > do a "sudo -i " first;-)). > > Cheers! > -- > -- Glenn > > > > 2017-01-23 10:43 GMT+01:00 Glenn Steen : >> >> Actually, unless the OP has done something to the user/group setup, this >> is simply a case of malconfihuration...:-) >> >> Looking at my 16.04 install, postfix runs as user postfix with group >> postfix, and I wouldn't even hazard a guess at whst clamd is running as... >> These things should be checked, and the MS config made to comply (use ps to >> learn more:), and fix any errors with chown (with MS/postfix shut down)... >> After that, things should start working;-) >> >> Cheers >> -- >> -- Glenn >> >> Den 22 jan. 2017 7:40 em skrev "Mark Sapiro" : >> >> On 01/22/2017 10:32 AM, Marcelo Machado wrote: >> > >> > I work with some Ubuntu servers with MailScanner installed and I >> > noticed right now that this error does not occur in version 14.04, but >> > only in version 16.04. >> >> >> Which makes it likely that the issue is with apparmor. >> >> -- >> Mark Sapiro The highway is for gamblers, >> San Francisco Bay Area, California better use your sense - B. Dylan >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From alex at vidadigital.com.pa Wed Jan 25 13:53:18 2017 From: alex at vidadigital.com.pa (alex at vidadigital.com.pa) Date: Wed, 25 Jan 2017 08:53:18 -0500 Subject: [Question] RE: sending warning message In-Reply-To: <7d26841542784f6ba49d3acb9d29adbd@rcst.com.au> References: <5aa6245215a24dca9d9990b3159e10c2@rcst.com.au> <4581e2fa-66e4-c358-1dee-49f05f4a8c0a@msapiro.net> <3ccb596f-c3ba-9fa4-4863-0a093efb9ccc@msapiro.net> <8f972cec6cb2492ba6b1d0493e2bbb9f@rcst.com.au> <7d26841542784f6ba49d3acb9d29adbd@rcst.com.au> Message-ID: <8B71CD17-2337-4A11-B93F-DEF649293496@vidadigital.com.pa> I believe it should be a lot easier with sendmail, I could help a bit more if that were the case. Alex Neuman van der Hans Producer/Host, Vida Digital +1 (440) 253-9789 | +507 6781-9505 | Panama |alex at vidadigital.com.pa | http://vidadigital.com.pa/ | Skype:alexneuman | wiseintro.co/alexneuman > On Jan 25, 2017, at 5:54 AM, Eoin Kim wrote: > > Hey Glenn, > > Thanks. I have been thinking about this for almost the whole day but doesn't look easy at my skill level. I need more time to think. Cheers. > > Eoin Kim > Systems Administrator > > RCS Telecommunications > Level 1, 133 Mary Street > Brisbane, QLD, 4000 > Office: 07 3228 0843 > Mobile: 0419 726 231 > Email: eoin.kim at rcst.com.au > > From: MailScanner on behalf of Glenn Steen > Sent: Wednesday, 25 January 2017 7:12 PM > To: MailScanner Discussion > Subject: Re: [Question] RE: sending warning message > > Hello Eoin, > > Remeber that the handling of the recipient part, the FromOrTo thing in this case, only looks at the first recipient in multi-recipient mails. You need configure your mta (incoming, in case you use a multi-mta setup... For Postfix, the split will happen too late, in a single instance setup, so you need find/use my very old "two-instance-split-per/recipient" wiki article... if at all possible... or DIY;-)) to split incoming e-mails/recipient. > > Cheers! > -- > -- Glenn > > 2017-01-25 5:22 GMT+01:00 Eoin Kim >: > Hello Mark, > > That is a good question indeed. > - First option is definitely not desired. > - Second option looks okay but I guess the other way (From the Internet to my company) will be affected as well. I mean it will affect my scenario #2. > - Third option means dropping the email without any notification? > > It is a good question but very hard to determine. Let me think about it. Thanks a lot. > > Eoin > > -----Original Message----- > From: MailScanner [mailto:mailscanner-bounces+eoin.kim =rcst.com.au at lists.mailscanner.info ] On Behalf Of Mark Sapiro > Sent: Wednesday, 25 January 2017 2:13 PM > To: MailScanner Discussion > > Subject: Re: [Question] RE: sending warning message > > On 01/24/2017 07:54 PM, Eoin Kim wrote: > > > > Thanks for your message. Yes, you are right. At the moment, the receiver gets an email with an attachment (%org-name%-Attachment-Warning.txt). What I want to achieve is sending the message to the sender only because it's a sender's fault (e.g. double extension filename). So, it's a bit difficult to explain with my limited English but for example, when a company user sends an email with double extension filename attachment, then: > > > > MailScanner: hey, you are doing a bad thing (to sender) > > MailScanner: hey, he is doing a bad thing to you (to receiver) > > > > So, I don't want the second thing to happen. Is it possible? Thanks. > > > What do you want the recipient to get? > > 1) A message as sent by the sender with no alteration. > 2) A message with the attachment removed with no indication or explanation of that > 3) Nothing at all. > > I'm not really sure if any of those options can be accomplished. My previous suggestion to use a Scan Messages rule set to not scan outbound mail will accomplish 1), but won't notify the sender. > > In any case, once you clarify what you want the recipient to receive if anything, I'll think about ways to accomplish it. > > -- > Mark Sapiro > The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From glenn.steen at gmail.com Wed Jan 25 15:41:38 2017 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed, 25 Jan 2017 16:41:38 +0100 Subject: Denial Of Service attack In-Reply-To: References: <3c5edc49-0b25-dda7-e7e4-6d7329716c1c@msapiro.net> Message-ID: You might have a problem with MailWatch as well, but I'd be interrested to hear what your findings about the permission bits are. Also, check that you only have queue files in the postfix hold... If for example SpamAssassin puts files/directories in there, bad things will happen:). Looking at the MailWatch thing, have you verified that - Your database is up and running - You can connect to it with the credentials used in MailWatch.pm - You have no typos in MailWatch.pm file (specifically the my($db,,,) settings? Note that these need be in single quoteslike so: my($db_name) = 'mailscanner'; my($db_host) = 'localhost'; my($db_user) = 'mailwatch'; my($db_pass) = 'secretpassword'; Cheers! -- -- Glenn 2017-01-25 13:27 GMT+01:00 Marcelo Machado : > Hi everyone. > > I have not said that I use MailWatch and it seems that the problem is > related to it. > > See this. https://github.com/mailwatch/1.2.0/issues/430 > > 2017-01-24 8:51 GMT-02:00 Glenn Steen : > > Marcelo, > > > > Could you please check the following: > > > > ps -ef |egrep "postfix|clamd" > > > > depending on the result, check the user running postfix and clamd with > > something like: > > id postfix > > id clamav > > change the users as needed/found in the ps listing. > > > > This will show what your MailScanner.conf settings need be for both clamd > > and postfix to be able to access the incoming work directory. The theory > is > > quite simple, just set the user to the one needed by the postfix > processes, > > and the group to match the clamd one. > > Now, stop Mailscanner the ususal way, and use chown to change the actual > > ownership on the actual files&directories. Something like > > chown -R postfix.clamscan /var/spool/MailScanner/incoming > > (adjust as neede, of course) > > Start Mailscanner the usual way, and try sending a messege through... > Other > > things to check: > > The permissions on the SpamAssassin directory (either you use the > > ~postfix/.spamassassin, or /var/spool/MailScanner/spamassassin ... or > > both... it all depends...:)) > > Permissions on the quarantine directory > > Permissions on the configuration files (remember that MailScanner has to > run > > as the postfix user, so all tests, like debugging and linting need be > done > > as that user! "su - postfix -s /bin/bash" is your friend... You might > need > > do a "sudo -i " first;-)). > > > > Cheers! > > -- > > -- Glenn > > > > > > > > 2017-01-23 10:43 GMT+01:00 Glenn Steen : > >> > >> Actually, unless the OP has done something to the user/group setup, this > >> is simply a case of malconfihuration...:-) > >> > >> Looking at my 16.04 install, postfix runs as user postfix with group > >> postfix, and I wouldn't even hazard a guess at whst clamd is running > as... > >> These things should be checked, and the MS config made to comply (use > ps to > >> learn more:), and fix any errors with chown (with MS/postfix shut > down)... > >> After that, things should start working;-) > >> > >> Cheers > >> -- > >> -- Glenn > >> > >> Den 22 jan. 2017 7:40 em skrev "Mark Sapiro" : > >> > >> On 01/22/2017 10:32 AM, Marcelo Machado wrote: > >> > > >> > I work with some Ubuntu servers with MailScanner installed and I > >> > noticed right now that this error does not occur in version 14.04, but > >> > only in version 16.04. > >> > >> > >> Which makes it likely that the issue is with apparmor. > >> > >> -- > >> Mark Sapiro The highway is for gamblers, > >> San Francisco Bay Area, California better use your sense - B. Dylan > >> > >> > >> -- > >> MailScanner mailing list > >> mailscanner at lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> > > > > > > > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: From glenn.steen at gmail.com Wed Jan 25 16:17:25 2017 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed, 25 Jan 2017 17:17:25 +0100 Subject: [Question] RE: sending warning message In-Reply-To: <8B71CD17-2337-4A11-B93F-DEF649293496@vidadigital.com.pa> References: <5aa6245215a24dca9d9990b3159e10c2@rcst.com.au> <4581e2fa-66e4-c358-1dee-49f05f4a8c0a@msapiro.net> <3ccb596f-c3ba-9fa4-4863-0a093efb9ccc@msapiro.net> <8f972cec6cb2492ba6b1d0493e2bbb9f@rcst.com.au> <7d26841542784f6ba49d3acb9d29adbd@rcst.com.au> <8B71CD17-2337-4A11-B93F-DEF649293496@vidadigital.com.pa> Message-ID: It's fairly easy with Postfix as well Alex, but you do need introduce a separate postfix instance that only accept email and split/recipient (and do RBLs and whatever you do at reception time), and then passes everything on to a second, MailScanner-configured, instance. Hah, I found the old t*rd of a page here: https://web.archive.org/web/20140627065723/http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:split_mails_per_recipient It details (in a rather more confusing manner than it really is) how to split emails/recipient ... Enjoy the blast from the past:-) Cheers! -- -- Glenn 2017-01-25 14:53 GMT+01:00 : > I believe it should be a lot easier with sendmail, I could help a bit more > if that were the case. > > [image: logo] > *Alex Neuman van der Hans* *Producer/Host**, Vida Digital* > +1 (440) 253-9789 <+1%20(440)%20253-9789> | +507 6781-9505 > <+507%206781-9505> | Panama |alex at vidadigital.com.pa | http:// > vidadigital.com.pa/ | Skype:alexneuman > > | wiseintro.co/alexneuman > > > > > > > > > > > On Jan 25, 2017, at 5:54 AM, Eoin Kim wrote: > > Hey Glenn, > > Thanks. I have been thinking about this for almost the whole day but > doesn't look easy at my skill level. I need more time to think. Cheers. > > *Eoin Kim* > Systems Administrator > > > *RCS Telecommunications * > Level 1, 133 Mary Street > Brisbane, QLD, 4000 > Office: 07 3228 0843 > Mobile: 0419 726 231 > Email: *eoin.kim at rcst.com.au * > > > ------------------------------ > *From:* MailScanner rcst.com.au at lists.mailscanner.info> on behalf of Glenn Steen < > glenn.steen at gmail.com> > *Sent:* Wednesday, 25 January 2017 7:12 PM > *To:* MailScanner Discussion > *Subject:* Re: [Question] RE: sending warning message > > Hello Eoin, > > Remeber that the handling of the recipient part, the FromOrTo thing in > this case, only looks at the first recipient in multi-recipient mails. You > need configure your mta (incoming, in case you use a multi-mta setup... For > Postfix, the split will happen too late, in a single instance setup, so you > need find/use my very old "two-instance-split-per/recipient" wiki > article... if at all possible... or DIY;-)) to split incoming > e-mails/recipient. > > Cheers! > -- > -- Glenn > > 2017-01-25 5:22 GMT+01:00 Eoin Kim : > >> Hello Mark, >> >> That is a good question indeed. >> - First option is definitely not desired. >> - Second option looks okay but I guess the other way (From the >> Internet to my company) will be affected as well. I mean it will affect my >> scenario #2. >> - Third option means dropping the email without any notification? >> >> It is a good question but very hard to determine. Let me think about it. >> Thanks a lot. >> >> Eoin >> >> -----Original Message----- >> From: MailScanner [mailto:mailscanner-bounces+eoin.kim= >> rcst.com.au at lists.mailscanner.info] On Behalf Of Mark Sapiro >> Sent: Wednesday, 25 January 2017 2:13 PM >> To: MailScanner Discussion >> Subject: Re: [Question] RE: sending warning message >> >> On 01/24/2017 07:54 PM, Eoin Kim wrote: >> > >> > Thanks for your message. Yes, you are right. At the moment, the >> receiver gets an email with an attachment (%org-name%-Attachment-Warning.txt). >> What I want to achieve is sending the message to the sender only because >> it's a sender's fault (e.g. double extension filename). So, it's a bit >> difficult to explain with my limited English but for example, when a >> company user sends an email with double extension filename attachment, then: >> > >> > MailScanner: hey, you are doing a bad thing (to sender) >> > MailScanner: hey, he is doing a bad thing to you (to receiver) >> > >> > So, I don't want the second thing to happen. Is it possible? Thanks. >> >> >> What do you want the recipient to get? >> >> 1) A message as sent by the sender with no alteration. >> 2) A message with the attachment removed with no indication or >> explanation of that >> 3) Nothing at all. >> >> I'm not really sure if any of those options can be accomplished. My >> previous suggestion to use a Scan Messages rule set to not scan outbound >> mail will accomplish 1), but won't notify the sender. >> >> In any case, once you clarify what you want the recipient to receive if >> anything, I'll think about ways to accomplish it. >> >> -- >> Mark Sapiro The highway is for gamblers, >> San Francisco Bay Area, California better use your sense - B. Dylan >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: From m.van.loon at ictvanloon.nl Wed Jan 25 16:42:44 2017 From: m.van.loon at ictvanloon.nl (Miguel van Loon) Date: Wed, 25 Jan 2017 16:42:44 +0000 Subject: FW: Quarantine options In-Reply-To: <3014039910df43d39bcd6cd84d42a438@EXCH03.Miguelvl.local> References: <3014039910df43d39bcd6cd84d42a438@EXCH03.Miguelvl.local> Message-ID: Hello guys, I am using mailwatch to look into my emails from mailscanner. Normally you can set the option "define('QUARANTINE_USE_FLAG', true);" in your conf.php from mailwatch. I am running mailscanner version 4.84.6. Unfortunately, the options does not come into the mailwatch page. Does anyone know how to solve these problem..? Thanks for help! Kind regards, Miguel -------------- next part -------------- An HTML attachment was scrubbed... URL: From mcmannis at intergate.com Fri Jan 27 01:03:06 2017 From: mcmannis at intergate.com (McMannis) Date: Thu, 26 Jan 2017 19:03:06 -0600 Subject: Delete Message-ID: <014a01d27839$1e9adbe0$5bd093a0$@intergate.com> Can you delete me from this list? Thanks. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From glenn.steen at gmail.com Fri Jan 27 07:59:32 2017 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri, 27 Jan 2017 08:59:32 +0100 Subject: FW: Quarantine options In-Reply-To: References: <3014039910df43d39bcd6cd84d42a438@EXCH03.Miguelvl.local> Message-ID: Hello Miguel! Although many participants on this page actually do use Mailwatch for Mailscanner, this list is primarily for MailScanner... You'll be more likely to get a good answer from the Mailwatch list ( mailwatch-users at lists.sourceforge.net), especially since your question seem to be solely about Mailwatch. Cheers! -- -- Glenn 2017-01-25 17:42 GMT+01:00 Miguel van Loon : > > > Hello guys, > > > > I am using mailwatch to look into my emails from mailscanner. > > Normally you can set the option "define('QUARANTINE_USE_FLAG', true);" in > your conf.php from mailwatch. > > I am running mailscanner version 4.84.6. > > Unfortunately, the options does not come into the mailwatch page. > > > > Does anyone know how to solve these problem..? > > > > Thanks for help! > > > > Kind regards, > > > > Miguel > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: From Antony.Stone at mailscanner.open.source.it Fri Jan 27 09:20:55 2017 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Fri, 27 Jan 2017 10:20:55 +0100 Subject: Delete In-Reply-To: <014a01d27839$1e9adbe0$5bd093a0$@intergate.com> References: <014a01d27839$1e9adbe0$5bd093a0$@intergate.com> Message-ID: <201701271020.55749.Antony.Stone@mailscanner.open.source.it> On Friday 27 January 2017 at 02:03:06, McMannis wrote: > Can you delete me from this list? Thanks. Could you unsubscribe yourself, please? From the headers of every email on this list: List-Id: MailScanner Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: MailScanner Discussion So, you can unsubscribe through a web interface, or by sending an email (but *not* to the list). Thanks, Antony. -- "It is easy to be blinded to the essential uselessness of them by the sense of achievement you get from getting them to work at all. In other words - and this is the rock solid principle on which the whole of the Corporation's Galaxy-wide success is founded - their fundamental design flaws are completely hidden by their superficial design flaws." - Douglas Noel Adams Please reply to the list; please *don't* CC me. From mmgomess at gmail.com Mon Jan 30 19:01:44 2017 From: mmgomess at gmail.com (Marcelo Machado) Date: Mon, 30 Jan 2017 17:01:44 -0200 Subject: Ruleset syntax Message-ID: Hi everyone Which is the correct syntax for "Allow Filenames =" and "Deny Filenames =" rulesets. Is the same syntax like others rulesets? Marcelo Gomes From mark at msapiro.net Mon Jan 30 19:50:32 2017 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 30 Jan 2017 11:50:32 -0800 Subject: Ruleset syntax In-Reply-To: References: Message-ID: On 01/30/2017 11:01 AM, Marcelo Machado wrote: > Hi everyone > > Which is the correct syntax for "Allow Filenames =" and "Deny > Filenames =" rulesets. > > Is the same syntax like others rulesets? Yes. For example for an Allow Filenames ruleset >From good_guy at example.com and To me at example.com \.exe$ \.com$ -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mmgomess at gmail.com Mon Jan 30 19:55:55 2017 From: mmgomess at gmail.com (Marcelo Machado) Date: Mon, 30 Jan 2017 17:55:55 -0200 Subject: Ruleset syntax In-Reply-To: References: Message-ID: I need to permit a internal user send ".exe" files. This will work? >From user at mydomain.com \.exe$ 2017-01-30 17:50 GMT-02:00 Mark Sapiro : > On 01/30/2017 11:01 AM, Marcelo Machado wrote: >> Hi everyone >> >> Which is the correct syntax for "Allow Filenames =" and "Deny >> Filenames =" rulesets. >> >> Is the same syntax like others rulesets? > > > Yes. For example for an Allow Filenames ruleset > > From good_guy at example.com and To me at example.com \.exe$ \.com$ > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > From mark at msapiro.net Mon Jan 30 20:02:03 2017 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 30 Jan 2017 12:02:03 -0800 Subject: Ruleset syntax In-Reply-To: References: Message-ID: On 01/30/2017 11:55 AM, Marcelo Machado wrote: > I need to permit a internal user send ".exe" files. This will work? > >>From user at mydomain.com \.exe$ It should. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mmgomess at gmail.com Tue Jan 31 10:37:09 2017 From: mmgomess at gmail.com (Marcelo Machado) Date: Tue, 31 Jan 2017 08:37:09 -0200 Subject: Ruleset syntax In-Reply-To: References: Message-ID: It seems MailScanner is not reading the ruleset file from these parameters. I did the test below and did not blocked the attachment Deny Filenames =%rules.dir%/deny.filenames.rules (MailScanenr.conf) From: *@netsol.com.br \.jpg$ (deny.filenames.rules) 2017-01-30 18:02 GMT-02:00 Mark Sapiro : > On 01/30/2017 11:55 AM, Marcelo Machado wrote: >> I need to permit a internal user send ".exe" files. This will work? >> >>>From user at mydomain.com \.exe$ > > > It should. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner >