From jerry.benton at mailborder.com Mon Oct 2 00:41:00 2017 From: jerry.benton at mailborder.com (Jerry Benton) Date: Sun, 1 Oct 2017 20:41:00 -0400 Subject: v5.0.6-5 Released Message-ID: <00bb01d33b17$1e657ad0$5b307070$@mailborder.com> Thanks to Shawn Iverson for creating the latest version. https://www.mailscanner.info/downloads/ -- Jerry Benton www.mailborder.com +1 (843) 800-8605 +44 (020) 3883-8605 From q at snj.ca Mon Oct 2 14:01:06 2017 From: q at snj.ca (Quintin S. Giesbrecht) Date: Mon, 2 Oct 2017 14:01:06 +0000 Subject: Spam getting VERY low scores Message-ID: Why is this happening? I've attached a few samples. Getting in the - scores for spam. These were caught because they also were in enough RBLs, but they never should have got these low scores. Thanks ________________________________ [Smith Neufeld Jodoin LLP] Sent by Quintin Giesbrecht IT Manager 85 PTH 12 North - Steinbach, Manitoba R5G 1A7 Tel: 204-326-3442 . Dir: (204)346-5106 . Fax: 204-326-2154 ________________________________ This communication, including its attachments, if any, is confidential and intended only for the person(s) to whom it is addressed, and may contain proprietary and/or privileged material. Any unauthorized review, disclosure, copying, other distribution of this communication or taking of any action in reliance on its contents is strictly prohibited. If you have received this message in error, please notify SNJ immediately so that we may amend our records. Then, please delete this message, and its attachments, if any, without reading, copying or forwarding it to anyone. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- An embedded message was scrubbed... From: Julie Subject: Hi Date: Sun, 1 Oct 2017 08:26:16 +0000 Size: 2052 URL: -------------- next part -------------- An embedded message was scrubbed... From: Deanne Holroyde Subject: Invoice Date: Fri, 29 Sep 2017 12:33:55 +0000 Size: 10839 URL: -------------- next part -------------- An embedded message was scrubbed... From: Tasha Subject: hey Date: Thu, 28 Sep 2017 21:51:03 +0000 Size: 2276 URL: -------------- next part -------------- An embedded message was scrubbed... From: eFax Corporate Subject: Corporate eFax message from "Unknown" - 1 page(s), Caller-ID: 418-548-0846 Date: Thu, 28 Sep 2017 17:33:26 +0000 Size: 9724 URL: From Antony.Stone at mailscanner.open.source.it Mon Oct 2 14:56:34 2017 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Mon, 2 Oct 2017 16:56:34 +0200 Subject: Spam getting VERY low scores In-Reply-To: References: Message-ID: <201710021656.34702.Antony.Stone@mailscanner.open.source.it> On Monday 02 October 2017 at 16:01:06, Quintin S. Giesbrecht wrote: > Why is this happening? I've attached a few samples. Getting in the - > scores for spam. These were caught because they also were in enough RBLs, > but they never should have got these low scores. 1. Please don't paste spam samples directly to the list - upload them to pastebin or similar, and give us a link. 2. There's little point in just sending us the bodies of the emails with a comment "getting very low scores" - we need to see the headers too (sanitise them if you have confidential stuff there, but show us the external details). 3. Make sure you show us the headers giving the SA scores, or the log file entries if the scores aren't added to the headers, so we can see what tests you are running and what results you're getting - otherwise we have nothing to compare with. Hope that helps, Antony. -- Why is "dylexia" so difficult to spell, and why can I never remember "aphasia" when I want to? Please reply to the list; please *don't* CC me. From q at snj.ca Mon Oct 2 15:02:02 2017 From: q at snj.ca (Quintin S. Giesbrecht) Date: Mon, 2 Oct 2017 15:02:02 +0000 Subject: Spam getting VERY low scores In-Reply-To: <201710021656.34702.Antony.Stone@mailscanner.open.source.it> References: <201710021656.34702.Antony.Stone@mailscanner.open.source.it> Message-ID: Sorry about that, that all makes sense. Here are the headers, spam report, and body of 1 of the emails in question: _________________________________________________________________________ Headers: Received: from mail.cm-topsci.com (mail.cm-topsci.com [58.135.84.25]) by mailscanner.snjlaw.local (Postfix) with ESMTP id 3AED34109D29 for ; Sun, 1 Oct 2017 15:46:31 -0500 (CDT) Received: from mail.cm-topsci.com (localhost [127.0.0.1]) by mail.cm-topsci.com (Postfix) with ESMTP id 353CAC0A13; Mon, 2 Oct 2017 04:24:55 +0800 (CST) Received: from WIN-SK7OE0QJF48.interserver.net (unknown [104.37.191.76]) by mail.cm-topsci.com (Postfix) with ESMTPA id E172CC09E4; Mon, 2 Oct 2017 04:24:49 +0800 (CST) Content-Type: multipart/mixed; boundary="===============1927870099==" MIME-Version: 1.0 Subject: Hey!! To: Recipients From: "Miss Vicky" Date: Sun, 01 Oct 2017 16:24:54 -0400 Reply-To: missvicky607 at gmail.com X-Virus-Scanned: ClamAV using ClamSMTP Spam report: -5.00BAYES_05Bayes spam probability is 1 to 5% 2.10FREEMAIL_FORGED_REPLYTOFreemail in Reply-To, but not From 0.25FREEMAIL_REPLYTO_END_DIGITReply-To freemail username ends in digit 0.50MISSING_MIDMissing Message-Id: header 0.01T_HK_NAME_MR_MRS Text in the body was: Hi, I am miss Vicky I would like to be your friend. It takes two to TANGLE and make a trail of friendship. I would have to know more about you and i am sending a picture of my self to you already. I would love to receive an email from you, telling me more about yourself and some photos of you as well. I am HONEST and PASSIONATE, NICE and FAITHFUL as well. Love hearing from you. We can then pursue this further on through email: missvicky607 at gmail.com. _________________________________________________________________________ That is obviously spam content, what am I missing that SA or MS would miss that being spam? Thanks! -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+q=snj.ca at lists.mailscanner.info] On Behalf Of Antony Stone Sent: Monday, October 2, 2017 9:57 AM To: MailScanner Discussion Subject: Re: Spam getting VERY low scores On Monday 02 October 2017 at 16:01:06, Quintin S. Giesbrecht wrote: > Why is this happening? I've attached a few samples. Getting in the - > scores for spam. These were caught because they also were in enough > RBLs, but they never should have got these low scores. 1. Please don't paste spam samples directly to the list - upload them to pastebin or similar, and give us a link. 2. There's little point in just sending us the bodies of the emails with a comment "getting very low scores" - we need to see the headers too (sanitise them if you have confidential stuff there, but show us the external details). 3. Make sure you show us the headers giving the SA scores, or the log file entries if the scores aren't added to the headers, so we can see what tests you are running and what results you're getting - otherwise we have nothing to compare with. Hope that helps, Antony. -- Why is "dylexia" so difficult to spell, and why can I never remember "aphasia" when I want to? Please reply to the list; please *don't* CC me. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner ________________________________ This communication, including its attachments, if any, is confidential and intended only for the person(s) to whom it is addressed, and may contain proprietary and/or privileged material. Any unauthorized review, disclosure, copying, other distribution of this communication or taking of any action in reliance on its contents is strictly prohibited. If you have received this message in error, please notify SNJ immediately so that we may amend our records. Then, please delete this message, and its attachments, if any, without reading, copying or forwarding it to anyone. From mailscanner at replies.cyways.com Mon Oct 2 15:42:23 2017 From: mailscanner at replies.cyways.com (Peter H. Lemieux) Date: Mon, 2 Oct 2017 11:42:23 -0400 Subject: Spam getting VERY low scores In-Reply-To: References: <201710021656.34702.Antony.Stone@mailscanner.open.source.it> Message-ID: <8ea37473-3063-4feb-1b7c-612cabdfe40c@replies.cyways.com> SA's Bayes engine put this meessage into the wrong category: > -5.00BAYES_05Bayes spam probability is 1 to 5% so it appears your SA Bayesian database is screwed up. Did you train the database with known spam and non-spam beforehand? Did you use actual mail for the domain(s) you manage? Here's a starting suggestion. Turn of Bayes in SpamAssassin by setting use_bayes = 0 in /etc/mail/spamassassin/mailscanner.cf. If that helps with correctly classifying spam, then I'd delete the Bayes databases and rebuild them with new bodies of spam and non-spam messages. Peter On 10/02/2017 11:02 AM, Quintin S. Giesbrecht wrote: > Here are the headers, spam report, and body of 1 of the emails in question: > Spam report: > -5.00BAYES_05Bayes spam probability is 1 to 5% > 2.10FREEMAIL_FORGED_REPLYTOFreemail in Reply-To, but not From > 0.25FREEMAIL_REPLYTO_END_DIGITReply-To freemail username ends in digit > 0.50MISSING_MIDMissing Message-Id: header > 0.01T_HK_NAME_MR_MRS > From dave at jonesol.com Tue Oct 3 12:34:12 2017 From: dave at jonesol.com (Dave Jones) Date: Tue, 3 Oct 2017 07:34:12 -0500 Subject: Spam getting VERY low scores In-Reply-To: <8ea37473-3063-4feb-1b7c-612cabdfe40c@replies.cyways.com> References: <201710021656.34702.Antony.Stone@mailscanner.open.source.it> <8ea37473-3063-4feb-1b7c-612cabdfe40c@replies.cyways.com> Message-ID: Setup Postfix with postscreen RBL weighting. This IP is on a number of major RBLs: http://multirbl.valli.org/lookup/58.135.84.25.html Search the SpamAssassin mailing list archives for senderscore.org and you should find some Postfix postscreen details along with extra rules to add to SA for RCVD_IN_SENDERSCORE. That message would have been bounced by Postfix but if it made it to SA, then it would have scored a 29.2 in my MailScanner. Dave On Mon, Oct 2, 2017 at 10:42 AM, Peter H. Lemieux < mailscanner at replies.cyways.com> wrote: > SA's Bayes engine put this meessage into the wrong category: > > > -5.00BAYES_05Bayes spam probability is 1 to 5% > > so it appears your SA Bayesian database is screwed up. Did you train the > database with known spam and non-spam beforehand? Did you use actual mail > for the domain(s) you manage? > > Here's a starting suggestion. Turn of Bayes in SpamAssassin by setting > > use_bayes = 0 > > in /etc/mail/spamassassin/mailscanner.cf. If that helps with correctly > classifying spam, then I'd delete the Bayes databases and rebuild them with > new bodies of spam and non-spam messages. > > Peter > > > On 10/02/2017 11:02 AM, Quintin S. Giesbrecht wrote: > >> Here are the headers, spam report, and body of 1 of the emails in >> question: >> > > Spam report: >> -5.00BAYES_05Bayes spam probability is 1 to 5% >> 2.10FREEMAIL_FORGED_REPLYTOFreemail in Reply-To, but not From >> 0.25FREEMAIL_REPLYTO_END_DIGITReply-To freemail username ends in digit >> 0.50MISSING_MIDMissing Message-Id: header >> 0.01T_HK_NAME_MR_MRS >> >> > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at meelhuysen.com Wed Oct 4 18:54:54 2017 From: mark at meelhuysen.com (Mark Meelhuysen) Date: Wed, 4 Oct 2017 18:54:54 +0000 Subject: MailScanner: Message contained password-protected archive Message-ID: <13d3d4e3265b41e99240beee82126ba7@DC01.meelhuysen.com> Hello all, I received a message containing a password-protected archive. I added the sender tot he whitelist, but the archive is still being blocked. Can anyone advise me on how to deal with this? I would like to be able to receive password protected archives from this particular sender. Thank you in advance, Mark -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevin.miller at juneau.org Wed Oct 4 19:44:05 2017 From: kevin.miller at juneau.org (Kevin Miller) Date: Wed, 4 Oct 2017 19:44:05 +0000 Subject: MailScanner: Message contained password-protected archive In-Reply-To: <13d3d4e3265b41e99240beee82126ba7@DC01.meelhuysen.com> References: <13d3d4e3265b41e99240beee82126ba7@DC01.meelhuysen.com> Message-ID: <3167a15f29c3409ca5a6cd8da97c2eb6@City-Exch-DB2.cbj.local> In your conf file, set this: Allow Password-Protected Archives = %rules-dir%/zip.whitelist.rules In your rules dir, create a zip.whitelist.rules file and edit it thus: # This is the whitelist for folks needing to # send password protected archives, which are # disallowed in general. # From: *@thisdomain.com yes From: *@thatdomain.com yes FromOrTo: someone at someotherdomain.com yes ... FromOrTo: default no ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357 From: MailScanner [mailto:mailscanner-bounces+kevin.miller=juneau.org at lists.mailscanner.info] On Behalf Of Mark Meelhuysen Sent: Wednesday, October 04, 2017 10:55 AM To: MailScanner Discussion Subject: MailScanner: Message contained password-protected archive Hello all, I received a message containing a password-protected archive. I added the sender tot he whitelist, but the archive is still being blocked. Can anyone advise me on how to deal with this? I would like to be able to receive password protected archives from this particular sender. Thank you in advance, Mark -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner-list at okla.com Sat Oct 7 18:37:10 2017 From: mailscanner-list at okla.com (Tracy Greggs) Date: Sat, 7 Oct 2017 13:37:10 -0500 Subject: Centos 7 + Postfix + clamd@scan Message-ID: <012401d33f9b$4c6ba480$e542ed80$@okla.com> OK, so postfix works fine prior to mailscanner 5.0.6-4 / clam install. I am getting the following and I can't seem to find an answer to the problem although it seems pretty clear that it is a permissions issue. If anyone could enlighten me I would appreciate it :) Oct 7 13:30:13 test MailScanner[37081]: Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! Oct 7 13:30:23 test MailScanner[37083]: Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! Oct 7 13:30:33 test MailScanner[37085]: Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! Oct 7 13:30:43 test MailScanner[37095]: Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! Oct 7 13:30:53 test MailScanner[37097]: Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! [root at test ~]# ls -la /var/run/clamd.scan/ total 4 drwx--x--- 2 clamscan clamscan 80 Oct 7 13:25 . drwxr-xr-x 41 root root 1260 Oct 7 13:26 .. -rw-rw-r-- 1 clamscan clamscan 6 Oct 7 13:25 clamd.pid srw-rw-rw- 1 clamscan clamscan 0 Oct 7 13:25 clamd.sock [root at test ~]# cat /etc/group | grep clam clamupdate:x:984: virusgroup:x:983:clamupdate,clamscan,postfix mtagroup:x:1002:postfix,mail,clamscan clamscan:x:982: [root at test mailscanner]# rpm -qa | grep clam clamav-scanner-0.99.2-8.el7.noarch clamav-filesystem-0.99.2-8.el7.noarch clamav-update-0.99.2-8.el7.x86_64 clamav-server-0.99.2-8.el7.x86_64 clamav-0.99.2-8.el7.x86_64 clamav-lib-0.99.2-8.el7.x86_64 clamav-scanner-systemd-0.99.2-8.el7.noarch clamav-data-0.99.2-8.el7.noarch clamav-devel-0.99.2-8.el7.x86_64 clamav-server-systemd-0.99.2-8.el7.noarch --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From iversons at rushville.k12.in.us Sat Oct 7 18:40:15 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Sat, 7 Oct 2017 14:40:15 -0400 Subject: Centos 7 + Postfix + clamd@scan In-Reply-To: <012401d33f9b$4c6ba480$e542ed80$@okla.com> References: <012401d33f9b$4c6ba480$e542ed80$@okla.com> Message-ID: Is clamscan a member of the mtagroup group? If not, add it. On Sat, Oct 7, 2017 at 2:37 PM, Tracy Greggs wrote: > OK, so postfix works fine prior to mailscanner 5.0.6-4 / clam install. > > I am getting the following and I can't seem to find an answer to the > problem > although it seems pretty clear that it is a permissions issue. > > If anyone could enlighten me I would appreciate it :) > > Oct 7 13:30:13 test MailScanner[37081]: Cannot find Socket > (/var/run/clamd.scan/clamd.sock) Exiting! > Oct 7 13:30:23 test MailScanner[37083]: Cannot find Socket > (/var/run/clamd.scan/clamd.sock) Exiting! > Oct 7 13:30:33 test MailScanner[37085]: Cannot find Socket > (/var/run/clamd.scan/clamd.sock) Exiting! > Oct 7 13:30:43 test MailScanner[37095]: Cannot find Socket > (/var/run/clamd.scan/clamd.sock) Exiting! > Oct 7 13:30:53 test MailScanner[37097]: Cannot find Socket > (/var/run/clamd.scan/clamd.sock) Exiting! > > [root at test ~]# ls -la /var/run/clamd.scan/ > total 4 > drwx--x--- 2 clamscan clamscan 80 Oct 7 13:25 . > drwxr-xr-x 41 root root 1260 Oct 7 13:26 .. > -rw-rw-r-- 1 clamscan clamscan 6 Oct 7 13:25 clamd.pid > srw-rw-rw- 1 clamscan clamscan 0 Oct 7 13:25 clamd.sock > > [root at test ~]# cat /etc/group | grep clam > clamupdate:x:984: > virusgroup:x:983:clamupdate,clamscan,postfix > mtagroup:x:1002:postfix,mail,clamscan > clamscan:x:982: > > [root at test mailscanner]# rpm -qa | grep clam > clamav-scanner-0.99.2-8.el7.noarch > clamav-filesystem-0.99.2-8.el7.noarch > clamav-update-0.99.2-8.el7.x86_64 > clamav-server-0.99.2-8.el7.x86_64 > clamav-0.99.2-8.el7.x86_64 > clamav-lib-0.99.2-8.el7.x86_64 > clamav-scanner-systemd-0.99.2-8.el7.noarch > clamav-data-0.99.2-8.el7.noarch > clamav-devel-0.99.2-8.el7.x86_64 > clamav-server-systemd-0.99.2-8.el7.noarch > > > > --- > This email has been checked for viruses by Avast antivirus software. > https://www.avast.com/antivirus > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner-list at okla.com Sat Oct 7 18:49:34 2017 From: mailscanner-list at okla.com (Tracy Greggs) Date: Sat, 7 Oct 2017 13:49:34 -0500 Subject: Centos 7 + Postfix + clamd@scan In-Reply-To: References: <012401d33f9b$4c6ba480$e542ed80$@okla.com> Message-ID: <012c01d33f9d$080d48a0$1827d9e0$@okla.com> It already is Shawn. I?m sure you just missed that part of the last post ? Tracy From: MailScanner [mailto:mailscanner-bounces+mailscanner-list=okla.com at lists.mailscanner.info] On Behalf Of Shawn Iverson Sent: Saturday, October 7, 2017 1:40 PM To: MailScanner Discussion Subject: Re: Centos 7 + Postfix + clamd at scan Is clamscan a member of the mtagroup group? If not, add it. On Sat, Oct 7, 2017 at 2:37 PM, Tracy Greggs wrote: OK, so postfix works fine prior to mailscanner 5.0.6-4 / clam install. I am getting the following and I can't seem to find an answer to the problem although it seems pretty clear that it is a permissions issue. If anyone could enlighten me I would appreciate it :) Oct 7 13:30:13 test MailScanner[37081]: Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! Oct 7 13:30:23 test MailScanner[37083]: Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! Oct 7 13:30:33 test MailScanner[37085]: Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! Oct 7 13:30:43 test MailScanner[37095]: Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! Oct 7 13:30:53 test MailScanner[37097]: Cannot find Socket (/var/run/clamd.scan/clamd.sock) Exiting! [root at test ~]# ls -la /var/run/clamd.scan/ total 4 drwx--x--- 2 clamscan clamscan 80 Oct 7 13:25 . drwxr-xr-x 41 root root 1260 Oct 7 13:26 .. -rw-rw-r-- 1 clamscan clamscan 6 Oct 7 13:25 clamd.pid srw-rw-rw- 1 clamscan clamscan 0 Oct 7 13:25 clamd.sock [root at test ~]# cat /etc/group | grep clam clamupdate:x:984: virusgroup:x:983:clamupdate,clamscan,postfix mtagroup:x:1002:postfix,mail,clamscan clamscan:x:982: [root at test mailscanner]# rpm -qa | grep clam clamav-scanner-0.99.2-8.el7.noarch clamav-filesystem-0.99.2-8.el7.noarch clamav-update-0.99.2-8.el7.x86_64 clamav-server-0.99.2-8.el7.x86_64 clamav-0.99.2-8.el7.x86_64 clamav-lib-0.99.2-8.el7.x86_64 clamav-scanner-systemd-0.99.2-8.el7.noarch clamav-data-0.99.2-8.el7.noarch clamav-devel-0.99.2-8.el7.x86_64 clamav-server-systemd-0.99.2-8.el7.noarch --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Sat Oct 7 18:58:56 2017 From: mark at msapiro.net (Mark Sapiro) Date: Sat, 7 Oct 2017 11:58:56 -0700 Subject: Centos 7 + Postfix + clamd@scan In-Reply-To: References: <012401d33f9b$4c6ba480$e542ed80$@okla.com> Message-ID: <737a111a-a78b-ef59-3507-080579885d42@msapiro.net> On 10/07/2017 11:40 AM, Shawn Iverson wrote: > Is clamscan a member of the mtagroup group? I don't think that's exactly the issue. > On Sat, Oct 7, 2017 at 2:37 PM, Tracy Greggs wrote: > ... > > [root at test ~]# ls -la /var/run/clamd.scan/ > total 4 > drwx--x---? 2 clamscan clamscan? ?80 Oct? 7 13:25 . > drwxr-xr-x 41 root? ? ?root? ? ?1260 Oct? 7 13:26 .. > -rw-rw-r--? 1 clamscan clamscan? ? 6 Oct? 7 13:25 clamd.pid > srw-rw-rw-? 1 clamscan clamscan? ? 0 Oct? 7 13:25 clamd.sock The issue here is only the clamscan user or group can access clamd.pid and clamd.sock and the group and MailScanner is not running as that user or group. > [root at test ~]# cat /etc/group | grep clam > clamupdate:x:984: > virusgroup:x:983:clamupdate,clamscan,postfix > mtagroup:x:1002:postfix,mail,clamscan > clamscan:x:982: What you want is the user/group of /var/run/clamd.scan to be mtagroup, not clamscan. What you need is LocalSocketGroup mtagroup in /etc/clamav/clamd.conf -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mailscanner-list at okla.com Sat Oct 7 19:06:44 2017 From: mailscanner-list at okla.com (Tracy Greggs) Date: Sat, 7 Oct 2017 14:06:44 -0500 Subject: Centos 7 + Postfix + clamd@scan In-Reply-To: <737a111a-a78b-ef59-3507-080579885d42@msapiro.net> References: <012401d33f9b$4c6ba480$e542ed80$@okla.com> <737a111a-a78b-ef59-3507-080579885d42@msapiro.net> Message-ID: <012e01d33f9f$6e0493a0$4a0dbae0$@okla.com> Thanks for the help Mark. That seems to have cured it. Tracy -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+mailscanner-list=okla.com at lists.mailscanner.info] On Behalf Of Mark Sapiro Sent: Saturday, October 7, 2017 1:59 PM To: mailscanner at lists.mailscanner.info Subject: Re: Centos 7 + Postfix + clamd at scan On 10/07/2017 11:40 AM, Shawn Iverson wrote: > Is clamscan a member of the mtagroup group? I don't think that's exactly the issue. > On Sat, Oct 7, 2017 at 2:37 PM, Tracy Greggs wrote: > ... > > [root at test ~]# ls -la /var/run/clamd.scan/ > total 4 > drwx--x--- 2 clamscan clamscan 80 Oct 7 13:25 . > drwxr-xr-x 41 root root 1260 Oct 7 13:26 .. > -rw-rw-r-- 1 clamscan clamscan 6 Oct 7 13:25 clamd.pid > srw-rw-rw- 1 clamscan clamscan 0 Oct 7 13:25 clamd.sock The issue here is only the clamscan user or group can access clamd.pid and clamd.sock and the group and MailScanner is not running as that user or group. > [root at test ~]# cat /etc/group | grep clam > clamupdate:x:984: > virusgroup:x:983:clamupdate,clamscan,postfix > mtagroup:x:1002:postfix,mail,clamscan > clamscan:x:982: What you want is the user/group of /var/run/clamd.scan to be mtagroup, not clamscan. What you need is LocalSocketGroup mtagroup in /etc/clamav/clamd.conf -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From iversons at rushville.k12.in.us Sat Oct 7 19:16:54 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Sat, 7 Oct 2017 15:16:54 -0400 Subject: Centos 7 + Postfix + clamd@scan In-Reply-To: <012c01d33f9d$080d48a0$1827d9e0$@okla.com> References: <012401d33f9b$4c6ba480$e542ed80$@okla.com> <012c01d33f9d$080d48a0$1827d9e0$@okla.com> Message-ID: Tracy, I sure did! :S On Sat, Oct 7, 2017 at 2:49 PM, Tracy Greggs wrote: > It already is Shawn. I?m sure you just missed that part of the last post ? > > Tracy > > > From: MailScanner [mailto:mailscanner-bounces+mailscanner-list=okla.com@ > lists.mailscanner.info] On Behalf Of Shawn Iverson > Sent: Saturday, October 7, 2017 1:40 PM > To: MailScanner Discussion > Subject: Re: Centos 7 + Postfix + clamd at scan > > Is clamscan a member of the mtagroup group? > > If not, add it. > > On Sat, Oct 7, 2017 at 2:37 PM, Tracy Greggs > wrote: > OK, so postfix works fine prior to mailscanner 5.0.6-4 / clam install. > > I am getting the following and I can't seem to find an answer to the > problem > although it seems pretty clear that it is a permissions issue. > > If anyone could enlighten me I would appreciate it :) > > Oct 7 13:30:13 test MailScanner[37081]: Cannot find Socket > (/var/run/clamd.scan/clamd.sock) Exiting! > Oct 7 13:30:23 test MailScanner[37083]: Cannot find Socket > (/var/run/clamd.scan/clamd.sock) Exiting! > Oct 7 13:30:33 test MailScanner[37085]: Cannot find Socket > (/var/run/clamd.scan/clamd.sock) Exiting! > Oct 7 13:30:43 test MailScanner[37095]: Cannot find Socket > (/var/run/clamd.scan/clamd.sock) Exiting! > Oct 7 13:30:53 test MailScanner[37097]: Cannot find Socket > (/var/run/clamd.scan/clamd.sock) Exiting! > > [root at test ~]# ls -la /var/run/clamd.scan/ > total 4 > drwx--x--- 2 clamscan clamscan 80 Oct 7 13:25 . > drwxr-xr-x 41 root root 1260 Oct 7 13:26 .. > -rw-rw-r-- 1 clamscan clamscan 6 Oct 7 13:25 clamd.pid > srw-rw-rw- 1 clamscan clamscan 0 Oct 7 13:25 clamd.sock > > [root at test ~]# cat /etc/group | grep clam > clamupdate:x:984: > virusgroup:x:983:clamupdate,clamscan,postfix > mtagroup:x:1002:postfix,mail,clamscan > clamscan:x:982: > > [root at test mailscanner]# rpm -qa | grep clam > clamav-scanner-0.99.2-8.el7.noarch > clamav-filesystem-0.99.2-8.el7.noarch > clamav-update-0.99.2-8.el7.x86_64 > clamav-server-0.99.2-8.el7.x86_64 > clamav-0.99.2-8.el7.x86_64 > clamav-lib-0.99.2-8.el7.x86_64 > clamav-scanner-systemd-0.99.2-8.el7.noarch > clamav-data-0.99.2-8.el7.noarch > clamav-devel-0.99.2-8.el7.x86_64 > clamav-server-systemd-0.99.2-8.el7.noarch > > > > --- > This email has been checked for viruses by Avast antivirus software. > https://www.avast.com/antivirus > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > -- > Shawn Iverson, CETL > Director of Technology > Rush County Schools > 765-932-3901 x271 > iversons at rushville.k12.in.us > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner-list at okla.com Mon Oct 9 19:01:08 2017 From: mailscanner-list at okla.com (Tracy Greggs) Date: Mon, 9 Oct 2017 14:01:08 -0500 Subject: Centos 7 + Postfix + clamd@scan In-Reply-To: <737a111a-a78b-ef59-3507-080579885d42@msapiro.net> References: <012401d33f9b$4c6ba480$e542ed80$@okla.com> <737a111a-a78b-ef59-3507-080579885d42@msapiro.net> Message-ID: <008301d34130$fa36fe20$eea4fa60$@okla.com> So what can be done about clamd at scan service creating /var/run/clamd.scan folder as follows: drwx--x--- 2 clamscan mtagroup 80 Oct 7 16:07 clamd.scan The group permissions is creates the folder with are clearly a problem. Thanks :) Tracy -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+mailscanner-list=okla.com at lists.mailscanner.info] On Behalf Of Mark Sapiro Sent: Saturday, October 7, 2017 1:59 PM To: mailscanner at lists.mailscanner.info Subject: Re: Centos 7 + Postfix + clamd at scan On 10/07/2017 11:40 AM, Shawn Iverson wrote: > Is clamscan a member of the mtagroup group? I don't think that's exactly the issue. > On Sat, Oct 7, 2017 at 2:37 PM, Tracy Greggs wrote: > ... > > [root at test ~]# ls -la /var/run/clamd.scan/ > total 4 > drwx--x--- 2 clamscan clamscan 80 Oct 7 13:25 . > drwxr-xr-x 41 root root 1260 Oct 7 13:26 .. > -rw-rw-r-- 1 clamscan clamscan 6 Oct 7 13:25 clamd.pid > srw-rw-rw- 1 clamscan clamscan 0 Oct 7 13:25 clamd.sock The issue here is only the clamscan user or group can access clamd.pid and clamd.sock and the group and MailScanner is not running as that user or group. > [root at test ~]# cat /etc/group | grep clam > clamupdate:x:984: > virusgroup:x:983:clamupdate,clamscan,postfix > mtagroup:x:1002:postfix,mail,clamscan > clamscan:x:982: What you want is the user/group of /var/run/clamd.scan to be mtagroup, not clamscan. What you need is LocalSocketGroup mtagroup in /etc/clamav/clamd.conf -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From iversons at rushville.k12.in.us Mon Oct 9 19:06:51 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Mon, 9 Oct 2017 15:06:51 -0400 Subject: Centos 7 + Postfix + clamd@scan In-Reply-To: <008301d34130$fa36fe20$eea4fa60$@okla.com> References: <012401d33f9b$4c6ba480$e542ed80$@okla.com> <737a111a-a78b-ef59-3507-080579885d42@msapiro.net> <008301d34130$fa36fe20$eea4fa60$@okla.com> Message-ID: Checking my notes... I have this, but I'm haven't gotten very deep into CentOS7 clam yet. echo "d /var/run/clamd.scan 0750 clamupdate matgroup -" > /usr/lib/tmpfiles.d/clamd.conf It is weird looking to me, but it is in my notes. On Mon, Oct 9, 2017 at 3:01 PM, Tracy Greggs wrote: > So what can be done about clamd at scan service creating /var/run/clamd.scan > folder as follows: > > drwx--x--- 2 clamscan mtagroup 80 Oct 7 16:07 clamd.scan > > The group permissions is creates the folder with are clearly a problem. > > Thanks :) > > Tracy > > > -----Original Message----- > From: MailScanner [mailto:mailscanner-bounces+mailscanner-list=okla.com@ > lists.mailscanner.info] On Behalf Of Mark Sapiro > Sent: Saturday, October 7, 2017 1:59 PM > To: mailscanner at lists.mailscanner.info > Subject: Re: Centos 7 + Postfix + clamd at scan > > On 10/07/2017 11:40 AM, Shawn Iverson wrote: > > Is clamscan a member of the mtagroup group? > > > I don't think that's exactly the issue. > > > > On Sat, Oct 7, 2017 at 2:37 PM, Tracy Greggs > wrote: > > > ... > > > > [root at test ~]# ls -la /var/run/clamd.scan/ > > total 4 > > drwx--x--- 2 clamscan clamscan 80 Oct 7 13:25 . > > drwxr-xr-x 41 root root 1260 Oct 7 13:26 .. > > -rw-rw-r-- 1 clamscan clamscan 6 Oct 7 13:25 clamd.pid > > srw-rw-rw- 1 clamscan clamscan 0 Oct 7 13:25 clamd.sock > > > The issue here is only the clamscan user or group can access clamd.pid and > clamd.sock and the group and MailScanner is not running as that user or > group. > > > > [root at test ~]# cat /etc/group | grep clam > > clamupdate:x:984: > > virusgroup:x:983:clamupdate,clamscan,postfix > > mtagroup:x:1002:postfix,mail,clamscan > > clamscan:x:982: > > > What you want is the user/group of /var/run/clamd.scan to be mtagroup, not > clamscan. What you need is > > LocalSocketGroup mtagroup > > in /etc/clamav/clamd.conf > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > --- > This email has been checked for viruses by Avast antivirus software. > https://www.avast.com/antivirus > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Mon Oct 9 19:08:03 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Mon, 9 Oct 2017 15:08:03 -0400 Subject: Centos 7 + Postfix + clamd@scan In-Reply-To: References: <012401d33f9b$4c6ba480$e542ed80$@okla.com> <737a111a-a78b-ef59-3507-080579885d42@msapiro.net> <008301d34130$fa36fe20$eea4fa60$@okla.com> Message-ID: Let me rewrite that to look like yours.... echo "d /var/run/clamd.scan 0750 clamscan mtagroup -" > /usr/lib/tmpfiles.d/clamd.conf On Mon, Oct 9, 2017 at 3:06 PM, Shawn Iverson wrote: > Checking my notes... > > I have this, but I'm haven't gotten very deep into CentOS7 clam yet. > > echo "d /var/run/clamd.scan 0750 clamupdate matgroup -" > > /usr/lib/tmpfiles.d/clamd.conf > > It is weird looking to me, but it is in my notes. > > On Mon, Oct 9, 2017 at 3:01 PM, Tracy Greggs > wrote: > >> So what can be done about clamd at scan service creating >> /var/run/clamd.scan folder as follows: >> >> drwx--x--- 2 clamscan mtagroup 80 Oct 7 16:07 clamd.scan >> >> The group permissions is creates the folder with are clearly a problem. >> >> Thanks :) >> >> Tracy >> >> >> -----Original Message----- >> From: MailScanner [mailto:mailscanner-bounces+mailscanner-list= >> okla.com at lists.mailscanner.info] On Behalf Of Mark Sapiro >> Sent: Saturday, October 7, 2017 1:59 PM >> To: mailscanner at lists.mailscanner.info >> Subject: Re: Centos 7 + Postfix + clamd at scan >> >> On 10/07/2017 11:40 AM, Shawn Iverson wrote: >> > Is clamscan a member of the mtagroup group? >> >> >> I don't think that's exactly the issue. >> >> >> > On Sat, Oct 7, 2017 at 2:37 PM, Tracy Greggs >> wrote: >> > >> ... >> > >> > [root at test ~]# ls -la /var/run/clamd.scan/ >> > total 4 >> > drwx--x--- 2 clamscan clamscan 80 Oct 7 13:25 . >> > drwxr-xr-x 41 root root 1260 Oct 7 13:26 .. >> > -rw-rw-r-- 1 clamscan clamscan 6 Oct 7 13:25 clamd.pid >> > srw-rw-rw- 1 clamscan clamscan 0 Oct 7 13:25 clamd.sock >> >> >> The issue here is only the clamscan user or group can access clamd.pid >> and clamd.sock and the group and MailScanner is not running as that user or >> group. >> >> >> > [root at test ~]# cat /etc/group | grep clam >> > clamupdate:x:984: >> > virusgroup:x:983:clamupdate,clamscan,postfix >> > mtagroup:x:1002:postfix,mail,clamscan >> > clamscan:x:982: >> >> >> What you want is the user/group of /var/run/clamd.scan to be mtagroup, >> not clamscan. What you need is >> >> LocalSocketGroup mtagroup >> >> in /etc/clamav/clamd.conf >> >> -- >> Mark Sapiro The highway is for gamblers, >> San Francisco Bay Area, California better use your sense - B. Dylan >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> >> >> --- >> This email has been checked for viruses by Avast antivirus software. >> https://www.avast.com/antivirus >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > > -- > Shawn Iverson, CETL > Director of Technology > Rush County Schools > 765-932-3901 x271 <(765)%20932-3901> > iversons at rushville.k12.in.us > > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Mon Oct 9 19:10:51 2017 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 9 Oct 2017 12:10:51 -0700 Subject: Centos 7 + Postfix + clamd@scan In-Reply-To: <008301d34130$fa36fe20$eea4fa60$@okla.com> References: <012401d33f9b$4c6ba480$e542ed80$@okla.com> <737a111a-a78b-ef59-3507-080579885d42@msapiro.net> <008301d34130$fa36fe20$eea4fa60$@okla.com> Message-ID: <1cf4a97d-18cc-b86e-d7c6-ddb9559fc42d@msapiro.net> On 10/09/2017 12:01 PM, Tracy Greggs wrote: > So what can be done about clamd at scan service creating /var/run/clamd.scan folder as follows: > > drwx--x--- 2 clamscan mtagroup 80 Oct 7 16:07 clamd.scan > > The group permissions is creates the folder with are clearly a problem. Why is this a problem? If MailScanner is running as a member of the mtagroup group, it can search that directory for the /var/run/clamd.scan/clamd.sock socket and as long as it has rw permission on the socket, there should be no problem. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From iversons at rushville.k12.in.us Mon Oct 9 19:11:40 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Mon, 9 Oct 2017 15:11:40 -0400 Subject: Centos 7 + Postfix + clamd@scan In-Reply-To: <1cf4a97d-18cc-b86e-d7c6-ddb9559fc42d@msapiro.net> References: <012401d33f9b$4c6ba480$e542ed80$@okla.com> <737a111a-a78b-ef59-3507-080579885d42@msapiro.net> <008301d34130$fa36fe20$eea4fa60$@okla.com> <1cf4a97d-18cc-b86e-d7c6-ddb9559fc42d@msapiro.net> Message-ID: There is no rw on the socket for the mtagroup. On Mon, Oct 9, 2017 at 3:10 PM, Mark Sapiro wrote: > On 10/09/2017 12:01 PM, Tracy Greggs wrote: > > So what can be done about clamd at scan service creating > /var/run/clamd.scan folder as follows: > > > > drwx--x--- 2 clamscan mtagroup 80 Oct 7 16:07 clamd.scan > > > > The group permissions is creates the folder with are clearly a problem. > > > Why is this a problem? > > If MailScanner is running as a member of the mtagroup group, it can > search that directory for the /var/run/clamd.scan/clamd.sock socket and > as long as it has rw permission on the socket, there should be no problem. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Mon Oct 9 19:13:11 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Mon, 9 Oct 2017 15:13:11 -0400 Subject: Centos 7 + Postfix + clamd@scan In-Reply-To: References: <012401d33f9b$4c6ba480$e542ed80$@okla.com> <737a111a-a78b-ef59-3507-080579885d42@msapiro.net> <008301d34130$fa36fe20$eea4fa60$@okla.com> <1cf4a97d-18cc-b86e-d7c6-ddb9559fc42d@msapiro.net> Message-ID: Wait, that's a directory, my bad. socket would be inside. On Mon, Oct 9, 2017 at 3:11 PM, Shawn Iverson wrote: > There is no rw on the socket for the mtagroup. > > On Mon, Oct 9, 2017 at 3:10 PM, Mark Sapiro wrote: > >> On 10/09/2017 12:01 PM, Tracy Greggs wrote: >> > So what can be done about clamd at scan service creating >> /var/run/clamd.scan folder as follows: >> > >> > drwx--x--- 2 clamscan mtagroup 80 Oct 7 16:07 >> clamd.scan >> > >> > The group permissions is creates the folder with are clearly a problem. >> >> >> Why is this a problem? >> >> If MailScanner is running as a member of the mtagroup group, it can >> search that directory for the /var/run/clamd.scan/clamd.sock socket and >> as long as it has rw permission on the socket, there should be no problem. >> >> -- >> Mark Sapiro The highway is for gamblers, >> San Francisco Bay Area, California better use your sense - B. Dylan >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > > -- > Shawn Iverson, CETL > Director of Technology > Rush County Schools > 765-932-3901 x271 <(765)%20932-3901> > iversons at rushville.k12.in.us > > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner-list at okla.com Mon Oct 9 19:18:32 2017 From: mailscanner-list at okla.com (Tracy Greggs) Date: Mon, 9 Oct 2017 14:18:32 -0500 Subject: Centos 7 + Postfix + clamd@scan In-Reply-To: References: <012401d33f9b$4c6ba480$e542ed80$@okla.com> <737a111a-a78b-ef59-3507-080579885d42@msapiro.net> <008301d34130$fa36fe20$eea4fa60$@okla.com> <1cf4a97d-18cc-b86e-d7c6-ddb9559fc42d@msapiro.net> Message-ID: <009d01d34133$68c67350$3a5359f0$@okla.com> You beat me to it. Putting together some new servers and trying to go from Centos 6.x to 7.x and from sendmail/mbox to postfix/maildir wasn't that big of a deal and we know that Centos 6.x will be EOL much sooner than Centos 7.x That being said I am trying to update everything else along the way while I am at it, MS 4.8x/MW 1.2.0 It has tested my patience but I am a little bit stubborn :) Sorry if I seem like I am unwilling to look at my MS list archives, but I have scoured through them and not really finding others having these problems. Thanks for the help :) Tracy From: MailScanner [mailto:mailscanner-bounces+mailscanner-list=okla.com at lists.mailscanner.info] On Behalf Of Shawn Iverson Sent: Monday, October 9, 2017 2:12 PM To: MailScanner Discussion Subject: Re: Centos 7 + Postfix + clamd at scan There is no rw on the socket for the mtagroup. On Mon, Oct 9, 2017 at 3:10 PM, Mark Sapiro wrote: On 10/09/2017 12:01 PM, Tracy Greggs wrote: > So what can be done about clamd at scan service creating /var/run/clamd.scan folder as follows: > > drwx--x--- 2 clamscan mtagroup 80 Oct 7 16:07 clamd.scan > > The group permissions is creates the folder with are clearly a problem. Why is this a problem? If MailScanner is running as a member of the mtagroup group, it can search that directory for the /var/run/clamd.scan/clamd.sock socket and as long as it has rw permission on the socket, there should be no problem. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner-list at okla.com Mon Oct 9 19:37:45 2017 From: mailscanner-list at okla.com (Tracy Greggs) Date: Mon, 9 Oct 2017 14:37:45 -0500 Subject: Centos 7 + Postfix + clamd@scan In-Reply-To: References: <012401d33f9b$4c6ba480$e542ed80$@okla.com> <737a111a-a78b-ef59-3507-080579885d42@msapiro.net> <008301d34130$fa36fe20$eea4fa60$@okla.com> <1cf4a97d-18cc-b86e-d7c6-ddb9559fc42d@msapiro.net> Message-ID: <00ac01d34136$18256660$48703320$@okla.com> When the VM is rebooted, it re-creates /var/run/clamd.scan/ drwx--x--- 2 clamscan clamscan 80 Oct 9 14:34 clamd.scan From: MailScanner [mailto:mailscanner-bounces+mailscanner-list=okla.com at lists.mailscanner.info] On Behalf Of Shawn Iverson Sent: Monday, October 9, 2017 2:13 PM To: MailScanner Discussion Subject: Re: Centos 7 + Postfix + clamd at scan Wait, that's a directory, my bad. socket would be inside. On Mon, Oct 9, 2017 at 3:11 PM, Shawn Iverson wrote: There is no rw on the socket for the mtagroup. On Mon, Oct 9, 2017 at 3:10 PM, Mark Sapiro wrote: On 10/09/2017 12:01 PM, Tracy Greggs wrote: > So what can be done about clamd at scan service creating /var/run/clamd.scan folder as follows: > > drwx--x--- 2 clamscan mtagroup 80 Oct 7 16:07 clamd.scan > > The group permissions is creates the folder with are clearly a problem. Why is this a problem? If MailScanner is running as a member of the mtagroup group, it can search that directory for the /var/run/clamd.scan/clamd.sock socket and as long as it has rw permission on the socket, there should be no problem. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Mon Oct 9 19:45:44 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Mon, 9 Oct 2017 15:45:44 -0400 Subject: Centos 7 + Postfix + clamd@scan In-Reply-To: References: <012401d33f9b$4c6ba480$e542ed80$@okla.com> <737a111a-a78b-ef59-3507-080579885d42@msapiro.net> <008301d34130$fa36fe20$eea4fa60$@okla.com> <1cf4a97d-18cc-b86e-d7c6-ddb9559fc42d@msapiro.net> <00ac01d34136$18256660$48703320$@okla.com> Message-ID: What happens if you create a tmpfiles.d config like the one I shared? On Oct 9, 2017 3:38 PM, "Tracy Greggs" wrote: When the VM is rebooted, it re-creates /var/run/clamd.scan/ drwx--x--- 2 clamscan clamscan 80 Oct 9 14:34 clamd.scan *From:* MailScanner [mailto:mailscanner-bounces+mailscanner-list=okla.com@ lists.mailscanner.info] *On Behalf Of *Shawn Iverson *Sent:* Monday, October 9, 2017 2:13 PM *To:* MailScanner Discussion *Subject:* Re: Centos 7 + Postfix + clamd at scan Wait, that's a directory, my bad. socket would be inside. On Mon, Oct 9, 2017 at 3:11 PM, Shawn Iverson wrote: There is no rw on the socket for the mtagroup. On Mon, Oct 9, 2017 at 3:10 PM, Mark Sapiro wrote: On 10/09/2017 12:01 PM, Tracy Greggs wrote: > So what can be done about clamd at scan service creating /var/run/clamd.scan folder as follows: > > drwx--x--- 2 clamscan mtagroup 80 Oct 7 16:07 clamd.scan > > The group permissions is creates the folder with are clearly a problem. Why is this a problem? If MailScanner is running as a member of the mtagroup group, it can search that directory for the /var/run/clamd.scan/clamd.sock socket and as long as it has rw permission on the socket, there should be no problem. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 <(765)%20932-3901> iversons at rushville.k12.in.us -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 <(765)%20932-3901> iversons at rushville.k12.in.us -- This message has been scanned for viruses and dangerous content by *MailScanner* , and is believed to be clean. Virus-free. www.avast.com <#m_6474943366760609821_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> -- This message has been scanned for viruses and dangerous content by *MailScanner* , and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner-list at okla.com Mon Oct 9 19:54:12 2017 From: mailscanner-list at okla.com (Tracy Greggs) Date: Mon, 9 Oct 2017 14:54:12 -0500 Subject: Centos 7 + Postfix + clamd@scan In-Reply-To: References: <012401d33f9b$4c6ba480$e542ed80$@okla.com> <737a111a-a78b-ef59-3507-080579885d42@msapiro.net> <008301d34130$fa36fe20$eea4fa60$@okla.com> <1cf4a97d-18cc-b86e-d7c6-ddb9559fc42d@msapiro.net> <00ac01d34136$18256660$48703320$@okla.com> Message-ID: <00d201d34138$6442cdb0$2cc86910$@okla.com> The file on Centos7 is /usr/lib/tmpfiles.d/clamd.scan.conf So I did this: echo "d /var/run/clamd.scan 0750 clamscan mtagroup -" > /usr/lib/tmpfiles.d/clamd.scan.conf Rebooted the vm to make sure and it resolved the issue and it did, thanks for your assistance Shawn :) Tracy From: MailScanner [mailto:mailscanner-bounces+mailscanner-list=okla.com at lists.mailscanner.info] On Behalf Of Shawn Iverson Sent: Monday, October 9, 2017 2:46 PM To: MailScanner Discussion Subject: RE: Centos 7 + Postfix + clamd at scan What happens if you create a tmpfiles.d config like the one I shared? On Oct 9, 2017 3:38 PM, "Tracy Greggs" wrote: When the VM is rebooted, it re-creates /var/run/clamd.scan/ drwx--x--- 2 clamscan clamscan 80 Oct 9 14:34 clamd.scan From: MailScanner [mailto:mailscanner-bounces+mailscanner-list=okla.com at lists.mailscanner.info] On Behalf Of Shawn Iverson Sent: Monday, October 9, 2017 2:13 PM To: MailScanner Discussion Subject: Re: Centos 7 + Postfix + clamd at scan Wait, that's a directory, my bad. socket would be inside. On Mon, Oct 9, 2017 at 3:11 PM, Shawn Iverson wrote: There is no rw on the socket for the mtagroup. On Mon, Oct 9, 2017 at 3:10 PM, Mark Sapiro wrote: On 10/09/2017 12:01 PM, Tracy Greggs wrote: > So what can be done about clamd at scan service creating /var/run/clamd.scan folder as follows: > > drwx--x--- 2 clamscan mtagroup 80 Oct 7 16:07 clamd.scan > > The group permissions is creates the folder with are clearly a problem. Why is this a problem? If MailScanner is running as a member of the mtagroup group, it can search that directory for the /var/run/clamd.scan/clamd.sock socket and as long as it has rw permission on the socket, there should be no problem. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Virus-free. www.avast.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jplorier at gmail.com Mon Oct 9 20:22:04 2017 From: jplorier at gmail.com (Juan Pablo Lorier) Date: Mon, 9 Oct 2017 17:22:04 -0300 Subject: Error with configuration Message-ID: <7d323461-0c75-b275-00e6-e84ce6394702@gmail.com> Hi, I've installed MailScanner 5.0.3-7 on centos 7. Though I've installed opt-perl-522-Encoding-FixLatin.noarch I still get a complaint about the lack of the perl module: Could not use Custom Function code /usr/share/MailScanner/perl/custom/SQLSpamSettings.pm, it could not be "require"d. Make sure the last line is "1;" and the module is correct with ?perl -wc (Error: Can't locate Encoding/FixLatin.pm in @INC (@INC contains: /usr/sbin /usr/sbin/MailScanner /usr/share/MailScanner/perl? /usr/share/MailScanner/perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/per l5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /usr/share/MailScanner/perl/custom/MailWatchConf.pm line 43. ?BEGIN failed--compilation aborted at /usr/share/MailScanner/perl/custom/MailWatchConf.pm line 43. ?Compilation failed in require at /usr/share/MailScanner/perl/custom/SQLSpamSettings.pm line 61. Compilation failed in require at /usr/share/MailScanner/perl/MailScanner/Config.pm line 752. Where do I set the path to search the modules? I've tried placing the module in mailscanner perl custom directory but still complaints. Regards From mark at msapiro.net Mon Oct 9 20:43:06 2017 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 9 Oct 2017 13:43:06 -0700 Subject: Centos 7 + Postfix + clamd@scan In-Reply-To: <00d201d34138$6442cdb0$2cc86910$@okla.com> References: <012401d33f9b$4c6ba480$e542ed80$@okla.com> <737a111a-a78b-ef59-3507-080579885d42@msapiro.net> <008301d34130$fa36fe20$eea4fa60$@okla.com> <1cf4a97d-18cc-b86e-d7c6-ddb9559fc42d@msapiro.net> <00ac01d34136$18256660$48703320$@okla.com> <00d201d34138$6442cdb0$2cc86910$@okla.com> Message-ID: <5318d512-2a86-e99a-2a4b-bbd33fc59e27@msapiro.net> On 10/09/2017 12:54 PM, Tracy Greggs wrote: > The file on Centos7 is /usr/lib/tmpfiles.d/clamd.scan.conf > > So I did this: > > echo "d /var/run/clamd.scan 0750 clamscan mtagroup -" > /usr/lib/tmpfiles.d/clamd.scan.conf > > Rebooted the vm to make sure and it resolved the issue and it did, thanks for your assistance Shawn :) But, if /usr/lib/tmpfiles.d/clamd.scan.conf already existed, what was in it that you overwrote? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Mon Oct 9 20:55:14 2017 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 9 Oct 2017 13:55:14 -0700 Subject: Error with configuration In-Reply-To: <7d323461-0c75-b275-00e6-e84ce6394702@gmail.com> References: <7d323461-0c75-b275-00e6-e84ce6394702@gmail.com> Message-ID: On 10/09/2017 01:22 PM, Juan Pablo Lorier wrote: > Hi, > > I've installed MailScanner 5.0.3-7 on centos 7. > > Though I've installed opt-perl-522-Encoding-FixLatin.noarch I still get > a complaint about the lack of the perl module: > > Could not use Custom Function code > /usr/share/MailScanner/perl/custom/SQLSpamSettings.pm, it could not be > "require"d. Make sure the last line is "1;" and the module is correct with > ?perl -wc (Error: Can't locate Encoding/FixLatin.pm in @INC > (@INC > contains: /usr/sbin /usr/sbin/MailScanner /usr/share/MailScanner/perl? > /usr/share/MailScanner/perl /usr/local/lib64/perl5 > /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 > /usr/share/perl5) Encoding/FixLatin.pm needs to be in one of the above directories or you can modify the /usr/lib/MailScanner/init/ms-init script to include export PERL5LIB=path where path it the path of the directory containing Encoding/FixLatin.pm at /usr/share/MailScanner/perl/custom/MailWatchConf.pm > line 43. > ?BEGIN failed--compilation aborted at > /usr/share/MailScanner/perl/custom/MailWatchConf.pm line 43. > ?Compilation failed in require at > /usr/share/MailScanner/perl/custom/SQLSpamSettings.pm line 61. > Compilation failed in require at > /usr/share/MailScanner/perl/MailScanner/Config.pm line 752. Apparently this is really a MailWatch question. Their list is at . > Where do I set the path to search the modules? I've tried placing the > module in mailscanner perl custom directory but still complaints. /usr/share/MailScanner/perl/custom/ is not in @INC. You could put it in /usr/share/MailScanner/perl/ which is in @INC -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mailscanner-list at okla.com Mon Oct 9 21:41:44 2017 From: mailscanner-list at okla.com (Tracy Greggs) Date: Mon, 9 Oct 2017 16:41:44 -0500 Subject: Centos 7 + Postfix + clamd@scan In-Reply-To: <5318d512-2a86-e99a-2a4b-bbd33fc59e27@msapiro.net> References: <012401d33f9b$4c6ba480$e542ed80$@okla.com> <737a111a-a78b-ef59-3507-080579885d42@msapiro.net> <008301d34130$fa36fe20$eea4fa60$@okla.com> <1cf4a97d-18cc-b86e-d7c6-ddb9559fc42d@msapiro.net> <00ac01d34136$18256660$48703320$@okla.com> <00d201d34138$6442cdb0$2cc86910$@okla.com> <5318d512-2a86-e99a-2a4b-bbd33fc59e27@msapiro.net> Message-ID: <00d401d34147$69f28020$3dd78060$@okla.com> I think it was 0700 clamscan clamscan -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+mailscanner-list=okla.com at lists.mailscanner.info ] On Behalf Of Mark Sapiro Sent: Monday, October 9, 2017 3:43 PM To: mailscanner at lists.mailscanner.info Subject: Re: Centos 7 + Postfix + clamd at scan On 10/09/2017 12:54 PM, Tracy Greggs wrote: > The file on Centos7 is /usr/lib/tmpfiles.d/clamd.scan.conf > > So I did this: > > echo "d /var/run/clamd.scan 0750 clamscan mtagroup -" > > /usr/lib/tmpfiles.d/clamd.scan.conf > > Rebooted the vm to make sure and it resolved the issue and it did, > thanks for your assistance Shawn :) But, if /usr/lib/tmpfiles.d/clamd.scan.conf already existed, what was in it that you overwrote? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner-list at okla.com Mon Oct 9 23:31:19 2017 From: mailscanner-list at okla.com (Tracy Greggs) Date: Mon, 9 Oct 2017 18:31:19 -0500 Subject: Centos 7 + Postfix + clamd@scan In-Reply-To: <00d401d34147$69f28020$3dd78060$@okla.com> References: <012401d33f9b$4c6ba480$e542ed80$@okla.com> <737a111a-a78b-ef59-3507-080579885d42@msapiro.net> <008301d34130$fa36fe20$eea4fa60$@okla.com> <1cf4a97d-18cc-b86e-d7c6-ddb9559fc42d@msapiro.net> <00ac01d34136$18256660$48703320$@okla.com> <00d201d34138$6442cdb0$2cc86910$@okla.com> <5318d512-2a86-e99a-2a4b-bbd33fc59e27@msapiro.net> <00d401d34147$69f28020$3dd78060$@okla.com> Message-ID: <011b01d34156$b8fba9d0$2af2fd70$@okla.com> 0710 clamscan clamscan Verified. Again, thanks to all for their help. -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+mailscanner-list=okla.com at lists.mailscanner.info ] On Behalf Of Tracy Greggs Sent: Monday, October 9, 2017 4:42 PM To: 'MailScanner Discussion' Subject: RE: Centos 7 + Postfix + clamd at scan I think it was 0700 clamscan clamscan -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+mailscanner-list=okla.com at lists.mailscanner.info ] On Behalf Of Mark Sapiro Sent: Monday, October 9, 2017 3:43 PM To: mailscanner at lists.mailscanner.info Subject: Re: Centos 7 + Postfix + clamd at scan On 10/09/2017 12:54 PM, Tracy Greggs wrote: > The file on Centos7 is /usr/lib/tmpfiles.d/clamd.scan.conf > > So I did this: > > echo "d /var/run/clamd.scan 0750 clamscan mtagroup -" > > /usr/lib/tmpfiles.d/clamd.scan.conf > > Rebooted the vm to make sure and it resolved the issue and it did, > thanks for your assistance Shawn :) But, if /usr/lib/tmpfiles.d/clamd.scan.conf already existed, what was in it that you overwrote? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Mon Oct 9 23:43:57 2017 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 9 Oct 2017 16:43:57 -0700 Subject: Centos 7 + Postfix + clamd@scan In-Reply-To: <011b01d34156$b8fba9d0$2af2fd70$@okla.com> References: <012401d33f9b$4c6ba480$e542ed80$@okla.com> <737a111a-a78b-ef59-3507-080579885d42@msapiro.net> <008301d34130$fa36fe20$eea4fa60$@okla.com> <1cf4a97d-18cc-b86e-d7c6-ddb9559fc42d@msapiro.net> <00ac01d34136$18256660$48703320$@okla.com> <00d201d34138$6442cdb0$2cc86910$@okla.com> <5318d512-2a86-e99a-2a4b-bbd33fc59e27@msapiro.net> <00d401d34147$69f28020$3dd78060$@okla.com> <011b01d34156$b8fba9d0$2af2fd70$@okla.com> Message-ID: <8af72c6a-4527-8dce-f801-7f843644e347@msapiro.net> On 10/09/2017 04:31 PM, Tracy Greggs wrote: > 0710 clamscan clamscan > > Verified. Cool!. I was just concerned that there might have been something else there that you didn't want to lose. And the critical change was changing the group from clamscan to mtagroup. Changing the mode from 0710 to 0750 doesn't hurt but isn't strictly required. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From koby at mksoft.co.il Tue Oct 10 11:13:26 2017 From: koby at mksoft.co.il (Koby Peleg Hen) Date: Tue, 10 Oct 2017 14:13:26 +0300 Subject: Adding custom rules - spamassassin Message-ID: <4f718110-49e3-a784-29ef-53e18106adab@mksoft.co.il> An HTML attachment was scrubbed... URL: From mailscanner at replies.cyways.com Tue Oct 10 13:25:37 2017 From: mailscanner at replies.cyways.com (Peter H. Lemieux) Date: Tue, 10 Oct 2017 09:25:37 -0400 Subject: Adding custom rules - spamassassin In-Reply-To: <4f718110-49e3-a784-29ef-53e18106adab@mksoft.co.il> References: <4f718110-49e3-a784-29ef-53e18106adab@mksoft.co.il> Message-ID: <375be4c0-341e-6421-a21f-3f0db7f23eb2@replies.cyways.com> Start here: https://wiki.apache.org/spamassassin/WritingRules Peter On 10/10/2017 07:13 AM, Koby Peleg Hen wrote: > Hello All > I Would like to add a custom rules to spamassassin to prevent specific > body / header content. > Please show me a quick example. > > Thank you for your co operation > Koby Peleg Hen > > > > From vlad at vladville.com Tue Oct 10 14:36:33 2017 From: vlad at vladville.com (Vlad Mazek) Date: Tue, 10 Oct 2017 10:36:33 -0400 Subject: Whitelisting code Message-ID: How/where does MailScanner do it's whitelisting stuff? We use SQLBlackWhitelist.pl and I see a lot of WL code in /usr/share/MailScanner/perl/MailScanner/Message.pm What I'm trying to figure out is how to do a wildcard domain whitelist so that all partial and subdomains get whitelisted (so if someone whitelists aol.com it also whitelists something.aol.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From q at snj.ca Tue Oct 10 15:02:18 2017 From: q at snj.ca (Quintin S. Giesbrecht) Date: Tue, 10 Oct 2017 15:02:18 +0000 Subject: Postfix / MailScanner question - per domain relaying Message-ID: <982bde967d6f4bb2ba9889659b468846@HONDA.snjlaw.local> We use an external mail host that relays all of our email to us on domain abc.domain.com. So all email on this domain comes from 1 subnet. We also have another domain xyz.domain.com which I need to receive email from anywhere for. In order to tighten things up a bit, I want to reject all mail destined to abc.domain.com that is NOT from the subnet of our external mail relay. Is this possible? Can someone point me in the right direction? Here is how I picture this: Reject all mail to abc.domain.com Allow mail from 123.123.123.0/24 to abc.domain.com Allow mail from anywhere to xyz.domain.com Thanks for any insight. ________________________________ [Smith Neufeld Jodoin LLP] Sent by Quintin Giesbrecht IT Manager 85 PTH 12 North - Steinbach, Manitoba R5G 1A7 Tel: 204-326-3442 . Dir: (204)346-5106 . Fax: 204-326-2154 ________________________________ This communication, including its attachments, if any, is confidential and intended only for the person(s) to whom it is addressed, and may contain proprietary and/or privileged material. Any unauthorized review, disclosure, copying, other distribution of this communication or taking of any action in reliance on its contents is strictly prohibited. If you have received this message in error, please notify SNJ immediately so that we may amend our records. Then, please delete this message, and its attachments, if any, without reading, copying or forwarding it to anyone. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner at replies.cyways.com Tue Oct 10 16:20:11 2017 From: mailscanner at replies.cyways.com (Peter H. Lemieux) Date: Tue, 10 Oct 2017 12:20:11 -0400 Subject: Adding custom rules - spamassassin In-Reply-To: <69d02032-900a-f379-ac9e-c672e79e935f@mksoft.co.il> References: <4f718110-49e3-a784-29ef-53e18106adab@mksoft.co.il> <375be4c0-341e-6421-a21f-3f0db7f23eb2@replies.cyways.com> <69d02032-900a-f379-ac9e-c672e79e935f@mksoft.co.il> Message-ID: Usually the local rules go in /etc/mail/spamassasin. The SA-supplied rules are in /usr/share/spamassassin. Items in the first directory usually expand the ruleset, though you can override existing rules there as well. Usually that's done only to adjust the scores given to those pre-existing rules. I'm not sure what you are asking for though. Are you looking to create multiple conditions that must be met? You can use the "meta" directive for that. In the example you give, there's nothing to distinguish between the two rules, so I can't tell what you're trying to accomplish. Are you handling mail for multiple domains? If you're only accepting mail for "example.com," then you can omit the To: part of the rule and just key on the From;. Peter On 10/10/2017 10:51 AM, Koby Peleg Hen wrote: > Hello Petter > Thank you for your answer, > I already been there, but thank you anyway. > > I have 2 question please : > > 1.where to put it so it can be merge to the other rule in the system and > NOT override them > > 2.There is any way to preform specific rule for specific condition like : > > ?From *@bad-domain.com To Example.com CheckRuleNo1 > ?From *@bad-domain1.com To Example.com CheckRuleNo2 > > ?etc.. > > > Thank you for your co operation > Koby Peleg Hen > > On 10/10/17 16:25, Peter H. Lemieux wrote: >> Start here: https://wiki.apache.org/spamassassin/WritingRules >> >> Peter >> >> >> On 10/10/2017 07:13 AM, Koby Peleg Hen wrote: >>> Hello All >>> I Would like to add a custom rules to spamassassin to prevent >>> specific? body / header content. >>> Please show me a quick example. >>> >>> Thank you for your co operation >>> Koby Peleg Hen >>> >>> >>> >>> >> >> > From kevin.miller at juneau.org Tue Oct 10 17:23:35 2017 From: kevin.miller at juneau.org (Kevin Miller) Date: Tue, 10 Oct 2017 17:23:35 +0000 Subject: Adding custom rules - spamassassin In-Reply-To: References: <4f718110-49e3-a784-29ef-53e18106adab@mksoft.co.il> <375be4c0-341e-6421-a21f-3f0db7f23eb2@replies.cyways.com> <69d02032-900a-f379-ac9e-c672e79e935f@mksoft.co.il> Message-ID: <63e437cd21ee4b4a965ea2326c1fb202@City-Exch-DB2.cbj.local> Koby, You have a couple options for black/white listing. Both are fairly easy. As Peter mentions, you can create a rule in spamassassin which will add or subtract X points to messages that match. MailScanner will then act on them via the spam actions and spam score settings in MailScanner.conf (or your customizations in the conf.d directory). To create custom spamassassin rules, create a text file ending in .cf (MySpamRules.cf, for example) in /etc/mail/spamassassin. Any file ending in .cf will be processed automatically by spamassassin. Then, create the rules that you need within that file. The other option is to use the whitelist or blacklist settings in MailScanner.conf: Is Definitely Spam = %rules-dir%/spam.blacklist.rules Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules Look in the rules directory for examples. Using a spamassassin rule will let you target very specific patterns which is good if a bunch of spam messages are identical but being sent from multiple different domains, or from an email address from which you don't want to block everything. Using MailScanner white/black lists allow you to accept or block at the username and/or domain name level. Much less granular but very effective when you just want to stomp on everything from a particular user or domain. BTW, on some systems, the default spamassassin rulesets land in /var/lib/spamassassin, not /usr/share/spamassassin, depending on which distro you're using. ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357 -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+kevin.miller=juneau.org at lists.mailscanner.info] On Behalf Of Peter H. Lemieux Sent: Tuesday, October 10, 2017 8:20 AM To: Koby Peleg Hen Cc: MailScanner discussion Subject: Re: Adding custom rules - spamassassin Usually the local rules go in /etc/mail/spamassasin. The SA-supplied rules are in /usr/share/spamassassin. Items in the first directory usually expand the ruleset, though you can override existing rules there as well. Usually that's done only to adjust the scores given to those pre-existing rules. I'm not sure what you are asking for though. Are you looking to create multiple conditions that must be met? You can use the "meta" directive for that. In the example you give, there's nothing to distinguish between the two rules, so I can't tell what you're trying to accomplish. Are you handling mail for multiple domains? If you're only accepting mail for "example.com," then you can omit the To: part of the rule and just key on the From;. Peter On 10/10/2017 10:51 AM, Koby Peleg Hen wrote: > Hello Petter > Thank you for your answer, > I already been there, but thank you anyway. > > I have 2 question please : > > 1.where to put it so it can be merge to the other rule in the system > and NOT override them > > 2.There is any way to preform specific rule for specific condition like : > > ?From *@bad-domain.com To Example.com CheckRuleNo1 > ?From *@bad-domain1.com To Example.com CheckRuleNo2 > > ?etc.. > > > Thank you for your co operation > Koby Peleg Hen > > On 10/10/17 16:25, Peter H. Lemieux wrote: >> Start here: https://wiki.apache.org/spamassassin/WritingRules >> >> Peter >> >> >> On 10/10/2017 07:13 AM, Koby Peleg Hen wrote: >>> Hello All >>> I Would like to add a custom rules to spamassassin to prevent >>> specific? body / header content. >>> Please show me a quick example. >>> >>> Thank you for your co operation >>> Koby Peleg Hen >>> >>> >>> >>> >> >> > -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From djones at ena.com Tue Oct 10 11:22:40 2017 From: djones at ena.com (David Jones) Date: Tue, 10 Oct 2017 06:22:40 -0500 Subject: Adding custom rules - spamassassin In-Reply-To: <4f718110-49e3-a784-29ef-53e18106adab@mksoft.co.il> References: <4f718110-49e3-a784-29ef-53e18106adab@mksoft.co.il> Message-ID: <4d347545-5df5-055f-afb2-7b7a9fddf1e1@ena.com> On 10/10/2017 06:13 AM, Koby Peleg Hen wrote: > Hello All > I Would like to add a custom rules to spamassassin to prevent specific > body / header content. > Please show me a quick example. > https://wiki.apache.org/spamassassin/WritingRules Create a new .cf file in /etc/mail/spamassassin with your custom rule(s). Run 'spamassassin --lint' to make sure SA is happy with your rule syntax. > Thank you for your co operation > Koby Peleg Hen > > > > From djones at ena.com Tue Oct 10 15:46:37 2017 From: djones at ena.com (David Jones) Date: Tue, 10 Oct 2017 10:46:37 -0500 Subject: Postfix / MailScanner question - per domain relaying In-Reply-To: <982bde967d6f4bb2ba9889659b468846@HONDA.snjlaw.local> References: <982bde967d6f4bb2ba9889659b468846@HONDA.snjlaw.local> Message-ID: <3d974a1f-c814-598a-99e1-92acec429e4a@ena.com> On 10/10/2017 10:02 AM, Quintin S. Giesbrecht wrote: > We use an external mail host that relays all of our email to us on > domain abc.domain.com. So all email on this domain comes from 1 subnet. > > We also have another domain xyz.domain.com which I need to receive email > from anywhere for. > > In order to tighten things up a bit, I want to reject all mail destined > to abc.domain.com that is NOT from the subnet of our external mail > relay.? Is this possible? Can someone point me in the right direction? > > Here is how I picture this: > > Reject all mail to abc.domain.com > > Allow mail from 123.123.123.0/24 to abc.domain.com > Add this network CIDR to Postfix main.cf mynetworks and make sure permit_mynetworks is in all smtpd_* sections if you have customized any of them: smtpd_client_restrictions smtpd_helo_restrictions smtpd_sender_restrictions smtpd_relay_restrictions smtpd_recipient_restrictions postscreen_access_list This will allow all email from that network to relay through which is a little more than you asked for but that network should be under your control so this is fine. Make sure you also add this subnet to SA internal_networks and trusted_networks so SA RBL checks will properly ignore that trusted relay and check against the IP in the previous Received: header. Then you would remove the abc.domain.com from the main.cf relay_domains since all destinations will be allowed from that subnet. Any other source subnets will be rejected. The Postfix mynetworks should be basically identical to the SA internal_networks and the SA trusted_networks should be internal_networks plus any external networks that may be trusted. > Allow mail from anywhere to xyz.domain.com > Leave this domain in the main.cf relay_domains list. > Thanks for any insight. > > ------------------------------------------------------------------------ > > Smith Neufeld Jodoin LLP > -- David Jones From q at snj.ca Tue Oct 10 20:34:05 2017 From: q at snj.ca (Quintin S. Giesbrecht) Date: Tue, 10 Oct 2017 20:34:05 +0000 Subject: Postfix / MailScanner question - per domain relaying In-Reply-To: <3d974a1f-c814-598a-99e1-92acec429e4a@ena.com> References: <982bde967d6f4bb2ba9889659b468846@HONDA.snjlaw.local> <3d974a1f-c814-598a-99e1-92acec429e4a@ena.com> Message-ID: <7ee3694e86dd4a0881a9a4c78586d3ac@HONDA.snjlaw.local> Thank you very much, that all makes sense. Just a question that was raised now though...we're using MailWatch, and of course, the client IP is always our external relay's IP, so by using internal_networks and trusted_networks in spamassassin.conf, the RBL checks should then be done against the next IP address in the headers? Do you know if MailWatch should then report the client IP as the actual sending server, and not our relay then? Because that would be cool. Thanks, Q -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+q=snj.ca at lists.mailscanner.info] On Behalf Of David Jones via MailScanner Sent: Tuesday, October 10, 2017 10:47 AM To: mailscanner at lists.mailscanner.info Cc: David Jones Subject: Re: Postfix / MailScanner question - per domain relaying On 10/10/2017 10:02 AM, Quintin S. Giesbrecht wrote: > We use an external mail host that relays all of our email to us on > domain abc.domain.com. So all email on this domain comes from 1 subnet. > > We also have another domain xyz.domain.com which I need to receive > email from anywhere for. > > In order to tighten things up a bit, I want to reject all mail > destined to abc.domain.com that is NOT from the subnet of our external > mail relay. Is this possible? Can someone point me in the right direction? > > Here is how I picture this: > > Reject all mail to abc.domain.com > > Allow mail from 123.123.123.0/24 to abc.domain.com > Add this network CIDR to Postfix main.cf mynetworks and make sure permit_mynetworks is in all smtpd_* sections if you have customized any of them: smtpd_client_restrictions smtpd_helo_restrictions smtpd_sender_restrictions smtpd_relay_restrictions smtpd_recipient_restrictions postscreen_access_list This will allow all email from that network to relay through which is a little more than you asked for but that network should be under your control so this is fine. Make sure you also add this subnet to SA internal_networks and trusted_networks so SA RBL checks will properly ignore that trusted relay and check against the IP in the previous Received: header. Then you would remove the abc.domain.com from the main.cf relay_domains since all destinations will be allowed from that subnet. Any other source subnets will be rejected. The Postfix mynetworks should be basically identical to the SA internal_networks and the SA trusted_networks should be internal_networks plus any external networks that may be trusted. > Allow mail from anywhere to xyz.domain.com > Leave this domain in the main.cf relay_domains list. > Thanks for any insight. > > ---------------------------------------------------------------------- > -- > > Smith Neufeld Jodoin LLP > -- David Jones -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner ________________________________ This communication, including its attachments, if any, is confidential and intended only for the person(s) to whom it is addressed, and may contain proprietary and/or privileged material. Any unauthorized review, disclosure, copying, other distribution of this communication or taking of any action in reliance on its contents is strictly prohibited. If you have received this message in error, please notify SNJ immediately so that we may amend our records. Then, please delete this message, and its attachments, if any, without reading, copying or forwarding it to anyone. From djones at ena.com Tue Oct 10 22:09:27 2017 From: djones at ena.com (David Jones) Date: Tue, 10 Oct 2017 17:09:27 -0500 Subject: Postfix / MailScanner question - per domain relaying In-Reply-To: <7ee3694e86dd4a0881a9a4c78586d3ac@HONDA.snjlaw.local> References: <982bde967d6f4bb2ba9889659b468846@HONDA.snjlaw.local> <3d974a1f-c814-598a-99e1-92acec429e4a@ena.com> <7ee3694e86dd4a0881a9a4c78586d3ac@HONDA.snjlaw.local> Message-ID: On 10/10/2017 03:34 PM, Quintin S. Giesbrecht wrote: > Thank you very much, that all makes sense. Just a question that was raised now though...we're using MailWatch, and of course, the client IP is always our external relay's IP, so by using internal_networks and trusted_networks in spamassassin.conf, the RBL checks should then be done against the next IP address in the headers? Do you know if MailWatch should then report the client IP as the actual sending server, and not our relay then? Because that would be cool. > Nope. Sorry. The client IP will be the actual IP talking to the MailScanner server. Why don't you change the networking to combine the mail services onto your MailScanner box. MailScanner is going to work best when it's directly on the Internet edge. If you can't combine them from a networking perspective then perhaps you need to setup MailScanner on the other edge mail server and "federate" them to share MailScanner and SpamAssassin configs using rsync to push configs from the "master." -- David Jones From maxsec at gmail.com Wed Oct 11 05:35:54 2017 From: maxsec at gmail.com (Martin Hepworth) Date: Wed, 11 Oct 2017 05:35:54 +0000 Subject: Postfix / MailScanner question - per domain relaying In-Reply-To: References: <982bde967d6f4bb2ba9889659b468846@HONDA.snjlaw.local> <3d974a1f-c814-598a-99e1-92acec429e4a@ena.com> <7ee3694e86dd4a0881a9a4c78586d3ac@HONDA.snjlaw.local> Message-ID: Do this at the firewall level so only the relays ip-addresses addresses are allowed port 25 inbound On Tue, 10 Oct 2017 at 23:09, David Jones via MailScanner < mailscanner at lists.mailscanner.info> wrote: > On 10/10/2017 03:34 PM, Quintin S. Giesbrecht wrote: > > Thank you very much, that all makes sense. Just a question that was > raised now though...we're using MailWatch, and of course, the client IP is > always our external relay's IP, so by using internal_networks and > trusted_networks in spamassassin.conf, the RBL checks should then be done > against the next IP address in the headers? Do you know if MailWatch > should then report the client IP as the actual sending server, and not our > relay then? Because that would be cool. > > > > Nope. Sorry. The client IP will be the actual IP talking to the > MailScanner server. Why don't you change the networking to combine the > mail services onto your MailScanner box. MailScanner is going to work > best when it's directly on the Internet edge. If you can't combine them > from a networking perspective then perhaps you need to setup MailScanner > on the other edge mail server and "federate" them to share MailScanner > and SpamAssassin configs using rsync to push configs from the "master." > > -- > David Jones > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: From q at snj.ca Wed Oct 11 16:36:50 2017 From: q at snj.ca (Quintin S. Giesbrecht) Date: Wed, 11 Oct 2017 16:36:50 +0000 Subject: Postfix / MailScanner question - per domain relaying In-Reply-To: References: <982bde967d6f4bb2ba9889659b468846@HONDA.snjlaw.local> <3d974a1f-c814-598a-99e1-92acec429e4a@ena.com> <7ee3694e86dd4a0881a9a4c78586d3ac@HONDA.snjlaw.local> Message-ID: <113287c96e694c69a4a412b09571e0f6@HONDA.snjlaw.local> Except that for 1 email domain I need to be able to receive from anywhere?. Q From: MailScanner [mailto:mailscanner-bounces+q=snj.ca at lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: Wednesday, October 11, 2017 12:36 AM To: MailScanner Discussion Subject: Re: Postfix / MailScanner question - per domain relaying Do this at the firewall level so only the relays ip-addresses addresses are allowed port 25 inbound On Tue, 10 Oct 2017 at 23:09, David Jones via MailScanner > wrote: On 10/10/2017 03:34 PM, Quintin S. Giesbrecht wrote: > Thank you very much, that all makes sense. Just a question that was raised now though...we're using MailWatch, and of course, the client IP is always our external relay's IP, so by using internal_networks and trusted_networks in spamassassin.conf, the RBL checks should then be done against the next IP address in the headers? Do you know if MailWatch should then report the client IP as the actual sending server, and not our relay then? Because that would be cool. > Nope. Sorry. The client IP will be the actual IP talking to the MailScanner server. Why don't you change the networking to combine the mail services onto your MailScanner box. MailScanner is going to work best when it's directly on the Internet edge. If you can't combine them from a networking perspective then perhaps you need to setup MailScanner on the other edge mail server and "federate" them to share MailScanner and SpamAssassin configs using rsync to push configs from the "master." -- David Jones -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- -- Martin Hepworth, CISSP Oxford, UK ________________________________ This communication, including its attachments, if any, is confidential and intended only for the person(s) to whom it is addressed, and may contain proprietary and/or privileged material. Any unauthorized review, disclosure, copying, other distribution of this communication or taking of any action in reliance on its contents is strictly prohibited. If you have received this message in error, please notify SNJ immediately so that we may amend our records. Then, please delete this message, and its attachments, if any, without reading, copying or forwarding it to anyone. -------------- next part -------------- An HTML attachment was scrubbed... URL: From phil.randal at hoopleltd.co.uk Thu Oct 12 09:43:39 2017 From: phil.randal at hoopleltd.co.uk (Randal, Phil) Date: Thu, 12 Oct 2017 09:43:39 +0000 Subject: Centos 7 + Postfix + clamd@scan In-Reply-To: <5318d512-2a86-e99a-2a4b-bbd33fc59e27@msapiro.net> References: <012401d33f9b$4c6ba480$e542ed80$@okla.com> <737a111a-a78b-ef59-3507-080579885d42@msapiro.net> <008301d34130$fa36fe20$eea4fa60$@okla.com> <1cf4a97d-18cc-b86e-d7c6-ddb9559fc42d@msapiro.net> <00ac01d34136$18256660$48703320$@okla.com> <00d201d34138$6442cdb0$2cc86910$@okla.com> <5318d512-2a86-e99a-2a4b-bbd33fc59e27@msapiro.net> Message-ID: <7CA580B59C1ABD45B4614ED90D4C7B85F6F548E0@HC-EXMBX04.herefordshire.gov.uk> On my CentOS 7 test box which I'm currently building (and also came across same problem as Tracy's) , /usr/lib/tmpfiles.d/clamd.scan.conf contains d /var/run/clamd.scan 0710 clamscan clamscan Cheers, Phil -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+phil.randal=hoopleltd.co.uk at lists.mailscanner.info] On Behalf Of Mark Sapiro Sent: 09 October 2017 21:43 To: mailscanner at lists.mailscanner.info Subject: Re: Centos 7 + Postfix + clamd at scan On 10/09/2017 12:54 PM, Tracy Greggs wrote: > The file on Centos7 is /usr/lib/tmpfiles.d/clamd.scan.conf > > So I did this: > > echo "d /var/run/clamd.scan 0750 clamscan mtagroup -" > > /usr/lib/tmpfiles.d/clamd.scan.conf > > Rebooted the vm to make sure and it resolved the issue and it did, > thanks for your assistance Shawn :) But, if /usr/lib/tmpfiles.d/clamd.scan.conf already existed, what was in it that you overwrote? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Hoople Ltd, Registered in England and Wales No. 7556595 Registered office: Plough Lane, Hereford, HR4 0LE "Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it." From sales at edenusa.com Thu Oct 12 18:29:00 2017 From: sales at edenusa.com (Paul Scott) Date: Thu, 12 Oct 2017 18:29:00 +0000 Subject: DCC Whitelist Question Message-ID: Does anybody here know how to go about adding a client's email, etc. to the DCC whitelist file (whiteclnt)? And I am assuming that the "whiteclnt.dccw" file is the hashed version of the "whiteclnt" file. Is this correct? Thank you for your help. It Is most appreciated! Sincerely, Paul Scott, Engineer Eden USA, Incorporated Event Production Services Since 1995 Los Angeles-Las Vegas-New York sales at edenusa.com OR edenusasales at gmail.com Telephone(s): 866.501.3336 OR 951.505.6967 Fax: 866.502.3336 WEBSITE: https://www.edenusa.com FACEBOOK: http://www.facebook.com/edenusainc -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner at replies.cyways.com Wed Oct 18 19:43:12 2017 From: mailscanner at replies.cyways.com (Peter Lemieux) Date: Wed, 18 Oct 2017 15:43:12 -0400 Subject: Blocking 7-Zip archives Message-ID: <31d29b62-aa84-4926-5a15-12b9ba77e733@replies.cyways.com> I added a rule to archives.filename.rules.conf to block 7-Zip archives, but it doesn't seem to work. I used deny \.7z$ - - with tabs between each field. When I send a message with a .7z attachment it sails on through. This is CentOS release 6.8 (Final) This is Perl version 5.010001 (5.10.1) This is MailScanner version 4.85.2 Peter From iversons at rushville.k12.in.us Wed Oct 18 19:45:03 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Wed, 18 Oct 2017 15:45:03 -0400 Subject: Blocking 7-Zip archives In-Reply-To: <31d29b62-aa84-4926-5a15-12b9ba77e733@replies.cyways.com> References: <31d29b62-aa84-4926-5a15-12b9ba77e733@replies.cyways.com> Message-ID: Wrong place for this rule. This one is for items inside the archive. On Wed, Oct 18, 2017 at 3:43 PM, Peter Lemieux < mailscanner at replies.cyways.com> wrote: > I added a rule to archives.filename.rules.conf to block 7-Zip archives, > but it doesn't seem to work. I used > > deny \.7z$ - - > > with tabs between each field. When I send a message with a .7z attachment > it sails on through. > > This is CentOS release 6.8 (Final) > This is Perl version 5.010001 (5.10.1) > This is MailScanner version 4.85.2 > > > Peter > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner at replies.cyways.com Wed Oct 18 21:05:00 2017 From: mailscanner at replies.cyways.com (Peter Lemieux) Date: Wed, 18 Oct 2017 17:05:00 -0400 Subject: Blocking 7-Zip archives In-Reply-To: References: <31d29b62-aa84-4926-5a15-12b9ba77e733@replies.cyways.com> Message-ID: Thanks, Shawn. It worked when I added "\.7z$" to the Deny Filenames directive in MailScanner.conf. Peter On 10/18/2017 03:45 PM, Shawn Iverson wrote: > Wrong place for this rule.? This one is for items inside the archive. > > On Wed, Oct 18, 2017 at 3:43 PM, Peter Lemieux > > wrote: > > I added a rule to archives.filename.rules.conf to block 7-Zip archives, > but it doesn't seem to work.? I used > > deny? ? \.7z$? ?-? ? ? ?- > > with tabs between each field.? When I send a message with a .7z > attachment it sails on through. > > This is CentOS release 6.8 (Final) > This is Perl version 5.010001 (5.10.1) > This is MailScanner version 4.85.2 > > > Peter > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > -- > Shawn Iverson, CETL > Director of Technology > Rush County Schools > 765-932-3901 x271 > iversons at rushville.k12.in.us > > > > > > From mailinglists at feedmebits.nl Thu Oct 19 19:19:09 2017 From: mailinglists at feedmebits.nl (Maarten) Date: Thu, 19 Oct 2017 21:19:09 +0200 Subject: question about mailscanner install.sh script In-Reply-To: <08556d17-2853-d5b3-3da7-afe701ba4878@feedmebits.nl> References: <74ac4c65-5559-91b1-1947-65c3fd65d6b1@feedmebits.nl> <08556d17-2853-d5b3-3da7-afe701ba4878@feedmebits.nl> Message-ID: <88d788fd-3c78-685a-4ca9-fef086150e96@feedmebits.nl> Hello, I recently updated to the latest version of mailscanner and I was able to update without running into any problems which I had last two times. Thanks for fixing it with the new release! :) Cheers! Maarten On 09/16/2017 02:01 PM, Maarten wrote: > > Hello Shawn, > > Thanks for the reply, will check what happens next time I install an > update. Not > > gonna bother running the script again since I got the new version > installed > > and updated the config after running the script.? Will let you know if > it happens > > again next time I update. > > > On 09/15/2017 12:10 PM, Shawn Iverson wrote: >> Hi Maarten, >> >> 5.0.6-3 did have a bug in which the MailScanner.conf was moved to >> backup but was not subsequently updated. ?5.0.6-4 and future releases >> should not have this issue. >> >> On Thu, Sep 14, 2017 at 6:10 PM, Maarten > > wrote: >> >> Hello, >> >> ?I just upgraded my mailscanner version from 5.0.6-3 to -5.0.6-4 >> via the >> install script and it seems >> >> when using the install script it puts back a default (as if it were a >> clean/fresh/new install)MailScanner.conf. >> >> I had this? when I went from? 5.0.3-7 to 5.0.6-3 also, thought it >> was a >> one time thing, since in >> >> the past I've had it that the install script make a backup of the old >> one, create a new one, >> >> than adds all the settings from your original configuration to >> the new >> configuration. I've >> >> been able to restore a backup of my configuration to have it working >> again, but did >> >> something change or am I missing something? >> >> Cheers, >> >> Maarten >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> >> >> >> -- >> Shawn Iverson, CETL >> Director of Technology >> Rush County Schools >> 765-932-3901 x271 >> iversons at rushville.k12.in.us >> >> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Conz at B0x.nl Wed Oct 25 19:20:54 2017 From: Conz at B0x.nl (Conz) Date: Wed, 25 Oct 2017 21:20:54 +0200 Subject: Whitelist authenticated clients Message-ID: <001701d34dc6$61095020$231bf060$@B0x.nl> I have a shiny new v5.0.6 installation running on CentOS 7 with Postfix as MTA. It's set up as a local mailserver and not as a gateway with clients from random IP's. I'm running into the problem where email being sent is scanned and occasionally marked as spam for a bunch of reasons like SPF / DKIM / using Outlook. Can I make it ignore/whitelist emails from the local domain that have been submitted with authentication ? I don't want to open up the possibility of having forged emails getting through by just whitelisting the domain. I can't white list source ip's because there's no telling where the source ip will be coming from. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Thu Oct 26 03:28:05 2017 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 25 Oct 2017 20:28:05 -0700 Subject: Whitelist authenticated clients In-Reply-To: <001701d34dc6$61095020$231bf060$@B0x.nl> References: <001701d34dc6$61095020$231bf060$@B0x.nl> Message-ID: On 10/25/2017 12:20 PM, Conz wrote: > > Can I make it ignore/whitelist emails from the local domain that have > been submitted with authentication ? ?I don?t want to open up the > possibility of having forged emails getting through by just whitelisting > the domain. I think you can't white list per se, but you can make a spamassassin rule something like this > header __X_SASL_1 Received =~ /Authenticated sender:.*by sbh16.songbird.com / > header __X_SASL_2 ALL =~ /^Received:.*^Received:.* by sbh16.songbird.com /msi > meta X_SASL __X_SASL_1 && !__X_SASL_2 > describe X_SASL SASL Authenticated mail > score X_SASL -20 The first rule __X_SASL_1 looks for a header like > Received: from [10.211.115.100] (45-24-217-241.lightspeed.sntcca.sbcglobal.net [45.24.217.241]) > (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) > (No client certificate requested) > (Authenticated sender: mark) > by sbh16.songbird.com (Postfix) with ESMTPSA id 4550711E00AA > for ; Wed, 25 Oct 2017 20:10:34 -0700 (PDT) looking for "Authenticated sender:" and the local host name (sbh16.songbird.com in this case) The second rule says "Received:.* by sbh16.songbird.com " is not the topmost (i.e. last) Received: header (to prevent spoofing) Then the meta rule basically says the topmost Received: header contains "Authenticated sender:" and "by our host" Give that a large enough negative score to offset any positive score. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From Conz at B0x.nl Sun Oct 29 09:05:20 2017 From: Conz at B0x.nl (Conz) Date: Sun, 29 Oct 2017 10:05:20 +0100 Subject: Whitelist authenticated clients In-Reply-To: References: <001701d34dc6$61095020$231bf060$@B0x.nl> Message-ID: <003201d35095$0c3bef40$24b3cdc0$@B0x.nl> I ended up rewriting the Received line for incoming mail on the submission port and doing HOLD on a different part of the header. I got another option to do this with ' -o smtpd_end_of_data_restrictions=static:hold' from the postfix list but I could not figure out how to get this to work. That would have been the preferred way. Basically everything is so focussed on having fixed ip's where your clients are, the moment you're dealing with mobile clients that can come from anywhere (aka, 0.0.0.0/0) it becomes tricky. In case anyone else runs into something like this, what I did was(only the relevant parts): Master.cf: submission inet n - n - - smtpd -o cleanup_service_name=auth-cleanup auth-cleanup unix n - n - 0 cleanup -o syslog_name=postfix/auth-cleanup -o header_checks=pcre:/etc/postfix/auth_header_checks.pcre Auth_header_checks.pcre: /^\s*(Received: from)[^\n]*(.*for <.*@(?!mydomain.com).*)/ REPLACE $1 [127.0.0.1] (localhost [127.0.0.1])$2 /^\s*User-Agent/ IGNORE /^\s*X-Enigmail/ IGNORE /^\s*X-Mailer/ IGNORE /^\s*X-Originating-IP/ IGNORE /^\s*Mime-Version:*/ HOLD -----Oorspronkelijk bericht----- Van: MailScanner [mailto:mailscanner-bounces+conz=b0x.nl at lists.mailscanner.info] Namens Mark Sapiro Verzonden: donderdag 26 oktober 2017 05:28 Aan: mailscanner at lists.mailscanner.info Onderwerp: Re: Whitelist authenticated clients On 10/25/2017 12:20 PM, Conz wrote: > > Can I make it ignore/whitelist emails from the local domain that have > been submitted with authentication ? I don?t want to open up the > possibility of having forged emails getting through by just > whitelisting the domain. I think you can't white list per se, but you can make a spamassassin rule something like this > header __X_SASL_1 Received =~ /Authenticated sender:.*by > sbh16.songbird.com / header __X_SASL_2 ALL =~ > /^Received:.*^Received:.* by sbh16.songbird.com /msi meta X_SASL > __X_SASL_1 && !__X_SASL_2 describe X_SASL SASL Authenticated mail > score X_SASL -20 The first rule __X_SASL_1 looks for a header like > Received: from [10.211.115.100] (45-24-217-241.lightspeed.sntcca.sbcglobal.net [45.24.217.241]) > (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) > (No client certificate requested) > (Authenticated sender: mark) > by sbh16.songbird.com (Postfix) with ESMTPSA id 4550711E00AA > for ; Wed, 25 Oct 2017 20:10:34 -0700 (PDT) looking for "Authenticated sender:" and the local host name (sbh16.songbird.com in this case) The second rule says "Received:.* by sbh16.songbird.com " is not the topmost (i.e. last) Received: header (to prevent spoofing) Then the meta rule basically says the topmost Received: header contains "Authenticated sender:" and "by our host" Give that a large enough negative score to offset any positive score. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.