From Eoin.Kim at rcst.com.au Mon Jul 9 04:28:34 2018 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Mon, 9 Jul 2018 04:28:34 +0000 Subject: ms_cron_ps_restart argument missing in ms-cron script Message-ID: <8209a316af7e43ac8112318e55411167@rcst.com.au> Hi all, I am currently doing a configuration work for MailScanner on my staging environment (Debian Stretch) and found something which you guys need to have a look. In /etc/MailScanner/defaults file, the last variable has the following explanation: # Restart MailScanner after Update Safe/Bad Phishing sites # # Restart MailScanner after update of the Safe/Bad Phishing sites files. # This is disabled by default. # # This is executed during the DAILY cron option. 0 = off, 1 = on # ms_cron_ps_restart=0 By tracing the cron job file, I found a script file /usr/sbin/ms-cron. Under if [ $ACTION = DAILY ]; then section, I cannot find this variable. Could you please have a look at the content of this file? Thanks a lot. Eoin Kim Systems Administrator RCS Telecommunications Level 1 - The Annexe, 133 Mary Street Brisbane, QLD, 4000, Australia Office: 07 3228 0843 Mobile: 0419 726 231 Email: eoin.kim at rcst.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: From Eoin.Kim at rcst.com.au Mon Jul 9 04:35:11 2018 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Mon, 9 Jul 2018 04:35:11 +0000 Subject: ms_cron_ps_restart argument missing in ms-cron script In-Reply-To: <8209a316af7e43ac8112318e55411167@rcst.com.au> References: <8209a316af7e43ac8112318e55411167@rcst.com.au> Message-ID: Ah.... I think I found it. It is read by another script - /usr/sbin/ms-update-phishing. Sorry guys. Eoin From: Eoin Kim Sent: Monday, 9 July 2018 2:29 PM To: mailscanner at lists.mailscanner.info Subject: ms_cron_ps_restart argument missing in ms-cron script Hi all, I am currently doing a configuration work for MailScanner on my staging environment (Debian Stretch) and found something which you guys need to have a look. In /etc/MailScanner/defaults file, the last variable has the following explanation: # Restart MailScanner after Update Safe/Bad Phishing sites # # Restart MailScanner after update of the Safe/Bad Phishing sites files. # This is disabled by default. # # This is executed during the DAILY cron option. 0 = off, 1 = on # ms_cron_ps_restart=0 By tracing the cron job file, I found a script file /usr/sbin/ms-cron. Under if [ $ACTION = DAILY ]; then section, I cannot find this variable. Could you please have a look at the content of this file? Thanks a lot. Eoin Kim Systems Administrator RCS Telecommunications Level 1 - The Annexe, 133 Mary Street Brisbane, QLD, 4000, Australia Office: 07 3228 0843 Mobile: 0419 726 231 Email: eoin.kim at rcst.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: From dobril at stanga.net Tue Jul 10 14:04:42 2018 From: dobril at stanga.net (DobriL Dobrilov) Date: Tue, 10 Jul 2018 17:04:42 +0300 Subject: MailScanner spam check not working Message-ID: <007401d41856$f3021100$d9063300$@stanga.net> Hello guy, I decide to start new mail server and use MailScanner v5 . The previous running v4 and all is perfect more than 6y. What is my exact issue. I think MailScanner not checking messages for spam , because I tried to send multiple spam messages and all they were delivered without mark or stop it. This what I can see in the logs Jul 10 16:59:16 mail postfix/smtpd[13610]: warning: hostname mail.stanga.net does not resolve to address 195.34.122.2 Jul 10 16:59:16 mail postfix/smtpd[13610]: connect from unknown[195.34.122.2] Jul 10 16:59:16 mail postfix/smtpd[13610]: Anonymous TLS connection established from unknown[195.34.122.2]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits) Jul 10 16:59:16 mail postfix/smtpd[13610]: C508963590: client=unknown[195.34.122.2] Jul 10 16:59:16 mail postfix/cleanup[13613]: C508963590: hold: header Received: from mail.stanga.net (unknown [195.34.122.2])??(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))??(No client certificate requested)??by mail.snowthunder.org (Postfix) with ESMTPS id C5 from unknown[195.34.122.2]; from= to= proto=ESMTP helo= Jul 10 16:59:16 mail postfix/cleanup[13613]: C508963590: message-id=<006f01d41856$35f1cc40$a1d564c0$@stanga.net> Jul 10 16:59:16 mail opendkim[694]: C508963590: DKIM-Signature field added (s=mail, d=stanga.net) Jul 10 16:59:16 mail postfix/smtpd[13610]: disconnect from unknown[195.34.122.2] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7 Jul 10 16:59:17 mail MailScanner[13597]: New Batch: Scanning 1 messages, 5040 bytes Jul 10 16:59:17 mail MailScanner[13597]: Saved archive copies of C508963590.A362E Jul 10 16:59:17 mail MailScanner[13597]: Filename Checks: Allowing C508963590.A362E msg-13597-1.txt Jul 10 16:59:17 mail MailScanner[13597]: Filename Checks: Allowing C508963590.A362E msg-13597-2.html Jul 10 16:59:17 mail MailScanner[13597]: Virus and Content Scanning: Starting Jul 10 16:59:17 mail MailScanner[13597]: Virus Scanning completed at 454139 bytes per second Jul 10 16:59:17 mail MailScanner[13597]: Spam Checks: Starting Jul 10 16:59:17 mail MailScanner[13597]: Delivery of nonspam: message C508963590.A362E from dobril at stanga.net to with subject Test Jul 10 16:59:17 mail MailScanner[13597]: Requeue: C508963590.A362E to 37A5B63597 Jul 10 16:59:17 mail MailScanner[13597]: Uninfected: Delivered 1 messages Jul 10 16:59:17 mail postfix/qmgr[6326]: 37A5B63597: from=, size=3770, nrcpt=1 (queue active) Jul 10 16:59:17 mail MailScanner[13597]: Deleted 1 messages from processing-database Jul 10 16:59:17 mail MailScanner[13597]: Batch completed at 279317 bytes per second (5040 / 0) Jul 10 16:59:17 mail MailScanner[13597]: Batch (1 message) processed in 0.02 seconds Jul 10 16:59:17 mail postfix/pipe[13614]: 37A5B63597: to=, relay=procmail, delay=0.62, delays=0.61/0.01/0/0, dsn=2.0.0, status=sent (delivered via procmail service) Jul 10 16:59:17 mail postfix/qmgr[6326]: 37A5B63597: removed This is how looks like the logs on the OLD server where all working fine Jul 10 16:59:09 mail MailScanner[9639]: Batch (1 message) processed in 0.71 seconds Jul 10 16:59:15 mail MailScanner[32628]: New Batch: Scanning 1 messages, 3633 bytes Jul 10 16:59:15 mail MailScanner[32628]: Saved archive copies of 7975A30A041D.A83C7 Jul 10 16:59:15 mail MailScanner[32628]: Filename Checks: Allowing 7975A30A041D.A83C7 msg-32628-174.html Jul 10 16:59:15 mail MailScanner[32628]: Filename Checks: Allowing 7975A30A041D.A83C7 msg-32628-173.txt Jul 10 16:59:15 mail MailScanner[32628]: Virus and Content Scanning: Starting Jul 10 16:59:15 mail MailScanner[32628]: Virus Scanning completed at 538308 bytes per second Jul 10 16:59:15 mail MailScanner[32628]: Spam Checks: Starting Jul 10 16:59:15 mail MailScanner[32628]: Message 7975A30A041D.A83C7 from 192.168.0.222 (dobril at stanga.net) is whitelisted Jul 10 16:59:15 mail MailScanner[32628]: Message 7975A30A041D.A83C7 from 192.168.0.222 (dobril at stanga.net) to snowthunder.org is not spam (whitelisted), SpamAssassin (not cached, score=-99.785, required 5, autolearn=disabled, ALL_TRUSTED -1.00, HTML_MESSAGE 0.00, MIME_HTML_MOSTLY 0.00, TVD_RCVD_SINGLE 1.21, USER_IN_WHITELIST -100.00) Jul 10 16:59:15 mail MailScanner[32628]: Delivery of nonspam: message 7975A30A041D.A83C7 from dobril at stanga.net to dobril at snowthunder.org with subject Test Jul 10 16:59:15 mail MailScanner[32628]: Spam Checks completed at 5941 bytes per second Jul 10 16:59:16 mail MailScanner[32628]: Requeue: 7975A30A041D.A83C7 to 321F930A0422 Jul 10 16:59:16 mail MailScanner[32628]: Uninfected: Delivered 1 messages Jul 10 16:59:16 mail MailScanner[32628]: Deleted 1 messages from processing-database Jul 10 16:59:16 mail MailScanner[32628]: Batch completed at 2496 bytes per second (3633 / 1) Jul 10 16:59:16 mail MailScanner[32628]: Batch (1 message) processed in 1.46 seconds -------------- next part -------------- An HTML attachment was scrubbed... URL: From anti-vaccine at sltnet.lk Tue Jul 10 07:26:36 2018 From: anti-vaccine at sltnet.lk (Security Admin) Date: Tue, 10 Jul 2018 12:56:36 +0530 Subject: Removing hyperlinks in {spam?} messages Message-ID: Hi all, Is there a way of removing hyperlinks in the mails detected as {spam?}? Thanks Chaminda From anti-vaccine at sltnet.lk Tue Jul 10 09:22:49 2018 From: anti-vaccine at sltnet.lk (Security Admin) Date: Tue, 10 Jul 2018 14:52:49 +0530 Subject: Removing hyperlinks in {spam?} messages In-Reply-To: References: Message-ID: Also, I want to know how to add a warning trailer to the mail tagged as {Spam?} and delivered to the user mailbox. Thanks Chaminda On Tue, 10 Jul 2018 12:56:36 +0530 "Security Admin" wrote: > Hi all, > Is there a way of removing hyperlinks in the mails detected as >{spam?}? > > Thanks > Chaminda From iversons at rushville.k12.in.us Tue Jul 10 14:48:51 2018 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Tue, 10 Jul 2018 10:48:51 -0400 Subject: MailScanner spam check not working In-Reply-To: <007401d41856$f3021100$d9063300$@stanga.net> References: <007401d41856$f3021100$d9063300$@stanga.net> Message-ID: What does a MailScanner --lint show? I don't see spamassassin being invoked on your new setup...did it install? On Tue, Jul 10, 2018 at 10:04 AM, DobriL Dobrilov wrote: > Hello guy, > > > > I decide to start new mail server and use MailScanner v5 . The previous > running v4 and all is perfect more than 6y. > > What is my exact issue. I think MailScanner not checking messages for > spam , because I tried to send multiple spam messages and all they were > delivered without mark or stop it. > > This what I can see in the logs > > > > Jul 10 16:59:16 mail postfix/smtpd[13610]: warning: hostname > mail.stanga.net does not resolve to address 195.34.122.2 > > Jul 10 16:59:16 mail postfix/smtpd[13610]: connect from > unknown[195.34.122.2] > > Jul 10 16:59:16 mail postfix/smtpd[13610]: Anonymous TLS connection > established from unknown[195.34.122.2]: TLSv1 with cipher ADH-AES256-SHA > (256/256 bits) > > Jul 10 16:59:16 mail postfix/smtpd[13610]: C508963590: > client=unknown[195.34.122.2] > > Jul 10 16:59:16 mail postfix/cleanup[13613]: C508963590: hold: header > Received: from mail.stanga.net (unknown [195.34.122.2])??(using TLSv1 > with cipher ADH-AES256-SHA (256/256 bits))??(No client certificate > requested)??by mail.snowthunder.org (Postfix) with ESMTPS id C5 from > unknown[195.34.122.2]; from= to= > proto=ESMTP helo= > > Jul 10 16:59:16 mail postfix/cleanup[13613]: C508963590: > message-id=<006f01d41856$35f1cc40$a1d564c0$@stanga.net> > > Jul 10 16:59:16 mail opendkim[694]: C508963590: DKIM-Signature field added > (s=mail, d=stanga.net) > > Jul 10 16:59:16 mail postfix/smtpd[13610]: disconnect from > unknown[195.34.122.2] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 > commands=7 > > Jul 10 16:59:17 mail MailScanner[13597]: New Batch: Scanning 1 messages, > 5040 bytes > > Jul 10 16:59:17 mail MailScanner[13597]: Saved archive copies of > C508963590.A362E > > Jul 10 16:59:17 mail MailScanner[13597]: Filename Checks: Allowing > C508963590.A362E msg-13597-1.txt > > Jul 10 16:59:17 mail MailScanner[13597]: Filename Checks: Allowing > C508963590.A362E msg-13597-2.html > > Jul 10 16:59:17 mail MailScanner[13597]: Virus and Content Scanning: > Starting > > Jul 10 16:59:17 mail MailScanner[13597]: Virus Scanning completed at > 454139 bytes per second > > Jul 10 16:59:17 mail MailScanner[13597]: Spam Checks: Starting > > Jul 10 16:59:17 mail MailScanner[13597]: Delivery of nonspam: message > C508963590.A362E from dobril at stanga.net to with subject Test > > Jul 10 16:59:17 mail MailScanner[13597]: Requeue: C508963590.A362E to > 37A5B63597 > > Jul 10 16:59:17 mail MailScanner[13597]: Uninfected: Delivered 1 messages > > Jul 10 16:59:17 mail postfix/qmgr[6326]: 37A5B63597: from=< > dobril at stanga.net>, size=3770, nrcpt=1 (queue active) > > Jul 10 16:59:17 mail MailScanner[13597]: Deleted 1 messages from > processing-database > > Jul 10 16:59:17 mail MailScanner[13597]: Batch completed at 279317 bytes > per second (5040 / 0) > > Jul 10 16:59:17 mail MailScanner[13597]: Batch (1 message) processed in > 0.02 seconds > > Jul 10 16:59:17 mail postfix/pipe[13614]: 37A5B63597: to=< > dobril at snowthunder.org>, relay=procmail, delay=0.62, > delays=0.61/0.01/0/0, dsn=2.0.0, status=sent (delivered via procmail > service) > > Jul 10 16:59:17 mail postfix/qmgr[6326]: 37A5B63597: removed > > > > This is how looks like the logs on the OLD server where all working fine > > > > Jul 10 16:59:09 mail MailScanner[9639]: Batch (1 message) processed in > 0.71 seconds > > Jul 10 16:59:15 mail MailScanner[32628]: New Batch: Scanning 1 messages, > 3633 bytes > > Jul 10 16:59:15 mail MailScanner[32628]: Saved archive copies of > 7975A30A041D.A83C7 > > Jul 10 16:59:15 mail MailScanner[32628]: Filename Checks: Allowing > 7975A30A041D.A83C7 msg-32628-174.html > > Jul 10 16:59:15 mail MailScanner[32628]: Filename Checks: Allowing > 7975A30A041D.A83C7 msg-32628-173.txt > > Jul 10 16:59:15 mail MailScanner[32628]: Virus and Content Scanning: > Starting > > Jul 10 16:59:15 mail MailScanner[32628]: Virus Scanning completed at > 538308 bytes per second > > Jul 10 16:59:15 mail MailScanner[32628]: Spam Checks: Starting > > Jul 10 16:59:15 mail MailScanner[32628]: Message 7975A30A041D.A83C7 from > 192.168.0.222 (dobril at stanga.net) is whitelisted > > Jul 10 16:59:15 mail MailScanner[32628]: Message 7975A30A041D.A83C7 from > 192.168.0.222 (dobril at stanga.net) to snowthunder.org is not spam > (whitelisted), SpamAssassin (not cached, score=-99.785, required 5, > autolearn=disabled, ALL_TRUSTED -1.00, HTML_MESSAGE 0.00, MIME_HTML_MOSTLY > 0.00, TVD_RCVD_SINGLE 1.21, USER_IN_WHITELIST -100.00) > > Jul 10 16:59:15 mail MailScanner[32628]: Delivery of nonspam: message > 7975A30A041D.A83C7 from dobril at stanga.net to dobril at snowthunder.org with > subject Test > > Jul 10 16:59:15 mail MailScanner[32628]: Spam Checks completed at 5941 > bytes per second > > Jul 10 16:59:16 mail MailScanner[32628]: Requeue: 7975A30A041D.A83C7 to > 321F930A0422 > > Jul 10 16:59:16 mail MailScanner[32628]: Uninfected: Delivered 1 messages > > Jul 10 16:59:16 mail MailScanner[32628]: Deleted 1 messages from > processing-database > > Jul 10 16:59:16 mail MailScanner[32628]: Batch completed at 2496 bytes per > second (3633 / 1) > > Jul 10 16:59:16 mail MailScanner[32628]: Batch (1 message) processed in > 1.46 seconds > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From dobril at stanga.net Tue Jul 10 15:13:45 2018 From: dobril at stanga.net (DobriL Dobrilov) Date: Tue, 10 Jul 2018 18:13:45 +0300 Subject: MailScanner spam check not working In-Reply-To: References: <007401d41856$f3021100$d9063300$@stanga.net> Message-ID: <008c01d41860$98b62d30$ca228790$@stanga.net> #MailScanner --lint Currently you are using no virus scanners. This is probably not what you want. In your /etc/MailScanner/MailScanner.conf file, set Virus Scanners = clamav Then install it with your package manager or download it directly from http://www.clamav.net Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Checking version numbers... Version number in MailScanner.conf (5.0.7) is correct. Your envelope_sender_header in spamassassin.conf is correct. MailScanner setting GID to (114) MailScanner setting UID to (109) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 0 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = none" Found these virus scanners installed: clamav =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting =========================================================================== If any of your virus scanners (clamav) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. From: MailScanner [mailto:mailscanner-bounces+dobril=stanga.net at lists.mailscanner.info] On Behalf Of Shawn Iverson Sent: Tuesday, July 10, 2018 5:49 PM To: MailScanner Discussion Subject: Re: MailScanner spam check not working What does a MailScanner --lint show? I don't see spamassassin being invoked on your new setup...did it install? On Tue, Jul 10, 2018 at 10:04 AM, DobriL Dobrilov > wrote: Hello guy, I decide to start new mail server and use MailScanner v5 . The previous running v4 and all is perfect more than 6y. What is my exact issue. I think MailScanner not checking messages for spam , because I tried to send multiple spam messages and all they were delivered without mark or stop it. This what I can see in the logs Jul 10 16:59:16 mail postfix/smtpd[13610]: warning: hostname mail.stanga.net does not resolve to address 195.34.122.2 Jul 10 16:59:16 mail postfix/smtpd[13610]: connect from unknown[195.34.122.2] Jul 10 16:59:16 mail postfix/smtpd[13610]: Anonymous TLS connection established from unknown[195.34.122.2]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits) Jul 10 16:59:16 mail postfix/smtpd[13610]: C508963590: client=unknown[195.34.122.2] Jul 10 16:59:16 mail postfix/cleanup[13613]: C508963590: hold: header Received: from mail.stanga.net (unknown [195.34.122.2])??(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))??(No client certificate requested)??by mail.snowthunder.org (Postfix) with ESMTPS id C5 from unknown[195.34.122.2]; from= > to= > proto=ESMTP helo= > Jul 10 16:59:16 mail postfix/cleanup[13613]: C508963590: message-id=<006f01d41856$35f1cc40$a1d564c0$@stanga.net > Jul 10 16:59:16 mail opendkim[694]: C508963590: DKIM-Signature field added (s=mail, d=stanga.net ) Jul 10 16:59:16 mail postfix/smtpd[13610]: disconnect from unknown[195.34.122.2] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7 Jul 10 16:59:17 mail MailScanner[13597]: New Batch: Scanning 1 messages, 5040 bytes Jul 10 16:59:17 mail MailScanner[13597]: Saved archive copies of C508963590.A362E Jul 10 16:59:17 mail MailScanner[13597]: Filename Checks: Allowing C508963590.A362E msg-13597-1.txt Jul 10 16:59:17 mail MailScanner[13597]: Filename Checks: Allowing C508963590.A362E msg-13597-2.html Jul 10 16:59:17 mail MailScanner[13597]: Virus and Content Scanning: Starting Jul 10 16:59:17 mail MailScanner[13597]: Virus Scanning completed at 454139 bytes per second Jul 10 16:59:17 mail MailScanner[13597]: Spam Checks: Starting Jul 10 16:59:17 mail MailScanner[13597]: Delivery of nonspam: message C508963590.A362E from dobril at stanga.net to with subject Test Jul 10 16:59:17 mail MailScanner[13597]: Requeue: C508963590.A362E to 37A5B63597 Jul 10 16:59:17 mail MailScanner[13597]: Uninfected: Delivered 1 messages Jul 10 16:59:17 mail postfix/qmgr[6326]: 37A5B63597: from= >, size=3770, nrcpt=1 (queue active) Jul 10 16:59:17 mail MailScanner[13597]: Deleted 1 messages from processing-database Jul 10 16:59:17 mail MailScanner[13597]: Batch completed at 279317 bytes per second (5040 / 0) Jul 10 16:59:17 mail MailScanner[13597]: Batch (1 message) processed in 0.02 seconds Jul 10 16:59:17 mail postfix/pipe[13614]: 37A5B63597: to= >, relay=procmail, delay=0.62, delays=0.61/0.01/0/0, dsn=2.0.0, status=sent (delivered via procmail service) Jul 10 16:59:17 mail postfix/qmgr[6326]: 37A5B63597: removed This is how looks like the logs on the OLD server where all working fine Jul 10 16:59:09 mail MailScanner[9639]: Batch (1 message) processed in 0.71 seconds Jul 10 16:59:15 mail MailScanner[32628]: New Batch: Scanning 1 messages, 3633 bytes Jul 10 16:59:15 mail MailScanner[32628]: Saved archive copies of 7975A30A041D.A83C7 Jul 10 16:59:15 mail MailScanner[32628]: Filename Checks: Allowing 7975A30A041D.A83C7 msg-32628-174.html Jul 10 16:59:15 mail MailScanner[32628]: Filename Checks: Allowing 7975A30A041D.A83C7 msg-32628-173.txt Jul 10 16:59:15 mail MailScanner[32628]: Virus and Content Scanning: Starting Jul 10 16:59:15 mail MailScanner[32628]: Virus Scanning completed at 538308 bytes per second Jul 10 16:59:15 mail MailScanner[32628]: Spam Checks: Starting Jul 10 16:59:15 mail MailScanner[32628]: Message 7975A30A041D.A83C7 from 192.168.0.222 (dobril at stanga.net ) is whitelisted Jul 10 16:59:15 mail MailScanner[32628]: Message 7975A30A041D.A83C7 from 192.168.0.222 (dobril at stanga.net ) to snowthunder.org is not spam (whitelisted), SpamAssassin (not cached, score=-99.785, required 5, autolearn=disabled, ALL_TRUSTED -1.00, HTML_MESSAGE 0.00, MIME_HTML_MOSTLY 0.00, TVD_RCVD_SINGLE 1.21, USER_IN_WHITELIST -100.00) Jul 10 16:59:15 mail MailScanner[32628]: Delivery of nonspam: message 7975A30A041D.A83C7 from dobril at stanga.net to dobril at snowthunder.org with subject Test Jul 10 16:59:15 mail MailScanner[32628]: Spam Checks completed at 5941 bytes per second Jul 10 16:59:16 mail MailScanner[32628]: Requeue: 7975A30A041D.A83C7 to 321F930A0422 Jul 10 16:59:16 mail MailScanner[32628]: Uninfected: Delivered 1 messages Jul 10 16:59:16 mail MailScanner[32628]: Deleted 1 messages from processing-database Jul 10 16:59:16 mail MailScanner[32628]: Batch completed at 2496 bytes per second (3633 / 1) Jul 10 16:59:16 mail MailScanner[32628]: Batch (1 message) processed in 1.46 seconds -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Tue Jul 10 15:36:21 2018 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Tue, 10 Jul 2018 11:36:21 -0400 Subject: MailScanner spam check not working In-Reply-To: <008c01d41860$98b62d30$ca228790$@stanga.net> References: <007401d41856$f3021100$d9063300$@stanga.net> <008c01d41860$98b62d30$ca228790$@stanga.net> Message-ID: I would take care of the virus scanner problem first and see if it helps. On Tue, Jul 10, 2018 at 11:13 AM, DobriL Dobrilov wrote: > #MailScanner --lint > > > > Currently you are using no virus scanners. > > This is probably not what you want. > > > > In your /etc/MailScanner/MailScanner.conf file, set > > Virus Scanners = clamav > > Then install it with your package manager or download it directly from > > http://www.clamav.net > > > > Trying to setlogsock(unix) > > > > Reading configuration file /etc/MailScanner/MailScanner.conf > > Reading configuration file /etc/MailScanner/conf.d/README > > > > Checking version numbers... > > Version number in MailScanner.conf (5.0.7) is correct. > > > > Your envelope_sender_header in spamassassin.conf is correct. > > MailScanner setting GID to (114) > > MailScanner setting UID to (109) > > > > Checking for SpamAssassin errors (if you use it)... > > Using SpamAssassin results cache > > Connected to SpamAssassin cache database > > SpamAssassin reported no errors. > > Connected to Processing Attempts Database > > Created Processing Attempts Database successfully > > There are 0 messages in the Processing Attempts Database > > Using locktype = posix > > MailScanner.conf says "Virus Scanners = none" > > Found these virus scanners installed: clamav > > ============================================================ > =============== > > Filename Checks: Windows/DOS Executable (1 eicar.com) > > Other Checks: Found 1 problems > > Virus and Content Scanning: Starting > > ============================================================ > =============== > > > > If any of your virus scanners (clamav) > > are not listed there, you should check that they are installed correctly > > and that MailScanner is finding them correctly via its virus.scanners.conf. > > > > > > > > *From:* MailScanner [mailto:mailscanner-bounces+dobril=stanga.net at lists. > mailscanner.info] *On Behalf Of *Shawn Iverson > *Sent:* Tuesday, July 10, 2018 5:49 PM > *To:* MailScanner Discussion > *Subject:* Re: MailScanner spam check not working > > > > What does a MailScanner --lint show? > > > > I don't see spamassassin being invoked on your new setup...did it install? > > > > On Tue, Jul 10, 2018 at 10:04 AM, DobriL Dobrilov > wrote: > > Hello guy, > > > > I decide to start new mail server and use MailScanner v5 . The previous > running v4 and all is perfect more than 6y. > > What is my exact issue. I think MailScanner not checking messages for > spam , because I tried to send multiple spam messages and all they were > delivered without mark or stop it. > > This what I can see in the logs > > > > Jul 10 16:59:16 mail postfix/smtpd[13610]: warning: hostname > mail.stanga.net does not resolve to address 195.34.122.2 > > Jul 10 16:59:16 mail postfix/smtpd[13610]: connect from > unknown[195.34.122.2] > > Jul 10 16:59:16 mail postfix/smtpd[13610]: Anonymous TLS connection > established from unknown[195.34.122.2]: TLSv1 with cipher ADH-AES256-SHA > (256/256 bits) > > Jul 10 16:59:16 mail postfix/smtpd[13610]: C508963590: > client=unknown[195.34.122.2] > > Jul 10 16:59:16 mail postfix/cleanup[13613]: C508963590: hold: header > Received: from mail.stanga.net (unknown [195.34.122.2])??(using TLSv1 > with cipher ADH-AES256-SHA (256/256 bits))??(No client certificate > requested)??by mail.snowthunder.org (Postfix) with ESMTPS id C5 from > unknown[195.34.122.2]; from= to= > proto=ESMTP helo= > > Jul 10 16:59:16 mail postfix/cleanup[13613]: C508963590: > message-id=<006f01d41856$35f1cc40$a1d564c0$@stanga.net> > > Jul 10 16:59:16 mail opendkim[694]: C508963590: DKIM-Signature field added > (s=mail, d=stanga.net) > > Jul 10 16:59:16 mail postfix/smtpd[13610]: disconnect from > unknown[195.34.122.2] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 > commands=7 > > Jul 10 16:59:17 mail MailScanner[13597]: New Batch: Scanning 1 messages, > 5040 bytes > > Jul 10 16:59:17 mail MailScanner[13597]: Saved archive copies of > C508963590.A362E > > Jul 10 16:59:17 mail MailScanner[13597]: Filename Checks: Allowing > C508963590.A362E msg-13597-1.txt > > Jul 10 16:59:17 mail MailScanner[13597]: Filename Checks: Allowing > C508963590.A362E msg-13597-2.html > > Jul 10 16:59:17 mail MailScanner[13597]: Virus and Content Scanning: > Starting > > Jul 10 16:59:17 mail MailScanner[13597]: Virus Scanning completed at > 454139 bytes per second > > Jul 10 16:59:17 mail MailScanner[13597]: Spam Checks: Starting > > Jul 10 16:59:17 mail MailScanner[13597]: Delivery of nonspam: message > C508963590.A362E from dobril at stanga.net to with subject Test > > Jul 10 16:59:17 mail MailScanner[13597]: Requeue: C508963590.A362E to > 37A5B63597 > > Jul 10 16:59:17 mail MailScanner[13597]: Uninfected: Delivered 1 messages > > Jul 10 16:59:17 mail postfix/qmgr[6326]: 37A5B63597: from=< > dobril at stanga.net>, size=3770, nrcpt=1 (queue active) > > Jul 10 16:59:17 mail MailScanner[13597]: Deleted 1 messages from > processing-database > > Jul 10 16:59:17 mail MailScanner[13597]: Batch completed at 279317 bytes > per second (5040 / 0) > > Jul 10 16:59:17 mail MailScanner[13597]: Batch (1 message) processed in > 0.02 seconds > > Jul 10 16:59:17 mail postfix/pipe[13614]: 37A5B63597: to=< > dobril at snowthunder.org>, relay=procmail, delay=0.62, > delays=0.61/0.01/0/0, dsn=2.0.0, status=sent (delivered via procmail > service) > > Jul 10 16:59:17 mail postfix/qmgr[6326]: 37A5B63597: removed > > > > This is how looks like the logs on the OLD server where all working fine > > > > Jul 10 16:59:09 mail MailScanner[9639]: Batch (1 message) processed in > 0.71 seconds > > Jul 10 16:59:15 mail MailScanner[32628]: New Batch: Scanning 1 messages, > 3633 bytes > > Jul 10 16:59:15 mail MailScanner[32628]: Saved archive copies of > 7975A30A041D.A83C7 > > Jul 10 16:59:15 mail MailScanner[32628]: Filename Checks: Allowing > 7975A30A041D.A83C7 msg-32628-174.html > > Jul 10 16:59:15 mail MailScanner[32628]: Filename Checks: Allowing > 7975A30A041D.A83C7 msg-32628-173.txt > > Jul 10 16:59:15 mail MailScanner[32628]: Virus and Content Scanning: > Starting > > Jul 10 16:59:15 mail MailScanner[32628]: Virus Scanning completed at > 538308 bytes per second > > Jul 10 16:59:15 mail MailScanner[32628]: Spam Checks: Starting > > Jul 10 16:59:15 mail MailScanner[32628]: Message 7975A30A041D.A83C7 from > 192.168.0.222 (dobril at stanga.net) is whitelisted > > Jul 10 16:59:15 mail MailScanner[32628]: Message 7975A30A041D.A83C7 from > 192.168.0.222 (dobril at stanga.net) to snowthunder.org is not spam > (whitelisted), SpamAssassin (not cached, score=-99.785, required 5, > autolearn=disabled, ALL_TRUSTED -1.00, HTML_MESSAGE 0.00, MIME_HTML_MOSTLY > 0.00, TVD_RCVD_SINGLE 1.21, USER_IN_WHITELIST -100.00) > > Jul 10 16:59:15 mail MailScanner[32628]: Delivery of nonspam: message > 7975A30A041D.A83C7 from dobril at stanga.net to dobril at snowthunder.org with > subject Test > > Jul 10 16:59:15 mail MailScanner[32628]: Spam Checks completed at 5941 > bytes per second > > Jul 10 16:59:16 mail MailScanner[32628]: Requeue: 7975A30A041D.A83C7 to > 321F930A0422 > > Jul 10 16:59:16 mail MailScanner[32628]: Uninfected: Delivered 1 messages > > Jul 10 16:59:16 mail MailScanner[32628]: Deleted 1 messages from > processing-database > > Jul 10 16:59:16 mail MailScanner[32628]: Batch completed at 2496 bytes per > second (3633 / 1) > > Jul 10 16:59:16 mail MailScanner[32628]: Batch (1 message) processed in > 1.46 seconds > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > -- > > Shawn Iverson, CETL > > Director of Technology > > Rush County Schools > > 765-932-3901 x1171 > > iversons at rushville.k12.in.us > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From dobril at stanga.net Tue Jul 10 20:57:54 2018 From: dobril at stanga.net (DobriL Dobrilov) Date: Tue, 10 Jul 2018 23:57:54 +0300 Subject: MailScanner spam check not working In-Reply-To: References: <007401d41856$f3021100$d9063300$@stanga.net> <008c01d41860$98b62d30$ca228790$@stanga.net> Message-ID: <00d301d41890$ac0bf8d0$0423ea70$@stanga.net> Unfortunately the problem not come from virus scanner, because I?m not using virus scanner on the other server where spam checks running fine. Although I install and configure clamav virus scanner and now each processing take too much.. around 20sec per message , doesn?t matter there are attachment or not. This is the output now #MailScanner --lint Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 1500 hostnames from the phishing whitelist Read 17684 hostnames from the phishing blacklists Config: calling custom init function MailWatchLogging MailWatch: Started MailWatch SQL Logging child Checking version numbers... Version number in MailScanner.conf (5.0.7) is correct. Your envelope_sender_header in spamassassin.conf is correct. MailScanner setting GID to (114) MailScanner setting UID to (109) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 0 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamav =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting ./1/eicar.com: Eicar-Test-Signature FOUND Virus Scanning: ClamAV found 2 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 2 viruses =========================================================================== Virus Scanner test reports: ClamAV said "eicar.com contains Eicar-Test-Signature" If any of your virus scanners (clamav) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Config: calling custom end function MailWatchLogging #cat /var/log/mail.log Jul 10 23:56:00 mail postfix/smtpd[18656]: warning: hostname mail.stanga.net does not resolve to address 195.34.122.2 Jul 10 23:56:00 mail postfix/smtpd[18656]: connect from unknown[195.34.122.2] Jul 10 23:56:00 mail postfix/smtpd[18656]: Anonymous TLS connection established from unknown[195.34.122.2]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits) Jul 10 23:56:00 mail postfix/smtpd[18656]: 6621F633C1: client=unknown[195.34.122.2] Jul 10 23:56:00 mail postfix/cleanup[18658]: 6621F633C1: hold: header Received: from mail.stanga.net (unknown [195.34.122.2])??(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))??(No client certificate requested)??by mail.snowthunder.org (Postfix) with ESMTPS id 66 from unknown[195.34.122.2]; from= to= proto=ESMTP helo= Jul 10 23:56:00 mail postfix/cleanup[18658]: 6621F633C1: message-id=<00cd01d41890$6af315e0$40d941a0$@stanga.net> Jul 10 23:56:00 mail opendkim[694]: 6621F633C1: DKIM-Signature field added (s=mail, d=stanga.net) Jul 10 23:56:00 mail postfix/smtpd[18656]: disconnect from unknown[195.34.122.2] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7 Jul 10 23:56:00 mail MailScanner[18640]: New Batch: Scanning 1 messages, 24138 bytes Jul 10 23:56:00 mail MailScanner[18640]: Virus and Content Scanning: Starting Jul 10 23:56:19 mail MailScanner[18640]: Requeue: 6621F633C1.A59BE to C2CC663489 Jul 10 23:56:19 mail MailScanner[18640]: Uninfected: Delivered 1 messages Jul 10 23:56:19 mail postfix/qmgr[6326]: C2CC663489: from=, size=22868, nrcpt=1 (queue active) Jul 10 23:56:20 mail MailScanner[18640]: Deleted 1 messages from processing-database Jul 10 23:56:20 mail MailScanner[18640]: MailWatch: Logging message 6621F633C1.A59BE to SQL Jul 10 23:56:20 mail postfix/pipe[18689]: C2CC663489: to=, relay=procmail, delay=20, delays=20/0.01/0/0.01, dsn=2.0.0, status=sent (delivered via procmail service) Jul 10 23:56:20 mail postfix/qmgr[6326]: C2CC663489: removed From: MailScanner [mailto:mailscanner-bounces+dobril=stanga.net at lists.mailscanner.info] On Behalf Of Shawn Iverson Sent: Tuesday, July 10, 2018 6:36 PM To: MailScanner Discussion Subject: Re: MailScanner spam check not working I would take care of the virus scanner problem first and see if it helps. On Tue, Jul 10, 2018 at 11:13 AM, DobriL Dobrilov > wrote: #MailScanner --lint Currently you are using no virus scanners. This is probably not what you want. In your /etc/MailScanner/MailScanner.conf file, set Virus Scanners = clamav Then install it with your package manager or download it directly from http://www.clamav.net Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Checking version numbers... Version number in MailScanner.conf (5.0.7) is correct. Your envelope_sender_header in spamassassin.conf is correct. MailScanner setting GID to (114) MailScanner setting UID to (109) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 0 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = none" Found these virus scanners installed: clamav =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com ) Other Checks: Found 1 problems Virus and Content Scanning: Starting =========================================================================== If any of your virus scanners (clamav) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. From: MailScanner [mailto:mailscanner-bounces+dobril =stanga.net at lists.mailscanner.info ] On Behalf Of Shawn Iverson Sent: Tuesday, July 10, 2018 5:49 PM To: MailScanner Discussion > Subject: Re: MailScanner spam check not working What does a MailScanner --lint show? I don't see spamassassin being invoked on your new setup...did it install? On Tue, Jul 10, 2018 at 10:04 AM, DobriL Dobrilov > wrote: Hello guy, I decide to start new mail server and use MailScanner v5 . The previous running v4 and all is perfect more than 6y. What is my exact issue. I think MailScanner not checking messages for spam , because I tried to send multiple spam messages and all they were delivered without mark or stop it. This what I can see in the logs Jul 10 16:59:16 mail postfix/smtpd[13610]: warning: hostname mail.stanga.net does not resolve to address 195.34.122.2 Jul 10 16:59:16 mail postfix/smtpd[13610]: connect from unknown[195.34.122.2] Jul 10 16:59:16 mail postfix/smtpd[13610]: Anonymous TLS connection established from unknown[195.34.122.2]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits) Jul 10 16:59:16 mail postfix/smtpd[13610]: C508963590: client=unknown[195.34.122.2] Jul 10 16:59:16 mail postfix/cleanup[13613]: C508963590: hold: header Received: from mail.stanga.net (unknown [195.34.122.2])??(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))??(No client certificate requested)??by mail.snowthunder.org (Postfix) with ESMTPS id C5 from unknown[195.34.122.2]; from= > to= > proto=ESMTP helo= > Jul 10 16:59:16 mail postfix/cleanup[13613]: C508963590: message-id=<006f01d41856$35f1cc40$a1d564c0$@stanga.net > Jul 10 16:59:16 mail opendkim[694]: C508963590: DKIM-Signature field added (s=mail, d=stanga.net ) Jul 10 16:59:16 mail postfix/smtpd[13610]: disconnect from unknown[195.34.122.2] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7 Jul 10 16:59:17 mail MailScanner[13597]: New Batch: Scanning 1 messages, 5040 bytes Jul 10 16:59:17 mail MailScanner[13597]: Saved archive copies of C508963590.A362E Jul 10 16:59:17 mail MailScanner[13597]: Filename Checks: Allowing C508963590.A362E msg-13597-1.txt Jul 10 16:59:17 mail MailScanner[13597]: Filename Checks: Allowing C508963590.A362E msg-13597-2.html Jul 10 16:59:17 mail MailScanner[13597]: Virus and Content Scanning: Starting Jul 10 16:59:17 mail MailScanner[13597]: Virus Scanning completed at 454139 bytes per second Jul 10 16:59:17 mail MailScanner[13597]: Spam Checks: Starting Jul 10 16:59:17 mail MailScanner[13597]: Delivery of nonspam: message C508963590.A362E from dobril at stanga.net to with subject Test Jul 10 16:59:17 mail MailScanner[13597]: Requeue: C508963590.A362E to 37A5B63597 Jul 10 16:59:17 mail MailScanner[13597]: Uninfected: Delivered 1 messages Jul 10 16:59:17 mail postfix/qmgr[6326]: 37A5B63597: from= >, size=3770, nrcpt=1 (queue active) Jul 10 16:59:17 mail MailScanner[13597]: Deleted 1 messages from processing-database Jul 10 16:59:17 mail MailScanner[13597]: Batch completed at 279317 bytes per second (5040 / 0) Jul 10 16:59:17 mail MailScanner[13597]: Batch (1 message) processed in 0.02 seconds Jul 10 16:59:17 mail postfix/pipe[13614]: 37A5B63597: to= >, relay=procmail, delay=0.62, delays=0.61/0.01/0/0, dsn=2.0.0, status=sent (delivered via procmail service) Jul 10 16:59:17 mail postfix/qmgr[6326]: 37A5B63597: removed This is how looks like the logs on the OLD server where all working fine Jul 10 16:59:09 mail MailScanner[9639]: Batch (1 message) processed in 0.71 seconds Jul 10 16:59:15 mail MailScanner[32628]: New Batch: Scanning 1 messages, 3633 bytes Jul 10 16:59:15 mail MailScanner[32628]: Saved archive copies of 7975A30A041D.A83C7 Jul 10 16:59:15 mail MailScanner[32628]: Filename Checks: Allowing 7975A30A041D.A83C7 msg-32628-174.html Jul 10 16:59:15 mail MailScanner[32628]: Filename Checks: Allowing 7975A30A041D.A83C7 msg-32628-173.txt Jul 10 16:59:15 mail MailScanner[32628]: Virus and Content Scanning: Starting Jul 10 16:59:15 mail MailScanner[32628]: Virus Scanning completed at 538308 bytes per second Jul 10 16:59:15 mail MailScanner[32628]: Spam Checks: Starting Jul 10 16:59:15 mail MailScanner[32628]: Message 7975A30A041D.A83C7 from 192.168.0.222 (dobril at stanga.net ) is whitelisted Jul 10 16:59:15 mail MailScanner[32628]: Message 7975A30A041D.A83C7 from 192.168.0.222 (dobril at stanga.net ) to snowthunder.org is not spam (whitelisted), SpamAssassin (not cached, score=-99.785, required 5, autolearn=disabled, ALL_TRUSTED -1.00, HTML_MESSAGE 0.00, MIME_HTML_MOSTLY 0.00, TVD_RCVD_SINGLE 1.21, USER_IN_WHITELIST -100.00) Jul 10 16:59:15 mail MailScanner[32628]: Delivery of nonspam: message 7975A30A041D.A83C7 from dobril at stanga.net to dobril at snowthunder.org with subject Test Jul 10 16:59:15 mail MailScanner[32628]: Spam Checks completed at 5941 bytes per second Jul 10 16:59:16 mail MailScanner[32628]: Requeue: 7975A30A041D.A83C7 to 321F930A0422 Jul 10 16:59:16 mail MailScanner[32628]: Uninfected: Delivered 1 messages Jul 10 16:59:16 mail MailScanner[32628]: Deleted 1 messages from processing-database Jul 10 16:59:16 mail MailScanner[32628]: Batch completed at 2496 bytes per second (3633 / 1) Jul 10 16:59:16 mail MailScanner[32628]: Batch (1 message) processed in 1.46 seconds -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From it at festa.bg Tue Jul 10 21:19:25 2018 From: it at festa.bg (Valentin Laskov) Date: Wed, 11 Jul 2018 00:19:25 +0300 Subject: MailScanner spam check not working In-Reply-To: <00d301d41890$ac0bf8d0$0423ea70$@stanga.net> References: <007401d41856$f3021100$d9063300$@stanga.net> <008c01d41860$98b62d30$ca228790$@stanga.net> <00d301d41890$ac0bf8d0$0423ea70$@stanga.net> Message-ID: <7d382ae1-31d7-3529-86e6-e6010e00f7af@festa.bg> Try using clamd Your setup uses clamscan. It loads signatures before each scan and this takes a while. About SpamAssassin, in my setup "Spam Score = 3" and "High Spam Score = 6" I think you can't trigger Spam this way you described. Maybe first you must set a local rule and try to trigger it to test SpamAssassin Cheers Valentin Laskov ?? 10.7.2018 ?. ? 23:57, DobriL Dobrilov ??????: > > Unfortunately the problem not come from virus scanner, because I?m not > using virus scanner on the other server where spam checks running fine. > > Although I install and configure clamav virus scanner and now each > processing take too much.. around 20sec per message , doesn?t matter > there are attachment or not. > > This is the output now > > #MailScanner --lint > > Trying to setlogsock(unix) > > Reading configuration file /etc/MailScanner/MailScanner.conf > > Reading configuration file /etc/MailScanner/conf.d/README > > Read 1500 hostnames from the phishing whitelist > > Read 17684 hostnames from the phishing blacklists > > Config: calling custom init function MailWatchLogging > > MailWatch: Started MailWatch SQL Logging child > > Checking version numbers... > > Version number in MailScanner.conf (5.0.7) is correct. > > Your envelope_sender_header in spamassassin.conf is correct. > > MailScanner setting GID to (114) > > MailScanner setting UID to (109) > > Checking for SpamAssassin errors (if you use it)... > > Using SpamAssassin results cache > > Connected to SpamAssassin cache database > > SpamAssassin reported no errors. > > Connected to Processing Attempts Database > > Created Processing Attempts Database successfully > > There are 0 messages in the Processing Attempts Database > > Using locktype = posix > > MailScanner.conf says "Virus Scanners = clamav" > > Found these virus scanners installed: clamav > > =========================================================================== > > Filename Checks: Windows/DOS Executable (1 eicar.com) > > Other Checks: Found 1 problems > > Virus and Content Scanning: Starting > > ./1/eicar.com: Eicar-Test-Signature FOUND > > Virus Scanning: ClamAV found 2 infections > > Infected message 1 came from 10.1.1.1 > > Virus Scanning: Found 2 viruses > > =========================================================================== > > Virus Scanner test reports: > > ClamAV said "eicar.com contains Eicar-Test-Signature" > > If any of your virus scanners (clamav) > > are not listed there, you should check that they are installed correctly > > and that MailScanner is finding them correctly via its > virus.scanners.conf. > > Config: calling custom end function MailWatchLogging > > #cat /var/log/mail.log > > Jul 10 23:56:00 mail postfix/smtpd[18656]: warning: hostname > mail.stanga.net does not resolve to address 195.34.122.2 > > Jul 10 23:56:00 mail postfix/smtpd[18656]: connect from > unknown[195.34.122.2] > > Jul 10 23:56:00 mail postfix/smtpd[18656]: Anonymous TLS connection > established from unknown[195.34.122.2]: TLSv1 with cipher > ADH-AES256-SHA (256/256 bits) > > Jul 10 23:56:00 mail postfix/smtpd[18656]: 6621F633C1: > client=unknown[195.34.122.2] > > Jul 10 23:56:00 mail postfix/cleanup[18658]: 6621F633C1: hold: header > Received: from mail.stanga.net (unknown [195.34.122.2])??(using TLSv1 > with cipher ADH-AES256-SHA (256/256 bits))??(No client certificate > requested)??by mail.snowthunder.org (Postfix) with ESMTPS id 66 from > unknown[195.34.122.2]; from= > to= proto=ESMTP helo= > > Jul 10 23:56:00 mail postfix/cleanup[18658]: 6621F633C1: > message-id=<00cd01d41890$6af315e0$40d941a0$@stanga.net> > > Jul 10 23:56:00 mail opendkim[694]: 6621F633C1: DKIM-Signature field > added (s=mail, d=stanga.net) > > Jul 10 23:56:00 mail postfix/smtpd[18656]: disconnect from > unknown[195.34.122.2] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 > commands=7 > > Jul 10 23:56:00 mail MailScanner[18640]: New Batch: Scanning 1 > messages, 24138 bytes > > Jul 10 23:56:00 mail MailScanner[18640]: Virus and Content Scanning: > Starting > > Jul 10 23:56:19 mail MailScanner[18640]: Requeue: 6621F633C1.A59BE to > C2CC663489 > > Jul 10 23:56:19 mail MailScanner[18640]: Uninfected: Delivered 1 messages > > Jul 10 23:56:19 mail postfix/qmgr[6326]: C2CC663489: > from=, size=22868, nrcpt=1 (queue active) > > Jul 10 23:56:20 mail MailScanner[18640]: Deleted 1 messages from > processing-database > > Jul 10 23:56:20 mail MailScanner[18640]: MailWatch: Logging message > 6621F633C1.A59BE to SQL > > Jul 10 23:56:20 mail postfix/pipe[18689]: C2CC663489: > to=, relay=procmail, delay=20, > delays=20/0.01/0/0.01, dsn=2.0.0, status=sent (delivered via procmail > service) > > Jul 10 23:56:20 mail postfix/qmgr[6326]: C2CC663489: removed > > *From:*MailScanner > [mailto:mailscanner-bounces+dobril=stanga.net at lists.mailscanner.info] > *On Behalf Of *Shawn Iverson > *Sent:* Tuesday, July 10, 2018 6:36 PM > *To:* MailScanner Discussion > *Subject:* Re: MailScanner spam check not working > > I would take care of the virus scanner problem first and see if it helps. > > On Tue, Jul 10, 2018 at 11:13 AM, DobriL Dobrilov > wrote: > > #MailScanner --lint > > Currently you are using no virus scanners. > > This is probably not what you want. > > In your /etc/MailScanner/MailScanner.conf file, set > > Virus Scanners = clamav > > Then install it with your package manager or download it directly from > > http://www.clamav.net > > Trying to setlogsock(unix) > > Reading configuration file /etc/MailScanner/MailScanner.conf > > Reading configuration file /etc/MailScanner/conf.d/README > > Checking version numbers... > > Version number in MailScanner.conf (5.0.7) is correct. > > Your envelope_sender_header in spamassassin.conf is correct. > > MailScanner setting GID to (114) > > MailScanner setting UID to (109) > > Checking for SpamAssassin errors (if you use it)... > > Using SpamAssassin results cache > > Connected to SpamAssassin cache database > > SpamAssassin reported no errors. > > Connected to Processing Attempts Database > > Created Processing Attempts Database successfully > > There are 0 messages in the Processing Attempts Database > > Using locktype = posix > > MailScanner.conf says "Virus Scanners = none" > > Found these virus scanners installed: clamav > > =========================================================================== > > Filename Checks: Windows/DOS Executable (1 eicar.com > ) > > Other Checks: Found 1 problems > > Virus and Content Scanning: Starting > > =========================================================================== > > If any of your virus scanners (clamav) > > are not listed there, you should check that they are installed > correctly > > and that MailScanner is finding them correctly via its > virus.scanners.conf. > > *From:*MailScanner [mailto:mailscanner-bounces+dobril > =stanga.net at lists.mailscanner.info > ] *On Behalf Of *Shawn > Iverson > *Sent:* Tuesday, July 10, 2018 5:49 PM > *To:* MailScanner Discussion > > *Subject:* Re: MailScanner spam check not working > > What does a MailScanner --lint show? > > I don't see spamassassin being invoked on your new setup...did it > install? > > On Tue, Jul 10, 2018 at 10:04 AM, DobriL Dobrilov > > wrote: > > Hello guy, > > I decide to start new mail server and use MailScanner v5 . The > previous running v4 and all is perfect more than 6y. > > What is my exact issue. I think MailScanner not checking > messages for spam , because I tried to send multiple spam > messages and all they were delivered without mark or stop it. > > This what I can see in the logs > > Jul 10 16:59:16 mail postfix/smtpd[13610]: warning: hostname > mail.stanga.net does not resolve to > address 195.34.122.2 > > Jul 10 16:59:16 mail postfix/smtpd[13610]: connect from > unknown[195.34.122.2] > > Jul 10 16:59:16 mail postfix/smtpd[13610]: Anonymous TLS > connection established from unknown[195.34.122.2]: TLSv1 with > cipher ADH-AES256-SHA (256/256 bits) > > Jul 10 16:59:16 mail postfix/smtpd[13610]: C508963590: > client=unknown[195.34.122.2] > > Jul 10 16:59:16 mail postfix/cleanup[13613]: C508963590: hold: > header Received: from mail.stanga.net > (unknown [195.34.122.2])??(using TLSv1 with cipher > ADH-AES256-SHA (256/256 bits))??(No client certificate > requested)??by mail.snowthunder.org > (Postfix) with ESMTPS id C5 from > unknown[195.34.122.2]; from= > to= > proto=ESMTP > helo=> > > Jul 10 16:59:16 mail postfix/cleanup[13613]: C508963590: > message-id=<006f01d41856$35f1cc40$a1d564c0$@stanga.net > > > > Jul 10 16:59:16 mail opendkim[694]: C508963590: DKIM-Signature > field added (s=mail, d=stanga.net ) > > Jul 10 16:59:16 mail postfix/smtpd[13610]: disconnect from > unknown[195.34.122.2] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 > quit=1 commands=7 > > Jul 10 16:59:17 mail MailScanner[13597]: New Batch: Scanning 1 > messages, 5040 bytes > > Jul 10 16:59:17 mail MailScanner[13597]: Saved archive copies > of C508963590.A362E > > Jul 10 16:59:17 mail MailScanner[13597]: Filename Checks: > Allowing C508963590.A362E msg-13597-1.txt > > Jul 10 16:59:17 mail MailScanner[13597]: Filename Checks: > Allowing C508963590.A362E msg-13597-2.html > > Jul 10 16:59:17 mail MailScanner[13597]: Virus and Content > Scanning: Starting > > Jul 10 16:59:17 mail MailScanner[13597]: Virus Scanning > completed at 454139 bytes per second > > Jul 10 16:59:17 mail MailScanner[13597]: Spam Checks: Starting > > Jul 10 16:59:17 mail MailScanner[13597]: Delivery of nonspam: > message C508963590.A362E from dobril at stanga.net > to with subject Test > > Jul 10 16:59:17 mail MailScanner[13597]: Requeue: > C508963590.A362E to 37A5B63597 > > Jul 10 16:59:17 mail MailScanner[13597]: Uninfected: Delivered > 1 messages > > Jul 10 16:59:17 mail postfix/qmgr[6326]: 37A5B63597: > from=>, > size=3770, nrcpt=1 (queue active) > > Jul 10 16:59:17 mail MailScanner[13597]: Deleted 1 messages > from processing-database > > Jul 10 16:59:17 mail MailScanner[13597]: Batch completed at > 279317 bytes per second (5040 / 0) > > Jul 10 16:59:17 mail MailScanner[13597]: Batch (1 message) > processed in 0.02 seconds > > Jul 10 16:59:17 mail postfix/pipe[13614]: 37A5B63597: > to=>, > relay=procmail, delay=0.62, delays=0.61/0.01/0/0, dsn=2.0.0, > status=sent (delivered via procmail service) > > Jul 10 16:59:17 mail postfix/qmgr[6326]: 37A5B63597: removed > > This is how looks like the logs on the OLD server where all > working fine > > Jul 10 16:59:09 mail MailScanner[9639]: Batch (1 message) > processed in 0.71 seconds > > Jul 10 16:59:15 mail MailScanner[32628]: New Batch: Scanning 1 > messages, 3633 bytes > > Jul 10 16:59:15 mail MailScanner[32628]: Saved archive copies > of 7975A30A041D.A83C7 > > Jul 10 16:59:15 mail MailScanner[32628]: Filename Checks: > Allowing 7975A30A041D.A83C7 msg-32628-174.html > > Jul 10 16:59:15 mail MailScanner[32628]: Filename Checks: > Allowing 7975A30A041D.A83C7 msg-32628-173.txt > > Jul 10 16:59:15 mail MailScanner[32628]: Virus and Content > Scanning: Starting > > Jul 10 16:59:15 mail MailScanner[32628]: Virus Scanning > completed at 538308 bytes per second > > Jul 10 16:59:15 mail MailScanner[32628]: Spam Checks: Starting > > Jul 10 16:59:15 mail MailScanner[32628]: Message > 7975A30A041D.A83C7 from 192.168.0.222 (dobril at stanga.net > ) is whitelisted > > Jul 10 16:59:15 mail MailScanner[32628]: Message > 7975A30A041D.A83C7 from 192.168.0.222 (dobril at stanga.net > ) to snowthunder.org > is not spam (whitelisted), > SpamAssassin (not cached, score=-99.785, required 5, > autolearn=disabled, ALL_TRUSTED -1.00, HTML_MESSAGE 0.00, > MIME_HTML_MOSTLY 0.00, TVD_RCVD_SINGLE 1.21, USER_IN_WHITELIST > -100.00) > > Jul 10 16:59:15 mail MailScanner[32628]: Delivery of nonspam: > message 7975A30A041D.A83C7 from dobril at stanga.net > to dobril at snowthunder.org > with subject Test > > Jul 10 16:59:15 mail MailScanner[32628]: Spam Checks completed > at 5941 bytes per second > > Jul 10 16:59:16 mail MailScanner[32628]: Requeue: > 7975A30A041D.A83C7 to 321F930A0422 > > Jul 10 16:59:16 mail MailScanner[32628]: Uninfected: Delivered > 1 messages > > Jul 10 16:59:16 mail MailScanner[32628]: Deleted 1 messages > from processing-database > > Jul 10 16:59:16 mail MailScanner[32628]: Batch completed at > 2496 bytes per second (3633 / 1) > > Jul 10 16:59:16 mail MailScanner[32628]: Batch (1 message) > processed in 1.46 seconds > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > -- > > Shawn Iverson, CETL > > Director of Technology > > Rush County Schools > > 765-932-3901 x1171 > > iversons at rushville.k12.in.us > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > -- > > Shawn Iverson, CETL > > Director of Technology > > Rush County Schools > > 765-932-3901 x1171 > > iversons at rushville.k12.in.us > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Eoin.Kim at rcst.com.au Tue Jul 10 21:55:41 2018 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Tue, 10 Jul 2018 21:55:41 +0000 Subject: [Question] Scan Messages configuration index Message-ID: <8aa489d692764543991dbd2b1be2d37c@rcst.com.au> Hi all, I'd like to ask questions regarding MailScanner configuration indexs - Scan Messages. Shortly, what I want to achieve is: 1. Don't scan messages from my domain. 2. Scan messages from other domains. So, I set the index like this: Scan Messages = %rules-dir%/scan.messages.rules And the rule file is like this: From: *@mydomain no FromOrTo: default yes My first question is, is my rule file going to do the job I want? If so, I'd like to ask the second question. There are a lot of configuration indexes. If message scan is skipped for the messages from my domain, are all those indexes going to be disabled automatically for my domain's messages? For example, if I just set like this - Allow IFrame Tags = disarm, does it mean that this is not applied to messages from my domain but is applied to other messages? Or should I still configure it to use a rule file? Sorry for the English, I hope I clearly explained. Thanks a lot. Eoin Kim Systems Administrator RCS Telecommunications Level 1 - The Annexe, 133 Mary Street Brisbane, QLD, 4000, Australia Office: 07 3228 0843 Mobile: 0419 726 231 Email: eoin.kim at rcst.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: From dobril at stanga.net Wed Jul 11 07:16:16 2018 From: dobril at stanga.net (DobriL Dobrilov) Date: Wed, 11 Jul 2018 10:16:16 +0300 Subject: MailScanner spam check not working In-Reply-To: <7d382ae1-31d7-3529-86e6-e6010e00f7af@festa.bg> References: <007401d41856$f3021100$d9063300$@stanga.net> <008c01d41860$98b62d30$ca228790$@stanga.net> <00d301d41890$ac0bf8d0$0423ea70$@stanga.net> <7d382ae1-31d7-3529-86e6-e6010e00f7af@festa.bg> Message-ID: <000201d418e7$0e84e750$2b8eb5f0$@stanga.net> Thank you for suggestion to change clamav with clamd. About Spam check , look like MailScanner not using expected configs from /etc/MailScanner and /etc/spamassassin , this only I can think of Dobril Dobrilov IT Manager dobril at stanga.net 43, Cherni Vrah Blvd. | 1407 Sofia - Bulgaria Phone: +359 2 81 960 69 Fax: +359 2 81 960 70 Mobile: +359 878 749 387 We shape Digital www.stanga.net We re-invent Video www.bsbvision.com We build Apps www.shanga.co We support Start-Ups www.mysbar.net From: MailScanner [mailto:mailscanner-bounces+dobril=stanga.net at lists.mailscanner.info] On Behalf Of Valentin Laskov Sent: Wednesday, July 11, 2018 12:19 AM To: MailScanner Discussion Subject: Re: MailScanner spam check not working Try using clamd Your setup uses clamscan. It loads signatures before each scan and this takes a while. About SpamAssassin, in my setup "Spam Score = 3" and "High Spam Score = 6" I think you can't trigger Spam this way you described. Maybe first you must set a local rule and try to trigger it to test SpamAssassin Cheers Valentin Laskov ?? 10.7.2018 ?. ? 23:57, DobriL Dobrilov ??????: Unfortunately the problem not come from virus scanner, because I?m not using virus scanner on the other server where spam checks running fine. Although I install and configure clamav virus scanner and now each processing take too much.. around 20sec per message , doesn?t matter there are attachment or not. This is the output now #MailScanner --lint Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 1500 hostnames from the phishing whitelist Read 17684 hostnames from the phishing blacklists Config: calling custom init function MailWatchLogging MailWatch: Started MailWatch SQL Logging child Checking version numbers... Version number in MailScanner.conf (5.0.7) is correct. Your envelope_sender_header in spamassassin.conf is correct. MailScanner setting GID to (114) MailScanner setting UID to (109) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 0 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamav =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting ./1/eicar.com: Eicar-Test-Signature FOUND Virus Scanning: ClamAV found 2 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 2 viruses =========================================================================== Virus Scanner test reports: ClamAV said "eicar.com contains Eicar-Test-Signature" If any of your virus scanners (clamav) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Config: calling custom end function MailWatchLogging #cat /var/log/mail.log Jul 10 23:56:00 mail postfix/smtpd[18656]: warning: hostname mail.stanga.net does not resolve to address 195.34.122.2 Jul 10 23:56:00 mail postfix/smtpd[18656]: connect from unknown[195.34.122.2] Jul 10 23:56:00 mail postfix/smtpd[18656]: Anonymous TLS connection established from unknown[195.34.122.2]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits) Jul 10 23:56:00 mail postfix/smtpd[18656]: 6621F633C1: client=unknown[195.34.122.2] Jul 10 23:56:00 mail postfix/cleanup[18658]: 6621F633C1: hold: header Received: from mail.stanga.net (unknown [195.34.122.2])??(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))??(No client certificate requested)??by mail.snowthunder.org (Postfix) with ESMTPS id 66 from unknown[195.34.122.2]; from= to= proto=ESMTP helo= Jul 10 23:56:00 mail postfix/cleanup[18658]: 6621F633C1: message-id= <00cd01d41890$6af315e0$40d941a0$@stanga.net> Jul 10 23:56:00 mail opendkim[694]: 6621F633C1: DKIM-Signature field added (s=mail, d=stanga.net) Jul 10 23:56:00 mail postfix/smtpd[18656]: disconnect from unknown[195.34.122.2] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7 Jul 10 23:56:00 mail MailScanner[18640]: New Batch: Scanning 1 messages, 24138 bytes Jul 10 23:56:00 mail MailScanner[18640]: Virus and Content Scanning: Starting Jul 10 23:56:19 mail MailScanner[18640]: Requeue: 6621F633C1.A59BE to C2CC663489 Jul 10 23:56:19 mail MailScanner[18640]: Uninfected: Delivered 1 messages Jul 10 23:56:19 mail postfix/qmgr[6326]: C2CC663489: from= , size=22868, nrcpt=1 (queue active) Jul 10 23:56:20 mail MailScanner[18640]: Deleted 1 messages from processing-database Jul 10 23:56:20 mail MailScanner[18640]: MailWatch: Logging message 6621F633C1.A59BE to SQL Jul 10 23:56:20 mail postfix/pipe[18689]: C2CC663489: to= , relay=procmail, delay=20, delays=20/0.01/0/0.01, dsn=2.0.0, status=sent (delivered via procmail service) Jul 10 23:56:20 mail postfix/qmgr[6326]: C2CC663489: removed From: MailScanner [mailto:mailscanner-bounces+dobril=stanga.net at lists.mailscanner.info] On Behalf Of Shawn Iverson Sent: Tuesday, July 10, 2018 6:36 PM To: MailScanner Discussion Subject: Re: MailScanner spam check not working I would take care of the virus scanner problem first and see if it helps. On Tue, Jul 10, 2018 at 11:13 AM, DobriL Dobrilov > wrote: #MailScanner --lint Currently you are using no virus scanners. This is probably not what you want. In your /etc/MailScanner/MailScanner.conf file, set Virus Scanners = clamav Then install it with your package manager or download it directly from http://www.clamav.net Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Checking version numbers... Version number in MailScanner.conf (5.0.7) is correct. Your envelope_sender_header in spamassassin.conf is correct. MailScanner setting GID to (114) MailScanner setting UID to (109) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 0 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = none" Found these virus scanners installed: clamav =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com ) Other Checks: Found 1 problems Virus and Content Scanning: Starting =========================================================================== If any of your virus scanners (clamav) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. From: MailScanner [mailto:mailscanner-bounces+dobril =stanga.net at lists.mailscanner.info ] On Behalf Of Shawn Iverson Sent: Tuesday, July 10, 2018 5:49 PM To: MailScanner Discussion > Subject: Re: MailScanner spam check not working What does a MailScanner --lint show? I don't see spamassassin being invoked on your new setup...did it install? On Tue, Jul 10, 2018 at 10:04 AM, DobriL Dobrilov > wrote: Hello guy, I decide to start new mail server and use MailScanner v5 . The previous running v4 and all is perfect more than 6y. What is my exact issue. I think MailScanner not checking messages for spam , because I tried to send multiple spam messages and all they were delivered without mark or stop it. This what I can see in the logs Jul 10 16:59:16 mail postfix/smtpd[13610]: warning: hostname mail.stanga.net does not resolve to address 195.34.122.2 Jul 10 16:59:16 mail postfix/smtpd[13610]: connect from unknown[195.34.122.2] Jul 10 16:59:16 mail postfix/smtpd[13610]: Anonymous TLS connection established from unknown[195.34.122.2]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits) Jul 10 16:59:16 mail postfix/smtpd[13610]: C508963590: client=unknown[195.34.122.2] Jul 10 16:59:16 mail postfix/cleanup[13613]: C508963590: hold: header Received: from mail.stanga.net (unknown [195.34.122.2])??(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))??(No client certificate requested)??by mail.snowthunder.org (Postfix) with ESMTPS id C5 from unknown[195.34.122.2]; from= > to= > proto=ESMTP helo= > Jul 10 16:59:16 mail postfix/cleanup[13613]: C508963590: message-id=<006f01d41856$35f1cc40$a1d564c0$@stanga.net > Jul 10 16:59:16 mail opendkim[694]: C508963590: DKIM-Signature field added (s=mail, d=stanga.net ) Jul 10 16:59:16 mail postfix/smtpd[13610]: disconnect from unknown[195.34.122.2] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7 Jul 10 16:59:17 mail MailScanner[13597]: New Batch: Scanning 1 messages, 5040 bytes Jul 10 16:59:17 mail MailScanner[13597]: Saved archive copies of C508963590.A362E Jul 10 16:59:17 mail MailScanner[13597]: Filename Checks: Allowing C508963590.A362E msg-13597-1.txt Jul 10 16:59:17 mail MailScanner[13597]: Filename Checks: Allowing C508963590.A362E msg-13597-2.html Jul 10 16:59:17 mail MailScanner[13597]: Virus and Content Scanning: Starting Jul 10 16:59:17 mail MailScanner[13597]: Virus Scanning completed at 454139 bytes per second Jul 10 16:59:17 mail MailScanner[13597]: Spam Checks: Starting Jul 10 16:59:17 mail MailScanner[13597]: Delivery of nonspam: message C508963590.A362E from dobril at stanga.net to with subject Test Jul 10 16:59:17 mail MailScanner[13597]: Requeue: C508963590.A362E to 37A5B63597 Jul 10 16:59:17 mail MailScanner[13597]: Uninfected: Delivered 1 messages Jul 10 16:59:17 mail postfix/qmgr[6326]: 37A5B63597: from= >, size=3770, nrcpt=1 (queue active) Jul 10 16:59:17 mail MailScanner[13597]: Deleted 1 messages from processing-database Jul 10 16:59:17 mail MailScanner[13597]: Batch completed at 279317 bytes per second (5040 / 0) Jul 10 16:59:17 mail MailScanner[13597]: Batch (1 message) processed in 0.02 seconds Jul 10 16:59:17 mail postfix/pipe[13614]: 37A5B63597: to= >, relay=procmail, delay=0.62, delays=0.61/0.01/0/0, dsn=2.0.0, status=sent (delivered via procmail service) Jul 10 16:59:17 mail postfix/qmgr[6326]: 37A5B63597: removed This is how looks like the logs on the OLD server where all working fine Jul 10 16:59:09 mail MailScanner[9639]: Batch (1 message) processed in 0.71 seconds Jul 10 16:59:15 mail MailScanner[32628]: New Batch: Scanning 1 messages, 3633 bytes Jul 10 16:59:15 mail MailScanner[32628]: Saved archive copies of 7975A30A041D.A83C7 Jul 10 16:59:15 mail MailScanner[32628]: Filename Checks: Allowing 7975A30A041D.A83C7 msg-32628-174.html Jul 10 16:59:15 mail MailScanner[32628]: Filename Checks: Allowing 7975A30A041D.A83C7 msg-32628-173.txt Jul 10 16:59:15 mail MailScanner[32628]: Virus and Content Scanning: Starting Jul 10 16:59:15 mail MailScanner[32628]: Virus Scanning completed at 538308 bytes per second Jul 10 16:59:15 mail MailScanner[32628]: Spam Checks: Starting Jul 10 16:59:15 mail MailScanner[32628]: Message 7975A30A041D.A83C7 from 192.168.0.222 (dobril at stanga.net ) is whitelisted Jul 10 16:59:15 mail MailScanner[32628]: Message 7975A30A041D.A83C7 from 192.168.0.222 (dobril at stanga.net ) to snowthunder.org is not spam (whitelisted), SpamAssassin (not cached, score=-99.785, required 5, autolearn=disabled, ALL_TRUSTED -1.00, HTML_MESSAGE 0.00, MIME_HTML_MOSTLY 0.00, TVD_RCVD_SINGLE 1.21, USER_IN_WHITELIST -100.00) Jul 10 16:59:15 mail MailScanner[32628]: Delivery of nonspam: message 7975A30A041D.A83C7 from dobril at stanga.net to dobril at snowthunder.org with subject Test Jul 10 16:59:15 mail MailScanner[32628]: Spam Checks completed at 5941 bytes per second Jul 10 16:59:16 mail MailScanner[32628]: Requeue: 7975A30A041D.A83C7 to 321F930A0422 Jul 10 16:59:16 mail MailScanner[32628]: Uninfected: Delivered 1 messages Jul 10 16:59:16 mail MailScanner[32628]: Deleted 1 messages from processing-database Jul 10 16:59:16 mail MailScanner[32628]: Batch completed at 2496 bytes per second (3633 / 1) Jul 10 16:59:16 mail MailScanner[32628]: Batch (1 message) processed in 1.46 seconds -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 3762 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.jpg Type: image/jpeg Size: 1151 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image003.jpg Type: image/jpeg Size: 853 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image004.jpg Type: image/jpeg Size: 1286 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image005.jpg Type: image/jpeg Size: 930 bytes Desc: not available URL: From maxsec at gmail.com Wed Jul 11 07:47:46 2018 From: maxsec at gmail.com (Martin Hepworth) Date: Wed, 11 Jul 2018 08:47:46 +0100 Subject: [Question] Scan Messages configuration index In-Reply-To: <8aa489d692764543991dbd2b1be2d37c@rcst.com.au> References: <8aa489d692764543991dbd2b1be2d37c@rcst.com.au> Message-ID: Hi This is probably not the best way to whitelist your domain, as you leave yourself open to domain spoofing attacks on the email - ie spammers pretend to come from mydomain.com Best to whitelist by ipaddress And yes this setting is a big on/off for all scanning not just spam/viruses etc On Tue, 10 Jul 2018 at 22:56, Eoin Kim wrote: > Hi all, > > > > I?d like to ask questions regarding MailScanner configuration indexs - > Scan Messages. Shortly, what I want to achieve is: > > 1. Don?t scan messages from my domain. > 2. Scan messages from other domains. > > > > So, I set the index like this: > > Scan Messages = %rules-dir%/scan.messages.rules > > > > And the rule file is like this: > > From: *@mydomain no > > FromOrTo: default yes > > > > My first question is, is my rule file going to do the job I want? If so, > I?d like to ask the second question. There are a lot of configuration > indexes. If message scan is skipped for the messages from my domain, are > all those indexes going to be disabled automatically for my domain?s > messages? > > > > For example, if I just set like this - Allow IFrame Tags = disarm, does it > mean that this is not applied to messages from my domain but is applied to > other messages? Or should I still configure it to use a rule file? Sorry > for the English, I hope I clearly explained. Thanks a lot. > > > > *Eoin Kim* > > Systems Administrator > > > > *RCS Telecommunications * > > Level 1 ? The Annexe, 133 Mary Street > > Brisbane, QLD, 4000, Australia > > Office: 07 3228 0843 > > Mobile: 0419 726 231 > > Email: eoin.kim at rcst.com.au > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: From Eoin.Kim at rcst.com.au Wed Jul 11 21:29:37 2018 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Wed, 11 Jul 2018 21:29:37 +0000 Subject: [Question] Scan Messages configuration index In-Reply-To: References: <8aa489d692764543991dbd2b1be2d37c@rcst.com.au> Message-ID: Hi Martin, Thanks for your response. So, if I understood correctly, I should include all IP addresses of my domain's mail relays, correct? There is going to be a Microsoft Exchange server sitting behind it, hence, I guess I should register that as well. Eoin From: MailScanner On Behalf Of Martin Hepworth Sent: Wednesday, 11 July 2018 5:48 PM To: MailScanner Discussion Subject: Re: [Question] Scan Messages configuration index Hi This is probably not the best way to whitelist your domain, as you leave yourself open to domain spoofing attacks on the email - ie spammers pretend to come from mydomain.com Best to whitelist by ipaddress And yes this setting is a big on/off for all scanning not just spam/viruses etc On Tue, 10 Jul 2018 at 22:56, Eoin Kim > wrote: Hi all, I'd like to ask questions regarding MailScanner configuration indexs - Scan Messages. Shortly, what I want to achieve is: 1. Don't scan messages from my domain. 2. Scan messages from other domains. So, I set the index like this: Scan Messages = %rules-dir%/scan.messages.rules And the rule file is like this: From: *@mydomain no FromOrTo: default yes My first question is, is my rule file going to do the job I want? If so, I'd like to ask the second question. There are a lot of configuration indexes. If message scan is skipped for the messages from my domain, are all those indexes going to be disabled automatically for my domain's messages? For example, if I just set like this - Allow IFrame Tags = disarm, does it mean that this is not applied to messages from my domain but is applied to other messages? Or should I still configure it to use a rule file? Sorry for the English, I hope I clearly explained. Thanks a lot. Eoin Kim Systems Administrator RCS Telecommunications Level 1 - The Annexe, 133 Mary Street Brisbane, QLD, 4000, Australia Office: 07 3228 0843 Mobile: 0419 726 231 Email: eoin.kim at rcst.com.au -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: From maxsec at gmail.com Thu Jul 12 04:45:16 2018 From: maxsec at gmail.com (Martin Hepworth) Date: Thu, 12 Jul 2018 05:45:16 +0100 Subject: [Question] Scan Messages configuration index In-Reply-To: References: <8aa489d692764543991dbd2b1be2d37c@rcst.com.au> Message-ID: That's correct if you want to scan outbound traffic On Wed, 11 Jul 2018 at 22:30, Eoin Kim wrote: > Hi Martin, > > > > Thanks for your response. So, if I understood correctly, I should include > all IP addresses of my domain?s mail relays, correct? There is going to be > a Microsoft Exchange server sitting behind it, hence, I guess I should > register that as well. > > > > Eoin > > > > *From:* MailScanner rcst.com.au at lists.mailscanner.info> *On Behalf Of *Martin Hepworth > *Sent:* Wednesday, 11 July 2018 5:48 PM > *To:* MailScanner Discussion > *Subject:* Re: [Question] Scan Messages configuration index > > > > Hi > > This is probably not the best way to whitelist your domain, as you leave > yourself open to domain spoofing attacks on the email - ie spammers pretend > to come from mydomain.com > > Best to whitelist by ipaddress > > And yes this setting is a big on/off for all scanning not just > spam/viruses etc > > > > > > > > On Tue, 10 Jul 2018 at 22:56, Eoin Kim wrote: > > Hi all, > > > > I?d like to ask questions regarding MailScanner configuration indexs - > Scan Messages. Shortly, what I want to achieve is: > > 1. Don?t scan messages from my domain. > 2. Scan messages from other domains. > > > > So, I set the index like this: > > Scan Messages = %rules-dir%/scan.messages.rules > > > > And the rule file is like this: > > From: *@mydomain no > > FromOrTo: default yes > > > > My first question is, is my rule file going to do the job I want? If so, > I?d like to ask the second question. There are a lot of configuration > indexes. If message scan is skipped for the messages from my domain, are > all those indexes going to be disabled automatically for my domain?s > messages? > > > > For example, if I just set like this - Allow IFrame Tags = disarm, does it > mean that this is not applied to messages from my domain but is applied to > other messages? Or should I still configure it to use a rule file? Sorry > for the English, I hope I clearly explained. Thanks a lot. > > > > *Eoin Kim* > > Systems Administrator > > > > *RCS Telecommunications * > > Level 1 ? The Annexe, 133 Mary Street > > Brisbane, QLD, 4000, Australia > > Office: 07 3228 0843 > > Mobile: 0419 726 231 > > Email: eoin.kim at rcst.com.au > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- > > -- > Martin Hepworth, CISSP > Oxford, UK > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: From Eoin.Kim at rcst.com.au Thu Jul 12 05:07:07 2018 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Thu, 12 Jul 2018 05:07:07 +0000 Subject: [Question] Scan Messages configuration index In-Reply-To: References: <8aa489d692764543991dbd2b1be2d37c@rcst.com.au> Message-ID: <7f14d1ee3d934b3b8d582f1fdf2244a9@rcst.com.au> Thanks Martin, I?ll play with it a bit and see how it goes. Cheers. Eoin From: MailScanner On Behalf Of Martin Hepworth Sent: Thursday, 12 July 2018 2:45 PM To: MailScanner Discussion Subject: Re: [Question] Scan Messages configuration index That's correct if you want to scan outbound traffic On Wed, 11 Jul 2018 at 22:30, Eoin Kim > wrote: Hi Martin, Thanks for your response. So, if I understood correctly, I should include all IP addresses of my domain?s mail relays, correct? There is going to be a Microsoft Exchange server sitting behind it, hence, I guess I should register that as well. Eoin From: MailScanner > On Behalf Of Martin Hepworth Sent: Wednesday, 11 July 2018 5:48 PM To: MailScanner Discussion > Subject: Re: [Question] Scan Messages configuration index Hi This is probably not the best way to whitelist your domain, as you leave yourself open to domain spoofing attacks on the email - ie spammers pretend to come from mydomain.com Best to whitelist by ipaddress And yes this setting is a big on/off for all scanning not just spam/viruses etc On Tue, 10 Jul 2018 at 22:56, Eoin Kim > wrote: Hi all, I?d like to ask questions regarding MailScanner configuration indexs - Scan Messages. Shortly, what I want to achieve is: 1. Don?t scan messages from my domain. 2. Scan messages from other domains. So, I set the index like this: Scan Messages = %rules-dir%/scan.messages.rules And the rule file is like this: From: *@mydomain no FromOrTo: default yes My first question is, is my rule file going to do the job I want? If so, I?d like to ask the second question. There are a lot of configuration indexes. If message scan is skipped for the messages from my domain, are all those indexes going to be disabled automatically for my domain?s messages? For example, if I just set like this - Allow IFrame Tags = disarm, does it mean that this is not applied to messages from my domain but is applied to other messages? Or should I still configure it to use a rule file? Sorry for the English, I hope I clearly explained. Thanks a lot. Eoin Kim Systems Administrator RCS Telecommunications Level 1 ? The Annexe, 133 Mary Street Brisbane, QLD, 4000, Australia Office: 07 3228 0843 Mobile: 0419 726 231 Email: eoin.kim at rcst.com.au -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- -- Martin Hepworth, CISSP Oxford, UK -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: From nwilson123 at gmail.com Tue Jul 17 08:24:59 2018 From: nwilson123 at gmail.com (Neil) Date: Tue, 17 Jul 2018 10:24:59 +0200 Subject: MailScanner not adding headers Message-ID: Hi guys, Please could someone assist me, I can't seem to get MailScanner to add the usual message headers. I'm using MailScanner-5.0.7-2 with MailWatch 1.2.8 I've tried moving my org-name variable from MailScanner.conf to my_settings and putting the options in one file, and commenting it out in the other, but nothing seems to work, when I look in MailWatch I just don't see any headers with my company name showing. The reason I'm doing this is because I'm wanting Sanesecurity viruses to be recognised by spamassassin but I can't seem to get the Spam-Virus-Header showing, let alone the other headers. My --lint test doesn't show any issues either... [root at freshmail conf.d]# MailScanner --lint Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Reading configuration file /etc/MailScanner/conf.d/my_settings.conf Read 1500 hostnames from the phishing whitelist Read 15766 hostnames from the phishing blacklists Config: calling custom init function SQLBlacklist MailWatch: Starting up MailWatch SQL Blacklist MailWatch: Read 1544 blacklist entries Config: calling custom init function MailWatchLogging MailWatch: Started MailWatch SQL Logging child Config: calling custom init function SQLWhitelist MailWatch: Starting up MailWatch SQL Whitelist MailWatch: Read 102 whitelist entries Checking version numbers... Version number in MailScanner.conf (5.0.7) is correct. Your envelope_sender_header in spamassassin.conf is correct. MailScanner setting GID to (89) MailScanner setting UID to (89) Any help is appreciated. Thank you! Regards. Neil Wilson. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: MailScanner.conf Type: application/octet-stream Size: 13539 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: my_settings.conf Type: application/octet-stream Size: 1030 bytes Desc: not available URL: From nwilson123 at gmail.com Tue Jul 17 11:21:20 2018 From: nwilson123 at gmail.com (Neil) Date: Tue, 17 Jul 2018 13:21:20 +0200 Subject: MailScanner not adding headers In-Reply-To: References: Message-ID: Just to provide feedback on this, it seems I'm mistaken and the headers just aren't showing in MailWatch, because if I look at a message that passed through the server to myself, the headers do show.. *SNIP* Received: by spam.mycompany.co.za (Postfix, from userid 0) id A4D012C0070; Tue, 17 Jul 2018 13:00:42 +0200 (SAST) Date: Tue, 17 Jul 2018 13:00:42 +0200 To: neilw at mycompany.co.za User-Agent: Heirloom mailx 12.5 7/5/10 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20180717110042.A4D012C0070 at spam.mycompany.co.za> From: root at mycompany.co.za (root) X-mycompany-MailScanner-Information: Please contact mycompany for more info X-mycompany-MailScanner-ID: A4D012C0070.A293B X-mycompany-MailScanner: Found to be clean X-mycompany-MailScanner-IP-Protocol: IPv4 X-mycompany-MailScanner-SpamScore: s X-mycompany-MailScanner-From: root at mycompany.co.za My question is though, How then can I get emails marked as Junk by Sanesecurity blocked by spamassassin? I have configured.... Spam-Virus Header = X-mycompany-MailScanner-SpamVirus-Report: and... Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/* *Phish* Sanesecurity.Junk.*.UNOFFICIAL ...then I've configured the following in /etc/MailScanner/spamassassin.conf... header MS_FOUND_SPAMVIRUS exists:X-mycompany-MailScanner-SpamVirus-Report score MS_FOUND_SPAMVIRUS 3.0 ...but I never see the above header in MailWatch when looking at emails that were flagged by Sanesecurity, eg:... Jul 17 11:38:10 MailScanner[28945]: Clamd::INFECTED::Sanesecurity.Junk.47380.UNOFFICIAL :: ./B41AF2C0079.AFBE0/ Jul 17 11:38:10 MailScanner[28945]: Found spam based virus Sanesecurity.Junk.47380.UNOFFICIAL in B41AF2C0079.AFBE0 Jul 17 11:38:22 MailScanner[28945]: MailWatch: Logging message B41AF2C0079.AFBE0 to SQL Jul 17 11:38:22 MailScanner[29735]: MailWatch: B41AF2C0079.AFBE0: Logged to MailWatch SQL Any ideas or suggestions please? Thanks! On Tue, Jul 17, 2018 at 10:24 AM Neil wrote: > Hi guys, > > Please could someone assist me, I can't seem to get MailScanner to add the > usual message headers. > > I'm using MailScanner-5.0.7-2 with MailWatch 1.2.8 > > I've tried moving my org-name variable from MailScanner.conf to > my_settings and putting the options in one file, and commenting it out in > the other, but nothing seems to work, when I look in MailWatch I just don't > see any headers with my company name showing. > > The reason I'm doing this is because I'm wanting Sanesecurity viruses to > be recognised by spamassassin but I can't seem to get the Spam-Virus-Header > showing, let alone the other headers. > > My --lint test doesn't show any issues either... > > [root at freshmail conf.d]# MailScanner --lint > Trying to setlogsock(unix) > > Reading configuration file /etc/MailScanner/MailScanner.conf > Reading configuration file /etc/MailScanner/conf.d/README > Reading configuration file /etc/MailScanner/conf.d/my_settings.conf > Read 1500 hostnames from the phishing whitelist > Read 15766 hostnames from the phishing blacklists > Config: calling custom init function SQLBlacklist > MailWatch: Starting up MailWatch SQL Blacklist > MailWatch: Read 1544 blacklist entries > Config: calling custom init function MailWatchLogging > MailWatch: Started MailWatch SQL Logging child > Config: calling custom init function SQLWhitelist > MailWatch: Starting up MailWatch SQL Whitelist > MailWatch: Read 102 whitelist entries > > Checking version numbers... > Version number in MailScanner.conf (5.0.7) is correct. > > Your envelope_sender_header in spamassassin.conf is correct. > MailScanner setting GID to (89) > MailScanner setting UID to (89) > > Any help is appreciated. > > Thank you! > > Regards. > > Neil Wilson. > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nwilson123 at gmail.com Tue Jul 17 14:26:27 2018 From: nwilson123 at gmail.com (Neil) Date: Tue, 17 Jul 2018 16:26:27 +0200 Subject: MailScanner not adding headers In-Reply-To: References: Message-ID: Thanks, I have found the issue. I wasn't aware that there was already a section at the bottom of my /etc/MailScanner/spamassassin.conf that had the lines below... header MS_FOUND_SPAMVIRUS exists:X-MailScanner-SpamVirus-Report score MS_FOUND_SPAMVIRUS 3.5 All I did was add in the orgname above (header MS_FOUND_SPAMVIRUS exists:X-orgname-MailScanner-SpamVirus-Report) and this looks to have fixed it. Regards. Neil Wilson. On Tue, Jul 17, 2018 at 10:24 AM Neil wrote: > Hi guys, > > Please could someone assist me, I can't seem to get MailScanner to add the > usual message headers. > > I'm using MailScanner-5.0.7-2 with MailWatch 1.2.8 > > I've tried moving my org-name variable from MailScanner.conf to > my_settings and putting the options in one file, and commenting it out in > the other, but nothing seems to work, when I look in MailWatch I just don't > see any headers with my company name showing. > > The reason I'm doing this is because I'm wanting Sanesecurity viruses to > be recognised by spamassassin but I can't seem to get the Spam-Virus-Header > showing, let alone the other headers. > > My --lint test doesn't show any issues either... > > [root at freshmail conf.d]# MailScanner --lint > Trying to setlogsock(unix) > > Reading configuration file /etc/MailScanner/MailScanner.conf > Reading configuration file /etc/MailScanner/conf.d/README > Reading configuration file /etc/MailScanner/conf.d/my_settings.conf > Read 1500 hostnames from the phishing whitelist > Read 15766 hostnames from the phishing blacklists > Config: calling custom init function SQLBlacklist > MailWatch: Starting up MailWatch SQL Blacklist > MailWatch: Read 1544 blacklist entries > Config: calling custom init function MailWatchLogging > MailWatch: Started MailWatch SQL Logging child > Config: calling custom init function SQLWhitelist > MailWatch: Starting up MailWatch SQL Whitelist > MailWatch: Read 102 whitelist entries > > Checking version numbers... > Version number in MailScanner.conf (5.0.7) is correct. > > Your envelope_sender_header in spamassassin.conf is correct. > MailScanner setting GID to (89) > MailScanner setting UID to (89) > > Any help is appreciated. > > Thank you! > > Regards. > > Neil Wilson. > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From scrume at streamlineas.com Tue Jul 17 21:48:33 2018 From: scrume at streamlineas.com (Steve Crume) Date: Tue, 17 Jul 2018 17:48:33 -0400 Subject: Compliance? Message-ID: Hello, Is there a way to request that our mailings be "white listed" We send mail on behalf of our clients. Recently I was notified that MailScanner had warned of potential fraud. Thanks for any insight in becoming compliant. *-Steve * -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Wed Jul 18 04:52:56 2018 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 17 Jul 2018 21:52:56 -0700 Subject: Compliance? In-Reply-To: References: Message-ID: <7e780c56-4af9-649b-84ef-e27e898f2821@msapiro.net> On 07/17/2018 02:48 PM, Steve Crume wrote: > Hello, > > Is there a way to request that our mailings be "white listed" We send > mail on behalf of our clients. Recently I was notified that MailScanner > had warned of potential fraud. Thanks for any insight in becoming compliant. Presumably this warning was from MailScanner running on some server that processes mail on behalf of a recipient of your client's mail. Any whitelisting would have to be done by the operators of that server. This is not practical as there are probably hundreds if not thousands or more recipients and thus many potential MailScanner installations involved. You need to get a copy of the message with the warning, and if it is not obvious to you what you need to do from that, post it here and we will help. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From dobril at stanga.net Thu Jul 19 15:46:39 2018 From: dobril at stanga.net (DobriL Dobrilov) Date: Thu, 19 Jul 2018 18:46:39 +0300 Subject: =?koi8-r?Q?MailSc=C1nner_-_filename.rules._Undefined_file_extensions._Ver?= =?koi8-r?Q?bose_log_info_=3F?= Message-ID: <019801d41f77$af1dc4c0$0d594e40$@stanga.net> Hello, Please let me know what happening to files with undefined extensions. In v4.79 I can see log message (no rule matched) , but what exactly mean this ? all undefined are allow by default ? And one more question related to v5.0.7. How I can enable more verbose info to log files. I'm using same configuration as this on v.4.79 but there are no verbose info.. This is the log on v4.79 Jul 19 18:12:16 mail MailScanner[31648]: Saved archive copies of 84F7D30A045E.A9555 5032030A041D.ACE42 Jul 19 18:12:16 mail MailScanner[31648]: Filename Checks: Allowing 5032030A041D.ACE42 msg-31648-35.txt Jul 19 18:12:16 mail MailScanner[31648]: Filename Checks: Allowing 5032030A041D.ACE42 So_TeraTerm_Monitor.TTL (no rule matched) Jul 19 18:12:16 mail MailScanner[31648]: Filename Checks: Allowing 5032030A041D.ACE42 msg-31648-36.html Jul 19 18:12:28 mail MailScanner[31648]: Message 5032030A041D.ACE42 from 111.111.2.31 (dobril at mailhost.com) is whitelisted Jul 19 18:12:28 mail MailScanner[31648]: Message 5032030A041D.ACE42 from 111.111.2.31 (dobril at mailhost.com) to myhost2.net is not spam (whitelisted), SpamAssassin (not cached, score=-100.999, required 5, autolearn=disabled, ALL_TRUSTED -1.00, HTML_MESSAGE 0.00, USER_IN_WHITELIST -100.00) Jul 19 18:12:28 mail MailScanner[31648]: Delivery of nonspam: message 5032030A041D.ACE42 from dobril at mailhost.com to dobril at myhost2.net with subject A Jul 19 18:12:28 mail MailScanner[31648]: Requeue: 5032030A041D.ACE42 to 47CF430A045E This is the log on v5.0.7 Jul 19 18:12:14 mail MailScanner[1620]: New Batch: Scanning 1 messages, 4418 bytes Jul 19 18:12:14 mail MailScanner[1620]: Saved archive copies of 3B729602A6.A2E27 Jul 19 18:12:14 mail MailScanner[1620]: Virus and Content Scanning: Starting Jul 19 18:12:14 mail MailScanner[1620]: Virus Scanning completed at 13913 bytes per second Jul 19 18:12:16 mail MailScanner[1620]: Spam Checks completed at 2262 bytes per second Jul 19 18:12:16 mail MailScanner[1620]: Requeue: 3B729602A6.A2E27 to 59C206038C Jul 19 18:12:16 mail MailScanner[1620]: Uninfected: Delivered 1 messages Jul 19 18:12:16 mail postfix/qmgr[2218]: 59C206038C: from=< dobril at mailhost.com >, size=3662, nrcpt=1 (queue active) Jul 19 18:12:16 mail MailScanner[1620]: Deleted 1 messages from processing-database Jul 19 18:12:16 mail MailScanner[1620]: Batch completed at 1925 bytes per second (4418 / 2) Jul 19 18:12:16 mail MailScanner[1620]: Batch (1 message) processed in 2.29 seconds Jul 19 18:12:16 mail MailScanner[1620]: MailWatch: Logging message 3B729602A6.A2E27 to SQL Jul 19 18:12:16 mail MailScanner[1620]: "Always Looked Up Last" took 0.00 seconds I saw this info is define in /usr/share/MailScanner/perl/MailScanner/SweepOther.pm , but how I can trigger this. Dobril Dobrilov IT Manager dobril at stanga.net 43, Cherni Vrah Blvd. | 1407 Sofia - Bulgaria Phone: +359 2 81 960 69 Fax: +359 2 81 960 70 Mobile: +359 878 749 387 We shape Digital www.stanga.net We re-invent Video www.bsbvision.com We build Apps www.shanga.co We support Start-Ups www.mysbar.net -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 3762 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.jpg Type: image/jpeg Size: 1151 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image003.jpg Type: image/jpeg Size: 853 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image004.jpg Type: image/jpeg Size: 1286 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image005.jpg Type: image/jpeg Size: 930 bytes Desc: not available URL: From Eoin.Kim at rcst.com.au Fri Jul 20 04:52:39 2018 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Fri, 20 Jul 2018 04:52:39 +0000 Subject: [Question] I'd like to alter Message-ID when releasing from quarantine Message-ID: Hi all, I am trying to configure MailScanner with MailWatch on Debian 9. Sorry, I didn't want to involve MailWatch here but since I am trying to use a function from it, I included the name here. As the MTA, I installed Postfix. What I want to achieve is releasing mails from quarantine via sendmail not by a file (this is the feature from MailWatch). However, I am having a problem with this. There is a Microsoft Exchange server sitting behind this Debian host and it rejects the released email because of the duplicate Message-ID. My senior person doesn't want to enable the feature of ignoring duplicate on Exchange server. I know there is a feature in MailScanner which removes Message-ID from the mail header. However, I don't want to remove this from every single message. Are there any ways to alter Messag-ID only when the message is released from quarantine? I know that if I release emails as a file, no worries. However, I don't want to do so as there are a huge amount of users who don't use MUA. I would really appreciate if I can get any helps. Thanks a lot. Eoin Kim Systems Administrator RCS Telecommunications Level 1 - The Annexe, 133 Mary Street Brisbane, QLD, 4000, Australia Office: 07 3228 0843 Mobile: 0419 726 231 Email: eoin.kim at rcst.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Fri Jul 20 08:17:50 2018 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Fri, 20 Jul 2018 04:17:50 -0400 Subject: [Question] I'd like to alter Message-ID when releasing from quarantine In-Reply-To: References: Message-ID: Eoin, Can you create a ruleset for header removal in MailScanner (I'm not sure removing the Message-ID is a good idea, but you could give it a try)? On Fri, Jul 20, 2018 at 12:52 AM, Eoin Kim wrote: > Hi all, > > > > I am trying to configure MailScanner with MailWatch on Debian 9. Sorry, I > didn?t want to involve MailWatch here but since I am trying to use a > function from it, I included the name here. As the MTA, I installed > Postfix. What I want to achieve is releasing mails from quarantine via > sendmail not by a file (this is the feature from MailWatch). However, I am > having a problem with this. > > > > There is a Microsoft Exchange server sitting behind this Debian host and > it rejects the released email because of the duplicate Message-ID. My > senior person doesn?t want to enable the feature of ignoring duplicate on > Exchange server. I know there is a feature in MailScanner which removes > Message-ID from the mail header. However, I don?t want to remove this from > every single message. Are there any ways to alter Messag-ID only when the > message is released from quarantine? > > > > I know that if I release emails as a file, no worries. However, I don?t > want to do so as there are a huge amount of users who don?t use MUA. I > would really appreciate if I can get any helps. Thanks a lot. > > > > *Eoin Kim* > > Systems Administrator > > > > *RCS Telecommunications * > > Level 1 ? The Annexe, 133 Mary Street > > Brisbane, QLD, 4000, Australia > > Office: 07 3228 0843 > > Mobile: 0419 726 231 > > Email: eoin.kim at rcst.com.au > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From Eoin.Kim at rcst.com.au Fri Jul 20 23:24:46 2018 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Fri, 20 Jul 2018 23:24:46 +0000 Subject: [Question] I'd like to alter Message-ID when releasing from quarantine In-Reply-To: References: , Message-ID: <998be35a6552473cbeab0970b3f7823a@rcst.com.au> Hi Shawn, Thanks for your response. I was thinking about it for a while but then I have to think about the source and destination in the rule. I think I have to use FromAndTo: but I am not sure with the syntax. I guess From should be my gateway (e.g. 127.0.0.1) and To should be the IP address of the Exchange server, is it? But can I actually put these two addresses on the same line in the rule file? I always used From: or To: separately, never used FromAndTo:, hence, I may need a bit of help with the syntax. Plus, what I am acutally worrying about is when I use a rule file, if this operation happening when releasing from quarantine only because I think every email is relayed from the gateway (Ah.... I wish I could speak in English better). I also was thinking about a different approach, touching the following file - MailWatch/mailscanner/functions.php. More specifically, the line below: $cmd = QUARANTINE_SENDMAIL_PATH . ' -i -f ' . MAILWATCH_FROM_ADDR . ' ' . escapeshellarg(stripslashes($to)) . ' < '; Say, if I could execute sed operation (I actually got help, thanks Schlake) beforehand, that would be alright to me. For example, like this: 1. Run sed -i -e "/^H??Message-ID: /s/\(Message-ID: .*\)@\(.*\)/\1-$$@\2/" < 2. After that run $cmd I am not really confident with PHP, well.... actually any languages :( but I think touching functions.php file more makes sense to me because I believe this will only affect when releasing messages from quarantine, which I want. I don't want to put changing Message-ID operation in any other situations since RFC document recommends not to touch it. What do you think about this Shawn? Thanks again for your help. Eoin ________________________________ From: MailScanner on behalf of Shawn Iverson Sent: Friday, 20 July 2018 6:17 PM To: MailScanner Discussion Subject: Re: [Question] I'd like to alter Message-ID when releasing from quarantine Eoin, Can you create a ruleset for header removal in MailScanner (I'm not sure removing the Message-ID is a good idea, but you could give it a try)? On Fri, Jul 20, 2018 at 12:52 AM, Eoin Kim > wrote: Hi all, I am trying to configure MailScanner with MailWatch on Debian 9. Sorry, I didn't want to involve MailWatch here but since I am trying to use a function from it, I included the name here. As the MTA, I installed Postfix. What I want to achieve is releasing mails from quarantine via sendmail not by a file (this is the feature from MailWatch). However, I am having a problem with this. There is a Microsoft Exchange server sitting behind this Debian host and it rejects the released email because of the duplicate Message-ID. My senior person doesn't want to enable the feature of ignoring duplicate on Exchange server. I know there is a feature in MailScanner which removes Message-ID from the mail header. However, I don't want to remove this from every single message. Are there any ways to alter Messag-ID only when the message is released from quarantine? I know that if I release emails as a file, no worries. However, I don't want to do so as there are a huge amount of users who don't use MUA. I would really appreciate if I can get any helps. Thanks a lot. Eoin Kim Systems Administrator RCS Telecommunications Level 1 - The Annexe, 133 Mary Street Brisbane, QLD, 4000, Australia Office: 07 3228 0843 Mobile: 0419 726 231 Email: eoin.kim at rcst.com.au -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us [https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_cy1OZFNIZ0drYVU&revid=0Bw5iD0ToYvs_UitIcHVIWkJVVTl2VGpxVUE0d0FQcHBIRXk4PQ][https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_Zkh4eEs3R01yWXc&revid=0Bw5iD0ToYvs_QWpBK2Y2ajJtYjhOMDRFekZwK2xOamk5Q3Y0PQ] [https://docs.google.com/uc?export=download&id=1aBrlQou4gjB04FY-twHN_0Dn3GHVNxqa&revid=0Bw5iD0ToYvs_RnQ0eDhHcm95WHBFdkNRbXhQRXpoYkR6SEEwPQ] -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Mon Jul 23 14:39:40 2018 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Mon, 23 Jul 2018 10:39:40 -0400 Subject: [Question] I'd like to alter Message-ID when releasing from quarantine In-Reply-To: <998be35a6552473cbeab0970b3f7823a@rcst.com.au> References: <998be35a6552473cbeab0970b3f7823a@rcst.com.au> Message-ID: Eoin, I think that would be a safer route to take. It would be nice if you could just generate a new message ID, but I know the semantics of the message IDs are a little complex. On Fri, Jul 20, 2018 at 7:24 PM, Eoin Kim wrote: > Hi Shawn, > > > Thanks for your response. I was thinking about it for a while but then I > have to think about the source and destination in the rule. I think I have > to use FromAndTo: but I am not sure with the syntax. I guess From should be > my gateway (e.g. 127.0.0.1) and To should be the IP address of the Exchange > server, is it? But can I actually put these two addresses on the same line > in the rule file? I always used From: or To: separately, never used > FromAndTo:, hence, I may need a bit of help with the syntax. Plus, what I > am acutally worrying about is when I use a rule file, if this operation > happening when releasing from quarantine only because I think every email > is relayed from the gateway (Ah.... I wish I could speak in English better). > > I also was thinking about a different approach, touching the following > file - * MailWatch/mailscanner/functions.php*. More specifically, the > line below: > > $cmd = QUARANTINE_SENDMAIL_PATH . ' -i -f ' . MAILWATCH_FROM_ADDR . ' ' . > escapeshellarg(stripslashes($to)) . ' < '; > > > Say, if I could execute sed operation (I actually got help, thanks > Schlake) beforehand, that would be alright to me. For example, like this: > > > 1. Run sed -i -e "/^H??Message-ID: /s/\(Message-ID: > .*\)@\(.*\)/\1-$$@\2/" < > 2. After that run $cmd > > > I am not really confident with PHP, well.... actually any languages :( but > I think touching *functions.php* file more makes sense to me because I > believe this will only affect when releasing messages from quarantine, > which I want. I don't want to put changing Message-ID operation in any > other situations since RFC document recommends not to touch it. > > What do you think about this Shawn? Thanks again for your help. > > Eoin > ------------------------------ > *From:* MailScanner rcst.com.au at lists.mailscanner.info> on behalf of Shawn Iverson < > iversons at rushville.k12.in.us> > *Sent:* Friday, 20 July 2018 6:17 PM > *To:* MailScanner Discussion > *Subject:* Re: [Question] I'd like to alter Message-ID when releasing > from quarantine > > Eoin, > > Can you create a ruleset for header removal in MailScanner (I'm not sure > removing the Message-ID is a good idea, but you could give it a try)? > > On Fri, Jul 20, 2018 at 12:52 AM, Eoin Kim wrote: > >> Hi all, >> >> >> >> I am trying to configure MailScanner with MailWatch on Debian 9. Sorry, I >> didn?t want to involve MailWatch here but since I am trying to use a >> function from it, I included the name here. As the MTA, I installed >> Postfix. What I want to achieve is releasing mails from quarantine via >> sendmail not by a file (this is the feature from MailWatch). However, I am >> having a problem with this. >> >> >> >> There is a Microsoft Exchange server sitting behind this Debian host and >> it rejects the released email because of the duplicate Message-ID. My >> senior person doesn?t want to enable the feature of ignoring duplicate on >> Exchange server. I know there is a feature in MailScanner which removes >> Message-ID from the mail header. However, I don?t want to remove this from >> every single message. Are there any ways to alter Messag-ID only when the >> message is released from quarantine? >> >> >> >> I know that if I release emails as a file, no worries. However, I don?t >> want to do so as there are a huge amount of users who don?t use MUA. I >> would really appreciate if I can get any helps. Thanks a lot. >> >> >> >> *Eoin Kim* >> >> Systems Administrator >> >> >> >> *RCS Telecommunications * >> >> Level 1 ? The Annexe, 133 Mary Street >> >> Brisbane, QLD, 4000, Australia >> >> Office: 07 3228 0843 >> >> Mobile: 0419 726 231 >> >> Email: eoin.kim at rcst.com.au >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> > > > -- > Shawn Iverson, CETL > Director of Technology > Rush County Schools > 765-932-3901 x1171 > iversons at rushville.k12.in.us > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From Eoin.Kim at rcst.com.au Mon Jul 23 21:21:14 2018 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Mon, 23 Jul 2018 21:21:14 +0000 Subject: [Question] I'd like to alter Message-ID when releasing from quarantine In-Reply-To: References: <998be35a6552473cbeab0970b3f7823a@rcst.com.au> Message-ID: <52eb4e3ab28543bf9a6863381708e696@rcst.com.au> Hi Shawn, Thanks again. So, now I have to find a way to put that sed operation somehow into PHP code. I believe the PHP code is feeding a message to sendmail command as a file by looking at it. Are there any easy ways to insert that snippet somehow? Sorry, I am really not confident with computer languages ?. Cheers. Eoin From: MailScanner On Behalf Of Shawn Iverson Sent: Tuesday, 24 July 2018 12:40 AM To: MailScanner Discussion Subject: Re: [Question] I'd like to alter Message-ID when releasing from quarantine Eoin, I think that would be a safer route to take. It would be nice if you could just generate a new message ID, but I know the semantics of the message IDs are a little complex. On Fri, Jul 20, 2018 at 7:24 PM, Eoin Kim > wrote: Hi Shawn, Thanks for your response. I was thinking about it for a while but then I have to think about the source and destination in the rule. I think I have to use FromAndTo: but I am not sure with the syntax. I guess From should be my gateway (e.g. 127.0.0.1) and To should be the IP address of the Exchange server, is it? But can I actually put these two addresses on the same line in the rule file? I always used From: or To: separately, never used FromAndTo:, hence, I may need a bit of help with the syntax. Plus, what I am acutally worrying about is when I use a rule file, if this operation happening when releasing from quarantine only because I think every email is relayed from the gateway (Ah.... I wish I could speak in English better). I also was thinking about a different approach, touching the following file - MailWatch/mailscanner/functions.php. More specifically, the line below: $cmd = QUARANTINE_SENDMAIL_PATH . ' -i -f ' . MAILWATCH_FROM_ADDR . ' ' . escapeshellarg(stripslashes($to)) . ' < '; Say, if I could execute sed operation (I actually got help, thanks Schlake) beforehand, that would be alright to me. For example, like this: 1. Run sed -i -e "/^H??Message-ID: /s/\(Message-ID: .*\)@\(.*\)/\1-$$@\2/" < 2. After that run $cmd I am not really confident with PHP, well.... actually any languages :( but I think touching functions.php file more makes sense to me because I believe this will only affect when releasing messages from quarantine, which I want. I don't want to put changing Message-ID operation in any other situations since RFC document recommends not to touch it. What do you think about this Shawn? Thanks again for your help. Eoin ________________________________ From: MailScanner > on behalf of Shawn Iverson > Sent: Friday, 20 July 2018 6:17 PM To: MailScanner Discussion Subject: Re: [Question] I'd like to alter Message-ID when releasing from quarantine Eoin, Can you create a ruleset for header removal in MailScanner (I'm not sure removing the Message-ID is a good idea, but you could give it a try)? On Fri, Jul 20, 2018 at 12:52 AM, Eoin Kim > wrote: Hi all, I am trying to configure MailScanner with MailWatch on Debian 9. Sorry, I didn?t want to involve MailWatch here but since I am trying to use a function from it, I included the name here. As the MTA, I installed Postfix. What I want to achieve is releasing mails from quarantine via sendmail not by a file (this is the feature from MailWatch). However, I am having a problem with this. There is a Microsoft Exchange server sitting behind this Debian host and it rejects the released email because of the duplicate Message-ID. My senior person doesn?t want to enable the feature of ignoring duplicate on Exchange server. I know there is a feature in MailScanner which removes Message-ID from the mail header. However, I don?t want to remove this from every single message. Are there any ways to alter Messag-ID only when the message is released from quarantine? I know that if I release emails as a file, no worries. However, I don?t want to do so as there are a huge amount of users who don?t use MUA. I would really appreciate if I can get any helps. Thanks a lot. Eoin Kim Systems Administrator RCS Telecommunications Level 1 ? The Annexe, 133 Mary Street Brisbane, QLD, 4000, Australia Office: 07 3228 0843 Mobile: 0419 726 231 Email: eoin.kim at rcst.com.au -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us [Image removed by sender.][Image removed by sender.] [Image removed by sender.] -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us [Image removed by sender.][Image removed by sender.] [Image removed by sender.] -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ~WRD000.jpg Type: image/jpeg Size: 823 bytes Desc: ~WRD000.jpg URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 440 bytes Desc: image001.jpg URL: From richard at fastnet.co.uk Mon Jul 23 21:29:57 2018 From: richard at fastnet.co.uk (Richard Mealing) Date: Mon, 23 Jul 2018 21:29:57 +0000 Subject: [Question] I'd like to alter Message-ID when releasing from quarantine In-Reply-To: <52eb4e3ab28543bf9a6863381708e696@rcst.com.au> References: <998be35a6552473cbeab0970b3f7823a@rcst.com.au> <52eb4e3ab28543bf9a6863381708e696@rcst.com.au> Message-ID: <6EE47AF64C339A4F8F7F50507241B37976028C1A@BTN-EXCHANGE-V1.fastnet.local> Hi Eoin, When you release a message you can just have the original email wrapped up as an attachment and sent from a completely new email message ID. You put the email back into the queue for processing, so it will be a new message ID (in sendmail). Sorry, am I missing something? I would not play with functions.php unless you use some include or something, since mailwatch is being fairly actively developed on github, so if you upgrade your changes will be lost. I would suggest you create an issue on that page if you wanted to include some new feature, but then I guess I don?t really understand the issue you are facing. Thanks, Rich From: MailScanner On Behalf Of Eoin Kim Sent: Monday, July 23, 2018 22:21 To: MailScanner Discussion Subject: RE: [Question] I'd like to alter Message-ID when releasing from quarantine Hi Shawn, Thanks again. So, now I have to find a way to put that sed operation somehow into PHP code. I believe the PHP code is feeding a message to sendmail command as a file by looking at it. Are there any easy ways to insert that snippet somehow? Sorry, I am really not confident with computer languages ?. Cheers. Eoin From: MailScanner > On Behalf Of Shawn Iverson Sent: Tuesday, 24 July 2018 12:40 AM To: MailScanner Discussion > Subject: Re: [Question] I'd like to alter Message-ID when releasing from quarantine Eoin, I think that would be a safer route to take. It would be nice if you could just generate a new message ID, but I know the semantics of the message IDs are a little complex. On Fri, Jul 20, 2018 at 7:24 PM, Eoin Kim > wrote: Hi Shawn, Thanks for your response. I was thinking about it for a while but then I have to think about the source and destination in the rule. I think I have to use FromAndTo: but I am not sure with the syntax. I guess From should be my gateway (e.g. 127.0.0.1) and To should be the IP address of the Exchange server, is it? But can I actually put these two addresses on the same line in the rule file? I always used From: or To: separately, never used FromAndTo:, hence, I may need a bit of help with the syntax. Plus, what I am acutally worrying about is when I use a rule file, if this operation happening when releasing from quarantine only because I think every email is relayed from the gateway (Ah.... I wish I could speak in English better). I also was thinking about a different approach, touching the following file - MailWatch/mailscanner/functions.php. More specifically, the line below: $cmd = QUARANTINE_SENDMAIL_PATH . ' -i -f ' . MAILWATCH_FROM_ADDR . ' ' . escapeshellarg(stripslashes($to)) . ' < '; Say, if I could execute sed operation (I actually got help, thanks Schlake) beforehand, that would be alright to me. For example, like this: 1. Run sed -i -e "/^H??Message-ID: /s/\(Message-ID: .*\)@\(.*\)/\1-$$@\2/" < 2. After that run $cmd I am not really confident with PHP, well.... actually any languages :( but I think touching functions.php file more makes sense to me because I believe this will only affect when releasing messages from quarantine, which I want. I don't want to put changing Message-ID operation in any other situations since RFC document recommends not to touch it. What do you think about this Shawn? Thanks again for your help. Eoin ________________________________ From: MailScanner > on behalf of Shawn Iverson > Sent: Friday, 20 July 2018 6:17 PM To: MailScanner Discussion Subject: Re: [Question] I'd like to alter Message-ID when releasing from quarantine Eoin, Can you create a ruleset for header removal in MailScanner (I'm not sure removing the Message-ID is a good idea, but you could give it a try)? On Fri, Jul 20, 2018 at 12:52 AM, Eoin Kim > wrote: Hi all, I am trying to configure MailScanner with MailWatch on Debian 9. Sorry, I didn?t want to involve MailWatch here but since I am trying to use a function from it, I included the name here. As the MTA, I installed Postfix. What I want to achieve is releasing mails from quarantine via sendmail not by a file (this is the feature from MailWatch). However, I am having a problem with this. There is a Microsoft Exchange server sitting behind this Debian host and it rejects the released email because of the duplicate Message-ID. My senior person doesn?t want to enable the feature of ignoring duplicate on Exchange server. I know there is a feature in MailScanner which removes Message-ID from the mail header. However, I don?t want to remove this from every single message. Are there any ways to alter Messag-ID only when the message is released from quarantine? I know that if I release emails as a file, no worries. However, I don?t want to do so as there are a huge amount of users who don?t use MUA. I would really appreciate if I can get any helps. Thanks a lot. Eoin Kim Systems Administrator RCS Telecommunications Level 1 ? The Annexe, 133 Mary Street Brisbane, QLD, 4000, Australia Office: 07 3228 0843 Mobile: 0419 726 231 Email: eoin.kim at rcst.com.au -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us [Image removed by sender.][Image removed by sender.] [Image removed by sender.] -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us [Image removed by sender.][Image removed by sender.] [Image removed by sender.] -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.jpg Type: image/jpeg Size: 823 bytes Desc: image002.jpg URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image003.jpg Type: image/jpeg Size: 440 bytes Desc: image003.jpg URL: From Eoin.Kim at rcst.com.au Mon Jul 23 21:47:50 2018 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Mon, 23 Jul 2018 21:47:50 +0000 Subject: [Question] I'd like to alter Message-ID when releasing from quarantine In-Reply-To: <6EE47AF64C339A4F8F7F50507241B37976028C1A@BTN-EXCHANGE-V1.fastnet.local> References: <998be35a6552473cbeab0970b3f7823a@rcst.com.au> <52eb4e3ab28543bf9a6863381708e696@rcst.com.au> <6EE47AF64C339A4F8F7F50507241B37976028C1A@BTN-EXCHANGE-V1.fastnet.local> Message-ID: <32b13a84b63246dc9000e49064404501@rcst.com.au> Hi Rich, The problem I am having is when I release a message from quarantine using sendmail, the Exchange server doesn?t want to deliver it due to the duplicate Message-ID. I know that there is an option to release as a file but I don?t want to use it since there are many users don?t have MUA in the company. Also, my MTA is not actually sendmail, it?s Postfix. I am not sure if the sendmail binary installed with Postfix is the same thing or not but it is using Postfix queue. And yes, you are right. If I upgrade it, it will be gone. Therefore, I am trying to avoid and stick with the version I downloaded. My apologies for bringing MailWatch related topic to MailScanner. I actually wrote other post into MailWatch mailing list but it looks like the mailing list is recently quiet? Or maybe just my post is not getting any responses. Hope this explains my situation. Thanks again. Eoin From: MailScanner On Behalf Of Richard Mealing Sent: Tuesday, 24 July 2018 7:30 AM To: MailScanner Discussion Subject: RE: [Question] I'd like to alter Message-ID when releasing from quarantine Hi Eoin, When you release a message you can just have the original email wrapped up as an attachment and sent from a completely new email message ID. You put the email back into the queue for processing, so it will be a new message ID (in sendmail). Sorry, am I missing something? I would not play with functions.php unless you use some include or something, since mailwatch is being fairly actively developed on github, so if you upgrade your changes will be lost. I would suggest you create an issue on that page if you wanted to include some new feature, but then I guess I don?t really understand the issue you are facing. Thanks, Rich From: MailScanner > On Behalf Of Eoin Kim Sent: Monday, July 23, 2018 22:21 To: MailScanner Discussion > Subject: RE: [Question] I'd like to alter Message-ID when releasing from quarantine Hi Shawn, Thanks again. So, now I have to find a way to put that sed operation somehow into PHP code. I believe the PHP code is feeding a message to sendmail command as a file by looking at it. Are there any easy ways to insert that snippet somehow? Sorry, I am really not confident with computer languages ?. Cheers. Eoin From: MailScanner > On Behalf Of Shawn Iverson Sent: Tuesday, 24 July 2018 12:40 AM To: MailScanner Discussion > Subject: Re: [Question] I'd like to alter Message-ID when releasing from quarantine Eoin, I think that would be a safer route to take. It would be nice if you could just generate a new message ID, but I know the semantics of the message IDs are a little complex. On Fri, Jul 20, 2018 at 7:24 PM, Eoin Kim > wrote: Hi Shawn, Thanks for your response. I was thinking about it for a while but then I have to think about the source and destination in the rule. I think I have to use FromAndTo: but I am not sure with the syntax. I guess From should be my gateway (e.g. 127.0.0.1) and To should be the IP address of the Exchange server, is it? But can I actually put these two addresses on the same line in the rule file? I always used From: or To: separately, never used FromAndTo:, hence, I may need a bit of help with the syntax. Plus, what I am acutally worrying about is when I use a rule file, if this operation happening when releasing from quarantine only because I think every email is relayed from the gateway (Ah.... I wish I could speak in English better). I also was thinking about a different approach, touching the following file - MailWatch/mailscanner/functions.php. More specifically, the line below: $cmd = QUARANTINE_SENDMAIL_PATH . ' -i -f ' . MAILWATCH_FROM_ADDR . ' ' . escapeshellarg(stripslashes($to)) . ' < '; Say, if I could execute sed operation (I actually got help, thanks Schlake) beforehand, that would be alright to me. For example, like this: 1. Run sed -i -e "/^H??Message-ID: /s/\(Message-ID: .*\)@\(.*\)/\1-$$@\2/" < 2. After that run $cmd I am not really confident with PHP, well.... actually any languages :( but I think touching functions.php file more makes sense to me because I believe this will only affect when releasing messages from quarantine, which I want. I don't want to put changing Message-ID operation in any other situations since RFC document recommends not to touch it. What do you think about this Shawn? Thanks again for your help. Eoin ________________________________ From: MailScanner > on behalf of Shawn Iverson > Sent: Friday, 20 July 2018 6:17 PM To: MailScanner Discussion Subject: Re: [Question] I'd like to alter Message-ID when releasing from quarantine Eoin, Can you create a ruleset for header removal in MailScanner (I'm not sure removing the Message-ID is a good idea, but you could give it a try)? On Fri, Jul 20, 2018 at 12:52 AM, Eoin Kim > wrote: Hi all, I am trying to configure MailScanner with MailWatch on Debian 9. Sorry, I didn?t want to involve MailWatch here but since I am trying to use a function from it, I included the name here. As the MTA, I installed Postfix. What I want to achieve is releasing mails from quarantine via sendmail not by a file (this is the feature from MailWatch). However, I am having a problem with this. There is a Microsoft Exchange server sitting behind this Debian host and it rejects the released email because of the duplicate Message-ID. My senior person doesn?t want to enable the feature of ignoring duplicate on Exchange server. I know there is a feature in MailScanner which removes Message-ID from the mail header. However, I don?t want to remove this from every single message. Are there any ways to alter Messag-ID only when the message is released from quarantine? I know that if I release emails as a file, no worries. However, I don?t want to do so as there are a huge amount of users who don?t use MUA. I would really appreciate if I can get any helps. Thanks a lot. Eoin Kim Systems Administrator RCS Telecommunications Level 1 ? The Annexe, 133 Mary Street Brisbane, QLD, 4000, Australia Office: 07 3228 0843 Mobile: 0419 726 231 Email: eoin.kim at rcst.com.au -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us [Image removed by sender.][Image removed by sender.] [Image removed by sender.] -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us [Image removed by sender.][Image removed by sender.] [Image removed by sender.] -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 823 bytes Desc: image001.jpg URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.jpg Type: image/jpeg Size: 440 bytes Desc: image002.jpg URL: From richard at fastnet.co.uk Mon Jul 23 22:07:55 2018 From: richard at fastnet.co.uk (Richard Mealing) Date: Mon, 23 Jul 2018 22:07:55 +0000 Subject: [Question] I'd like to alter Message-ID when releasing from quarantine In-Reply-To: <32b13a84b63246dc9000e49064404501@rcst.com.au> References: <998be35a6552473cbeab0970b3f7823a@rcst.com.au> <52eb4e3ab28543bf9a6863381708e696@rcst.com.au> <6EE47AF64C339A4F8F7F50507241B37976028C1A@BTN-EXCHANGE-V1.fastnet.local> <32b13a84b63246dc9000e49064404501@rcst.com.au> Message-ID: <6EE47AF64C339A4F8F7F50507241B37976028D4B@BTN-EXCHANGE-V1.fastnet.local> Hi Eoin, Do your users without mua work on webmail only? If so, they should still be able to open attachments. Or are you referring to some ticket system or something else (.. for the no mua situation). If the email is released to the mailbox, you would ideally want a message delivered with that email to explain how dangerous it might be to open ? This should work - Quarantine Infections = yes Quarantine Silent Viruses = yes Quarantine Modified Body = no Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = no I am using pure sendmail and I haven?t ever made a postfix version before so I?ll leave that up to others to comment. Thanks, Rich From: MailScanner On Behalf Of Eoin Kim Sent: Monday, July 23, 2018 22:48 To: MailScanner Discussion Subject: RE: [Question] I'd like to alter Message-ID when releasing from quarantine Hi Rich, The problem I am having is when I release a message from quarantine using sendmail, the Exchange server doesn?t want to deliver it due to the duplicate Message-ID. I know that there is an option to release as a file but I don?t want to use it since there are many users don?t have MUA in the company. Also, my MTA is not actually sendmail, it?s Postfix. I am not sure if the sendmail binary installed with Postfix is the same thing or not but it is using Postfix queue. And yes, you are right. If I upgrade it, it will be gone. Therefore, I am trying to avoid and stick with the version I downloaded. My apologies for bringing MailWatch related topic to MailScanner. I actually wrote other post into MailWatch mailing list but it looks like the mailing list is recently quiet? Or maybe just my post is not getting any responses. Hope this explains my situation. Thanks again. Eoin From: MailScanner > On Behalf Of Richard Mealing Sent: Tuesday, 24 July 2018 7:30 AM To: MailScanner Discussion > Subject: RE: [Question] I'd like to alter Message-ID when releasing from quarantine Hi Eoin, When you release a message you can just have the original email wrapped up as an attachment and sent from a completely new email message ID. You put the email back into the queue for processing, so it will be a new message ID (in sendmail). Sorry, am I missing something? I would not play with functions.php unless you use some include or something, since mailwatch is being fairly actively developed on github, so if you upgrade your changes will be lost. I would suggest you create an issue on that page if you wanted to include some new feature, but then I guess I don?t really understand the issue you are facing. Thanks, Rich From: MailScanner > On Behalf Of Eoin Kim Sent: Monday, July 23, 2018 22:21 To: MailScanner Discussion > Subject: RE: [Question] I'd like to alter Message-ID when releasing from quarantine Hi Shawn, Thanks again. So, now I have to find a way to put that sed operation somehow into PHP code. I believe the PHP code is feeding a message to sendmail command as a file by looking at it. Are there any easy ways to insert that snippet somehow? Sorry, I am really not confident with computer languages ?. Cheers. Eoin From: MailScanner > On Behalf Of Shawn Iverson Sent: Tuesday, 24 July 2018 12:40 AM To: MailScanner Discussion > Subject: Re: [Question] I'd like to alter Message-ID when releasing from quarantine Eoin, I think that would be a safer route to take. It would be nice if you could just generate a new message ID, but I know the semantics of the message IDs are a little complex. On Fri, Jul 20, 2018 at 7:24 PM, Eoin Kim > wrote: Hi Shawn, Thanks for your response. I was thinking about it for a while but then I have to think about the source and destination in the rule. I think I have to use FromAndTo: but I am not sure with the syntax. I guess From should be my gateway (e.g. 127.0.0.1) and To should be the IP address of the Exchange server, is it? But can I actually put these two addresses on the same line in the rule file? I always used From: or To: separately, never used FromAndTo:, hence, I may need a bit of help with the syntax. Plus, what I am acutally worrying about is when I use a rule file, if this operation happening when releasing from quarantine only because I think every email is relayed from the gateway (Ah.... I wish I could speak in English better). I also was thinking about a different approach, touching the following file - MailWatch/mailscanner/functions.php. More specifically, the line below: $cmd = QUARANTINE_SENDMAIL_PATH . ' -i -f ' . MAILWATCH_FROM_ADDR . ' ' . escapeshellarg(stripslashes($to)) . ' < '; Say, if I could execute sed operation (I actually got help, thanks Schlake) beforehand, that would be alright to me. For example, like this: 1. Run sed -i -e "/^H??Message-ID: /s/\(Message-ID: .*\)@\(.*\)/\1-$$@\2/" < 2. After that run $cmd I am not really confident with PHP, well.... actually any languages :( but I think touching functions.php file more makes sense to me because I believe this will only affect when releasing messages from quarantine, which I want. I don't want to put changing Message-ID operation in any other situations since RFC document recommends not to touch it. What do you think about this Shawn? Thanks again for your help. Eoin ________________________________ From: MailScanner > on behalf of Shawn Iverson > Sent: Friday, 20 July 2018 6:17 PM To: MailScanner Discussion Subject: Re: [Question] I'd like to alter Message-ID when releasing from quarantine Eoin, Can you create a ruleset for header removal in MailScanner (I'm not sure removing the Message-ID is a good idea, but you could give it a try)? On Fri, Jul 20, 2018 at 12:52 AM, Eoin Kim > wrote: Hi all, I am trying to configure MailScanner with MailWatch on Debian 9. Sorry, I didn?t want to involve MailWatch here but since I am trying to use a function from it, I included the name here. As the MTA, I installed Postfix. What I want to achieve is releasing mails from quarantine via sendmail not by a file (this is the feature from MailWatch). However, I am having a problem with this. There is a Microsoft Exchange server sitting behind this Debian host and it rejects the released email because of the duplicate Message-ID. My senior person doesn?t want to enable the feature of ignoring duplicate on Exchange server. I know there is a feature in MailScanner which removes Message-ID from the mail header. However, I don?t want to remove this from every single message. Are there any ways to alter Messag-ID only when the message is released from quarantine? I know that if I release emails as a file, no worries. However, I don?t want to do so as there are a huge amount of users who don?t use MUA. I would really appreciate if I can get any helps. Thanks a lot. Eoin Kim Systems Administrator RCS Telecommunications Level 1 ? The Annexe, 133 Mary Street Brisbane, QLD, 4000, Australia Office: 07 3228 0843 Mobile: 0419 726 231 Email: eoin.kim at rcst.com.au -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us [Image removed by sender.][Image removed by sender.] [Image removed by sender.] -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us [Image removed by sender.][Image removed by sender.] [Image removed by sender.] -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 823 bytes Desc: image001.jpg URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.jpg Type: image/jpeg Size: 440 bytes Desc: image002.jpg URL: From Eoin.Kim at rcst.com.au Mon Jul 23 22:22:02 2018 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Mon, 23 Jul 2018 22:22:02 +0000 Subject: [Question] I'd like to alter Message-ID when releasing from quarantine In-Reply-To: <6EE47AF64C339A4F8F7F50507241B37976028D4B@BTN-EXCHANGE-V1.fastnet.local> References: <998be35a6552473cbeab0970b3f7823a@rcst.com.au> <52eb4e3ab28543bf9a6863381708e696@rcst.com.au> <6EE47AF64C339A4F8F7F50507241B37976028C1A@BTN-EXCHANGE-V1.fastnet.local> <32b13a84b63246dc9000e49064404501@rcst.com.au> <6EE47AF64C339A4F8F7F50507241B37976028D4B@BTN-EXCHANGE-V1.fastnet.local> Message-ID: <7112daeae5bd48f5a26e82f96c058c5d@rcst.com.au> Hi Rich, Thanks for your response. So, what is currently happening is when messages get quarantined, receivers get a warning message from MailScanner beforehand. Then, they send a mail (if the quarantined mails or attachments are legitimate) to me and I release so I probably don?t want to explain again during release. And, I might be wrong but users actually couldn?t open the file when released as a file. Users with MUA (for example, Outlook) could read the message when they download and rename it (e.g. message to message.eml) but non MUA users not. I am pretty sure the configuration is the same as you wrote. Wish I would be capable enough to use pure sendmail ? Thanks very much. Eoin From: MailScanner On Behalf Of Richard Mealing Sent: Tuesday, 24 July 2018 8:08 AM To: MailScanner Discussion Subject: RE: [Question] I'd like to alter Message-ID when releasing from quarantine Hi Eoin, Do your users without mua work on webmail only? If so, they should still be able to open attachments. Or are you referring to some ticket system or something else (.. for the no mua situation). If the email is released to the mailbox, you would ideally want a message delivered with that email to explain how dangerous it might be to open ? This should work - Quarantine Infections = yes Quarantine Silent Viruses = yes Quarantine Modified Body = no Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = no I am using pure sendmail and I haven?t ever made a postfix version before so I?ll leave that up to others to comment. Thanks, Rich From: MailScanner > On Behalf Of Eoin Kim Sent: Monday, July 23, 2018 22:48 To: MailScanner Discussion > Subject: RE: [Question] I'd like to alter Message-ID when releasing from quarantine Hi Rich, The problem I am having is when I release a message from quarantine using sendmail, the Exchange server doesn?t want to deliver it due to the duplicate Message-ID. I know that there is an option to release as a file but I don?t want to use it since there are many users don?t have MUA in the company. Also, my MTA is not actually sendmail, it?s Postfix. I am not sure if the sendmail binary installed with Postfix is the same thing or not but it is using Postfix queue. And yes, you are right. If I upgrade it, it will be gone. Therefore, I am trying to avoid and stick with the version I downloaded. My apologies for bringing MailWatch related topic to MailScanner. I actually wrote other post into MailWatch mailing list but it looks like the mailing list is recently quiet? Or maybe just my post is not getting any responses. Hope this explains my situation. Thanks again. Eoin From: MailScanner > On Behalf Of Richard Mealing Sent: Tuesday, 24 July 2018 7:30 AM To: MailScanner Discussion > Subject: RE: [Question] I'd like to alter Message-ID when releasing from quarantine Hi Eoin, When you release a message you can just have the original email wrapped up as an attachment and sent from a completely new email message ID. You put the email back into the queue for processing, so it will be a new message ID (in sendmail). Sorry, am I missing something? I would not play with functions.php unless you use some include or something, since mailwatch is being fairly actively developed on github, so if you upgrade your changes will be lost. I would suggest you create an issue on that page if you wanted to include some new feature, but then I guess I don?t really understand the issue you are facing. Thanks, Rich From: MailScanner > On Behalf Of Eoin Kim Sent: Monday, July 23, 2018 22:21 To: MailScanner Discussion > Subject: RE: [Question] I'd like to alter Message-ID when releasing from quarantine Hi Shawn, Thanks again. So, now I have to find a way to put that sed operation somehow into PHP code. I believe the PHP code is feeding a message to sendmail command as a file by looking at it. Are there any easy ways to insert that snippet somehow? Sorry, I am really not confident with computer languages ?. Cheers. Eoin From: MailScanner > On Behalf Of Shawn Iverson Sent: Tuesday, 24 July 2018 12:40 AM To: MailScanner Discussion > Subject: Re: [Question] I'd like to alter Message-ID when releasing from quarantine Eoin, I think that would be a safer route to take. It would be nice if you could just generate a new message ID, but I know the semantics of the message IDs are a little complex. On Fri, Jul 20, 2018 at 7:24 PM, Eoin Kim > wrote: Hi Shawn, Thanks for your response. I was thinking about it for a while but then I have to think about the source and destination in the rule. I think I have to use FromAndTo: but I am not sure with the syntax. I guess From should be my gateway (e.g. 127.0.0.1) and To should be the IP address of the Exchange server, is it? But can I actually put these two addresses on the same line in the rule file? I always used From: or To: separately, never used FromAndTo:, hence, I may need a bit of help with the syntax. Plus, what I am acutally worrying about is when I use a rule file, if this operation happening when releasing from quarantine only because I think every email is relayed from the gateway (Ah.... I wish I could speak in English better). I also was thinking about a different approach, touching the following file - MailWatch/mailscanner/functions.php. More specifically, the line below: $cmd = QUARANTINE_SENDMAIL_PATH . ' -i -f ' . MAILWATCH_FROM_ADDR . ' ' . escapeshellarg(stripslashes($to)) . ' < '; Say, if I could execute sed operation (I actually got help, thanks Schlake) beforehand, that would be alright to me. For example, like this: 1. Run sed -i -e "/^H??Message-ID: /s/\(Message-ID: .*\)@\(.*\)/\1-$$@\2/" < 2. After that run $cmd I am not really confident with PHP, well.... actually any languages :( but I think touching functions.php file more makes sense to me because I believe this will only affect when releasing messages from quarantine, which I want. I don't want to put changing Message-ID operation in any other situations since RFC document recommends not to touch it. What do you think about this Shawn? Thanks again for your help. Eoin ________________________________ From: MailScanner > on behalf of Shawn Iverson > Sent: Friday, 20 July 2018 6:17 PM To: MailScanner Discussion Subject: Re: [Question] I'd like to alter Message-ID when releasing from quarantine Eoin, Can you create a ruleset for header removal in MailScanner (I'm not sure removing the Message-ID is a good idea, but you could give it a try)? On Fri, Jul 20, 2018 at 12:52 AM, Eoin Kim > wrote: Hi all, I am trying to configure MailScanner with MailWatch on Debian 9. Sorry, I didn?t want to involve MailWatch here but since I am trying to use a function from it, I included the name here. As the MTA, I installed Postfix. What I want to achieve is releasing mails from quarantine via sendmail not by a file (this is the feature from MailWatch). However, I am having a problem with this. There is a Microsoft Exchange server sitting behind this Debian host and it rejects the released email because of the duplicate Message-ID. My senior person doesn?t want to enable the feature of ignoring duplicate on Exchange server. I know there is a feature in MailScanner which removes Message-ID from the mail header. However, I don?t want to remove this from every single message. Are there any ways to alter Messag-ID only when the message is released from quarantine? I know that if I release emails as a file, no worries. However, I don?t want to do so as there are a huge amount of users who don?t use MUA. I would really appreciate if I can get any helps. Thanks a lot. Eoin Kim Systems Administrator RCS Telecommunications Level 1 ? The Annexe, 133 Mary Street Brisbane, QLD, 4000, Australia Office: 07 3228 0843 Mobile: 0419 726 231 Email: eoin.kim at rcst.com.au -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us [Image removed by sender.][Image removed by sender.] [Image removed by sender.] -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us [Image removed by sender.][Image removed by sender.] [Image removed by sender.] -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 823 bytes Desc: image001.jpg URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.jpg Type: image/jpeg Size: 440 bytes Desc: image002.jpg URL: From pramod at mindspring.co.za Thu Jul 26 07:03:18 2018 From: pramod at mindspring.co.za (Pramod Daya) Date: Thu, 26 Jul 2018 07:03:18 +0000 Subject: Phishing Whitelisting entries not working Message-ID: Hi, I'm using the latest version of ms-update-phishing to download phishing lists, and putting whitelisted sites into /etc/MailScanner/phishing.safe.sites.custom. They get merged with phishing.safe.sites.conf when ms-update-phishing runs. However, email from sites that I whitelist still get a {Disarmed} tag. I've tried adding user at site.com , .site.com, *.site.com, but I'm not winning. Any pearls of wisdom, please ? Tnx, Pramod -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5538 bytes Desc: not available URL: From iversons at rushville.k12.in.us Thu Jul 26 13:46:55 2018 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Thu, 26 Jul 2018 09:46:55 -0400 Subject: Phishing Whitelisting entries not working In-Reply-To: References: Message-ID: Version of mailscanner? On Thu, Jul 26, 2018, 3:03 AM Pramod Daya wrote: > Hi, > > > > I?m using the latest version of ms-update-phishing to download phishing > lists, and putting whitelisted sites into > /etc/MailScanner/phishing.safe.sites.custom. They get merged with > phishing.safe.sites.conf when ms-update-phishing runs. > > > > However, email from sites that I whitelist still get a {Disarmed} tag. > > > > I?ve tried adding user at site.com, .site.com, *.site.com, but I?m not > winning. > > > > Any pearls of wisdom, please ? > > > > Tnx, > > Pramod > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From pramod at mindspring.co.za Thu Jul 26 14:11:09 2018 From: pramod at mindspring.co.za (Pramod Daya) Date: Thu, 26 Jul 2018 14:11:09 +0000 Subject: Phishing Whitelisting entries not working In-Reply-To: References: Message-ID: Ver 5.0.3-7 From: MailScanner On Behalf Of Shawn Iverson Sent: Thursday, 26 July 2018 15:47 To: MailScanner Discussion Subject: Re: Phishing Whitelisting entries not working Version of mailscanner? On Thu, Jul 26, 2018, 3:03 AM Pramod Daya > wrote: Hi, I?m using the latest version of ms-update-phishing to download phishing lists, and putting whitelisted sites into /etc/MailScanner/phishing.safe.sites.custom. They get merged with phishing.safe.sites.conf when ms-update-phishing runs. However, email from sites that I whitelist still get a {Disarmed} tag. I?ve tried adding user at site.com , .site.com , *.site.com , but I?m not winning. Any pearls of wisdom, please ? Tnx, Pramod -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5538 bytes Desc: not available URL: From iversons at rushville.k12.in.us Thu Jul 26 14:34:15 2018 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Thu, 26 Jul 2018 10:34:15 -0400 Subject: Phishing Whitelisting entries not working In-Reply-To: References: Message-ID: See this commit: https://github.com/MailScanner/v5/commit/7c121ba4934135e5ad4d4518aaf0e2e041dabee5 Please upgrade to version 5.0.7-4, there was an issue parsing the phishing whitelists and blacklists properly and let us know if you see a change. On Thu, Jul 26, 2018 at 10:11 AM, Pramod Daya wrote: > Ver 5.0.3-7 > > > > *From:* MailScanner mailscanner.info> *On Behalf Of *Shawn Iverson > *Sent:* Thursday, 26 July 2018 15:47 > *To:* MailScanner Discussion > *Subject:* Re: Phishing Whitelisting entries not working > > > > Version of mailscanner? > > > > On Thu, Jul 26, 2018, 3:03 AM Pramod Daya wrote: > > Hi, > > > > I?m using the latest version of ms-update-phishing to download phishing > lists, and putting whitelisted sites into /etc/MailScanner/phishing.safe.sites.custom. > They get merged with phishing.safe.sites.conf when ms-update-phishing runs. > > > > However, email from sites that I whitelist still get a {Disarmed} tag. > > > > I?ve tried adding user at site.com, .site.com, *.site.com, but I?m not > winning. > > > > Any pearls of wisdom, please ? > > > > Tnx, > > Pramod > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From thomasl at mtl.mit.edu Thu Jul 26 14:36:22 2018 From: thomasl at mtl.mit.edu (Thomas Lohman) Date: Thu, 26 Jul 2018 10:36:22 -0400 Subject: Phishing Whitelisting entries not working In-Reply-To: References: Message-ID: Hi, Double check that your "site.com" string is not also somehow matched in the master bad phishing sites conf file that is downloaded.? I had a similar issue sometime in the past and wrote my own program to process the safe and bad master files and remove anything from bad that seemed to also be matched in safe. For example, this is in safe: *.google.com and these are in bad: drive.google.com plus.google.com www.sites.google.com chrome.google.com play.google.com appengine.google.com I guess it all depends on which one you want to take precedence but I remove the above from the bad master based on the "*.google.com" safe entry since it seemed like the bad list was taking precedence. --tom On 07/26/2018 10:11 AM, Pramod Daya wrote: > > Ver 5.0.3-7 > > *From:*MailScanner > > *On Behalf Of *Shawn Iverson > *Sent:* Thursday, 26 July 2018 15:47 > *To:* MailScanner Discussion > *Subject:* Re: Phishing Whitelisting entries not working > > Version of mailscanner? > > On Thu, Jul 26, 2018, 3:03 AM Pramod Daya > wrote: > > Hi, > > I?m using the latest version of ms-update-phishing to download > phishing lists, and putting whitelisted sites into > /etc/MailScanner/phishing.safe.sites.custom. They get merged with > phishing.safe.sites.conf when ms-update-phishing runs. > > However, email from sites that I whitelist still get a {Disarmed} > tag. > > I?ve tried adding user at site.com , .site.com > , *.site.com , but I?m not winning. > > Any pearls of wisdom, please ? > > Tnx, > > Pramod > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Thu Jul 26 16:52:27 2018 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 26 Jul 2018 09:52:27 -0700 Subject: Phishing Whitelisting entries not working In-Reply-To: References: Message-ID: On 07/26/2018 12:03 AM, Pramod Daya wrote: > > I?m using the latest version of ms-update-phishing to download phishing > lists, and putting whitelisted sites into > /etc/MailScanner/phishing.safe.sites.custom.?? They get merged with > phishing.safe.sites.conf when ms-update-phishing runs. > > ? > > However, email from sites that I whitelist still get a {Disarmed} tag. What is the exact disarming that occurs. There are several disarmings that are not phishing frauds from phishing.bad.sites.conf. The only ones that phishing.safe.sites.conf will stop are sites that match phishing.bad.sites.conf. In particular, phishing.safe.sites.conf has nothing to do with web bug disarming or disarming of a link because the text looks like a domain different from the href. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From pramod at mindspring.co.za Fri Jul 27 09:03:15 2018 From: pramod at mindspring.co.za (Pramod Daya) Date: Fri, 27 Jul 2018 09:03:15 +0000 Subject: Phishing Whitelisting entries not working In-Reply-To: References: Message-ID: Thank you, will give that a bash. From: MailScanner On Behalf Of Shawn Iverson Sent: Thursday, 26 July 2018 16:34 To: MailScanner Discussion Subject: Re: Phishing Whitelisting entries not working See this commit: https://github.com/MailScanner/v5/commit/7c121ba4934135e5ad4d4518aaf0e2e041dabee5 Please upgrade to version 5.0.7-4, there was an issue parsing the phishing whitelists and blacklists properly and let us know if you see a change. On Thu, Jul 26, 2018 at 10:11 AM, Pramod Daya > wrote: Ver 5.0.3-7 From: MailScanner > On Behalf Of Shawn Iverson Sent: Thursday, 26 July 2018 15:47 To: MailScanner Discussion > Subject: Re: Phishing Whitelisting entries not working Version of mailscanner? On Thu, Jul 26, 2018, 3:03 AM Pramod Daya > wrote: Hi, I?m using the latest version of ms-update-phishing to download phishing lists, and putting whitelisted sites into /etc/MailScanner/phishing.safe.sites.custom. They get merged with phishing.safe.sites.conf when ms-update-phishing runs. However, email from sites that I whitelist still get a {Disarmed} tag. I?ve tried adding user at site.com , .site.com , *.site.com , but I?m not winning. Any pearls of wisdom, please ? Tnx, Pramod -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5538 bytes Desc: not available URL: