From Eoin.Kim at rcst.com.au Tue Jun 5 22:31:12 2018 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Tue, 5 Jun 2018 22:31:12 +0000 Subject: [Question] Official supported Linux version Message-ID: <44b4d9effd5f48099bf0ef3c255d0192@rcst.com.au> Hi all, I'd like to ask a quick simple question - does MailScanner work with Debian Stretch? In the MailScanner Install Guide, Debian Stretch is not included in Common OS list (I can see Debian 6, 7, 8). Thanks a lot. Eoin Kim Systems Administrator RCS Telecommunications Level 1 - The Annexe, 133 Mary Street Brisbane, QLD, 4000, Australia Office: 07 3228 0843 Mobile: 0419 726 231 Email: eoin.kim at rcst.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevin.miller at juneau.org Tue Jun 5 22:36:50 2018 From: kevin.miller at juneau.org (Kevin Miller) Date: Tue, 5 Jun 2018 22:36:50 +0000 Subject: [Question] Official supported Linux version In-Reply-To: <44b4d9effd5f48099bf0ef3c255d0192@rcst.com.au> References: <44b4d9effd5f48099bf0ef3c255d0192@rcst.com.au> Message-ID: <9b5a2e4b100349c99319b76f14b85e39@City-Exch-DB2.cbj.local> Yes, it does work. But I'd advise doing a bare metal build. Initially I did an upgrade from Jessie to Stretch and things went pear shaped. Mostly with mysql which became mariadb, but there were some dependency issues that popped up too. Doing it from scratch I was able to work through the issues. I am using MailWatch as well, so it may be that the issues arose there - been too long to remember exact details. ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357 From: MailScanner [mailto:mailscanner-bounces+kevin.miller=juneau.org at lists.mailscanner.info] On Behalf Of Eoin Kim Sent: Tuesday, June 05, 2018 2:31 PM To: mailscanner at lists.mailscanner.info Subject: [Question] Official supported Linux version Hi all, I'd like to ask a quick simple question - does MailScanner work with Debian Stretch? In the MailScanner Install Guide, Debian Stretch is not included in Common OS list (I can see Debian 6, 7, 8). Thanks a lot. Eoin Kim Systems Administrator RCS Telecommunications Level 1 - The Annexe, 133 Mary Street Brisbane, QLD, 4000, Australia Office: 07 3228 0843 Mobile: 0419 726 231 Email: eoin.kim at rcst.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Tue Jun 5 22:37:01 2018 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Tue, 5 Jun 2018 18:37:01 -0400 Subject: [Question] Official supported Linux version In-Reply-To: <44b4d9effd5f48099bf0ef3c255d0192@rcst.com.au> References: <44b4d9effd5f48099bf0ef3c255d0192@rcst.com.au> Message-ID: Eoin, Yes, it should work fine. I've been testing on Debian Stretch, so the documentation just needs updated. On Tue, Jun 5, 2018 at 6:31 PM, Eoin Kim wrote: > Hi all, > > > > I?d like to ask a quick simple question - does MailScanner work with > Debian Stretch? In the MailScanner Install Guide, Debian Stretch is not > included in Common OS list (I can see Debian 6, 7, 8). Thanks a lot. > > > > *Eoin Kim* > > Systems Administrator > > > > *RCS Telecommunications * > > Level 1 ? The Annexe, 133 Mary Street > > Brisbane, QLD, 4000, Australia > > Office: 07 3228 0843 > > Mobile: 0419 726 231 > > Email: eoin.kim at rcst.com.au > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From Eoin.Kim at rcst.com.au Tue Jun 5 22:45:59 2018 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Tue, 5 Jun 2018 22:45:59 +0000 Subject: [Question] Official supported Linux version In-Reply-To: <9b5a2e4b100349c99319b76f14b85e39@City-Exch-DB2.cbj.local> References: <44b4d9effd5f48099bf0ef3c255d0192@rcst.com.au> <9b5a2e4b100349c99319b76f14b85e39@City-Exch-DB2.cbj.local> Message-ID: Thanks Kevin, Juneau, Alaska. You live in a really nice place. Yes, the current system is Jessie in my company and I am not quite keen to upgrade actually. I am going to build a completely a new one. Thanks again. Eoin From: MailScanner On Behalf Of Kevin Miller Sent: Wednesday, 6 June 2018 8:37 AM To: 'MailScanner Discussion' Subject: RE: [Question] Official supported Linux version Yes, it does work. But I'd advise doing a bare metal build. Initially I did an upgrade from Jessie to Stretch and things went pear shaped. Mostly with mysql which became mariadb, but there were some dependency issues that popped up too. Doing it from scratch I was able to work through the issues. I am using MailWatch as well, so it may be that the issues arose there - been too long to remember exact details. ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357 From: MailScanner [mailto:mailscanner-bounces+kevin.miller=juneau.org at lists.mailscanner.info] On Behalf Of Eoin Kim Sent: Tuesday, June 05, 2018 2:31 PM To: mailscanner at lists.mailscanner.info Subject: [Question] Official supported Linux version Hi all, I'd like to ask a quick simple question - does MailScanner work with Debian Stretch? In the MailScanner Install Guide, Debian Stretch is not included in Common OS list (I can see Debian 6, 7, 8). Thanks a lot. Eoin Kim Systems Administrator RCS Telecommunications Level 1 - The Annexe, 133 Mary Street Brisbane, QLD, 4000, Australia Office: 07 3228 0843 Mobile: 0419 726 231 Email: eoin.kim at rcst.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: From Eoin.Kim at rcst.com.au Tue Jun 5 22:47:05 2018 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Tue, 5 Jun 2018 22:47:05 +0000 Subject: [Question] Official supported Linux version In-Reply-To: References: <44b4d9effd5f48099bf0ef3c255d0192@rcst.com.au> Message-ID: <2c14ea8e194d44a795f794401084bfc5@rcst.com.au> Thanks Shawn, Let me play with it. Cheers. Eoin From: MailScanner On Behalf Of Shawn Iverson Sent: Wednesday, 6 June 2018 8:37 AM To: MailScanner Discussion Subject: Re: [Question] Official supported Linux version Eoin, Yes, it should work fine. I've been testing on Debian Stretch, so the documentation just needs updated. On Tue, Jun 5, 2018 at 6:31 PM, Eoin Kim > wrote: Hi all, I?d like to ask a quick simple question - does MailScanner work with Debian Stretch? In the MailScanner Install Guide, Debian Stretch is not included in Common OS list (I can see Debian 6, 7, 8). Thanks a lot. Eoin Kim Systems Administrator RCS Telecommunications Level 1 ? The Annexe, 133 Mary Street Brisbane, QLD, 4000, Australia Office: 07 3228 0843 Mobile: 0419 726 231 Email: eoin.kim at rcst.com.au -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us [Image removed by sender.][Image removed by sender.] [Image removed by sender.] -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ~WRD000.jpg Type: image/jpeg Size: 823 bytes Desc: ~WRD000.jpg URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 440 bytes Desc: image001.jpg URL: From belle at bazuin.nl Wed Jun 6 06:32:10 2018 From: belle at bazuin.nl (=?windows-1252?Q?L.P.H._van_Belle?=) Date: Wed, 6 Jun 2018 08:32:10 +0200 Subject: [Question] Official supported Linux version In-Reply-To: References: <44b4d9effd5f48099bf0ef3c255d0192@rcst.com.au> Message-ID: Hai, ? My debian stretch is in production as of mailscanner 5.0.7-2 about 5 months now and works great now. I did a clean install on a VM. ? Greetz, ? Louis ? ? Van: MailScanner [mailto:mailscanner-bounces+belle=bazuin.nl at lists.mailscanner.info] Namens Shawn Iverson Verzonden: woensdag 6 juni 2018 0:37 Aan: MailScanner Discussion Onderwerp: Re: [Question] Official supported Linux version Eoin, Yes, it should work fine.? I've been testing on Debian Stretch, so the documentation just needs updated. On Tue, Jun 5, 2018 at 6:31 PM, Eoin Kim wrote: Hi all, ? I?d like to ask a quick simple question - does MailScanner work with Debian Stretch? In the MailScanner Install Guide, Debian Stretch is not included in Common OS list (I can see Debian 6, 7, 8). Thanks a lot. ? Eoin Kim Systems Administrator ? RCS Telecommunications Level 1 ? The Annexe, 133 Mary Street Brisbane, QLD, 4000, Australia Office: 07 3228 0843 Mobile: 0419 726 231 Email: eoin.kim at rcst.com.au ? -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From toby at rosecott.net Wed Jun 6 18:47:01 2018 From: toby at rosecott.net (Toby) Date: Wed, 06 Jun 2018 18:47:01 +0000 Subject: Mailscanner - Spamassassin Issue Message-ID: Hi, I have just set up MailScanner in a PI3 running Jessie, I have postfix as a mail server. I'm not sure MailScanner is calling or allowing Spamassassin to run properly. I can see from the X headers that stuff is happening, but it is not catching emails that are blatantly spam. i get a lot of scores below 3. It passes the eicar, and gtube tests. However i picked an email that passed through mailscanner with a low score of 3, saved it, and then ran spamassassin -D and this process marked it as a 9! I think, but am not sure, that MailScanner is not triggering Spamassassin or Spamassassin when triggered by MailScanner is either not completing or not doing anything. I am completely new to this, and have no idea where to look, or what to do. Any help greatly appreciated Regards Toby -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Wed Jun 6 22:13:25 2018 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Wed, 6 Jun 2018 18:13:25 -0400 Subject: Mailscanner - Spamassassin Issue In-Reply-To: References: Message-ID: Toby, Are you executing spamassassin in the same way that MailScanner calls spamassassin? In other words...assuming MailScanner is running as postfix...something like this.... sudo su postfix -p -c "spamassassin -t -d -C /etc/MailScanner/spamassassin.conf < somespamemail" This may shed some insight. On Wed, Jun 6, 2018 at 2:47 PM, Toby wrote: > Hi, > > I have just set up MailScanner in a PI3 running Jessie, I have postfix as > a mail server. > > I'm not sure MailScanner is calling or allowing Spamassassin to run > properly. > > I can see from the X headers that stuff is happening, but it is not > catching emails that are blatantly spam. i get a lot of scores below 3. > > It passes the eicar, and gtube tests. > > However i picked an email that passed through mailscanner with a low score > of 3, saved it, and then ran spamassassin -D and this process > marked it as a 9! > > I think, but am not sure, that MailScanner is not triggering Spamassassin > or Spamassassin when triggered by MailScanner is either not completing or > not doing anything. > > I am completely new to this, and have no idea where to look, or what to do. > > Any help greatly appreciated > > Regards > > Toby > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From toby at rosecott.net Wed Jun 6 22:15:04 2018 From: toby at rosecott.net (Toby Widdows) Date: Wed, 6 Jun 2018 22:15:04 +0000 (UTC) Subject: Mailscanner - Spamassassin Issue In-Reply-To: References: Message-ID: <77D992F1C0846DE7.9BB6FC06-791F-410B-B2ED-C600CC868663@mail.outlook.com> Ahh never thought of that, will give it a try Regards Toby Widdows On Wed, Jun 6, 2018 at 11:14 PM +0100, "Shawn Iverson" wrote: Toby, Are you executing spamassassin in the same way that MailScanner calls spamassassin? In other words...assuming MailScanner is running as postfix...something like this.... sudo su postfix -p -c "spamassassin?-t -d -C /etc/MailScanner/spamassassin.conf < somespamemail" This may shed some insight. On Wed, Jun 6, 2018 at 2:47 PM, Toby wrote: Hi, I have just set up MailScanner in a PI3 running Jessie, I have postfix as a mail server. I'm not sure MailScanner is calling or allowing Spamassassin to run properly. I can see from the X headers that stuff is happening, but it is not catching emails that are blatantly spam. ?i get a lot of scores below 3. It passes the eicar, and gtube tests. However i picked an email that passed through mailscanner with a low score of 3, saved it, and then ran spamassassin -D ?and this process marked it as a 9! I think, but am not sure, that MailScanner is not triggering Spamassassin or Spamassassin when triggered by MailScanner is either not completing or not doing anything. I am completely new to this, and have no idea where to look, or what to do. Any help greatly appreciated Regards Toby -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETLDirector of TechnologyRush County Schools765-932-3901 x1171iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From toby at rosecott.net Thu Jun 7 19:24:36 2018 From: toby at rosecott.net (Toby) Date: Thu, 07 Jun 2018 19:24:36 +0000 Subject: Mailscanner - Spamassassin Issue In-Reply-To: <77D992F1C0846DE7.9BB6FC06-791F-410B-B2ED-C600CC868663@mail.outlook.com> References: <77D992F1C0846DE7.9BB6FC06-791F-410B-B2ED-C600CC868663@mail.outlook.com> Message-ID: Hi, So after playing with the suggestion below, and changing the command a little bit i now definatley have two different behaviours. Running the commands :- 1. spamassassin -D -t Testy.eml consistantly gives me a full scan and result set and ends (before reporting the score) with :- Jun 7 20:14:41.072 [21537] dbg: check: is spam? score=8.997 required=5 Jun 7 20:14:41.072 [21537] dbg: check: tests=BAYES_99,BAYES_999,DIGEST_MULTIPLE,HTML_MESSAGE,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RDNS_NONE,T_REMOTE_IMAGE Jun 7 20:14:41.073 [21537] dbg: check: subtests=__ANY_TEXT_ATTACH,__ANY_TEXT_ATTACH_DOC,__BODY_TEXT_LINE,__BODY_TEXT_LINE,__BODY_TEXT_LINE,__CAN_HELP,__CT,__CTYPE_HAS_BOUNDARY,__CTYPE_MULTIPART_ALT,__CTYPE_MULTIPART_ANY,__DKIM_DEPENDABLE,__DOS_DIRECT_TO_MX,__DOS_HAS_ANY_URI,__DOS_RCVD_MON,__DOS_SINGLE_EXT_RELAY,__HAS_ANY_URI,__HAS_DATE,__HAS_FROM,__HAS_MESSAGE_ID,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__HAS_TO,__HAS_URI,__HTML_LINK_IMAGE,__KHOP_NO_FULL_NAME,__LAST_EXTERNAL_RELAY_NO_AUTH,__LAST_UNTRUSTED_RELAY_NO_AUTH,__LOCAL_PP_NONPPURL,__MIME_HTML,__MIME_VERSION,__MISSING_REF,__MISSING_REPLY,__MSGID_OK_HOST,__NONEMPTY_BODY,__RDNS_NONE,__REMOTE_IMAGE,__SANE_MSGID,__TAG_EXISTS_BODY,__TAG_EXISTS_HEAD,__TAG_EXISTS_HTML,__TAG_EXISTS_META,__TOCC_EXISTS,__TVD_MIME_ATT_TP Jun 7 20:14:41.075 [21537] dbg: timing: total 46298 ms - init: 5474 (11.8%), parse: 6 (0.0%), extract_message_metadata: 137 (0.3%), get_uri_detail_list: 27 (0.1%), tests_pri_-1000: 130 (0.3%), compile_gen: 713 (1.5%), compile_eval: 138 (0.3%), tests_pri_-950: 22 (0.0%), tests_pri_-900: 24 (0.1%), tests_pri_-400: 36459 (78.7%), check_bayes: 36436 (78.7%), b_tokenize: 29 (0.1%), b_tok_get_all: 11 (0.0%), b_comp_prob: 9 (0.0%), b_tok_touch_all: 0.51 (0.0%), b_finish: 36381 (78.6%), expire_bayes: 36225 (78.2%), tests_pri_0: 3647 (7.9%), check_spf: 161 (0.3%), dkim_load_modules: 106 (0.2%), check_dkim_signature: 2.5 (0.0%), check_dkim_adsp: 126 (0.3%), poll_dns_idle: 0.80 (0.0%), check_razor2: 1416 (3.1%), check_pyzor: 284 (0.6%), tests_pri_500: 331 (0.7%) Running the commands 1. sudo su postfix -p -c "spamassassin -D -t -C /etc/MailScanner/spamassassin.conf < Testy.eml" - in the dbg statements for this command, there are some warnings about permission 2. sudo -u postfix spamassassin -D -t -C /etc/MailScanner/spamassassin.conf Testy.eml 3. spamassassin -D -t -C /etc/MailScanner/spamassassin.conf Testy.eml Seems to start spamassassin, but it finishes way way sooner than the successful command, it stops very early on in the dbg, and gives a message saying "(no Report template found) the above 3 commands all end up with Jun 7 20:23:20.745 [21665] dbg: check: is spam? score=0 required=5 Jun 7 20:23:20.746 [21665] dbg: check: tests= Jun 7 20:23:20.746 [21665] dbg: check: subtests= Jun 7 20:23:20.747 [21665] dbg: timing: total 796 ms - init: 696 (87.5%), parse: 6 (0.7%), extract_message_metadata: 62 (7.8%), get_uri_detail_list: 24 (3.0%), tests_pri_0: 21 (2.6%), compile_gen: 4.3 (0.5%) There are plenty of other difference betweent the two reports. Still very little idea of what i am doing with this, so help is still very much appreciated! regards Toby ------ Original Message ------ From: "Toby Widdows" To: "MailScanner Discussion" Sent: 06/06/2018 23:15:04 Subject: Re: Mailscanner - Spamassassin Issue >Ahh never thought of that, will give it a try > >Regards > > >Toby Widdows > > > >On Wed, Jun 6, 2018 at 11:14 PM +0100, "Shawn Iverson" > wrote: > >>Toby, >> >>Are you executing spamassassin in the same way that MailScanner calls >>spamassassin? >> >>In other words...assuming MailScanner is running as >>postfix...something like this.... >> >>sudo su postfix -p -c "spamassassin -t -d -C >>/etc/MailScanner/spamassassin.conf < somespamemail" >> >>This may shed some insight. >> >>On Wed, Jun 6, 2018 at 2:47 PM, Toby wrote: >>>Hi, >>> >>>I have just set up MailScanner in a PI3 running Jessie, I have >>>postfix as a mail server. >>> >>>I'm not sure MailScanner is calling or allowing Spamassassin to run >>>properly. >>> >>>I can see from the X headers that stuff is happening, but it is not >>>catching emails that are blatantly spam. i get a lot of scores below >>>3. >>> >>>It passes the eicar, and gtube tests. >>> >>>However i picked an email that passed through mailscanner with a low >>>score of 3, saved it, and then ran spamassassin -D and >>>this process marked it as a 9! >>> >>>I think, but am not sure, that MailScanner is not triggering >>>Spamassassin or Spamassassin when triggered by MailScanner is either >>>not completing or not doing anything. >>> >>>I am completely new to this, and have no idea where to look, or what >>>to do. >>> >>>Any help greatly appreciated >>> >>>Regards >>> >>>Toby >>> >>> >>> >>>-- >>>MailScanner mailing list >>>mailscanner at lists.mailscanner.info >>> >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> >>> >> >> >> >>-- >>Shawn Iverson, CETL >>Director of Technology >>Rush County Schools >>765-932-3901 x1171 >>iversons at rushville.k12.in.us >> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Thu Jun 7 21:23:21 2018 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Thu, 7 Jun 2018 17:23:21 -0400 Subject: Mailscanner - Spamassassin Issue In-Reply-To: References: <77D992F1C0846DE7.9BB6FC06-791F-410B-B2ED-C600CC868663@mail.outlook.com> Message-ID: Toby, What happens if you run this, which is equivalent to your successful command as root, but as postfix? sudo -u postfix spamassassin -D -t Testy.eml Which, if it doesn't work, means that your postfix user cannot access things that spamassassin needs to perform a successful scan. On Thu, Jun 7, 2018 at 3:24 PM, Toby wrote: > Hi, > > So after playing with the suggestion below, and changing the command a > little bit i now definatley have two different behaviours. > > Running the commands :- > 1. spamassassin -D -t Testy.eml > > consistantly gives me a full scan and result set and ends (before > reporting the score) with :- > > Jun 7 20:14:41.072 [21537] dbg: check: is spam? score=8.997 required=5 > Jun 7 20:14:41.072 [21537] dbg: check: tests=BAYES_99,BAYES_999, > DIGEST_MULTIPLE,HTML_MESSAGE,PYZOR_CHECK,RAZOR2_CF_RANGE_ > 51_100,RAZOR2_CHECK,RDNS_NONE,T_REMOTE_IMAGE > Jun 7 20:14:41.073 [21537] dbg: check: subtests=__ANY_TEXT_ATTACH,__ > ANY_TEXT_ATTACH_DOC,__BODY_TEXT_LINE,__BODY_TEXT_LINE,__ > BODY_TEXT_LINE,__CAN_HELP,__CT,__CTYPE_HAS_BOUNDARY,__ > CTYPE_MULTIPART_ALT,__CTYPE_MULTIPART_ANY,__DKIM_ > DEPENDABLE,__DOS_DIRECT_TO_MX,__DOS_HAS_ANY_URI,__DOS_RCVD_ > MON,__DOS_SINGLE_EXT_RELAY,__HAS_ANY_URI,__HAS_DATE,__HAS_ > FROM,__HAS_MESSAGE_ID,__HAS_MSGID,__HAS_RCVD,__HAS_ > SUBJECT,__HAS_TO,__HAS_URI,__HTML_LINK_IMAGE,__KHOP_NO_ > FULL_NAME,__LAST_EXTERNAL_RELAY_NO_AUTH,__LAST_UNTRUSTED_RELAY_NO_AUTH,__ > LOCAL_PP_NONPPURL,__MIME_HTML,__MIME_VERSION,__MISSING_REF,_ > _MISSING_REPLY,__MSGID_OK_HOST,__NONEMPTY_BODY,__RDNS_ > NONE,__REMOTE_IMAGE,__SANE_MSGID,__TAG_EXISTS_BODY,__TAG_ > EXISTS_HEAD,__TAG_EXISTS_HTML,__TAG_EXISTS_META,__TOCC_ > EXISTS,__TVD_MIME_ATT_TP > Jun 7 20:14:41.075 [21537] dbg: timing: total 46298 ms - init: 5474 > (11.8%), parse: 6 (0.0%), extract_message_metadata: 137 (0.3%), > get_uri_detail_list: 27 (0.1%), tests_pri_-1000: 130 (0.3%), compile_gen: > 713 (1.5%), compile_eval: 138 (0.3%), tests_pri_-950: 22 (0.0%), > tests_pri_-900: 24 (0.1%), tests_pri_-400: 36459 (78.7%), check_bayes: > 36436 (78.7%), b_tokenize: 29 (0.1%), b_tok_get_all: 11 (0.0%), > b_comp_prob: 9 (0.0%), b_tok_touch_all: 0.51 (0.0%), b_finish: 36381 > (78.6%), expire_bayes: 36225 (78.2%), tests_pri_0: 3647 (7.9%), check_spf: > 161 (0.3%), dkim_load_modules: 106 (0.2%), check_dkim_signature: 2.5 > (0.0%), check_dkim_adsp: 126 (0.3%), poll_dns_idle: 0.80 (0.0%), > check_razor2: 1416 (3.1%), check_pyzor: 284 (0.6%), tests_pri_500: 331 > (0.7%) > > Running the commands > 1. sudo su postfix -p -c "spamassassin -D -t -C > /etc/MailScanner/spamassassin.conf < Testy.eml" - in the dbg statements > for this command, there are some warnings about permission > 2. sudo -u postfix spamassassin -D -t -C /etc/MailScanner/spamassassin.conf > Testy.eml > 3. spamassassin -D -t -C /etc/MailScanner/spamassassin.conf Testy.eml > Seems to start spamassassin, but it finishes way way sooner than the > successful command, it stops very early on in the dbg, and gives a message > saying "(no Report template found) > > the above 3 commands all end up with > Jun 7 20:23:20.745 [21665] dbg: check: is spam? score=0 required=5 > Jun 7 20:23:20.746 [21665] dbg: check: tests= > Jun 7 20:23:20.746 [21665] dbg: check: subtests= > Jun 7 20:23:20.747 [21665] dbg: timing: total 796 ms - init: 696 (87.5%), > parse: 6 (0.7%), extract_message_metadata: 62 (7.8%), get_uri_detail_list: > 24 (3.0%), tests_pri_0: 21 (2.6%), compile_gen: 4.3 (0.5%) > > There are plenty of other difference betweent the two reports. > > Still very little idea of what i am doing with this, so help is still very > much appreciated! > > regards > > Toby > > ------ Original Message ------ > From: "Toby Widdows" > To: "MailScanner Discussion" > Sent: 06/06/2018 23:15:04 > Subject: Re: Mailscanner - Spamassassin Issue > > Ahh never thought of that, will give it a try > > Regards > > > Toby Widdows > > > > On Wed, Jun 6, 2018 at 11:14 PM +0100, "Shawn Iverson" < > iversons at rushville.k12.in.us> wrote: > > Toby, >> >> Are you executing spamassassin in the same way that MailScanner calls >> spamassassin? >> >> In other words...assuming MailScanner is running as postfix...something >> like this.... >> >> sudo su postfix -p -c "spamassassin -t -d -C /etc/MailScanner/ >> spamassassin.conf < somespamemail" >> >> This may shed some insight. >> >> On Wed, Jun 6, 2018 at 2:47 PM, Toby wrote: >> >>> Hi, >>> >>> I have just set up MailScanner in a PI3 running Jessie, I have postfix >>> as a mail server. >>> >>> I'm not sure MailScanner is calling or allowing Spamassassin to run >>> properly. >>> >>> I can see from the X headers that stuff is happening, but it is not >>> catching emails that are blatantly spam. i get a lot of scores below 3. >>> >>> It passes the eicar, and gtube tests. >>> >>> However i picked an email that passed through mailscanner with a low >>> score of 3, saved it, and then ran spamassassin -D and this >>> process marked it as a 9! >>> >>> I think, but am not sure, that MailScanner is not triggering >>> Spamassassin or Spamassassin when triggered by MailScanner is either not >>> completing or not doing anything. >>> >>> I am completely new to this, and have no idea where to look, or what to >>> do. >>> >>> Any help greatly appreciated >>> >>> Regards >>> >>> Toby >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> >>> >> >> >> -- >> Shawn Iverson, CETL >> Director of Technology >> Rush County Schools >> 765-932-3901 x1171 >> iversons at rushville.k12.in.us >> >> >> > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From toby at rosecott.net Thu Jun 7 22:32:32 2018 From: toby at rosecott.net (Toby) Date: Thu, 07 Jun 2018 22:32:32 +0000 Subject: Mailscanner - Spamassassin Issue In-Reply-To: References: <77D992F1C0846DE7.9BB6FC06-791F-410B-B2ED-C600CC868663@mail.outlook.com> Message-ID: Hi, When that command runs it does complete and appears to much more than before, it gives me results but it gives me a score of 7.4 if i run it without the sudo -u postfix it completes but gives me a score of 9 when the email was originally run through MailScanner it got a score of 3(ish) For giggles i gave the postfix membership to all the security groups, and ran it again with your suggested command, and still only gave me a 7.4 it was better with your last command ------ Original Message ------ From: "Shawn Iverson" To: "MailScanner Discussion" Sent: 07/06/2018 22:23:21 Subject: Re: Re[2]: Mailscanner - Spamassassin Issue >Toby, > >What happens if you run this, which is equivalent to your successful >command as root, but as postfix? > >sudo -u postfix spamassassin -D -t Testy.eml > >Which, if it doesn't work, means that your postfix user cannot access >things that spamassassin needs to perform a successful scan. > > > > > >On Thu, Jun 7, 2018 at 3:24 PM, Toby wrote: >>Hi, >> >>So after playing with the suggestion below, and changing the command a >>little bit i now definatley have two different behaviours. >> >>Running the commands :- >>1. spamassassin -D -t Testy.eml >> >>consistantly gives me a full scan and result set and ends (before >>reporting the score) with :- >> >>Jun 7 20:14:41.072 [21537] dbg: check: is spam? score=8.997 >>required=5 >>Jun 7 20:14:41.072 [21537] dbg: check: >>tests=BAYES_99,BAYES_999,DIGEST_MULTIPLE,HTML_MESSAGE,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RDNS_NONE,T_REMOTE_IMAGE >>Jun 7 20:14:41.073 [21537] dbg: check: >>subtests=__ANY_TEXT_ATTACH,__ANY_TEXT_ATTACH_DOC,__BODY_TEXT_LINE,__BODY_TEXT_LINE,__BODY_TEXT_LINE,__CAN_HELP,__CT,__CTYPE_HAS_BOUNDARY,__CTYPE_MULTIPART_ALT,__CTYPE_MULTIPART_ANY,__DKIM_DEPENDABLE,__DOS_DIRECT_TO_MX,__DOS_HAS_ANY_URI,__DOS_RCVD_MON,__DOS_SINGLE_EXT_RELAY,__HAS_ANY_URI,__HAS_DATE,__HAS_FROM,__HAS_MESSAGE_ID,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__HAS_TO,__HAS_URI,__HTML_LINK_IMAGE,__KHOP_NO_FULL_NAME,__LAST_EXTERNAL_RELAY_NO_AUTH,__LAST_UNTRUSTED_RELAY_NO_AUTH,__LOCAL_PP_NONPPURL,__MIME_HTML,__MIME_VERSION,__MISSING_REF,__MISSING_REPLY,__MSGID_OK_HOST,__NONEMPTY_BODY,__RDNS_NONE,__REMOTE_IMAGE,__SANE_MSGID,__TAG_EXISTS_BODY,__TAG_EXISTS_HEAD,__TAG_EXISTS_HTML,__TAG_EXISTS_META,__TOCC_EXISTS,__TVD_MIME_ATT_TP >>Jun 7 20:14:41.075 [21537] dbg: timing: total 46298 ms - init: 5474 >>(11.8%), parse: 6 (0.0%), extract_message_metadata: 137 (0.3%), >>get_uri_detail_list: 27 (0.1%), tests_pri_-1000: 130 (0.3%), >>compile_gen: 713 (1.5%), compile_eval: 138 (0.3%), tests_pri_-950: 22 >>(0.0%), tests_pri_-900: 24 (0.1%), tests_pri_-400: 36459 (78.7%), >>check_bayes: 36436 (78.7%), b_tokenize: 29 (0.1%), b_tok_get_all: 11 >>(0.0%), b_comp_prob: 9 (0.0%), b_tok_touch_all: 0.51 (0.0%), b_finish: >>36381 (78.6%), expire_bayes: 36225 (78.2%), tests_pri_0: 3647 (7.9%), >>check_spf: 161 (0.3%), dkim_load_modules: 106 (0.2%), >>check_dkim_signature: 2.5 (0.0%), check_dkim_adsp: 126 (0.3%), >>poll_dns_idle: 0.80 (0.0%), check_razor2: 1416 (3.1%), check_pyzor: >>284 (0.6%), tests_pri_500: 331 (0.7%) >> >>Running the commands >>1. sudo su postfix -p -c "spamassassin -D -t -C >>/etc/MailScanner/spamassassin.conf < Testy.eml" - in the dbg >>statements for this command, there are some warnings about permission >>2. sudo -u postfix spamassassin -D -t -C >>/etc/MailScanner/spamassassin.conf Testy.eml >>3. spamassassin -D -t -C /etc/MailScanner/spamassassin.conf >>Testy.eml >>Seems to start spamassassin, but it finishes way way sooner than the >>successful command, it stops very early on in the dbg, and gives a >>message saying "(no Report template found) >> >>the above 3 commands all end up with >>Jun 7 20:23:20.745 [21665] dbg: check: is spam? score=0 required=5 >>Jun 7 20:23:20.746 [21665] dbg: check: tests= >>Jun 7 20:23:20.746 [21665] dbg: check: subtests= >>Jun 7 20:23:20.747 [21665] dbg: timing: total 796 ms - init: 696 >>(87.5%), parse: 6 (0.7%), extract_message_metadata: 62 (7.8%), >>get_uri_detail_list: 24 (3.0%), tests_pri_0: 21 (2.6%), compile_gen: >>4.3 (0.5%) >> >>There are plenty of other difference betweent the two reports. >> >>Still very little idea of what i am doing with this, so help is still >>very much appreciated! >> >>regards >> >>Toby >> >>------ Original Message ------ >>From: "Toby Widdows" >>To: "MailScanner Discussion" >> >>Sent: 06/06/2018 23:15:04 >>Subject: Re: Mailscanner - Spamassassin Issue >> >>>Ahh never thought of that, will give it a try >>> >>>Regards >>> >>> >>>Toby Widdows >>> >>> >>> >>>On Wed, Jun 6, 2018 at 11:14 PM +0100, "Shawn Iverson" >>> wrote: >>> >>>>Toby, >>>> >>>>Are you executing spamassassin in the same way that MailScanner >>>>calls spamassassin? >>>> >>>>In other words...assuming MailScanner is running as >>>>postfix...something like this.... >>>> >>>>sudo su postfix -p -c "spamassassin -t -d -C >>>>/etc/MailScanner/spamassassin.conf < somespamemail" >>>> >>>>This may shed some insight. >>>> >>>>On Wed, Jun 6, 2018 at 2:47 PM, Toby wrote: >>>>>Hi, >>>>> >>>>>I have just set up MailScanner in a PI3 running Jessie, I have >>>>>postfix as a mail server. >>>>> >>>>>I'm not sure MailScanner is calling or allowing Spamassassin to run >>>>>properly. >>>>> >>>>>I can see from the X headers that stuff is happening, but it is not >>>>>catching emails that are blatantly spam. i get a lot of scores >>>>>below 3. >>>>> >>>>>It passes the eicar, and gtube tests. >>>>> >>>>>However i picked an email that passed through mailscanner with a >>>>>low score of 3, saved it, and then ran spamassassin -D >>>>>and this process marked it as a 9! >>>>> >>>>>I think, but am not sure, that MailScanner is not triggering >>>>>Spamassassin or Spamassassin when triggered by MailScanner is >>>>>either not completing or not doing anything. >>>>> >>>>>I am completely new to this, and have no idea where to look, or >>>>>what to do. >>>>> >>>>>Any help greatly appreciated >>>>> >>>>>Regards >>>>> >>>>>Toby >>>>> >>>>> >>>>> >>>>>-- >>>>>MailScanner mailing list >>>>>mailscanner at lists.mailscanner.info >>>>> >>>>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> >>>>> >>>> >>>> >>>> >>>>-- >>>>Shawn Iverson, CETL >>>>Director of Technology >>>>Rush County Schools >>>>765-932-3901 x1171 >>>>iversons at rushville.k12.in.us >>>> >>>> >> >> >> >>-- >>MailScanner mailing list >>mailscanner at lists.mailscanner.info >> >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> > > > >-- >Shawn Iverson, CETL >Director of Technology >Rush County Schools >765-932-3901 x1171 >iversons at rushville.k12.in.us > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From toby at rosecott.net Fri Jun 8 07:19:19 2018 From: toby at rosecott.net (Toby) Date: Fri, 08 Jun 2018 07:19:19 +0000 Subject: Mailscanner - Spamassassin Issue In-Reply-To: References: <77D992F1C0846DE7.9BB6FC06-791F-410B-B2ED-C600CC868663@mail.outlook.com> Message-ID: Hi, After a bit more digging i have done an ExamDiff on the two logs produced by a successful scan and a failed scan. There appears to be a block of differences, they continue the same until the failed one gives a "finished parsing", at which point the successfull seems to give a much more detailed report. I have highlighted the differences and removed the vast amount of differences leading up to "Finished parsing" (lots of fix path, add tld list, using file statements). the good scan give: - Good one dbg: logger: adding facilities: all dbg: logger: logging level is DBG dbg: generic: SpamAssassin version 3.4.1 dbg: generic: Perl 5.020002, PREFIX=/usr/local, DEF_RULES_DIR=/usr/local/share/spamassassin, LOCAL_RULES_DIR=/etc/mail/spamassassin, LOCAL_STATE_DIR=/var/lib/spamassassin dbg: config: timing enabled dbg: config: score set 0 chosen. dbg: util: running in taint mode? yes dbg: util: taint mode: deleting unsafe environment variables, resetting PATH dbg: util: PATH included '/usr/local/sbin', keeping dbg: util: PATH included '/usr/local/bin', keeping dbg: util: PATH included '/usr/sbin', keeping dbg: util: PATH included '/usr/bin', keeping dbg: util: PATH included '/sbin', keeping dbg: util: PATH included '/bin', keeping dbg: util: final PATH set to: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin dbg: archive-iterator: _set_default_message_selection_opts After: Scanprob[1 , want_date[0 , cache[0 , from_regex[^From \S+ ?(\S\S\S \S\S\S .\d .\d:\d\d:\d\d \d{4}|.\d-\d\d-\d{4}_\d\d:\d\d:\d\d_) dbg: config: using /etc/mail/spamassassin for site rules pre files dbg: config: read file /etc/mail/spamassassin/init.pre dbg: config: read file /etc/mail/spamassassin/v310.pre dbg: config: read file /etc/mail/spamassassin/v312.pre dbg: config: read file /etc/mail/spamassassin/v320.pre dbg: config: read file /etc/mail/spamassassin/v330.pre dbg: config: read file /etc/mail/spamassassin/v340.pre dbg: config: read file /etc/mail/spamassassin/v341.pre dbg: config: using /var/lib/spamassassin/3.004001 for sys rules pre files dbg: config: using /var/lib/spamassassin/3.004001 for default rules dir dbg: config: read file /var/lib/spamassassin/3.004001/updates_spamassassin_org.cf dbg: config: using /etc/mail/spamassassin for site rules dir ****The successful scan gives loads of information here, that does not exist in the failed scan ***** dbg: config: finish parsing The failed one gives Bad One dbg: logger: adding facilities: all dbg: logger: logging level is DBG dbg: generic: SpamAssassin version 3.4.1 dbg: generic: Perl 5.020002, PREFIX=/usr/local, DEF_RULES_DIR=/usr/local/share/spamassassin, LOCAL_RULES_DIR=/etc/mail/spamassassin, LOCAL_STATE_DIR=/var/lib/spamassassin dbg: config: timing enabled dbg: config: score set 0 chosen. dbg: util: running in taint mode? yes dbg: util: taint mode: deleting unsafe environment variables, resetting PATH dbg: util: PATH included '/usr/local/sbin', keeping dbg: util: PATH included '/usr/local/bin', keeping dbg: util: PATH included '/usr/sbin', keeping dbg: util: PATH included '/usr/bin', keeping dbg: util: PATH included '/sbin', keeping dbg: util: PATH included '/bin', keeping dbg: util: final PATH set to: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin dbg: archive-iterator: _set_default_message_selection_opts After: Scanprob[1 , want_date[0 , cache[0 , from_regex[^From \S+ ?(\S\S\S \S\S\S .\d .\d:\d\d:\d\d \d{4}|.\d-\d\d-\d{4}_\d\d:\d\d:\d\d_) dbg: config: using /etc/mail/spamassassin for site rules pre files dbg: config: read file /etc/mail/spamassassin/init.pre dbg: config: read file /etc/mail/spamassassin/v310.pre dbg: config: read file /etc/mail/spamassassin/v312.pre dbg: config: read file /etc/mail/spamassassin/v320.pre dbg: config: read file /etc/mail/spamassassin/v330.pre dbg: config: read file /etc/mail/spamassassin/v340.pre dbg: config: read file /etc/mail/spamassassin/v341.pre dbg: config: using /etc/MailScanner/spamassassin.conf for sys rules pre files dbg: config: read file /etc/MailScanner/spamassassin.conf dbg: config: using /etc/MailScanner/spamassassin.conf for default rules dir dbg: config: read file /etc/MailScanner/spamassassin.conf dbg: config: using /etc/mail/spamassassin for site rules dir dbg: config: read file /etc/mail/spamassassin/MailScanner.cf dbg: config: read file /etc/mail/spamassassin/local.cf dbg: config: using /var/spool/postfix/.spamassassin for user state dir dbg: config: using /var/spool/postfix/.spamassassin/user_prefs for user prefs file dbg: config: read file /var/spool/postfix/.spamassassin/user_prefs dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC dbg: pyzor: network tests on, attempting Pyzor dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC dbg: razor2: razor2 is available, version 2.84 dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC dbg: reporter: network tests on, attempting SpamCop dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC dbg: plugin: loading Mail::SpamAssassin::Plugin::DKIM from @INC dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from @INC dbg: plugin: loading Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDetail from @INC dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes from @INC dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval from @INC dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval from @INC dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from @INC dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval from @INC dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval from @INC dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval from @INC dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval from @INC dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval from @INC dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from @INC dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from @INC dbg: plugin: loading Mail::SpamAssassin::Plugin::FreeMail from @INC dbg: plugin: loading Mail::SpamAssassin::Plugin::AskDNS from @INC *****there is a huge chunk missing here**** dbg: config: finish parsing ------ Original Message ------ From: "Shawn Iverson" To: "MailScanner Discussion" Sent: 07/06/2018 22:23:21 Subject: Re: Re[2]: Mailscanner - Spamassassin Issue >Toby, > >What happens if you run this, which is equivalent to your successful >command as root, but as postfix? > >sudo -u postfix spamassassin -D -t Testy.eml > >Which, if it doesn't work, means that your postfix user cannot access >things that spamassassin needs to perform a successful scan. > > > > > >On Thu, Jun 7, 2018 at 3:24 PM, Toby wrote: >>Hi, >> >>So after playing with the suggestion below, and changing the command a >>little bit i now definatley have two different behaviours. >> >>Running the commands :- >>1. spamassassin -D -t Testy.eml >> >>consistantly gives me a full scan and result set and ends (before >>reporting the score) with :- >> >>Jun 7 20:14:41.072 [21537] dbg: check: is spam? score=8.997 >>required=5 >>Jun 7 20:14:41.072 [21537] dbg: check: >>tests=BAYES_99,BAYES_999,DIGEST_MULTIPLE,HTML_MESSAGE,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RDNS_NONE,T_REMOTE_IMAGE >>Jun 7 20:14:41.073 [21537] dbg: check: >>subtests=__ANY_TEXT_ATTACH,__ANY_TEXT_ATTACH_DOC,__BODY_TEXT_LINE,__BODY_TEXT_LINE,__BODY_TEXT_LINE,__CAN_HELP,__CT,__CTYPE_HAS_BOUNDARY,__CTYPE_MULTIPART_ALT,__CTYPE_MULTIPART_ANY,__DKIM_DEPENDABLE,__DOS_DIRECT_TO_MX,__DOS_HAS_ANY_URI,__DOS_RCVD_MON,__DOS_SINGLE_EXT_RELAY,__HAS_ANY_URI,__HAS_DATE,__HAS_FROM,__HAS_MESSAGE_ID,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__HAS_TO,__HAS_URI,__HTML_LINK_IMAGE,__KHOP_NO_FULL_NAME,__LAST_EXTERNAL_RELAY_NO_AUTH,__LAST_UNTRUSTED_RELAY_NO_AUTH,__LOCAL_PP_NONPPURL,__MIME_HTML,__MIME_VERSION,__MISSING_REF,__MISSING_REPLY,__MSGID_OK_HOST,__NONEMPTY_BODY,__RDNS_NONE,__REMOTE_IMAGE,__SANE_MSGID,__TAG_EXISTS_BODY,__TAG_EXISTS_HEAD,__TAG_EXISTS_HTML,__TAG_EXISTS_META,__TOCC_EXISTS,__TVD_MIME_ATT_TP >>Jun 7 20:14:41.075 [21537] dbg: timing: total 46298 ms - init: 5474 >>(11.8%), parse: 6 (0.0%), extract_message_metadata: 137 (0.3%), >>get_uri_detail_list: 27 (0.1%), tests_pri_-1000: 130 (0.3%), >>compile_gen: 713 (1.5%), compile_eval: 138 (0.3%), tests_pri_-950: 22 >>(0.0%), tests_pri_-900: 24 (0.1%), tests_pri_-400: 36459 (78.7%), >>check_bayes: 36436 (78.7%), b_tokenize: 29 (0.1%), b_tok_get_all: 11 >>(0.0%), b_comp_prob: 9 (0.0%), b_tok_touch_all: 0.51 (0.0%), b_finish: >>36381 (78.6%), expire_bayes: 36225 (78.2%), tests_pri_0: 3647 (7.9%), >>check_spf: 161 (0.3%), dkim_load_modules: 106 (0.2%), >>check_dkim_signature: 2.5 (0.0%), check_dkim_adsp: 126 (0.3%), >>poll_dns_idle: 0.80 (0.0%), check_razor2: 1416 (3.1%), check_pyzor: >>284 (0.6%), tests_pri_500: 331 (0.7%) >> >>Running the commands >>1. sudo su postfix -p -c "spamassassin -D -t -C >>/etc/MailScanner/spamassassin.conf < Testy.eml" - in the dbg >>statements for this command, there are some warnings about permission >>2. sudo -u postfix spamassassin -D -t -C >>/etc/MailScanner/spamassassin.conf Testy.eml >>3. spamassassin -D -t -C /etc/MailScanner/spamassassin.conf >>Testy.eml >>Seems to start spamassassin, but it finishes way way sooner than the >>successful command, it stops very early on in the dbg, and gives a >>message saying "(no Report template found) >> >>the above 3 commands all end up with >>Jun 7 20:23:20.745 [21665] dbg: check: is spam? score=0 required=5 >>Jun 7 20:23:20.746 [21665] dbg: check: tests= >>Jun 7 20:23:20.746 [21665] dbg: check: subtests= >>Jun 7 20:23:20.747 [21665] dbg: timing: total 796 ms - init: 696 >>(87.5%), parse: 6 (0.7%), extract_message_metadata: 62 (7.8%), >>get_uri_detail_list: 24 (3.0%), tests_pri_0: 21 (2.6%), compile_gen: >>4.3 (0.5%) >> >>There are plenty of other difference betweent the two reports. >> >>Still very little idea of what i am doing with this, so help is still >>very much appreciated! >> >>regards >> >>Toby >> >>------ Original Message ------ >>From: "Toby Widdows" >>To: "MailScanner Discussion" >> >>Sent: 06/06/2018 23:15:04 >>Subject: Re: Mailscanner - Spamassassin Issue >> >>>Ahh never thought of that, will give it a try >>> >>>Regards >>> >>> >>>Toby Widdows >>> >>> >>> >>>On Wed, Jun 6, 2018 at 11:14 PM +0100, "Shawn Iverson" >>> wrote: >>> >>>>Toby, >>>> >>>>Are you executing spamassassin in the same way that MailScanner >>>>calls spamassassin? >>>> >>>>In other words...assuming MailScanner is running as >>>>postfix...something like this.... >>>> >>>>sudo su postfix -p -c "spamassassin -t -d -C >>>>/etc/MailScanner/spamassassin.conf < somespamemail" >>>> >>>>This may shed some insight. >>>> >>>>On Wed, Jun 6, 2018 at 2:47 PM, Toby wrote: >>>>>Hi, >>>>> >>>>>I have just set up MailScanner in a PI3 running Jessie, I have >>>>>postfix as a mail server. >>>>> >>>>>I'm not sure MailScanner is calling or allowing Spamassassin to run >>>>>properly. >>>>> >>>>>I can see from the X headers that stuff is happening, but it is not >>>>>catching emails that are blatantly spam. i get a lot of scores >>>>>below 3. >>>>> >>>>>It passes the eicar, and gtube tests. >>>>> >>>>>However i picked an email that passed through mailscanner with a >>>>>low score of 3, saved it, and then ran spamassassin -D >>>>>and this process marked it as a 9! >>>>> >>>>>I think, but am not sure, that MailScanner is not triggering >>>>>Spamassassin or Spamassassin when triggered by MailScanner is >>>>>either not completing or not doing anything. >>>>> >>>>>I am completely new to this, and have no idea where to look, or >>>>>what to do. >>>>> >>>>>Any help greatly appreciated >>>>> >>>>>Regards >>>>> >>>>>Toby >>>>> >>>>> >>>>> >>>>>-- >>>>>MailScanner mailing list >>>>>mailscanner at lists.mailscanner.info >>>>> >>>>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> >>>>> >>>> >>>> >>>> >>>>-- >>>>Shawn Iverson, CETL >>>>Director of Technology >>>>Rush County Schools >>>>765-932-3901 x1171 >>>>iversons at rushville.k12.in.us >>>> >>>> >> >> >> >>-- >>MailScanner mailing list >>mailscanner at lists.mailscanner.info >> >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> > > > >-- >Shawn Iverson, CETL >Director of Technology >Rush County Schools >765-932-3901 x1171 >iversons at rushville.k12.in.us > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner at barendse.to Fri Jun 8 09:35:40 2018 From: mailscanner at barendse.to (Remco Barendse) Date: Fri, 8 Jun 2018 11:35:40 +0200 (CEST) Subject: Block email faking to be from our domain but coming from outside? Message-ID: See more and more messages incoming with fraud attempts. The mail is constructed to look like from someone in our organization sent it and is addressed to people within the organization. Is there any way to block email with a sender that pretends to be coming from @myowndomain.com but coming from outside? I use Exchange and all real email is coming only from Exchange, never from outside. What would be the right way to do it? Also, some companies sign incoming email messages with a one liner as the very first line of an email like : "THIS EMAIL ORIGINATED FROM OUTSIDE OUR ORGANIZATION" How to do that ? I found that MailScanner can sign messages but only at the bottom of an email? From djones at ena.com Fri Jun 8 11:13:54 2018 From: djones at ena.com (David Jones) Date: Fri, 8 Jun 2018 06:13:54 -0500 Subject: Mailscanner - Spamassassin Issue In-Reply-To: References: <77D992F1C0846DE7.9BB6FC06-791F-410B-B2ED-C600CC868663@mail.outlook.com> Message-ID: <4ae8f653-2621-7c77-8e37-396fb3381901@ena.com> On 06/08/2018 02:19 AM, Toby wrote: > Hi, > > After a bit more digging i have done an ExamDiff on the two logs > produced by a successful scan and a failed scan. ?There appears to be a > block of differences, they continue the same until the failed one gives > a "finished parsing", at which point the successfull seems to give a > much more detailed report. ?I have highlighted the differences and > removed the vast amount of differences leading up to "Finished parsing" > (lots of fix path, add tld list, using file statements). > Make sure you are running these manual SA scans as the same user that is in your MailScanner.conf. The most common problem that causes this is different users like postfix and root having different settings which cause different paths to be used just like you are experiencing. If you want to run "MailScanner --version", "MailScanner --lint" and then your manual scans with the full output and post it on pastebin.com for us to see, this should help us get a better idea of the problem. -- David Jones From djones at ena.com Fri Jun 8 11:20:20 2018 From: djones at ena.com (David Jones) Date: Fri, 8 Jun 2018 06:20:20 -0500 Subject: Block email faking to be from our domain but coming from outside? In-Reply-To: References: Message-ID: <90253370-5fee-f705-9418-182bafacee22@ena.com> On 06/08/2018 04:35 AM, Remco Barendse wrote: > See more and more messages incoming with fraud attempts. The mail is > constructed to look like from someone in our organization sent it and is > addressed to people within the organization. > > Is there any way to block email with a sender that pretends to be coming > from @myowndomain.com but coming from outside? > > I use Exchange and all real email is coming only from Exchange, never > from outside. > > What would be the right way to do it? > > > > Also, some companies sign incoming email messages with a one liner as > the very first line of an email like : > "THIS EMAIL ORIGINATED FROM OUTSIDE OUR ORGANIZATION" > > How to do that ? I found that MailScanner can sign messages but only at > the bottom of an email? > > This might be a better question for the SpamAssassin Users list but I can help anyway. Please post an example with minimal redacting to pastebin.com and send us a link. There are about a dozen or two things that that can be tuned in SpamAssassin but I have a feeling that you can use the Message-ID header to determine spoofed inbound messages. -- David Jones From mailscanner at barendse.to Fri Jun 8 12:18:02 2018 From: mailscanner at barendse.to (Remco Barendse) Date: Fri, 8 Jun 2018 14:18:02 +0200 (CEST) Subject: Block email faking to be from our domain but coming from outside? In-Reply-To: <90253370-5fee-f705-9418-182bafacee22@ena.com> References: <90253370-5fee-f705-9418-182bafacee22@ena.com> Message-ID: Thanks for your reply! These are not bulk spam messages, I'm talking carefully engineered tailor made messages from someone imposing to be myself and trying to persuade someone in finance to make a payment or change bank details. That's why I would like to explore options to flag those messages. If mail arrives from outside and our domain name is in the From: address something is terribly wrong :) I don't think SpamAssassin would help much in that case? On Fri, 8 Jun 2018, David Jones via MailScanner wrote: > On 06/08/2018 04:35 AM, Remco Barendse wrote: >> See more and more messages incoming with fraud attempts. The mail is >> constructed to look like from someone in our organization sent it and is >> addressed to people within the organization. >> >> Is there any way to block email with a sender that pretends to be coming >> from @myowndomain.com but coming from outside? >> >> I use Exchange and all real email is coming only from Exchange, never from >> outside. >> >> What would be the right way to do it? >> >> >> >> Also, some companies sign incoming email messages with a one liner as the >> very first line of an email like : >> "THIS EMAIL ORIGINATED FROM OUTSIDE OUR ORGANIZATION" >> >> How to do that ? I found that MailScanner can sign messages but only at the >> bottom of an email? >> >> > > This might be a better question for the SpamAssassin Users list but I can > help anyway. Please post an example with minimal redacting to pastebin.com > and send us a link. There are about a dozen or two things that that can be > tuned in SpamAssassin but I have a feeling that you can use the Message-ID > header to determine spoofed inbound messages. > > From djones at ena.com Fri Jun 8 12:40:10 2018 From: djones at ena.com (David Jones) Date: Fri, 8 Jun 2018 07:40:10 -0500 Subject: Block email faking to be from our domain but coming from outside? In-Reply-To: References: <90253370-5fee-f705-9418-182bafacee22@ena.com> Message-ID: <2e34500d-221d-20d4-4141-1d47e53a1b81@ena.com> On 06/08/2018 07:18 AM, Remco Barendse wrote: > Thanks for your reply!? These are not bulk spam messages, I'm talking > carefully engineered tailor made messages from someone imposing to be > myself and trying to persuade someone in finance to make a payment or > change bank details. > > That's why I would like to explore options to flag those messages. If > mail arrives from outside and our domain name is in the From: address > something is terribly wrong :) > > I don't think SpamAssassin would help much in that case? > > Do you understand that MailScanner's primary method of scoring and blocking email is SpamAssassin? MailScanner is basically a wrapper for SA with some extra checks like icing on the cake. The cake is SA. I have an SA rule that does the very thing you are needed to do: header __MSGID_ENA_FILTERED Message-ID =~ /\@ena\.com>/ meta ENA_MSGID_ENA_FILTERED !ALL_TRUSTED && __MSGID_ENA_FILTERED describe ENA_MSGID_ENA_FILTERED Message ID ends in a domain that ENA filters inbound score ENA_MSGID_ENA_FILTERED 8.2 If you showed me the headers of an example email, I could confirm or help you setup an SA rule that would block these fake emails. Dave > On Fri, 8 Jun 2018, David Jones via MailScanner wrote: > >> On 06/08/2018 04:35 AM, Remco Barendse wrote: >>> See more and more messages incoming with fraud attempts. The mail is >>> constructed to look like from someone in our organization sent it and >>> is addressed to people within the organization. >>> >>> Is there any way to block email with a sender that pretends to be >>> coming from @myowndomain.com but coming from outside? >>> >>> I use Exchange and all real email is coming only from Exchange, never >>> from outside. >>> >>> What would be the right way to do it? >>> >>> >>> >>> Also, some companies sign incoming email messages with a one liner as >>> the very first line of an email like : >>> "THIS EMAIL ORIGINATED FROM OUTSIDE OUR ORGANIZATION" >>> >>> How to do that ? I found that MailScanner can sign messages but only >>> at the bottom of an email? >>> >>> >> >> This might be a better question for the SpamAssassin Users list but I >> can help anyway.? Please post an example with minimal redacting to >> pastebin.com and send us a link.? There are about a dozen or two >> things that that can be tuned in SpamAssassin but I have a feeling >> that you can use the Message-ID header to determine spoofed inbound >> messages. >> >> -- David Jones From alex at vidadigital.com.pa Fri Jun 8 13:11:10 2018 From: alex at vidadigital.com.pa (Alex Neuman van der Hans) Date: Fri, 8 Jun 2018 08:11:10 -0500 Subject: Block email faking to be from our domain but coming from outside? In-Reply-To: References: Message-ID: Correct way to do it involves properly implementing SPF. Stops 100% of emails purporting to come from you that don?t. That being said, be careful about domains that only Iook like they come from your domain but are carefuIIy constructed. Uppercase i looks like lowercase L. > On Jun 8, 2018, at 4:35 AM, Remco Barendse wrote: > > See more and more messages incoming with fraud attempts. The mail is constructed to look like from someone in our organization sent it and is addressed to people within the organization. > > Is there any way to block email with a sender that pretends to be coming from @myowndomain.com but coming from outside? > > I use Exchange and all real email is coming only from Exchange, never from outside. > > What would be the right way to do it? > > > > Also, some companies sign incoming email messages with a one liner as the very first line of an email like : > "THIS EMAIL ORIGINATED FROM OUTSIDE OUR ORGANIZATION" > > How to do that ? I found that MailScanner can sign messages but only at the bottom of an email? > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > From wcolburn at nrao.edu Fri Jun 8 14:41:40 2018 From: wcolburn at nrao.edu (William D. Colburn) Date: Fri, 8 Jun 2018 08:41:40 -0600 Subject: Block email faking to be from our domain but coming from outside? In-Reply-To: References: <90253370-5fee-f705-9418-182bafacee22@ena.com> Message-ID: <20180608144140.GA10457@zia.aoc.nrao.edu> On Fri, Jun 08, 2018 at 02:18:02PM +0200, Remco Barendse wrote: >Thanks for your reply! These are not bulk spam messages, I'm talking >carefully engineered tailor made messages from someone imposing to be >myself and trying to persuade someone in finance to make a payment or >change bank details. Have your mail servers add a header to all mail originating on the inside, and then use a spamassassin ruleset to flag all the messages that look like they are from the inside but lack that header. --Schlake From mailscanner at replies.cyways.com Fri Jun 8 15:48:26 2018 From: mailscanner at replies.cyways.com (Peter Lemieux) Date: Fri, 8 Jun 2018 11:48:26 -0400 Subject: Block email faking to be from our domain but coming from outside? In-Reply-To: References: Message-ID: <92ffc23a-326d-a788-2ab9-929fc0680a3d@replies.cyways.com> I find these problems more easily resolved at the SMTP level. I use sendmail and its access.db mechanism for this task. My /etc/mail/access file permits mail from localhost and specific local networks, then has a generic REJECT rule for any other mail with From's spoofing my domain. Something like this: Connect:127.0.0.1 RELAY Connect:10.10.10. RELAY From:mydomain.com REJECT [etc.] . REJECT You could replace 10.10.10. with the Exchange server's IP. I also manage a postfix server where we use a different method. In main.cf we have smtpd_sender_restrictions = reject_unknown_sender_domain, check_sender_access pcre:/etc/postfix/sender_access and the sender_access file contains # no mail from outsiders claiming to be us /\.mydomain\.com$/ REJECT See "man access" and http://www.postfix.org/SMTPD_ACCESS_README.html. Peter On 06/08/2018 05:35 AM, Remco Barendse wrote: > See more and more messages incoming with fraud attempts. The mail is > constructed to look like from someone in our organization sent it and is > addressed to people within the organization. > > Is there any way to block email with a sender that pretends to be coming > from @myowndomain.com but coming from outside? > > I use Exchange and all real email is coming only from Exchange, never from > outside. > > What would be the right way to do it? From toby at rosecott.net Fri Jun 8 19:21:42 2018 From: toby at rosecott.net (Toby) Date: Fri, 08 Jun 2018 19:21:42 +0000 Subject: Mailscanner - Spamassassin Issue In-Reply-To: <4ae8f653-2621-7c77-8e37-396fb3381901@ena.com> References: <77D992F1C0846DE7.9BB6FC06-791F-410B-B2ED-C600CC868663@mail.outlook.com> <4ae8f653-2621-7c77-8e37-396fb3381901@ena.com> Message-ID: Hi, Thanks for the replies, and the efforts so far. I checked the MailScanner.Conf, and it using postfix as the user and group. i have created several pastebins:- 1: https://pastebin.com/07HcxD72 - Mailscanner --Version 2: https://pastebin.com/eh3XmfWb - MailScanner --lint 3: https://pastebin.com/J6d8GBB4 - MailScanner.conf 4: https://pastebin.com/XAjrPftG - Spamassassin.conf 5: https://pastebin.com/BmTnp5SL - Best scan results acheived with "sudo -u root -p -c spamassassin -D -t Testy.eml" - Score 9 6: https://pastebin.com/dLi6QKjU - Successfull scan as described previously "sudo -u postfix -p -c spamassassin -D -t Testy.eml" - score 7.4 7: https://pastebin.com/yhwrbb2G - Failed results as previously described "sudo -u postfix -p -c spamassassin -D -t -C /etc/MailScanner/spamassassin.conf Testy.eml" - score 0 8: https://pastebin.com/PtC30M5U - Defaults file from MailScanner Hope this is enough to go forwards. As you can see i get different results for the same user, depending on whether i declare the mailscanner/spamassassin.conf file ------ Original Message ------ From: "David Jones via MailScanner" To: mailscanner at lists.mailscanner.info Cc: "David Jones" Sent: 08/06/2018 12:13:54 Subject: Re: Mailscanner - Spamassassin Issue >On 06/08/2018 02:19 AM, Toby wrote: >>Hi, >> >>After a bit more digging i have done an ExamDiff on the two logs >>produced by a successful scan and a failed scan. There appears to be >>a block of differences, they continue the same until the failed one >>gives a "finished parsing", at which point the successfull seems to >>give a much more detailed report. I have highlighted the differences >>and removed the vast amount of differences leading up to "Finished >>parsing" (lots of fix path, add tld list, using file statements). >> > >Make sure you are running these manual SA scans as the same user that >is in your MailScanner.conf. The most common problem that causes this >is different users like postfix and root having different settings >which cause different paths to be used just like you are experiencing. > >If you want to run "MailScanner --version", "MailScanner --lint" and >then your manual scans with the full output and post it on pastebin.com >for us to see, this should help us get a better idea of the problem. > >-- David Jones > > >-- MailScanner mailing list >mailscanner at lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > From djones at ena.com Fri Jun 8 19:45:20 2018 From: djones at ena.com (David Jones) Date: Fri, 8 Jun 2018 14:45:20 -0500 Subject: Mailscanner - Spamassassin Issue In-Reply-To: References: <77D992F1C0846DE7.9BB6FC06-791F-410B-B2ED-C600CC868663@mail.outlook.com> <4ae8f653-2621-7c77-8e37-396fb3381901@ena.com> Message-ID: <813c6a06-ebba-9165-05c4-d1704c324ea7@ena.com> On 06/08/2018 02:21 PM, Toby wrote: > Hi, > > Thanks for the replies, and the efforts so far. > > I checked the MailScanner.Conf, and it using postfix as the user and group. > > i have created several pastebins:- > > 1: https://pastebin.com/07HcxD72 - Mailscanner --Version > > 2: https://pastebin.com/eh3XmfWb - MailScanner --lint > > 3: https://pastebin.com/J6d8GBB4 - MailScanner.conf > > 4: https://pastebin.com/XAjrPftG - Spamassassin.conf > > 5: https://pastebin.com/BmTnp5SL - Best scan results acheived with "sudo > -u root -p -c spamassassin -D -t Testy.eml" - Score 9 > > 6: https://pastebin.com/dLi6QKjU - Successfull scan as described > previously? "sudo -u postfix -p -c spamassassin -D -t Testy.eml" - score > 7.4 > > 7: https://pastebin.com/yhwrbb2G - Failed results as previously > described "sudo -u postfix -p -c spamassassin -D -t -C > /etc/MailScanner/spamassassin.conf Testy.eml" - score 0 > > 8: https://pastebin.com/PtC30M5U - Defaults file from MailScanner > > > Hope this is enough to go forwards.? As you can see i get different > results for the same user, depending on whether i declare the > mailscanner/spamassassin.conf file > > It looks like all of those pastebins are private. If you have properly redacted them, please make them public. -- David Jones From toby at rosecott.net Fri Jun 8 20:25:32 2018 From: toby at rosecott.net (Toby) Date: Fri, 08 Jun 2018 20:25:32 +0000 Subject: Mailscanner - Spamassassin Issue In-Reply-To: <813c6a06-ebba-9165-05c4-d1704c324ea7@ena.com> References: <77D992F1C0846DE7.9BB6FC06-791F-410B-B2ED-C600CC868663@mail.outlook.com> <4ae8f653-2621-7c77-8e37-396fb3381901@ena.com> <813c6a06-ebba-9165-05c4-d1704c324ea7@ena.com> Message-ID: Apologies, all public now ------ Original Message ------ From: "David Jones via MailScanner" To: mailscanner at lists.mailscanner.info Cc: "David Jones" Sent: 08/06/2018 20:45:20 Subject: Re: Mailscanner - Spamassassin Issue >On 06/08/2018 02:21 PM, Toby wrote: >>Hi, >> >>Thanks for the replies, and the efforts so far. >> >>I checked the MailScanner.Conf, and it using postfix as the user and >>group. >> >>i have created several pastebins:- >> >>1: https://pastebin.com/07HcxD72 - Mailscanner --Version >> >>2: https://pastebin.com/eh3XmfWb - MailScanner --lint >> >>3: https://pastebin.com/J6d8GBB4 - MailScanner.conf >> >>4: https://pastebin.com/XAjrPftG - Spamassassin.conf >> >>5: https://pastebin.com/BmTnp5SL - Best scan results acheived with >>"sudo -u root -p -c spamassassin -D -t Testy.eml" - Score 9 >> >>6: https://pastebin.com/dLi6QKjU - Successfull scan as described >>previously "sudo -u postfix -p -c spamassassin -D -t Testy.eml" - >>score 7.4 >> >>7: https://pastebin.com/yhwrbb2G - Failed results as previously >>described "sudo -u postfix -p -c spamassassin -D -t -C >>/etc/MailScanner/spamassassin.conf Testy.eml" - score 0 >> >>8: https://pastebin.com/PtC30M5U - Defaults file from MailScanner >> >> >>Hope this is enough to go forwards. As you can see i get different >>results for the same user, depending on whether i declare the >>mailscanner/spamassassin.conf file >> >> >It looks like all of those pastebins are private. If you have properly >redacted them, please make them public. > >-- David Jones > > >-- MailScanner mailing list >mailscanner at lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > From djones at ena.com Fri Jun 8 21:32:48 2018 From: djones at ena.com (David Jones) Date: Fri, 8 Jun 2018 16:32:48 -0500 Subject: Mailscanner - Spamassassin Issue In-Reply-To: References: <77D992F1C0846DE7.9BB6FC06-791F-410B-B2ED-C600CC868663@mail.outlook.com> <4ae8f653-2621-7c77-8e37-396fb3381901@ena.com> <813c6a06-ebba-9165-05c4-d1704c324ea7@ena.com> Message-ID: On 06/08/2018 03:25 PM, Toby wrote: > Apologies, all public now > > ------ Original Message ------ > From: "David Jones via MailScanner" > To: mailscanner at lists.mailscanner.info > Cc: "David Jones" > Sent: 08/06/2018 20:45:20 > Subject: Re: Mailscanner - Spamassassin Issue > >> On 06/08/2018 02:21 PM, Toby wrote: >>> Hi, >>> >>> Thanks for the replies, and the efforts so far. >>> >>> I checked the MailScanner.Conf, and it using postfix as the user and >>> group. >>> >>> i have created several pastebins:- >>> >>> 1: https://pastebin.com/07HcxD72 - Mailscanner --Version >>> >>> 2: https://pastebin.com/eh3XmfWb - MailScanner --lint >>> >>> 3: https://pastebin.com/J6d8GBB4 - MailScanner.conf >>> >>> 4: https://pastebin.com/XAjrPftG - Spamassassin.conf >>> >>> 5: https://pastebin.com/BmTnp5SL - Best scan results acheived with >>> "sudo -u root -p -c spamassassin -D -t Testy.eml" - Score 9 >>> >>> 6: https://pastebin.com/dLi6QKjU - Successfull scan as described >>> previously? "sudo -u postfix -p -c spamassassin -D -t Testy.eml" - >>> score 7.4 >>> >>> 7: https://pastebin.com/yhwrbb2G - Failed results as previously >>> described "sudo -u postfix -p -c spamassassin -D -t -C >>> /etc/MailScanner/spamassassin.conf Testy.eml" - score 0 >>> >>> 8: https://pastebin.com/PtC30M5U - Defaults file from MailScanner >>> >>> >>> Hope this is enough to go forwards.? As you can see i get different >>> results for the same user, depending on whether i declare the >>> mailscanner/spamassassin.conf file >>> If you search for "user_prefs" in those 2 "spamassassin -D" runs you will see that it's using 2 different preferences file. That is the difference. Near the bottom of those runs you see that one is hitting BAYES_* while the lower score is not. That's the difference in the good scores. I would recommend removing the /var/spool/postfix/.spamassassin/user_prefs file and maybe even the entire .spamassassin dir to avoid any confusion. The MailScanner service script should be starting as user root to read all of it's configs then lowering it's privs by switching to the postfix user. In the bad run, something is trying to open /etc/mail/spamassassin/MailScanner.cf. Does that exist with an uppercase "M"? It's supposed to be "mailscanner.cf" in /etc/mail/spamassassin all lowercase. You need to track down what is pointing to the MailScanner.cf with a "grep -rl MailScanner.cf *" from / or something. These are two very different files but I think something is crossed up in your configs: /etc/mail/spamassassin/mailscanner.cf /etc/MailScanner/MailScanner.conf -- David Jones From toby at rosecott.net Sat Jun 9 00:16:05 2018 From: toby at rosecott.net (Toby) Date: Sat, 09 Jun 2018 00:16:05 +0000 Subject: Mailscanner - Spamassassin Issue In-Reply-To: References: <77D992F1C0846DE7.9BB6FC06-791F-410B-B2ED-C600CC868663@mail.outlook.com> <4ae8f653-2621-7c77-8e37-396fb3381901@ena.com> <813c6a06-ebba-9165-05c4-d1704c324ea7@ena.com> Message-ID: Hi, Thanks again for the work put in here, i have been looking at your reply :- 1. I would recommend removing the /var/spool/postfix/.spamassassin/user_prefs file and maybe even the entire .spamassassin dir to avoid any confusion. The MailScanner service script should be starting as user root to read all of it's configs then lowering it's privs by switching to the postfix user. i did this, and the folder was just recreated when i ran the command. I tried copying the user files from the root/.spamassassin folder that is mentioned in the good scan, but this had no effect 2. In the bad run, something is trying to open /etc/mail/spamassassin/MailScanner.cf. Does that exist with an uppercase "M"? It's supposed to be "mailscanner.cf" in /etc/mail/spamassassin all lowercase. i checked the file, and it did exist with the capitalisation, interestingly i renamed it and the result log changed as well, but this had no effect on the result, so i changed it back again. 3. You need to track down what is pointing to the MailScanner.cf with a "grep -rl MailScanner.cf *" from / or something. These are two very different files but I think something is crossed up in your configs: /etc/mail/spamassassin/mailscanner.cf /etc/MailScanner/MailScanner.conf i have no idea how to do the grep thing, i'm a noob to linux, so i did nothing about this, i have a colleague who may help with this if needs be. So i was still no further forwards. i started comparing the results again, and noticed a difference in some lines above the user_prefs you mentioned. Jun 9 01:03:34.495 [27253] dbg: config: using "/etc/MailScanner/spamassassin.conf" for sys rules pre files Jun 9 01:03:34.496 [27253] dbg: config: read file /etc/MailScanner/spamassassin.conf Jun 9 01:03:34.496 [27253] dbg: config: using "/etc/MailScanner/spamassassin.conf" for default rules dir Jun 9 01:03:34.497 [27253] dbg: config: read file /etc/MailScanner/spamassassin.conf Jun 9 01:03:34.498 [27253] dbg: config: using "/etc/mail/spamassassin" for site rules dir Jun 9 01:03:34.499 [27253] dbg: config: read file /etc/mail/spamassassin/MailScanner.cf Jun 9 01:03:34.500 [27253] dbg: config: read file /etc/mail/spamassassin/local.cf Jun 9 01:03:34.500 [27253] dbg: config: using "/var/spool/postfix/.spamassassin" for user state dir Jun 9 01:03:34.501 [27253] dbg: config: using "/var/spool/postfix/.spamassassin/user_prefs" for user prefs file Jun 9 01:03:34.502 [27253] dbg: config: read file /var/spool/postfix/.spamassassin/user_prefs dbg: config: using "/var/lib/spamassassin/3.004001" for sys rules pre files dbg: config: using "/var/lib/spamassassin/3.004001" for default rules dir dbg: config: read file /var/lib/spamassassin/3.004001/updates_spamassassin_org.cf dbg: config: using "/etc/mail/spamassassin" for site rules dir dbg: config: read file /etc/mail/spamassassin/MailScanner.cf dbg: config: read file /etc/mail/spamassassin/local.cf dbg: config: using "/root/.spamassassin" for user state dir dbg: config: using "/root/.spamassassin/user_prefs" for user prefs file dbg: config: read file /root/.spamassassin/user_prefs This got me thinking and i found a load of NN_xxxxxxx.cf files in a folder beneath 3.004.001. i ended up copying these to the /etc/mail/Spamassassin folder. and now i have it working. i don't think this is the correct solution, but it will hopefully point to the correct solution. in the meantime thanks again for the help ------ Original Message ------ From: "David Jones via MailScanner" To: mailscanner at lists.mailscanner.info Cc: "David Jones" Sent: 08/06/2018 22:32:48 Subject: Re: Mailscanner - Spamassassin Issue >On 06/08/2018 03:25 PM, Toby wrote: >>Apologies, all public now >> >>------ Original Message ------ >>From: "David Jones via MailScanner" >> >>To: mailscanner at lists.mailscanner.info >>Cc: "David Jones" >>Sent: 08/06/2018 20:45:20 >>Subject: Re: Mailscanner - Spamassassin Issue >> >>>On 06/08/2018 02:21 PM, Toby wrote: >>>>Hi, >>>> >>>>Thanks for the replies, and the efforts so far. >>>> >>>>I checked the MailScanner.Conf, and it using postfix as the user and >>>>group. >>>> >>>>i have created several pastebins:- >>>> >>>>1: https://pastebin.com/07HcxD72 - Mailscanner --Version >>>> >>>>2: https://pastebin.com/eh3XmfWb - MailScanner --lint >>>> >>>>3: https://pastebin.com/J6d8GBB4 - MailScanner.conf >>>> >>>>4: https://pastebin.com/XAjrPftG - Spamassassin.conf >>>> >>>>5: https://pastebin.com/BmTnp5SL - Best scan results acheived with >>>>"sudo -u root -p -c spamassassin -D -t Testy.eml" - Score 9 >>>> >>>>6: https://pastebin.com/dLi6QKjU - Successfull scan as described >>>>previously "sudo -u postfix -p -c spamassassin -D -t Testy.eml" - >>>>score 7.4 >>>> >>>>7: https://pastebin.com/yhwrbb2G - Failed results as previously >>>>described "sudo -u postfix -p -c spamassassin -D -t -C >>>>/etc/MailScanner/spamassassin.conf Testy.eml" - score 0 >>>> >>>>8: https://pastebin.com/PtC30M5U - Defaults file from MailScanner >>>> >>>> >>>>Hope this is enough to go forwards. As you can see i get different >>>>results for the same user, depending on whether i declare the >>>>mailscanner/spamassassin.conf file >>>> > >If you search for "user_prefs" in those 2 "spamassassin -D" runs you >will see that it's using 2 different preferences file. That is the >difference. Near the bottom of those runs you see that one is hitting >BAYES_* while the lower score is not. That's the difference in the >good scores. > >I would recommend removing the >/var/spool/postfix/.spamassassin/user_prefs file and maybe even the >entire .spamassassin dir to avoid any confusion. The MailScanner >service script should be starting as user root to read all of it's >configs then lowering it's privs by switching to the postfix user. > >In the bad run, something is trying to open >/etc/mail/spamassassin/MailScanner.cf. Does that exist with an >uppercase "M"? It's supposed to be "mailscanner.cf" in >/etc/mail/spamassassin all lowercase. > >You need to track down what is pointing to the MailScanner.cf with a >"grep -rl MailScanner.cf *" from / or something. > >These are two very different files but I think something is crossed up >in your configs: >/etc/mail/spamassassin/mailscanner.cf >/etc/MailScanner/MailScanner.conf > >-- David Jones > > >-- MailScanner mailing list >mailscanner at lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Sat Jun 9 07:42:20 2018 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Sat, 9 Jun 2018 03:42:20 -0400 Subject: Mailscanner - Spamassassin Issue In-Reply-To: References: <77D992F1C0846DE7.9BB6FC06-791F-410B-B2ED-C600CC868663@mail.outlook.com> <4ae8f653-2621-7c77-8e37-396fb3381901@ena.com> <813c6a06-ebba-9165-05c4-d1704c324ea7@ena.com> Message-ID: Toby, Out of curiosity, what are these defined in your MailScanner.conf? SpamAssassin Local Rules Dir SpamAssassin Local State Dir SpamAssassin Default Rules Dir On Fri, Jun 8, 2018 at 8:16 PM, Toby wrote: > Hi, > > Thanks again for the work put in here, i have been looking at your reply :- > > 1. I would recommend removing the /var/spool/postfix/.spamassassin/user_prefs > file and maybe even the entire .spamassassin dir to avoid any confusion. > The MailScanner service script should be starting as user root to read all > of it's configs then lowering it's privs by switching to the postfix user. > > i did this, and the folder was just recreated when i ran the command. I > tried copying the user files from the root/.spamassassin folder that is > mentioned in the good scan, but this had no effect > > 2. In the bad run, something is trying to open /etc/mail/spamassassin/MailScanner.cf. > Does that exist with an uppercase "M"? It's supposed to be "mailscanner.cf" > in /etc/mail/spamassassin all lowercase. > > i checked the file, and it did exist with the capitalisation, > interestingly i renamed it and the result log changed as well, but this had > no effect on the result, so i changed it back again. > > 3. You need to track down what is pointing to the MailScanner.cf with a > "grep -rl MailScanner.cf *" from / or something. > These are two very different files but I think something is crossed up in > your configs: > /etc/mail/spamassassin/mailscanner.cf > /etc/MailScanner/MailScanner.conf > > i have no idea how to do the grep thing, i'm a noob to linux, so i did > nothing about this, i have a colleague who may help with this if needs be. > > So i was still no further forwards. i started comparing the results > again, and noticed a difference in some lines above the user_prefs you > mentioned. > > > *Jun 9 01:03:34.495 [27253] dbg: config: using > "/etc/MailScanner/spamassassin.conf" for sys rules pre files* > *Jun 9 01:03:34.496 [27253] dbg: config: read file > /etc/MailScanner/spamassassin.conf* > *Jun 9 01:03:34.496 [27253] dbg: config: using > "/etc/MailScanner/spamassassin.conf" for default rules dir* > *Jun 9 01:03:34.497 [27253] dbg: config: read file > /etc/MailScanner/spamassassin.conf* > Jun 9 01:03:34.498 [27253] dbg: config: using "/etc/mail/spamassassin" for > site rules dir > Jun 9 01:03:34.499 [27253] dbg: config: read file /etc/mail/spamassassin/ > MailScanner.cf > Jun 9 01:03:34.500 [27253] dbg: config: read file /etc/mail/spamassassin/ > local.cf > Jun 9 01:03:34.500 [27253] dbg: config: using "/var/spool/postfix/.spamassassin" > for user state dir > Jun 9 01:03:34.501 [27253] dbg: config: using "/var/spool/postfix/.spamassassin/user_prefs" > for user prefs file > Jun 9 01:03:34.502 [27253] dbg: config: read file /var/spool/postfix/. > spamassassin/user_prefs > > > *dbg: config: using "/var/lib/spamassassin/3.004001" for sys rules pre > files* > * dbg: config: using "/var/lib/spamassassin/3.004001" for default rules > dir* > * dbg: config: read file > /var/lib/spamassassin/3.004001/updates_spamassassin_org.cf > * > dbg: config: using "/etc/mail/spamassassin" for site rules dir > dbg: config: read file /etc/mail/spamassassin/MailScanner.cf > dbg: config: read file /etc/mail/spamassassin/local.cf > dbg: config: using "/root/.spamassassin" for user state dir > dbg: config: using "/root/.spamassassin/user_prefs" for user prefs file > dbg: config: read file /root/.spamassassin/user_prefs > > This got me thinking and i found a load of NN_xxxxxxx.cf files in a folder > beneath 3.004.001. i ended up copying these to the /etc/mail/Spamassassin > folder. and now i have it working. > > i don't think this is the correct solution, but it will hopefully point to > the correct solution. > > in the meantime thanks again for the help > > > > ------ Original Message ------ > From: "David Jones via MailScanner" > To: mailscanner at lists.mailscanner.info > Cc: "David Jones" > Sent: 08/06/2018 22:32:48 > Subject: Re: Mailscanner - Spamassassin Issue > > On 06/08/2018 03:25 PM, Toby wrote: > > Apologies, all public now > > ------ Original Message ------ > From: "David Jones via MailScanner" > To: mailscanner at lists.mailscanner.info > Cc: "David Jones" > Sent: 08/06/2018 20:45:20 > Subject: Re: Mailscanner - Spamassassin Issue > > > On 06/08/2018 02:21 PM, Toby wrote: > > Hi, > > Thanks for the replies, and the efforts so far. > > I checked the MailScanner.Conf, and it using postfix as the user and group. > > i have created several pastebins:- > > 1: https://pastebin.com/07HcxD72 - Mailscanner --Version > > 2: https://pastebin.com/eh3XmfWb - MailScanner --lint > > 3: https://pastebin.com/J6d8GBB4 - MailScanner.conf > > 4: https://pastebin.com/XAjrPftG - Spamassassin.conf > > 5: https://pastebin.com/BmTnp5SL - Best scan results acheived with "sudo > -u root -p -c spamassassin -D -t Testy.eml" - Score 9 > > 6: https://pastebin.com/dLi6QKjU - Successfull scan as described > previously "sudo -u postfix -p -c spamassassin -D -t Testy.eml" - score 7.4 > > 7: https://pastebin.com/yhwrbb2G - Failed results as previously described > "sudo -u postfix -p -c spamassassin -D -t -C /etc/MailScanner/spamassassin.conf > Testy.eml" - score 0 > > 8: https://pastebin.com/PtC30M5U - Defaults file from MailScanner > > > Hope this is enough to go forwards. As you can see i get different > results for the same user, depending on whether i declare the > mailscanner/spamassassin.conf file > > > > If you search for "user_prefs" in those 2 "spamassassin -D" runs you will > see that it's using 2 different preferences file. That is the difference. > Near the bottom of those runs you see that one is hitting BAYES_* while the > lower score is not. That's the difference in the good scores. > > I would recommend removing the /var/spool/postfix/.spamassassin/user_prefs > file and maybe even the entire .spamassassin dir to avoid any confusion. > The MailScanner service script should be starting as user root to read all > of it's configs then lowering it's privs by switching to the postfix user. > > In the bad run, something is trying to open /etc/mail/spamassassin/MailScanner.cf. > Does that exist with an uppercase "M"? It's supposed to be " > mailscanner.cf" in /etc/mail/spamassassin all lowercase. > > You need to track down what is pointing to the MailScanner.cf with a "grep > -rl MailScanner.cf *" from / or something. > > These are two very different files but I think something is crossed up in > your configs: > /etc/mail/spamassassin/mailscanner.cf > /etc/MailScanner/MailScanner.conf > > -- David Jones > > > -- MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From toby at rosecott.net Sat Jun 9 09:37:05 2018 From: toby at rosecott.net (Toby) Date: Sat, 09 Jun 2018 09:37:05 +0000 Subject: Mailscanner - Spamassassin Issue In-Reply-To: References: <77D992F1C0846DE7.9BB6FC06-791F-410B-B2ED-C600CC868663@mail.outlook.com> <4ae8f653-2621-7c77-8e37-396fb3381901@ena.com> <813c6a06-ebba-9165-05c4-d1704c324ea7@ena.com> Message-ID: Hi, Currently set to:- SpamAssassin Local Rules Dir = SpamAssassin Local State Dir = /var/lib/spamassassin - under here is the 3.004001 folder i found the rules in, but having this setting set did not find the rules SpamAssassin Default Rules Dir = i looked at these last night but decided I was too tired to figure it out. the files I copied last are, if i understand it correctly delivered by SA-Update, if so, they fix i have at the moment will break when these rules are updated. So i guess one of all of the above settings is incorrect, i would love to know which and what to set it to. I have pasted all the advanced settings for mailscanner from the mailscanner.conf file into paste bin https://pastebin.com/UrSu0rtm i have i feeling these may be wrong, and i may have contributed late at night, i use postfix for the MTA ------ Original Message ------ From: "Shawn Iverson" To: "MailScanner Discussion" Sent: 09/06/2018 08:42:20 Subject: Re: Re[2]: Mailscanner - Spamassassin Issue >Toby, > >Out of curiosity, what are these defined in your MailScanner.conf? > >SpamAssassin Local Rules Dir >SpamAssassin Local State Dir >SpamAssassin Default Rules Dir > > >On Fri, Jun 8, 2018 at 8:16 PM, Toby wrote: >>Hi, >> >>Thanks again for the work put in here, i have been looking at your >>reply :- >> >>1. I would recommend removing the >>/var/spool/postfix/.spamassassin/user_prefs file and maybe even the >>entire .spamassassin dir to avoid any confusion. The MailScanner >>service script should be starting as user root to read all of it's >>configs then lowering it's privs by switching to the postfix user. >> >>i did this, and the folder was just recreated when i ran the command. >>I tried copying the user files from the root/.spamassassin folder that >>is mentioned in the good scan, but this had no effect >> >>2. In the bad run, something is trying to open >>/etc/mail/spamassassin/MailScanner.cf. Does that exist with an >>uppercase "M"? It's supposed to be "mailscanner.cf" in >>/etc/mail/spamassassin all lowercase. >> >>i checked the file, and it did exist with the capitalisation, >>interestingly i renamed it and the result log changed as well, but >>this had no effect on the result, so i changed it back again. >> >>3. You need to track down what is pointing to the MailScanner.cf with >>a "grep -rl MailScanner.cf *" from / or something. >> These are two very different files but I think something is crossed >>up in your configs: >>/etc/mail/spamassassin/mailscanner.cf >>/etc/MailScanner/MailScanner.conf >> >>i have no idea how to do the grep thing, i'm a noob to linux, so i did >>nothing about this, i have a colleague who may help with this if needs >>be. >> >>So i was still no further forwards. i started comparing the results >>again, and noticed a difference in some lines above the user_prefs you >>mentioned. >> >> >>Jun 9 01:03:34.495 [27253] dbg: config: using >>"/etc/MailScanner/spamassassin.conf" for sys rules pre files >>Jun 9 01:03:34.496 [27253] dbg: config: read file >>/etc/MailScanner/spamassassin.conf >>Jun 9 01:03:34.496 [27253] dbg: config: using >>"/etc/MailScanner/spamassassin.conf" for default rules dir >>Jun 9 01:03:34.497 [27253] dbg: config: read file >>/etc/MailScanner/spamassassin.conf >>Jun 9 01:03:34.498 [27253] dbg: config: using "/etc/mail/spamassassin" >>for site rules dir >>Jun 9 01:03:34.499 [27253] dbg: config: read file >>/etc/mail/spamassassin/MailScanner.cf >>Jun 9 01:03:34.500 [27253] dbg: config: read file >>/etc/mail/spamassassin/local.cf >>Jun 9 01:03:34.500 [27253] dbg: config: using >>"/var/spool/postfix/.spamassassin" for user state dir >>Jun 9 01:03:34.501 [27253] dbg: config: using >>"/var/spool/postfix/.spamassassin/user_prefs" for user prefs file >>Jun 9 01:03:34.502 [27253] dbg: config: read file >>/var/spool/postfix/.spamassassin/user_prefs >> >> >> dbg: config: using "/var/lib/spamassassin/3.004001" for sys rules pre >>files >> dbg: config: using "/var/lib/spamassassin/3.004001" for default rules >>dir >> dbg: config: read file >>/var/lib/spamassassin/3.004001/updates_spamassassin_org.cf >> >> dbg: config: using "/etc/mail/spamassassin" for site rules dir >> dbg: config: read file /etc/mail/spamassassin/MailScanner.cf >> dbg: config: read file /etc/mail/spamassassin/local.cf >> >> dbg: config: using "/root/.spamassassin" for user state dir >> dbg: config: using "/root/.spamassassin/user_prefs" for user prefs >>file >> dbg: config: read file /root/.spamassassin/user_prefs >> >>This got me thinking and i found a load of NN_xxxxxxx.cf files in a >>folder beneath 3.004.001. i ended up copying these to the >>/etc/mail/Spamassassin folder. and now i have it working. >> >>i don't think this is the correct solution, but it will hopefully >>point to the correct solution. >> >>in the meantime thanks again for the help >> >> >> >>------ Original Message ------ >>From: "David Jones via MailScanner" >>>> >>To: mailscanner at lists.mailscanner.info >> >>Cc: "David Jones" >>Sent: 08/06/2018 22:32:48 >>Subject: Re: Mailscanner - Spamassassin Issue >> >>>On 06/08/2018 03:25 PM, Toby wrote: >>>>Apologies, all public now >>>> >>>>------ Original Message ------ >>>>From: "David Jones via MailScanner" >>>>>>>> >>>>To: mailscanner at lists.mailscanner.info >>>> >>>>Cc: "David Jones" >>>>Sent: 08/06/2018 20:45:20 >>>>Subject: Re: Mailscanner - Spamassassin Issue >>>> >>>>>On 06/08/2018 02:21 PM, Toby wrote: >>>>>>Hi, >>>>>> >>>>>>Thanks for the replies, and the efforts so far. >>>>>> >>>>>>I checked the MailScanner.Conf, and it using postfix as the user >>>>>>and group. >>>>>> >>>>>>i have created several pastebins:- >>>>>> >>>>>>1: https://pastebin.com/07HcxD72 - Mailscanner --Version >>>>>> >>>>>>2: https://pastebin.com/eh3XmfWb - MailScanner --lint >>>>>> >>>>>>3: https://pastebin.com/J6d8GBB4 - MailScanner.conf >>>>>> >>>>>>4: https://pastebin.com/XAjrPftG - Spamassassin.conf >>>>>> >>>>>>5: https://pastebin.com/BmTnp5SL - Best scan results acheived with >>>>>>"sudo -u root -p -c spamassassin -D -t Testy.eml" - Score 9 >>>>>> >>>>>>6: https://pastebin.com/dLi6QKjU - Successfull scan as described >>>>>>previously "sudo -u postfix -p -c spamassassin -D -t Testy.eml" - >>>>>>score 7.4 >>>>>> >>>>>>7: https://pastebin.com/yhwrbb2G - Failed results as previously >>>>>>described "sudo -u postfix -p -c spamassassin -D -t -C >>>>>>/etc/MailScanner/spamassassin.conf Testy.eml" - score 0 >>>>>> >>>>>>8: https://pastebin.com/PtC30M5U - Defaults file from MailScanner >>>>>> >>>>>> >>>>>>Hope this is enough to go forwards. As you can see i get >>>>>>different results for the same user, depending on whether i >>>>>>declare the mailscanner/spamassassin.conf file >>>>>> >>> >>>If you search for "user_prefs" in those 2 "spamassassin -D" runs you >>>will see that it's using 2 different preferences file. That is the >>>difference. Near the bottom of those runs you see that one is >>>hitting BAYES_* while the lower score is not. That's the difference >>>in the good scores. >>> >>>I would recommend removing the >>>/var/spool/postfix/.spamassassin/user_prefs file and maybe even the >>>entire .spamassassin dir to avoid any confusion. The MailScanner >>>service script should be starting as user root to read all of it's >>>configs then lowering it's privs by switching to the postfix user. >>> >>>In the bad run, something is trying to open >>>/etc/mail/spamassassin/MailScanner.cf. Does that exist with an >>>uppercase "M"? It's supposed to be "mailscanner.cf" in >>>/etc/mail/spamassassin all lowercase. >>> >>>You need to track down what is pointing to the MailScanner.cf with a >>>"grep -rl MailScanner.cf *" from / or something. >>> >>>These are two very different files but I think something is crossed >>>up in your configs: >>>/etc/mail/spamassassin/mailscanner.cf >>>/etc/MailScanner/MailScanner.conf >>> >>>-- David Jones >>> >>> >>>-- MailScanner mailing list >>>mailscanner at lists.mailscanner.info >>> >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> >> >> >> >>-- >>MailScanner mailing list >>mailscanner at lists.mailscanner.info >> >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> > > > >-- >Shawn Iverson, CETL >Director of Technology >Rush County Schools >765-932-3901 x1171 >iversons at rushville.k12.in.us > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner at barendse.to Mon Jun 11 09:37:08 2018 From: mailscanner at barendse.to (Remco Barendse) Date: Mon, 11 Jun 2018 11:37:08 +0200 (CEST) Subject: Block email faking to be from our domain but coming from outside? In-Reply-To: <92ffc23a-326d-a788-2ab9-929fc0680a3d@replies.cyways.com> References: <92ffc23a-326d-a788-2ab9-929fc0680a3d@replies.cyways.com> Message-ID: Thanks for your comments and help :) Tried the rules below but From:mydomain.com stops all inbound email with a relaying denied message even though i have mydomain.com in the mailertable. I tried adding : To:mydomain.com RELAY From:mydomain.com REJECT But then when i telnet to the mailserver it still says : MAIL FROM: 250 2.1.0 ... Sender ok Also, now have a simple line with ip of the exchange server and RELAY behind it, when i change that Connect:localip OK it doesn't relay mail anymore. I am missing something very obvious here? On Fri, 8 Jun 2018, Peter Lemieux wrote: > I find these problems more easily resolved at the SMTP level. I use sendmail > and its access.db mechanism for this task. My /etc/mail/access file permits > mail from localhost and specific local networks, then has a generic REJECT > rule for any other mail with From's spoofing my domain. Something like this: > > Connect:127.0.0.1 RELAY > Connect:10.10.10. RELAY > > From:mydomain.com REJECT > > [etc.] > > . REJECT > > You could replace 10.10.10. with the Exchange server's IP. > > I also manage a postfix server where we use a different method. In main.cf > we have > > smtpd_sender_restrictions = reject_unknown_sender_domain, > check_sender_access pcre:/etc/postfix/sender_access > > and the sender_access file contains > > # no mail from outsiders claiming to be us > /\.mydomain\.com$/ REJECT > > > See "man access" and http://www.postfix.org/SMTPD_ACCESS_README.html. > > Peter > > > On 06/08/2018 05:35 AM, Remco Barendse wrote: >> See more and more messages incoming with fraud attempts. The mail is >> constructed to look like from someone in our organization sent it and is >> addressed to people within the organization. >> >> Is there any way to block email with a sender that pretends to be coming >> from @myowndomain.com but coming from outside? >> >> I use Exchange and all real email is coming only from Exchange, never from >> outside. >> >> What would be the right way to do it? > > > From djones at ena.com Mon Jun 11 11:21:53 2018 From: djones at ena.com (David Jones) Date: Mon, 11 Jun 2018 06:21:53 -0500 Subject: Block email faking to be from our domain but coming from outside? In-Reply-To: References: <92ffc23a-326d-a788-2ab9-929fc0680a3d@replies.cyways.com> Message-ID: On 06/11/2018 04:37 AM, Remco Barendse wrote: > Thanks for your comments and help :) > > Tried the rules below but From:mydomain.com stops all inbound email with > a relaying denied message even though i have mydomain.com in the > mailertable. > > I tried adding : > To:mydomain.com??? RELAY > From:mydomain.com REJECT > > But then when i telnet to the mailserver it still says : > MAIL FROM: 250 2.1.0 ... > Sender ok > > Also, now have a simple line with ip of the exchange server and RELAY > behind it, when i change that Connect:localip???? OK > it doesn't relay mail anymore. > > I am missing something very obvious here? > > I don't recommend solving this problem this way if your MailScanner server is handling both inbound and outbound mail filtering for your domain. Tune your SA a bit to solve this and it will help improve your filtering accuracy overall. Make sure your SA trusted_networks and internal_networks are setup correctly for your network and mail flow and then use the ALL_TRUSTED rule hit in a meta rule to block the fake inbound emails from the Internet. shortcircuit ALL_TRUSTED off score ALL_TRUSTED -0.2 header __FROM_MYDOMAIN_COM From:addr =~ /\@mydomain\.com/i meta SPOOFED_MYDOMAIN !ALL_TRUSTED && __FROM_MYDOMAIN_COM score SPOOFED_MYDOMAIN 6.0 The From:addr above will be the visible From: header in the mail client that is protected by DMARC. If you are getting spoofed envelop-from domain that is protected by SPF, then you need to handle this a little differently. I recommend installing python-postfix-policyd-spf, opendkim, and opendmarc as milters in Postfix. Only run them on the smtpd_milters and not on the non_smtpd_milters with MailScanner. Then you will have extra headers to check in SA in local rules to better integrate SPF, DKIM, and DMARC into SA. -- David Jones From toby at rosecott.net Mon Jun 11 20:19:59 2018 From: toby at rosecott.net (Toby) Date: Mon, 11 Jun 2018 20:19:59 +0000 Subject: Mailscanner - Spamassassin Issue In-Reply-To: References: <77D992F1C0846DE7.9BB6FC06-791F-410B-B2ED-C600CC868663@mail.outlook.com> <4ae8f653-2621-7c77-8e37-396fb3381901@ena.com> <813c6a06-ebba-9165-05c4-d1704c324ea7@ena.com> Message-ID: Hi, i have come to the conclusion that there is something seriously wrong with this deployment of mailscanner. even though i can manually call spamassassin as the postfix user, using the mailscanner spamassassin config, and get successful result, when its all triggered as part of the mail route, its rubbish again. I timed the manual scan and it took 11 seconds to complete. in the mail log, the time between spam checks starting and completing is 3 seconds at best. blacklists are not working either, i have 4 email domains listed and am still getting emails from them. this may be because the system already had an installation of spamassassin installed originally is there a reliable way to remove all traces of mailscanner and spamassassin and start again (preferably without wiping the server which does dhcp and dns as well?) ------ Original Message ------ From: "Shawn Iverson" To: "MailScanner Discussion" Sent: 09/06/2018 08:42:20 Subject: Re: Re[2]: Mailscanner - Spamassassin Issue >Toby, > >Out of curiosity, what are these defined in your MailScanner.conf? > >SpamAssassin Local Rules Dir >SpamAssassin Local State Dir >SpamAssassin Default Rules Dir > > >On Fri, Jun 8, 2018 at 8:16 PM, Toby wrote: >>Hi, >> >>Thanks again for the work put in here, i have been looking at your >>reply :- >> >>1. I would recommend removing the >>/var/spool/postfix/.spamassassin/user_prefs file and maybe even the >>entire .spamassassin dir to avoid any confusion. The MailScanner >>service script should be starting as user root to read all of it's >>configs then lowering it's privs by switching to the postfix user. >> >>i did this, and the folder was just recreated when i ran the command. >>I tried copying the user files from the root/.spamassassin folder that >>is mentioned in the good scan, but this had no effect >> >>2. In the bad run, something is trying to open >>/etc/mail/spamassassin/MailScanner.cf. Does that exist with an >>uppercase "M"? It's supposed to be "mailscanner.cf" in >>/etc/mail/spamassassin all lowercase. >> >>i checked the file, and it did exist with the capitalisation, >>interestingly i renamed it and the result log changed as well, but >>this had no effect on the result, so i changed it back again. >> >>3. You need to track down what is pointing to the MailScanner.cf with >>a "grep -rl MailScanner.cf *" from / or something. >> These are two very different files but I think something is crossed >>up in your configs: >>/etc/mail/spamassassin/mailscanner.cf >>/etc/MailScanner/MailScanner.conf >> >>i have no idea how to do the grep thing, i'm a noob to linux, so i did >>nothing about this, i have a colleague who may help with this if needs >>be. >> >>So i was still no further forwards. i started comparing the results >>again, and noticed a difference in some lines above the user_prefs you >>mentioned. >> >> >>Jun 9 01:03:34.495 [27253] dbg: config: using >>"/etc/MailScanner/spamassassin.conf" for sys rules pre files >>Jun 9 01:03:34.496 [27253] dbg: config: read file >>/etc/MailScanner/spamassassin.conf >>Jun 9 01:03:34.496 [27253] dbg: config: using >>"/etc/MailScanner/spamassassin.conf" for default rules dir >>Jun 9 01:03:34.497 [27253] dbg: config: read file >>/etc/MailScanner/spamassassin.conf >>Jun 9 01:03:34.498 [27253] dbg: config: using "/etc/mail/spamassassin" >>for site rules dir >>Jun 9 01:03:34.499 [27253] dbg: config: read file >>/etc/mail/spamassassin/MailScanner.cf >>Jun 9 01:03:34.500 [27253] dbg: config: read file >>/etc/mail/spamassassin/local.cf >>Jun 9 01:03:34.500 [27253] dbg: config: using >>"/var/spool/postfix/.spamassassin" for user state dir >>Jun 9 01:03:34.501 [27253] dbg: config: using >>"/var/spool/postfix/.spamassassin/user_prefs" for user prefs file >>Jun 9 01:03:34.502 [27253] dbg: config: read file >>/var/spool/postfix/.spamassassin/user_prefs >> >> >> dbg: config: using "/var/lib/spamassassin/3.004001" for sys rules pre >>files >> dbg: config: using "/var/lib/spamassassin/3.004001" for default rules >>dir >> dbg: config: read file >>/var/lib/spamassassin/3.004001/updates_spamassassin_org.cf >> >> dbg: config: using "/etc/mail/spamassassin" for site rules dir >> dbg: config: read file /etc/mail/spamassassin/MailScanner.cf >> dbg: config: read file /etc/mail/spamassassin/local.cf >> >> dbg: config: using "/root/.spamassassin" for user state dir >> dbg: config: using "/root/.spamassassin/user_prefs" for user prefs >>file >> dbg: config: read file /root/.spamassassin/user_prefs >> >>This got me thinking and i found a load of NN_xxxxxxx.cf files in a >>folder beneath 3.004.001. i ended up copying these to the >>/etc/mail/Spamassassin folder. and now i have it working. >> >>i don't think this is the correct solution, but it will hopefully >>point to the correct solution. >> >>in the meantime thanks again for the help >> >> >> >>------ Original Message ------ >>From: "David Jones via MailScanner" >>>> >>To: mailscanner at lists.mailscanner.info >> >>Cc: "David Jones" >>Sent: 08/06/2018 22:32:48 >>Subject: Re: Mailscanner - Spamassassin Issue >> >>>On 06/08/2018 03:25 PM, Toby wrote: >>>>Apologies, all public now >>>> >>>>------ Original Message ------ >>>>From: "David Jones via MailScanner" >>>>>>>> >>>>To: mailscanner at lists.mailscanner.info >>>> >>>>Cc: "David Jones" >>>>Sent: 08/06/2018 20:45:20 >>>>Subject: Re: Mailscanner - Spamassassin Issue >>>> >>>>>On 06/08/2018 02:21 PM, Toby wrote: >>>>>>Hi, >>>>>> >>>>>>Thanks for the replies, and the efforts so far. >>>>>> >>>>>>I checked the MailScanner.Conf, and it using postfix as the user >>>>>>and group. >>>>>> >>>>>>i have created several pastebins:- >>>>>> >>>>>>1: https://pastebin.com/07HcxD72 - Mailscanner --Version >>>>>> >>>>>>2: https://pastebin.com/eh3XmfWb - MailScanner --lint >>>>>> >>>>>>3: https://pastebin.com/J6d8GBB4 - MailScanner.conf >>>>>> >>>>>>4: https://pastebin.com/XAjrPftG - Spamassassin.conf >>>>>> >>>>>>5: https://pastebin.com/BmTnp5SL - Best scan results acheived with >>>>>>"sudo -u root -p -c spamassassin -D -t Testy.eml" - Score 9 >>>>>> >>>>>>6: https://pastebin.com/dLi6QKjU - Successfull scan as described >>>>>>previously "sudo -u postfix -p -c spamassassin -D -t Testy.eml" - >>>>>>score 7.4 >>>>>> >>>>>>7: https://pastebin.com/yhwrbb2G - Failed results as previously >>>>>>described "sudo -u postfix -p -c spamassassin -D -t -C >>>>>>/etc/MailScanner/spamassassin.conf Testy.eml" - score 0 >>>>>> >>>>>>8: https://pastebin.com/PtC30M5U - Defaults file from MailScanner >>>>>> >>>>>> >>>>>>Hope this is enough to go forwards. As you can see i get >>>>>>different results for the same user, depending on whether i >>>>>>declare the mailscanner/spamassassin.conf file >>>>>> >>> >>>If you search for "user_prefs" in those 2 "spamassassin -D" runs you >>>will see that it's using 2 different preferences file. That is the >>>difference. Near the bottom of those runs you see that one is >>>hitting BAYES_* while the lower score is not. That's the difference >>>in the good scores. >>> >>>I would recommend removing the >>>/var/spool/postfix/.spamassassin/user_prefs file and maybe even the >>>entire .spamassassin dir to avoid any confusion. The MailScanner >>>service script should be starting as user root to read all of it's >>>configs then lowering it's privs by switching to the postfix user. >>> >>>In the bad run, something is trying to open >>>/etc/mail/spamassassin/MailScanner.cf. Does that exist with an >>>uppercase "M"? It's supposed to be "mailscanner.cf" in >>>/etc/mail/spamassassin all lowercase. >>> >>>You need to track down what is pointing to the MailScanner.cf with a >>>"grep -rl MailScanner.cf *" from / or something. >>> >>>These are two very different files but I think something is crossed >>>up in your configs: >>>/etc/mail/spamassassin/mailscanner.cf >>>/etc/MailScanner/MailScanner.conf >>> >>>-- David Jones >>> >>> >>>-- MailScanner mailing list >>>mailscanner at lists.mailscanner.info >>> >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> >> >> >> >>-- >>MailScanner mailing list >>mailscanner at lists.mailscanner.info >> >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> > > > >-- >Shawn Iverson, CETL >Director of Technology >Rush County Schools >765-932-3901 x1171 >iversons at rushville.k12.in.us > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner-list at okla.com Wed Jun 13 17:17:41 2018 From: mailscanner-list at okla.com (Tracy Greggs) Date: Wed, 13 Jun 2018 12:17:41 -0500 Subject: MailScanner/Postfix/OpenDKIM Message-ID: <006801d4033a$74d464d0$5e7d2e70$@okla.com> Anyone have a good guide on DKMI with Postfix/MailScanner? Thanks in advance J Tracy --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From djones at ena.com Wed Jun 13 17:23:03 2018 From: djones at ena.com (David Jones) Date: Wed, 13 Jun 2018 17:23:03 +0000 Subject: MailScanner/Postfix/OpenDKIM In-Reply-To: <006801d4033a$74d464d0$5e7d2e70$@okla.com> References: <006801d4033a$74d464d0$5e7d2e70$@okla.com> Message-ID: Search for "opendkim postfix" plus your OS version. You might want to install iredmail in a VM and see how it does opendkim, policyd-spf, and opendmarc as working Postfix configs. ________________________________ From: MailScanner on behalf of Tracy Greggs Sent: Wednesday, June 13, 2018 12:17 PM To: 'MailScanner Discussion' Subject: MailScanner/Postfix/OpenDKIM Anyone have a good guide on DKMI with Postfix/MailScanner? Thanks in advance :) Tracy [https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif] Virus-free. www.avast.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner-list at okla.com Wed Jun 13 18:36:52 2018 From: mailscanner-list at okla.com (Tracy Greggs) Date: Wed, 13 Jun 2018 13:36:52 -0500 Subject: MailScanner/Postfix/OpenDKIM In-Reply-To: References: <006801d4033a$74d464d0$5e7d2e70$@okla.com> Message-ID: <008701d40345$84b57be0$8e2073a0$@okla.com> I have OpenDKIM is working fine with postfix, no errors, no issues at all, emails are signed and tests fine with valid signature. Enable mailscanner and dkim signature becomes invalid. I would imagine others on the list have encountered this before. I assume it is mailscanner adding headers and/or default signature that is this issue. Policyd-spf is working fine. Opendmarc is next after success with opendkim. And it is on a Centos 7.5 VM. Thanks From: MailScanner [mailto:mailscanner-bounces+mailscanner-list=okla.com at lists.mailscanner.info ] On Behalf Of David Jones via MailScanner Sent: Wednesday, June 13, 2018 12:23 PM To: 'MailScanner Discussion' Cc: David Jones Subject: Re: MailScanner/Postfix/OpenDKIM Search for "opendkim postfix" plus your OS version. You might want to install iredmail in a VM and see how it does opendkim, policyd-spf, and opendmarc as working Postfix configs. _____ From: MailScanner on behalf of Tracy Greggs Sent: Wednesday, June 13, 2018 12:17 PM To: 'MailScanner Discussion' Subject: MailScanner/Postfix/OpenDKIM Anyone have a good guide on DKMI with Postfix/MailScanner? Thanks in advance J Tracy Virus-free. www.avast.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Wed Jun 13 18:56:19 2018 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 13 Jun 2018 11:56:19 -0700 Subject: MailScanner/Postfix/OpenDKIM In-Reply-To: <008701d40345$84b57be0$8e2073a0$@okla.com> References: <006801d4033a$74d464d0$5e7d2e70$@okla.com> <008701d40345$84b57be0$8e2073a0$@okla.com> Message-ID: On 06/13/2018 11:36 AM, Tracy Greggs wrote: > I have OpenDKIM is working fine with postfix, no errors, no issues at > all, emails are signed and tests fine with valid signature.? Enable > mailscanner and dkim signature becomes invalid. MailScanner is scanning outgoing mail after Postfix/openDKIM is signing it. Mailscanner's added headers and ?? are breaking the DKIM sig. This has been discussed on this list before. A recent thread is at . Another answer is at , and another thread at . -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mailscanner-list at okla.com Wed Jun 13 19:34:55 2018 From: mailscanner-list at okla.com (Tracy Greggs) Date: Wed, 13 Jun 2018 14:34:55 -0500 Subject: MailScanner/Postfix/OpenDKIM In-Reply-To: References: <006801d4033a$74d464d0$5e7d2e70$@okla.com> <008701d40345$84b57be0$8e2073a0$@okla.com> Message-ID: <00af01d4034d$9f4a7890$dddf69b0$@okla.com> OK, a couple of settings in MailScanner.conf Multiple Headers = add Place New Headers At Top Of Message = yes My bad for not properly reviewing the conf Working perfectly, sorry for the lame list email :) T -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+mailscanner-list=okla.com at lists.mailscanner.info] On Behalf Of Mark Sapiro Sent: Wednesday, June 13, 2018 1:56 PM To: mailscanner at lists.mailscanner.info Subject: Re: MailScanner/Postfix/OpenDKIM On 06/13/2018 11:36 AM, Tracy Greggs wrote: > I have OpenDKIM is working fine with postfix, no errors, no issues at > all, emails are signed and tests fine with valid signature. Enable > mailscanner and dkim signature becomes invalid. MailScanner is scanning outgoing mail after Postfix/openDKIM is signing it. Mailscanner's added headers and ?? are breaking the DKIM sig. This has been discussed on this list before. A recent thread is at . Another answer is at , and another thread at . -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mmgomess at gmail.com Fri Jun 15 11:45:49 2018 From: mmgomess at gmail.com (Marcelo Machado) Date: Fri, 15 Jun 2018 08:45:49 -0300 Subject: New feature request. Message-ID: Hi everyone. I would like to request a new feature. When MailScanner identifies a phishing it converts the suspicious link in text so that the user does not click on it by mistake. Sorry my english. Marcelo Gomes From iversons at rushville.k12.in.us Tue Jun 19 18:52:25 2018 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Tue, 19 Jun 2018 14:52:25 -0400 Subject: Mailscanner - Spamassassin Issue In-Reply-To: References: <77D992F1C0846DE7.9BB6FC06-791F-410B-B2ED-C600CC868663@mail.outlook.com> <4ae8f653-2621-7c77-8e37-396fb3381901@ena.com> <813c6a06-ebba-9165-05c4-d1704c324ea7@ena.com> Message-ID: Toby, You can view the install.sh script to get an idea, but MailScanner isn't just the MailScanner rpm (which is unlikely to be the issue, anyways), it is the literally dozens of perl modules and various binaries that are used with MailSCanner. You could in theory, remove them all, but I am unsure it would be a fruitful effort. On Mon, Jun 11, 2018 at 4:19 PM, Toby wrote: > Hi, > > i have come to the conclusion that there is something seriously wrong with > this deployment of mailscanner. > > even though i can manually call spamassassin as the postfix user, using > the mailscanner spamassassin config, and get successful result, when its > all triggered as part of the mail route, its rubbish again. > > I timed the manual scan and it took 11 seconds to complete. in the mail > log, the time between spam checks starting and completing is 3 seconds at > best. > > blacklists are not working either, i have 4 email domains listed and am > still getting emails from them. > > this may be because the system already had an installation of spamassassin > installed originally > > is there a reliable way to remove all traces of mailscanner and > spamassassin and start again (preferably without wiping the server which > does dhcp and dns as well?) > > > > > ------ Original Message ------ > From: "Shawn Iverson" > To: "MailScanner Discussion" > Sent: 09/06/2018 08:42:20 > Subject: Re: Re[2]: Mailscanner - Spamassassin Issue > > Toby, > > Out of curiosity, what are these defined in your MailScanner.conf? > > SpamAssassin Local Rules Dir > SpamAssassin Local State Dir > SpamAssassin Default Rules Dir > > > On Fri, Jun 8, 2018 at 8:16 PM, Toby wrote: > >> Hi, >> >> Thanks again for the work put in here, i have been looking at your reply >> :- >> >> 1. I would recommend removing the /var/spool/postfix/.spamassassin/user_prefs >> file and maybe even the entire .spamassassin dir to avoid any confusion. >> The MailScanner service script should be starting as user root to read all >> of it's configs then lowering it's privs by switching to the postfix user. >> >> i did this, and the folder was just recreated when i ran the command. I >> tried copying the user files from the root/.spamassassin folder that is >> mentioned in the good scan, but this had no effect >> >> 2. In the bad run, something is trying to open >> /etc/mail/spamassassin/MailScanner.cf. Does that exist with an uppercase >> "M"? It's supposed to be "mailscanner.cf" in /etc/mail/spamassassin all >> lowercase. >> >> i checked the file, and it did exist with the capitalisation, >> interestingly i renamed it and the result log changed as well, but this had >> no effect on the result, so i changed it back again. >> >> 3. You need to track down what is pointing to the MailScanner.cf with a >> "grep -rl MailScanner.cf *" from / or something. >> These are two very different files but I think something is crossed up >> in your configs: >> /etc/mail/spamassassin/mailscanner.cf >> /etc/MailScanner/MailScanner.conf >> >> i have no idea how to do the grep thing, i'm a noob to linux, so i did >> nothing about this, i have a colleague who may help with this if needs be. >> >> So i was still no further forwards. i started comparing the results >> again, and noticed a difference in some lines above the user_prefs you >> mentioned. >> >> >> *Jun 9 01:03:34.495 [27253] dbg: config: using >> "/etc/MailScanner/spamassassin.conf" for sys rules pre files* >> *Jun 9 01:03:34.496 [27253] dbg: config: read file >> /etc/MailScanner/spamassassin.conf* >> *Jun 9 01:03:34.496 [27253] dbg: config: using >> "/etc/MailScanner/spamassassin.conf" for default rules dir* >> *Jun 9 01:03:34.497 [27253] dbg: config: read file >> /etc/MailScanner/spamassassin.conf* >> Jun 9 01:03:34.498 [27253] dbg: config: using "/etc/mail/spamassassin" >> for site rules dir >> Jun 9 01:03:34.499 [27253] dbg: config: read file >> /etc/mail/spamassassin/MailScanner.cf >> Jun 9 01:03:34.500 [27253] dbg: config: read file /etc/mail/spamassassin/ >> local.cf >> Jun 9 01:03:34.500 [27253] dbg: config: using >> "/var/spool/postfix/.spamassassin" for user state dir >> Jun 9 01:03:34.501 [27253] dbg: config: using >> "/var/spool/postfix/.spamassassin/user_prefs" for user prefs file >> Jun 9 01:03:34.502 [27253] dbg: config: read file >> /var/spool/postfix/.spamassassin/user_prefs >> >> >> *dbg: config: using "/var/lib/spamassassin/3.004001" for sys rules pre >> files* >> * dbg: config: using "/var/lib/spamassassin/3.004001" for default rules >> dir* >> * dbg: config: read file >> /var/lib/spamassassin/3.004001/updates_spamassassin_org.cf >> * >> dbg: config: using "/etc/mail/spamassassin" for site rules dir >> dbg: config: read file /etc/mail/spamassassin/MailScanner.cf >> dbg: config: read file /etc/mail/spamassassin/local.cf >> dbg: config: using "/root/.spamassassin" for user state dir >> dbg: config: using "/root/.spamassassin/user_prefs" for user prefs file >> dbg: config: read file /root/.spamassassin/user_prefs >> >> This got me thinking and i found a load of NN_xxxxxxx.cf files in a >> folder beneath 3.004.001. i ended up copying these to the >> /etc/mail/Spamassassin folder. and now i have it working. >> >> i don't think this is the correct solution, but it will hopefully point >> to the correct solution. >> >> in the meantime thanks again for the help >> >> >> >> ------ Original Message ------ >> From: "David Jones via MailScanner" >> To: mailscanner at lists.mailscanner.info >> Cc: "David Jones" >> Sent: 08/06/2018 22:32:48 >> Subject: Re: Mailscanner - Spamassassin Issue >> >> On 06/08/2018 03:25 PM, Toby wrote: >> >> Apologies, all public now >> >> ------ Original Message ------ >> From: "David Jones via MailScanner" >> To: mailscanner at lists.mailscanner.info >> Cc: "David Jones" >> Sent: 08/06/2018 20:45:20 >> Subject: Re: Mailscanner - Spamassassin Issue >> >> >> On 06/08/2018 02:21 PM, Toby wrote: >> >> Hi, >> >> Thanks for the replies, and the efforts so far. >> >> I checked the MailScanner.Conf, and it using postfix as the user and >> group. >> >> i have created several pastebins:- >> >> 1: https://pastebin.com/07HcxD72 - Mailscanner --Version >> >> 2: https://pastebin.com/eh3XmfWb - MailScanner --lint >> >> 3: https://pastebin.com/J6d8GBB4 - MailScanner.conf >> >> 4: https://pastebin.com/XAjrPftG - Spamassassin.conf >> >> 5: https://pastebin.com/BmTnp5SL - Best scan results acheived with "sudo >> -u root -p -c spamassassin -D -t Testy.eml" - Score 9 >> >> 6: https://pastebin.com/dLi6QKjU - Successfull scan as described >> previously "sudo -u postfix -p -c spamassassin -D -t Testy.eml" - score 7.4 >> >> 7: https://pastebin.com/yhwrbb2G - Failed results as previously >> described "sudo -u postfix -p -c spamassassin -D -t -C >> /etc/MailScanner/spamassassin.conf Testy.eml" - score 0 >> >> 8: https://pastebin.com/PtC30M5U - Defaults file from MailScanner >> >> >> Hope this is enough to go forwards. As you can see i get different >> results for the same user, depending on whether i declare the >> mailscanner/spamassassin.conf file >> >> >> >> If you search for "user_prefs" in those 2 "spamassassin -D" runs you will >> see that it's using 2 different preferences file. That is the difference. >> Near the bottom of those runs you see that one is hitting BAYES_* while the >> lower score is not. That's the difference in the good scores. >> >> I would recommend removing the /var/spool/postfix/.spamassassin/user_prefs >> file and maybe even the entire .spamassassin dir to avoid any confusion. >> The MailScanner service script should be starting as user root to read all >> of it's configs then lowering it's privs by switching to the postfix user. >> >> In the bad run, something is trying to open /etc/mail/spamassassin/MailSca >> nner.cf. Does that exist with an uppercase "M"? It's supposed to be " >> mailscanner.cf" in /etc/mail/spamassassin all lowercase. >> >> You need to track down what is pointing to the MailScanner.cf with a >> "grep -rl MailScanner.cf *" from / or something. >> >> These are two very different files but I think something is crossed up in >> your configs: >> /etc/mail/spamassassin/mailscanner.cf >> /etc/MailScanner/MailScanner.conf >> >> -- David Jones >> >> >> -- MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> > > > -- > Shawn Iverson, CETL > Director of Technology > Rush County Schools > 765-932-3901 x1171 > iversons at rushville.k12.in.us > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Tue Jun 19 18:53:04 2018 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Tue, 19 Jun 2018 14:53:04 -0400 Subject: New feature request. In-Reply-To: References: Message-ID: Marcelo, Added this to the Issue list on Github for you as a feature request. On Fri, Jun 15, 2018 at 7:45 AM, Marcelo Machado wrote: > Hi everyone. > > I would like to request a new feature. > > When MailScanner identifies a phishing it converts the suspicious link > in text so that the user does not click on it by mistake. > > Sorry my english. > > Marcelo Gomes > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmgomess at gmail.com Tue Jun 19 20:02:26 2018 From: mmgomess at gmail.com (Marcelo Machado) Date: Tue, 19 Jun 2018 17:02:26 -0300 Subject: New feature request. In-Reply-To: References: Message-ID: Thanks Shawn Marcelo Gomes Em ter, 19 de jun de 2018 ?s 15:53, Shawn Iverson < iversons at rushville.k12.in.us> escreveu: > Marcelo, > > Added this to the Issue list on Github for you as a feature request. > > > > On Fri, Jun 15, 2018 at 7:45 AM, Marcelo Machado > wrote: > >> Hi everyone. >> >> I would like to request a new feature. >> >> When MailScanner identifies a phishing it converts the suspicious link >> in text so that the user does not click on it by mistake. >> >> Sorry my english. >> >> Marcelo Gomes >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > > -- > Shawn Iverson, CETL > Director of Technology > Rush County Schools > 765-932-3901 x1171 > iversons at rushville.k12.in.us > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Wed Jun 20 00:37:05 2018 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 19 Jun 2018 20:37:05 -0400 Subject: MailScanner v5.0.7-4 Release Message-ID: <03c101d4082e$d055f8c0$7101ea40$@mailborder.com> Thanks again to Shawn Iverson for releasing a new version available for download now. https://www.mailscanner.info/downloads/ -- Jerry Benton www.mailborder.com +1 (843) 800-8605 +44 (020) 3883-8605 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5530 bytes Desc: not available URL: From toby at rosecott.net Wed Jun 20 07:19:36 2018 From: toby at rosecott.net (Toby Widdows) Date: Wed, 20 Jun 2018 07:19:36 +0000 (UTC) Subject: Mailscanner - Spamassassin Issue In-Reply-To: References: <77D992F1C0846DE7.9BB6FC06-791F-410B-B2ED-C600CC868663@mail.outlook.com> <4ae8f653-2621-7c77-8e37-396fb3381901@ena.com> <813c6a06-ebba-9165-05c4-d1704c324ea7@ena.com> Message-ID: <77D992F1C0846DE7.B3B21DC3-73A6-434B-8945-CD436BED3322@mail.outlook.com> Hi, I am in the process of moving he shop and DNS off the mail server, then I can wipe and reload, hopefully a clean system will solve the issues. The one I am using at the moment has several attempts at different things including a previous spam assassin attempt Thanks to you all who tried to help to resolve my mess. Regards Toby Widdows On Tue, Jun 19, 2018 at 7:53 PM +0100, "Shawn Iverson" wrote: Toby, You can view the install.sh script to get an idea, but MailScanner isn't just the MailScanner rpm (which is unlikely to be the issue, anyways), it is the literally dozens of perl modules and various binaries that are used with MailSCanner.? You could in theory, remove them all, but I am unsure it would be a fruitful effort. On Mon, Jun 11, 2018 at 4:19 PM, Toby wrote: Hi, i have come to the conclusion that there is something seriously wrong with this deployment of mailscanner. even though i can manually call spamassassin as the postfix user, using the mailscanner spamassassin config, and get successful result, when its all triggered as part of the mail route, its rubbish again.? I timed the manual scan and it took 11 seconds to complete. ?in the mail log, the time between spam checks starting and completing is 3 seconds at best. blacklists are not working either, i have 4 email domains listed and am still getting emails from them. this may be because the system already had an installation of spamassassin installed originally is there a reliable way to remove all traces of mailscanner and spamassassin and start again (preferably without wiping the server which does dhcp and dns as well?) ------ Original Message ------ From: "Shawn Iverson" To: "MailScanner Discussion" Sent: 09/06/2018 08:42:20 Subject: Re: Re[2]: Mailscanner - Spamassassin Issue Toby, Out of curiosity, what are these defined in your MailScanner.conf? SpamAssassin Local Rules DirSpamAssassin Local State Dir SpamAssassin Default Rules Dir On Fri, Jun 8, 2018 at 8:16 PM, Toby wrote: Hi, Thanks again for the work put in here, i have been looking at your reply :- 1. ? ?I would recommend removing the /var/spool/postfix/.spamassassin/user_prefs file and maybe even the entire .spamassassin dir to avoid any confusion. The MailScanner service script should be starting as user root to read all of it's configs then lowering it's privs by switching to the postfix user. i did this, and the folder was just recreated when i ran the command.? I tried copying the user files from the root/.spamassassin folder that is mentioned in the good scan, but this had no effect 2. In the bad run, something is trying to open /etc/mail/spamassassin/MailScanner.cf. Does that exist with an uppercase "M"? It's supposed to be "mailscanner.cf" in /etc/mail/spamassassin all lowercase. i checked the file, and it did exist with the capitalisation, interestingly i renamed it and the result log changed as well, but this had no effect on the result, so i changed it back again. 3. You need to track down what is pointing to the MailScanner.cf with a "grep -rl MailScanner.cf *" from / or something.?These are two very different files but I think something is crossed up in your configs:/etc/mail/spamassassin/mailscanner.cf/etc/MailScanner/MailScanner.conf i have no idea how to do the grep thing, i'm a noob to linux, so i did nothing about this, i have a colleague who may help with this if needs be. So i was still no further forwards. ?i started comparing the results again, and noticed a difference in some lines above the user_prefs you mentioned. Jun 9 01:03:34.495 [27253] dbg: config: using "/etc/MailScanner/spamassassin.conf" for sys rules pre filesJun 9 01:03:34.496 [27253] dbg: config: read file /etc/MailScanner/spamassassin.confJun 9 01:03:34.496 [27253] dbg: config: using "/etc/MailScanner/spamassassin.conf" for default rules dirJun 9 01:03:34.497 [27253] dbg: config: read file /etc/MailScanner/spamassassin.confJun 9 01:03:34.498 [27253] dbg: config: using "/etc/mail/spamassassin" for site rules dirJun 9 01:03:34.499 [27253] dbg: config: read file /etc/mail/spamassassin/MailScanner.cfJun 9 01:03:34.500 [27253] dbg: config: read file /etc/mail/spamassassin/local.cfJun 9 01:03:34.500 [27253] dbg: config: using "/var/spool/postfix/.spamassassin" for user state dirJun 9 01:03:34.501 [27253] dbg: config: using "/var/spool/postfix/.spamassassin/user_prefs" for user prefs fileJun 9 01:03:34.502 [27253] dbg: config: read file /var/spool/postfix/.spamassassin/user_prefs ?dbg: config: using "/var/lib/spamassassin/3.004001" for sys rules pre files?dbg: config: using "/var/lib/spamassassin/3.004001" for default rules dir?dbg: config: read file /var/lib/spamassassin/3.004001/updates_spamassassin_org.cf?dbg: config: using "/etc/mail/spamassassin" for site rules dir?dbg: config: read file /etc/mail/spamassassin/MailScanner.cf?dbg: config: read file /etc/mail/spamassassin/local.cf?dbg: config: using "/root/.spamassassin" for user state dir?dbg: config: using "/root/.spamassassin/user_prefs" for user prefs file?dbg: config: read file /root/.spamassassin/user_prefs This got me thinking and i found a load of NN_xxxxxxx.cf files in a folder beneath 3.004.001. ?i ended up copying these to the /etc/mail/Spamassassin folder. ?and now i have it working. i don't think this is the correct solution, but it will hopefully point to the correct solution. in the meantime thanks again for the help ------ Original Message ------ From: "David Jones via MailScanner" To: mailscanner at lists.mailscanner.info Cc: "David Jones" Sent: 08/06/2018 22:32:48 Subject: Re: Mailscanner - Spamassassin Issue On 06/08/2018 03:25 PM, Toby wrote: Apologies, all public now ? ------ Original Message ------ From: "David Jones via MailScanner" To: mailscanner at lists.mailscanner.info Cc: "David Jones" Sent: 08/06/2018 20:45:20 Subject: Re: Mailscanner - Spamassassin Issue ? On 06/08/2018 02:21 PM, Toby wrote: Hi, ? Thanks for the replies, and the efforts so far. ? I checked the MailScanner.Conf, and it using postfix as the user and group. ? i have created several pastebins:- ? 1: https://pastebin.com/07HcxD72 - Mailscanner --Version ? 2: https://pastebin.com/eh3XmfWb - MailScanner --lint ? 3: https://pastebin.com/J6d8GBB4 - MailScanner.conf ? 4: https://pastebin.com/XAjrPftG - Spamassassin.conf ? 5: https://pastebin.com/BmTnp5SL - Best scan results acheived with "sudo -u root -p -c spamassassin -D -t Testy.eml" - Score 9 ? 6: https://pastebin.com/dLi6QKjU - Successfull scan as described previously? "sudo -u postfix -p -c spamassassin -D -t Testy.eml" - score 7.4 ? 7: https://pastebin.com/yhwrbb2G - Failed results as previously described "sudo -u postfix -p -c spamassassin -D -t -C /etc/MailScanner/spamassassin.conf Testy.eml" - score 0 ? 8: https://pastebin.com/PtC30M5U - Defaults file from MailScanner ? ? Hope this is enough to go forwards.? As you can see i get different results for the same user, depending on whether i declare the mailscanner/spamassassin.conf file ? ? If you search for "user_prefs" in those 2 "spamassassin -D" runs you will see that it's using 2 different preferences file.? That is the difference.? Near the bottom of those runs you see that one is hitting BAYES_* while the lower score is not.? That's the difference in the good scores. ? I would recommend removing the /var/spool/postfix/.spamassassin/user_prefs file and maybe even the entire .spamassassin dir to avoid any confusion.? The MailScanner service script should be starting as user root to read all of it's configs then lowering it's privs by switching to the postfix user. ? In the bad run, something is trying to open /etc/mail/spamassassin/MailScanner.cf.? Does that exist with an uppercase "M"?? It's supposed to be "mailscanner.cf" in /etc/mail/spamassassin all lowercase. ? You need to track down what is pointing to the MailScanner.cf with a "grep -rl MailScanner.cf *" from / or something. ? These are two very different files but I think something is crossed up in your configs: /etc/mail/spamassassin/mailscanner.cf /etc/MailScanner/MailScanner.conf ? -- David Jones ? ? -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner ? -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETLDirector of TechnologyRush County Schools765-932-3901 x1171iversons at rushville.k12.in.us -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETLDirector of TechnologyRush County Schools765-932-3901 x1171iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From Eoin.Kim at rcst.com.au Mon Jun 25 06:11:29 2018 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Mon, 25 Jun 2018 06:11:29 +0000 Subject: SpamAssassin install failed on Debian Stretch Message-ID: <1a3e656b193647359b328f74c329f541@rcst.com.au> Hi all, I am not sure if this is the correct behaviour or not but it looks like SpamAssassin installation fails on Debian Stretch during MailScanner installation. I ran the following command to install MailScanner: ./install.sh --MTA=postfix --installClamav=Y --installCPAN=Y --ignoreDeps=N --ramdiskSize=0 Things were going well and I could read the message below during the install: Building and testing Mail-SpamAssassin-3.004001 ... ! Installing Mail::SpamAssassin failed. See /root/.cpanm/work/1529900078.18195/build.log for details. Retry with --force to force install it. When I looked at the file, it says like below: cd spamc /usr/bin/perl version.h.pl Makefile:1792: recipe for target 'spamc/Makefile' failed make: *** [spamc/Makefile] Error 2 -> FAIL Installing Mail::SpamAssassin failed. See /root/.cpanm/work/1529900078.18195/build.log for details. Retry with --force to force install it. I just waited until the installation finished, and strange enough, I could see the message below: Mail::SpamAssassin => OK I am now confused. How should I interpret this? Are there anyone having the same issue? I would appreciate any helps. Thanks a lot. Eoin Kim Systems Administrator RCS Telecommunications Level 1 - The Annexe, 133 Mary Street Brisbane, QLD, 4000, Australia Office: 07 3228 0843 Mobile: 0419 726 231 Email: eoin.kim at rcst.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: From Eoin.Kim at rcst.com.au Mon Jun 25 21:40:01 2018 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Mon, 25 Jun 2018 21:40:01 +0000 Subject: SpamAssassin install failed on Debian Stretch In-Reply-To: <1a3e656b193647359b328f74c329f541@rcst.com.au> References: <1a3e656b193647359b328f74c329f541@rcst.com.au> Message-ID: Hi again, Okay, I think I found the reason for this but I need help regarding this issue. It looks like the current source code is not working with Debian due to security reasons like below: http://spamassassin.1065346.n5.nabble.com/Bug-7367-New-spamc-configure-pl-Can-t-exec-version-h-pl-No-such-file-or-directory-at-spamc-configure-td123231.html So, the patch is already out there: https://svn.apache.org/viewvc?view=revision&revision=1782717 I believe the patch should be applied and compiled manually. If so, I guess install.sh command that I used below is not going to work, isn't it? It should somehow skip the automatic installation of SpamAssassin, which means I should modify install.sh script. Are there any ways to run the installation of patched SpamAssassin without altering the install.sh script (I believe not)? Thanks again. Eoin From: Eoin Kim Sent: Monday, 25 June 2018 4:11 PM To: MailScanner Discussion Subject: SpamAssassin install failed on Debian Stretch Hi all, I am not sure if this is the correct behaviour or not but it looks like SpamAssassin installation fails on Debian Stretch during MailScanner installation. I ran the following command to install MailScanner: ./install.sh --MTA=postfix --installClamav=Y --installCPAN=Y --ignoreDeps=N --ramdiskSize=0 Things were going well and I could read the message below during the install: Building and testing Mail-SpamAssassin-3.004001 ... ! Installing Mail::SpamAssassin failed. See /root/.cpanm/work/1529900078.18195/build.log for details. Retry with --force to force install it. When I looked at the file, it says like below: cd spamc /usr/bin/perl version.h.pl Makefile:1792: recipe for target 'spamc/Makefile' failed make: *** [spamc/Makefile] Error 2 -> FAIL Installing Mail::SpamAssassin failed. See /root/.cpanm/work/1529900078.18195/build.log for details. Retry with --force to force install it. I just waited until the installation finished, and strange enough, I could see the message below: Mail::SpamAssassin => OK I am now confused. How should I interpret this? Are there anyone having the same issue? I would appreciate any helps. Thanks a lot. Eoin Kim Systems Administrator RCS Telecommunications Level 1 - The Annexe, 133 Mary Street Brisbane, QLD, 4000, Australia Office: 07 3228 0843 Mobile: 0419 726 231 Email: eoin.kim at rcst.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: From Eoin.Kim at rcst.com.au Mon Jun 25 23:33:10 2018 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Mon, 25 Jun 2018 23:33:10 +0000 Subject: SpamAssassin install failed on Debian Stretch In-Reply-To: References: <1a3e656b193647359b328f74c329f541@rcst.com.au> Message-ID: Hello, As a workaround, I commented out the line below in /etc/perl/sitecustomize.pl file: pop @INC if $INC[-1] eq '.' and !$ENV{PERL_USE_UNSAFE_INC}; And ran the install.sh script and it worked. SpamAssassin test failed but installation worked. --> Working on Mail::SpamAssassin Fetching http://www.cpan.org/authors/id/K/KM/KMCGRAIL/SpamAssassin/Mail-SpamAssassin-3.4.1.tar.gz ... OK Configuring Mail-SpamAssassin-3.004001 ... OK Building and testing Mail-SpamAssassin-3.004001 ... ! Testing Mail-SpamAssassin-3.004001 failed but installing it anyway. FAIL Successfully installed Mail-SpamAssassin-3.004001 1 distribution installed So, now I may have to revert the setting back. Thanks guys. Eoin From: Eoin Kim Sent: Tuesday, 26 June 2018 7:40 AM To: 'MailScanner Discussion' Subject: RE: SpamAssassin install failed on Debian Stretch Hi again, Okay, I think I found the reason for this but I need help regarding this issue. It looks like the current source code is not working with Debian due to security reasons like below: http://spamassassin.1065346.n5.nabble.com/Bug-7367-New-spamc-configure-pl-Can-t-exec-version-h-pl-No-such-file-or-directory-at-spamc-configure-td123231.html So, the patch is already out there: https://svn.apache.org/viewvc?view=revision&revision=1782717 I believe the patch should be applied and compiled manually. If so, I guess install.sh command that I used below is not going to work, isn't it? It should somehow skip the automatic installation of SpamAssassin, which means I should modify install.sh script. Are there any ways to run the installation of patched SpamAssassin without altering the install.sh script (I believe not)? Thanks again. Eoin From: Eoin Kim Sent: Monday, 25 June 2018 4:11 PM To: MailScanner Discussion > Subject: SpamAssassin install failed on Debian Stretch Hi all, I am not sure if this is the correct behaviour or not but it looks like SpamAssassin installation fails on Debian Stretch during MailScanner installation. I ran the following command to install MailScanner: ./install.sh --MTA=postfix --installClamav=Y --installCPAN=Y --ignoreDeps=N --ramdiskSize=0 Things were going well and I could read the message below during the install: Building and testing Mail-SpamAssassin-3.004001 ... ! Installing Mail::SpamAssassin failed. See /root/.cpanm/work/1529900078.18195/build.log for details. Retry with --force to force install it. When I looked at the file, it says like below: cd spamc /usr/bin/perl version.h.pl Makefile:1792: recipe for target 'spamc/Makefile' failed make: *** [spamc/Makefile] Error 2 -> FAIL Installing Mail::SpamAssassin failed. See /root/.cpanm/work/1529900078.18195/build.log for details. Retry with --force to force install it. I just waited until the installation finished, and strange enough, I could see the message below: Mail::SpamAssassin => OK I am now confused. How should I interpret this? Are there anyone having the same issue? I would appreciate any helps. Thanks a lot. Eoin Kim Systems Administrator RCS Telecommunications Level 1 - The Annexe, 133 Mary Street Brisbane, QLD, 4000, Australia Office: 07 3228 0843 Mobile: 0419 726 231 Email: eoin.kim at rcst.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: From Eoin.Kim at rcst.com.au Tue Jun 26 05:13:44 2018 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Tue, 26 Jun 2018 05:13:44 +0000 Subject: [Question] Email flow when using with milter Message-ID: <77d972acee7541afbd2fdbbd2e84bb15@rcst.com.au> Hi all, I'd like to ask a question regarding email flow on the MailScanner. So, if I understood correctly, the below is what's happening (briefly): 1. Server receives an email and goes to hold queue (/^Received:/ HOLD). 2. MailScanner works on the message with SpamAssassin and ClamAV. Depending on the result, message can go either incoming queue or quarantine. 3. Postfix sends out the message from incoming queue. Am I following it? Please correct me if I am wrong. If I am correct, I'd like to ask more questions. I found there are few milters and I am particularly interested in spamass-milter and clamav-milter. Now, the questions are: 1. The very first question is, I remember MailScanner doesn't have built-in milter, correct? 2. Is having multiple milters on the system helpful? 3. Are they all before-queue milters? If so, what is the email flow? Just more operations in the hold queue? 4. If they are not before-queue milters, what is the email flow? Just more operations in the hold queue? Apologies for flooding questions today but I need to hurry up a bit. Thanks a lot. Eoin Kim Systems Administrator RCS Telecommunications Level 1 - The Annexe, 133 Mary Street Brisbane, QLD, 4000, Australia Office: 07 3228 0843 Mobile: 0419 726 231 Email: eoin.kim at rcst.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Tue Jun 26 06:17:17 2018 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 25 Jun 2018 23:17:17 -0700 Subject: [Question] Email flow when using with milter In-Reply-To: <77d972acee7541afbd2fdbbd2e84bb15@rcst.com.au> References: <77d972acee7541afbd2fdbbd2e84bb15@rcst.com.au> Message-ID: <7995ff28-905e-ea4b-6396-5e1622054269@msapiro.net> On 6/25/18 10:13 PM, Eoin Kim wrote: > > I?d like to ask a question regarding email flow on the MailScanner. So, > if I understood correctly, the below is what?s happening (briefly): > > 1. Server receives an email and goes to hold queue (/^Received:/ HOLD). > 2. MailScanner works on the message with SpamAssassin and ClamAV. > Depending on the result, message can go either incoming queue or > quarantine. > 3. Postfix sends out the message from incoming queue. Correct, but MailScanner does more than just ClamAV and Spamassassin. > Am I following it? Please correct me if I am wrong. If I am correct, I?d > like to ask more questions. I found there are few milters and I am > particularly interested in spamass-milter and clamav-milter. Now, the > questions are: > > 1. The very first question is, I remember MailScanner doesn?t have > built-in milter, correct? Yes. > 2. Is having multiple milters on the system helpful? If they do what you want and don't duplicate effort. > 3. Are they all before-queue milters? If so, what is the email flow? > Just more operations in the hold queue? They operate before the hold queue during incoming SMTP. The plus side is they can reject the mail at incoming SMTP which avoids the possibility of sending notices to a spoofed sender. The minus is if a milter rejects the mail, No one, including MailScanner sees it and no MailScanner rules about forwarding, quarantining, etc. can be done. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From Eoin.Kim at rcst.com.au Tue Jun 26 07:24:31 2018 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Tue, 26 Jun 2018 07:24:31 +0000 Subject: [Question] Email flow when using with milter In-Reply-To: <7995ff28-905e-ea4b-6396-5e1622054269@msapiro.net> References: <77d972acee7541afbd2fdbbd2e84bb15@rcst.com.au> <7995ff28-905e-ea4b-6396-5e1622054269@msapiro.net> Message-ID: Thanks Mark, So, if I interpret your comment in my own way, if the milter rejects the message, no one (both sender and receiver) will know about what happened to the message. Am I following you? If so, that wouldn't be a pleasant situation for me. Are there any features similar to milters I can use in MailScanner? I believe, SPF, DKIM, RBL check is possible with it, correct? Thanks again. Eoin -----Original Message----- From: MailScanner On Behalf Of Mark Sapiro Sent: Tuesday, 26 June 2018 4:17 PM To: mailscanner at lists.mailscanner.info Subject: Re: [Question] Email flow when using with milter On 6/25/18 10:13 PM, Eoin Kim wrote: > > I?d like to ask a question regarding email flow on the MailScanner. So, > if I understood correctly, the below is what?s happening (briefly): > > 1. Server receives an email and goes to hold queue (/^Received:/ HOLD). > 2. MailScanner works on the message with SpamAssassin and ClamAV. > Depending on the result, message can go either incoming queue or > quarantine. > 3. Postfix sends out the message from incoming queue. Correct, but MailScanner does more than just ClamAV and Spamassassin. > Am I following it? Please correct me if I am wrong. If I am correct, I?d > like to ask more questions. I found there are few milters and I am > particularly interested in spamass-milter and clamav-milter. Now, the > questions are: > > 1. The very first question is, I remember MailScanner doesn?t have > built-in milter, correct? Yes. > 2. Is having multiple milters on the system helpful? If they do what you want and don't duplicate effort. > 3. Are they all before-queue milters? If so, what is the email flow? > Just more operations in the hold queue? They operate before the hold queue during incoming SMTP. The plus side is they can reject the mail at incoming SMTP which avoids the possibility of sending notices to a spoofed sender. The minus is if a milter rejects the mail, No one, including MailScanner sees it and no MailScanner rules about forwarding, quarantining, etc. can be done. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From mark at msapiro.net Tue Jun 26 14:43:51 2018 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 26 Jun 2018 07:43:51 -0700 Subject: [Question] Email flow when using with milter In-Reply-To: References: <77d972acee7541afbd2fdbbd2e84bb15@rcst.com.au> <7995ff28-905e-ea4b-6396-5e1622054269@msapiro.net> Message-ID: <3e33abad-7f5f-07f2-78ac-6145d599a0b3@msapiro.net> On 6/26/18 12:24 AM, Eoin Kim wrote: > Thanks Mark, > > So, if I interpret your comment in my own way, if the milter rejects the message, no one (both sender and receiver) will know about what happened to the message. Am I following you? If so, that wouldn't be a pleasant situation for me. The sending MTA will receive an SMTP 5xx status with a reason provided by the milter. What happens then depends on how the mail was sent, but the original sender should be notified somehow. The difference is any delivery status notification which may be backscatter to a spoofed sender will come from the sending MTA or upstream and not from your server. This is a good thing. > Are there any features similar to milters I can use in MailScanner? I believe, SPF, DKIM, RBL check is possible with it, correct? Thanks again. The one big downside of MailScanner is your server has already accepted the mail before MailScanner sees it. Thus, any backscatter generated by a MailScanner notice comes from you. MailScanner can check RBLs. Generally SPF and DKIM validation are done by the incoming MTA which generates results headers that are checked by SpamAssassin running by MailScanner. MailScanner does support custom functions as a hook to your own code, but this is somewhat limited and doesn't support a 'milter' interface. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From Eoin.Kim at rcst.com.au Tue Jun 26 21:29:59 2018 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Tue, 26 Jun 2018 21:29:59 +0000 Subject: [Question] Email flow when using with milter In-Reply-To: <3e33abad-7f5f-07f2-78ac-6145d599a0b3@msapiro.net> References: <77d972acee7541afbd2fdbbd2e84bb15@rcst.com.au> <7995ff28-905e-ea4b-6396-5e1622054269@msapiro.net> <3e33abad-7f5f-07f2-78ac-6145d599a0b3@msapiro.net> Message-ID: <43cf7f84dd15430e82b35ac126b9cea3@rcst.com.au> Really appreciate it Mark. I misunderstood few things since the MailScanner interface shows the result of SPF and DKIM check. I thought they are done by MailScanner. Okay, so as long as the original sender can receive some kinds of notification message, I might try to apply a milter. I am really sorry for bothering all of you but more questions. 1. I can see there are lots of milter add-ons for Postfix. Are they all doing different jobs? Like you said before, I don't want to deploy redundant milters. 2. Do you have any suggestions? Thanks very much. Eoin -----Original Message----- From: MailScanner On Behalf Of Mark Sapiro Sent: Wednesday, 27 June 2018 12:44 AM To: mailscanner at lists.mailscanner.info Subject: Re: [Question] Email flow when using with milter On 6/26/18 12:24 AM, Eoin Kim wrote: > Thanks Mark, > > So, if I interpret your comment in my own way, if the milter rejects the message, no one (both sender and receiver) will know about what happened to the message. Am I following you? If so, that wouldn't be a pleasant situation for me. The sending MTA will receive an SMTP 5xx status with a reason provided by the milter. What happens then depends on how the mail was sent, but the original sender should be notified somehow. The difference is any delivery status notification which may be backscatter to a spoofed sender will come from the sending MTA or upstream and not from your server. This is a good thing. > Are there any features similar to milters I can use in MailScanner? I believe, SPF, DKIM, RBL check is possible with it, correct? Thanks again. The one big downside of MailScanner is your server has already accepted the mail before MailScanner sees it. Thus, any backscatter generated by a MailScanner notice comes from you. MailScanner can check RBLs. Generally SPF and DKIM validation are done by the incoming MTA which generates results headers that are checked by SpamAssassin running by MailScanner. MailScanner does support custom functions as a hook to your own code, but this is somewhat limited and doesn't support a 'milter' interface. -- Mark Sapiro > The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jim at flamingoseismic.com Wed Jun 27 21:02:13 2018 From: jim at flamingoseismic.com (Jim Wirtz) Date: Wed, 27 Jun 2018 16:02:13 -0500 Subject: Wrongfully whitelisted Message-ID: <02d101d40e5a$200c9cd0$6025d670$@com> I keep getting emails that are marked as whitelisted, but are not on/in my whitelist. How is this happening? Thanks.... Jim -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Wed Jun 27 23:52:47 2018 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Wed, 27 Jun 2018 19:52:47 -0400 Subject: Wrongfully whitelisted In-Reply-To: <02d101d40e5a$200c9cd0$6025d670$@com> References: <02d101d40e5a$200c9cd0$6025d670$@com> Message-ID: Jim, Can you provide more information about this, such as relevant logs, whitelisted entries, and versions of software? Saying "it doesn't work right" isn't going to solicit a helpful solution for your problem. On Wed, Jun 27, 2018 at 5:02 PM, Jim Wirtz wrote: > > > I keep getting emails that are marked as whitelisted, but are not on/in > > my whitelist. How is this happening? > > > > Thanks.... > > > > Jim > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x1171 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From djones at ena.com Fri Jun 29 01:40:19 2018 From: djones at ena.com (David Jones) Date: Thu, 28 Jun 2018 21:40:19 -0400 Subject: Wrongfully whitelisted In-Reply-To: <02d101d40e5a$200c9cd0$6025d670$@com> References: <02d101d40e5a$200c9cd0$6025d670$@com> Message-ID: On 06/27/2018 05:02 PM, Jim Wirtz wrote: > I keep getting emails that are marked as whitelisted, but are not on/in > > my whitelist.?? How is this happening? > > Thanks.... > > Jim > There are a number of things that can do this. I would need to see mail logs to know what is happening for sure but SpamAssassin has it's own list of safe senders that are whitelisted in specific situations when SPF and/or DKIM check pass. This SA whitelisting can trigger MailScanner whitelisting in the mail logs so please post the log entries so we don't have to guess. -- David Jones From jim at flamingoseismic.com Fri Jun 29 15:04:34 2018 From: jim at flamingoseismic.com (Jim Wirtz) Date: Fri, 29 Jun 2018 10:04:34 -0500 Subject: Wrongfully whitelisted In-Reply-To: References: <02d101d40e5a$200c9cd0$6025d670$@com> Message-ID: <053e01d40fba$80c736a0$8255a3e0$@com> You know when you could swear that you have been through all your setting at least a dozen times, but fail to see/remember that one thing? Well I forgot about a script/cron that would rebuild a white list from data I stored. I have gone through and remove all whitelists to where I only have the MailScanner whitelist. So far no unexpected white listed emails. The only question left in my mind, what other ways could an email be whitelisted? Thanks.... Jim -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+jim=flamingoseismic.com at lists.mailscanner.info] On Behalf Of David Jones via MailScanner Sent: Thursday, June 28, 2018 8:40 PM To: mailscanner at lists.mailscanner.info Cc: David Jones Subject: Re: Wrongfully whitelisted On 06/27/2018 05:02 PM, Jim Wirtz wrote: > I keep getting emails that are marked as whitelisted, but are not on/in > > my whitelist.?? How is this happening? > > Thanks.... > > Jim > There are a number of things that can do this. I would need to see mail logs to know what is happening for sure but SpamAssassin has it's own list of safe senders that are whitelisted in specific situations when SPF and/or DKIM check pass. This SA whitelisting can trigger MailScanner whitelisting in the mail logs so please post the log entries so we don't have to guess. -- David Jones -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From Antony.Stone at mailscanner.open.source.it Fri Jun 29 20:42:30 2018 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Fri, 29 Jun 2018 21:42:30 +0100 Subject: Wrongfully whitelisted In-Reply-To: <053e01d40fba$80c736a0$8255a3e0$@com> References: <02d101d40e5a$200c9cd0$6025d670$@com> <053e01d40fba$80c736a0$8255a3e0$@com> Message-ID: <201806292142.31336.Antony.Stone@mailscanner.open.source.it> On Friday 29 June 2018 at 16:04:34, Jim Wirtz wrote: > You know when you could swear that you have been through all your > setting at least a dozen times, but fail to see/remember that one thing? We've all been there, I think. > Well I forgot about a script/cron that would rebuild a white list from > data I stored. Ah. > I have gone through and remove all whitelists to where I only have the > MailScanner whitelist. So far no unexpected white listed emails. Good. > The only question left in my mind, what other ways could an email be > whitelisted? Well, since you still haven't told us what ways you are (now) whitelisting, I think we still can't tell you what *other* ways there are. I'll state more clearly what others have already said more softly - if you don't give us much information to go on, we can't be much help; if you give us enough detail to understand your configuration and to see what exactly is happening with a specific email you're asking about, we can offer useful suggestions. The quality of an answer is often directly related to the quality of the question. Antony. -- Archaeologists have found a previously-unknown dinosaur which seems to have had a very large vocabulary. They've named it Thesaurus. Please reply to the list; please *don't* CC me.