From J.Ede at birchenallhowden.co.uk Fri Mar 2 12:27:19 2018 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Fri, 2 Mar 2018 12:27:19 +0000 Subject: messages crashing MailScanner on Centos 6.9 Message-ID: I've upgraded from 4.85 to the latest version of 5.07-2 and I'm still finding I'm getting the odd email that seems to crash MailScanner. If I run in debug mode I'm seeing a lot of lines like the following. Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 29 Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm MailScanner -V reports This is CentOS release 6.9 (Final) This is Perl version 5.010001 (5.10.1) This is MailScanner version 5.0.7 Module versions are: 1.00 AnyDBM_File 1.30 Archive::Zip 0.23 bignum 1.11 Carp 2.021 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.124 Data::Dumper 2.27 Date::Parse 1.03 DirHandle 1.06 Fcntl 2.77 File::Basename 2.14 File::Copy 2.02 FileHandle 2.08 File::Path 0.22 File::Temp 0.92 Filesys::Df 3.64 HTML::Entities 3.64 HTML::Parser 3.57 HTML::TokeParser 1.14 IO::File 1.13 IO::Pipe 2.04 Mail::Header 1.9993 Math::BigInt 0.22 Math::BigRat 3.08 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.08 MIME::QuotedPrint 5.427 MIME::Tools 0.18 Net::CIDR 1.25 Net::IP 0.19 OLE::Storage_Lite 1.04 Pod::Escapes 3.13 Pod::Simple 1.17 POSIX 1.21 Scalar::Util 1.82 Socket 2.20 Storable 1.4 Sys::Hostname::Long 0.27 Sys::Syslog 1.40 Test::Pod 0.92 Test::Simple 1.9721 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.58 Archive::Tar 0.23 bignum missing Business::ISBN missing Business::ISBN::Data 1.15 Data::Dump 1.82 DB_File 1.27 DBD::SQLite 1.609 DBI 1.16 Digest 1.01 Digest::HMAC 2.39 Digest::MD5 2.12 Digest::SHA1 1.01 Encode::Detect 0.17015 Error 0.27 ExtUtils::CBuilder 2.2203 ExtUtils::ParseXS 2.38 Getopt::Long 0.46 Inline 1.08 IO::String 1.09 IO::Zlib 2.28 IP::Country missing Mail::ClamAV 3.004001 Mail::SpamAssassin v2.008 Mail::SPF 1.999001 Mail::SPF::Query 0.35 Module::Build 0.21 Net::CIDR::Lite 0.65 Net::DNS v0.003 Net::DNS::Resolver::Programmable 0.65 Net::LDAP 4.027 NetAddr::IP 1.965001 Parse::RecDescent missing SAVI 3.17 Test::Harness 1.22 Test::Manifest 2.0.0 Text::Balanced 1.40 URI 0.77 version 0.70 YAML -- Dr Jason Ede, MEng Hons, CEng, Prince2, MTCNA, MTCWE, MTCTCE, MTCRE, MTCINE Development Manager, BirchenallHowden Ltd -------------- next part -------------- An HTML attachment was scrubbed... URL: From carles at unlimitedmail.org Tue Mar 6 22:36:18 2018 From: carles at unlimitedmail.org (=?UTF-8?Q?Carles_Xavier_Munyoz_Bald=c3=b3?=) Date: Tue, 6 Mar 2018 23:36:18 +0100 Subject: Clamd - Permission denied (SOLVED). Message-ID: Hi, I have just installed MailScanner into a new Ubuntu 16.04.4 LTS server and updated it to the latests packages. Making tests over the new server I have seen that ClamAV is not operating fine due to permission problems: [...] MailScanner[15458]: Virus and Content Scanning: Starting MailScanner[15458]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/15458 MailScanner[15458]: Virus Scanning: Clamd found 1 infections MailScanner[15458]: Virus Scanning: Found 1 viruses [...] I have solved the problem modifying the configuration parameter AllowSupplementaryGroups from false to true in the file: /etc/clamav/clamd.conf Please, MailScanner developers, take this into account in the installer for Ubuntu for the next release. Thank you very much. Best regards. ======================================== SOLTECSIS SOLUCIONES TECNOLOGICAS, S.L. Carles Xavier Munyoz Bald? Departamento de I+D+I Tel./Fax: 966 446 046 cmunyoz at soltecsis.com www.soltecsis.com ======================================== --- La informaci?n contenida en este e-mail es confidencial, siendo para uso exclusivo del destinatario arriba mencionado. Le informamos que est? totalmente prohibida cualquier utilizaci?n, divulgaci?n, distribuci?n y/o reproducci?n de esta comunicaci?n sin autorizaci?n expresa en virtud de la legislaci?n vigente. Si ha recibido este mensaje por error, le rogamos nos lo notifique inmediatamente por la misma v?a y proceda a su eliminaci?n. --- From nilton at hgnet.com.br Wed Mar 14 20:21:00 2018 From: nilton at hgnet.com.br (nilton at hgnet.com.br) Date: Wed, 14 Mar 2018 17:21:00 -0300 Subject: MailScanner rules problem Message-ID: Hi List This is my first post here, so I'm sorry for my blunders. Sorry also for my very bad english. I have a new installation of MailScanner with Postfix and Mysql and I am seeing a serious problem that I have not been able to solve yet and I need your help: Ubuntu 16.04 + MailScanner 5.0.7-2 + Postfix 3.1.0-3 + MySQL 5.7.21 Everything works fine except for one detail. All rules related to domains hosted on this mailserver are ignored by MailScanner. Look this: Local domains: domain1.com.br domain2.com.br domain3.com.br ---------------- MailScanner.com Archive Mail = %rules-dir%/archive.rules Spam Actions = %rules-dir%/archive-spam.rules Required SpamAssassin Score = %rules-dir%/score.rules Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules ----------------- archive.rules FromOrTo:?????????? @domain2.com.br?????????????? monitor at domain2.com.br FromOrTo:?????????? @domain3.com.br?????????????? monitor at domain3.com.br FromOrTo:?????????? default monitor at X-Domain1-MailScanner-To:.com.br The rules for domin2.com.br and domain3.com.br are ignored by Mailscanner and all messages follow default rules. ---------------- archive-spam.rules To:???????? @domain2.com.br???????? forward spam at domain2.com.br delete header "X-Spam-Status: Yes" To:???????? @domain3.com.br???????? forward spam at domain3.com.br delete header "X-Spam-Status: Yes" From:???? default???????????????????????? forward spam at X-Domain1-MailScanner-To:.com.br delete header "X-Spam-Status: Yes" In the same way, the rules for domin2.com.br and domain3.com.br are ignored by Mailscanner and all the messages follow default rules. -------------------- score.rules To:???????????? @domain2.com.br?????????????????????????????????? 8.0 To:???????????? @domain3.com.br?????????????????????????????????? 9.0 To:???????????? default???????????????????????????????????????? ?? ?? ?? ?? ?? ???? ?????? 5.0 All messages for domain2.com and domain3.com are cached or not based on default score 5.0. ------------------ spam.whitelist.rules From:???????? @domain1.com.br???????????????????????? yes From:???????? @domain2.com.br???????????????????????? yes From:???????? @domain3.com.br???????????????????????? yes From:???????? @google.com???????????????????????????????? yes FromOrTo: default???????????????????????????????????????? no Interestingly the "From:" rules even for local domains are recognized by MailScanner. Thus, it is possible to conclude that only the rules that contain "To:" only for local domains do not work. ---------------------- Notice the message header below that X-Domain1-MailScanner-To: It is empty, but X-Domain1-MailScanner-From: is not empty. Return-Path: Delivered-To: usertmp at Domain1.com.br X-Spam-Status: No X-Domain1-MailScanner-To: X-Domain1-MailScanner-From: usertmp at Domain1.com.br X-Domain1-MailScanner-SpamCheck: n????o spam (est???? em uma lista branca), ?????? SpamAssassin (escore=0.4, requerido 4, ALL_TRUSTED -1.00, ?????? BR_SAVED_URI 1.50, DKIM_SIGNED 0.10, DKIM_VALID -0.10, ?????? DKIM_VALID_AU -0.10) X-Domain1-MailScanner: Found to be clean X-Domain1-MailScanner-ID: B6EBB14201A.AE9C1 X-Domain1-MailScanner-Information: Please contact the ISP for more information Received: from webmail.Domain1.com.br (localhost [127.0.0.1]) ?????? by mx1.Domain1.net.br (Postfix) with ESMTP id B6EBB14201A ?????? for ; Wed, 14 Mar 2018 13:18:51 -0300 (-03) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/simple; d=Domain1.com.br; ?????? s=default; t=1521044331; bh=w9NEcM38aPoJUJrmljw+GCJaBSw=; ?????? h=Date:From:To:Subject; b=164tD2Zhn2gvABzES+a+cpd/lZG8QHFaBb8B53JMPXbjbGVgTLIV8oH7dILByLLHV ??c4W1EIgZ865H+m5BulZvekDY1gRg6E5dlkXjTp5M6CfNFbEyoV9rJUp4hs3civ/4Fq ??hbRBSIxuEmoEEdsjiPrkApczoGOWxL+7PCLOfHKiiBc8MlEnr7dPI8kve8dOMgOKXR ??NWz0H4qK6W+XUAIAHWSWryxWMnb6vkSafF/CxSN9W2hhjtFuqt5GhqFhOA+xxnLviQ ??FdbyGg4W468XGYPsJppj8wSuVhQ7FzsuKFaM2X44oXcEGQV62HmpRpwfZyk77A4ue8 ?????? ??8TxnOVTxrogdg== MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; ??format=flowed Content-Transfer-Encoding: 7bit Date: Wed, 14 Mar 2018 13:18:51 -0300 From: usertmp at Domain1.com.br To: usertmp at Domain1.com.br ------------------------- On the other server where everything works fine. From - Wed Mar 14 13:19:49 2018 X-Account-Key: account27 X-UIDL: 000001925a9d6bca X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-Path: Delivered-To: nilton at exemplo2.com.br X-Spam-Status: No X-HGnet-MailScanner-To: X-HGnet-MailScanner-From: nilton at exemplo2.com.br X-HGnet-MailScanner-SpamCheck: n????o spam (est???? em uma lista branca), ?????? SpamAssassin (escore=0.4, requerido 4, ALL_TRUSTED -1.00, ?????? BR_SAVED_URI 1.50, DKIM_SIGNED 0.10, DKIM_VALID -0.10, ?????? DKIM_VALID_AU -0.10) X-HGnet-MailScanner: Found to be clean X-HGnet-MailScanner-ID: B6EBB14201A.AE9C1 X-HGnet-MailScanner-Information: Please contact the ISP for more information Received: from webmail.exemplo2.com.br (localhost [127.0.0.1]) ?????? by mx1.hgnet.net.br (Postfix) with ESMTP id B6EBB14201A ?????? for ; Wed, 14 Mar 2018 13:18:51 -0300 (-03) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/simple; d=exemplo2.com.br; ?????? s=default; t=1521044331; bh=w9NEcM38aPoJUJrmljw+GCJaBSw=; ?????? h=Date:From:To:Subject; b=164tD2Zhn2gvABzES+a+cpd/lZG8QHFaBb8B53JMPXbjbGVgTLIV8oH7dILByLLHV ??c4W1EIgZ865H+m5BulZvekDY1gRg6E5dlkXjTp5M6CfNFbEyoV9rJUp4hs3civ/4Fq ??hbRBSIxuEmoEEdsjiPrkApczoGOWxL+7PCLOfHKiiBc8MlEnr7dPI8kve8dOMgOKXR ??NWz0H4qK6W+XUAIAHWSWryxWMnb6vkSafF/CxSN9W2hhjtFuqt5GhqFhOA+xxnLviQ ??FdbyGg4W468XGYPsJppj8wSuVhQ7FzsuKFaM2X44oXcEGQV62HmpRpwfZyk77A4ue8 ?????? ??8TxnOVTxrogdg== MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; ??format=flowed Content-Transfer-Encoding: 7bit Date: Wed, 14 Mar 2018 13:18:51 -0300 From: nilton at exemplo2.com.br To: nilton at exemplo2.com.br ----------------- MailScanner or Postfix? There is a possibility that the problem is in the way postfix is constructing the header, but I do not know how to debug it. Thank you for your help on this. HGnet - A solu????o em TI. A Solu????o em TI * Nilton Godoi* Fones: ?? +55 11 3582-2746 ??3582-2756 Celular: +55 11 ??98191-0001 www.hgnet.com.br -- Esta mensagem foi verificada pelo sistema de antiv?rus e acredita-se estar livre de perigo. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: hgnet_100.png Type: image/png Size: 6777 bytes Desc: not available URL: From jim at shout.net Wed Mar 14 20:40:53 2018 From: jim at shout.net (Jim Creason) Date: Wed, 14 Mar 2018 15:40:53 -0500 Subject: MailScanner rules problem In-Reply-To: References: Message-ID: <381a5fc8-d60f-3ccc-a494-8c4ff6fa13e7@shout.net> You don't have a wildcard asterisk before the @ in your rules, adding that would fix it, I believe. On 3/14/2018 3:21 PM, nilton at hgnet.com.br wrote: > > Hi List > > This is my first post here, so I'm sorry for my blunders. Sorry also > for my very bad english. > > I have a new installation of MailScanner with Postfix and Mysql and I > am seeing a serious problem that I have not been able to solve yet and > I need your help: > > Ubuntu 16.04 + MailScanner 5.0.7-2 + Postfix 3.1.0-3 + MySQL 5.7.21 > > Everything works fine except for one detail. All rules related to > domains hosted on this mailserver are ignored by MailScanner. > > Look this: > > Local domains: > domain1.com.br > domain2.com.br > domain3.com.br > > ---------------- > MailScanner.com > Archive Mail = %rules-dir%/archive.rules > Spam Actions = %rules-dir%/archive-spam.rules > Required SpamAssassin Score = %rules-dir%/score.rules > Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules > ----------------- > > archive.rules > FromOrTo:????? @domain2.com.br monitor at domain2.com.br > FromOrTo:????? @domain3.com.br monitor at domain3.com.br > FromOrTo:????? default monitor at X-Domain1-MailScanner-To:.com.br > > The rules for domin2.com.br and domain3.com.br are ignored by > Mailscanner and all messages follow default rules. > ---------------- > > archive-spam.rules > To:???? @domain2.com.br???? forward spam at domain2.com.br delete header > "X-Spam-Status: Yes" > To:???? @domain3.com.br???? forward spam at domain3.com.br delete header > "X-Spam-Status: Yes" > From:?? default???????????? forward > spam at X-Domain1-MailScanner-To:.com.br delete header "X-Spam-Status: Yes" > > In the same way, the rules for domin2.com.br and domain3.com.br are > ignored by Mailscanner and all the messages follow default rules. > -------------------- > > score.rules > To:?????? @domain2.com.br????????????????? 8.0 > To:?????? @domain3.com.br????????????????? 9.0 > To:?????? default???????????????????? ? ? ? ? ? ?? ??? 5.0 > > All messages for domain2.com and domain3.com are cached or not based > on default score 5.0. > ------------------ > > spam.whitelist.rules > From:???? @domain1.com.br???????????? yes > From:???? @domain2.com.br???????????? yes > From:???? @domain3.com.br???????????? yes > From:???? @google.com???????????????? yes > FromOrTo: default???????????????????? no > > Interestingly the "From:" rules even for local domains are recognized > by MailScanner. > Thus, it is possible to conclude that only the rules that contain > "To:" only for local domains do not work. > ---------------------- > > Notice the message header below that X-Domain1-MailScanner-To: It is > empty, but X-Domain1-MailScanner-From: is not empty. > > Return-Path: > Delivered-To: usertmp at Domain1.com.br > X-Spam-Status: No > X-Domain1-MailScanner-To: > X-Domain1-MailScanner-From: usertmp at Domain1.com.br > X-Domain1-MailScanner-SpamCheck: n??o spam (est?? em uma lista branca), > ??? SpamAssassin (escore=0.4, requerido 4, ALL_TRUSTED -1.00, > ??? BR_SAVED_URI 1.50, DKIM_SIGNED 0.10, DKIM_VALID -0.10, > ??? DKIM_VALID_AU -0.10) > X-Domain1-MailScanner: Found to be clean > X-Domain1-MailScanner-ID: B6EBB14201A.AE9C1 > X-Domain1-MailScanner-Information: Please contact the ISP for more > information > Received: from webmail.Domain1.com.br (localhost [127.0.0.1]) > ??? by mx1.Domain1.net.br (Postfix) with ESMTP id B6EBB14201A > ??? for ; Wed, 14 Mar 2018 13:18:51 -0300 (-03) > DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/simple; d=Domain1.com.br; > ??? s=default; t=1521044331; bh=w9NEcM38aPoJUJrmljw+GCJaBSw=; > ??? h=Date:From:To:Subject; > b=164tD2Zhn2gvABzES+a+cpd/lZG8QHFaBb8B53JMPXbjbGVgTLIV8oH7dILByLLHV > ?c4W1EIgZ865H+m5BulZvekDY1gRg6E5dlkXjTp5M6CfNFbEyoV9rJUp4hs3civ/4Fq > ?hbRBSIxuEmoEEdsjiPrkApczoGOWxL+7PCLOfHKiiBc8MlEnr7dPI8kve8dOMgOKXR > ?NWz0H4qK6W+XUAIAHWSWryxWMnb6vkSafF/CxSN9W2hhjtFuqt5GhqFhOA+xxnLviQ > ?FdbyGg4W468XGYPsJppj8wSuVhQ7FzsuKFaM2X44oXcEGQV62HmpRpwfZyk77A4ue8 > ??? ?8TxnOVTxrogdg== > MIME-Version: 1.0 > Content-Type: text/plain; charset=US-ASCII; > ?format=flowed > Content-Transfer-Encoding: 7bit > Date: Wed, 14 Mar 2018 13:18:51 -0300 > From: usertmp at Domain1.com.br > To: usertmp at Domain1.com.br > ------------------------- > > > On the other server where everything works fine. > From - Wed Mar 14 13:19:49 2018 > X-Account-Key: account27 > X-UIDL: 000001925a9d6bca > X-Mozilla-Status: 0001 > X-Mozilla-Status2: 00000000 > X-Mozilla-Keys: > Return-Path: > Delivered-To: nilton at exemplo2.com.br > X-Spam-Status: No > X-HGnet-MailScanner-To: > X-HGnet-MailScanner-From: nilton at exemplo2.com.br > X-HGnet-MailScanner-SpamCheck: n??o spam (est?? em uma lista branca), > ??? SpamAssassin (escore=0.4, requerido 4, ALL_TRUSTED -1.00, > ??? BR_SAVED_URI 1.50, DKIM_SIGNED 0.10, DKIM_VALID -0.10, > ??? DKIM_VALID_AU -0.10) > X-HGnet-MailScanner: Found to be clean > X-HGnet-MailScanner-ID: B6EBB14201A.AE9C1 > X-HGnet-MailScanner-Information: Please contact the ISP for more > information > Received: from webmail.exemplo2.com.br (localhost [127.0.0.1]) > ??? by mx1.hgnet.net.br (Postfix) with ESMTP id B6EBB14201A > ??? for ; Wed, 14 Mar 2018 13:18:51 -0300 (-03) > DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/simple; d=exemplo2.com.br; > ??? s=default; t=1521044331; bh=w9NEcM38aPoJUJrmljw+GCJaBSw=; > ??? h=Date:From:To:Subject; > b=164tD2Zhn2gvABzES+a+cpd/lZG8QHFaBb8B53JMPXbjbGVgTLIV8oH7dILByLLHV > ?c4W1EIgZ865H+m5BulZvekDY1gRg6E5dlkXjTp5M6CfNFbEyoV9rJUp4hs3civ/4Fq > ?hbRBSIxuEmoEEdsjiPrkApczoGOWxL+7PCLOfHKiiBc8MlEnr7dPI8kve8dOMgOKXR > ?NWz0H4qK6W+XUAIAHWSWryxWMnb6vkSafF/CxSN9W2hhjtFuqt5GhqFhOA+xxnLviQ > ?FdbyGg4W468XGYPsJppj8wSuVhQ7FzsuKFaM2X44oXcEGQV62HmpRpwfZyk77A4ue8 > ??? ?8TxnOVTxrogdg== > MIME-Version: 1.0 > Content-Type: text/plain; charset=US-ASCII; > ?format=flowed > Content-Transfer-Encoding: 7bit > Date: Wed, 14 Mar 2018 13:18:51 -0300 > From: nilton at exemplo2.com.br > To: nilton at exemplo2.com.br > > ----------------- > > MailScanner or Postfix? There is a possibility that the problem is in > the way postfix is constructing the header, but I do not know how to > debug it. > > Thank you for your help on this. > > HGnet - A solu??o em TI. > > A Solu??o em TI > > * > Nilton Godoi* > Fones: ? +55 11 3582-2746 ?3582-2756 > Celular: +55 11 ?98191-0001 > www.hgnet.com.br > > > > -- > Esta mensagem foi verificada pelo sistema de antiv?rus e > acredita-se estar livre de perigo. > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: hgnet_100.png Type: image/png Size: 6777 bytes Desc: not available URL: From mailscanner at barendse.to Thu Mar 15 14:10:29 2018 From: mailscanner at barendse.to (Remco Barendse) Date: Thu, 15 Mar 2018 15:10:29 +0100 (CET) Subject: File names rule to catch rar attachments Message-ID: I'm trying to find a way to block .rar archives. Blocking the standard .rar is a no brainer but how do i block all the child archives like .r01 .r02 .r11 .r66 etc. How to add that to filename rules without using 99 lines? :) Thanks! Remco From jim at shout.net Thu Mar 15 14:27:14 2018 From: jim at shout.net (Jim Creason) Date: Thu, 15 Mar 2018 09:27:14 -0500 Subject: File names rule to catch rar attachments In-Reply-To: References: Message-ID: Something like \.r[0-9]{1,2} should do it, no? On 3/15/2018 9:10 AM, Remco Barendse wrote: > I'm trying to find a way to block .rar archives. Blocking the standard > .rar is a no brainer but how do i block all the child archives like > .r01 > .r02 > .r11 > .r66 etc. > > How to add that to filename rules without using 99 lines? :) > > Thanks! > Remco > > From nilton at hgnet.com.br Fri Mar 16 17:13:42 2018 From: nilton at hgnet.com.br (nilton at hgnet.com.br) Date: Fri, 16 Mar 2018 14:13:42 -0300 Subject: MailScanner rules problem In-Reply-To: <381a5fc8-d60f-3ccc-a494-8c4ff6fa13e7@shout.net> References: <381a5fc8-d60f-3ccc-a494-8c4ff6fa13e7@shout.net> Message-ID: Hi, I've been doing a lot of testing and I've seen that MailScanner perfectly recognizes rules written using spaces or , with or without * before @ and even with regular expression. I have seen that MailScanner does not receive or recognize only the rules for local domains with the expression "To:" and so it does not follow the rule. I've also seen that even for local domains for the expression "From:" the rule is followed. Looking at the header of a message sent from a user to itself, the To: field appears empty, different from the From: field: Return-Path: Delivered-To: nilton at domain1.com.br X-Spam-Status: No *X-HGnet-MailScanner-To: X-HGnet-MailScanner-From:* nilton at domain1.com.br The question is: Could the Postfix be creating a header with information not recognized by MailScanner? Why the MailScanner does not?? recognize only the local domains in "To:" rule, but recognize "From:" rule. My search is currently focused on this issue. Em 14/3/2018 17:40, Jim Creason escreveu: > > > You don't have a wildcard asterisk before the @ in your rules, adding > that would fix it, I believe. > > > On 3/14/2018 3:21 PM, nilton at hgnet.com.br wrote: >> >> Hi List >> >> This is my first post here, so I'm sorry for my blunders. Sorry also >> for my very bad english. >> >> I have a new installation of MailScanner with Postfix and Mysql and I >> am seeing a serious problem that I have not been able to solve yet >> and I need your help: >> >> Ubuntu 16.04 + MailScanner 5.0.7-2 + Postfix 3.1.0-3 + MySQL 5.7.21 >> >> Everything works fine except for one detail. All rules related to >> domains hosted on this mailserver are ignored by MailScanner. >> >> Look this: >> >> Local domains: >> domain1.com.br >> domain2.com.br >> domain3.com.br >> >> ---------------- >> MailScanner.com >> Archive Mail = %rules-dir%/archive.rules >> Spam Actions = %rules-dir%/archive-spam.rules >> Required SpamAssassin Score = %rules-dir%/score.rules >> Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules >> ----------------- >> >> archive.rules >> FromOrTo:?????????? @domain2.com.br monitor at domain2.com.br >> FromOrTo:?????????? @domain3.com.br monitor at domain3.com.br >> FromOrTo:?????????? default monitor at X-Domain1-MailScanner-To:.com.br >> >> The rules for domin2.com.br and domain3.com.br are ignored by >> Mailscanner and all messages follow default rules. >> ---------------- >> >> archive-spam.rules >> To:???????? @domain2.com.br???????? forward spam at domain2.com.br delete header >> "X-Spam-Status: Yes" >> To:???????? @domain3.com.br???????? forward spam at domain3.com.br delete header >> "X-Spam-Status: Yes" >> From:???? default???????????????????????? forward >> spam at X-Domain1-MailScanner-To:.com.br delete header "X-Spam-Status: Yes" >> >> In the same way, the rules for domin2.com.br and domain3.com.br are >> ignored by Mailscanner and all the messages follow default rules. >> -------------------- >> >> score.rules >> To:???????????? @domain2.com.br?????????????????????????????????? 8.0 >> To:???????????? @domain3.com.br?????????????????????????????????? 9.0 >> To:???????????? default???????????????????????????????????????? ?? ?? ?? ?? ?? ???? ?????? 5.0 >> >> All messages for domain2.com and domain3.com are cached or not based >> on default score 5.0. >> ------------------ >> >> spam.whitelist.rules >> From:???????? @domain1.com.br???????????????????????? yes >> From:???????? @domain2.com.br???????????????????????? yes >> From:???????? @domain3.com.br???????????????????????? yes >> From:???????? @google.com???????????????????????????????? yes >> FromOrTo: default???????????????????????????????????????? no >> >> Interestingly the "From:" rules even for local domains are recognized >> by MailScanner. >> Thus, it is possible to conclude that only the rules that contain >> "To:" only for local domains do not work. >> ---------------------- >> >> Notice the message header below that X-Domain1-MailScanner-To: It is >> empty, but X-Domain1-MailScanner-From: is not empty. >> >> Return-Path: >> Delivered-To: usertmp at Domain1.com.br >> X-Spam-Status: No >> X-Domain1-MailScanner-To: >> X-Domain1-MailScanner-From: usertmp at Domain1.com.br >> X-Domain1-MailScanner-SpamCheck: n????o spam (est???? em uma lista branca), >> ?????? SpamAssassin (escore=0.4, requerido 4, ALL_TRUSTED -1.00, >> ?????? BR_SAVED_URI 1.50, DKIM_SIGNED 0.10, DKIM_VALID -0.10, >> ?????? DKIM_VALID_AU -0.10) >> X-Domain1-MailScanner: Found to be clean >> X-Domain1-MailScanner-ID: B6EBB14201A.AE9C1 >> X-Domain1-MailScanner-Information: Please contact the ISP for more >> information >> Received: from webmail.Domain1.com.br (localhost [127.0.0.1]) >> ?????? by mx1.Domain1.net.br (Postfix) with ESMTP id B6EBB14201A >> ?????? for ; Wed, 14 Mar 2018 13:18:51 -0300 (-03) >> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/simple; d=Domain1.com.br; >> ?????? s=default; t=1521044331; bh=w9NEcM38aPoJUJrmljw+GCJaBSw=; >> ?????? h=Date:From:To:Subject; >> b=164tD2Zhn2gvABzES+a+cpd/lZG8QHFaBb8B53JMPXbjbGVgTLIV8oH7dILByLLHV >> ??c4W1EIgZ865H+m5BulZvekDY1gRg6E5dlkXjTp5M6CfNFbEyoV9rJUp4hs3civ/4Fq >> ??hbRBSIxuEmoEEdsjiPrkApczoGOWxL+7PCLOfHKiiBc8MlEnr7dPI8kve8dOMgOKXR >> ??NWz0H4qK6W+XUAIAHWSWryxWMnb6vkSafF/CxSN9W2hhjtFuqt5GhqFhOA+xxnLviQ >> ??FdbyGg4W468XGYPsJppj8wSuVhQ7FzsuKFaM2X44oXcEGQV62HmpRpwfZyk77A4ue8 >> ?????? ??8TxnOVTxrogdg== >> MIME-Version: 1.0 >> Content-Type: text/plain; charset=US-ASCII; >> ??format=flowed >> Content-Transfer-Encoding: 7bit >> Date: Wed, 14 Mar 2018 13:18:51 -0300 >> From: usertmp at Domain1.com.br >> To: usertmp at Domain1.com.br >> ------------------------- >> >> >> On the other server where everything works fine. >> From - Wed Mar 14 13:19:49 2018 >> X-Account-Key: account27 >> X-UIDL: 000001925a9d6bca >> X-Mozilla-Status: 0001 >> X-Mozilla-Status2: 00000000 >> X-Mozilla-Keys: >> Return-Path: >> Delivered-To: nilton at exemplo2.com.br >> X-Spam-Status: No >> X-HGnet-MailScanner-To: >> X-HGnet-MailScanner-From: nilton at exemplo2.com.br >> X-HGnet-MailScanner-SpamCheck: n????o spam (est???? em uma lista branca), >> ?????? SpamAssassin (escore=0.4, requerido 4, ALL_TRUSTED -1.00, >> ?????? BR_SAVED_URI 1.50, DKIM_SIGNED 0.10, DKIM_VALID -0.10, >> ?????? DKIM_VALID_AU -0.10) >> X-HGnet-MailScanner: Found to be clean >> X-HGnet-MailScanner-ID: B6EBB14201A.AE9C1 >> X-HGnet-MailScanner-Information: Please contact the ISP for more >> information >> Received: from webmail.exemplo2.com.br (localhost [127.0.0.1]) >> ?????? by mx1.hgnet.net.br (Postfix) with ESMTP id B6EBB14201A >> ?????? for ; Wed, 14 Mar 2018 13:18:51 -0300 (-03) >> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/simple; d=exemplo2.com.br; >> ?????? s=default; t=1521044331; bh=w9NEcM38aPoJUJrmljw+GCJaBSw=; >> ?????? h=Date:From:To:Subject; >> b=164tD2Zhn2gvABzES+a+cpd/lZG8QHFaBb8B53JMPXbjbGVgTLIV8oH7dILByLLHV >> ??c4W1EIgZ865H+m5BulZvekDY1gRg6E5dlkXjTp5M6CfNFbEyoV9rJUp4hs3civ/4Fq >> ??hbRBSIxuEmoEEdsjiPrkApczoGOWxL+7PCLOfHKiiBc8MlEnr7dPI8kve8dOMgOKXR >> ??NWz0H4qK6W+XUAIAHWSWryxWMnb6vkSafF/CxSN9W2hhjtFuqt5GhqFhOA+xxnLviQ >> ??FdbyGg4W468XGYPsJppj8wSuVhQ7FzsuKFaM2X44oXcEGQV62HmpRpwfZyk77A4ue8 >> ?????? ??8TxnOVTxrogdg== >> MIME-Version: 1.0 >> Content-Type: text/plain; charset=US-ASCII; >> ??format=flowed >> Content-Transfer-Encoding: 7bit >> Date: Wed, 14 Mar 2018 13:18:51 -0300 >> From: nilton at exemplo2.com.br >> To: nilton at exemplo2.com.br >> >> ----------------- >> >> MailScanner or Postfix? There is a possibility that the problem is in >> the way postfix is constructing the header, but I do not know how to >> debug it. >> >> Thank you for your help on this. >> >> HGnet - A solu????o em TI. >> >> A Solu????o em TI >> >> * >> Nilton Godoi* >> Fones: +55 11 3582-2746 ??3582-2756 >> Celular: +55 11 ??98191-0001 >> www.hgnet.com.br >> >> >> >> -- >> Esta mensagem foi verificada pelo sistema de antiv???rus e >> acredita-se estar livre de perigo. >> >> > > > -- > Esta mensagem foi verificada pelo sistema de antiv???rus e > acredita-se estar livre de perigo. -- Esta mensagem foi verificada pelo sistema de antiv?rus e acredita-se estar livre de perigo. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: hgnet_100.png Type: image/png Size: 6777 bytes Desc: not available URL: From mark at msapiro.net Fri Mar 16 18:12:20 2018 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 16 Mar 2018 11:12:20 -0700 Subject: MailScanner rules problem In-Reply-To: References: <381a5fc8-d60f-3ccc-a494-8c4ff6fa13e7@shout.net> Message-ID: <9534d2d2-cdf8-a656-c0d3-b313661bd69b@msapiro.net> On 03/16/2018 10:13 AM, nilton at hgnet.com.br wrote: > > I have seen that MailScanner does not receive or recognize only the > rules for local domains with the expression "To:" and so it does not > follow the rule. I've also seen that even for local domains for the > expression "From:" the rule is followed. I do not see this issue with MailScanner-5.0.7-2. > Looking at the header of a message sent from a user to itself, the To: > field appears empty, different from the From: field: > Return-Path: > Delivered-To: nilton at domain1.com.br > X-Spam-Status: No > *X-HGnet-MailScanner-To: > X-HGnet-MailScanner-From:* nilton at domain1.com.br Nor do I see a missing To: for a message just like this if I set Add Envelope To Header = Yes > The question is: Could the Postfix be creating a header with information > not recognized by MailScanner? Why the MailScanner does not? recognize > only the local domains in "To:" rule, but recognize "From:" rule. My > search is currently focused on this issue. Look at the message for the headers X-Original-To: Delivered-To: I think the Delivered-To: address will be the one MailScanner checks for To: in rules. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mailscanner at barendse.to Sun Mar 18 11:59:35 2018 From: mailscanner at barendse.to (Remco Barendse) Date: Sun, 18 Mar 2018 12:59:35 +0100 (CET) Subject: {Spam?} Re: File names rule to catch rar attachments In-Reply-To: References: Message-ID: On Thu, 15 Mar 2018, Jim Creason wrote: > > Something like \.r[0-9]{1,2} should do it, no? This works perfectly, thanks so much! Just had to add $ at the end, so: deny \.r[0-9]{1,2}$ - - Maybe a useful addition to the standard set of filename rules as well? > > > > On 3/15/2018 9:10 AM, Remco Barendse wrote: >> I'm trying to find a way to block .rar archives. Blocking the standard .rar >> is a no brainer but how do i block all the child archives like >> .r01 >> .r02 >> .r11 >> .r66 etc. >> >> How to add that to filename rules without using 99 lines? :) >> >> Thanks! >> Remco >> >> > From ajdin at centohost.com Mon Mar 19 15:52:42 2018 From: ajdin at centohost.com (ajdin) Date: Mon, 19 Mar 2018 16:52:42 +0100 Subject: nat and forwarding messages after filter Message-ID: <34cf63bb-4bb0-fbf1-c4f9-b7a9dd5c93ea@centohost.com> hello, does anyone now how to hide mailscanner ip address and forward orginal sender ip after filtering? we have mailscanner on one server and we point all traffic on destinatin port 25 to that server. server is filtering but mail is received from ip from filter server not sender ip or source ip. does anyone know how to forward message after spamassassin filter messsage in mailscanner. kind reagrds. From Antony.Stone at mailscanner.open.source.it Mon Mar 19 15:58:57 2018 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Mon, 19 Mar 2018 16:58:57 +0100 Subject: nat and forwarding messages after filter In-Reply-To: <34cf63bb-4bb0-fbf1-c4f9-b7a9dd5c93ea@centohost.com> References: <34cf63bb-4bb0-fbf1-c4f9-b7a9dd5c93ea@centohost.com> Message-ID: <201803191658.57803.Antony.Stone@mailscanner.open.source.it> On Monday 19 March 2018 at 16:52:42, ajdin wrote: > hello, > > > does anyone now how to hide mailscanner ip address and forward orginal > sender ip after filtering? No. That is not the way mail servers work. > we have mailscanner on one server and we point all traffic on destinatin > port 25 to that server. > > server is filtering but mail is received from ip from filter server not > sender ip or source ip. That is because MailScanner runs two SMTP processes - one accepts mail from the source (sender), and the other one sends mail to the destination (recipient). That second process can only use the IP address of the mail server, becaue it has to communicate with the destination mail server, which therefore needs to send its replies back to the MailScanner machine's IP address. This is no different from using a mail server without MailScanner running on it; in that case the recipients will see the IP address of the mail server as the origin, and the IP address of the client as the previous hop in the path. > does anyone know how to forward message after spamassassin filter > messsage in mailscanner. I don't understand this question. Regards, Antony. -- My life is going completely according to plan. I do sometimes wish it had been *my* plan, though. Please reply to the list; please *don't* CC me. From djones at ena.com Mon Mar 19 16:06:19 2018 From: djones at ena.com (David Jones) Date: Mon, 19 Mar 2018 16:06:19 +0000 Subject: nat and forwarding messages after filter In-Reply-To: <34cf63bb-4bb0-fbf1-c4f9-b7a9dd5c93ea@centohost.com> References: <34cf63bb-4bb0-fbf1-c4f9-b7a9dd5c93ea@centohost.com> Message-ID: Are you talking about removing the Received header of the MailScanner server so it doesn't look like the email went through it? I would advise against doing that. I would need to see one of the headers of email that has passed through this MailScanner server to better understand the problem. If your MailScanner server is sending directly to the Internet, I would recommend putting a direct public IP on the server to make sure you get FCrDNS setup properly with a single PTR and matching A record matching the SMTP HELO. Dave ________________________________ From: MailScanner on behalf of ajdin Sent: Monday, March 19, 2018 10:52 AM To: mailscanner at lists.mailscanner.info Subject: nat and forwarding messages after filter hello, does anyone now how to hide mailscanner ip address and forward orginal sender ip after filtering? we have mailscanner on one server and we point all traffic on destinatin port 25 to that server. server is filtering but mail is received from ip from filter server not sender ip or source ip. does anyone know how to forward message after spamassassin filter messsage in mailscanner. kind reagrds. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Mon Mar 19 16:08:42 2018 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 19 Mar 2018 12:08:42 -0400 Subject: nat and forwarding messages after filter In-Reply-To: <34cf63bb-4bb0-fbf1-c4f9-b7a9dd5c93ea@centohost.com> References: <34cf63bb-4bb0-fbf1-c4f9-b7a9dd5c93ea@centohost.com> Message-ID: <02e701d3bf9c$8d23bf90$a76b3eb0$@mailborder.com> This is from a firewall or router performing NAT that is not configured to pass the original IP. You need to configure it to do that. -- Jerry Benton www.mailborder.com +1 (843) 800-8605 +44 (020) 3883-8605 -----Original Message----- From: MailScanner On Behalf Of ajdin Sent: Monday, March 19, 2018 11:53 To: mailscanner at lists.mailscanner.info Subject: nat and forwarding messages after filter hello, does anyone now how to hide mailscanner ip address and forward orginal sender ip after filtering? we have mailscanner on one server and we point all traffic on destinatin port 25 to that server. server is filtering but mail is received from ip from filter server not sender ip or source ip. does anyone know how to forward message after spamassassin filter messsage in mailscanner. kind reagrds. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5530 bytes Desc: not available URL: From nilton at hgnet.com.br Mon Mar 19 16:31:22 2018 From: nilton at hgnet.com.br (nilton at hgnet.com.br) Date: Mon, 19 Mar 2018 13:31:22 -0300 Subject: MailScanner rules problem In-Reply-To: <9534d2d2-cdf8-a656-c0d3-b313661bd69b@msapiro.net> References: <381a5fc8-d60f-3ccc-a494-8c4ff6fa13e7@shout.net> <9534d2d2-cdf8-a656-c0d3-b313661bd69b@msapiro.net> Message-ID: <05df4539-7752-c83a-17ac-f9d101812e78@hgnet.com.br> Hi, I agree with you. I have also never seen this happen with MailScanner. I think I now have to direct my research to Postfix. I've never used MySQL to authenticate users and domains.This was the first time I set up Postfix with MySQL and Postfixadmin following this tutorial: https://www.exratione.com/2016/05/a-mailserver-on-ubuntu-16-04-postfix-dovecot-mysql/ . The issue can be here. Searching on Google I found many different tutorials but I would be grateful if you could indicate me a tutorial tested for the installation of Postfix + MySQL + postfixadmin for Ubuntu or Debian. Nilton Godoi HGnet - A solu????o em TI. A Solu????o em TI * Nilton Godoi* Fones: ?? +55 11 3582-2746 ??3582-2756 Celular: +55 11 ??98191-0001 www.hgnet.com.br Em 16/3/2018 15:12, Mark Sapiro escreveu: > On 03/16/2018 10:13 AM, nilton at hgnet.com.br wrote: >> I have seen that MailScanner does not receive or recognize only the >> rules for local domains with the expression "To:" and so it does not >> follow the rule. I've also seen that even for local domains for the >> expression "From:" the rule is followed. > > I do not see this issue with MailScanner-5.0.7-2. > > >> Looking at the header of a message sent from a user to itself, the To: >> field appears empty, different from the From: field: >> Return-Path: >> Delivered-To: nilton at domain1.com.br >> X-Spam-Status: No >> *X-HGnet-MailScanner-To: >> X-HGnet-MailScanner-From:* nilton at domain1.com.br > > Nor do I see a missing To: for a message just like this if I set > > Add Envelope To Header = Yes > > >> The question is: Could the Postfix be creating a header with information >> not recognized by MailScanner? Why the MailScanner does not?? recognize >> only the local domains in "To:" rule, but recognize "From:" rule. My >> search is currently focused on this issue. > Look at the message for the headers > > X-Original-To: > Delivered-To: > > I think the Delivered-To: address will be the one MailScanner checks for > To: in rules. > -- Esta mensagem foi verificada pelo sistema de antiv?rus e acredita-se estar livre de perigo. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: hgnet_100.png Type: image/png Size: 6777 bytes Desc: not available URL: From AbsonChihota at verpakt.com Fri Mar 23 07:33:15 2018 From: AbsonChihota at verpakt.com (Abson Chihota) Date: Fri, 23 Mar 2018 07:33:15 +0000 Subject: Perl Module Message-ID: <6AA287967247E54AB8F1693939F6E34101FB4B3C1D@srvmail2> Good Day; We are receiving the error below and wish to find out which perl-File module is appropriate for Mailscanner system below MailWatch Version: 1.2.7 Operating System Version: CentOS Linux 7 (Core) Postfix Version: 2.10.1 MailScanner Version: 5.0.7 ClamAV Version: SpamAssassin Version: 3.4.0 PHP Version: 5.4.16 MySQL Version: 5.5.56-MariaDB Mailscanner -lint Results Could not use Custom Function code /usr/share/MailScanner/perl/custom/MailWatch.pm, it could not be "require"d. Make sure the last line is "1;" and the module is correct with perl -wc (Error: Can't locate Encoding/FixLatin.pm in @INC (@INC contains: /usr/sbin /usr/sbin/MailScanner /usr/share/MailScanner/perl /usr/share/MailScanner/perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /usr/share/MailScanner/perl/custom/MailWatch.pm line 43. BEGIN failed--compilation aborted at /usr/share/MailScanner/perl/custom/MailWatch.pm line 43. Compilation failed in require at /usr/share/MailScanner/perl/MailScanner/Config.pm line 753. ) at /usr/share/MailScanner/perl/MailScanner/Config.pm line 755. Regards; Abson -------------- next part -------------- An HTML attachment was scrubbed... URL: From endelwar at aregar.it Fri Mar 23 16:50:31 2018 From: endelwar at aregar.it (Manuel Dalla Lana) Date: Fri, 23 Mar 2018 17:50:31 +0100 Subject: Perl Module In-Reply-To: <6AA287967247E54AB8F1693939F6E34101FB4B3C1D@srvmail2> References: <6AA287967247E54AB8F1693939F6E34101FB4B3C1D@srvmail2> Message-ID: <05f8e3c6-7174-bf09-530b-3f51df803b0d@aregar.it> Hello Absom, this error is relative to MailWatch, and should be reported on MailWatch github issue tracker or on it's mailinglist. The error is stating that you miss FixLatin perl module, have you installed it? you can use "cpanm Encoding::FixLatin" to install the missing module Manuel Il 23/03/18 08:33, Abson Chihota ha scritto: > > Good Day; > > We are receiving the error below and wish to find out which perl-File > module is appropriate for Mailscanner ?system below > > MailWatch Version: 1.2.7 > > Operating System Version: CentOS Linux 7 (Core) > > Postfix Version: 2.10.1 > > MailScanner Version: 5.0.7 > > ClamAV Version: > > SpamAssassin Version: 3.4.0 > > PHP Version: 5.4.16 > > MySQL Version: 5.5.56-MariaDB > > Mailscanner ?lint Results > > Could not use Custom Function code > /usr/share/MailScanner/perl/custom/MailWatch.pm, it could not be > "require"d. Make sure the last line is "1;" and the module is correct > with perl -wc (Error: Can't locate Encoding/FixLatin.pm in @INC (@INC > contains: /usr/sbin /usr/sbin/MailScanner /usr/share/MailScanner/perl > /usr/share/MailScanner/perl /usr/local/lib64/perl5 > /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl > /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at > /usr/share/MailScanner/perl/custom/MailWatch.pm line 43. > BEGIN failed--compilation aborted at > /usr/share/MailScanner/perl/custom/MailWatch.pm line 43. > Compilation failed in require at > /usr/share/MailScanner/perl/MailScanner/Config.pm line 753. > ) at /usr/share/MailScanner/perl/MailScanner/Config.pm line 755. > > Regards; > > Abson > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: