From mark at msapiro.net  Thu Nov  1 02:03:18 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 31 Oct 2018 19:03:18 -0700
Subject: msmilter connect timeouts.
Message-ID: <a69689d1-591a-0084-298d-75ac44ec8ca5@msapiro.net>

I have installed MailScanner 5.1.2-2 and am running with msmilter.
Sometimes the connect from postfix to the milter times out after 30
seconds. If thin occurs on a message reinjected by the milter, other
than the delay, it is not a problem, but if it occurs on an incoming
message, MailScanner is bypassed for that message.

Here are some relevant log entries for one such message.

Oct 31 09:05:53 sbh16 postfix/smtpd[10899]: connect from
fg90.mta.exacttarget.com[13.111.54.90]

Oct 31 09:06:23 sbh16 postfix/smtpd[10899]: warning: milter
inet:127.0.0.1:33333: can't read SMFIC_OPTNEG reply packet header:
Connection timed out

Oct 31 09:06:23 sbh16 postfix/smtpd[10899]: warning: milter
inet:127.0.0.1:33333: read error in initial handshake

Followed by the normal postfix messages, but the milter is bypassed so
MailScanner is never invoked for this message.

This does not always occur. It occured 13 times so far on Oct 31. In the
same period, there are 1159 'status=sent' log entries, so it seems to
affect roughly 1% of messages.

I haven't looked at the code so I have no idea why it might occasionaly
time out, but perhaps it is RBL lookups or similar. In any case it might
be good to put a shorter timeout on such things within the milter itself
so MailScanner can be invoked.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


From iversons at rushville.k12.in.us  Thu Nov  1 10:40:11 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Thu, 1 Nov 2018 06:40:11 -0400
Subject: msmilter connect timeouts.
In-Reply-To: <a69689d1-591a-0084-298d-75ac44ec8ca5@msapiro.net>
References: <a69689d1-591a-0084-298d-75ac44ec8ca5@msapiro.net>
Message-ID: <CABu_8zJLwAJVYKwUwf2k2TL-QbDoBeqp74CwxBfdk=QD5BaJTQ@mail.gmail.com>

Mark,

How many milter children do you have configured?

On Wed, Oct 31, 2018 at 10:03 PM Mark Sapiro <mark at msapiro.net> wrote:

> I have installed MailScanner 5.1.2-2 and am running with msmilter.
> Sometimes the connect from postfix to the milter times out after 30
> seconds. If thin occurs on a message reinjected by the milter, other
> than the delay, it is not a problem, but if it occurs on an incoming
> message, MailScanner is bypassed for that message.
>
> Here are some relevant log entries for one such message.
>
> Oct 31 09:05:53 sbh16 postfix/smtpd[10899]: connect from
> fg90.mta.exacttarget.com[13.111.54.90]
>
> Oct 31 09:06:23 sbh16 postfix/smtpd[10899]: warning: milter
> inet:127.0.0.1:33333: can't read SMFIC_OPTNEG reply packet header:
> Connection timed out
>
> Oct 31 09:06:23 sbh16 postfix/smtpd[10899]: warning: milter
> inet:127.0.0.1:33333: read error in initial handshake
>
> Followed by the normal postfix messages, but the milter is bypassed so
> MailScanner is never invoked for this message.
>
> This does not always occur. It occured 13 times so far on Oct 31. In the
> same period, there are 1159 'status=sent' log entries, so it seems to
> affect roughly 1% of messages.
>
> I haven't looked at the code so I have no idea why it might occasionaly
> time out, but perhaps it is RBL lookups or similar. In any case it might
> be good to put a shorter timeout on such things within the milter itself
> so MailScanner can be invoked.
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181101/173c7a6e/attachment.html>

From nerijus at users.sourceforge.net  Thu Nov  1 11:38:16 2018
From: nerijus at users.sourceforge.net (Nerijus Baliunas)
Date: Thu, 1 Nov 2018 13:38:16 +0200
Subject: 2 conditions in the rule and empty Sender
Message-ID: <Mahogany-0.68.0-4082-20181101-133816.00@nerijus.sat.lt>

Hello,

I have Virus Scanning = %rules-dir%/virus_scanning.rules
and in virus_scanning.rules:
From:   127.0.0.1 and From: postmaster at example.com       no

Today I got an email:

The following e-mails were found to have: Virus Detected

    Sender: 
IP Address: 127.0.0.1
 Recipient: postmaster
   Subject: Mail delivery failed: returning message to sender
 MessageID: 58A002A14067.AE6A8
Quarantine: /var/spool/MailScanner/quarantine/20181101/58A002A14067.AE6A8
    Report: Clamd:  message was infected: winnow.spam.ts.xmailer.2.UNOFFICIAL


How to allow such messages to be received? There is no Sender (Return-path:),
how to adapt "From:   127.0.0.1 and From: postmaster at example.com       no"
to also work with no From?

Regards,
Nerijus

From nerijus at users.sourceforge.net  Thu Nov  1 11:42:50 2018
From: nerijus at users.sourceforge.net (Nerijus Baliunas)
Date: Thu, 1 Nov 2018 13:42:50 +0200
Subject: 2 conditions in the rule and empty Sender
In-Reply-To: <Mahogany-0.68.0-4082-20181101-133816.00@nerijus.sat.lt>
References: <Mahogany-0.68.0-4082-20181101-133816.00@nerijus.sat.lt>
Message-ID: <Mahogany-0.68.0-4082-20181101-134250.01@nerijus.sat.lt>

I will paste the full message here:

The following e-mails were found to have: Virus Detected

    Sender: 
IP Address: 127.0.0.1
 Recipient: postmaster
   Subject: Mail delivery failed: returning message to sender
 MessageID: 58A002A14067.AE6A8
Quarantine: /var/spool/MailScanner/quarantine/20181101/58A002A14067.AE6A8
    Report: Clamd:  message was infected: winnow.spam.ts.xmailer.2.UNOFFICIAL

Full headers are:

 Received: from mail.example.com (mail.example.com [127.0.0.1])
 	by mail.example.com (Postfix) with SMTP id 58A002A14067
 	for <postmaster>; Thu,  1 Nov 2018 02:02:01 +0200 (EET)
 Subject: Mail delivery failed: returning message to sender
 From: Mail Delivery System <MAILER-DAEMON at mail.example.com>
 To: postmaster at mail.example.com
 MIME-Version: 1.0
 Content-Type: multipart/report; report-type=delivery-status;
 	boundary="foo-mani-padme-hum-32284-1-1541030521"
 Message-Id: <20181101000201.58A002A14067 at mail.example.com>
 Date: Thu,  1 Nov 2018 02:02:01 +0200 (EET)


On Thu, 1 Nov 2018 13:38:16 +0200 Nerijus Baliunas <nerijus at users.sourceforge.net> wrote:

> Hello,
> 
> I have Virus Scanning = %rules-dir%/virus_scanning.rules
> and in virus_scanning.rules:
> From:   127.0.0.1 and From: postmaster at example.com       no
> 
> Today I got an email:
> 
> The following e-mails were found to have: Virus Detected
> 
>     Sender: 
> IP Address: 127.0.0.1
>  Recipient: postmaster
>    Subject: Mail delivery failed: returning message to sender
>  MessageID: 58A002A14067.AE6A8
> Quarantine: /var/spool/MailScanner/quarantine/20181101/58A002A14067.AE6A8
>     Report: Clamd:  message was infected: winnow.spam.ts.xmailer.2.UNOFFICIAL
> 
> 
> How to allow such messages to be received? There is no Sender (Return-path:),
> how to adapt "From:   127.0.0.1 and From: postmaster at example.com       no"
> to also work with no From?
> 
> Regards,
> Nerijus


From Antony.Stone at mailscanner.open.source.it  Thu Nov  1 11:55:16 2018
From: Antony.Stone at mailscanner.open.source.it (Antony Stone)
Date: Thu, 1 Nov 2018 12:55:16 +0100
Subject: 2 conditions in the rule and empty Sender
In-Reply-To: <Mahogany-0.68.0-4082-20181101-134250.01@nerijus.sat.lt>
References: <Mahogany-0.68.0-4082-20181101-133816.00@nerijus.sat.lt>
 <Mahogany-0.68.0-4082-20181101-134250.01@nerijus.sat.lt>
Message-ID: <201811011255.16367.Antony.Stone@mailscanner.open.source.it>

On Thursday 01 November 2018 at 12:42:50, Nerijus Baliunas wrote:

> I will paste the full message here:

The first thing that strikes me is that the original message does *not* have 
"From: postmaster at example.com" - it is addressed *to* postmaster, but the From 
address is MAILER-DAEMON at mail.example.com

Try putting that into your virus_scanning.rules and see if things get 
delivered as required.

> The following e-mails were found to have: Virus Detected
> 
>     Sender:
> IP Address: 127.0.0.1
>  Recipient: postmaster
>    Subject: Mail delivery failed: returning message to sender
>  MessageID: 58A002A14067.AE6A8
> Quarantine: /var/spool/MailScanner/quarantine/20181101/58A002A14067.AE6A8
>     Report: Clamd:  message was infected:
> winnow.spam.ts.xmailer.2.UNOFFICIAL
> 
> Full headers are:
> 
>  Received: from mail.example.com (mail.example.com [127.0.0.1])
>  	by mail.example.com (Postfix) with SMTP id 58A002A14067
>  	for <postmaster>; Thu,  1 Nov 2018 02:02:01 +0200 (EET)
>  Subject: Mail delivery failed: returning message to sender
>  From: Mail Delivery System <MAILER-DAEMON at mail.example.com>
>  To: postmaster at mail.example.com
>  MIME-Version: 1.0
>  Content-Type: multipart/report; report-type=delivery-status;
>  	boundary="foo-mani-padme-hum-32284-1-1541030521"
>  Message-Id: <20181101000201.58A002A14067 at mail.example.com>
>  Date: Thu,  1 Nov 2018 02:02:01 +0200 (EET)
> 
> On Thu, 1 Nov 2018 13:38:16 +0200 Nerijus Baliunas wrote:
> > Hello,
> > 
> > I have Virus Scanning = %rules-dir%/virus_scanning.rules
> > and in virus_scanning.rules:
> > From:   127.0.0.1 and From: postmaster at example.com       no
> > 
> > Today I got an email:
> > 
> > The following e-mails were found to have: Virus Detected
> > 
> >     Sender:
> > IP Address: 127.0.0.1
> > 
> >  Recipient: postmaster
> >  
> >    Subject: Mail delivery failed: returning message to sender
> >  
> >  MessageID: 58A002A14067.AE6A8
> > 
> > Quarantine: /var/spool/MailScanner/quarantine/20181101/58A002A14067.AE6A8
> > 
> >     Report: Clamd:  message was infected:
> >     winnow.spam.ts.xmailer.2.UNOFFICIAL
> > 
> > How to allow such messages to be received? There is no Sender
> > (Return-path:), how to adapt "From:   127.0.0.1 and From:
> > postmaster at example.com       no" to also work with no From?

Regards


Antony.

-- 
The Magic Words are Squeamish Ossifrage.

                                                   Please reply to the list;
                                                         please *don't* CC me.

From nerijus at users.sourceforge.net  Thu Nov  1 13:39:14 2018
From: nerijus at users.sourceforge.net (Nerijus Baliunas)
Date: Thu, 1 Nov 2018 15:39:14 +0200
Subject: 2 conditions in the rule and empty Sender
In-Reply-To: <201811011255.16367.Antony.Stone@mailscanner.open.source.it>
References: <Mahogany-0.68.0-4082-20181101-133816.00@nerijus.sat.lt><Mahogany-0.68.0-4082-20181101-134250.01@nerijus.sat.lt>
 <201811011255.16367.Antony.Stone@mailscanner.open.source.it>
Message-ID: <Mahogany-0.68.0-4082-20181101-153914.00@nerijus.sat.lt>

I added the rule:
From:   127.0.0.1 and From: MAILER-DAEMON at mail.example.com       no

It did not help.

On Thu, 1 Nov 2018 12:55:16 +0100 Antony Stone <Antony.Stone at mailscanner.open.source.it> wrote:

> On Thursday 01 November 2018 at 12:42:50, Nerijus Baliunas wrote:
> 
> > I will paste the full message here:
> 
> The first thing that strikes me is that the original message does not have 
> "From: postmaster at example.com" - it is addressed to postmaster, but the From 
> address is MAILER-DAEMON at mail.example.com
> 
> Try putting that into your virus_scanning.rules and see if things get 
> delivered as required.
> 
> > The following e-mails were found to have: Virus Detected
> > 
> >     Sender:
> > IP Address: 127.0.0.1
> >  Recipient: postmaster
> >    Subject: Mail delivery failed: returning message to sender
> >  MessageID: 58A002A14067.AE6A8
> > Quarantine: /var/spool/MailScanner/quarantine/20181101/58A002A14067.AE6A8
> >     Report: Clamd:  message was infected:
> > winnow.spam.ts.xmailer.2.UNOFFICIAL
> > 
> > Full headers are:
> > 
> >  Received: from mail.example.com (mail.example.com [127.0.0.1])
> >  	by mail.example.com (Postfix) with SMTP id 58A002A14067
> >  	for <postmaster>; Thu,  1 Nov 2018 02:02:01 +0200 (EET)
> >  Subject: Mail delivery failed: returning message to sender
> >  From: Mail Delivery System <MAILER-DAEMON at mail.example.com>
> >  To: postmaster at mail.example.com
> >  MIME-Version: 1.0
> >  Content-Type: multipart/report; report-type=delivery-status;
> >  	boundary="foo-mani-padme-hum-32284-1-1541030521"
> >  Message-Id: <20181101000201.58A002A14067 at mail.example.com>
> >  Date: Thu,  1 Nov 2018 02:02:01 +0200 (EET)
> > 
> > On Thu, 1 Nov 2018 13:38:16 +0200 Nerijus Baliunas wrote:
> > > Hello,
> > > 
> > > I have Virus Scanning = %rules-dir%/virus_scanning.rules
> > > and in virus_scanning.rules:
> > > From:   127.0.0.1 and From: postmaster at example.com       no
> > > 
> > > Today I got an email:
> > > 
> > > The following e-mails were found to have: Virus Detected
> > > 
> > >     Sender:
> > > IP Address: 127.0.0.1
> > > 
> > >  Recipient: postmaster
> > >  
> > >    Subject: Mail delivery failed: returning message to sender
> > >  
> > >  MessageID: 58A002A14067.AE6A8
> > > 
> > > Quarantine: /var/spool/MailScanner/quarantine/20181101/58A002A14067.AE6A8
> > > 
> > >     Report: Clamd:  message was infected:
> > >     winnow.spam.ts.xmailer.2.UNOFFICIAL
> > > 
> > > How to allow such messages to be received? There is no Sender
> > > (Return-path:), how to adapt "From:   127.0.0.1 and From:
> > > postmaster at example.com       no" to also work with no From?
> 
> Regards
> 
> 
> Antony.


From iversons at rushville.k12.in.us  Thu Nov  1 13:46:53 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Thu, 1 Nov 2018 09:46:53 -0400
Subject: 2 conditions in the rule and empty Sender
In-Reply-To: <Mahogany-0.68.0-4082-20181101-153914.00@nerijus.sat.lt>
References: <Mahogany-0.68.0-4082-20181101-133816.00@nerijus.sat.lt>
 <Mahogany-0.68.0-4082-20181101-134250.01@nerijus.sat.lt>
 <201811011255.16367.Antony.Stone@mailscanner.open.source.it>
 <Mahogany-0.68.0-4082-20181101-153914.00@nerijus.sat.lt>
Message-ID: <CABu_8z+5LYgc5J3nGWyRAAS59gDy4tCXAFkO+ZFS_OOs5DxcLw@mail.gmail.com>

Notifications from mailer daemons are sent with a null return path
address.  You should not send a notification back in this scenario.  This
is a common spam vector as well, because spammers will hope you will let
the "notification" through since it does have a null return path.

This is by design and avoids creating a mail loop, see RFC 1123, section
5.3.3.



On Thu, Nov 1, 2018 at 9:40 AM Nerijus Baliunas <
nerijus at users.sourceforge.net> wrote:

> I added the rule:
> From:   127.0.0.1 and From: MAILER-DAEMON at mail.example.com       no
>
> It did not help.
>
> On Thu, 1 Nov 2018 12:55:16 +0100 Antony Stone <
> Antony.Stone at mailscanner.open.source.it> wrote:
>
> > On Thursday 01 November 2018 at 12:42:50, Nerijus Baliunas wrote:
> >
> > > I will paste the full message here:
> >
> > The first thing that strikes me is that the original message does not
> have
> > "From: postmaster at example.com" - it is addressed to postmaster, but the
> From
> > address is MAILER-DAEMON at mail.example.com
> >
> > Try putting that into your virus_scanning.rules and see if things get
> > delivered as required.
> >
> > > The following e-mails were found to have: Virus Detected
> > >
> > >     Sender:
> > > IP Address: 127.0.0.1
> > >  Recipient: postmaster
> > >    Subject: Mail delivery failed: returning message to sender
> > >  MessageID: 58A002A14067.AE6A8
> > > Quarantine:
> /var/spool/MailScanner/quarantine/20181101/58A002A14067.AE6A8
> > >     Report: Clamd:  message was infected:
> > > winnow.spam.ts.xmailer.2.UNOFFICIAL
> > >
> > > Full headers are:
> > >
> > >  Received: from mail.example.com (mail.example.com [127.0.0.1])
> > >     by mail.example.com (Postfix) with SMTP id 58A002A14067
> > >     for <postmaster>; Thu,  1 Nov 2018 02:02:01 +0200 (EET)
> > >  Subject: Mail delivery failed: returning message to sender
> > >  From: Mail Delivery System <MAILER-DAEMON at mail.example.com>
> > >  To: postmaster at mail.example.com
> > >  MIME-Version: 1.0
> > >  Content-Type: multipart/report; report-type=delivery-status;
> > >     boundary="foo-mani-padme-hum-32284-1-1541030521"
> > >  Message-Id: <20181101000201.58A002A14067 at mail.example.com>
> > >  Date: Thu,  1 Nov 2018 02:02:01 +0200 (EET)
> > >
> > > On Thu, 1 Nov 2018 13:38:16 +0200 Nerijus Baliunas wrote:
> > > > Hello,
> > > >
> > > > I have Virus Scanning = %rules-dir%/virus_scanning.rules
> > > > and in virus_scanning.rules:
> > > > From:   127.0.0.1 and From: postmaster at example.com       no
> > > >
> > > > Today I got an email:
> > > >
> > > > The following e-mails were found to have: Virus Detected
> > > >
> > > >     Sender:
> > > > IP Address: 127.0.0.1
> > > >
> > > >  Recipient: postmaster
> > > >
> > > >    Subject: Mail delivery failed: returning message to sender
> > > >
> > > >  MessageID: 58A002A14067.AE6A8
> > > >
> > > > Quarantine:
> /var/spool/MailScanner/quarantine/20181101/58A002A14067.AE6A8
> > > >
> > > >     Report: Clamd:  message was infected:
> > > >     winnow.spam.ts.xmailer.2.UNOFFICIAL
> > > >
> > > > How to allow such messages to be received? There is no Sender
> > > > (Return-path:), how to adapt "From:   127.0.0.1 and From:
> > > > postmaster at example.com       no" to also work with no From?
> >
> > Regards
> >
> >
> > Antony.
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181101/e50d5f5f/attachment.html>

From Antony.Stone at mailscanner.open.source.it  Thu Nov  1 13:52:09 2018
From: Antony.Stone at mailscanner.open.source.it (Antony Stone)
Date: Thu, 1 Nov 2018 14:52:09 +0100
Subject: 2 conditions in the rule and empty Sender
In-Reply-To: <CABu_8z+5LYgc5J3nGWyRAAS59gDy4tCXAFkO+ZFS_OOs5DxcLw@mail.gmail.com>
References: <Mahogany-0.68.0-4082-20181101-133816.00@nerijus.sat.lt>
 <Mahogany-0.68.0-4082-20181101-153914.00@nerijus.sat.lt>
 <CABu_8z+5LYgc5J3nGWyRAAS59gDy4tCXAFkO+ZFS_OOs5DxcLw@mail.gmail.com>
Message-ID: <201811011452.09640.Antony.Stone@mailscanner.open.source.it>

On Thursday 01 November 2018 at 14:46:53, Shawn Iverson via MailScanner wrote:

> Notifications from mailer daemons are sent with a null return path
> address.  You should not send a notification back in this scenario.

Is the OP trying to do that?  I thought not.

I thought the objective was to ensure that the notifications with the attached 
viruses were not re-scanned, but delivered to postmaster as-is.


Antony.

> This is a common spam vector as well, because spammers will hope you will
> let the "notification" through since it does have a null return path.
> 
> This is by design and avoids creating a mail loop, see RFC 1123, section
> 5.3.3.
> 
> 
> 
> On Thu, Nov 1, 2018 at 9:40 AM Nerijus Baliunas wrote:
> > I added the rule:
> > From:   127.0.0.1 and From: MAILER-DAEMON at mail.example.com       no
> > 
> > It did not help.
> > 
> > On Thu, 1 Nov 2018 12:55:16 +0100 Antony Stone wrote:
> > > On Thursday 01 November 2018 at 12:42:50, Nerijus Baliunas wrote:
> > > > I will paste the full message here:
> > > The first thing that strikes me is that the original message does not
> > > have "From: postmaster at example.com" - it is addressed to postmaster, but
> > > the From address is MAILER-DAEMON at mail.example.com
> > > 
> > > Try putting that into your virus_scanning.rules and see if things get
> > > delivered as required.
> > > 
> > > > The following e-mails were found to have: Virus Detected
> > > > 
> > > >     Sender:
> > > > IP Address: 127.0.0.1
> > > > 
> > > >  Recipient: postmaster
> > > >  
> > > >    Subject: Mail delivery failed: returning message to sender
> > > >  
> > > >  MessageID: 58A002A14067.AE6A8
> > > > 
> > > > Quarantine:
> > /var/spool/MailScanner/quarantine/20181101/58A002A14067.AE6A8
> > 
> > > >     Report: Clamd:  message was infected:
> > > > winnow.spam.ts.xmailer.2.UNOFFICIAL
> > > > 
> > > > Full headers are:
> > > >  Received: from mail.example.com (mail.example.com [127.0.0.1])
> > > >  
> > > >     by mail.example.com (Postfix) with SMTP id 58A002A14067
> > > >     for <postmaster>; Thu,  1 Nov 2018 02:02:01 +0200 (EET)
> > > >  
> > > >  Subject: Mail delivery failed: returning message to sender
> > > >  From: Mail Delivery System <MAILER-DAEMON at mail.example.com>
> > > >  To: postmaster at mail.example.com
> > > >  MIME-Version: 1.0
> > > >  Content-Type: multipart/report; report-type=delivery-status;
> > > >  
> > > >     boundary="foo-mani-padme-hum-32284-1-1541030521"
> > > >  
> > > >  Message-Id: <20181101000201.58A002A14067 at mail.example.com>
> > > >  Date: Thu,  1 Nov 2018 02:02:01 +0200 (EET)
> > > > 
> > > > On Thu, 1 Nov 2018 13:38:16 +0200 Nerijus Baliunas wrote:
> > > > > Hello,
> > > > > 
> > > > > I have Virus Scanning = %rules-dir%/virus_scanning.rules
> > > > > and in virus_scanning.rules:
> > > > > From:   127.0.0.1 and From: postmaster at example.com       no
> > > > > 
> > > > > Today I got an email:
> > > > > 
> > > > > The following e-mails were found to have: Virus Detected
> > > > > 
> > > > >     Sender:
> > > > > IP Address: 127.0.0.1
> > > > > 
> > > > >  Recipient: postmaster
> > > > >  
> > > > >    Subject: Mail delivery failed: returning message to sender
> > > > >  
> > > > >  MessageID: 58A002A14067.AE6A8
> > > > > 
> > > > > Quarantine:
> > /var/spool/MailScanner/quarantine/20181101/58A002A14067.AE6A8
> > 
> > > > >     Report: Clamd:  message was infected:
> > > > >     winnow.spam.ts.xmailer.2.UNOFFICIAL
> > > > > 
> > > > > How to allow such messages to be received? There is no Sender
> > > > > (Return-path:), how to adapt "From:   127.0.0.1 and From:
> > > > > postmaster at example.com       no" to also work with no From?

-- 
Perfection in design is achieved not when there is nothing left to add, but 
rather when there is nothing left to take away.

 - Antoine de Saint-Exupery

                                                   Please reply to the list;
                                                         please *don't* CC me.

From iversons at rushville.k12.in.us  Thu Nov  1 13:55:16 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Thu, 1 Nov 2018 09:55:16 -0400
Subject: 2 conditions in the rule and empty Sender
In-Reply-To: <201811011452.09640.Antony.Stone@mailscanner.open.source.it>
References: <Mahogany-0.68.0-4082-20181101-133816.00@nerijus.sat.lt>
 <Mahogany-0.68.0-4082-20181101-153914.00@nerijus.sat.lt>
 <CABu_8z+5LYgc5J3nGWyRAAS59gDy4tCXAFkO+ZFS_OOs5DxcLw@mail.gmail.com>
 <201811011452.09640.Antony.Stone@mailscanner.open.source.it>
Message-ID: <CABu_8z+WerY-NUmFeWH_zAtA9LOFaXaUWaA=Nk5zbbvHsRwxnw@mail.gmail.com>

My bad, I misunderstood.  Trying to get it to postmaster without rescanning
with a null sender....I typically whitelist 127.0.0.1 instead of trying to
whitelist the From: field.

On Thu, Nov 1, 2018 at 9:52 AM Antony Stone <
Antony.Stone at mailscanner.open.source.it> wrote:

> On Thursday 01 November 2018 at 14:46:53, Shawn Iverson via MailScanner
> wrote:
>
> > Notifications from mailer daemons are sent with a null return path
> > address.  You should not send a notification back in this scenario.
>
> Is the OP trying to do that?  I thought not.
>
> I thought the objective was to ensure that the notifications with the
> attached
> viruses were not re-scanned, but delivered to postmaster as-is.
>
>
> Antony.
>
> > This is a common spam vector as well, because spammers will hope you will
> > let the "notification" through since it does have a null return path.
> >
> > This is by design and avoids creating a mail loop, see RFC 1123, section
> > 5.3.3.
> >
> >
> >
> > On Thu, Nov 1, 2018 at 9:40 AM Nerijus Baliunas wrote:
> > > I added the rule:
> > > From:   127.0.0.1 and From: MAILER-DAEMON at mail.example.com       no
> > >
> > > It did not help.
> > >
> > > On Thu, 1 Nov 2018 12:55:16 +0100 Antony Stone wrote:
> > > > On Thursday 01 November 2018 at 12:42:50, Nerijus Baliunas wrote:
> > > > > I will paste the full message here:
> > > > The first thing that strikes me is that the original message does not
> > > > have "From: postmaster at example.com" - it is addressed to
> postmaster, but
> > > > the From address is MAILER-DAEMON at mail.example.com
> > > >
> > > > Try putting that into your virus_scanning.rules and see if things get
> > > > delivered as required.
> > > >
> > > > > The following e-mails were found to have: Virus Detected
> > > > >
> > > > >     Sender:
> > > > > IP Address: 127.0.0.1
> > > > >
> > > > >  Recipient: postmaster
> > > > >
> > > > >    Subject: Mail delivery failed: returning message to sender
> > > > >
> > > > >  MessageID: 58A002A14067.AE6A8
> > > > >
> > > > > Quarantine:
> > > /var/spool/MailScanner/quarantine/20181101/58A002A14067.AE6A8
> > >
> > > > >     Report: Clamd:  message was infected:
> > > > > winnow.spam.ts.xmailer.2.UNOFFICIAL
> > > > >
> > > > > Full headers are:
> > > > >  Received: from mail.example.com (mail.example.com [127.0.0.1])
> > > > >
> > > > >     by mail.example.com (Postfix) with SMTP id 58A002A14067
> > > > >     for <postmaster>; Thu,  1 Nov 2018 02:02:01 +0200 (EET)
> > > > >
> > > > >  Subject: Mail delivery failed: returning message to sender
> > > > >  From: Mail Delivery System <MAILER-DAEMON at mail.example.com>
> > > > >  To: postmaster at mail.example.com
> > > > >  MIME-Version: 1.0
> > > > >  Content-Type: multipart/report; report-type=delivery-status;
> > > > >
> > > > >     boundary="foo-mani-padme-hum-32284-1-1541030521"
> > > > >
> > > > >  Message-Id: <20181101000201.58A002A14067 at mail.example.com>
> > > > >  Date: Thu,  1 Nov 2018 02:02:01 +0200 (EET)
> > > > >
> > > > > On Thu, 1 Nov 2018 13:38:16 +0200 Nerijus Baliunas wrote:
> > > > > > Hello,
> > > > > >
> > > > > > I have Virus Scanning = %rules-dir%/virus_scanning.rules
> > > > > > and in virus_scanning.rules:
> > > > > > From:   127.0.0.1 and From: postmaster at example.com       no
> > > > > >
> > > > > > Today I got an email:
> > > > > >
> > > > > > The following e-mails were found to have: Virus Detected
> > > > > >
> > > > > >     Sender:
> > > > > > IP Address: 127.0.0.1
> > > > > >
> > > > > >  Recipient: postmaster
> > > > > >
> > > > > >    Subject: Mail delivery failed: returning message to sender
> > > > > >
> > > > > >  MessageID: 58A002A14067.AE6A8
> > > > > >
> > > > > > Quarantine:
> > > /var/spool/MailScanner/quarantine/20181101/58A002A14067.AE6A8
> > >
> > > > > >     Report: Clamd:  message was infected:
> > > > > >     winnow.spam.ts.xmailer.2.UNOFFICIAL
> > > > > >
> > > > > > How to allow such messages to be received? There is no Sender
> > > > > > (Return-path:), how to adapt "From:   127.0.0.1 and From:
> > > > > > postmaster at example.com       no" to also work with no From?
>
> --
> Perfection in design is achieved not when there is nothing left to add,
> but
> rather when there is nothing left to take away.
>
>  - Antoine de Saint-Exupery
>
>                                                    Please reply to the
> list;
>                                                          please *don't* CC
> me.
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181101/94e9baf3/attachment.html>

From nerijus at users.sourceforge.net  Thu Nov  1 13:58:12 2018
From: nerijus at users.sourceforge.net (Nerijus Baliunas)
Date: Thu, 1 Nov 2018 15:58:12 +0200
Subject: 2 conditions in the rule and empty Sender
In-Reply-To: <201811011452.09640.Antony.Stone@mailscanner.open.source.it>
References: <Mahogany-0.68.0-4082-20181101-133816.00@nerijus.sat.lt><Mahogany-0.68.0-4082-20181101-153914.00@nerijus.sat.lt><CABu_8z+5LYgc5J3nGWyRAAS59gDy4tCXAFkO+ZFS_OOs5DxcLw@mail.gmail.com>
 <201811011452.09640.Antony.Stone@mailscanner.open.source.it>
Message-ID: <Mahogany-0.68.0-4082-20181101-155812.01@nerijus.sat.lt>

On Thu, 1 Nov 2018 14:52:09 +0100 Antony Stone <Antony.Stone at mailscanner.open.source.it> wrote:

> On Thursday 01 November 2018 at 14:46:53, Shawn Iverson via MailScanner wrote:
> 
> > Notifications from mailer daemons are sent with a null return path
> > address.  You should not send a notification back in this scenario.
> 
> Is the OP trying to do that?  I thought not.
> 
> I thought the objective was to ensure that the notifications with the attached 
> viruses were not re-scanned, but delivered to postmaster as-is.

Yes, I get mail from mailer daemon and it gets flagged as a virus, so
I want the rule which would not scan such emails.
I can use "From:   127.0.0.1    no" and it works, but I cannot use such
rule as we have fetchmail running.

From nerijus at users.sourceforge.net  Thu Nov  1 14:00:18 2018
From: nerijus at users.sourceforge.net (Nerijus Baliunas)
Date: Thu, 1 Nov 2018 16:00:18 +0200
Subject: 2 conditions in the rule and empty Sender
In-Reply-To: <CABu_8z+WerY-NUmFeWH_zAtA9LOFaXaUWaA=Nk5zbbvHsRwxnw@mail.gmail.com>
References: <Mahogany-0.68.0-4082-20181101-133816.00@nerijus.sat.lt><Mahogany-0.68.0-4082-20181101-153914.00@nerijus.sat.lt><CABu_8z+5LYgc5J3nGWyRAAS59gDy4tCXAFkO+ZFS_OOs5DxcLw@mail.gmail.com><201811011452.09640.Antony.Stone@mailscanner.open.source.it>
 <CABu_8z+WerY-NUmFeWH_zAtA9LOFaXaUWaA=Nk5zbbvHsRwxnw@mail.gmail.com>
Message-ID: <Mahogany-0.68.0-4082-20181101-160018.01@nerijus.sat.lt>

On Thu, 1 Nov 2018 09:55:16 -0400 Shawn Iverson via MailScanner <mailscanner at lists.mailscanner.info> wrote:

> My bad, I misunderstood.  Trying to get it to postmaster without rescanning
> with a null sender....I typically whitelist 127.0.0.1 instead of trying to
> whitelist the From: field.
 
As I just wrote, I cannot whitelist 127.0.0.1 because of fetchmail.
So I whitelist so:
From:   127.0.0.1 and From: postmaster at example.com       no
From:   127.0.0.1 and From: MAILER-DAEMON at mail.example.com       no

The 1st rule works, the 2nd does not.

Regards,
Nerijus

From mark at msapiro.net  Thu Nov  1 17:26:41 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 1 Nov 2018 10:26:41 -0700
Subject: 2 conditions in the rule and empty Sender
In-Reply-To: <Mahogany-0.68.0-4082-20181101-155812.01@nerijus.sat.lt>
References: <Mahogany-0.68.0-4082-20181101-133816.00@nerijus.sat.lt>
 <Mahogany-0.68.0-4082-20181101-153914.00@nerijus.sat.lt>
 <CABu_8z+5LYgc5J3nGWyRAAS59gDy4tCXAFkO+ZFS_OOs5DxcLw@mail.gmail.com>
 <201811011452.09640.Antony.Stone@mailscanner.open.source.it>
 <Mahogany-0.68.0-4082-20181101-155812.01@nerijus.sat.lt>
Message-ID: <e22a2500-8b45-f193-20d0-4fa1b3c00bb6@msapiro.net>

On 11/1/18 6:58 AM, Nerijus Baliunas wrote:
> 
> Yes, I get mail from mailer daemon and it gets flagged as a virus, so
> I want the rule which would not scan such emails.
> I can use "From:   127.0.0.1    no" and it works, but I cannot use such
> rule as we have fetchmail running.


You might try

From: 127.0.0.1 and From: /^$/ no

or

From: 127.0.0.1 and To: postmaster at mail.example.com no

The former should match a null sender and allow all local DSNs.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From bucht at lampiris.be  Fri Nov  2 10:21:35 2018
From: bucht at lampiris.be (=?utf-8?B?SmVhbi1GcmFuw6dvaXMgTGFsYXU=?=)
Date: Fri, 2 Nov 2018 10:21:35 +0000
Subject: MailScanner and SPF 
Message-ID: <B25D119E-5A00-4D0E-89A2-3727D0C07DAF@lampiris.be>

We have installed mailscanner 5.1.1 and the SPF part doesn?t work.

All messages are tagged with:
X-Spam-Status: No, score=2.498 required=6 tests=[BAYES_20=-0.001,
            SPF_HELO_PASS=-0.001, XPRIO_SHORT_SUBJ=2.5] autolearn=no

despite the fact the SPF should fail on the tests we are performing.

The 400 pages admin manual doesn?t contain a single instance of  ?SPF?.

How do we manage SPF within mailscanner?

Thanks,
Jean-Fran?ois
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181102/c26c6b7f/attachment.html>

From iversons at rushville.k12.in.us  Fri Nov  2 16:14:55 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Fri, 2 Nov 2018 12:14:55 -0400
Subject: MailScanner and SPF
In-Reply-To: <B25D119E-5A00-4D0E-89A2-3727D0C07DAF@lampiris.be>
References: <B25D119E-5A00-4D0E-89A2-3727D0C07DAF@lampiris.be>
Message-ID: <CABu_8zJmyirmQE-9pCvhKMDmDrQq2bWpkbRAJkxJ2hszaxp_3A@mail.gmail.com>

SPF scoring is specific to SpamAssassin, actually.  If it isn't working, I
would check the following:

- Make sure the Mail::SPF perl modules are installed and functioning
properly and up to date.
- Make sure you are using full recursive DNS (avoid forwarding)
- Make sure the module is turned on in the SpamAssassin configuration files.


On Fri, Nov 2, 2018 at 12:12 PM Jean-Fran?ois Lalau <bucht at lampiris.be>
wrote:

> We have installed mailscanner 5.1.1 and the SPF part doesn?t work.
>
> All messages are tagged with:
>
> X-Spam-Status: No, score=2.498 required=6 tests=[BAYES_20=-0.001,
>
>             *SPF_HELO_PASS=-0.001*, XPRIO_SHORT_SUBJ=2.5] autolearn=no
>
>
>
> despite the fact the SPF should fail on the tests we are performing.
>
>
>
> The 400 pages admin manual doesn?t contain a single instance of  ?SPF?.
>
> How do we manage SPF within mailscanner?
>
>
>
> Thanks,
>
> Jean-Fran?ois
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181102/e29a244c/attachment.html>

From mark at msapiro.net  Fri Nov  2 16:17:31 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Fri, 2 Nov 2018 09:17:31 -0700
Subject: MailScanner and SPF
In-Reply-To: <B25D119E-5A00-4D0E-89A2-3727D0C07DAF@lampiris.be>
References: <B25D119E-5A00-4D0E-89A2-3727D0C07DAF@lampiris.be>
Message-ID: <8a69d4ca-94ad-9ca8-f3f2-ce4b1f26f72b@msapiro.net>

On 11/2/18 3:21 AM, Jean-Fran?ois Lalau wrote:
> We have installed mailscanner 5.1.1 and the SPF part doesn?t work.
> 
> All messages are tagged with:
> 
> X-Spam-Status: No, score=2.498 required=6 tests=[BAYES_20=-0.001,
> 
> ??????????? *SPF_HELO_PASS=-0.001*, XPRIO_SHORT_SUBJ=2.5] autolearn=no
> 
> ?
> 
> despite the fact the SPF should fail on the tests we are performing.


This is a SpamAssassin issue. It has nothing to do with MailScanner
other than the fact that it is MailScanner invoking SpamAssassin and
reporting the results.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Sun Nov  4 15:40:28 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Sun, 4 Nov 2018 07:40:28 -0800
Subject: {Disarmed} Re: msmilter connect timeouts.
In-Reply-To: <CABu_8zJLwAJVYKwUwf2k2TL-QbDoBeqp74CwxBfdk=QD5BaJTQ@mail.gmail.com>
References: <a69689d1-591a-0084-298d-75ac44ec8ca5@msapiro.net>
 <CABu_8zJLwAJVYKwUwf2k2TL-QbDoBeqp74CwxBfdk=QD5BaJTQ@mail.gmail.com>
Message-ID: <e89dd886-d7f1-9f12-d67c-afe629252197@msapiro.net>

On 11/1/18 3:40 AM, Shawn Iverson via MailScanner wrote:
> Mark,?
> 
> How many milter children do you have configured?


It appears my original reply to this may have gotten lost. Anyway, I had
configured

Milter Max Children = 1

I have now changed that to

Milter Max Children = 10

and the problem seems to be solved.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


From mark at msapiro.net  Sun Nov  4 16:58:28 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Sun, 4 Nov 2018 08:58:28 -0800
Subject: msmilter connect timeouts.
In-Reply-To: <e89dd886-d7f1-9f12-d67c-afe629252197@msapiro.net>
References: <e89dd886-d7f1-9f12-d67c-afe629252197@msapiro.net>
Message-ID: <23decae3-5bdc-1325-458e-a524d87ec8a6@msapiro.net>

Mark Sapiro wrote:

> It appears my original reply to this may have gotten lost.


It was in quarantine. It is moot at this point as increasing the number
of milter children seems to have solved the issue, but for completeness,
here's that reply.

> On 11/1/18 3:40 AM, Shawn Iverson via MailScanner wrote:
>> Mark,?
>> 
>> How many milter children do you have configured?
> 
> 
> Milter Max Children = 1
> 
> Also, at this point I have reverted to a non milter config as the issue
> seems to have gotten worse. In the approximately 45 hours that I was
> running with the milter config, I see 194 of the timeouts and in the
> same period, I see 541 "milter triggers DISCARD action"  log messages.
> 
> 167 of the 194 timeouts occurred within a 68 minute period this morning,
> but there were also normal interactions during and after that period.
> 
> The timouts seem to occur during periods when there are many 'spam mail
> bomb' connects occurring. Maybe increasing the number of milter children
> will help.
-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


From koby at mksoft.co.il  Mon Nov  5 10:46:05 2018
From: koby at mksoft.co.il (Koby Peleg Hen)
Date: Mon, 5 Nov 2018 12:46:05 +0200
Subject: MailScanner not start
Message-ID: <8b8e23dc-30bd-5b34-8dcb-31b81bbd8953@mksoft.co.il>

An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181105/4754d6d9/attachment.html>

From iversons at rushville.k12.in.us  Mon Nov  5 20:52:51 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Mon, 5 Nov 2018 15:52:51 -0500
Subject: MailScanner not start
In-Reply-To: <8b8e23dc-30bd-5b34-8dcb-31b81bbd8953@mksoft.co.il>
References: <8b8e23dc-30bd-5b34-8dcb-31b81bbd8953@mksoft.co.il>
Message-ID: <CABu_8zKuwwcjscp8oVKUr7mfZ9qZbCNLLvDaCJXthQvCyXjqNA@mail.gmail.com>

Koby,

Which flavor of debian?

On Mon, Nov 5, 2018 at 5:46 AM Koby Peleg Hen <koby at mksoft.co.il> wrote:

> Hello ,
>
>
> I did a new install 5.1.2-2 on debian pure (not ubuntu this time)
>
>
> It seems that the mailscanner does not start because of some reason ...
>
>
> The systems is config as milter
>
>
> Here is my log ,
>
>
> root at lab:/etc# systemctl status mailscanner.service
> * mailscanner.service - LSB: MailScanner daemon
>    Loaded: loaded (/usr/lib/MailScanner/init/ms-init; enabled; vendor
> preset: enabled)
>    Active: failed (Result: timeout) since Mon 2018-11-05 12:29:15 IST; 15s
> ago
>      Docs: man:systemd-sysv-generator(8)
>   Process: 3817 ExecStart=/usr/lib/MailScanner/init/ms-init start
> (code=killed, signal=TERM)
>    CGroup: /system.slice/mailscanner.service
>
> Nov 05 12:28:14 lab systemd[1]: Starting LSB: MailScanner daemon...
> Nov 05 12:29:15 lab systemd[1]: mailscanner.service: Start operation timed
> out. Terminating.
> Nov 05 12:29:15 lab systemd[1]: Failed to start LSB: MailScanner daemon.
> Nov 05 12:29:15 lab systemd[1]: mailscanner.service: Unit entered failed
> state.
> Mov 05 12:29:15 lab systemd[1]: mailscanner.service: Failed with result
> 'timeout'.
>
> Thank you all  for any help.
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181105/98c8b8bf/attachment.html>

From koby at mksoft.co.il  Tue Nov  6 06:10:53 2018
From: koby at mksoft.co.il (Koby Peleg Hen)
Date: Tue, 06 Nov 2018 08:10:53 +0200
Subject: MailScanner not start
In-Reply-To: <CABu_8zKuwwcjscp8oVKUr7mfZ9qZbCNLLvDaCJXthQvCyXjqNA@mail.gmail.com>
References: <8b8e23dc-30bd-5b34-8dcb-31b81bbd8953@mksoft.co.il>
 <CABu_8zKuwwcjscp8oVKUr7mfZ9qZbCNLLvDaCJXthQvCyXjqNA@mail.gmail.com>
Message-ID: <22f7f12c-c4ae-4360-861d-909a42896ed6@mksoft.co.il>

Current stable (9.5)



???? ?-TypeApp ?

?-5 ????? 2018, 22:33, ?-Shawn Iverson via MailScanner <mailscanner at lists.mailscanner.info>, 22:33 ???:
>Koby,
>
>Which flavor of debian?
>
>On Mon, Nov 5, 2018 at 5:46 AM Koby Peleg Hen <koby at mksoft.co.il>
>wrote:
>
>> Hello ,
>>
>>
>> I did a new install 5.1.2-2 on debian pure (not ubuntu this time)
>>
>>
>> It seems that the mailscanner does not start because of some reason
>...
>>
>>
>> The systems is config as milter
>>
>>
>> Here is my log ,
>>
>>
>> root at lab:/etc# systemctl status mailscanner.service
>> * mailscanner.service - LSB: MailScanner daemon
>>    Loaded: loaded (/usr/lib/MailScanner/init/ms-init; enabled; vendor
>> preset: enabled)
>>    Active: failed (Result: timeout) since Mon 2018-11-05 12:29:15
>IST; 15s
>> ago
>>      Docs: man:systemd-sysv-generator(8)
>>   Process: 3817 ExecStart=/usr/lib/MailScanner/init/ms-init start
>> (code=killed, signal=TERM)
>>    CGroup: /system.slice/mailscanner.service
>>
>> Nov 05 12:28:14 lab systemd[1]: Starting LSB: MailScanner daemon...
>> Nov 05 12:29:15 lab systemd[1]: mailscanner.service: Start operation
>timed
>> out. Terminating.
>> Nov 05 12:29:15 lab systemd[1]: Failed to start LSB: MailScanner
>daemon.
>> Nov 05 12:29:15 lab systemd[1]: mailscanner.service: Unit entered
>failed
>> state.
>> Mov 05 12:29:15 lab systemd[1]: mailscanner.service: Failed with
>result
>> 'timeout'.
>>
>> Thank you all  for any help.
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>
>
>-- 
>Shawn Iverson, CETL
>Director of Technology
>Rush County Schools
>765-932-3901 option 7
>iversons at rushville.k12.in.us
>
>
>------------------------------------------------------------------------
>
>
>
>-- 
>MailScanner mailing list
>mailscanner at lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181106/f7fb97cb/attachment.html>

From iversons at rushville.k12.in.us  Tue Nov  6 15:47:26 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Tue, 6 Nov 2018 10:47:26 -0500
Subject: MailScanner not start
In-Reply-To: <CABu_8zKuwwcjscp8oVKUr7mfZ9qZbCNLLvDaCJXthQvCyXjqNA@mail.gmail.com>
References: <8b8e23dc-30bd-5b34-8dcb-31b81bbd8953@mksoft.co.il>
 <CABu_8zKuwwcjscp8oVKUr7mfZ9qZbCNLLvDaCJXthQvCyXjqNA@mail.gmail.com>
Message-ID: <CABu_8zJQtq02FC9REWakyF4Ymh1OnZzV-87w8HE2V9SGUK-KAA@mail.gmail.com>

Koby,

I am going to spin up a debian instance and double check things.  In the
meantime, have you tried running MailScanner with a default configuration,
just to make sure it isn't a configuration issue?

On Mon, Nov 5, 2018 at 3:52 PM Shawn Iverson <iversons at rushville.k12.in.us>
wrote:

> Koby,
>
> Which flavor of debian?
>
> On Mon, Nov 5, 2018 at 5:46 AM Koby Peleg Hen <koby at mksoft.co.il> wrote:
>
>> Hello ,
>>
>>
>> I did a new install 5.1.2-2 on debian pure (not ubuntu this time)
>>
>>
>> It seems that the mailscanner does not start because of some reason ...
>>
>>
>> The systems is config as milter
>>
>>
>> Here is my log ,
>>
>>
>> root at lab:/etc# systemctl status mailscanner.service
>> * mailscanner.service - LSB: MailScanner daemon
>>    Loaded: loaded (/usr/lib/MailScanner/init/ms-init; enabled; vendor
>> preset: enabled)
>>    Active: failed (Result: timeout) since Mon 2018-11-05 12:29:15 IST;
>> 15s ago
>>      Docs: man:systemd-sysv-generator(8)
>>   Process: 3817 ExecStart=/usr/lib/MailScanner/init/ms-init start
>> (code=killed, signal=TERM)
>>    CGroup: /system.slice/mailscanner.service
>>
>> Nov 05 12:28:14 lab systemd[1]: Starting LSB: MailScanner daemon...
>> Nov 05 12:29:15 lab systemd[1]: mailscanner.service: Start operation
>> timed out. Terminating.
>> Nov 05 12:29:15 lab systemd[1]: Failed to start LSB: MailScanner daemon.
>> Nov 05 12:29:15 lab systemd[1]: mailscanner.service: Unit entered failed
>> state.
>> Mov 05 12:29:15 lab systemd[1]: mailscanner.service: Failed with result
>> 'timeout'.
>>
>> Thank you all  for any help.
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>
>
> --
> Shawn Iverson, CETL
> Director of Technology
> Rush County Schools
> 765-932-3901 option 7
> iversons at rushville.k12.in.us
>
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181106/a16c9b57/attachment.html>

From lmilligan at co.walton.ga.us  Tue Nov  6 17:24:12 2018
From: lmilligan at co.walton.ga.us (Lamar Milligan)
Date: Tue, 6 Nov 2018 12:24:12 -0500 (EST)
Subject: External Mail not Stored
Message-ID: <021d01d475f5$88df2630$9a9d7290$@co.walton.ga.us>

Email from outside our domain are not stored in the quarantine folders.
If email originates from our domain it is processed as expected, both
stored and delivered to recipients.  MailScanner runs on a mail gateway
running sendmail.  All users have entries in the /etc/aliases file that
actually delivers email to accounts on our Zimbra server.  I suspect that
is the reason for this behavior, but would really appreciate input from
others.  

 

The following are set in the MailScanner.conf file:

Spam Actions = store header "X-Spam-Status: Yes"

High Scoring Spam Actions = store header "X-Spam-Status: Oh Yes"

Non Spam Actions = store deliver header "X-Spam-Status: No"

 

Thanks for your help,

 

Lamar Milligan, Director

Walton County IT Department

303 S Hammond Dr

Monroe, GA 30655

770 267-1330

 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181106/3eafae45/attachment.html>

From mark at msapiro.net  Fri Nov  9 02:23:21 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 8 Nov 2018 18:23:21 -0800
Subject: msmilter connect timeouts.
In-Reply-To: <23decae3-5bdc-1325-458e-a524d87ec8a6@msapiro.net>
References: <23decae3-5bdc-1325-458e-a524d87ec8a6@msapiro.net>
Message-ID: <4ab22091-29d1-79cd-600a-0fff399f1c95@msapiro.net>

To recap, with

Milter Max Children = 1

I was seeing messages like:

Nov  8 04:21:32 sbh16 postfix/smtpd[5059]: warning: milter
inet:127.0.0.1:33333: can't read SMFIC_OPTNEG reply packet header:
Connection reset by peer
Nov  8 04:21:32 sbh16 postfix/smtpd[5059]: warning: milter
inet:127.0.0.1:33333: read error in initial handshake

and

Nov  8 04:21:51 sbh16 postfix/smtpd[5064]: warning: milter
inet:127.0.0.1:33333: can't read SMFIC_OPTNEG reply packet header:
Connection timed out
Nov  8 04:21:51 sbh16 postfix/smtpd[5064]: warning: milter
inet:127.0.0.1:33333: read error in initial handshake

in my mail.log. I increased the setting to

Milter Max Children = 10

and that seemed to eliminate the problem.

However, this morning I was hit by a mass spam attack resulting in 73 of
these connects

Nov  8 04:21:26 sbh16 postfix/smtpd[5028]: connect from
unknown[46.229.220.205]

within 14 seconds and 3 of these produced the "Connection reset by peer"
message and 39 produced the "Connection timed out" message for a total
of 42 "read errors".

I wonder if setting smtpd_client_connection_count_limit in Postfix to a
smaller value, maybe even 10, would avoid this.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


From iversons at rushville.k12.in.us  Fri Nov  9 03:12:59 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Thu, 8 Nov 2018 22:12:59 -0500
Subject: msmilter connect timeouts.
In-Reply-To: <4ab22091-29d1-79cd-600a-0fff399f1c95@msapiro.net>
References: <23decae3-5bdc-1325-458e-a524d87ec8a6@msapiro.net>
 <4ab22091-29d1-79cd-600a-0fff399f1c95@msapiro.net>
Message-ID: <CABu_8zLX33EHT1rY4QRVnMbCgjtO+eZSM0yapA=EkPbA2rmVEA@mail.gmail.com>

Mark,

I wonder if it makes sense for me to refactor the milter to scale within a
defined range.


It would be possible, for example to have the following
Milter Min Children
Milter Max Children

In this configuration, I could default the Min to 10 under normal
conditions, but set Max to 100.

The key is that the miltier must always have a child available to serve a
connection, so it must theoretically be able to scale to whatever postfix
can handle concurrently.

On Thu, Nov 8, 2018 at 9:23 PM Mark Sapiro <mark at msapiro.net> wrote:

> To recap, with
>
> Milter Max Children = 1
>
> I was seeing messages like:
>
> Nov  8 04:21:32 sbh16 postfix/smtpd[5059]: warning: milter
> inet:127.0.0.1:33333: can't read SMFIC_OPTNEG reply packet header:
> Connection reset by peer
> Nov  8 04:21:32 sbh16 postfix/smtpd[5059]: warning: milter
> inet:127.0.0.1:33333: read error in initial handshake
>
> and
>
> Nov  8 04:21:51 sbh16 postfix/smtpd[5064]: warning: milter
> inet:127.0.0.1:33333: can't read SMFIC_OPTNEG reply packet header:
> Connection timed out
> Nov  8 04:21:51 sbh16 postfix/smtpd[5064]: warning: milter
> inet:127.0.0.1:33333: read error in initial handshake
>
> in my mail.log. I increased the setting to
>
> Milter Max Children = 10
>
> and that seemed to eliminate the problem.
>
> However, this morning I was hit by a mass spam attack resulting in 73 of
> these connects
>
> Nov  8 04:21:26 sbh16 postfix/smtpd[5028]: connect from
> unknown[46.229.220.205]
>
> within 14 seconds and 3 of these produced the "Connection reset by peer"
> message and 39 produced the "Connection timed out" message for a total
> of 42 "read errors".
>
> I wonder if setting smtpd_client_connection_count_limit in Postfix to a
> smaller value, maybe even 10, would avoid this.
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181108/87002f3a/attachment.html>

From mark at msapiro.net  Fri Nov  9 03:46:39 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 8 Nov 2018 19:46:39 -0800
Subject: {Disarmed} Re: msmilter connect timeouts.
In-Reply-To: <CABu_8zLX33EHT1rY4QRVnMbCgjtO+eZSM0yapA=EkPbA2rmVEA@mail.gmail.com>
References: <23decae3-5bdc-1325-458e-a524d87ec8a6@msapiro.net>
 <4ab22091-29d1-79cd-600a-0fff399f1c95@msapiro.net>
 <CABu_8zLX33EHT1rY4QRVnMbCgjtO+eZSM0yapA=EkPbA2rmVEA@mail.gmail.com>
Message-ID: <adfa34d1-2a45-d4e3-2a56-720702f02d7a@msapiro.net>

On 11/8/18 7:12 PM, Shawn Iverson via MailScanner wrote:
> Mark,
> 
> I wonder if it makes sense for me to refactor the milter to scale within
> a defined range.
> 
> 
> It would be possible, for example to have the following
> Milter Min Children
> Milter Max Children
> 
> In this configuration, I could default the Min to 10 under normal
> conditions, but set Max to 100.


That seems to make sense. Would the idea be that the number of child
process could grow up to the max as needed but then in some manner fall
back to the minimum?

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


From it at festa.bg  Fri Nov  9 07:23:35 2018
From: it at festa.bg (Valentin Laskov)
Date: Fri, 9 Nov 2018 09:23:35 +0200
Subject: {Disarmed} Re: msmilter connect timeouts.
In-Reply-To: <CABu_8zLX33EHT1rY4QRVnMbCgjtO+eZSM0yapA=EkPbA2rmVEA@mail.gmail.com>
References: <23decae3-5bdc-1325-458e-a524d87ec8a6@msapiro.net>
 <4ab22091-29d1-79cd-600a-0fff399f1c95@msapiro.net>
 <CABu_8zLX33EHT1rY4QRVnMbCgjtO+eZSM0yapA=EkPbA2rmVEA@mail.gmail.com>
Message-ID: <7176005b-ffe9-2ea4-c74e-acaff438ff25@festa.bg>

Hi

?? 09.11.2018 ? 05:12, Shawn Iverson via MailScanner ??????:
> It would be possible, for example to have the following
> Milter Min Children
> Milter Max Children

FYI
In Cyrus IMAPd, cyrus.conf file they have

SERVICES {
 ? imap????????? cmd="imapd" listen="imap" prefork=2 maxchild=30
 ? imaps???????? cmd="imapd -s" listen="imaps" prefork=2 proto=tcp4 
maxchild=30
...
}

For more information: man cyrus.conf
https://www.systutorials.com/docs/linux/man/5-cyrus.conf/

Regards!
Valentin Laskov

-- 
????????!

???????? ??????
???????? ?????????????
"????? ???????" ??
???. "??. ?????????" 48
9000 ??. ?????
???.:   +359 52 669137
GSM: +359 888 669137
Fax:   +359 52 669110


From iversons at rushville.k12.in.us  Sat Nov 10 16:06:09 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Sat, 10 Nov 2018 11:06:09 -0500
Subject: {Disarmed} Re: msmilter connect timeouts.
In-Reply-To: <adfa34d1-2a45-d4e3-2a56-720702f02d7a@msapiro.net>
References: <23decae3-5bdc-1325-458e-a524d87ec8a6@msapiro.net>
 <4ab22091-29d1-79cd-600a-0fff399f1c95@msapiro.net>
 <CABu_8zLX33EHT1rY4QRVnMbCgjtO+eZSM0yapA=EkPbA2rmVEA@mail.gmail.com>
 <adfa34d1-2a45-d4e3-2a56-720702f02d7a@msapiro.net>
Message-ID: <CABu_8zJAT429UWVv0g9Jj+AnksFx1OZi3EUScrqJWqGfD_t-jg@mail.gmail.com>

Mark,

Yes, and it turns out that Sendmail::PMilter perl module supports this
approach.  I'm going to give it a go and prepare a PR.

On Thu, Nov 8, 2018 at 10:46 PM Mark Sapiro <mark at msapiro.net> wrote:

> On 11/8/18 7:12 PM, Shawn Iverson via MailScanner wrote:
> > Mark,
> >
> > I wonder if it makes sense for me to refactor the milter to scale within
> > a defined range.
> >
> >
> > It would be possible, for example to have the following
> > Milter Min Children
> > Milter Max Children
> >
> > In this configuration, I could default the Min to 10 under normal
> > conditions, but set Max to 100.
>
>
> That seems to make sense. Would the idea be that the number of child
> process could grow up to the max as needed but then in some manner fall
> back to the minimum?
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181110/719bcff0/attachment.html>

From mark at msapiro.net  Sat Nov 10 18:38:36 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 10 Nov 2018 10:38:36 -0800
Subject: {Disarmed} Re: msmilter connect timeouts.
In-Reply-To: <CABu_8zJAT429UWVv0g9Jj+AnksFx1OZi3EUScrqJWqGfD_t-jg@mail.gmail.com>
References: <23decae3-5bdc-1325-458e-a524d87ec8a6@msapiro.net>
 <4ab22091-29d1-79cd-600a-0fff399f1c95@msapiro.net>
 <CABu_8zLX33EHT1rY4QRVnMbCgjtO+eZSM0yapA=EkPbA2rmVEA@mail.gmail.com>
 <adfa34d1-2a45-d4e3-2a56-720702f02d7a@msapiro.net>
 <CABu_8zJAT429UWVv0g9Jj+AnksFx1OZi3EUScrqJWqGfD_t-jg@mail.gmail.com>
Message-ID: <df9b5fd3-8f00-f43f-1a20-57a7de371949@msapiro.net>

On 11/10/18 8:06 AM, Shawn Iverson via MailScanner wrote:
> Mark,?
> 
> Yes, and it turns out that Sendmail::PMilter perl module supports this
> approach.? I'm going to give it a go and prepare a PR.


That's great Shawn.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


From iversons at rushville.k12.in.us  Sun Nov 11 14:52:27 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Sun, 11 Nov 2018 09:52:27 -0500
Subject: {Disarmed} Re: msmilter connect timeouts.
In-Reply-To: <df9b5fd3-8f00-f43f-1a20-57a7de371949@msapiro.net>
References: <23decae3-5bdc-1325-458e-a524d87ec8a6@msapiro.net>
 <4ab22091-29d1-79cd-600a-0fff399f1c95@msapiro.net>
 <CABu_8zLX33EHT1rY4QRVnMbCgjtO+eZSM0yapA=EkPbA2rmVEA@mail.gmail.com>
 <adfa34d1-2a45-d4e3-2a56-720702f02d7a@msapiro.net>
 <CABu_8zJAT429UWVv0g9Jj+AnksFx1OZi3EUScrqJWqGfD_t-jg@mail.gmail.com>
 <df9b5fd3-8f00-f43f-1a20-57a7de371949@msapiro.net>
Message-ID: <CABu_8zKZ6TCbQBDncqRKRY=JxGNvGSJQa9sRDhHLQouSaG8qqQ@mail.gmail.com>

Mark,

I was mistaken, the Sendmail::PMilter module does not scale connections
when using the prefork method.  It has two values which are easily to
misidentify as a minimum and maximum.  The second parameter is actually the
number of times the child is used before recycling it.

However, Sendmail::PMilter supports postforking.  This method does scale
:)  I added a new parameter to MailScanner.conf and set it to default to
postfork

Here's the PR to try.

https://github.com/MailScanner/v5/pull/294/files



On Sat, Nov 10, 2018 at 1:38 PM Mark Sapiro <mark at msapiro.net> wrote:

> On 11/10/18 8:06 AM, Shawn Iverson via MailScanner wrote:
> > Mark,
> >
> > Yes, and it turns out that Sendmail::PMilter perl module supports this
> > approach.  I'm going to give it a go and prepare a PR.
>
>
> That's great Shawn.
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181111/6238e7c8/attachment.html>

From mark at msapiro.net  Sun Nov 11 18:33:09 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Sun, 11 Nov 2018 10:33:09 -0800
Subject: {Disarmed} Re: msmilter connect timeouts.
In-Reply-To: <CABu_8zKZ6TCbQBDncqRKRY=JxGNvGSJQa9sRDhHLQouSaG8qqQ@mail.gmail.com>
References: <23decae3-5bdc-1325-458e-a524d87ec8a6@msapiro.net>
 <4ab22091-29d1-79cd-600a-0fff399f1c95@msapiro.net>
 <CABu_8zLX33EHT1rY4QRVnMbCgjtO+eZSM0yapA=EkPbA2rmVEA@mail.gmail.com>
 <adfa34d1-2a45-d4e3-2a56-720702f02d7a@msapiro.net>
 <CABu_8zJAT429UWVv0g9Jj+AnksFx1OZi3EUScrqJWqGfD_t-jg@mail.gmail.com>
 <df9b5fd3-8f00-f43f-1a20-57a7de371949@msapiro.net>
 <CABu_8zKZ6TCbQBDncqRKRY=JxGNvGSJQa9sRDhHLQouSaG8qqQ@mail.gmail.com>
Message-ID: <a3309213-e615-0d6b-3a83-6118cff6d646@msapiro.net>

On 11/11/18 6:52 AM, Shawn Iverson via MailScanner wrote:
> 
> Here's the PR to try.
> 
> https://github.com/MailScanner/v5/pull/294/files


It looks good. There's one minor thing missing that doesn't really
affect operation, but see <https://github.com/MailScanner/v5/pull/295>.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


From iversons at rushville.k12.in.us  Sun Nov 11 18:41:30 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Sun, 11 Nov 2018 13:41:30 -0500
Subject: {Disarmed} Re: msmilter connect timeouts.
In-Reply-To: <a3309213-e615-0d6b-3a83-6118cff6d646@msapiro.net>
References: <23decae3-5bdc-1325-458e-a524d87ec8a6@msapiro.net>
 <4ab22091-29d1-79cd-600a-0fff399f1c95@msapiro.net>
 <CABu_8zLX33EHT1rY4QRVnMbCgjtO+eZSM0yapA=EkPbA2rmVEA@mail.gmail.com>
 <adfa34d1-2a45-d4e3-2a56-720702f02d7a@msapiro.net>
 <CABu_8zJAT429UWVv0g9Jj+AnksFx1OZi3EUScrqJWqGfD_t-jg@mail.gmail.com>
 <df9b5fd3-8f00-f43f-1a20-57a7de371949@msapiro.net>
 <CABu_8zKZ6TCbQBDncqRKRY=JxGNvGSJQa9sRDhHLQouSaG8qqQ@mail.gmail.com>
 <a3309213-e615-0d6b-3a83-6118cff6d646@msapiro.net>
Message-ID: <CABu_8z+pcm32Kqv9FGc6-K5Frc7v3wzqLFDYWFSNkwcb=cDkDg@mail.gmail.com>

Merged.  Thanks for the catch :)

On Sun, Nov 11, 2018 at 1:33 PM Mark Sapiro <mark at msapiro.net> wrote:

> On 11/11/18 6:52 AM, Shawn Iverson via MailScanner wrote:
> >
> > Here's the PR to try.
> >
> > https://github.com/MailScanner/v5/pull/294/files
>
>
> It looks good. There's one minor thing missing that doesn't really
> affect operation, but see <https://github.com/MailScanner/v5/pull/295>.
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181111/e60feb73/attachment.html>

From jamie at dreamitsolutions.com.au  Mon Nov 12 01:41:29 2018
From: jamie at dreamitsolutions.com.au (Jamie Le)
Date: Sun, 11 Nov 2018 17:41:29 -0800
Subject: Customised cPanel MailScanner Relay
Message-ID: <5be8d9ca3159052a04000006@polymail.io>

Hey team,

Just wanted to ask if anyone is able to assist with the following:

Multiple cPanel servers connect to 1-2 MailScanner outbound relay servers which scan, all outbound emails for spam then relays the email through MailChannels.

Regards,

Jamie Le DreamIT Solutions Pty Ltd
phone:?1300 434 151 ( tel:1300%20434%20151 )
web:?( https://share.polymail.io/v1/z/b/NWJlOGQ5Y2EzMTU5/uOzNy4XV731LV9jJ9bUTjbilCHok1CvNhtwgHm_WyiZ_SlRgEWfv8VuoJlW7V9iTFR18rSuD9oyWmcEl1nJAOphfPcvK1dRNbEEYvkJm2XMux-7q61kT7X4nXHBaFCx3LDJ3XT4aEjyO6_clVCXtnBTHRO9HyPy-RETk93CHa77d3PZ8_Qo2jKakG_0liHqOPRlCiowwLmE= ) DreamITHost.com.au
email:?( Jamie at DreamITHost.com.au ) Jamie at DreamITHost.com.au
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181111/0c509180/attachment.html>

From awm2 at st-andrews.ac.uk  Mon Nov 12 20:00:19 2018
From: awm2 at st-andrews.ac.uk (Alistair McIntosh)
Date: Mon, 12 Nov 2018 20:00:19 +0000
Subject: pearl regex OR in rules files. 
Message-ID: <DB6PR0601MB259802F42A2A1C62C82D940EFDC10@DB6PR0601MB2598.eurprd06.prod.outlook.com>

Hi all.

I'm trying to set a rule that says if the domain is x and the IP is not a or b or c then do y

Its possible to get the behaviour I want using perl regex, but I'm struggling to get an or that will work.  For example

From: /\@domain\.com/ and From: /^(?!10\.0\.0\.1$)/ store /path/to/dir/

This will take any email from domain.com that has NOT come from  10.0.0.1 and store it.  Store being a test action, the final  intention is to drop it once testing successfully.  Where I'm falling short is getting some 'or' in that second expression.  With a pipe or operator | it drops the functionality altogether,  I've tried /^(?!10\.0\.0\.1|10\.0\.0\.2$)/ but no joy.  I've played about a bit and can't get what I'm after.  I tried a list of rules, one for each IP but they appear to cancel each other out, so I guess the question is 'Is Or supported in the perl regex in mailscanner rules' if so, any advice on how I can implement it.

Thanks.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181112/f9ca0b82/attachment.html>

From mark at msapiro.net  Tue Nov 13 18:44:04 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 13 Nov 2018 10:44:04 -0800
Subject: Spam Actions not honored
Message-ID: <45f383b4-0729-adef-0c00-01b603825011@msapiro.net>

I'm running MailScanner 5.1.2-2 with a few additional patches for MSMilter.

It seems my Spam Actions are not being honored.

I have Spam Actions = %rules-dir%/spam_action.rules and the rules file
contains

To:     /[@.]xxx\.(net|org)$/ deliver
To:     /webminion at aaa(bbb)?.org$/ deliver
FromOrTo:       default store forward msapiro+spam at sbh16.songbird.com

yet spam messages which are scored as spam and which do not match either
of the non-default conditions are stored, but delivered and not forwarded.

Here's a typical set of log messages:

Nov 13 02:04:04 sbh16 postfix/smtpd[10986]: 4228B11E0074:
client=mfdf022.ocn.ad.jp[153.128.50.80]
Nov 13 02:04:04 sbh16 postfix/cleanup[11006]: 4228B11E0074:
message-id=<1542103441.MVY5gN7o3IcwdMVY5gA4c8 at ocn-vc-mts-105c1.ocn.ad.jp>
Nov 13 02:04:05 sbh16 postfix/cleanup[11006]: 4228B11E0074:
milter-discard: END-OF-MESSAGE from mfdf022.ocn.ad.jp[153.128.50.80]:
milter triggers DISCARD action; from=<kyng2227 at wish.ocn.ne.jp>
to=<mark at msapiro.net> proto=ESMTP helo=<mfdf022.ocn.ad.jp>
Nov 13 02:04:05 sbh16 postfix/smtpd[10986]: disconnect from
mfdf022.ocn.ad.jp[153.128.50.80] ehlo=1 mail=1 rcpt=1 data=1 quit=1
commands=5
Nov 13 02:04:05 sbh16 MailScanner[23114]: New Batch: Scanning 1
messages, 4284 bytes
Nov 13 02:04:05 sbh16 MailScanner[23114]: Virus and Content Scanning:
Starting
Nov 13 02:04:05 sbh16 MailScanner[23114]: Expired 3 records from the
SpamAssassin cache
Nov 13 02:04:11 sbh16 MailScanner[23114]: Spam Checks: Found 1 spam messages
Nov 13 02:04:11 sbh16 MailScanner[23114]: Requeue: 75D5C1A421.A132B to
1CC9C11826B3
Nov 13 02:04:11 sbh16 postfix/smtpd[10986]: connect from
localhost.localdomain[127.0.0.1]
Nov 13 02:04:11 sbh16 postfix/smtpd[10986]: BD85F11E0074:
client=localhost.localdomain[127.0.0.1]
Nov 13 02:04:11 sbh16 postfix/cleanup[11006]: BD85F11E0074:
message-id=<1542103441.MVY5gN7o3IcwdMVY5gA4c8 at ocn-vc-mts-105c1.ocn.ad.jp>
Nov 13 02:04:11 sbh16 postfix/qmgr[23672]: BD85F11E0074:
from=<kyng2227 at wish.ocn.ne.jp>, size=4986, nrcpt=1 (queue active)
Nov 13 02:04:11 sbh16 postfix/smtpd[10986]: disconnect from
localhost.localdomain[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 commands=4
Nov 13 02:04:11 sbh16 MailScanner[23114]: Uninfected: Delivered 1 messages
Nov 13 02:04:11 sbh16 MailScanner[23114]: Deleted 1 messages from
processing-database
Nov 13 02:04:11 sbh16 postfix/local[11062]: BD85F11E0074:
to=<mark at sbh16.songbird.com>, orig_to=<mark at msapiro.net>, relay=local,
delay=0.05, delays=0.04/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
Nov 13 02:04:11 sbh16 postfix/qmgr[23672]: BD85F11E0074: removed

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


From mark at msapiro.net  Tue Nov 13 19:08:13 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 13 Nov 2018 11:08:13 -0800
Subject: Spam Actions not honored
In-Reply-To: <45f383b4-0729-adef-0c00-01b603825011@msapiro.net>
References: <45f383b4-0729-adef-0c00-01b603825011@msapiro.net>
Message-ID: <0661626e-9ba6-25a6-b21e-754a2a6584b9@msapiro.net>

On 11/13/18 10:44 AM, Mark Sapiro wrote:
> I'm running MailScanner 5.1.2-2 with a few additional patches for MSMilter.
> 
> It seems my Spam Actions are not being honored.
> 
> I have Spam Actions = %rules-dir%/spam_action.rules and the rules file
> contains
> 
> To:     /[@.]xxx\.(net|org)$/ deliver
> To:     /webminion at aaa(bbb)?.org$/ deliver
> FromOrTo:       default store forward msapiro+spam at sbh16.songbird.com
> 
> yet spam messages which are scored as spam and which do not match either
> of the non-default conditions are stored, but delivered and not forwarded.
> 
> Here's a typical set of log messages:
> 
...
> Nov 13 02:04:11 sbh16 MailScanner[23114]: Spam Checks: Found 1 spam messages
> Nov 13 02:04:11 sbh16 MailScanner[23114]: Requeue: 75D5C1A421.A132B to
> 1CC9C11826B3
...

Further examination of logs from a non-milter configuration indicates
that the above sequence is normal, but the requeued message should be
delivered to msapiro+spam at sbh16.songbird.com, but in the milter case, it
is delivered to the original recipient.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


From iversons at rushville.k12.in.us  Tue Nov 13 19:15:31 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Tue, 13 Nov 2018 14:15:31 -0500
Subject: Spam Actions not honored
In-Reply-To: <0661626e-9ba6-25a6-b21e-754a2a6584b9@msapiro.net>
References: <45f383b4-0729-adef-0c00-01b603825011@msapiro.net>
 <0661626e-9ba6-25a6-b21e-754a2a6584b9@msapiro.net>
Message-ID: <CABu_8zKJbwDTkE0M9kpTQJu9ku1j3zRW2+J2tn-e-pizUyYGeQ@mail.gmail.com>

Mark,

Thanks, I'll take a dive into the code this evening and get it forwarding
properly.  I think I need to instruct the milter processor to remove and
re-inject recipients so that the actions have an opportunity to rewrite the
recipeints.

On Tue, Nov 13, 2018 at 2:08 PM Mark Sapiro <mark at msapiro.net> wrote:

> On 11/13/18 10:44 AM, Mark Sapiro wrote:
> > I'm running MailScanner 5.1.2-2 with a few additional patches for
> MSMilter.
> >
> > It seems my Spam Actions are not being honored.
> >
> > I have Spam Actions = %rules-dir%/spam_action.rules and the rules file
> > contains
> >
> > To:     /[@.]xxx\.(net|org)$/ deliver
> > To:     /webminion at aaa(bbb)?.org$/ deliver
> > FromOrTo:       default store forward msapiro+spam at sbh16.songbird.com
> >
> > yet spam messages which are scored as spam and which do not match either
> > of the non-default conditions are stored, but delivered and not
> forwarded.
> >
> > Here's a typical set of log messages:
> >
> ...
> > Nov 13 02:04:11 sbh16 MailScanner[23114]: Spam Checks: Found 1 spam
> messages
> > Nov 13 02:04:11 sbh16 MailScanner[23114]: Requeue: 75D5C1A421.A132B to
> > 1CC9C11826B3
> ...
>
> Further examination of logs from a non-milter configuration indicates
> that the above sequence is normal, but the requeued message should be
> delivered to msapiro+spam at sbh16.songbird.com, but in the milter case, it
> is delivered to the original recipient.
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181113/203e911a/attachment.html>

From iversons at rushville.k12.in.us  Tue Nov 13 23:37:05 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Tue, 13 Nov 2018 18:37:05 -0500
Subject: Spam Actions not honored
In-Reply-To: <CABu_8zKJbwDTkE0M9kpTQJu9ku1j3zRW2+J2tn-e-pizUyYGeQ@mail.gmail.com>
References: <45f383b4-0729-adef-0c00-01b603825011@msapiro.net>
 <0661626e-9ba6-25a6-b21e-754a2a6584b9@msapiro.net>
 <CABu_8zKJbwDTkE0M9kpTQJu9ku1j3zRW2+J2tn-e-pizUyYGeQ@mail.gmail.com>
Message-ID: <CABu_8zK6TKvr=DawuiS=HnuurgAN-=muVDi4kTg4FCVWB3S3gg@mail.gmail.com>

Mark,

Haven't had a chance to test this code since I have a meeting tonight, but
feel free to give it a try.  Otherwise, I'll try it out in the morning.

https://github.com/MailScanner/v5/pull/298/files

On Tue, Nov 13, 2018 at 2:15 PM Shawn Iverson <iversons at rushville.k12.in.us>
wrote:

> Mark,
>
> Thanks, I'll take a dive into the code this evening and get it forwarding
> properly.  I think I need to instruct the milter processor to remove and
> re-inject recipients so that the actions have an opportunity to rewrite the
> recipeints.
>
> On Tue, Nov 13, 2018 at 2:08 PM Mark Sapiro <mark at msapiro.net> wrote:
>
>> On 11/13/18 10:44 AM, Mark Sapiro wrote:
>> > I'm running MailScanner 5.1.2-2 with a few additional patches for
>> MSMilter.
>> >
>> > It seems my Spam Actions are not being honored.
>> >
>> > I have Spam Actions = %rules-dir%/spam_action.rules and the rules file
>> > contains
>> >
>> > To:     /[@.]xxx\.(net|org)$/ deliver
>> > To:     /webminion at aaa(bbb)?.org$/ deliver
>> > FromOrTo:       default store forward msapiro+spam at sbh16.songbird.com
>> >
>> > yet spam messages which are scored as spam and which do not match either
>> > of the non-default conditions are stored, but delivered and not
>> forwarded.
>> >
>> > Here's a typical set of log messages:
>> >
>> ...
>> > Nov 13 02:04:11 sbh16 MailScanner[23114]: Spam Checks: Found 1 spam
>> messages
>> > Nov 13 02:04:11 sbh16 MailScanner[23114]: Requeue: 75D5C1A421.A132B to
>> > 1CC9C11826B3
>> ...
>>
>> Further examination of logs from a non-milter configuration indicates
>> that the above sequence is normal, but the requeued message should be
>> delivered to msapiro+spam at sbh16.songbird.com, but in the milter case, it
>> is delivered to the original recipient.
>>
>> --
>> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
>> San Francisco Bay Area, California    better use your sense - B. Dylan
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>
>
> --
> Shawn Iverson, CETL
> Director of Technology
> Rush County Schools
> 765-932-3901 option 7
> iversons at rushville.k12.in.us
>
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181113/90708520/attachment.html>

From mark at msapiro.net  Wed Nov 14 02:01:04 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 13 Nov 2018 18:01:04 -0800
Subject: Spam Actions not honored
In-Reply-To: <CABu_8zK6TKvr=DawuiS=HnuurgAN-=muVDi4kTg4FCVWB3S3gg@mail.gmail.com>
References: <45f383b4-0729-adef-0c00-01b603825011@msapiro.net>
 <0661626e-9ba6-25a6-b21e-754a2a6584b9@msapiro.net>
 <CABu_8zKJbwDTkE0M9kpTQJu9ku1j3zRW2+J2tn-e-pizUyYGeQ@mail.gmail.com>
 <CABu_8zK6TKvr=DawuiS=HnuurgAN-=muVDi4kTg4FCVWB3S3gg@mail.gmail.com>
Message-ID: <a2e13c93-bedc-c7e4-e4ed-b911f9371a63@msapiro.net>

On 11/13/18 3:37 PM, Shawn Iverson via MailScanner wrote:
> Mark,
> 
> Haven't had a chance to test this code since I have a meeting tonight,
> but feel free to give it a try.? Otherwise, I'll try it out in the morning.


I tried a couple of very simple tests. I set

Spam Actions = store forward mark+spam at msapiro.net

and then sent a a non-spam message with 2 recipients and it was
delivered properly to both recipients.

I then sent a spam message with the same two recipients and got this logged

Nov 13 17:12:13 msapiro MailScanner[26356]: New Batch: Scanning 1
messages, 1059 bytes
Nov 13 17:12:13 msapiro MailScanner[26356]: Virus and Content Scanning:
Starting
Nov 13 17:12:17 msapiro MailScanner[26356]: Spam Checks: Found 1 spam
messages
Nov 13 17:12:17 msapiro MailScanner[27277]: Found phishing fraud from
http://www.badsite.com/junk claiming to be www.goodsite.com in
9AE3151F05.AB2E3
Nov 13 17:12:17 msapiro MailScanner[26356]: Content Checks: Detected and
have disarmed web bug, phishing tags in HTML message in 9AE3151F05.AB2E3
from mark at msapiro.net
Nov 13 17:12:17 msapiro MailScanner[26356]: Requeue: 9AE3151F05.AB2E3 to
2B24F34012E
Nov 13 17:12:17 msapiro MailScanner[26356]: Unable to kick message
/var/spool/MailScanner/milterout/2B24F34012E, will retry soon...
Nov 13 17:12:17 msapiro MailScanner[26356]: Uninfected: Delivered 1 messages
Nov 13 17:12:17 msapiro MailScanner[26356]: Deleted 1 messages from
processing-database

The message was stored in quarantine as spam and was still in milterout.

I then sent the non-spam message again, and it was delivered normally
and both it and the spam message were removed from milterout, but the
spam message disappeared with no evidence in the mail.log that the
milter tried to send it at all.

The headers of the message in milterout are:

S<mark at msapiro.net>
Received: from msapiro.net (msapiro-enet.attlocal.net [10.211.115.100])
        (no client certificate requested)
        by msapiro (MailScanner Milter) with SMTP id 76F802AB2F
To: mark at msapiro.net
From: mark at msapiro.net
Subject: {Spam?} {Disarmed} test it
MIME-Version: 1.0
Content-Type: Text/html
Content-Transfer-Encoding: quoted-printable
Message-Id: <20181114015422.76F95340104 at msapiro.net>
Date: Tue, 13 Nov 2018 17:54:22 -0800 (PST)
X-msapiro-MailScanner-ID: 76F802AB2F.AC6F7
X-msapiro-MailScanner: Found to be clean
X-msapiro-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
score=0.741,
	required 0, ALL_TRUSTED -1.00, HTML_MESSAGE 0.00,
	HTML_MIME_NO_HTML_TAG 0.64, MIME_HTML_ONLY 1.10)
O<mark+spam at msapiro.net>
X-msapiro-MailScanner-From: mark at msapiro.net


-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From iversons at rushville.k12.in.us  Wed Nov 14 02:41:29 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Tue, 13 Nov 2018 21:41:29 -0500
Subject: Spam Actions not honored
In-Reply-To: <a2e13c93-bedc-c7e4-e4ed-b911f9371a63@msapiro.net>
References: <45f383b4-0729-adef-0c00-01b603825011@msapiro.net>
 <0661626e-9ba6-25a6-b21e-754a2a6584b9@msapiro.net>
 <CABu_8zKJbwDTkE0M9kpTQJu9ku1j3zRW2+J2tn-e-pizUyYGeQ@mail.gmail.com>
 <CABu_8zK6TKvr=DawuiS=HnuurgAN-=muVDi4kTg4FCVWB3S3gg@mail.gmail.com>
 <a2e13c93-bedc-c7e4-e4ed-b911f9371a63@msapiro.net>
Message-ID: <CABu_8z+r6P-DwHwmcwp-99CTbtRc3YhyURBeMQsr9iLB8RCMUw@mail.gmail.com>

Looks like the recipient got injected into the header instead of before it,
oops D:

I'll stand up this code and find out why this is happening.



On Tue, Nov 13, 2018 at 9:01 PM Mark Sapiro <mark at msapiro.net> wrote:

> On 11/13/18 3:37 PM, Shawn Iverson via MailScanner wrote:
> > Mark,
> >
> > Haven't had a chance to test this code since I have a meeting tonight,
> > but feel free to give it a try.  Otherwise, I'll try it out in the
> morning.
>
>
> I tried a couple of very simple tests. I set
>
> Spam Actions = store forward mark+spam at msapiro.net
>
> and then sent a a non-spam message with 2 recipients and it was
> delivered properly to both recipients.
>
> I then sent a spam message with the same two recipients and got this logged
>
> Nov 13 17:12:13 msapiro MailScanner[26356]: New Batch: Scanning 1
> messages, 1059 bytes
> Nov 13 17:12:13 msapiro MailScanner[26356]: Virus and Content Scanning:
> Starting
> Nov 13 17:12:17 msapiro MailScanner[26356]: Spam Checks: Found 1 spam
> messages
> Nov 13 17:12:17 msapiro MailScanner[27277]: Found phishing fraud from
> http://www.badsite.com/junk claiming to be www.goodsite.com in
> 9AE3151F05.AB2E3
> Nov 13 17:12:17 msapiro MailScanner[26356]: Content Checks: Detected and
> have disarmed web bug, phishing tags in HTML message in 9AE3151F05.AB2E3
> from mark at msapiro.net
> Nov 13 17:12:17 msapiro MailScanner[26356]: Requeue: 9AE3151F05.AB2E3 to
> 2B24F34012E
> Nov 13 17:12:17 msapiro MailScanner[26356]: Unable to kick message
> /var/spool/MailScanner/milterout/2B24F34012E, will retry soon...
> Nov 13 17:12:17 msapiro MailScanner[26356]: Uninfected: Delivered 1
> messages
> Nov 13 17:12:17 msapiro MailScanner[26356]: Deleted 1 messages from
> processing-database
>
> The message was stored in quarantine as spam and was still in milterout.
>
> I then sent the non-spam message again, and it was delivered normally
> and both it and the spam message were removed from milterout, but the
> spam message disappeared with no evidence in the mail.log that the
> milter tried to send it at all.
>
> The headers of the message in milterout are:
>
> S<mark at msapiro.net>
> Received: from msapiro.net (msapiro-enet.attlocal.net [10.211.115.100])
>         (no client certificate requested)
>         by msapiro (MailScanner Milter) with SMTP id 76F802AB2F
> To: mark at msapiro.net
> From: mark at msapiro.net
> Subject: {Spam?} {Disarmed} test it
> MIME-Version: 1.0
> Content-Type: Text/html
> Content-Transfer-Encoding: quoted-printable
> Message-Id: <20181114015422.76F95340104 at msapiro.net>
> Date: Tue, 13 Nov 2018 17:54:22 -0800 (PST)
> X-msapiro-MailScanner-ID: 76F802AB2F.AC6F7
> X-msapiro-MailScanner: Found to be clean
> X-msapiro-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
> score=0.741,
>         required 0, ALL_TRUSTED -1.00, HTML_MESSAGE 0.00,
>         HTML_MIME_NO_HTML_TAG 0.64, MIME_HTML_ONLY 1.10)
> O<mark+spam at msapiro.net>
> X-msapiro-MailScanner-From: mark at msapiro.net
>
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181113/70dd462e/attachment.html>

From iversons at rushville.k12.in.us  Wed Nov 14 03:09:17 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Tue, 13 Nov 2018 22:09:17 -0500
Subject: Spam Actions not honored
In-Reply-To: <CABu_8z+r6P-DwHwmcwp-99CTbtRc3YhyURBeMQsr9iLB8RCMUw@mail.gmail.com>
References: <45f383b4-0729-adef-0c00-01b603825011@msapiro.net>
 <0661626e-9ba6-25a6-b21e-754a2a6584b9@msapiro.net>
 <CABu_8zKJbwDTkE0M9kpTQJu9ku1j3zRW2+J2tn-e-pizUyYGeQ@mail.gmail.com>
 <CABu_8zK6TKvr=DawuiS=HnuurgAN-=muVDi4kTg4FCVWB3S3gg@mail.gmail.com>
 <a2e13c93-bedc-c7e4-e4ed-b911f9371a63@msapiro.net>
 <CABu_8z+r6P-DwHwmcwp-99CTbtRc3YhyURBeMQsr9iLB8RCMUw@mail.gmail.com>
Message-ID: <CABu_8z+YEhVQyzbMYPDKCCQd9oDuEeHRmiq1VqQfY6jgCXzdAA@mail.gmail.com>

Mark,

Updated the PR, might help for me to splice the data at the beginning
instead of the end :D

On Tue, Nov 13, 2018 at 9:41 PM Shawn Iverson <iversons at rushville.k12.in.us>
wrote:

> Looks like the recipient got injected into the header instead of before
> it, oops D:
>
> I'll stand up this code and find out why this is happening.
>
>
>
> On Tue, Nov 13, 2018 at 9:01 PM Mark Sapiro <mark at msapiro.net> wrote:
>
>> On 11/13/18 3:37 PM, Shawn Iverson via MailScanner wrote:
>> > Mark,
>> >
>> > Haven't had a chance to test this code since I have a meeting tonight,
>> > but feel free to give it a try.  Otherwise, I'll try it out in the
>> morning.
>>
>>
>> I tried a couple of very simple tests. I set
>>
>> Spam Actions = store forward mark+spam at msapiro.net
>>
>> and then sent a a non-spam message with 2 recipients and it was
>> delivered properly to both recipients.
>>
>> I then sent a spam message with the same two recipients and got this
>> logged
>>
>> Nov 13 17:12:13 msapiro MailScanner[26356]: New Batch: Scanning 1
>> messages, 1059 bytes
>> Nov 13 17:12:13 msapiro MailScanner[26356]: Virus and Content Scanning:
>> Starting
>> Nov 13 17:12:17 msapiro MailScanner[26356]: Spam Checks: Found 1 spam
>> messages
>> Nov 13 17:12:17 msapiro MailScanner[27277]: Found phishing fraud from
>> http://www.badsite.com/junk claiming to be www.goodsite.com in
>> 9AE3151F05.AB2E3
>> Nov 13 17:12:17 msapiro MailScanner[26356]: Content Checks: Detected and
>> have disarmed web bug, phishing tags in HTML message in 9AE3151F05.AB2E3
>> from mark at msapiro.net
>> Nov 13 17:12:17 msapiro MailScanner[26356]: Requeue: 9AE3151F05.AB2E3 to
>> 2B24F34012E
>> Nov 13 17:12:17 msapiro MailScanner[26356]: Unable to kick message
>> /var/spool/MailScanner/milterout/2B24F34012E, will retry soon...
>> Nov 13 17:12:17 msapiro MailScanner[26356]: Uninfected: Delivered 1
>> messages
>> Nov 13 17:12:17 msapiro MailScanner[26356]: Deleted 1 messages from
>> processing-database
>>
>> The message was stored in quarantine as spam and was still in milterout.
>>
>> I then sent the non-spam message again, and it was delivered normally
>> and both it and the spam message were removed from milterout, but the
>> spam message disappeared with no evidence in the mail.log that the
>> milter tried to send it at all.
>>
>> The headers of the message in milterout are:
>>
>> S<mark at msapiro.net>
>> Received: from msapiro.net (msapiro-enet.attlocal.net [10.211.115.100])
>>         (no client certificate requested)
>>         by msapiro (MailScanner Milter) with SMTP id 76F802AB2F
>> To: mark at msapiro.net
>> From: mark at msapiro.net
>> Subject: {Spam?} {Disarmed} test it
>> MIME-Version: 1.0
>> Content-Type: Text/html
>> Content-Transfer-Encoding: quoted-printable
>> Message-Id: <20181114015422.76F95340104 at msapiro.net>
>> Date: Tue, 13 Nov 2018 17:54:22 -0800 (PST)
>> X-msapiro-MailScanner-ID: 76F802AB2F.AC6F7
>> X-msapiro-MailScanner: Found to be clean
>> X-msapiro-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
>> score=0.741,
>>         required 0, ALL_TRUSTED -1.00, HTML_MESSAGE 0.00,
>>         HTML_MIME_NO_HTML_TAG 0.64, MIME_HTML_ONLY 1.10)
>> O<mark+spam at msapiro.net>
>> X-msapiro-MailScanner-From: mark at msapiro.net
>>
>>
>> --
>> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
>> San Francisco Bay Area, California    better use your sense - B. Dylan
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>
>
> --
> Shawn Iverson, CETL
> Director of Technology
> Rush County Schools
> 765-932-3901 option 7
> iversons at rushville.k12.in.us
>
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181113/f33b86f0/attachment.html>

From mark at msapiro.net  Wed Nov 14 03:25:45 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 13 Nov 2018 19:25:45 -0800
Subject: Spam Actions not honored
In-Reply-To: <CABu_8z+YEhVQyzbMYPDKCCQd9oDuEeHRmiq1VqQfY6jgCXzdAA@mail.gmail.com>
References: <45f383b4-0729-adef-0c00-01b603825011@msapiro.net>
 <0661626e-9ba6-25a6-b21e-754a2a6584b9@msapiro.net>
 <CABu_8zKJbwDTkE0M9kpTQJu9ku1j3zRW2+J2tn-e-pizUyYGeQ@mail.gmail.com>
 <CABu_8zK6TKvr=DawuiS=HnuurgAN-=muVDi4kTg4FCVWB3S3gg@mail.gmail.com>
 <a2e13c93-bedc-c7e4-e4ed-b911f9371a63@msapiro.net>
 <CABu_8z+r6P-DwHwmcwp-99CTbtRc3YhyURBeMQsr9iLB8RCMUw@mail.gmail.com>
 <CABu_8z+YEhVQyzbMYPDKCCQd9oDuEeHRmiq1VqQfY6jgCXzdAA@mail.gmail.com>
Message-ID: <00115263-407e-18dc-3a08-c3de1c5fea5f@msapiro.net>

On 11/13/18 7:09 PM, Shawn Iverson via MailScanner wrote:
> Mark,
> 
> Updated the PR, might help for me to splice the data at the beginning
> instead of the end :D


It now passes my simple tests. I'll try it on my main server and monitor.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From rich at richsphere.co.uk  Wed Nov 14 11:03:47 2018
From: rich at richsphere.co.uk (Richard Mealing)
Date: Wed, 14 Nov 2018 11:03:47 +0000
Subject: Scanned Modify Subject
Message-ID: <73d848d749b2e30acd9e02ab20d042b9@richsphere.co.uk>

 

Hi list, 

I have a requirement to set external email tag in the
subject line for all scanned external emails coming into a certain
domain. I have set this up and everything seems to work fine. 

When a
user replies the client adds a 're' tag to the subject and the further
external reply (now the 3rd email) mailscanner cannot detect it's
original tag and so adds another EXTERNAL EMAIL to the subject line.


So the email subject looks like this - EXTERNAL EMAIL: RE: EXTERNAL
EMAIL: TEST SUBJECT 

I have added the tag at the end of the subject
line and that fixes the problem, however the user would like me to try
and fix this behaviour so they can add the tag at the start of the
subject line. 

I am running a fairly old 4.85.2 version of mailscanner.
I am just wondering if anyone has any thoughts on this? Can mailscanner
search for the tag in the subject line and then not add another tag if
it finds the tag? 

Thank you. 

Rich 
-- 

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181114/256a1589/attachment.html>

From kenneth at khansen-it.dk  Wed Nov 14 20:02:09 2018
From: kenneth at khansen-it.dk (Kenneth Hansen)
Date: Wed, 14 Nov 2018 20:02:09 +0000
Subject: Message is blocked in virus scanning
Message-ID: <A3E1B4CA-26F0-4451-92DD-901C80A3D8EB@khansen-it.dk>

Hi
I have a MailScanner setup deployed where I log data to a SQL database in the same way as MailWatch.

?Always Looked Up Last = &MailDataLogging?

During the night I received a message that triggered an attachment warning message to be sent to the recipient instead of delivering the message.

"At Wed Nov 14 00:01:39 2018 the virus scanner said:
   MailScanner: Attempt to hide real filename extension
"

This does however not show up in the SQL database, which means that it seems to have been stopped before it was logged to the database.
Is there a way to make sure that even such messages are still logged so that we can see them from whatever system reads the database?

From mark at msapiro.net  Thu Nov 15 06:34:40 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 14 Nov 2018 22:34:40 -0800
Subject: Spam Actions not honored
In-Reply-To: <00115263-407e-18dc-3a08-c3de1c5fea5f@msapiro.net>
References: <45f383b4-0729-adef-0c00-01b603825011@msapiro.net>
 <0661626e-9ba6-25a6-b21e-754a2a6584b9@msapiro.net>
 <CABu_8zKJbwDTkE0M9kpTQJu9ku1j3zRW2+J2tn-e-pizUyYGeQ@mail.gmail.com>
 <CABu_8zK6TKvr=DawuiS=HnuurgAN-=muVDi4kTg4FCVWB3S3gg@mail.gmail.com>
 <a2e13c93-bedc-c7e4-e4ed-b911f9371a63@msapiro.net>
 <CABu_8z+r6P-DwHwmcwp-99CTbtRc3YhyURBeMQsr9iLB8RCMUw@mail.gmail.com>
 <CABu_8z+YEhVQyzbMYPDKCCQd9oDuEeHRmiq1VqQfY6jgCXzdAA@mail.gmail.com>
 <00115263-407e-18dc-3a08-c3de1c5fea5f@msapiro.net>
Message-ID: <6d5cdaa8-570a-4a3c-731c-2c34cc474ed7@msapiro.net>

On 11/13/18 7:25 PM, Mark Sapiro wrote:
> On 11/13/18 7:09 PM, Shawn Iverson via MailScanner wrote:
>> Mark,
>>
>> Updated the PR, might help for me to splice the data at the beginning
>> instead of the end :D
> 
> 
> It now passes my simple tests. I'll try it on my main server and monitor.


It's been running on my main server for over a day now and seems to be
working fine.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


From mark at msapiro.net  Tue Nov 20 19:09:30 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 20 Nov 2018 11:09:30 -0800
Subject: Strange error with MSMilter
Message-ID: <fed53fb9-1f8c-3a4b-aba4-cac7a3c81e9f@msapiro.net>

I am running MailScanner at rev 941ac5ada. My milter config is

Incoming Queue Dir = /var/spool/MailScanner/milterin
Outgoing Queue Dir = /var/spool/MailScanner/milterout
MTA = msmail
MSMail Queue Type = short
Milter Scanner = yes
Milter Dispatcher = postfork


I have a strange issue that I have seen twice. The issue is two emails
arrive at the essentially the same time. One is delivered normally, but
the other is missing what at time of receipt is probably just the first
line of the header. In the second case, the remaining header starts with
a continuation line so it appears the message has no headers and the MTA
later adds minimal headers.

The two cases I've seen have almost nothing in common other than the
fact that two separate emails arrive from the same server in immediate
succession, but in separate SMTP sessions, and have similar content, but
the sending server, the recipients and the message content were
different between the two instances.

There are other cases where the conditions are similar and the issue
doesn't occur.

The following is from the second instance. The messages were a notice
from gitlab.com to mark at msapiro.net and webmaster at grizz.org. The message
to mark was received normally, but the message to webmaster was missing
the header line.

The other interesting thing in the Postfix log is it looks like the
message to webmaster was the second of two transactions in the same SMTP
session and further, the MailScanner child was restarted between the two
transactions. It is this second message to webmaster that was missing a
line, so it is quite possible that the issue occurs to the second of two
transactions in the same SMTP session and has nothing to do with a
similar message arriving separately at the same time.

The Postfix log for the period is <https://paste.ubuntu.com/p/pXFTDP42S6/>.

The garbled message to webmaster is
<https://paste.ubuntu.com/p/R5Y3ZTJNMn/>.

The message to mark is <https://paste.ubuntu.com/p/Ztvthwz82J/>.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


From mark at msapiro.net  Tue Nov 20 20:41:03 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 20 Nov 2018 12:41:03 -0800
Subject: Strange error with MSMilter
In-Reply-To: <fed53fb9-1f8c-3a4b-aba4-cac7a3c81e9f@msapiro.net>
References: <fed53fb9-1f8c-3a4b-aba4-cac7a3c81e9f@msapiro.net>
Message-ID: <dba9ecbc-f9fd-c2d2-5e7e-2a728833ee63@msapiro.net>

On 11/20/18 11:09 AM, Mark Sapiro wrote:
> The other interesting thing in the Postfix log is it looks like the
> message to webmaster was the second of two transactions in the same SMTP
> session and further, the MailScanner child was restarted between the two
> transactions. It is this second message to webmaster that was missing a
> line, so it is quite possible that the issue occurs to the second of two
> transactions in the same SMTP session and has nothing to do with a
> similar message arriving separately at the same time.


I have done some simple tests and I can duplicate the issue. The issue
seems to occur when and only when Postfix receives two separate emails
in one SMTP session.

I.e. an SMTP session like

connect
HELO
MAIL FROM
RCPT TO
DATA
MAIL FROM
RCPT TO
DATA
QUIT

will exhibit the problem in the second message, but

connect
HELO
MAIL FROM
RCPT TO
DATA
QUIT
connect
MAIL FROM
RCPT TO
DATA
QUIT

Does not exhibit the problem.

I have simple Python 3 scripts that produce the error, but I'm not
posting them as the server address and email addresses are specific to
my test machine.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan



From iversons at rushville.k12.in.us  Tue Nov 20 20:43:26 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Tue, 20 Nov 2018 15:43:26 -0500
Subject: Strange error with MSMilter
In-Reply-To: <dba9ecbc-f9fd-c2d2-5e7e-2a728833ee63@msapiro.net>
References: <fed53fb9-1f8c-3a4b-aba4-cac7a3c81e9f@msapiro.net>
 <dba9ecbc-f9fd-c2d2-5e7e-2a728833ee63@msapiro.net>
Message-ID: <CABu_8zJ8_Y8J24cMorUQEe3SFKP7qMGUNaLk+hGx2TWaGQ=f_A@mail.gmail.com>

Mark,

Thanks for the troubleshooting!  I think that info is enough for me to
reproduce on my end as well. I will take a look at this tonight.

On Tue, Nov 20, 2018 at 3:41 PM Mark Sapiro <mark at msapiro.net> wrote:

> On 11/20/18 11:09 AM, Mark Sapiro wrote:
> > The other interesting thing in the Postfix log is it looks like the
> > message to webmaster was the second of two transactions in the same SMTP
> > session and further, the MailScanner child was restarted between the two
> > transactions. It is this second message to webmaster that was missing a
> > line, so it is quite possible that the issue occurs to the second of two
> > transactions in the same SMTP session and has nothing to do with a
> > similar message arriving separately at the same time.
>
>
> I have done some simple tests and I can duplicate the issue. The issue
> seems to occur when and only when Postfix receives two separate emails
> in one SMTP session.
>
> I.e. an SMTP session like
>
> connect
> HELO
> MAIL FROM
> RCPT TO
> DATA
> MAIL FROM
> RCPT TO
> DATA
> QUIT
>
> will exhibit the problem in the second message, but
>
> connect
> HELO
> MAIL FROM
> RCPT TO
> DATA
> QUIT
> connect
> MAIL FROM
> RCPT TO
> DATA
> QUIT
>
> Does not exhibit the problem.
>
> I have simple Python 3 scripts that produce the error, but I'm not
> posting them as the server address and email addresses are specific to
> my test machine.
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181120/4b3f65e2/attachment.html>

From iversons at rushville.k12.in.us  Wed Nov 21 00:26:27 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Tue, 20 Nov 2018 19:26:27 -0500
Subject: Strange error with MSMilter
In-Reply-To: <CABu_8zJ8_Y8J24cMorUQEe3SFKP7qMGUNaLk+hGx2TWaGQ=f_A@mail.gmail.com>
References: <fed53fb9-1f8c-3a4b-aba4-cac7a3c81e9f@msapiro.net>
 <dba9ecbc-f9fd-c2d2-5e7e-2a728833ee63@msapiro.net>
 <CABu_8zJ8_Y8J24cMorUQEe3SFKP7qMGUNaLk+hGx2TWaGQ=f_A@mail.gmail.com>
Message-ID: <CABu_8z+KWV-SHf0n38=qg8Lxu3VcfPAEJ-5d9rEpNPT8MMzKZg@mail.gmail.com>

Mark,

https://github.com/MailScanner/v5/pull/305

On Tue, Nov 20, 2018 at 3:43 PM Shawn Iverson <iversons at rushville.k12.in.us>
wrote:

> Mark,
>
> Thanks for the troubleshooting!  I think that info is enough for me to
> reproduce on my end as well. I will take a look at this tonight.
>
> On Tue, Nov 20, 2018 at 3:41 PM Mark Sapiro <mark at msapiro.net> wrote:
>
>> On 11/20/18 11:09 AM, Mark Sapiro wrote:
>> > The other interesting thing in the Postfix log is it looks like the
>> > message to webmaster was the second of two transactions in the same SMTP
>> > session and further, the MailScanner child was restarted between the two
>> > transactions. It is this second message to webmaster that was missing a
>> > line, so it is quite possible that the issue occurs to the second of two
>> > transactions in the same SMTP session and has nothing to do with a
>> > similar message arriving separately at the same time.
>>
>>
>> I have done some simple tests and I can duplicate the issue. The issue
>> seems to occur when and only when Postfix receives two separate emails
>> in one SMTP session.
>>
>> I.e. an SMTP session like
>>
>> connect
>> HELO
>> MAIL FROM
>> RCPT TO
>> DATA
>> MAIL FROM
>> RCPT TO
>> DATA
>> QUIT
>>
>> will exhibit the problem in the second message, but
>>
>> connect
>> HELO
>> MAIL FROM
>> RCPT TO
>> DATA
>> QUIT
>> connect
>> MAIL FROM
>> RCPT TO
>> DATA
>> QUIT
>>
>> Does not exhibit the problem.
>>
>> I have simple Python 3 scripts that produce the error, but I'm not
>> posting them as the server address and email addresses are specific to
>> my test machine.
>>
>> --
>> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
>> San Francisco Bay Area, California    better use your sense - B. Dylan
>>
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>
>
> --
> Shawn Iverson, CETL
> Director of Technology
> Rush County Schools
> 765-932-3901 option 7
> iversons at rushville.k12.in.us
>
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181120/e35d5d7c/attachment.html>

From iversons at rushville.k12.in.us  Wed Nov 21 00:36:31 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Tue, 20 Nov 2018 19:36:31 -0500
Subject: Scanned Modify Subject
In-Reply-To: <73d848d749b2e30acd9e02ab20d042b9@richsphere.co.uk>
References: <73d848d749b2e30acd9e02ab20d042b9@richsphere.co.uk>
Message-ID: <CABu_8zLXQ4QUzpzZtC5fwJpr74Q00JHd=JGK899t09CqhK7c5g@mail.gmail.com>

I will test this on the current mailscanner and see if I can reproduce it.

On Wed, Nov 14, 2018 at 12:23 PM Richard Mealing <rich at richsphere.co.uk>
wrote:

> Hi list,
>
>
>
> I have a requirement to set external email tag in the subject line for all
> scanned external emails coming into a certain domain. I have set this up
> and everything seems to work fine.
>
> When a user replies the client adds a 're' tag to the subject and the
> further external reply (now the 3rd email) mailscanner cannot detect it's
> original tag and so adds another EXTERNAL EMAIL to the subject line.
>
>
>
> So the email subject looks like this - EXTERNAL EMAIL: RE: EXTERNAL EMAIL:
> TEST SUBJECT
>
>
>
> I have added the tag at the end of the subject line and that fixes the
> problem, however the user would like me to try and fix this behaviour so
> they can add the tag at the start of the subject line.
>
>
>
> I am running a fairly old 4.85.2 version of mailscanner. I am just
> wondering if anyone has any thoughts on this? Can mailscanner search for
> the tag in the subject line and then not add another tag if it finds the
> tag?
>
>
>
> Thank you.
>
> Rich
> --
>
>
>
>
>
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181120/f67bc3ce/attachment.html>

From mark at msapiro.net  Wed Nov 21 03:14:57 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 20 Nov 2018 19:14:57 -0800
Subject: Strange error with MSMilter
In-Reply-To: <CABu_8z+KWV-SHf0n38=qg8Lxu3VcfPAEJ-5d9rEpNPT8MMzKZg@mail.gmail.com>
References: <fed53fb9-1f8c-3a4b-aba4-cac7a3c81e9f@msapiro.net>
 <dba9ecbc-f9fd-c2d2-5e7e-2a728833ee63@msapiro.net>
 <CABu_8zJ8_Y8J24cMorUQEe3SFKP7qMGUNaLk+hGx2TWaGQ=f_A@mail.gmail.com>
 <CABu_8z+KWV-SHf0n38=qg8Lxu3VcfPAEJ-5d9rEpNPT8MMzKZg@mail.gmail.com>
Message-ID: <d5aed5bd-bd43-c36a-46e6-d29694df8881@msapiro.net>

On 11/20/18 4:26 PM, Shawn Iverson via MailScanner wrote:
> Mark,
> 
> https://github.com/MailScanner/v5/pull/305


I've got too many tasks going at once here, but I started to test that.
I have no results to report yet.

One thing I found however, is I just downloaded the entire MSMilter file
from the PR and I had not previously installed
<https://github.com/MailScanner/v5/commit/3fae4043976477938977f53a8794214d6e8d82b0>.
That adds the ExitParent subroutine and that in turn has the line

unlink $PidFile; # Ditch the pid file

but $PidFile is undefined there.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


From iversons at rushville.k12.in.us  Wed Nov 21 09:42:30 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Wed, 21 Nov 2018 04:42:30 -0500
Subject: Strange error with MSMilter
In-Reply-To: <d5aed5bd-bd43-c36a-46e6-d29694df8881@msapiro.net>
References: <fed53fb9-1f8c-3a4b-aba4-cac7a3c81e9f@msapiro.net>
 <dba9ecbc-f9fd-c2d2-5e7e-2a728833ee63@msapiro.net>
 <CABu_8zJ8_Y8J24cMorUQEe3SFKP7qMGUNaLk+hGx2TWaGQ=f_A@mail.gmail.com>
 <CABu_8z+KWV-SHf0n38=qg8Lxu3VcfPAEJ-5d9rEpNPT8MMzKZg@mail.gmail.com>
 <d5aed5bd-bd43-c36a-46e6-d29694df8881@msapiro.net>
Message-ID: <CABu_8zJ92dj1mTvAHk_zbSBGh50qXGNneVZc36Py8h4dfJ2qpQ@mail.gmail.com>

https://github.com/MailScanner/v5/pull/306

On Tue, Nov 20, 2018 at 10:15 PM Mark Sapiro <mark at msapiro.net> wrote:

> On 11/20/18 4:26 PM, Shawn Iverson via MailScanner wrote:
> > Mark,
> >
> > https://github.com/MailScanner/v5/pull/305
>
>
> I've got too many tasks going at once here, but I started to test that.
> I have no results to report yet.
>
> One thing I found however, is I just downloaded the entire MSMilter file
> from the PR and I had not previously installed
> <
> https://github.com/MailScanner/v5/commit/3fae4043976477938977f53a8794214d6e8d82b0
> >.
> That adds the ExitParent subroutine and that in turn has the line
>
> unlink $PidFile; # Ditch the pid file
>
> but $PidFile is undefined there.
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181121/a39ffd32/attachment.html>

From rich at richsphere.co.uk  Wed Nov 21 16:22:35 2018
From: rich at richsphere.co.uk (Richard Mealing)
Date: Wed, 21 Nov 2018 16:22:35 +0000
Subject: Scanned Modify Subject
In-Reply-To: <CABu_8zLXQ4QUzpzZtC5fwJpr74Q00JHd=JGK899t09CqhK7c5g@mail.gmail.com>
References: <73d848d749b2e30acd9e02ab20d042b9@richsphere.co.uk>
 <CABu_8zLXQ4QUzpzZtC5fwJpr74Q00JHd=JGK899t09CqhK7c5g@mail.gmail.com>
Message-ID: <1a1af5a0941e46c96ac455a702156cbd@richsphere.co.uk>

 

On 21-11-2018 00:36, Shawn Iverson via MailScanner wrote: 

> I will
test this on the current mailscanner and see if I can reproduce it. 
>

> On Wed, Nov 14, 2018 at 12:23 PM Richard Mealing
<rich at richsphere.co.uk> wrote: 
> 
>> Hi list, 
>> 
>> I have a
requirement to set external email tag in the subject line for all
scanned external emails coming into a certain domain. I have set this up
and everything seems to work fine. 
>> 
>> When a user replies the
client adds a 're' tag to the subject and the further external reply
(now the 3rd email) mailscanner cannot detect it's original tag and so
adds another EXTERNAL EMAIL to the subject line. 
>> 
>> So the email
subject looks like this - EXTERNAL EMAIL: RE: EXTERNAL EMAIL: TEST
SUBJECT 
>> 
>> I have added the tag at the end of the subject line and
that fixes the problem, however the user would like me to try and fix
this behaviour so they can add the tag at the start of the subject line.

>> 
>> I am running a fairly old 4.85.2 version of mailscanner. I am
just wondering if anyone has any thoughts on this? Can mailscanner
search for the tag in the subject line and then not add another tag if
it finds the tag? 
>> 
>> Thank you. 
>> 
>> Rich 
>> -- 
>> 
>> -- 
>>
MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>>
http://lists.mailscanner.info/mailman/listinfo/mailscanner [1]
> 
> --

> 
> Shawn Iverson, CETL 
> Director of Technology 
> Rush County
Schools 
> 765-932-3901 option 7 
> iversons at rushville.k12.in.us

Hi
Shawn, 

I believe this has been discussed before.
http://lists.mailscanner.info/pipermail/mailscanner/2003-December/024227.html


Jules rightly says the email client adds the RE tag to the subject so
I can't see a way around this behaviour. Now I have this set in a
ruleset I can't see how mailscanner could search for the domain in the
rules file, then search every email for that domains subject header for
the tag I set inside the rules file. I personally think it would cause a
lot of extra load, unless someone could figure out a better way? I
can't. 

I have this - 

Scanned Modify Subject =
%rules-dir%/modify.scanned.subject.rules 

 To: default no 

 To:
richsphere.co.uk yes 

And then this - 

Scanned Subject Text =
%rules-dir%/scanned.subject.text.rules 

 To: default {Scanned} # This
would never be used unless the modify.scanned.subject.rules 'default'
line is set to 'yes' 

 To: richsphere.co.uk [EXTERNAL EMAIL] 

If you
keep going it just builds up the subject line as so - 

Subject:
[EXTERNAL EMAIL : ] Re: [EXTERNAL EMAIL : ] Re: [EXTERNAL EMAIL : ] Re:
Test 

Thanks, 

Rich 
-- 

 

Links:
------
[1]
http://lists.mailscanner.info/mailman/listinfo/mailscanner
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181121/c9578174/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: blocked.gif
Type: image/gif
Size: 118 bytes
Desc: not available
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181121/c9578174/attachment.gif>

From mark at msapiro.net  Wed Nov 21 20:33:25 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 21 Nov 2018 12:33:25 -0800
Subject: Strange error with MSMilter
In-Reply-To: <CABu_8zJ92dj1mTvAHk_zbSBGh50qXGNneVZc36Py8h4dfJ2qpQ@mail.gmail.com>
References: <fed53fb9-1f8c-3a4b-aba4-cac7a3c81e9f@msapiro.net>
 <dba9ecbc-f9fd-c2d2-5e7e-2a728833ee63@msapiro.net>
 <CABu_8zJ8_Y8J24cMorUQEe3SFKP7qMGUNaLk+hGx2TWaGQ=f_A@mail.gmail.com>
 <CABu_8z+KWV-SHf0n38=qg8Lxu3VcfPAEJ-5d9rEpNPT8MMzKZg@mail.gmail.com>
 <d5aed5bd-bd43-c36a-46e6-d29694df8881@msapiro.net>
 <CABu_8zJ92dj1mTvAHk_zbSBGh50qXGNneVZc36Py8h4dfJ2qpQ@mail.gmail.com>
Message-ID: <1f88f6be-39c0-55af-1c8a-7a32cd6e2b26@msapiro.net>

On 11/21/18 1:42 AM, Shawn Iverson via MailScanner wrote:
> https://github.com/MailScanner/v5/pull/306
> 
> On Tue, Nov 20, 2018 at 10:15 PM Mark Sapiro <mark at msapiro.net
> <mailto:mark at msapiro.net>> wrote:
> 
>     On 11/20/18 4:26 PM, Shawn Iverson via MailScanner wrote:
>     > Mark,
>     >
>     > https://github.com/MailScanner/v5/pull/305


I have done some testing. I started by building MailScanner from the
HEAD of the GitHub master branch (up to the commit e9773ffe4).

With that MSMilter I can see the issue where sending two messages in the
same SMTP session results in the first line of the header being lost.

I then applied the patch at
<https://github.com/MailScanner/v5/pull/305.diff> to MSMilter. This
appears to fix the missing header line issue, but it introduces another
issue. This new issue is messages remain in the milterin queue and are
never processed by MailScanner.

The only case where a message is processed by MailScanner is the case
where two messages are sent in the same session. In this case, the first
of the two messages is processed and delivered, but the second remains
in milterin and is not processed. Likewise in cases where only one
message is sent in a session, that message remains in milterin and is
not processed.

I'm a bit hazy on how this works, but I notice the files that remain in
milterin all have a 'temp-' prefix and renaming them to drop the 'temp-'
allows the mail to be delivered. It seems that the 'move($file,
$file2);' statement is now in a new close_callback subroutine which is
not being executed.

I have added some comments to the PR.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


From mark at msapiro.net  Wed Nov 21 21:10:21 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 21 Nov 2018 13:10:21 -0800
Subject: Strange error with MSMilter
In-Reply-To: <1f88f6be-39c0-55af-1c8a-7a32cd6e2b26@msapiro.net>
References: <fed53fb9-1f8c-3a4b-aba4-cac7a3c81e9f@msapiro.net>
 <dba9ecbc-f9fd-c2d2-5e7e-2a728833ee63@msapiro.net>
 <CABu_8zJ8_Y8J24cMorUQEe3SFKP7qMGUNaLk+hGx2TWaGQ=f_A@mail.gmail.com>
 <CABu_8z+KWV-SHf0n38=qg8Lxu3VcfPAEJ-5d9rEpNPT8MMzKZg@mail.gmail.com>
 <d5aed5bd-bd43-c36a-46e6-d29694df8881@msapiro.net>
 <CABu_8zJ92dj1mTvAHk_zbSBGh50qXGNneVZc36Py8h4dfJ2qpQ@mail.gmail.com>
 <1f88f6be-39c0-55af-1c8a-7a32cd6e2b26@msapiro.net>
Message-ID: <27d2d17b-cfc3-a379-7a73-df908fbd0bf7@msapiro.net>

On 11/21/18 12:33 PM, Mark Sapiro wrote:
> 
> It seems that the 'move($file,
> $file2);' statement is now in a new close_callback subroutine which is
> not being executed.


The latest commit at
<https://github.com/MailScanner/v5/pull/305/commits/85b58ff9a11646e34544bbbfc14108cf1ff03821>
fixes this. It now passes all my tests and I think
<https://github.com/MailScanner/v5/pull/305> is ready to merge.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


From iversons at rushville.k12.in.us  Wed Nov 21 21:14:01 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Wed, 21 Nov 2018 16:14:01 -0500
Subject: Strange error with MSMilter
In-Reply-To: <27d2d17b-cfc3-a379-7a73-df908fbd0bf7@msapiro.net>
References: <fed53fb9-1f8c-3a4b-aba4-cac7a3c81e9f@msapiro.net>
 <dba9ecbc-f9fd-c2d2-5e7e-2a728833ee63@msapiro.net>
 <CABu_8zJ8_Y8J24cMorUQEe3SFKP7qMGUNaLk+hGx2TWaGQ=f_A@mail.gmail.com>
 <CABu_8z+KWV-SHf0n38=qg8Lxu3VcfPAEJ-5d9rEpNPT8MMzKZg@mail.gmail.com>
 <d5aed5bd-bd43-c36a-46e6-d29694df8881@msapiro.net>
 <CABu_8zJ92dj1mTvAHk_zbSBGh50qXGNneVZc36Py8h4dfJ2qpQ@mail.gmail.com>
 <1f88f6be-39c0-55af-1c8a-7a32cd6e2b26@msapiro.net>
 <27d2d17b-cfc3-a379-7a73-df908fbd0bf7@msapiro.net>
Message-ID: <CABu_8zJdmYw9CkBC1KD+QwJyFY=OjRWRnQo9NGDiD45RQa4U9w@mail.gmail.com>

Merged

On Wed, Nov 21, 2018 at 4:10 PM Mark Sapiro <mark at msapiro.net> wrote:

> On 11/21/18 12:33 PM, Mark Sapiro wrote:
> >
> > It seems that the 'move($file,
> > $file2);' statement is now in a new close_callback subroutine which is
> > not being executed.
>
>
> The latest commit at
> <
> https://github.com/MailScanner/v5/pull/305/commits/85b58ff9a11646e34544bbbfc14108cf1ff03821
> >
> fixes this. It now passes all my tests and I think
> <https://github.com/MailScanner/v5/pull/305> is ready to merge.
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181121/be50ed2a/attachment.html>

From mark at msapiro.net  Thu Nov 22 02:19:12 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 21 Nov 2018 18:19:12 -0800
Subject: Thoughts on MSMilter
Message-ID: <150810c9-e4c3-f848-5f25-c278854f619b@msapiro.net>

First a big thank you to Shawn for all the work on MSMilter. I think at
this point with the merge of
<https://github.com/MailScanner/v5/pull/305> it is working very well. It
also provides a framework for adding even more checks at incoming SMTP time.

There is one thing that I think could be improved in the current
implementation. The milter is invoked by Postfix via the smtpd_milters
configuration on all mail that arrives via SMTP. In most cases, it tells
Postfix to DISCARD the message meaning the SMTP client is told the
message is accepted but Postfix doesn't queue the message for further
processing. The milter in turn has queued the message for MailScanner,
and MailScanner processes the message and may queue messages back to be
picked up by the milter and redelivered to Postfix.

The issue is the milter reinjects the message via SMTP to postfix. This
means the milter will be invoked again to process the message it just
reinjected. For this reason, the milter just accepts all messages
arriving from the local host so they can be processed by Postfix and
avoid and endless loop through MailScanner.

This all works, except it means that other messages arriving via SMTP
from the local host are just accepted by the milter and not seen by
MailScanner. This is not a major issue as such messages are usually only
generated by trusted users or processes, but this could be avoided if
the milter reinjected scanned messages using QMQP or the Postfix
sendmail command.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


From iversons at rushville.k12.in.us  Thu Nov 22 03:22:33 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Wed, 21 Nov 2018 22:22:33 -0500
Subject: Thoughts on MSMilter
In-Reply-To: <150810c9-e4c3-f848-5f25-c278854f619b@msapiro.net>
References: <150810c9-e4c3-f848-5f25-c278854f619b@msapiro.net>
Message-ID: <CABu_8z+U2aqBhrpa=UBZ317Er+uQWSVHfx7dUa9+nzL6q-xMxQ@mail.gmail.com>

sendmail compatibility interface is not an option, see
https://github.com/MailScanner/v5/blob/3fce3ff80180b71520bcd03dfb2cb1a53369603c/common/usr/share/MailScanner/perl/MailScanner/MSMail.pm#L935

QMQP may be a good option.  I will check into this method....

On Wed, Nov 21, 2018 at 9:19 PM Mark Sapiro <mark at msapiro.net> wrote:

> First a big thank you to Shawn for all the work on MSMilter. I think at
> this point with the merge of
> <https://github.com/MailScanner/v5/pull/305> it is working very well. It
> also provides a framework for adding even more checks at incoming SMTP
> time.
>
> There is one thing that I think could be improved in the current
> implementation. The milter is invoked by Postfix via the smtpd_milters
> configuration on all mail that arrives via SMTP. In most cases, it tells
> Postfix to DISCARD the message meaning the SMTP client is told the
> message is accepted but Postfix doesn't queue the message for further
> processing. The milter in turn has queued the message for MailScanner,
> and MailScanner processes the message and may queue messages back to be
> picked up by the milter and redelivered to Postfix.
>
> The issue is the milter reinjects the message via SMTP to postfix. This
> means the milter will be invoked again to process the message it just
> reinjected. For this reason, the milter just accepts all messages
> arriving from the local host so they can be processed by Postfix and
> avoid and endless loop through MailScanner.
>
> This all works, except it means that other messages arriving via SMTP
> from the local host are just accepted by the milter and not seen by
> MailScanner. This is not a major issue as such messages are usually only
> generated by trusted users or processes, but this could be avoided if
> the milter reinjected scanned messages using QMQP or the Postfix
> sendmail command.
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181121/f04cc1ae/attachment.html>

From iversons at rushville.k12.in.us  Thu Nov 22 13:29:49 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Thu, 22 Nov 2018 08:29:49 -0500
Subject: Thoughts on MSMilter
In-Reply-To: <CABu_8z+U2aqBhrpa=UBZ317Er+uQWSVHfx7dUa9+nzL6q-xMxQ@mail.gmail.com>
References: <150810c9-e4c3-f848-5f25-c278854f619b@msapiro.net>
 <CABu_8z+U2aqBhrpa=UBZ317Er+uQWSVHfx7dUa9+nzL6q-xMxQ@mail.gmail.com>
Message-ID: <CABu_8zJG0zsJDBZnecXATm4HoxsANmaZXbFoR5raq_SOE-=0Dg@mail.gmail.com>

Mark,

How much do you know about QMQP?

It looks like I need to do this to send a message to it...I'm going to do
some hacking and see how I can make this work...

Encode a series of safe strings as a netstring representing the message.
Encode the envelope sender the same way (not sure the format)
Encode the original recipients the same way (also not sure the format,
assuming  <email at example.com>)
Send the data to QMQP
Watch for the response, which is either K, Z, or D (decoded from a
netstring)
Act based on the response K = sent, Z = tempfail, D =permfail


On Wed, Nov 21, 2018 at 10:22 PM Shawn Iverson <iversons at rushville.k12.in.us>
wrote:

> sendmail compatibility interface is not an option, see
> https://github.com/MailScanner/v5/blob/3fce3ff80180b71520bcd03dfb2cb1a53369603c/common/usr/share/MailScanner/perl/MailScanner/MSMail.pm#L935
>
> QMQP may be a good option.  I will check into this method....
>
> On Wed, Nov 21, 2018 at 9:19 PM Mark Sapiro <mark at msapiro.net> wrote:
>
>> First a big thank you to Shawn for all the work on MSMilter. I think at
>> this point with the merge of
>> <https://github.com/MailScanner/v5/pull/305> it is working very well. It
>> also provides a framework for adding even more checks at incoming SMTP
>> time.
>>
>> There is one thing that I think could be improved in the current
>> implementation. The milter is invoked by Postfix via the smtpd_milters
>> configuration on all mail that arrives via SMTP. In most cases, it tells
>> Postfix to DISCARD the message meaning the SMTP client is told the
>> message is accepted but Postfix doesn't queue the message for further
>> processing. The milter in turn has queued the message for MailScanner,
>> and MailScanner processes the message and may queue messages back to be
>> picked up by the milter and redelivered to Postfix.
>>
>> The issue is the milter reinjects the message via SMTP to postfix. This
>> means the milter will be invoked again to process the message it just
>> reinjected. For this reason, the milter just accepts all messages
>> arriving from the local host so they can be processed by Postfix and
>> avoid and endless loop through MailScanner.
>>
>> This all works, except it means that other messages arriving via SMTP
>> from the local host are just accepted by the milter and not seen by
>> MailScanner. This is not a major issue as such messages are usually only
>> generated by trusted users or processes, but this could be avoided if
>> the milter reinjected scanned messages using QMQP or the Postfix
>> sendmail command.
>>
>> --
>> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
>> San Francisco Bay Area, California    better use your sense - B. Dylan
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>
>
> --
> Shawn Iverson, CETL
> Director of Technology
> Rush County Schools
> 765-932-3901 option 7
> iversons at rushville.k12.in.us
>
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181122/a9723ed2/attachment.html>

From iversons at rushville.k12.in.us  Thu Nov 22 17:33:10 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Thu, 22 Nov 2018 12:33:10 -0500
Subject: Thoughts on MSMilter
In-Reply-To: <CABu_8zJG0zsJDBZnecXATm4HoxsANmaZXbFoR5raq_SOE-=0Dg@mail.gmail.com>
References: <150810c9-e4c3-f848-5f25-c278854f619b@msapiro.net>
 <CABu_8z+U2aqBhrpa=UBZ317Er+uQWSVHfx7dUa9+nzL6q-xMxQ@mail.gmail.com>
 <CABu_8zJG0zsJDBZnecXATm4HoxsANmaZXbFoR5raq_SOE-=0Dg@mail.gmail.com>
Message-ID: <CABu_8zJYff7KgLXVra4kt8WMkLTVWL+VMxPVY3p+M-QC5ACHdw@mail.gmail.com>

Mark,

Success!  My oh my, QMQP is incredibly fast!  This is wonderful :)  Stay
tuned for a PR to include this and to enable/disable the milter loopback
checks...

On Thu, Nov 22, 2018 at 8:29 AM Shawn Iverson <iversons at rushville.k12.in.us>
wrote:

> Mark,
>
> How much do you know about QMQP?
>
> It looks like I need to do this to send a message to it...I'm going to do
> some hacking and see how I can make this work...
>
> Encode a series of safe strings as a netstring representing the message.
> Encode the envelope sender the same way (not sure the format)
> Encode the original recipients the same way (also not sure the format,
> assuming  <email at example.com>)
> Send the data to QMQP
> Watch for the response, which is either K, Z, or D (decoded from a
> netstring)
> Act based on the response K = sent, Z = tempfail, D =permfail
>
>
> On Wed, Nov 21, 2018 at 10:22 PM Shawn Iverson <
> iversons at rushville.k12.in.us> wrote:
>
>> sendmail compatibility interface is not an option, see
>> https://github.com/MailScanner/v5/blob/3fce3ff80180b71520bcd03dfb2cb1a53369603c/common/usr/share/MailScanner/perl/MailScanner/MSMail.pm#L935
>>
>> QMQP may be a good option.  I will check into this method....
>>
>> On Wed, Nov 21, 2018 at 9:19 PM Mark Sapiro <mark at msapiro.net> wrote:
>>
>>> First a big thank you to Shawn for all the work on MSMilter. I think at
>>> this point with the merge of
>>> <https://github.com/MailScanner/v5/pull/305> it is working very well. It
>>> also provides a framework for adding even more checks at incoming SMTP
>>> time.
>>>
>>> There is one thing that I think could be improved in the current
>>> implementation. The milter is invoked by Postfix via the smtpd_milters
>>> configuration on all mail that arrives via SMTP. In most cases, it tells
>>> Postfix to DISCARD the message meaning the SMTP client is told the
>>> message is accepted but Postfix doesn't queue the message for further
>>> processing. The milter in turn has queued the message for MailScanner,
>>> and MailScanner processes the message and may queue messages back to be
>>> picked up by the milter and redelivered to Postfix.
>>>
>>> The issue is the milter reinjects the message via SMTP to postfix. This
>>> means the milter will be invoked again to process the message it just
>>> reinjected. For this reason, the milter just accepts all messages
>>> arriving from the local host so they can be processed by Postfix and
>>> avoid and endless loop through MailScanner.
>>>
>>> This all works, except it means that other messages arriving via SMTP
>>> from the local host are just accepted by the milter and not seen by
>>> MailScanner. This is not a major issue as such messages are usually only
>>> generated by trusted users or processes, but this could be avoided if
>>> the milter reinjected scanned messages using QMQP or the Postfix
>>> sendmail command.
>>>
>>> --
>>> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
>>> San Francisco Bay Area, California    better use your sense - B. Dylan
>>>
>>>
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>>
>>
>> --
>> Shawn Iverson, CETL
>> Director of Technology
>> Rush County Schools
>> 765-932-3901 option 7
>> iversons at rushville.k12.in.us
>>
>>
>>
>
> --
> Shawn Iverson, CETL
> Director of Technology
> Rush County Schools
> 765-932-3901 option 7
> iversons at rushville.k12.in.us
>
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181122/b1e075bb/attachment.html>

From mark at msapiro.net  Fri Nov 23 03:55:42 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 22 Nov 2018 19:55:42 -0800
Subject: Scanned Modify Subject
In-Reply-To: <1a1af5a0941e46c96ac455a702156cbd@richsphere.co.uk>
References: <73d848d749b2e30acd9e02ab20d042b9@richsphere.co.uk>
 <CABu_8zLXQ4QUzpzZtC5fwJpr74Q00JHd=JGK899t09CqhK7c5g@mail.gmail.com>
 <1a1af5a0941e46c96ac455a702156cbd@richsphere.co.uk>
Message-ID: <1e2a3f4a-1683-f7db-8bf8-568030c71e4e@msapiro.net>

On 11/21/18 8:22 AM, Richard Mealing wrote:
> 
> Jules rightly says the email client adds the RE tag to the subject so I
> can't see a way around this behaviour. Now I have this set in a ruleset
> I can't see how mailscanner could search for the domain in the rules
> file, then search every email for that domains subject header for the
> tag I set inside the rules file. I personally think it would cause a lot
> of extra load, unless someone could figure out a better way? I can't.?



It should really be straightforward. Assuming prepending, the current
code knows exactly what string it is going to prepend to the subject and
looks for that string at the beginning of the existing subject and does
the addition if it's not found.

All it needs to do instead is look for the string anywhere in the
subject or maybe use a regexp to look for
/^((RE|AW|SV|VS|FW|FWD): *)*the_string/i

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


From iversons at rushville.k12.in.us  Fri Nov 23 18:21:08 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Fri, 23 Nov 2018 13:21:08 -0500
Subject: Thoughts on MSMilter
In-Reply-To: <CABu_8zJYff7KgLXVra4kt8WMkLTVWL+VMxPVY3p+M-QC5ACHdw@mail.gmail.com>
References: <150810c9-e4c3-f848-5f25-c278854f619b@msapiro.net>
 <CABu_8z+U2aqBhrpa=UBZ317Er+uQWSVHfx7dUa9+nzL6q-xMxQ@mail.gmail.com>
 <CABu_8zJG0zsJDBZnecXATm4HoxsANmaZXbFoR5raq_SOE-=0Dg@mail.gmail.com>
 <CABu_8zJYff7KgLXVra4kt8WMkLTVWL+VMxPVY3p+M-QC5ACHdw@mail.gmail.com>
Message-ID: <CABu_8zK=TawgOW=xobnLdtnV=Lm1r5eK=+DF59WEWd1dD5_DcQ@mail.gmail.com>

Mark,

https://github.com/MailScanner/v5/pull/311

On Thu, Nov 22, 2018 at 12:33 PM Shawn Iverson <iversons at rushville.k12.in.us>
wrote:

> Mark,
>
> Success!  My oh my, QMQP is incredibly fast!  This is wonderful :)  Stay
> tuned for a PR to include this and to enable/disable the milter loopback
> checks...
>
> On Thu, Nov 22, 2018 at 8:29 AM Shawn Iverson <
> iversons at rushville.k12.in.us> wrote:
>
>> Mark,
>>
>> How much do you know about QMQP?
>>
>> It looks like I need to do this to send a message to it...I'm going to do
>> some hacking and see how I can make this work...
>>
>> Encode a series of safe strings as a netstring representing the message.
>> Encode the envelope sender the same way (not sure the format)
>> Encode the original recipients the same way (also not sure the format,
>> assuming  <email at example.com>)
>> Send the data to QMQP
>> Watch for the response, which is either K, Z, or D (decoded from a
>> netstring)
>> Act based on the response K = sent, Z = tempfail, D =permfail
>>
>>
>> On Wed, Nov 21, 2018 at 10:22 PM Shawn Iverson <
>> iversons at rushville.k12.in.us> wrote:
>>
>>> sendmail compatibility interface is not an option, see
>>> https://github.com/MailScanner/v5/blob/3fce3ff80180b71520bcd03dfb2cb1a53369603c/common/usr/share/MailScanner/perl/MailScanner/MSMail.pm#L935
>>>
>>> QMQP may be a good option.  I will check into this method....
>>>
>>> On Wed, Nov 21, 2018 at 9:19 PM Mark Sapiro <mark at msapiro.net> wrote:
>>>
>>>> First a big thank you to Shawn for all the work on MSMilter. I think at
>>>> this point with the merge of
>>>> <https://github.com/MailScanner/v5/pull/305> it is working very well.
>>>> It
>>>> also provides a framework for adding even more checks at incoming SMTP
>>>> time.
>>>>
>>>> There is one thing that I think could be improved in the current
>>>> implementation. The milter is invoked by Postfix via the smtpd_milters
>>>> configuration on all mail that arrives via SMTP. In most cases, it tells
>>>> Postfix to DISCARD the message meaning the SMTP client is told the
>>>> message is accepted but Postfix doesn't queue the message for further
>>>> processing. The milter in turn has queued the message for MailScanner,
>>>> and MailScanner processes the message and may queue messages back to be
>>>> picked up by the milter and redelivered to Postfix.
>>>>
>>>> The issue is the milter reinjects the message via SMTP to postfix. This
>>>> means the milter will be invoked again to process the message it just
>>>> reinjected. For this reason, the milter just accepts all messages
>>>> arriving from the local host so they can be processed by Postfix and
>>>> avoid and endless loop through MailScanner.
>>>>
>>>> This all works, except it means that other messages arriving via SMTP
>>>> from the local host are just accepted by the milter and not seen by
>>>> MailScanner. This is not a major issue as such messages are usually only
>>>> generated by trusted users or processes, but this could be avoided if
>>>> the milter reinjected scanned messages using QMQP or the Postfix
>>>> sendmail command.
>>>>
>>>> --
>>>> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
>>>> San Francisco Bay Area, California    better use your sense - B. Dylan
>>>>
>>>>
>>>>
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>>
>>>
>>> --
>>> Shawn Iverson, CETL
>>> Director of Technology
>>> Rush County Schools
>>> 765-932-3901 option 7
>>> iversons at rushville.k12.in.us
>>>
>>>
>>>
>>
>> --
>> Shawn Iverson, CETL
>> Director of Technology
>> Rush County Schools
>> 765-932-3901 option 7
>> iversons at rushville.k12.in.us
>>
>>
>>
>
> --
> Shawn Iverson, CETL
> Director of Technology
> Rush County Schools
> 765-932-3901 option 7
> iversons at rushville.k12.in.us
>
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181123/ae711885/attachment.html>

From mark at msapiro.net  Fri Nov 23 20:44:28 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Fri, 23 Nov 2018 12:44:28 -0800
Subject: Thoughts on MSMilter
In-Reply-To: <CABu_8zK=TawgOW=xobnLdtnV=Lm1r5eK=+DF59WEWd1dD5_DcQ@mail.gmail.com>
References: <150810c9-e4c3-f848-5f25-c278854f619b@msapiro.net>
 <CABu_8z+U2aqBhrpa=UBZ317Er+uQWSVHfx7dUa9+nzL6q-xMxQ@mail.gmail.com>
 <CABu_8zJG0zsJDBZnecXATm4HoxsANmaZXbFoR5raq_SOE-=0Dg@mail.gmail.com>
 <CABu_8zJYff7KgLXVra4kt8WMkLTVWL+VMxPVY3p+M-QC5ACHdw@mail.gmail.com>
 <CABu_8zK=TawgOW=xobnLdtnV=Lm1r5eK=+DF59WEWd1dD5_DcQ@mail.gmail.com>
Message-ID: <08abba16-266c-1038-a36d-8fe285f31c79@msapiro.net>

On 11/23/18 10:21 AM, Shawn Iverson via MailScanner wrote:
> Mark,
> 
> https://github.com/MailScanner/v5/pull/311

There is an issue with this. Probably an extra or missing brace
somewhere, but I haven't figured out where.

Nov 23 12:39:09 msapiro ms-init[26595]: syntax error at
/usr/share/MailScanner/perl/MailScanner/MSMail.pm line 1235, near "}"
Nov 23 12:39:09 msapiro ms-init[26595]: syntax error at
/usr/share/MailScanner/perl/MailScanner/MSMail.pm line 1255, near "}"
Nov 23 12:39:09 msapiro ms-init[26595]: Can't use global @_ in "my" at
/usr/share/MailScanner/perl/MailScanner/MSMail.pm line 1264, near "= @_"
Nov 23 12:39:09 msapiro ms-init[26595]: syntax error at
/usr/share/MailScanner/perl/MailScanner/MSMail.pm line 1316, near "}"
Nov 23 12:39:09 msapiro ms-init[26595]:
/usr/share/MailScanner/perl/MailScanner/MSMail.pm has too many errors.
Nov 23 12:39:09 msapiro ms-init[26595]: Compilation failed in require at
/usr/sbin/MailScanner line 396.


-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


From iversons at rushville.k12.in.us  Fri Nov 23 20:52:11 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Fri, 23 Nov 2018 15:52:11 -0500
Subject: Thoughts on MSMilter
In-Reply-To: <08abba16-266c-1038-a36d-8fe285f31c79@msapiro.net>
References: <150810c9-e4c3-f848-5f25-c278854f619b@msapiro.net>
 <CABu_8z+U2aqBhrpa=UBZ317Er+uQWSVHfx7dUa9+nzL6q-xMxQ@mail.gmail.com>
 <CABu_8zJG0zsJDBZnecXATm4HoxsANmaZXbFoR5raq_SOE-=0Dg@mail.gmail.com>
 <CABu_8zJYff7KgLXVra4kt8WMkLTVWL+VMxPVY3p+M-QC5ACHdw@mail.gmail.com>
 <CABu_8zK=TawgOW=xobnLdtnV=Lm1r5eK=+DF59WEWd1dD5_DcQ@mail.gmail.com>
 <08abba16-266c-1038-a36d-8fe285f31c79@msapiro.net>
Message-ID: <CABu_8zLUqcTSHCxRsNbAOxP1x0-ke34Gn4OiOUtGZnUQ42WDZg@mail.gmail.com>

Mark,

Found it, I missed a few lines starting at 1115 when preparing the PR.  I
have rebased it.

On Fri, Nov 23, 2018 at 3:44 PM Mark Sapiro <mark at msapiro.net> wrote:

> On 11/23/18 10:21 AM, Shawn Iverson via MailScanner wrote:
> > Mark,
> >
> > https://github.com/MailScanner/v5/pull/311
>
> There is an issue with this. Probably an extra or missing brace
> somewhere, but I haven't figured out where.
>
> Nov 23 12:39:09 msapiro ms-init[26595]: syntax error at
> /usr/share/MailScanner/perl/MailScanner/MSMail.pm line 1235, near "}"
> Nov 23 12:39:09 msapiro ms-init[26595]: syntax error at
> /usr/share/MailScanner/perl/MailScanner/MSMail.pm line 1255, near "}"
> Nov 23 12:39:09 msapiro ms-init[26595]: Can't use global @_ in "my" at
> /usr/share/MailScanner/perl/MailScanner/MSMail.pm line 1264, near "= @_"
> Nov 23 12:39:09 msapiro ms-init[26595]: syntax error at
> /usr/share/MailScanner/perl/MailScanner/MSMail.pm line 1316, near "}"
> Nov 23 12:39:09 msapiro ms-init[26595]:
> /usr/share/MailScanner/perl/MailScanner/MSMail.pm has too many errors.
> Nov 23 12:39:09 msapiro ms-init[26595]: Compilation failed in require at
> /usr/sbin/MailScanner line 396.
>
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181123/a924d094/attachment.html>

From iversons at rushville.k12.in.us  Fri Nov 23 21:12:19 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Fri, 23 Nov 2018 16:12:19 -0500
Subject: Thoughts on MSMilter
In-Reply-To: <CABu_8zLUqcTSHCxRsNbAOxP1x0-ke34Gn4OiOUtGZnUQ42WDZg@mail.gmail.com>
References: <150810c9-e4c3-f848-5f25-c278854f619b@msapiro.net>
 <CABu_8z+U2aqBhrpa=UBZ317Er+uQWSVHfx7dUa9+nzL6q-xMxQ@mail.gmail.com>
 <CABu_8zJG0zsJDBZnecXATm4HoxsANmaZXbFoR5raq_SOE-=0Dg@mail.gmail.com>
 <CABu_8zJYff7KgLXVra4kt8WMkLTVWL+VMxPVY3p+M-QC5ACHdw@mail.gmail.com>
 <CABu_8zK=TawgOW=xobnLdtnV=Lm1r5eK=+DF59WEWd1dD5_DcQ@mail.gmail.com>
 <08abba16-266c-1038-a36d-8fe285f31c79@msapiro.net>
 <CABu_8zLUqcTSHCxRsNbAOxP1x0-ke34Gn4OiOUtGZnUQ42WDZg@mail.gmail.com>
Message-ID: <CABu_8z+6gkAcJG-me22_M-bvqXG91BpTRcaqHDwStWMJ6=wv6g@mail.gmail.com>

Found another oops, rebasing again...

On Fri, Nov 23, 2018 at 3:52 PM Shawn Iverson <iversons at rushville.k12.in.us>
wrote:

> Mark,
>
> Found it, I missed a few lines starting at 1115 when preparing the PR.  I
> have rebased it.
>
> On Fri, Nov 23, 2018 at 3:44 PM Mark Sapiro <mark at msapiro.net> wrote:
>
>> On 11/23/18 10:21 AM, Shawn Iverson via MailScanner wrote:
>> > Mark,
>> >
>> > https://github.com/MailScanner/v5/pull/311
>>
>> There is an issue with this. Probably an extra or missing brace
>> somewhere, but I haven't figured out where.
>>
>> Nov 23 12:39:09 msapiro ms-init[26595]: syntax error at
>> /usr/share/MailScanner/perl/MailScanner/MSMail.pm line 1235, near "}"
>> Nov 23 12:39:09 msapiro ms-init[26595]: syntax error at
>> /usr/share/MailScanner/perl/MailScanner/MSMail.pm line 1255, near "}"
>> Nov 23 12:39:09 msapiro ms-init[26595]: Can't use global @_ in "my" at
>> /usr/share/MailScanner/perl/MailScanner/MSMail.pm line 1264, near "= @_"
>> Nov 23 12:39:09 msapiro ms-init[26595]: syntax error at
>> /usr/share/MailScanner/perl/MailScanner/MSMail.pm line 1316, near "}"
>> Nov 23 12:39:09 msapiro ms-init[26595]:
>> /usr/share/MailScanner/perl/MailScanner/MSMail.pm has too many errors.
>> Nov 23 12:39:09 msapiro ms-init[26595]: Compilation failed in require at
>> /usr/sbin/MailScanner line 396.
>>
>>
>> --
>> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
>> San Francisco Bay Area, California    better use your sense - B. Dylan
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>
>
> --
> Shawn Iverson, CETL
> Director of Technology
> Rush County Schools
> 765-932-3901 option 7
> iversons at rushville.k12.in.us
>
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181123/098f406c/attachment.html>

From mark at msapiro.net  Fri Nov 23 21:42:54 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Fri, 23 Nov 2018 13:42:54 -0800
Subject: Thoughts on MSMilter
In-Reply-To: <CABu_8z+6gkAcJG-me22_M-bvqXG91BpTRcaqHDwStWMJ6=wv6g@mail.gmail.com>
References: <150810c9-e4c3-f848-5f25-c278854f619b@msapiro.net>
 <CABu_8z+U2aqBhrpa=UBZ317Er+uQWSVHfx7dUa9+nzL6q-xMxQ@mail.gmail.com>
 <CABu_8zJG0zsJDBZnecXATm4HoxsANmaZXbFoR5raq_SOE-=0Dg@mail.gmail.com>
 <CABu_8zJYff7KgLXVra4kt8WMkLTVWL+VMxPVY3p+M-QC5ACHdw@mail.gmail.com>
 <CABu_8zK=TawgOW=xobnLdtnV=Lm1r5eK=+DF59WEWd1dD5_DcQ@mail.gmail.com>
 <08abba16-266c-1038-a36d-8fe285f31c79@msapiro.net>
 <CABu_8zLUqcTSHCxRsNbAOxP1x0-ke34Gn4OiOUtGZnUQ42WDZg@mail.gmail.com>
 <CABu_8z+6gkAcJG-me22_M-bvqXG91BpTRcaqHDwStWMJ6=wv6g@mail.gmail.com>
Message-ID: <bef3e25a-903a-a2fe-ada5-674c1a3491bc@msapiro.net>

On 11/23/18 1:12 PM, Shawn Iverson via MailScanner wrote:
> Found another oops, rebasing again...


Thanks Shawn.

I have run several tests and all looks good. I only tested this one
milter configuration, but it's doing everything right.

> Incoming Queue Dir = /var/spool/MailScanner/milterin
> Outgoing Queue Dir = /var/spool/MailScanner/milterout
> MTA = msmail
> MSMail Queue Type = short
> Milter Scanner = yes
> Milter Dispatcher = postfork
> 
> # For QMQP delivery
> 
> MSMail Delivery Method = QMQP
> MSMail Socket Type = inet
> MSMail Relay Port = 628
> Milter Ignore Loopback = no


-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


From mark at msapiro.net  Sat Nov 24 03:37:20 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Fri, 23 Nov 2018 19:37:20 -0800
Subject: Thoughts on MSMilter
In-Reply-To: <bef3e25a-903a-a2fe-ada5-674c1a3491bc@msapiro.net>
References: <150810c9-e4c3-f848-5f25-c278854f619b@msapiro.net>
 <CABu_8z+U2aqBhrpa=UBZ317Er+uQWSVHfx7dUa9+nzL6q-xMxQ@mail.gmail.com>
 <CABu_8zJG0zsJDBZnecXATm4HoxsANmaZXbFoR5raq_SOE-=0Dg@mail.gmail.com>
 <CABu_8zJYff7KgLXVra4kt8WMkLTVWL+VMxPVY3p+M-QC5ACHdw@mail.gmail.com>
 <CABu_8zK=TawgOW=xobnLdtnV=Lm1r5eK=+DF59WEWd1dD5_DcQ@mail.gmail.com>
 <08abba16-266c-1038-a36d-8fe285f31c79@msapiro.net>
 <CABu_8zLUqcTSHCxRsNbAOxP1x0-ke34Gn4OiOUtGZnUQ42WDZg@mail.gmail.com>
 <CABu_8z+6gkAcJG-me22_M-bvqXG91BpTRcaqHDwStWMJ6=wv6g@mail.gmail.com>
 <bef3e25a-903a-a2fe-ada5-674c1a3491bc@msapiro.net>
Message-ID: <9377d0ed-90ca-ce33-68e5-765f4a1d83b1@msapiro.net>

On 11/23/18 1:42 PM, Mark Sapiro wrote:
> On 11/23/18 1:12 PM, Shawn Iverson via MailScanner wrote:
>> Found another oops, rebasing again...

And there's another. See my requested change in the PR at
<https://github.com/MailScanner/v5/pull/311>. The code tests the wrong
thing for a Perm Failure which could result in endlessly retrying same.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From sales at edenusa.com  Sat Nov 24 07:01:04 2018
From: sales at edenusa.com (Paul Scott)
Date: Sat, 24 Nov 2018 07:01:04 +0000
Subject: Cannot Install MailScanner on CentOS 6
Message-ID: <BY2PR10MB0775E36BF130DE20DD929E98B0D50@BY2PR10MB0775.namprd10.prod.outlook.com>

I am getting the following at the end of the installation process, every time that I try:

Installing the MailScanner RPM ...
error: Failed dependencies:
        perl(Archive::Zip) is needed by MailScanner-5.0.7-3.noarch
        perl(Filesys::Df) is needed by MailScanner-5.0.7-3.noarch
        perl(IO::Stringy) is needed by MailScanner-5.0.7-3.noarch
        perl(MIME::Decoder::BinHex) is needed by MailScanner-5.0.7-3.noarch
        perl(MIME::Decoder::UU) is needed by MailScanner-5.0.7-3.noarch
        perl(MIME::Head) is needed by MailScanner-5.0.7-3.noarch
        perl(MIME::Parser) is needed by MailScanner-5.0.7-3.noarch
        perl(MIME::WordDecoder) is needed by MailScanner-5.0.7-3.noarch
        perl(Net::CIDR) is needed by MailScanner-5.0.7-3.noarch
        perl(OLE::Storage_Lite) is needed by MailScanner-5.0.7-3.noarch
        perl(Sys::Hostname::Long) is needed by MailScanner-5.0.7-3.noarch
        perl(Sys::SigAction) is needed by MailScanner-5.0.7-3.noarch

----------------------------------------------------------
Installation Error

The MailScanner RPM failed to install. Address the required
dependencies and run the installer again. Note that electing
to use EPEL and CPAN should resolve dependency errors.

Note that Perl modules need to be available system-wide. A
common issue is that missing modules were installed in a
user specific configuration.

I have tried telling the installer to use CPAN, but I get a lot of errors that look like this:

Warning: no success downloading '/root/.cpan/sources/authors/01mailrc.txt.gz.tmp13565'. Giving up on it. at /usr/share/perl5/CPAN/Index.pm line 225
No external ftp command available

Your urllist is empty! The urllist can be edited. E.g. with 'o conf urllist
push ftp://myurl/'

Could not fetch authors/01mailrc.txt.gz
Terminal does not support GetHistory.
Lockfile removed.

Any idea why this is happening?  Please help.  Thank you very much!

Sincerely,

Paul Scott, Engineer
Eden USA, Incorporated
Event Production Services Since 1995
Los Angeles-Las Vegas-New York
sales at edenusa.com<mailto:sales at edenusa.com> OR edenusasales at gmail.com<mailto:edenusasales at gmail.com>
Telephone(s): 866.501.3336 OR 951.505.6967
Fax: 866.502.3336

Please review us on Google, Yelp, or Facebook, at the following links:
Google: https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs
Yelp: https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA
Facebook: https://www.facebook.com/pg/EdenUSAInc/reviews/

Please visit us on our website or on our Facebook Business page:
WEBSITE: https://www.edenusa.com
FACEBOOK: http://www.facebook.com/edenusainc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181124/858afff1/attachment.html>

From thom at vdb.nl  Sat Nov 24 07:21:27 2018
From: thom at vdb.nl (Thom van der Boon)
Date: Sat, 24 Nov 2018 08:21:27 +0100 (CET)
Subject: Cannot Install MailScanner on CentOS 6
In-Reply-To: <BY2PR10MB0775E36BF130DE20DD929E98B0D50@BY2PR10MB0775.namprd10.prod.outlook.com>
References: <BY2PR10MB0775E36BF130DE20DD929E98B0D50@BY2PR10MB0775.namprd10.prod.outlook.com>
Message-ID: <1197945746.497349.1543044087387.JavaMail.zimbra@vdb.nl>

Paul, 

Is this a "brand new" server you are setting up? 

Please check wether wget and curl have been installed by typing: yum install wget curl epel-release 

Furthermore you are trying to install an outdated version 

wget https://s3.amazonaws.com/msv5/release/MailScanner-5.1.2-2.rhel.tar.gz 

Please do every "normal" things to test your internet connection. Are you behind a proxy? 

try ping 8.8.8.8 
try downloading other files 

Does the commands "yum -y upgrade" work? 

Met vriendelijke groet, Best regards, 


Thom van der Boon 
E-Mail: thom at vdb.nl 



===== 



Thom.H. van der Boon b.v. 
Transito 4 
6909 DA Babberich 
Tel.: [ tel:+31884272727 | +31 (0)88 4272727 ] 
Fax: +31 (0)88 4272789 
Home Page: http://www.vdb.nl/ 


Van: "Paul Scott" <sales at edenusa.com> 
Aan: "MailScanner Discussion" <mailscanner at lists.mailscanner.info> 
Verzonden: Zaterdag 24 november 2018 08:01:04 
Onderwerp: Cannot Install MailScanner on CentOS 6 



I am getting the following at the end of the installation process, every time that I try: 



Installing the MailScanner RPM ... 

error: Failed dependencies: 

perl(Archive::Zip) is needed by MailScanner-5.0.7-3.noarch 

perl(Filesys::Df) is needed by MailScanner-5.0.7-3.noarch 

perl(IO::Stringy) is needed by MailScanner-5.0.7-3.noarch 

perl(MIME::Decoder::BinHex) is needed by MailScanner-5.0.7-3.noarch 

perl(MIME::Decoder::UU) is needed by MailScanner-5.0.7-3.noarch 

perl(MIME::Head) is needed by MailScanner-5.0.7-3.noarch 

perl(MIME::Parser) is needed by MailScanner-5.0.7-3.noarch 

perl(MIME::WordDecoder) is needed by MailScanner-5.0.7-3.noarch 

perl(Net::CIDR) is needed by MailScanner-5.0.7-3.noarch 

perl(OLE::Storage_Lite) is needed by MailScanner-5.0.7-3.noarch 

perl(Sys::Hostname::Long) is needed by MailScanner-5.0.7-3.noarch 

perl(Sys::SigAction) is needed by MailScanner-5.0.7-3.noarch 



---------------------------------------------------------- 

Installation Error 



The MailScanner RPM failed to install. Address the required 

dependencies and run the installer again. Note that electing 

to use EPEL and CPAN should resolve dependency errors. 



Note that Perl modules need to be available system-wide. A 

common issue is that missing modules were installed in a 

user specific configuration. 



I have tried telling the installer to use CPAN, but I get a lot of errors that look like this: 



Warning: no success downloading '/root/.cpan/sources/authors/01mailrc.txt.gz.tmp13565'. Giving up on it. at /usr/share/perl5/CPAN/Index.pm line 225 

No external ftp command available 



Your urllist is empty! The urllist can be edited. E.g. with 'o conf urllist 

push ftp://myurl/' 



Could not fetch authors/01mailrc.txt.gz 

Terminal does not support GetHistory. 

Lockfile removed. 



Any idea why this is happening? Please help. Thank you very much! 



Sincerely, 



Paul Scott, Engineer 

Eden USA, Incorporated 
Event Production Services Since 1995 
Los Angeles-Las Vegas-New York 
[ mailto:sales at edenusa.com | sales at edenusa.com ] OR [ mailto:edenusasales at gmail.com | edenusasales at gmail.com ] 
Telephone(s): 866.501.3336 OR 951.505.6967 
Fax: 866.502.3336 



Please review us on Google, Yelp, or Facebook, at the following links: 

Google: [ https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs | 
https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs ] 


Yelp: [ https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA | 
https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA ] 


Facebook: [ https://www.facebook.com/pg/EdenUSAInc/reviews/ | 
https://www.facebook.com/pg/EdenUSAInc/reviews/ ] 




Please visit us on our website or on our Facebook Business page: 

WEBSITE: [ https://www.edenusa.com/ | https://www.edenusa.com ] 


FACEBOOK: [ http://www.facebook.com/edenusainc | http://www.facebook.com/edenusainc ] 






-- 
MailScanner mailing list 
mailscanner at lists.mailscanner.info 
http://lists.mailscanner.info/mailman/listinfo/mailscanner 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181124/71974053/attachment.html>

From mark at msapiro.net  Sun Nov 25 00:05:48 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 24 Nov 2018 16:05:48 -0800
Subject: Issue with MSMilter/MSMail and QMQP delivery
Message-ID: <9300ac40-56fe-d439-3f6d-bbe2f478e2fd@msapiro.net>

I have discovered an issue with the new milter function and QMQP
delivery. There are 3 files attached to this message.

QUEUE.txt is a queue entry as found in .../milterin.  It seems strange
to me because I'm not fully up to speed on Postfix queues, but the
strangeness is all lines of this file up to and including the empty line
that separates the header from the body have <LF> terminators, but the
body lines after that all have <CRLF> terminators.

It appears to me that the queue files passed to MailScanner come this
way from Postfix, but I'm not certain of that.

Anyway, The files QMQP.txt and SMTP.txt contain the message delivered to
the recipient when QUEUE.txt in placed in milterin/ with an appropriate
name with the respective delivery method set in MailScanner.

The SMTP.txt message has <LF> terminators throughout the entire message,
but the QMQP.txt message has <CRLF> terminators in the body portion of
the message just as in the QUEUE.txt file.

If have tried various experiments delivering messages with and without
<CRLF> body line terminators directly to Postfix via QMQP, and I am
unable to duplicate the <CRLF> body line terminators in the received
mail. Yet I don't see a difference between how I'm testing an how
MSMail.pm is delivering.

The reason this is an issue is the extra <CR> characters in the
delivered mail break DKIM signatures.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

-------------- next part --------------
O<mark at msapiro.net>
S<mark at msapiro.net>
Received: from msapiro.net (localhost [127.0.0.1])
        (no client certificate requested)
        by msapiro (MailScanner Milter) with SMTP id 87DBF28009
To: Mark <mark at msapiro.net>
From: Mark Sapiro <mark at msapiro.net>
Subject: A test email
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="AAA"
Date: Sat, 24 Nov 2018 12:49:08 -0800
Message-ID: <154309254849.17453.2350196229490927015 at msapiro>

--AAA
Content-Type: text/plain

A test message body

--AAA
Content-Type: text/html

A test message <b>body</b>

--AAA--
-------------- next part --------------
From mark at msapiro.net  Sat Nov 24 15:26:10 2018
Return-Path: <mark at msapiro.net>
X-Original-To: mark at msapiro.net
Delivered-To: mark at msapiro.net
Received: from localhost (localhost [127.0.0.1])
	by msapiro.net (Postfix) with QMQP id 3D66334012E
	for <mark at msapiro.net>; Sat, 24 Nov 2018 15:26:10 -0800 (PST)
Received: from msapiro.net (localhost [127.0.0.1])
        (no client certificate requested)
        by msapiro (MailScanner Milter) with SMTP id 87DBF28009
To: Mark <mark at msapiro.net>
From: Mark Sapiro <mark at msapiro.net>
Subject: A test email
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="AAA"
Date: Sat, 24 Nov 2018 12:49:08 -0800
Message-ID: <154309254849.17453.2350196229490927015 at msapiro>
X-msapiro-MailScanner-ID: 87DBF28009.A280E
X-msapiro-MailScanner: Found to be clean
X-msapiro-MailScanner-SpamCheck: not spam, SpamAssassin (cached,
	score=-0.999, required 6, ALL_TRUSTED -1.00, HTML_MESSAGE 0.00)
X-msapiro-MailScanner-From: mark at msapiro.net
X-Spam-Status: No

--AAA
Content-Type: text/plain

A test message body

--AAA
Content-Type: text/html

A test message <b>body</b>

--AAA--

-------------- next part --------------
From mark at msapiro.net  Sat Nov 24 15:22:22 2018
Return-Path: <mark at msapiro.net>
X-Original-To: mark at msapiro.net
Delivered-To: mark at msapiro.net
Received: from msapiro.attlocal.net (localhost [127.0.0.1])
	by msapiro.net (Postfix) with ESMTP id 9261D34012E
	for <mark at msapiro.net>; Sat, 24 Nov 2018 15:22:22 -0800 (PST)
Received: from msapiro.net (localhost [127.0.0.1])
        (no client certificate requested)
        by msapiro (MailScanner Milter) with SMTP id 87DBF28009
To: Mark <mark at msapiro.net>
From: Mark Sapiro <mark at msapiro.net>
Subject: A test email
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="AAA"
Date: Sat, 24 Nov 2018 12:49:08 -0800
Message-ID: <154309254849.17453.2350196229490927015 at msapiro>
X-msapiro-MailScanner-ID: 87DBF28009.A280E
X-msapiro-MailScanner: Found to be clean
X-msapiro-MailScanner-SpamCheck: not spam, SpamAssassin (cached,
	score=-0.999, required 6, ALL_TRUSTED -1.00, HTML_MESSAGE 0.00)
X-msapiro-MailScanner-From: mark at msapiro.net
X-Spam-Status: No

--AAA
Content-Type: text/plain

A test message body

--AAA
Content-Type: text/html

A test message <b>body</b>

--AAA--



From mark at msapiro.net  Sun Nov 25 01:20:05 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 24 Nov 2018 17:20:05 -0800
Subject: Issue with MSMilter/MSMail and QMQP delivery
In-Reply-To: <9300ac40-56fe-d439-3f6d-bbe2f478e2fd@msapiro.net>
References: <9300ac40-56fe-d439-3f6d-bbe2f478e2fd@msapiro.net>
Message-ID: <6992a7b4-ffd9-da8d-2e99-7dea60b72263@msapiro.net>

On 11/24/18 4:05 PM, Mark Sapiro wrote:
> 
> If have tried various experiments delivering messages with and without
> <CRLF> body line terminators directly to Postfix via QMQP, and I am
> unable to duplicate the <CRLF> body line terminators in the received
> mail. Yet I don't see a difference between how I'm testing an how
> MSMail.pm is delivering.


The issue with my experiments was the way I was creating the test
messages didn't actually include the <CR> characters. Now that I figured
that out, I see that for delivery to Postfix via SMTP, line terminators
such as <CRLF>, <CRCRLF> and even <CRCRCRLF> are all treated as <LF>.
I.e., it appears that possibly any number of <CR> characters immediately
preceding a <LF> are dropped, but with delivery via QMQP they are retained.

I think I can come up with a fix.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


From sales at edenusa.com  Sun Nov 25 01:31:02 2018
From: sales at edenusa.com (Paul Scott)
Date: Sun, 25 Nov 2018 01:31:02 +0000
Subject: Cannot Install MailScanner on CentOS 6
In-Reply-To: <1197945746.497349.1543044087387.JavaMail.zimbra@vdb.nl>
References: <BY2PR10MB0775E36BF130DE20DD929E98B0D50@BY2PR10MB0775.namprd10.prod.outlook.com>
 <1197945746.497349.1543044087387.JavaMail.zimbra@vdb.nl>
Message-ID: <BY2PR10MB077530E5A3324AC3D354C005B0D60@BY2PR10MB0775.namprd10.prod.outlook.com>

Hello Thom,

Thank you very much for your reply, it is very much appreciated!

I managed to figure out that indeed, my Internet connection was not working properly.  Then I tried installing again, and had other issues and the install failed.

However, then I downloaded the very latest version, and the installation worked!

Now, I just need to figure out how to migrate all of my old MailScanner configuration settings, Mailwatch, etc. over to this new server.

Thank you again!

Sincerely,

Paul Scott, Engineer
Eden USA, Incorporated
Event Production Services Since 1995
Los Angeles-Las Vegas-New York
sales at edenusa.com<mailto:sales at edenusa.com> OR edenusasales at gmail.com<mailto:edenusasales at gmail.com>
Telephone(s): 866.501.3336 OR 951.505.6967
Fax: 866.502.3336

Please review us on Google, Yelp, or Facebook, at the following links:
Google: https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs
Yelp: https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA
Facebook: https://www.facebook.com/pg/EdenUSAInc/reviews/

Please visit us on our website or on our Facebook Business page:
WEBSITE: https://www.edenusa.com
FACEBOOK: http://www.facebook.com/edenusainc

From: MailScanner <mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info> On Behalf Of Thom van der Boon
Sent: Friday, November 23, 2018 11:21 PM
To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Subject: Re: Cannot Install MailScanner on CentOS 6

Paul,

Is this a "brand new" server you are setting up?

Please check wether wget and curl have been installed by typing: yum install wget curl epel-release

Furthermore you are trying to install an outdated version

wget https://s3.amazonaws.com/msv5/release/MailScanner-5.1.2-2.rhel.tar.gz

Please do every "normal" things to test your internet connection. Are you behind a proxy?

try ping 8.8.8.8
try downloading other files

Does the commands "yum -y upgrade" work?

Met vriendelijke groet, Best regards,


Thom van der Boon
E-Mail: thom at vdb.nl<mailto:thom at vdb.nl>



=====



Thom.H. van der Boon b.v.
Transito 4
6909 DA  Babberich
Tel.: +31 (0)88 4272727<tel:+31884272727>
Fax: +31 (0)88 4272789
Home Page: http://www.vdb.nl/

________________________________
Van: "Paul Scott" <sales at edenusa.com<mailto:sales at edenusa.com>>
Aan: "MailScanner Discussion" <mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>>
Verzonden: Zaterdag 24 november 2018 08:01:04
Onderwerp: Cannot Install MailScanner on CentOS 6

I am getting the following at the end of the installation process, every time that I try:

Installing the MailScanner RPM ...
error: Failed dependencies:
        perl(Archive::Zip) is needed by MailScanner-5.0.7-3.noarch
        perl(Filesys::Df) is needed by MailScanner-5.0.7-3.noarch
        perl(IO::Stringy) is needed by MailScanner-5.0.7-3.noarch
        perl(MIME::Decoder::BinHex) is needed by MailScanner-5.0.7-3.noarch
        perl(MIME::Decoder::UU) is needed by MailScanner-5.0.7-3.noarch
        perl(MIME::Head) is needed by MailScanner-5.0.7-3.noarch
        perl(MIME::Parser) is needed by MailScanner-5.0.7-3.noarch
        perl(MIME::WordDecoder) is needed by MailScanner-5.0.7-3.noarch
        perl(Net::CIDR) is needed by MailScanner-5.0.7-3.noarch
        perl(OLE::Storage_Lite) is needed by MailScanner-5.0.7-3.noarch
        perl(Sys::Hostname::Long) is needed by MailScanner-5.0.7-3.noarch
        perl(Sys::SigAction) is needed by MailScanner-5.0.7-3.noarch

----------------------------------------------------------
Installation Error

The MailScanner RPM failed to install. Address the required
dependencies and run the installer again. Note that electing
to use EPEL and CPAN should resolve dependency errors.

Note that Perl modules need to be available system-wide. A
common issue is that missing modules were installed in a
user specific configuration.

I have tried telling the installer to use CPAN, but I get a lot of errors that look like this:

Warning: no success downloading '/root/.cpan/sources/authors/01mailrc.txt.gz.tmp13565'. Giving up on it. at /usr/share/perl5/CPAN/Index.pm line 225
No external ftp command available

Your urllist is empty! The urllist can be edited. E.g. with 'o conf urllist
push ftp://myurl/'

Could not fetch authors/01mailrc.txt.gz
Terminal does not support GetHistory.
Lockfile removed.

Any idea why this is happening?  Please help.  Thank you very much!

Sincerely,

Paul Scott, Engineer
Eden USA, Incorporated
Event Production Services Since 1995
Los Angeles-Las Vegas-New York
sales at edenusa.com<mailto:sales at edenusa.com> OR edenusasales at gmail.com<mailto:edenusasales at gmail.com>
Telephone(s): 866.501.3336 OR 951.505.6967
Fax: 866.502.3336

Please review us on Google, Yelp, or Facebook, at the following links:
Google: https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs
Yelp: https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA
Facebook: https://www.facebook.com/pg/EdenUSAInc/reviews/

Please visit us on our website or on our Facebook Business page:
WEBSITE: https://www.edenusa.com
FACEBOOK: http://www.facebook.com/edenusainc




--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181125/d5b9962e/attachment.html>

From mark at msapiro.net  Sun Nov 25 02:18:42 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 24 Nov 2018 18:18:42 -0800
Subject: Issue with MSMilter/MSMail and QMQP delivery
In-Reply-To: <6992a7b4-ffd9-da8d-2e99-7dea60b72263@msapiro.net>
References: <9300ac40-56fe-d439-3f6d-bbe2f478e2fd@msapiro.net>
 <6992a7b4-ffd9-da8d-2e99-7dea60b72263@msapiro.net>
Message-ID: <d0d09061-c495-1403-e96d-893afc6c98fc@msapiro.net>

On 11/24/18 5:20 PM, Mark Sapiro wrote:
> 
> I think I can come up with a fix.


I have a fix at <https://github.com/MailScanner/v5/pull/314> which
replaces <CRLF> with <LF>. It works for me.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From gpapamichelakis at gmail.com  Mon Nov 26 09:05:33 2018
From: gpapamichelakis at gmail.com (George Papamichelakis)
Date: Mon, 26 Nov 2018 11:05:33 +0200
Subject: Quarantine release and Dedpuplication
Message-ID: <CAHhLBrFfpwaJM+OO9Xvr6qYVfgYw7v6ypyd9PooVBm1WXu96MQ@mail.gmail.com>

Hi all,

I have this scenario and I wonder how do you people cope with it (if you
do) :

I have a postfix as a primary MX for a domain  with some system users and
an exchange server behind with some additional users. Normally when I
release a quarantined message (mostly due to filename restrictions) the
exchange users did not receive this email with the released attachment but
the postfix (linux) system users   did (exchange implements deduplication
by default I guess). In the way I had to implement  on dovecot  a global
sieve sieve filter which also adds deduplication . Now when I release a
message no user gets the released message because it has the same ID as the
one blocked in the first place. One way to address this is to modify the
global sieve script to not discard the duplicate messages but to store them
in a folder for the user to see , but this breaks the reason why the action
was implemented in the first place.
A second way to bypass this restriction is to release the message in an
alternative user and then this user to FWD to the original recipients, but
this is also awkward.
 I wonder how likely it is to be able to modify the messageID of the
released quarantined message in order to bypass this ?

I use mailwatch to view and release quarantined messages.

Thanks for any suggestions
GP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181126/5fa27075/attachment.html>

From iversons at rushville.k12.in.us  Tue Nov 27 15:42:56 2018
From: iversons at rushville.k12.in.us (Shawn Iverson)
Date: Tue, 27 Nov 2018 10:42:56 -0500
Subject: Quarantine release and Dedpuplication
In-Reply-To: <CAHhLBrFfpwaJM+OO9Xvr6qYVfgYw7v6ypyd9PooVBm1WXu96MQ@mail.gmail.com>
References: <CAHhLBrFfpwaJM+OO9Xvr6qYVfgYw7v6ypyd9PooVBm1WXu96MQ@mail.gmail.com>
Message-ID: <CABu_8zK_azm312RMVQ_ofB4PP+YytRevB597iQnhudraP=VUXg@mail.gmail.com>

George,

Indeed, Exchange does not out of the box accept email that is re-sent with
the same message ID.

MailScanner, though, does not release quarantined messages, it just stores
them in quarantine based on your rules.  MailWatch is releasing the
messages, not MailScanner, and it is probably using the sendmail command to
do that, which means the message content is being released as-is.

You may want to reach out to the MailWatch team and see if they can assist
you.  In theory, it should be possible to modify the Message ID on the
fly.  I'm fairly certain that MailWatch is currently not doing that.

On Mon, Nov 26, 2018 at 8:57 PM George Papamichelakis <
gpapamichelakis at gmail.com> wrote:

>
> Hi all,
>
> I have this scenario and I wonder how do you people cope with it (if you
> do) :
>
> I have a postfix as a primary MX for a domain  with some system users and
> an exchange server behind with some additional users. Normally when I
> release a quarantined message (mostly due to filename restrictions) the
> exchange users did not receive this email with the released attachment but
> the postfix (linux) system users   did (exchange implements deduplication
> by default I guess). In the way I had to implement  on dovecot  a global
> sieve sieve filter which also adds deduplication . Now when I release a
> message no user gets the released message because it has the same ID as the
> one blocked in the first place. One way to address this is to modify the
> global sieve script to not discard the duplicate messages but to store them
> in a folder for the user to see , but this breaks the reason why the action
> was implemented in the first place.
> A second way to bypass this restriction is to release the message in an
> alternative user and then this user to FWD to the original recipients, but
> this is also awkward.
>  I wonder how likely it is to be able to modify the messageID of the
> released quarantined message in order to bypass this ?
>
> I use mailwatch to view and release quarantined messages.
>
> Thanks for any suggestions
> GP
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181127/a5fa1341/attachment.html>

From gpapamichelakis at gmail.com  Tue Nov 27 18:12:54 2018
From: gpapamichelakis at gmail.com (George Papamichelakis)
Date: Tue, 27 Nov 2018 20:12:54 +0200
Subject: Quarantine release and Dedpuplication
In-Reply-To: <CABu_8zK_azm312RMVQ_ofB4PP+YytRevB597iQnhudraP=VUXg@mail.gmail.com>
References: <CAHhLBrFfpwaJM+OO9Xvr6qYVfgYw7v6ypyd9PooVBm1WXu96MQ@mail.gmail.com>
 <CABu_8zK_azm312RMVQ_ofB4PP+YytRevB597iQnhudraP=VUXg@mail.gmail.com>
Message-ID: <CAHhLBrFrc6P3sZg7bjQFCogPyr6kbu3-NpkMAp5sRxeFxGTmzg@mail.gmail.com>

Thanks Shawn

I discovered after the mail was sent to the list, that my mailwatch
installation was a bit old.
After upgrading to the current version of mailwatch I saw that the
procedure has changed and releasing doesn't reproduce this problem.

Thanks anyway!

On Tue, Nov 27, 2018, 17:45 Shawn Iverson via MailScanner <
mailscanner at lists.mailscanner.info wrote:

> George,
>
> Indeed, Exchange does not out of the box accept email that is re-sent with
> the same message ID.
>
> MailScanner, though, does not release quarantined messages, it just stores
> them in quarantine based on your rules.  MailWatch is releasing the
> messages, not MailScanner, and it is probably using the sendmail command to
> do that, which means the message content is being released as-is.
>
> You may want to reach out to the MailWatch team and see if they can assist
> you.  In theory, it should be possible to modify the Message ID on the
> fly.  I'm fairly certain that MailWatch is currently not doing that.
>
> On Mon, Nov 26, 2018 at 8:57 PM George Papamichelakis <
> gpapamichelakis at gmail.com> wrote:
>
>>
>> Hi all,
>>
>> I have this scenario and I wonder how do you people cope with it (if you
>> do) :
>>
>> I have a postfix as a primary MX for a domain  with some system users and
>> an exchange server behind with some additional users. Normally when I
>> release a quarantined message (mostly due to filename restrictions) the
>> exchange users did not receive this email with the released attachment but
>> the postfix (linux) system users   did (exchange implements deduplication
>> by default I guess). In the way I had to implement  on dovecot  a global
>> sieve sieve filter which also adds deduplication . Now when I release a
>> message no user gets the released message because it has the same ID as the
>> one blocked in the first place. One way to address this is to modify the
>> global sieve script to not discard the duplicate messages but to store them
>> in a folder for the user to see , but this breaks the reason why the action
>> was implemented in the first place.
>> A second way to bypass this restriction is to release the message in an
>> alternative user and then this user to FWD to the original recipients, but
>> this is also awkward.
>>  I wonder how likely it is to be able to modify the messageID of the
>> released quarantined message in order to bypass this ?
>>
>> I use mailwatch to view and release quarantined messages.
>>
>> Thanks for any suggestions
>> GP
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>
>
> --
> Shawn Iverson, CETL
> Director of Technology
> Rush County Schools
> 765-932-3901 option 7
> iversons at rushville.k12.in.us
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181127/b262fec6/attachment.html>

From gpapamichelakis at gmail.com  Fri Nov 30 13:41:01 2018
From: gpapamichelakis at gmail.com (George Papamichelakis)
Date: Fri, 30 Nov 2018 15:41:01 +0200
Subject: Bypass filtetype or filename blocking and quarantine
Message-ID: <2ddf036c-aefa-1a64-dfd1-19fcc53cea97@gmail.com>

Hi all,

I'm trying to bypass filename checking? using the examples mentioned in 
the book
in Appendix C? . In particular I have created the three mentioned files 
(filename.rules.allowall.conf,
filetype.rules.allowall.conf and filename.rules). The only different 
thing I have done
different is that I specify a complete mail address instead of the 
domain eg:

FromOrTo:? user at email.tld %etc-dir%/filename.rules.allowall.conf

(I don't want the whole domain to go unchecked, only some users) . But 
the rule don't seem to work
Is this the expected behavior ? If not can I somehow trace why the rule 
doesn't apply ?

Also can I specify in the rule? that I want to bypass the filename (or 
type) checks when the user is the sender but not when the user is the 
recipient ?


Thanks
GP

From mark at msapiro.net  Fri Nov 30 16:48:25 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Fri, 30 Nov 2018 08:48:25 -0800
Subject: Bypass filtetype or filename blocking and quarantine
In-Reply-To: <2ddf036c-aefa-1a64-dfd1-19fcc53cea97@gmail.com>
References: <2ddf036c-aefa-1a64-dfd1-19fcc53cea97@gmail.com>
Message-ID: <39dc97ba-cacb-5de4-8c44-51a580a5e5a1@msapiro.net>

On 11/30/18 5:41 AM, George Papamichelakis wrote:
> 
> I'm trying to bypass filename checking? using the examples mentioned in
> the book
> in Appendix C? .

Which is quite old.

> In particular I have created the three mentioned files
> (filename.rules.allowall.conf,
> filetype.rules.allowall.conf and filename.rules).


What about filetype.rules?

And did you create these in the appropriate (/etc/MailScanner/ and
/etc/MailScanner/rules/) directories, not literally %etc-dir% and %rules%?


> The only different
> thing I have done
> different is that I specify a complete mail address instead of the
> domain eg:
> 
> FromOrTo:? user at email.tld %etc-dir%/filename.rules.allowall.conf


I think you may need /etc/MailScanner/filename.rules.allowall.conf
instead of %etc-dir%/filename.rules.allowall.conf.

And did you make the appropriate Filename Rules and FileType Rules
settings in MailScanner.conf or better in a file in
/etc/MailScanner/conf.d/?


> (I don't want the whole domain to go unchecked, only some users) . But
> the rule don't seem to work
> Is this the expected behavior ? If not can I somehow trace why the rule
> doesn't apply ?


First make sure everything is as indicated above. Then if there are
still problems, post the the actual file path names and their contents
(you can obfuscate actual email addresses) and your config settings for
Filename Rules and FileType Rules.


> Also can I specify in the rule? that I want to bypass the filename (or
> type) checks when the user is the sender but not when the user is the
> recipient ?


Instead of FromOrTo, just use From.

See the files README and EXAMPLES in /etc/MailScanner/rules.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From gpapamichelakis at gmail.com  Fri Nov 30 18:23:52 2018
From: gpapamichelakis at gmail.com (George Papamichelakis)
Date: Fri, 30 Nov 2018 20:23:52 +0200
Subject: Bypass filtetype or filename blocking and quarantine
In-Reply-To: <39dc97ba-cacb-5de4-8c44-51a580a5e5a1@msapiro.net>
References: <2ddf036c-aefa-1a64-dfd1-19fcc53cea97@gmail.com>
 <39dc97ba-cacb-5de4-8c44-51a580a5e5a1@msapiro.net>
Message-ID: <CAHhLBrHUzJ17Hme4TxZG0SO53g6mA6mVs7sz3VqX+8WooZpDrg@mail.gmail.com>

Thanks for suggesting

On Fri, Nov 30, 2018, 6:48 PM Mark Sapiro <mark at msapiro.net wrote:

> On 11/30/18 5:41 AM, George Papamichelakis wrote:
> >
> > I'm trying to bypass filename checking  using the examples mentioned in
> > the book
> > in Appendix C  .
>
> Which is quite old.
>

You mean I shouldn't take very seriously the book ?


> > In particular I have created the three mentioned files
> > (filename.rules.allowall.conf,
> > filetype.rules.allowall.conf and filename.rules).
>
>
> What about filetype.rules?
>

Currently I only need filename rules to bypass. I just created the file
type in advance.


> And did you create these in the appropriate (/etc/MailScanner/ and
> /etc/MailScanner/rules/) directories, not literally %etc-dir% and %rules%?
>

Yes of course


>
> > The only different
> > thing I have done
> > different is that I specify a complete mail address instead of the
> > domain eg:
> >
> > FromOrTo:  user at email.tld %etc-dir%/filename.rules.allowall.conf
>
>
> I think you may need /etc/MailScanner/filename.rules.allowall.conf
> instead of %etc-dir%/filename.rules.allowall.conf.
>
> And did you make the appropriate Filename Rules and FileType Rules
> settings in MailScanner.conf or better in a file in
> /etc/MailScanner/conf.d/?
>
>
>
>
Yes  I did


> > (I don't want the whole domain to go unchecked, only some users) . But
> > the rule don't seem to work
> > Is this the expected behavior ? If not can I somehow trace why the rule
> > doesn't apply ?
>
>
> First make sure everything is as indicated above. Then if there are
> still problems, post the the actual file path names and their contents
> (you can obfuscate actual email addresses) and your config settings for
> Filename Rules and FileType Rules.
>
>
>
>
>
Ok  I will do so first


> > Also can I specify in the rule  that I want to bypass the filename (or
> > type) checks when the user is the sender but not when the user is the
> > recipient ?
>
>
> Instead of FromOrTo, just use From.
>

This applies to To also ?


> See the files README and EXAMPLES in /etc/MailScanner/rules.
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181130/fbf59f0f/attachment.html>

From mark at msapiro.net  Fri Nov 30 18:35:21 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Fri, 30 Nov 2018 10:35:21 -0800
Subject: Bypass filtetype or filename blocking and quarantine
In-Reply-To: <CAHhLBrHUzJ17Hme4TxZG0SO53g6mA6mVs7sz3VqX+8WooZpDrg@mail.gmail.com>
References: <2ddf036c-aefa-1a64-dfd1-19fcc53cea97@gmail.com>
 <39dc97ba-cacb-5de4-8c44-51a580a5e5a1@msapiro.net>
 <CAHhLBrHUzJ17Hme4TxZG0SO53g6mA6mVs7sz3VqX+8WooZpDrg@mail.gmail.com>
Message-ID: <a3b0338c-fda5-1a72-cf30-5550634fd0f7@msapiro.net>

On 11/30/18 10:23 AM, George Papamichelakis wrote:
> 
> On Fri, Nov 30, 2018, 6:48 PM Mark Sapiro <mark at msapiro.net
> <mailto:mark at msapiro.net> wrote:
> 
>     On 11/30/18 5:41 AM, George Papamichelakis wrote:
>     >
>     > I'm trying to bypass filename checking? using the examples
>     mentioned in
>     > the book
>     > in Appendix C? .
> 
>     Which is quite old.
> 
> 
> You mean I shouldn't take very seriously the book ?


I mean there have been many enhancements and some changes since the book
was published, so the book at best is incomplete.


>     Instead of FromOrTo, just use From.
> 
> 
> This applies to To also ?


Yes

>     See the files README and EXAMPLES in /etc/MailScanner/rules.
-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From gpapamichelakis at gmail.com  Fri Nov 30 19:11:04 2018
From: gpapamichelakis at gmail.com (George Papamichelakis)
Date: Fri, 30 Nov 2018 21:11:04 +0200
Subject: Bypass filtetype or filename blocking and quarantine
In-Reply-To: <a3b0338c-fda5-1a72-cf30-5550634fd0f7@msapiro.net>
References: <2ddf036c-aefa-1a64-dfd1-19fcc53cea97@gmail.com>
 <39dc97ba-cacb-5de4-8c44-51a580a5e5a1@msapiro.net>
 <CAHhLBrHUzJ17Hme4TxZG0SO53g6mA6mVs7sz3VqX+8WooZpDrg@mail.gmail.com>
 <a3b0338c-fda5-1a72-cf30-5550634fd0f7@msapiro.net>
Message-ID: <CAHhLBrE31A-8-85kn_H4=RpWvL3zCp_mRhhs-LtuJcjP-Fq11A@mail.gmail.com>

In conf.d folder where you specify the Filename Rules  the notation
%rules-dir%/filename.rules
Is correct or you also need the full path ?

Thanks


On Fri, Nov 30, 2018, 8:35 PM Mark Sapiro <mark at msapiro.net wrote:

> On 11/30/18 10:23 AM, George Papamichelakis wrote:
> >
> > On Fri, Nov 30, 2018, 6:48 PM Mark Sapiro <mark at msapiro.net
> > <mailto:mark at msapiro.net> wrote:
> >
> >     On 11/30/18 5:41 AM, George Papamichelakis wrote:
> >     >
> >     > I'm trying to bypass filename checking  using the examples
> >     mentioned in
> >     > the book
> >     > in Appendix C  .
> >
> >     Which is quite old.
> >
> >
> > You mean I shouldn't take very seriously the book ?
>
>
> I mean there have been many enhancements and some changes since the book
> was published, so the book at best is incomplete.
>
>
> >     Instead of FromOrTo, just use From.
> >
> >
> > This applies to To also ?
>
>
> Yes
>
> >     See the files README and EXAMPLES in /etc/MailScanner/rules.
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181130/6716da99/attachment.html>

From mark at msapiro.net  Fri Nov 30 20:45:08 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Fri, 30 Nov 2018 12:45:08 -0800
Subject: Bypass filtetype or filename blocking and quarantine
In-Reply-To: <CAHhLBrE31A-8-85kn_H4=RpWvL3zCp_mRhhs-LtuJcjP-Fq11A@mail.gmail.com>
References: <2ddf036c-aefa-1a64-dfd1-19fcc53cea97@gmail.com>
 <39dc97ba-cacb-5de4-8c44-51a580a5e5a1@msapiro.net>
 <CAHhLBrHUzJ17Hme4TxZG0SO53g6mA6mVs7sz3VqX+8WooZpDrg@mail.gmail.com>
 <a3b0338c-fda5-1a72-cf30-5550634fd0f7@msapiro.net>
 <CAHhLBrE31A-8-85kn_H4=RpWvL3zCp_mRhhs-LtuJcjP-Fq11A@mail.gmail.com>
Message-ID: <bbaa1d4f-63c2-d79f-9c15-63c676be84ac@msapiro.net>

On 11/30/18 11:11 AM, George Papamichelakis wrote:
> In conf.d folder where you specify the Filename Rules? the notation
> %rules-dir%/filename.rules?
> Is correct or you also need the full path ?


Yes, you can use %rules-dir% in configuration files (MailScanner.conf
and files included in MailScanner.conf, i.e., /etc/MailScanner/conf.d/*)

These %...% substitutions are replaced during processing of the
configuration.


However, I was mistaken when I said you couldn't use the %...% notation
in a ruleset file. I have tested that and the %...% substitutions do
work in rules files.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan