From giovanni at panozzo.it Mon Jul 1 07:56:20 2019 From: giovanni at panozzo.it (Giovanni Panozzo) Date: Mon, 1 Jul 2019 09:56:20 +0200 Subject: Maliscanner not checking SPF ? In-Reply-To: References: <3fa75cf0-7627-f3d0-db79-50659519da63@panozzo.it> Message-ID: Il 30/06/19 19:13, Shawn Iverson via MailScanner ha scritto: > Just a thought, if DNS is working correctly, you may try recompiling the > Mail::SPF from cpan and see if that works. Yes! DNS was apparently working. Ubuntu 18.04 server by default has systemd-resolved listening on 127.0.0.53 and 127.0.0.53 listed in /etc/resolv.conf. I sniffed some DNS packets on the loopback interface and I noticed spamassassin sendig all SPF and RBL queries to 127.0.0.53 without the "recursive" query DNS flag, causing systemd-resolved to fail with "refused". Upgrading spamassiassin from 3.4.1 to 3.4.2 seems to fix this issue: cpan -f -i Mail::SpamAssassin sa-update reboot Now SPF is checked correctly (provided that envelope_sender_header in /etc/MailScanner/spamassassin.conf is set to the correct header, which was not automatically done by MailScanner installer ;)) Thank you. From sales at edenusa.com Sat Jul 6 20:22:32 2019 From: sales at edenusa.com (Paul Scott) Date: Sat, 6 Jul 2019 20:22:32 +0000 Subject: QPopper Message-ID: I am moving my existing Sendmail server from an older CentOS installation to CentOS 6. I used Qualcomm?s QPopper on the old box. I downloaded it and tried compiling it on CentOS and it issued a number of failures when I ran the ?make? command. Unfortunately, the errors are not readable?they look like this: [root at fs9 qpopper4.0.3]# make cd ./popper && make all make[1]: Entering directory `/home/beatinger/Sendmail/QPopper/qpopper4.0.3/popper' gcc -c -I.. -I.. -I. \ -I../mmangle -I../common \ -g -O2 -DHAVE_CONFIG_H -DLINUX -DUNIX popper.c -o popper.o popper.c: In function ???qpopper???: popper.c:129: error: conflicting types for ???getline??? Does anybody know what the issue is, or is there a different POP service that should be used? Sincerely, Paul Scott, Engineer Eden USA, Incorporated Event Production Services Since 1995 Los Angeles-Las Vegas-New York sales at edenusa.com OR edenusasales at gmail.com Telephone(s): 866.501.3336 OR 951.505.6967 Fax: 866.502.3336 Please review us on Google, Yelp, or Facebook, at the following links: Google: https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs Yelp: https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA Facebook: https://www.facebook.com/pg/EdenUSAInc/reviews/ Please visit us on our website or on our Facebook Business page: WEBSITE: https://www.edenusa.com FACEBOOK: http://www.facebook.com/edenusainc -------------- next part -------------- An HTML attachment was scrubbed... URL: From sales at edenusa.com Sun Jul 7 00:19:10 2019 From: sales at edenusa.com (Paul Scott) Date: Sun, 7 Jul 2019 00:19:10 +0000 Subject: QPopper In-Reply-To: References: Message-ID: Well, I received no answer, so am trying Dovecot. Got it installed, but so far, no dice. It doesn?t seem like any IMAP or POP ports are open. Any ideas? Sincerely, Paul Scott, Engineer Eden USA, Incorporated Event Production Services Since 1995 Los Angeles-Las Vegas-New York sales at edenusa.com OR edenusasales at gmail.com Telephone(s): 866.501.3336 OR 951.505.6967 Fax: 866.502.3336 Please review us on Google, Yelp, or Facebook, at the following links: Google: https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs Yelp: https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA Facebook: https://www.facebook.com/pg/EdenUSAInc/reviews/ Please visit us on our website or on our Facebook Business page: WEBSITE: https://www.edenusa.com FACEBOOK: http://www.facebook.com/edenusainc From: Paul Scott Sent: Saturday, July 06, 2019 1:23 PM To: mailscanner at lists.mailscanner.info Subject: QPopper Importance: High I am moving my existing Sendmail server from an older CentOS installation to CentOS 6. I used Qualcomm?s QPopper on the old box. I downloaded it and tried compiling it on CentOS and it issued a number of failures when I ran the ?make? command. Unfortunately, the errors are not readable?they look like this: [root at fs9 qpopper4.0.3]# make cd ./popper && make all make[1]: Entering directory `/home/beatinger/Sendmail/QPopper/qpopper4.0.3/popper' gcc -c -I.. -I.. -I. \ -I../mmangle -I../common \ -g -O2 -DHAVE_CONFIG_H -DLINUX -DUNIX popper.c -o popper.o popper.c: In function ???qpopper???: popper.c:129: error: conflicting types for ???getline??? Does anybody know what the issue is, or is there a different POP service that should be used? Sincerely, Paul Scott, Engineer Eden USA, Incorporated Event Production Services Since 1995 Los Angeles-Las Vegas-New York sales at edenusa.com OR edenusasales at gmail.com Telephone(s): 866.501.3336 OR 951.505.6967 Fax: 866.502.3336 Please review us on Google, Yelp, or Facebook, at the following links: Google: https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs Yelp: https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA Facebook: https://www.facebook.com/pg/EdenUSAInc/reviews/ Please visit us on our website or on our Facebook Business page: WEBSITE: https://www.edenusa.com FACEBOOK: http://www.facebook.com/edenusainc -------------- next part -------------- An HTML attachment was scrubbed... URL: From thom at vdb.nl Sun Jul 7 06:21:51 2019 From: thom at vdb.nl (Thom van der Boon) Date: Sun, 7 Jul 2019 08:21:51 +0200 (CEST) Subject: QPopper In-Reply-To: References: Message-ID: <1237284527.534749.1562480511766.JavaMail.zimbra@vdb.nl> Paul, You are posting non-MailScanner related questions in a MailScanner-only mailinglist Please use Google to solve your non-Mailscanner related issues Met vriendelijke groet, Best regards, Thom van der Boon E-Mail: thom at vdb.nl ===== Thom.H. van der Boon b.v. Transito 4 6909 DA Babberich Tel.: [ tel:+31884272727 | +31 (0)88 4272727 ] Fax: +31 (0)88 4272789 Home Page: http://www.vdb.nl/ Van: "Paul Scott" Aan: "MailScanner Discussion" Verzonden: Zondag 7 juli 2019 02:19:10 Onderwerp: RE: QPopper Well, I received no answer, so am trying Dovecot. Got it installed, but so far, no dice. It doesn?t seem like any IMAP or POP ports are open. Any ideas? Sincerely, Paul Scott, Engineer Eden USA, Incorporated Event Production Services Since 1995 Los Angeles-Las Vegas-New York [ mailto:sales at edenusa.com | sales at edenusa.com ] OR [ mailto:edenusasales at gmail.com | edenusasales at gmail.com ] Telephone(s): 866.501.3336 OR 951.505.6967 Fax: 866.502.3336 Please review us on Google, Yelp, or Facebook, at the following links: Google: [ https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs | https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs ] Yelp: [ https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA | https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA ] Facebook: [ https://www.facebook.com/pg/EdenUSAInc/reviews/ | https://www.facebook.com/pg/EdenUSAInc/reviews/ ] Please visit us on our website or on our Facebook Business page: WEBSITE: [ https://www.edenusa.com/ | https://www.edenusa.com ] FACEBOOK: [ http://www.facebook.com/edenusainc | http://www.facebook.com/edenusainc ] From: Paul Scott Sent: Saturday, July 06, 2019 1:23 PM To: mailscanner at lists.mailscanner.info Subject: QPopper Importance: High I am moving my existing Sendmail server from an older CentOS installation to CentOS 6. I used Qualcomm?s QPopper on the old box. I downloaded it and tried compiling it on CentOS and it issued a number of failures when I ran the ?make? command. Unfortunately, the errors are not readable?they look like this: [root at fs9 qpopper4.0.3]# make cd ./popper && make all make[1]: Entering directory `/home/beatinger/Sendmail/QPopper/qpopper4.0.3/popper' gcc -c -I.. -I.. -I. \ -I../mmangle -I../common \ -g -O2 -DHAVE_CONFIG_H -DLINUX -DUNIX popper.c -o popper.o popper.c: In function ???qpopper???: popper.c:129: error: conflicting types for ???getline??? Does anybody know what the issue is, or is there a different POP service that should be used? Sincerely, Paul Scott, Engineer Eden USA, Incorporated Event Production Services Since 1995 Los Angeles-Las Vegas-New York [ mailto:sales at edenusa.com | sales at edenusa.com ] OR [ mailto:edenusasales at gmail.com | edenusasales at gmail.com ] Telephone(s): 866.501.3336 OR 951.505.6967 Fax: 866.502.3336 Please review us on Google, Yelp, or Facebook, at the following links: Google: [ https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs | https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs ] Yelp: [ https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA | https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA ] Facebook: [ https://www.facebook.com/pg/EdenUSAInc/reviews/ | https://www.facebook.com/pg/EdenUSAInc/reviews/ ] Please visit us on our website or on our Facebook Business page: WEBSITE: [ https://www.edenusa.com/ | https://www.edenusa.com ] FACEBOOK: [ http://www.facebook.com/edenusainc | http://www.facebook.com/edenusainc ] -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From pparsons at techeez.com Mon Jul 8 16:31:02 2019 From: pparsons at techeez.com (Philip Parsons) Date: Mon, 8 Jul 2019 16:31:02 +0000 Subject: Problem Messages Message-ID: <11D8E491D9562549A61FD3186F36342002FF38B81F@exchange.techeez.com> Going to try this again as I cannot be the only one.. Ubuntu 18 Mailscanner 5.1.3 I keep getting Problem messages it's a low volume mailscanner 3000 messages a day. I have gone through a bunch of items suggested to no avail. Keep getting Currently being processed: Number of messages: 1 Tries Message Next Try At ===== ======= =========== 4 x6835eQP041560 Sun Jul 7 20:22:10 2019 Has anyone fixed this before. The messages that it gets hung up on are all different and most are absolutely nothing but TXT Thank you. Philip Parsons -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Mon Jul 8 16:36:12 2019 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Mon, 8 Jul 2019 12:36:12 -0400 Subject: Problem Messages In-Reply-To: <11D8E491D9562549A61FD3186F36342002FF38B81F@exchange.techeez.com> References: <11D8E491D9562549A61FD3186F36342002FF38B81F@exchange.techeez.com> Message-ID: Philip, Stuck in the processing queue and being retried over and over again? What does the subject look like in the raw queue file? There is a WordDecoder fix that may be applicable here that is in testing: https://github.com/MailScanner/v5/commit/aefccdf68b3feda0e07e8cdd1339c3559f8ccaa5 On Mon, Jul 8, 2019 at 12:31 PM Philip Parsons wrote: > Going to try this again as I cannot be the only one.. > > > > Ubuntu 18 > > > > Mailscanner 5.1.3 > > > > > > I keep getting Problem messages it?s a low volume mailscanner 3000 > messages a day. > > > > I have gone through a bunch of items suggested to no avail. > > > > Keep getting > > > > Currently being processed: > > > > Number of messages: 1 > > Tries Message Next Try At > > ===== ======= =========== > > 4 x6835eQP041560 Sun Jul 7 20:22:10 2019 > > > > > > Has anyone fixed this before. The messages that it gets hung up on are > all different and most are absolutely nothing but TXT > > > > > > > > Thank you. > Philip Parsons > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us [image: Cybersecurity] -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Mon Jul 8 16:44:56 2019 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Mon, 8 Jul 2019 12:44:56 -0400 Subject: Problem Messages In-Reply-To: References: <11D8E491D9562549A61FD3186F36342002FF38B81F@exchange.techeez.com> Message-ID: Philip, Also, can you take a look at your mail log and share a sanitized section of the log where the message is failing and being retried? On Mon, Jul 8, 2019 at 12:36 PM Shawn Iverson wrote: > Philip, > > Stuck in the processing queue and being retried over and over again? > > What does the subject look like in the raw queue file? > > There is a WordDecoder fix that may be applicable here that is in testing: > > > https://github.com/MailScanner/v5/commit/aefccdf68b3feda0e07e8cdd1339c3559f8ccaa5 > > > On Mon, Jul 8, 2019 at 12:31 PM Philip Parsons > wrote: > >> Going to try this again as I cannot be the only one.. >> >> >> >> Ubuntu 18 >> >> >> >> Mailscanner 5.1.3 >> >> >> >> >> >> I keep getting Problem messages it?s a low volume mailscanner 3000 >> messages a day. >> >> >> >> I have gone through a bunch of items suggested to no avail. >> >> >> >> Keep getting >> >> >> >> Currently being processed: >> >> >> >> Number of messages: 1 >> >> Tries Message Next Try At >> >> ===== ======= =========== >> >> 4 x6835eQP041560 Sun Jul 7 20:22:10 2019 >> >> >> >> >> >> Has anyone fixed this before. The messages that it gets hung up on are >> all different and most are absolutely nothing but TXT >> >> >> >> >> >> >> >> Thank you. >> Philip Parsons >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > -- > Shawn Iverson, CETL > Director of Technology > Rush County Schools > 765-932-3901 option 7 > iversons at rushville.k12.in.us > > [image: Cybersecurity] > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us [image: Cybersecurity] -------------- next part -------------- An HTML attachment was scrubbed... URL: From pparsons at techeez.com Mon Jul 8 18:27:39 2019 From: pparsons at techeez.com (Philip Parsons) Date: Mon, 8 Jul 2019 18:27:39 +0000 Subject: Problem Messages In-Reply-To: References: <11D8E491D9562549A61FD3186F36342002FF38B81F@exchange.techeez.com> Message-ID: <11D8E491D9562549A61FD3186F36342002FF38BC91@exchange.techeez.com> Yes stuck in the queue and retry over again and again. They messages subject line has nothing except txt for the most part, some times a couple of special characters, Will look at the link.. From: MailScanner On Behalf Of Shawn Iverson via MailScanner Sent: July 8, 2019 9:36 AM To: MailScanner Discussion Cc: Shawn Iverson Subject: Re: Problem Messages Philip, Stuck in the processing queue and being retried over and over again? What does the subject look like in the raw queue file? There is a WordDecoder fix that may be applicable here that is in testing: https://github.com/MailScanner/v5/commit/aefccdf68b3feda0e07e8cdd1339c3559f8ccaa5 On Mon, Jul 8, 2019 at 12:31 PM Philip Parsons > wrote: Going to try this again as I cannot be the only one.. Ubuntu 18 Mailscanner 5.1.3 I keep getting Problem messages it?s a low volume mailscanner 3000 messages a day. I have gone through a bunch of items suggested to no avail. Keep getting Currently being processed: Number of messages: 1 Tries Message Next Try At ===== ======= =========== 4 x6835eQP041560 Sun Jul 7 20:22:10 2019 Has anyone fixed this before. The messages that it gets hung up on are all different and most are absolutely nothing but TXT Thank you. Philip Parsons -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us [https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_Zkh4eEs3R01yWXc&revid=0Bw5iD0ToYvs_QWpBK2Y2ajJtYjhOMDRFekZwK2xOamk5Q3Y0PQ][https://docs.google.com/uc?export=download&id=1aBrlQou4gjB04FY-twHN_0Dn3GHVNxqa&revid=0Bw5iD0ToYvs_RnQ0eDhHcm95WHBFdkNRbXhQRXpoYkR6SEEwPQ][Cybersecurity] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pparsons at techeez.com Mon Jul 8 18:35:21 2019 From: pparsons at techeez.com (Philip Parsons) Date: Mon, 8 Jul 2019 18:35:21 +0000 Subject: Problem Messages In-Reply-To: References: <11D8E491D9562549A61FD3186F36342002FF38B81F@exchange.techeez.com> Message-ID: <11D8E491D9562549A61FD3186F36342002FF38BD0C@exchange.techeez.com> From looking into this deeper it seems to happen with messages just before the child processes are being killed. Plus a couple of times during a ClamAV reloads.. It might just be a timing issue now..? As it not showing anything in the logs except Items like Jul 7 20:13:48 mailscan MailScanner[38042]: Making attempt 3 at processing message x6835eQP041560 Jul 7 20:13:48 mailscan MailScanner[38042]: New Batch: Scanning 1 messages, 6956 bytes Jul 7 20:13:48 mailscan MailScanner[38042]: ClamAV update of /var/lib/clamav/blurl.ndb detected, resetting ClamAV Module Jul 7 20:13:48 mailscan MailScanner[38042]: ClamAV virus database has been updated, killing this child Jul 7 20:16:42 mailscan MailScanner[38464]: Making attempt 4 at processing message x6835eQP041560 Jul 7 20:16:42 mailscan MailScanner[38464]: New Batch: Scanning 1 messages, 6956 bytes Jul 7 20:16:42 mailscan MailScanner[38464]: ClamAV update of /var/lib/clamav/jurlbla.ndb detected, resetting ClamAV Modul E From: MailScanner On Behalf Of Shawn Iverson via MailScanner Sent: July 8, 2019 9:45 AM To: MailScanner Discussion Cc: Shawn Iverson Subject: Re: Problem Messages Philip, Also, can you take a look at your mail log and share a sanitized section of the log where the message is failing and being retried? On Mon, Jul 8, 2019 at 12:36 PM Shawn Iverson > wrote: Philip, Stuck in the processing queue and being retried over and over again? What does the subject look like in the raw queue file? There is a WordDecoder fix that may be applicable here that is in testing: https://github.com/MailScanner/v5/commit/aefccdf68b3feda0e07e8cdd1339c3559f8ccaa5 On Mon, Jul 8, 2019 at 12:31 PM Philip Parsons > wrote: Going to try this again as I cannot be the only one.. Ubuntu 18 Mailscanner 5.1.3 I keep getting Problem messages it?s a low volume mailscanner 3000 messages a day. I have gone through a bunch of items suggested to no avail. Keep getting Currently being processed: Number of messages: 1 Tries Message Next Try At ===== ======= =========== 4 x6835eQP041560 Sun Jul 7 20:22:10 2019 Has anyone fixed this before. The messages that it gets hung up on are all different and most are absolutely nothing but TXT Thank you. Philip Parsons -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us [https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_Zkh4eEs3R01yWXc&revid=0Bw5iD0ToYvs_QWpBK2Y2ajJtYjhOMDRFekZwK2xOamk5Q3Y0PQ][https://docs.google.com/uc?export=download&id=1aBrlQou4gjB04FY-twHN_0Dn3GHVNxqa&revid=0Bw5iD0ToYvs_RnQ0eDhHcm95WHBFdkNRbXhQRXpoYkR6SEEwPQ][Cybersecurity] -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us [https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_Zkh4eEs3R01yWXc&revid=0Bw5iD0ToYvs_QWpBK2Y2ajJtYjhOMDRFekZwK2xOamk5Q3Y0PQ][https://docs.google.com/uc?export=download&id=1aBrlQou4gjB04FY-twHN_0Dn3GHVNxqa&revid=0Bw5iD0ToYvs_RnQ0eDhHcm95WHBFdkNRbXhQRXpoYkR6SEEwPQ][Cybersecurity] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Mon Jul 8 18:40:46 2019 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Mon, 8 Jul 2019 14:40:46 -0400 Subject: Problem Messages In-Reply-To: <11D8E491D9562549A61FD3186F36342002FF38BD0C@exchange.techeez.com> References: <11D8E491D9562549A61FD3186F36342002FF38B81F@exchange.techeez.com> <11D8E491D9562549A61FD3186F36342002FF38BD0C@exchange.techeez.com> Message-ID: Philip, If it is during a ClamAV reload, this commit might also be of interest, also in testing. It forces MailScanner children to wait for an available virus scanner if they become unavailable. https://github.com/MailScanner/v5/commit/1d1e6957c95cacff669b6475344633485a8833c1 On Mon, Jul 8, 2019 at 2:35 PM Philip Parsons wrote: > From looking into this deeper it seems to happen with messages just before > the child processes are being killed. Plus a couple of times during a > ClamAV reloads.. It might just be a timing issue now..? As it not showing > anything in the logs except Items like > > > > Jul 7 20:13:48 mailscan MailScanner[38042]: Making attempt 3 at > processing message x6835eQP041560 > > Jul 7 20:13:48 mailscan MailScanner[38042]: New Batch: Scanning 1 > messages, 6956 bytes > > Jul 7 20:13:48 mailscan MailScanner[38042]: ClamAV update of > /var/lib/clamav/blurl.ndb detected, resetting ClamAV Module > > Jul 7 20:13:48 mailscan MailScanner[38042]: ClamAV virus database has > been updated, killing this child > > > > > > Jul 7 20:16:42 mailscan MailScanner[38464]: Making attempt 4 at > processing message x6835eQP041560 > > Jul 7 20:16:42 mailscan MailScanner[38464]: New Batch: Scanning 1 > messages, 6956 bytes > > Jul 7 20:16:42 mailscan MailScanner[38464]: ClamAV update of > /var/lib/clamav/jurlbla.ndb detected, resetting ClamAV Modul > > E > > > > > > > > *From:* MailScanner techeez.com at lists.mailscanner.info> *On Behalf Of *Shawn Iverson via > MailScanner > *Sent:* July 8, 2019 9:45 AM > *To:* MailScanner Discussion > *Cc:* Shawn Iverson > *Subject:* Re: Problem Messages > > > > Philip, > > > > Also, can you take a look at your mail log and share a sanitized section > of the log where the message is failing and being retried? > > > > On Mon, Jul 8, 2019 at 12:36 PM Shawn Iverson < > iversons at rushville.k12.in.us> wrote: > > Philip, > > > > Stuck in the processing queue and being retried over and over again? > > > > What does the subject look like in the raw queue file? > > > > There is a WordDecoder fix that may be applicable here that is in testing: > > > > > https://github.com/MailScanner/v5/commit/aefccdf68b3feda0e07e8cdd1339c3559f8ccaa5 > > > > > On Mon, Jul 8, 2019 at 12:31 PM Philip Parsons > wrote: > > Going to try this again as I cannot be the only one.. > > > > Ubuntu 18 > > > > Mailscanner 5.1.3 > > > > > > I keep getting Problem messages it?s a low volume mailscanner 3000 > messages a day. > > > > I have gone through a bunch of items suggested to no avail. > > > > Keep getting > > > > Currently being processed: > > > > Number of messages: 1 > > Tries Message Next Try At > > ===== ======= =========== > > 4 x6835eQP041560 Sun Jul 7 20:22:10 2019 > > > > > > Has anyone fixed this before. The messages that it gets hung up on are > all different and most are absolutely nothing but TXT > > > > > > > > Thank you. > Philip Parsons > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > -- > > Shawn Iverson, CETL > > Director of Technology > > Rush County Schools > > 765-932-3901 option 7 > > iversons at rushville.k12.in.us > > > > [image: Cybersecurity] > > > > > -- > > Shawn Iverson, CETL > > Director of Technology > > Rush County Schools > > 765-932-3901 option 7 > > iversons at rushville.k12.in.us > > > > [image: Cybersecurity] > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us [image: Cybersecurity] -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Tue Jul 9 11:44:04 2019 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Tue, 9 Jul 2019 07:44:04 -0400 Subject: Problem Messages In-Reply-To: References: <11D8E491D9562549A61FD3186F36342002FF38B81F@exchange.techeez.com> <11D8E491D9562549A61FD3186F36342002FF38BD0C@exchange.techeez.com> Message-ID: Philip, Also note that when MailScanner detects a ClamAV update, it kills the child, so you should expect an occasional retry on a message, but not multiple retries. I think this can be avoided using clamd instead of clamav. On Mon, Jul 8, 2019 at 2:40 PM Shawn Iverson wrote: > Philip, > > If it is during a ClamAV reload, this commit might also be of interest, > also in testing. It forces MailScanner children to wait for an available > virus scanner if they become unavailable. > > > https://github.com/MailScanner/v5/commit/1d1e6957c95cacff669b6475344633485a8833c1 > > > On Mon, Jul 8, 2019 at 2:35 PM Philip Parsons > wrote: > >> From looking into this deeper it seems to happen with messages just >> before the child processes are being killed. Plus a couple of times during >> a ClamAV reloads.. It might just be a timing issue now..? As it not >> showing anything in the logs except Items like >> >> >> >> Jul 7 20:13:48 mailscan MailScanner[38042]: Making attempt 3 at >> processing message x6835eQP041560 >> >> Jul 7 20:13:48 mailscan MailScanner[38042]: New Batch: Scanning 1 >> messages, 6956 bytes >> >> Jul 7 20:13:48 mailscan MailScanner[38042]: ClamAV update of >> /var/lib/clamav/blurl.ndb detected, resetting ClamAV Module >> >> Jul 7 20:13:48 mailscan MailScanner[38042]: ClamAV virus database has >> been updated, killing this child >> >> >> >> >> >> Jul 7 20:16:42 mailscan MailScanner[38464]: Making attempt 4 at >> processing message x6835eQP041560 >> >> Jul 7 20:16:42 mailscan MailScanner[38464]: New Batch: Scanning 1 >> messages, 6956 bytes >> >> Jul 7 20:16:42 mailscan MailScanner[38464]: ClamAV update of >> /var/lib/clamav/jurlbla.ndb detected, resetting ClamAV Modul >> >> E >> >> >> >> >> >> >> >> *From:* MailScanner > techeez.com at lists.mailscanner.info> *On Behalf Of *Shawn Iverson via >> MailScanner >> *Sent:* July 8, 2019 9:45 AM >> *To:* MailScanner Discussion >> *Cc:* Shawn Iverson >> *Subject:* Re: Problem Messages >> >> >> >> Philip, >> >> >> >> Also, can you take a look at your mail log and share a sanitized section >> of the log where the message is failing and being retried? >> >> >> >> On Mon, Jul 8, 2019 at 12:36 PM Shawn Iverson < >> iversons at rushville.k12.in.us> wrote: >> >> Philip, >> >> >> >> Stuck in the processing queue and being retried over and over again? >> >> >> >> What does the subject look like in the raw queue file? >> >> >> >> There is a WordDecoder fix that may be applicable here that is in testing: >> >> >> >> >> https://github.com/MailScanner/v5/commit/aefccdf68b3feda0e07e8cdd1339c3559f8ccaa5 >> >> >> >> >> On Mon, Jul 8, 2019 at 12:31 PM Philip Parsons >> wrote: >> >> Going to try this again as I cannot be the only one.. >> >> >> >> Ubuntu 18 >> >> >> >> Mailscanner 5.1.3 >> >> >> >> >> >> I keep getting Problem messages it?s a low volume mailscanner 3000 >> messages a day. >> >> >> >> I have gone through a bunch of items suggested to no avail. >> >> >> >> Keep getting >> >> >> >> Currently being processed: >> >> >> >> Number of messages: 1 >> >> Tries Message Next Try At >> >> ===== ======= =========== >> >> 4 x6835eQP041560 Sun Jul 7 20:22:10 2019 >> >> >> >> >> >> Has anyone fixed this before. The messages that it gets hung up on are >> all different and most are absolutely nothing but TXT >> >> >> >> >> >> >> >> Thank you. >> Philip Parsons >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> >> >> -- >> >> Shawn Iverson, CETL >> >> Director of Technology >> >> Rush County Schools >> >> 765-932-3901 option 7 >> >> iversons at rushville.k12.in.us >> >> >> >> [image: Cybersecurity] >> >> >> >> >> -- >> >> Shawn Iverson, CETL >> >> Director of Technology >> >> Rush County Schools >> >> 765-932-3901 option 7 >> >> iversons at rushville.k12.in.us >> >> >> >> [image: Cybersecurity] >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by *MailScanner* , and >> is >> believed to be clean. >> > > > -- > Shawn Iverson, CETL > Director of Technology > Rush County Schools > 765-932-3901 option 7 > iversons at rushville.k12.in.us > > [image: Cybersecurity] > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us [image: Cybersecurity] -------------- next part -------------- An HTML attachment was scrubbed... URL: From bilal.ahmed at kfueit.edu.pk Tue Jul 9 16:38:40 2019 From: bilal.ahmed at kfueit.edu.pk (bilal.ahmed at kfueit.edu.pk) Date: Tue, 9 Jul 2019 21:38:40 +0500 Subject: Spoofing Problem Message-ID: <003d01d53674$c42a9950$4c7fcbf0$@kfueit.edu.pk> I am facing a problem that someone is spoofing my domain address and sending emails to my own domain users. I have set valid SPF, DKIM, DMARC for my Mail server. To sort this problem I have filter emails based on SPF checks and the email with spf fail are marked high score and marked as spam. But the issue with spf filter many legitimate email from many servers marked as spam. More importantly my own emails spf fails shown in MailScanner while I have verified through Gmail and various other tools that my SPF , DKIM, DMARC are passed. My Mail server is hosted inside in private network and NAT behind the public DNS , since in public DNS I have spf according to mail server public interface so in local intranet DNS I added SPF records according to email server private ip, Now few time spf shown as pass in mailscanner and mostly fail . Temporarily I have whitelisted my server host ip and my intranet ip to avoid email blocking due to spf fail . Please someone guide any solution to either I can stop email spoofing to my domain without spf check or otherwise how can I sort this spf fail issue on mailscanner . this also block many legitimate email with spf not set properly Bilal Ahmad Network Administrator Cell: +92 333 7451870 | Tel: +92 68 5882400 | Ext. 2499 www.kfueit.edu.pk -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 5255 bytes Desc: not available URL: From pparsons at techeez.com Tue Jul 9 16:45:33 2019 From: pparsons at techeez.com (Philip Parsons) Date: Tue, 9 Jul 2019 16:45:33 +0000 Subject: Problem Messages In-Reply-To: References: <11D8E491D9562549A61FD3186F36342002FF38B81F@exchange.techeez.com> Message-ID: <11D8E491D9562549A61FD3186F36342002FF38D91B@exchange.techeez.com> Hey Shawn looking more into this it could be the word decoder fix. So to see if it is DO I just save the file and replace the live one with it to see if it work ?? From: MailScanner On Behalf Of Shawn Iverson via MailScanner Sent: July 8, 2019 9:36 AM To: MailScanner Discussion Cc: Shawn Iverson Subject: Re: Problem Messages Philip, Stuck in the processing queue and being retried over and over again? What does the subject look like in the raw queue file? There is a WordDecoder fix that may be applicable here that is in testing: https://github.com/MailScanner/v5/commit/aefccdf68b3feda0e07e8cdd1339c3559f8ccaa5 On Mon, Jul 8, 2019 at 12:31 PM Philip Parsons > wrote: Going to try this again as I cannot be the only one.. Ubuntu 18 Mailscanner 5.1.3 I keep getting Problem messages it?s a low volume mailscanner 3000 messages a day. I have gone through a bunch of items suggested to no avail. Keep getting Currently being processed: Number of messages: 1 Tries Message Next Try At ===== ======= =========== 4 x6835eQP041560 Sun Jul 7 20:22:10 2019 Has anyone fixed this before. The messages that it gets hung up on are all different and most are absolutely nothing but TXT Thank you. Philip Parsons -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us [https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_Zkh4eEs3R01yWXc&revid=0Bw5iD0ToYvs_QWpBK2Y2ajJtYjhOMDRFekZwK2xOamk5Q3Y0PQ][https://docs.google.com/uc?export=download&id=1aBrlQou4gjB04FY-twHN_0Dn3GHVNxqa&revid=0Bw5iD0ToYvs_RnQ0eDhHcm95WHBFdkNRbXhQRXpoYkR6SEEwPQ][Cybersecurity] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From admin at tsys3.com Tue Jul 9 16:58:22 2019 From: admin at tsys3.com (admin) Date: Tue, 9 Jul 2019 12:58:22 -0400 Subject: Spoofing Problem In-Reply-To: <003d01d53674$c42a9950$4c7fcbf0$@kfueit.edu.pk> References: <003d01d53674$c42a9950$4c7fcbf0$@kfueit.edu.pk> Message-ID: <5433a3af-580f-f649-6e89-809795628e4d@tsys3.com> Good Afternoon, I have my mailscanner setup as a gateway.? I use postfix in my setup and have done the following to prevent spoofing going to my domain users. in main.cf I put the following smtpd_recipient_restrictions = reject_unauth_destination, check_recipient_access hash:/etc/postfix/spoofingprotected_domains Add your domain to the spoofingprotected_domains.? So far this has worked for me. On 07/09/19 12:38 PM, Bilal via MailScanner wrote: > > I am facing a problem that someone is spoofing my domain address and > sending emails to my own domain users.? I have set valid SPF, DKIM, > DMARC for my Mail server. > > To sort this problem I have filter emails based on SPF checks and the > email with spf fail are marked high score and marked as spam. But the > issue with spf filter many legitimate email from many servers marked > as spam. > > More importantly my own emails spf fails shown in MailScanner while I > have verified through Gmail and various other tools that my SPF , > DKIM, DMARC are passed. > > My Mail server is hosted inside in private network and NAT behind the > public DNS , since in public DNS I have spf according to mail server > public interface so in local intranet DNS I added SPF records > according to email server private ip, > > Now few time spf shown as pass in mailscanner and mostly fail . > Temporarily I have whitelisted my server host ip and my intranet ip to > avoid email blocking due to spf fail . Please someone guide any > solution to either I can stop email spoofing to my domain without spf > check or otherwise how can I sort this spf fail issue on mailscanner . > > this also block many legitimate email with spf not set properly > > *Bilal Ahmad* > > Network Administrator > > Cell: +92 333 7451870 |? Tel: +92 68 5882400 |? Ext. 2499 > > www.kfueit.edu.pk > > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 5255 bytes Desc: not available URL: From bilal.ahmed at kfueit.edu.pk Tue Jul 9 17:04:34 2019 From: bilal.ahmed at kfueit.edu.pk (bilal.ahmed at kfueit.edu.pk) Date: Tue, 9 Jul 2019 22:04:34 +0500 Subject: Spoofing Problem In-Reply-To: <5433a3af-580f-f649-6e89-809795628e4d@tsys3.com> References: <003d01d53674$c42a9950$4c7fcbf0$@kfueit.edu.pk> <5433a3af-580f-f649-6e89-809795628e4d@tsys3.com> Message-ID: <009c01d53678$62668900$27339b00$@kfueit.edu.pk> Thanks I will try and update . Bilal Ahmad Network Administrator From: MailScanner On Behalf Of admin Sent: Tuesday, 9 July 2019 9:58 PM To: mailscanner at lists.mailscanner.info Subject: Re: Spoofing Problem Good Afternoon, I have my mailscanner setup as a gateway. I use postfix in my setup and have done the following to prevent spoofing going to my domain users. in main.cf I put the following smtpd_recipient_restrictions = reject_unauth_destination, check_recipient_access hash:/etc/postfix/spoofingprotected_domains Add your domain to the spoofingprotected_domains. So far this has worked for me. On 07/09/19 12:38 PM, Bilal via MailScanner wrote: I am facing a problem that someone is spoofing my domain address and sending emails to my own domain users. I have set valid SPF, DKIM, DMARC for my Mail server. To sort this problem I have filter emails based on SPF checks and the email with spf fail are marked high score and marked as spam. But the issue with spf filter many legitimate email from many servers marked as spam. More importantly my own emails spf fails shown in MailScanner while I have verified through Gmail and various other tools that my SPF , DKIM, DMARC are passed. My Mail server is hosted inside in private network and NAT behind the public DNS , since in public DNS I have spf according to mail server public interface so in local intranet DNS I added SPF records according to email server private ip, Now few time spf shown as pass in mailscanner and mostly fail . Temporarily I have whitelisted my server host ip and my intranet ip to avoid email blocking due to spf fail . Please someone guide any solution to either I can stop email spoofing to my domain without spf check or otherwise how can I sort this spf fail issue on mailscanner . this also block many legitimate email with spf not set properly Bilal Ahmad Network Administrator Cell: +92 333 7451870 | Tel: +92 68 5882400 | Ext. 2499 www.kfueit.edu.pk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 4977 bytes Desc: not available URL: From wt at dld2000.com Wed Jul 10 19:40:15 2019 From: wt at dld2000.com (Walt Thiessen) Date: Wed, 10 Jul 2019 15:40:15 -0400 Subject: Long module? Message-ID: I discovered this morning that MailScanner wasn't running on my WHM/Cpanel server. When I tried to restart it in the MailScanner front-end I got, "Redirecting to /bin/systemctl restart MailScanner.service Job for MailScanner.service failed because the control process exited with error code. See 'systemctl status MailScanner.service' and 'journalctl -xe' for details." When I ran those two commands, I merely got info that says that MailScanner failed to start. In /var/log/messages I found the following: Jul? 9 21:37:27 server MailScanner[31036]: Can't locate Sys/Hostname/Long.pm in @INC (you may need to install the Sys::Hostname::Long module) (@INC contains: /usr/mailscanner/usr/share/MailScanner/perl /usr/mailscanner/usr/share/MailScanner/perl /usr/local/cpanel /usr/local/cpanel/3rdparty/perl/528/lib/perl5/cpanel_lib/x86_64-linux-64int /usr/local/cpanel/3rdparty/perl/528/lib/perl5/cpanel_lib /usr/local/cpanel/3rdparty/perl/528/lib/perl5/5.28.0/x86_64-linux-64int /usr/local/cpanel/3rdparty/perl/528/lib/perl5/5.28.0 /opt/cpanel/perl5/528/site_lib/x86_64-linux-64int /opt/cpanel/perl5/528/site_lib) at /usr/mailscanner/usr/sbin/MailScanner line 86. Jul? 9 21:37:27 server MailScanner[31036]: BEGIN failed--compilation aborted at /usr/mailscanner/usr/sbin/MailScanner line 86. Jul? 9 21:37:27 server MailScanner: Can't locate Sys/Hostname/Long.pm in @INC (you may need to install the Sys::Hostname::Long module) (@INC contains: /usr/mailscanner/usr/share/MailScanner/perl /usr/mailscanner/usr/share/MailScanner/perl /usr/local/cpanel /usr/local/cpanel/3rdparty/perl/528/lib/perl5/cpanel_lib/x86_64-linux-64int /usr/local/cpanel/3rdparty/perl/528/lib/perl5/cpanel_lib /usr/local/cpanel/3rdparty/perl/528/lib/perl5/5.28.0/x86_64-linux-64int /usr/local/cpanel/3rdparty/perl/528/lib/perl5/5.28.0 /opt/cpanel/perl5/528/site_lib/x86_64-linux-64int /opt/cpanel/perl5/528/site_lib) at /usr/mailscanner/usr/sbin/MailScanner line 86. Jul? 9 21:37:27 server MailScanner: BEGIN failed--compilation aborted at /usr/mailscanner/usr/sbin/MailScanner line 86. Jul? 9 21:37:27 server systemd[1]: MailScanner.service: control process exited, code=exited status=2 Jul? 9 21:37:27 server systemd: MailScanner.service: control process exited, code=exited status=2 Jul? 9 21:37:27 server systemd[1]: Failed to start MailScanner AntiSpam and AntiVirus. I noticed that there was a MailScanner upgrade from v3.16 to:v3.17 available in my MailScanner front end, so I tried running that to see if it would clear the issue. It did. MailScanner is now running again. I don't really understand why this happened. Can anyone tell me why I needed to upgrade in order to get MailScanner running again? What is this "Long" perl module, why would it be gone, and why would it have to be reinstalled during the upgrade? Walt From wt at dld2000.com Wed Jul 10 19:55:20 2019 From: wt at dld2000.com (Walt Thiessen) Date: Wed, 10 Jul 2019 15:55:20 -0400 Subject: Removing MailWatch In-Reply-To: References: Message-ID: <30ff828a-e7de-9e30-5778-ef97577bc11d@dld2000.com> Second question: my? MailScanner Front End says of MailWatch, "DEPRECATED and UNSUPPORTED. It now likely poses a security risk and should be removed (see MailControl Settings}" Where do I find the MailControl Settings? Walt From jerry.benton at mailborder.com Wed Jul 10 19:57:58 2019 From: jerry.benton at mailborder.com (jerry.benton at mailborder.com) Date: Wed, 10 Jul 2019 15:57:58 -0400 Subject: Removing MailWatch In-Reply-To: <30ff828a-e7de-9e30-5778-ef97577bc11d@dld2000.com> References: <30ff828a-e7de-9e30-5778-ef97577bc11d@dld2000.com> Message-ID: <002b01d53759$c6660750$533215f0$@mailborder.com> Not a MailScanner issue. MaiWatch has their own support list. -- Jerry Benton www.mailborder.com +1 (843) 800-8605 +44 (020) 3883-8605 -----Original Message----- From: MailScanner On Behalf Of Walt Thiessen Sent: Wednesday, July 10, 2019 15:55 To: 'MailScanner Discussion' Subject: Removing MailWatch Second question: my MailScanner Front End says of MailWatch, "DEPRECATED and UNSUPPORTED. It now likely poses a security risk and should be removed (see MailControl Settings}" Where do I find the MailControl Settings? Walt -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From mmmm82 at gmail.com Sat Jul 13 09:09:21 2019 From: mmmm82 at gmail.com (Monis Monther) Date: Sat, 13 Jul 2019 12:09:21 +0300 Subject: DKIM Message-ID: Hi, I have installed opendkim with postfix-2.10.1-6 and mailscanner 5.1.1 , I have set the following Place New Headers At Top Of Message = yes Multiple Headers = add Still the DKIM signature fails when testing with check-auth at verifier.port25.com It succeeds when I set Sign Clean Messages = no My understanding is that when mailscanner signs the message after the DKIM signature, then it breaks it due to the addition of the signature text/images. How can we make MailScanner signatures work without failing DKIM. -- Best Regards Monis -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Sat Jul 13 10:17:32 2019 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Sat, 13 Jul 2019 06:17:32 -0400 Subject: DKIM In-Reply-To: References: Message-ID: Monis, Signing and DKIM are mutually exclusive. You can't sign after DKIM sigs are generated. Signing will always break DKIM. You can, however, position DKIM upstream for outbound and downstream for inbound, which would generate the DKIM signature after signing. This can be done on separate instances or another postfix daemon on the same host positioned appropriately for inbound and outbound traffic. On Sat, Jul 13, 2019 at 5:09 AM Monis Monther wrote: > Hi, > > I have installed opendkim with postfix-2.10.1-6 and mailscanner 5.1.1 , I > have set the following > > Place New Headers At Top Of Message = yes > Multiple Headers = add > > Still the DKIM signature fails when testing with > check-auth at verifier.port25.com > > It succeeds when I set > > Sign Clean Messages = no > > > My understanding is that when mailscanner signs the message after the DKIM > signature, then it breaks it due to the addition of the signature > text/images. > > How can we make MailScanner signatures work without failing DKIM. > > -- > Best Regards > Monis > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us [image: Cybersecurity] -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Sat Jul 13 10:20:32 2019 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Sat, 13 Jul 2019 06:20:32 -0400 Subject: DKIM In-Reply-To: References: Message-ID: Correction, just outbound. Messages are already DKIM signed by remote party inbound, so... You can, however, position DKIM upstream for outbound, which would generate the DKIM signature after signing. This can be done on separate instances or another postfix daemon on the same host positioned appropriately for outbound traffic. On Sat, Jul 13, 2019 at 6:17 AM Shawn Iverson wrote: > Monis, > > Signing and DKIM are mutually exclusive. You can't sign after DKIM sigs > are generated. Signing will always break DKIM. > > You can, however, position DKIM upstream for outbound and downstream for > inbound, which would generate the DKIM signature after signing. This can > be done on separate instances or another postfix daemon on the same host > positioned appropriately for inbound and outbound traffic. > > On Sat, Jul 13, 2019 at 5:09 AM Monis Monther wrote: > >> Hi, >> >> I have installed opendkim with postfix-2.10.1-6 and mailscanner 5.1.1 , I >> have set the following >> >> Place New Headers At Top Of Message = yes >> Multiple Headers = add >> >> Still the DKIM signature fails when testing with >> check-auth at verifier.port25.com >> >> It succeeds when I set >> >> Sign Clean Messages = no >> >> >> My understanding is that when mailscanner signs the message after the >> DKIM signature, then it breaks it due to the addition of the signature >> text/images. >> >> How can we make MailScanner signatures work without failing DKIM. >> >> -- >> Best Regards >> Monis >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > -- > Shawn Iverson, CETL > Director of Technology > Rush County Schools > 765-932-3901 option 7 > iversons at rushville.k12.in.us > > [image: Cybersecurity] > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us [image: Cybersecurity] -------------- next part -------------- An HTML attachment was scrubbed... URL: From sales at edenusa.com Sat Jul 13 18:03:37 2019 From: sales at edenusa.com (Paul Scott) Date: Sat, 13 Jul 2019 18:03:37 +0000 Subject: QPopper In-Reply-To: <1237284527.534749.1562480511766.JavaMail.zimbra@vdb.nl> References: <1237284527.534749.1562480511766.JavaMail.zimbra@vdb.nl> Message-ID: Hello Thom van der Boon, I find it interesting that you would post this reply, as there are many other 3rd party add-ons and utilities discussed in the MailScanner forum that I have seen. Thank you for your email nevertheless. Sincerely, Paul Scott, Engineer Eden USA, Incorporated Event Production Services Since 1995 Los Angeles-Las Vegas-New York sales at edenusa.com OR edenusasales at gmail.com Telephone(s): 866.501.3336 OR 951.505.6967 Fax: 866.502.3336 Please review us on Google, Yelp, or Facebook, at the following links: Google: https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs Yelp: https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA Facebook: https://www.facebook.com/pg/EdenUSAInc/reviews/ Please visit us on our website or on our Facebook Business page: WEBSITE: https://www.edenusa.com FACEBOOK: http://www.facebook.com/edenusainc From: MailScanner On Behalf Of Thom van der Boon Sent: Saturday, July 06, 2019 11:22 PM To: MailScanner Discussion Subject: Re: QPopper Paul, You are posting non-MailScanner related questions in a MailScanner-only mailinglist Please use Google to solve your non-Mailscanner related issues Met vriendelijke groet, Best regards, Thom van der Boon E-Mail: thom at vdb.nl ===== Thom.H. van der Boon b.v. Transito 4 6909 DA Babberich Tel.: +31 (0)88 4272727 Fax: +31 (0)88 4272789 Home Page: http://www.vdb.nl/ ________________________________ Van: "Paul Scott" > Aan: "MailScanner Discussion" > Verzonden: Zondag 7 juli 2019 02:19:10 Onderwerp: RE: QPopper Well, I received no answer, so am trying Dovecot. Got it installed, but so far, no dice. It doesn?t seem like any IMAP or POP ports are open. Any ideas? Sincerely, Paul Scott, Engineer Eden USA, Incorporated Event Production Services Since 1995 Los Angeles-Las Vegas-New York sales at edenusa.com OR edenusasales at gmail.com Telephone(s): 866.501.3336 OR 951.505.6967 Fax: 866.502.3336 Please review us on Google, Yelp, or Facebook, at the following links: Google: https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs Yelp: https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA Facebook: https://www.facebook.com/pg/EdenUSAInc/reviews/ Please visit us on our website or on our Facebook Business page: WEBSITE: https://www.edenusa.com FACEBOOK: http://www.facebook.com/edenusainc From: Paul Scott Sent: Saturday, July 06, 2019 1:23 PM To: mailscanner at lists.mailscanner.info Subject: QPopper Importance: High I am moving my existing Sendmail server from an older CentOS installation to CentOS 6. I used Qualcomm?s QPopper on the old box. I downloaded it and tried compiling it on CentOS and it issued a number of failures when I ran the ?make? command. Unfortunately, the errors are not readable?they look like this: [root at fs9 qpopper4.0.3]# make cd ./popper && make all make[1]: Entering directory `/home/beatinger/Sendmail/QPopper/qpopper4.0.3/popper' gcc -c -I.. -I.. -I. \ -I../mmangle -I../common \ -g -O2 -DHAVE_CONFIG_H -DLINUX -DUNIX popper.c -o popper.o popper.c: In function ???qpopper???: popper.c:129: error: conflicting types for ???getline??? Does anybody know what the issue is, or is there a different POP service that should be used? Sincerely, Paul Scott, Engineer Eden USA, Incorporated Event Production Services Since 1995 Los Angeles-Las Vegas-New York sales at edenusa.com OR edenusasales at gmail.com Telephone(s): 866.501.3336 OR 951.505.6967 Fax: 866.502.3336 Please review us on Google, Yelp, or Facebook, at the following links: Google: https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs Yelp: https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA Facebook: https://www.facebook.com/pg/EdenUSAInc/reviews/ Please visit us on our website or on our Facebook Business page: WEBSITE: https://www.edenusa.com FACEBOOK: http://www.facebook.com/edenusainc -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex at vidadigital.com.pa Sat Jul 13 18:21:29 2019 From: alex at vidadigital.com.pa (Alex Neuman) Date: Sat, 13 Jul 2019 13:21:29 -0500 Subject: QPopper In-Reply-To: References: <1237284527.534749.1562480511766.JavaMail.zimbra@vdb.nl> Message-ID: Only in regards to how they interface with mailscanner. On Sat, Jul 13, 2019, 1:03 PM Paul Scott wrote: > Hello Thom van der Boon, > > I find it interesting that you would post this reply, as there are many > other 3rd party add-ons and utilities discussed in the MailScanner forum > that I have seen. > > > > Thank you for your email nevertheless. > > > > Sincerely, > > > > Paul Scott, Engineer > > Eden USA, Incorporated > Event Production Services Since 1995 > Los Angeles-Las Vegas-New York > sales at edenusa.com OR edenusasales at gmail.com > Telephone(s): 866.501.3336 OR 951.505.6967 > Fax: 866.502.3336 > > > > Please review us on Google, Yelp, or Facebook, at the following links: > > Google: > https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs > > Yelp: > https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA > > Facebook: https://www.facebook.com/pg/EdenUSAInc/reviews/ > > > > Please visit us on our website or on our Facebook Business page: > > WEBSITE: https://www.edenusa.com > > FACEBOOK: http://www.facebook.com/edenusainc > > > > *From:* MailScanner edenusa.com at lists.mailscanner.info> *On Behalf Of *Thom van der Boon > *Sent:* Saturday, July 06, 2019 11:22 PM > *To:* MailScanner Discussion > *Subject:* Re: QPopper > > > > Paul, > > > > You are posting non-MailScanner related questions in a MailScanner-only > mailinglist > > > > Please use Google to solve your non-Mailscanner related issues > > > > > > Met vriendelijke groet, Best regards, > > > > > Thom van der Boon > E-Mail: thom at vdb.nl > > > > > > ===== > > > > > > > > Thom.H. van der Boon b.v. > Transito 4 > > 6909 DA Babberich > Tel.: +31 (0)88 4272727 <+31884272727> > Fax: +31 (0)88 4272789 > Home Page: http://www.vdb.nl/ > > > ------------------------------ > > *Van: *"Paul Scott" > *Aan: *"MailScanner Discussion" > *Verzonden: *Zondag 7 juli 2019 02:19:10 > *Onderwerp: *RE: QPopper > > > > Well, I received no answer, so am trying Dovecot. Got it installed, but > so far, no dice. It doesn?t seem like any IMAP or POP ports are open. > > > > Any ideas? > > > > Sincerely, > > > > Paul Scott, Engineer > > Eden USA, Incorporated > Event Production Services Since 1995 > Los Angeles-Las Vegas-New York > sales at edenusa.com OR edenusasales at gmail.com > Telephone(s): 866.501.3336 OR 951.505.6967 > Fax: 866.502.3336 > > > > Please review us on Google, Yelp, or Facebook, at the following links: > > Google: > https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs > > Yelp: > https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA > > Facebook: https://www.facebook.com/pg/EdenUSAInc/reviews/ > > > > Please visit us on our website or on our Facebook Business page: > > WEBSITE: https://www.edenusa.com > > FACEBOOK: http://www.facebook.com/edenusainc > > > > *From:* Paul Scott > *Sent:* Saturday, July 06, 2019 1:23 PM > *To:* mailscanner at lists.mailscanner.info > *Subject:* QPopper > *Importance:* High > > > > I am moving my existing Sendmail server from an older CentOS installation > to CentOS 6. > > > > I used Qualcomm?s QPopper on the old box. > > > > I downloaded it and tried compiling it on CentOS and it issued a number of > failures when I ran the ?make? command. > > > > Unfortunately, the errors are not readable?they look like this: > > > > [root at fs9 qpopper4.0.3]# make > > cd ./popper && make all > > make[1]: Entering directory > `/home/beatinger/Sendmail/QPopper/qpopper4.0.3/popper' > > gcc -c -I.. -I.. -I. \ > > -I../mmangle -I../common \ > > -g -O2 -DHAVE_CONFIG_H -DLINUX -DUNIX popper.c -o popper.o > > popper.c: In function ???qpopper???: > > popper.c:129: error: conflicting types for ???getline??? > > > > Does anybody know what the issue is, or is there a different POP service > that should be used? > > > > > > Sincerely, > > > > Paul Scott, Engineer > > Eden USA, Incorporated > Event Production Services Since 1995 > Los Angeles-Las Vegas-New York > sales at edenusa.com OR edenusasales at gmail.com > Telephone(s): 866.501.3336 OR 951.505.6967 > Fax: 866.502.3336 > > > > Please review us on Google, Yelp, or Facebook, at the following links: > > Google: > https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs > > Yelp: > https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA > > Facebook: https://www.facebook.com/pg/EdenUSAInc/reviews/ > > > > Please visit us on our website or on our Facebook Business page: > > WEBSITE: https://www.edenusa.com > > FACEBOOK: http://www.facebook.com/edenusainc > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From yuwang at cs.fsu.edu Sat Jul 13 18:25:43 2019 From: yuwang at cs.fsu.edu (yuwang) Date: Sat, 13 Jul 2019 14:25:43 -0400 Subject: QPopper In-Reply-To: References: Message-ID: <66a092e013b9b85ba12db1453fd6659b@cs.fsu.edu> Paul, The first thing I'd check if selinux. It's in 'enforcing' by default. Try disable it by changing /etc/selinux/config SELINUX=enforcing to SELINUX=disabled (then reboot). The second place to check is firewall/iptables. Run 'iptables -L -v'. James On 2019-07-06 20:19, Paul Scott wrote: > Well, I received no answer, so am trying Dovecot. Got it installed, > but so far, no dice. It doesn?t seem like any IMAP or POP ports are > open. > > Any ideas? > > Sincerely, > > Paul Scott, Engineer > > Eden USA, Incorporated > Event Production Services Since 1995 > Los Angeles-Las Vegas-New York > sales at edenusa.com OR edenusasales at gmail.com > Telephone(s): 866.501.3336 OR 951.505.6967 > Fax: 866.502.3336 > > Please review us on Google, Yelp, or Facebook, at the following links: > > > Google: > https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs > [1] > > Yelp: > https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA > [2] > > Facebook: https://www.facebook.com/pg/EdenUSAInc/reviews/ [3] > > Please visit us on our website or on our Facebook Business page: > > WEBSITE: https://www.edenusa.com [4] > > FACEBOOK: http://www.facebook.com/edenusainc [5] > > FROM: Paul Scott > SENT: Saturday, July 06, 2019 1:23 PM > TO: mailscanner at lists.mailscanner.info > SUBJECT: QPopper > IMPORTANCE: High > > I am moving my existing Sendmail server from an older CentOS > installation to CentOS 6. > > I used Qualcomm?s QPopper on the old box. > > I downloaded it and tried compiling it on CentOS and it issued a > number of failures when I ran the ?make? command. > > Unfortunately, the errors are not readable?they look like this: > > [root at fs9 qpopper4.0.3]# make > > cd ./popper && make all > > make[1]: Entering directory > `/home/beatinger/Sendmail/QPopper/qpopper4.0.3/popper' > > gcc -c -I.. -I.. -I. \ > > -I../mmangle -I../common \ > > -g -O2 -DHAVE_CONFIG_H -DLINUX -DUNIX popper.c -o > popper.o > > popper.c: In function ???qpopper???: > > popper.c:129: error: conflicting types for ???getline??? > > Does anybody know what the issue is, or is there a different POP > service that should be used? > > Sincerely, > > Paul Scott, Engineer > > Eden USA, Incorporated > Event Production Services Since 1995 > Los Angeles-Las Vegas-New York > sales at edenusa.com OR edenusasales at gmail.com > Telephone(s): 866.501.3336 OR 951.505.6967 > Fax: 866.502.3336 > > Please review us on Google, Yelp, or Facebook, at the following links: > > > Google: > https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs > [1] > > Yelp: > https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA > [2] > > Facebook: https://www.facebook.com/pg/EdenUSAInc/reviews/ [3] > > Please visit us on our website or on our Facebook Business page: > > WEBSITE: https://www.edenusa.com [4] > > FACEBOOK: http://www.facebook.com/edenusainc [5] > > > > Links: > ------ > [1] > https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs > [2] > https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA > [3] https://www.facebook.com/pg/EdenUSAInc/reviews/ > [4] https://www.edenusa.com > [5] http://www.facebook.com/edenusainc From mailinglists at feedmebits.nl Sun Jul 14 10:58:17 2019 From: mailinglists at feedmebits.nl (Maarten) Date: Sun, 14 Jul 2019 12:58:17 +0200 Subject: QPopper In-Reply-To: <66a092e013b9b85ba12db1453fd6659b@cs.fsu.edu> References: <66a092e013b9b85ba12db1453fd6659b@cs.fsu.edu> Message-ID: <4839f5e0-5e41-5afc-c76b-6bcd372b878b@feedmebits.nl> You can temporarily set selinux to logging only by setenforce 0 to see if selinux is the problem. But if? you have imap/pop running on the default ports selinux shouldn't be the problem: pop_port_t???????????????????? tcp????? 106, 109, 110, 143, 220, 993, 995, 1109, 10993 Also if it were a selinux problem you would get an error when trying to start the dovecot service. Did you mean nothing running on the ports or something running on the ports but not being able to connect? The only questions around here that are third party software are questions about problems with mta's and mailscanner combined, the ones which are supported: postfix, sendmail, and exim. I would google your problem or try the dovecot mailinglist since dovecot is an imap/pop3 server. https://www.dovecot.org/mailing-lists On 7/13/19 8:25 PM, yuwang wrote: > Paul, > > The first thing I'd check if selinux. It's in 'enforcing' by default. > Try disable it by changing /etc/selinux/config SELINUX=enforcing to > SELINUX=disabled (then reboot). > > The second place to check is firewall/iptables. Run 'iptables -L -v'. > > > > James > > On 2019-07-06 20:19, Paul Scott wrote: >> Well, I received no answer, so am trying Dovecot.? Got it installed, >> but so far, no dice.? It doesn?t seem like any IMAP or POP ports are >> open. >> >> Any ideas? >> >> Sincerely, >> >> Paul Scott, Engineer >> >> Eden USA, Incorporated >> Event Production Services Since 1995 >> Los Angeles-Las Vegas-New York >> sales at edenusa.com OR edenusasales at gmail.com >> Telephone(s): 866.501.3336 OR 951.505.6967 >> Fax: 866.502.3336 >> >> Please review us on Google, Yelp, or Facebook, at the following links: >> >> >> Google: >> https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs >> >> [1] >> >> Yelp: >> https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA >> >> [2] >> >> Facebook: https://www.facebook.com/pg/EdenUSAInc/reviews/ [3] >> >> Please visit us on our website or on our Facebook Business page: >> >> WEBSITE: https://www.edenusa.com [4] >> >> FACEBOOK: http://www.facebook.com/edenusainc [5] >> >> FROM: Paul Scott >> SENT: Saturday, July 06, 2019 1:23 PM >> TO: mailscanner at lists.mailscanner.info >> SUBJECT: QPopper >> IMPORTANCE: High >> >> I am moving my existing Sendmail server from an older CentOS >> installation to CentOS 6. >> >> I used Qualcomm?s QPopper on the old box. >> >> I downloaded it and tried compiling it on CentOS and it issued a >> number of failures when I ran the ?make? command. >> >> Unfortunately, the errors are not readable?they look like this: >> >> [root at fs9 qpopper4.0.3]# make >> >> cd ./popper? && make all >> >> make[1]: Entering directory >> `/home/beatinger/Sendmail/QPopper/qpopper4.0.3/popper' >> >> gcc -c -I.. -I.. -I. \ >> >> ??????????????? -I../mmangle -I../common? \ >> >> ??????????????? -g -O2 -DHAVE_CONFIG_H? -DLINUX -DUNIX popper.c -o >> popper.o >> >> popper.c: In function ???qpopper???: >> >> popper.c:129: error: conflicting types for ???getline??? >> >> Does anybody know what the issue is, or is there a different POP >> service that should be used? >> >> Sincerely, >> >> Paul Scott, Engineer >> >> Eden USA, Incorporated >> Event Production Services Since 1995 >> Los Angeles-Las Vegas-New York >> sales at edenusa.com OR edenusasales at gmail.com >> Telephone(s): 866.501.3336 OR 951.505.6967 >> Fax: 866.502.3336 >> >> Please review us on Google, Yelp, or Facebook, at the following links: >> >> >> Google: >> https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs >> >> [1] >> >> Yelp: >> https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA >> >> [2] >> >> Facebook: https://www.facebook.com/pg/EdenUSAInc/reviews/ [3] >> >> Please visit us on our website or on our Facebook Business page: >> >> WEBSITE: https://www.edenusa.com [4] >> >> FACEBOOK: http://www.facebook.com/edenusainc [5] >> >> >> >> Links: >> ------ >> [1] >> https://search.google.com/local/writereview?placeid=ChIJm4J-vUTI3IARijguiVdQJTs >> >> [2] >> https://www.yelp.com/writeareview/search?war_desc=Eden+USA&war_loc=Corona%2C+CA >> >> [3] https://www.facebook.com/pg/EdenUSAInc/reviews/ >> [4] https://www.edenusa.com >> [5] http://www.facebook.com/edenusainc > > From heino.backhaus at fink-computer.de Mon Jul 15 10:58:55 2019 From: heino.backhaus at fink-computer.de (Heino Backhaus) Date: Mon, 15 Jul 2019 12:58:55 +0200 Subject: possible attack against MailScanner ? Message-ID: Hallo List, i need some help analysing the following email, i received last week. Mailwatch Mail-Metadata: Received: from sab.com (unknown [46.22.132.94]) ? ? ?by mailscanner.mydomain.local (Postfix) with SMTP id D3F551005AD ? ? ?for ; Thu, 11 Jul 2019 19:34:58 +0200 (CEST) Received: 1 Received: 2 Received: 3 Received: 4 Received: 5 Received: 6 Received: 7 Received: 8 Received: 9 Received: 10 Received: 11 Received: 12 Received: 13 Received: 14 Received: 15 Received: 16 Received: 17 Received: 18 Received: 19 Received: 20 Received: 21 Received: 22 Received: 23 Received: 24 Received: 25 Received: 26 Received: 27 Received: 28 Received: 29 Received: 30 Received: 31 IP1: *199.204.214.40* changed to *1.2.3.4* to disarm this...just in case... IP2: *87.138.227.107* changed to *5.6.7.8* to disarm this...just in case... Versions: MailWatch Version: 1.2.9 OS: Ubuntu 16.04.6 LTS (Xenial Xerus) Postfix Version: 3.1.0 MailScanner Version: 5.1.2 ClamAV Version: 0.102.0-devel-20190715 SpamAssassin Version: 3.4.2 PHP Version: 5.6.40-8+ubuntu16.04.1+deb.sury.org+1 MySQL Version: 5.7.26-0ubuntu0.16.04.1 Can you help me to bring some light in this dark... -- Mit freundlichen Gruessen H. Backhaus Fink-Computer Systeme Heggrabenstr. 9, 35435 Wettenberg Email: heino.backhaus at fink-computer.de Web: www.fink-computer.de Fax: +49-641-98444638 Fon: +49-641-98444640 UST-ID: DE151040770 HRB: 2143 Gie?en GF: Fredi Fink I was gratified to be able to answer promptly, and I did. I said I didn't know. Mark Twain -- Diese Nachricht wurde auf Viren und andere gef?hrliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber. -------------- next part -------------- An HTML attachment was scrubbed... URL: From maxsec at gmail.com Mon Jul 15 11:13:49 2019 From: maxsec at gmail.com (Martin Hepworth) Date: Mon, 15 Jul 2019 12:13:49 +0100 Subject: possible attack against MailScanner ? In-Reply-To: References: Message-ID: Looks like an attempt at the Exim vulnerability exploitation rather than mailscanner On Mon, 15 Jul 2019 at 11:59, Heino Backhaus < heino.backhaus at fink-computer.de> wrote: > Hallo List, > > i need some help analysing the following email, i received last week. > > Mailwatch Mail-Metadata: > > Received: from sab.com (unknown [46.22.132.94]) > by mailscanner.mydomain.local (Postfix) with SMTP id D3F551005AD > for x22}}@mailscanner.mydomain.local>; Thu, 11 Jul 2019 19:34:58 +0200 (CEST) > Received: 1 > Received: 2 > Received: 3 > Received: 4 > Received: 5 > Received: 6 > Received: 7 > Received: 8 > Received: 9 > Received: 10 > Received: 11 > Received: 12 > Received: 13 > Received: 14 > Received: 15 > Received: 16 > Received: 17 > Received: 18 > Received: 19 > Received: 20 > Received: 21 > Received: 22 > Received: 23 > Received: 24 > Received: 25 > Received: 26 > Received: 27 > Received: 28 > Received: 29 > Received: 30 > Received: 31 > > > > IP1: *199.204.214.40* changed to *1.2.3.4* to disarm this...just in > case... > IP2: *87.138.227.107* changed to *5.6.7.8* to disarm this...just in > case... > > Versions: > MailWatch Version: 1.2.9 > OS: Ubuntu 16.04.6 LTS (Xenial Xerus) > Postfix Version: 3.1.0 > MailScanner Version: 5.1.2 > ClamAV Version: 0.102.0-devel-20190715 > SpamAssassin Version: 3.4.2 > PHP Version: 5.6.40-8+ubuntu16.04.1+deb.sury.org+1 > MySQL Version: 5.7.26-0ubuntu0.16.04.1 > > Can you help me to bring some light in this dark... > > -- > Mit freundlichen Gruessen > > H. Backhaus > > Fink-Computer SystemeHeggrabenstr. 9, 35435 Wettenberg > Email: heino.backhaus at fink-computer.de > Web: www.fink-computer.de > Fax: +49-641-98444638 > Fon: +49-641-98444640 > UST-ID: DE151040770 > HRB: 2143 Gie?en > GF: Fredi Fink > > I was gratified to be able to answer promptly, and I did. > I said I didn't know. > Mark Twain > > > -- > Diese E-Mail wurde auf Viren und gef?hrliche Anh?nge > durch *MailScanner* untersucht und ist > wahrscheinlich virenfrei. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Mon Jul 15 11:15:09 2019 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Mon, 15 Jul 2019 07:15:09 -0400 Subject: possible attack against MailScanner ? In-Reply-To: References: Message-ID: Is that the start of a cron script in the email address field? If so, you need to fix that. On Mon, Jul 15, 2019 at 6:59 AM Heino Backhaus < heino.backhaus at fink-computer.de> wrote: > Hallo List, > > i need some help analysing the following email, i received last week. > > Mailwatch Mail-Metadata: > > Received: from sab.com (unknown [46.22.132.94]) > by mailscanner.mydomain.local (Postfix) with SMTP id D3F551005AD > for x22}}@mailscanner.mydomain.local>; Thu, 11 Jul 2019 19:34:58 +0200 (CEST) > Received: 1 > Received: 2 > Received: 3 > Received: 4 > Received: 5 > Received: 6 > Received: 7 > Received: 8 > Received: 9 > Received: 10 > Received: 11 > Received: 12 > Received: 13 > Received: 14 > Received: 15 > Received: 16 > Received: 17 > Received: 18 > Received: 19 > Received: 20 > Received: 21 > Received: 22 > Received: 23 > Received: 24 > Received: 25 > Received: 26 > Received: 27 > Received: 28 > Received: 29 > Received: 30 > Received: 31 > > > > IP1: *199.204.214.40* changed to *1.2.3.4* to disarm this...just in > case... > IP2: *87.138.227.107* changed to *5.6.7.8* to disarm this...just in > case... > > Versions: > MailWatch Version: 1.2.9 > OS: Ubuntu 16.04.6 LTS (Xenial Xerus) > Postfix Version: 3.1.0 > MailScanner Version: 5.1.2 > ClamAV Version: 0.102.0-devel-20190715 > SpamAssassin Version: 3.4.2 > PHP Version: 5.6.40-8+ubuntu16.04.1+deb.sury.org+1 > MySQL Version: 5.7.26-0ubuntu0.16.04.1 > > Can you help me to bring some light in this dark... > > -- > Mit freundlichen Gruessen > > H. Backhaus > > Fink-Computer Systeme > Heggrabenstr. 9, 35435 Wettenberg > Email: heino.backhaus at fink-computer.de > Web: www.fink-computer.de > Fax: +49-641-98444638 > Fon: +49-641-98444640 > UST-ID: DE151040770 > HRB: 2143 Gie?en > GF: Fredi Fink > > I was gratified to be able to answer promptly, and I did. > I said I didn't know. > Mark Twain > > > -- > Diese E-Mail wurde auf Viren und gef?hrliche Anh?nge > durch *MailScanner* untersucht und ist > wahrscheinlich virenfrei. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us [image: Cybersecurity] -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Mon Jul 15 11:15:46 2019 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Mon, 15 Jul 2019 07:15:46 -0400 Subject: possible attack against MailScanner ? In-Reply-To: References: Message-ID: That is, unless it originated from somewhere else... On Mon, Jul 15, 2019 at 7:15 AM Shawn Iverson wrote: > Is that the start of a cron script in the email address field? > > If so, you need to fix that. > > On Mon, Jul 15, 2019 at 6:59 AM Heino Backhaus < > heino.backhaus at fink-computer.de> wrote: > >> Hallo List, >> >> i need some help analysing the following email, i received last week. >> >> Mailwatch Mail-Metadata: >> >> Received: from sab.com (unknown [46.22.132.94]) >> by mailscanner.mydomain.local (Postfix) with SMTP id D3F551005AD >> for > x22}}@mailscanner.mydomain.local>; Thu, 11 Jul 2019 19:34:58 +0200 (CEST) >> Received: 1 >> Received: 2 >> Received: 3 >> Received: 4 >> Received: 5 >> Received: 6 >> Received: 7 >> Received: 8 >> Received: 9 >> Received: 10 >> Received: 11 >> Received: 12 >> Received: 13 >> Received: 14 >> Received: 15 >> Received: 16 >> Received: 17 >> Received: 18 >> Received: 19 >> Received: 20 >> Received: 21 >> Received: 22 >> Received: 23 >> Received: 24 >> Received: 25 >> Received: 26 >> Received: 27 >> Received: 28 >> Received: 29 >> Received: 30 >> Received: 31 >> >> >> >> IP1: *199.204.214.40* changed to *1.2.3.4* to disarm this...just in >> case... >> IP2: *87.138.227.107* changed to *5.6.7.8* to disarm this...just in >> case... >> >> Versions: >> MailWatch Version: 1.2.9 >> OS: Ubuntu 16.04.6 LTS (Xenial Xerus) >> Postfix Version: 3.1.0 >> MailScanner Version: 5.1.2 >> ClamAV Version: 0.102.0-devel-20190715 >> SpamAssassin Version: 3.4.2 >> PHP Version: 5.6.40-8+ubuntu16.04.1+deb.sury.org+1 >> MySQL Version: 5.7.26-0ubuntu0.16.04.1 >> >> Can you help me to bring some light in this dark... >> >> -- >> Mit freundlichen Gruessen >> >> H. Backhaus >> >> Fink-Computer Systeme >> Heggrabenstr. 9, 35435 Wettenberg >> Email: heino.backhaus at fink-computer.de >> Web: www.fink-computer.de >> Fax: +49-641-98444638 >> Fon: +49-641-98444640 >> UST-ID: DE151040770 >> HRB: 2143 Gie?en >> GF: Fredi Fink >> >> I was gratified to be able to answer promptly, and I did. >> I said I didn't know. >> Mark Twain >> >> >> -- >> Diese E-Mail wurde auf Viren und gef?hrliche Anh?nge >> durch *MailScanner* untersucht und ist >> wahrscheinlich virenfrei. >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > -- > Shawn Iverson, CETL > Director of Technology > Rush County Schools > 765-932-3901 option 7 > iversons at rushville.k12.in.us > > [image: Cybersecurity] > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us [image: Cybersecurity] -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Mon Jul 15 11:16:27 2019 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Mon, 15 Jul 2019 07:16:27 -0400 Subject: possible attack against MailScanner ? In-Reply-To: References: Message-ID: Agreed. On Mon, Jul 15, 2019 at 7:14 AM Martin Hepworth wrote: > Looks like an attempt at the Exim vulnerability exploitation rather than > mailscanner > > On Mon, 15 Jul 2019 at 11:59, Heino Backhaus < > heino.backhaus at fink-computer.de> wrote: > >> Hallo List, >> >> i need some help analysing the following email, i received last week. >> >> Mailwatch Mail-Metadata: >> >> Received: from sab.com (unknown [46.22.132.94]) >> by mailscanner.mydomain.local (Postfix) with SMTP id D3F551005AD >> for > x22}}@mailscanner.mydomain.local>; Thu, 11 Jul 2019 19:34:58 +0200 (CEST) >> Received: 1 >> Received: 2 >> Received: 3 >> Received: 4 >> Received: 5 >> Received: 6 >> Received: 7 >> Received: 8 >> Received: 9 >> Received: 10 >> Received: 11 >> Received: 12 >> Received: 13 >> Received: 14 >> Received: 15 >> Received: 16 >> Received: 17 >> Received: 18 >> Received: 19 >> Received: 20 >> Received: 21 >> Received: 22 >> Received: 23 >> Received: 24 >> Received: 25 >> Received: 26 >> Received: 27 >> Received: 28 >> Received: 29 >> Received: 30 >> Received: 31 >> >> >> >> IP1: *199.204.214.40* changed to *1.2.3.4* to disarm this...just in >> case... >> IP2: *87.138.227.107* changed to *5.6.7.8* to disarm this...just in >> case... >> >> Versions: >> MailWatch Version: 1.2.9 >> OS: Ubuntu 16.04.6 LTS (Xenial Xerus) >> Postfix Version: 3.1.0 >> MailScanner Version: 5.1.2 >> ClamAV Version: 0.102.0-devel-20190715 >> SpamAssassin Version: 3.4.2 >> PHP Version: 5.6.40-8+ubuntu16.04.1+deb.sury.org+1 >> MySQL Version: 5.7.26-0ubuntu0.16.04.1 >> >> Can you help me to bring some light in this dark... >> >> -- >> Mit freundlichen Gruessen >> >> H. Backhaus >> >> Fink-Computer SystemeHeggrabenstr. 9, 35435 Wettenberg >> Email: heino.backhaus at fink-computer.de >> Web: www.fink-computer.de >> Fax: +49-641-98444638 >> Fon: +49-641-98444640 >> UST-ID: DE151040770 >> HRB: 2143 Gie?en >> GF: Fredi Fink >> >> I was gratified to be able to answer promptly, and I did. >> I said I didn't know. >> Mark Twain >> >> >> -- >> Diese E-Mail wurde auf Viren und gef?hrliche Anh?nge >> durch *MailScanner* untersucht und ist >> wahrscheinlich virenfrei. >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> -- > -- > Martin Hepworth, CISSP > Oxford, UK > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us [image: Cybersecurity] -------------- next part -------------- An HTML attachment was scrubbed... URL: From heino.backhaus at fink-computer.de Mon Jul 15 11:30:32 2019 From: heino.backhaus at fink-computer.de (Heino Backhaus) Date: Mon, 15 Jul 2019 13:30:32 +0200 Subject: possible attack against MailScanner ? In-Reply-To: References: Message-ID: thanks for answering... at now, i've got a main-question: As it seems, they tried to download and execute some code, so i need to make shure if they did succeed, cause if so, i need to shutdown MailScanner imidiately. But as you stated this should only work with exim ... The next question is: Where did the *Received:1-31* lines come from? They're looking a bit strange to me. Mit freundlichen Gruessen H. Backhaus Fink-Computer Systeme Heggrabenstr. 9, 35435 Wettenberg Email: heino.backhaus at fink-computer.de Web: www.fink-computer.de Fax: +49-641-98444638 Fon: +49-641-98444640 UST-ID: DE151040770 HRB: 2143 Gie?en GF: Fredi Fink I was gratified to be able to answer promptly, and I did. I said I didn't know. Mark Twain Am 15.07.2019 um 13:13 schrieb Martin Hepworth: > Looks like an attempt at the Exim vulnerability exploitation rather > than mailscanner > > On Mon, 15 Jul 2019 at 11:59, Heino Backhaus > > wrote: > > Hallo List, > > i need some help analysing the following email, i received last week. > > Mailwatch Mail-Metadata: > > Received: from sab.com (unknown [46.22.132.94]) > ? ? ?by mailscanner.mydomain.local (Postfix) with SMTP id D3F551005AD > ? ? ?for > >; Thu, 11 Jul 2019 > 19:34:58 +0200 (CEST) > *Received: 1** > **Received: 2** > **Received: 3** > **Received: 4** > **Received: 5** > **Received: 6** > **Received: 7** > **Received: 8** > **Received: 9** > **Received: 10** > **Received: 11** > **Received: 12** > **Received: 13** > **Received: 14** > **Received: 15** > **Received: 16** > **Received: 17** > **Received: 18** > **Received: 19** > **Received: 20** > **Received: 21** > **Received: 22** > **Received: 23** > **Received: 24** > **Received: 25** > **Received: 26** > **Received: 27** > **Received: 28** > **Received: 29** > **Received: 30** > **Received: 31* > > > > IP1: *199.204.214.40* changed to *1.2.3.4* to disarm this...just > in case... > IP2: *87.138.227.107* changed to *5.6.7.8* to disarm this...just > in case... > > Versions: > MailWatch Version: 1.2.9 > OS: Ubuntu 16.04.6 LTS (Xenial Xerus) > Postfix Version: 3.1.0 > MailScanner Version: 5.1.2 > ClamAV Version: 0.102.0-devel-20190715 > SpamAssassin Version: 3.4.2 > PHP Version: 5.6.40-8+ubuntu16.04.1+deb.sury.org > +1 > MySQL Version: 5.7.26-0ubuntu0.16.04.1 > > Can you help me to bring some light in this dark... > > -- > Mit freundlichen Gruessen > > H. Backhaus > > Fink-Computer Systeme > Heggrabenstr. 9, 35435 Wettenberg > Email: heino.backhaus at fink-computer.de > Web: www.fink-computer.de > Fax: +49-641-98444638 > Fon: +49-641-98444640 > UST-ID: DE151040770 > HRB: 2143 Gie?en > GF: Fredi Fink > > I was gratified to be able to answer promptly, and I did. > I said I didn't know. > Mark Twain > > > -- > Diese E-Mail wurde auf Viren und gef?hrliche Anh?nge > durch *MailScanner* untersucht und > ist wahrscheinlich virenfrei. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- > -- > Martin Hepworth, CISSP > Oxford, UK > > -- > Diese E-Mail wurde auf Viren und gef?hrliche Anh?nge > durch *MailScanner* untersucht und ist > wahrscheinlich virenfrei. > > -- Diese Nachricht wurde auf Viren und andere gef?hrliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heino.backhaus at fink-computer.de Mon Jul 15 15:14:54 2019 From: heino.backhaus at fink-computer.de (Heino Backhaus) Date: Mon, 15 Jul 2019 17:14:54 +0200 Subject: possible attack against MailScanner ? In-Reply-To: References: Message-ID: |Yes, i think you're right :-D it looks very simular to this: - If Exim was configured to recognize tags in the local part of the recipient's address (via "local_part_suffix = +* : -*" for example), then a remote attacker can simply reuse our local-exploitation method with an RCPT TO "*balrog+${run{...}}@*localhost" (where "balrog" is the name of a local user).| Source: https://www.exploit-db.com/exploits/46974 phueue...my mailscanner can live on... Thank you! Mit freundlichen Gruessen H. Backhaus Fink-Computer Systeme Heggrabenstr. 9, 35435 Wettenberg Email: heino.backhaus at fink-computer.de Web: www.fink-computer.de Fax: +49-641-98444638 Fon: +49-641-98444640 UST-ID: DE151040770 HRB: 2143 Gie?en GF: Fredi Fink I was gratified to be able to answer promptly, and I did. I said I didn't know. Mark Twain Am 15.07.2019 um 13:16 schrieb Shawn Iverson via MailScanner: > Agreed. > > On Mon, Jul 15, 2019 at 7:14 AM Martin Hepworth > wrote: > > Looks like an attempt at the Exim vulnerability exploitation > rather than mailscanner > > On Mon, 15 Jul 2019 at 11:59, Heino Backhaus > > wrote: > > Hallo List, > > i need some help analysing the following email, i received > last week. > > Mailwatch Mail-Metadata: > > Received: from sab.com (unknown [46.22.132.94]) > ? ? ?by mailscanner.mydomain.local (Postfix) with SMTP id > D3F551005AD > ? ? ?for > >; Thu, 11 Jul > 2019 19:34:58 +0200 (CEST) > Received: 1 > Received: 2 > Received: 3 > Received: 4 > Received: 5 > Received: 6 > Received: 7 > Received: 8 > Received: 9 > Received: 10 > Received: 11 > Received: 12 > Received: 13 > Received: 14 > Received: 15 > Received: 16 > Received: 17 > Received: 18 > Received: 19 > Received: 20 > Received: 21 > Received: 22 > Received: 23 > Received: 24 > Received: 25 > Received: 26 > Received: 27 > Received: 28 > Received: 29 > Received: 30 > Received: 31 > > > > IP1: *199.204.214.40* changed to *1.2.3.4* to disarm > this...just in case... > IP2: *87.138.227.107* changed to *5.6.7.8* to disarm > this...just in case... > > Versions: > MailWatch Version: 1.2.9 > OS: Ubuntu 16.04.6 LTS (Xenial Xerus) > Postfix Version: 3.1.0 > MailScanner Version: 5.1.2 > ClamAV Version: 0.102.0-devel-20190715 > SpamAssassin Version: 3.4.2 > PHP Version: 5.6.40-8+ubuntu16.04.1+deb.sury.org > +1 > MySQL Version: 5.7.26-0ubuntu0.16.04.1 > > Can you help me to bring some light in this dark... > > -- > Mit freundlichen Gruessen > > H. Backhaus > > Fink-Computer Systeme > Heggrabenstr. 9, 35435 Wettenberg > Email: heino.backhaus at fink-computer.de > Web: www.fink-computer.de > Fax: +49-641-98444638 > Fon: +49-641-98444640 > UST-ID: DE151040770 > HRB: 2143 Gie?en > GF: Fredi Fink > > I was gratified to be able to answer promptly, and I did. > I said I didn't know. > Mark Twain > > > -- > Diese E-Mail wurde auf Viren und gef?hrliche Anh?nge > durch *MailScanner* untersucht > und ist wahrscheinlich virenfrei. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- > -- > Martin Hepworth, CISSP > Oxford, UK > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > -- > Shawn Iverson, CETL > Director of Technology > Rush County Schools > 765-932-3901 option 7 > iversons at rushville.k12.in.us > > Cybersecurity > > -- > Diese E-Mail wurde auf Viren und gef?hrliche Anh?nge > durch *MailScanner* untersucht und ist > wahrscheinlich virenfrei. > > -- Diese Nachricht wurde auf Viren und andere gef?hrliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber. -------------- next part -------------- An HTML attachment was scrubbed... URL: From a.benhlal at delnet.fr Wed Jul 24 07:58:21 2019 From: a.benhlal at delnet.fr (Adil BENHLAL) Date: Wed, 24 Jul 2019 07:58:21 +0000 Subject: How to mark Microsoft files with macro as spam? Message-ID: <4c7ed5e7a0b8400782ace1fd7aec7313@delnet.fr> Hi, I would like to know if anyone knows how to mark Microsoft files as spam? Thank you in advance for your help -------------- next part -------------- An HTML attachment was scrubbed... URL: From vitaliy.tokarev at gmail.com Wed Jul 24 16:14:45 2019 From: vitaliy.tokarev at gmail.com (Vitaliy T) Date: Wed, 24 Jul 2019 19:14:45 +0300 Subject: MailScanner and Postfix restart issue Message-ID: Hello, Sorry, if the question below was already asked. Quick googling gives no answers. I have encountered with the issue when the mailscanner just stop processing any mail after the postfix's restart. There were no 100% CPU usage, just mailscanner processes do nothing. I need to restart postfix to update its configuration (hash databases to be clear). This is done by cron automatically. Is it possible that restarting postfix has affect on work of the mailscanner process? I mean, is MailScanner is using socket connections to postfix, may be file locks/checks or something similar? Are there recommendations about this case? Thank you! Rig: EFA 3.0.2.6 installation CentOS 6 x86_64 postfix-3.1.3-1.efa.el6.x86_64 MailScanner-5.0.7-1.noarch -- With Best Regards, Vitaliy V. Tokarev -------------- next part -------------- An HTML attachment was scrubbed... URL: From 546435 at gmail.com Thu Jul 25 12:07:42 2019 From: 546435 at gmail.com (Michael Shes) Date: Thu, 25 Jul 2019 15:07:42 +0300 Subject: some fonts get enlarged when receiving emails Message-ID: when i inspect the source of the message it looks like the font-size got another zero look example below CONFIDENTIALITY NOTICE: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential information and/or privileged material (which includes documents, files or previous e-mail messages, attached or otherwise). If you are not the intended recipient, or have received this email in error, even if addressed incorrectly, please notify the sender immediately and destroy this email. Any unauthorized copying, disclosure or distribution of the material in this email is STRICTLY PROHIBITED. From iversons at rushville.k12.in.us Thu Jul 25 17:09:58 2019 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Thu, 25 Jul 2019 13:09:58 -0400 Subject: MailScanner and Postfix restart issue In-Reply-To: References: Message-ID: Check the permissions on /var/spool/postfix/hold before and after reloading postfix. Are the permissions resetting on this directory? On Wed, Jul 24, 2019 at 12:46 PM Vitaliy T wrote: > Hello, > > Sorry, if the question below was already asked. Quick googling gives no > answers. > > I have encountered with the issue when the mailscanner just stop > processing any mail after the postfix's restart. There were no 100% CPU > usage, just mailscanner processes do nothing. > > I need to restart postfix to update its configuration (hash databases to > be clear). This is done by cron automatically. > > Is it possible that restarting postfix has affect on work of the > mailscanner process? I mean, is MailScanner is using socket connections to > postfix, may be file locks/checks or something similar? > > Are there recommendations about this case? > > Thank you! > > Rig: > EFA 3.0.2.6 installation > CentOS 6 x86_64 > postfix-3.1.3-1.efa.el6.x86_64 > MailScanner-5.0.7-1.noarch > > -- > With Best Regards, > Vitaliy V. Tokarev > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us [image: Cybersecurity] -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Thu Jul 25 17:11:37 2019 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 25 Jul 2019 10:11:37 -0700 Subject: some fonts get enlarged when receiving emails In-Reply-To: References: Message-ID: <78b4a7c8-903b-f030-d196-f9183329fb19@msapiro.net> On 7/25/19 5:07 AM, Michael Shes wrote: > when i inspect the source of the message it looks like the font-size got > another zero > > look example below > > CONFIDENTIALITY NOTICE: > The information transmitted is intended only for the person or entity to > which it is addressed and may contain confidential information and/or > privileged material (which includes documents, files or previous e-mail > messages, attached or otherwise). If you are not the intended recipient, > or have received this email in error, even if addressed incorrectly, > please notify the sender immediately and destroy this email. Any > unauthorized copying, disclosure or distribution of the material in this > email is STRICTLY PROHIBITED. > The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From vitaliy.tokarev at gmail.com Thu Jul 25 18:23:26 2019 From: vitaliy.tokarev at gmail.com (Vitaliy T) Date: Thu, 25 Jul 2019 21:23:26 +0300 Subject: MailScanner and Postfix restart issue In-Reply-To: References: Message-ID: I have checked permissions on postfix start/stop via auditd: 1. service auditd start 2. auditctl -w /var/spool/postfix/hold -k postfix_hold 3. ausearch -k postfix_hold | aureport -f -i Result: 1. The postfix restart does nothing on system where no mail traffic. 2. THe postfix restart calls fchmod syscall by postsuper process. The output is below. The restart was completed on 1 and 2 points. 1. 07/25/2019 21:01:13 /var/spool/postfix/hold open yes /bin/find tvv 160 2. 07/25/2019 21:01:13 hold open yes /usr/sbin/postsuper tvv 159 3. 07/25/2019 21:01:44 hold open yes /usr/libexec/postfix/showq tvv 171 4. 07/25/2019 21:01:54 (null) fchmod yes /usr/libexec/postfix/cleanup tvv 173 5. 07/25/2019 21:01:54 hold/5CEBB60FD5 rename yes /usr/libexec/postfix/cleanup tvv 172 6. 07/25/2019 21:01:58 hold/F3C3E60FD5 rename yes /usr/libexec/postfix/cleanup tvv 174 7. 07/25/2019 21:01:58 (null) fchmod yes /usr/libexec/postfix/cleanup tvv 175 8. 07/25/2019 21:02:12 (null) fchmod yes /usr/libexec/postfix/cleanup tvv 197 9. 07/25/2019 21:02:12 hold/2A37060FD5 rename yes /usr/libexec/postfix/cleanup tvv 196 10. 07/25/2019 21:02:16 (null) fchmod yes /usr/libexec/postfix/cleanup tvv 206 11. 07/25/2019 21:02:16 hold open yes /usr/libexec/postfix/showq tvv 204 12. 07/25/2019 21:02:16 hold/9232E60FD5 rename yes /usr/libexec/postfix/cleanup tvv 205 13. 07/25/2019 21:02:47 hold open yes /usr/libexec/postfix/showq tvv 227 14. 07/25/2019 21:03:04 hold/76AA860FD5 rename yes /usr/libexec/postfix/cleanup tvv 244 15. 07/25/2019 21:03:04 (null) fchmod yes /usr/libexec/postfix/cleanup tvv 245 16. 07/25/2019 21:03:16 hold/7DB5B60FD5 rename yes /usr/libexec/postfix/cleanup tvv 246 17. 07/25/2019 21:03:16 (null) fchmod yes /usr/libexec/postfix/cleanup tvv 247 18. 07/25/2019 21:03:18 hold/DB76560FD6 rename yes /usr/libexec/postfix/cleanup tvv 248 19. 07/25/2019 21:03:20 hold/7DB5B60FD5 open yes /usr/libexec/postfix/showq tvv 251 20. 07/25/2019 21:03:20 hold/DB76560FD6 open yes /usr/libexec/postfix/showq tvv 252 21. 07/25/2019 21:03:18 (null) fchmod yes /usr/libexec/postfix/cleanup tvv 249 22. 07/25/2019 21:03:20 hold open yes /usr/libexec/postfix/showq tvv 250 I have to note that I have encountered with this issue on one of installations with very high mail traffic (20k mails per day). I see no this problem on another installations with much less traffic (less than 5k/day). I will keep enabled auditd to catch this error again and I will send a message about details. Shawn, I think it is a bad idea to disable auditd on CentOS 6 (EFA 3.0.2.6) installation by default. I have noticed this right now, when I have needed to check permissions on /var/spool/postfix/hold. I understand that you are working on EFA 4 now, but please keep auditd enabled by default on at least in EFA 4. Yes, it could produce lots of logs, but there is logrotate to keep the log size within reasonable limits I am saying this as a system administrator with about 10 years experience. Thank you! On Thu, Jul 25, 2019 at 8:10 PM Shawn Iverson via MailScanner < mailscanner at lists.mailscanner.info> wrote: > Check the permissions on /var/spool/postfix/hold before and after > reloading postfix. Are the permissions resetting on this directory? > > On Wed, Jul 24, 2019 at 12:46 PM Vitaliy T > wrote: > >> Hello, >> >> Sorry, if the question below was already asked. Quick googling gives no >> answers. >> >> I have encountered with the issue when the mailscanner just stop >> processing any mail after the postfix's restart. There were no 100% CPU >> usage, just mailscanner processes do nothing. >> >> I need to restart postfix to update its configuration (hash databases to >> be clear). This is done by cron automatically. >> >> Is it possible that restarting postfix has affect on work of the >> mailscanner process? I mean, is MailScanner is using socket connections to >> postfix, may be file locks/checks or something similar? >> >> Are there recommendations about this case? >> >> Thank you! >> >> Rig: >> EFA 3.0.2.6 installation >> CentOS 6 x86_64 >> postfix-3.1.3-1.efa.el6.x86_64 >> MailScanner-5.0.7-1.noarch >> >> -- >> With Best Regards, >> Vitaliy V. Tokarev >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > -- > Shawn Iverson, CETL > Director of Technology > Rush County Schools > 765-932-3901 option 7 > iversons at rushville.k12.in.us > > [image: Cybersecurity] > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- With Best Regards, Vitaliy V. Tokarev -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Thu Jul 25 18:28:08 2019 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Thu, 25 Jul 2019 14:28:08 -0400 Subject: MailScanner and Postfix restart issue In-Reply-To: References: Message-ID: Auditd is enabled on v4. On Thu, Jul 25, 2019, 2:24 PM Vitaliy T I have checked permissions on postfix start/stop via auditd: > 1. service auditd start > 2. auditctl -w /var/spool/postfix/hold -k postfix_hold > 3. ausearch -k postfix_hold | aureport -f -i > > Result: > 1. The postfix restart does nothing on system where no mail traffic. > 2. THe postfix restart calls fchmod syscall by postsuper process. The > output is below. The restart was completed on 1 and 2 points. > > 1. 07/25/2019 21:01:13 /var/spool/postfix/hold open yes /bin/find tvv 160 > 2. 07/25/2019 21:01:13 hold open yes /usr/sbin/postsuper tvv 159 > 3. 07/25/2019 21:01:44 hold open yes /usr/libexec/postfix/showq tvv 171 > 4. 07/25/2019 21:01:54 (null) fchmod yes /usr/libexec/postfix/cleanup tvv > 173 > 5. 07/25/2019 21:01:54 hold/5CEBB60FD5 rename yes > /usr/libexec/postfix/cleanup tvv 172 > 6. 07/25/2019 21:01:58 hold/F3C3E60FD5 rename yes > /usr/libexec/postfix/cleanup tvv 174 > 7. 07/25/2019 21:01:58 (null) fchmod yes /usr/libexec/postfix/cleanup tvv > 175 > 8. 07/25/2019 21:02:12 (null) fchmod yes /usr/libexec/postfix/cleanup tvv > 197 > 9. 07/25/2019 21:02:12 hold/2A37060FD5 rename yes > /usr/libexec/postfix/cleanup tvv 196 > 10. 07/25/2019 21:02:16 (null) fchmod yes /usr/libexec/postfix/cleanup tvv > 206 > 11. 07/25/2019 21:02:16 hold open yes /usr/libexec/postfix/showq tvv 204 > 12. 07/25/2019 21:02:16 hold/9232E60FD5 rename yes > /usr/libexec/postfix/cleanup tvv 205 > 13. 07/25/2019 21:02:47 hold open yes /usr/libexec/postfix/showq tvv 227 > 14. 07/25/2019 21:03:04 hold/76AA860FD5 rename yes > /usr/libexec/postfix/cleanup tvv 244 > 15. 07/25/2019 21:03:04 (null) fchmod yes /usr/libexec/postfix/cleanup tvv > 245 > 16. 07/25/2019 21:03:16 hold/7DB5B60FD5 rename yes > /usr/libexec/postfix/cleanup tvv 246 > 17. 07/25/2019 21:03:16 (null) fchmod yes /usr/libexec/postfix/cleanup tvv > 247 > 18. 07/25/2019 21:03:18 hold/DB76560FD6 rename yes > /usr/libexec/postfix/cleanup tvv 248 > 19. 07/25/2019 21:03:20 hold/7DB5B60FD5 open yes > /usr/libexec/postfix/showq tvv 251 > 20. 07/25/2019 21:03:20 hold/DB76560FD6 open yes > /usr/libexec/postfix/showq tvv 252 > 21. 07/25/2019 21:03:18 (null) fchmod yes /usr/libexec/postfix/cleanup tvv > 249 > 22. 07/25/2019 21:03:20 hold open yes /usr/libexec/postfix/showq tvv 250 > > I have to note that I have encountered with this issue on one of > installations with very high mail traffic (20k mails per day). > I see no this problem on another installations with much less traffic > (less than 5k/day). > > I will keep enabled auditd to catch this error again and I will send a > message about details. > > Shawn, I think it is a bad idea to disable auditd on CentOS 6 (EFA > 3.0.2.6) installation by default. I have noticed this right now, when I > have needed to check permissions on /var/spool/postfix/hold. > I understand that you are working on EFA 4 now, but please keep auditd > enabled by default on at least in EFA 4. Yes, it could produce lots of > logs, but there is logrotate to keep the log size within reasonable limits > I am saying this as a system administrator with about 10 years experience. > > Thank you! > > > On Thu, Jul 25, 2019 at 8:10 PM Shawn Iverson via MailScanner < > mailscanner at lists.mailscanner.info> wrote: > >> Check the permissions on /var/spool/postfix/hold before and after >> reloading postfix. Are the permissions resetting on this directory? >> >> On Wed, Jul 24, 2019 at 12:46 PM Vitaliy T >> wrote: >> >>> Hello, >>> >>> Sorry, if the question below was already asked. Quick googling gives no >>> answers. >>> >>> I have encountered with the issue when the mailscanner just stop >>> processing any mail after the postfix's restart. There were no 100% CPU >>> usage, just mailscanner processes do nothing. >>> >>> I need to restart postfix to update its configuration (hash databases to >>> be clear). This is done by cron automatically. >>> >>> Is it possible that restarting postfix has affect on work of the >>> mailscanner process? I mean, is MailScanner is using socket connections to >>> postfix, may be file locks/checks or something similar? >>> >>> Are there recommendations about this case? >>> >>> Thank you! >>> >>> Rig: >>> EFA 3.0.2.6 installation >>> CentOS 6 x86_64 >>> postfix-3.1.3-1.efa.el6.x86_64 >>> MailScanner-5.0.7-1.noarch >>> >>> -- >>> With Best Regards, >>> Vitaliy V. Tokarev >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> >> >> -- >> Shawn Iverson, CETL >> Director of Technology >> Rush County Schools >> 765-932-3901 option 7 >> iversons at rushville.k12.in.us >> >> [image: Cybersecurity] >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > -- > With Best Regards, > Vitaliy V. Tokarev > -------------- next part -------------- An HTML attachment was scrubbed... URL: From 546435 at gmail.com Sun Jul 28 06:48:29 2019 From: 546435 at gmail.com (Michael Shes) Date: Sun, 28 Jul 2019 09:48:29 +0300 Subject: some fonts get enlarged when receiving emails In-Reply-To: <78b4a7c8-903b-f030-d196-f9183329fb19@msapiro.net> References: <78b4a7c8-903b-f030-d196-f9183329fb19@msapiro.net> Message-ID: I dont know if mailscanner did this, It happens with different unrelated senders not just one, we switched our mailboxes from our ISP hosting to our own spam filter (using ubuntu+poatfix+mailscanner+mailwatch) and a pop server using hmail on windows the issues started since than. On Thu, Jul 25, 2019 at 8:11 PM Mark Sapiro wrote: > On 7/25/19 5:07 AM, Michael Shes wrote: > > when i inspect the source of the message it looks like the font-size got > > another zero > > > > look example below > > > > CONFIDENTIALITY NOTICE: > > The information transmitted is intended only for the person or entity to > > which it is addressed and may contain confidential information and/or > > privileged material (which includes documents, files or previous e-mail > > messages, attached or otherwise). If you are not the intended recipient, > > or have received this email in error, even if addressed incorrectly, > > please notify the sender immediately and destroy this email. Any > > unauthorized copying, disclosure or distribution of the material in this > > email is STRICTLY PROHIBITED. > > > > Why do you think MailScanner did this? I don't see anything in > MailScanner that would modify this disclaimer. Further, while I agree > that 80 point is way too big, it appears that whatever composed this > intended to increase the size of the disclaimer and then reduce it at > the end. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Sun Jul 28 14:27:35 2019 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 28 Jul 2019 07:27:35 -0700 Subject: some fonts get enlarged when receiving emails In-Reply-To: References: <78b4a7c8-903b-f030-d196-f9183329fb19@msapiro.net> Message-ID: <2a3dc739-991e-abdc-d5e7-2f65beef41f2@msapiro.net> On 7/27/19 11:48 PM, Michael Shes wrote: > I dont know if mailscanner did this,?It happens with different?unrelated > senders not just one, we switched our mailboxes from our ISP hosting to > our own spam filter (using ubuntu+poatfix+mailscanner+mailwatch) and a > pop server using hmail on windows the issues started since than. Is it always the same disclaimer? Is something in your chain adding it? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From iversons at rushville.k12.in.us Sun Jul 28 14:36:16 2019 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Sun, 28 Jul 2019 10:36:16 -0400 Subject: some fonts get enlarged when receiving emails In-Reply-To: References: <78b4a7c8-903b-f030-d196-f9183329fb19@msapiro.net> Message-ID: Can you capture a full sample of the disclaimer? I will construct a message and run it through some tests. I doubt MailScanner is able to do this sort of modification, but we can at least double check. On Sun, Jul 28, 2019 at 2:48 AM Michael Shes <546435 at gmail.com> wrote: > I dont know if mailscanner did this, It happens with different unrelated > senders not just one, we switched our mailboxes from our ISP hosting to our > own spam filter (using ubuntu+poatfix+mailscanner+mailwatch) and a pop > server using hmail on windows the issues started since than. > > On Thu, Jul 25, 2019 at 8:11 PM Mark Sapiro wrote: > >> On 7/25/19 5:07 AM, Michael Shes wrote: >> > when i inspect the source of the message it looks like the font-size got >> > another zero >> > >> > look example below >> > >> > CONFIDENTIALITY NOTICE: >> > The information transmitted is intended only for the person or entity to >> > which it is addressed and may contain confidential information and/or >> > privileged material (which includes documents, files or previous e-mail >> > messages, attached or otherwise). If you are not the intended recipient, >> > or have received this email in error, even if addressed incorrectly, >> > please notify the sender immediately and destroy this email. Any >> > unauthorized copying, disclosure or distribution of the material in this >> > email is STRICTLY PROHIBITED. >> > > >> >> Why do you think MailScanner did this? I don't see anything in >> MailScanner that would modify this disclaimer. Further, while I agree >> that 80 point is way too big, it appears that whatever composed this >> intended to increase the size of the disclaimer and then reduce it at >> the end. >> >> -- >> Mark Sapiro The highway is for gamblers, >> San Francisco Bay Area, California better use your sense - B. Dylan >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us [image: Cybersecurity] -------------- next part -------------- An HTML attachment was scrubbed... URL: From 546435 at gmail.com Mon Jul 29 06:23:22 2019 From: 546435 at gmail.com (Michael Shes) Date: Mon, 29 Jul 2019 09:23:22 +0300 Subject: some fonts get enlarged when receiving emails In-Reply-To: <2a3dc739-991e-abdc-d5e7-2f65beef41f2@msapiro.net> References: <78b4a7c8-903b-f030-d196-f9183329fb19@msapiro.net> <2a3dc739-991e-abdc-d5e7-2f65beef41f2@msapiro.net> Message-ID: as i mentioned above it happens in different unrelated emails, in different places, some times the signature of that sender some times other places. so to your question, no its diffrent "disclaimer" / signature no, nothing in our chain adds that disclaimer, the disclaimer is from the sender On Sun, Jul 28, 2019 at 5:27 PM Mark Sapiro wrote: > On 7/27/19 11:48 PM, Michael Shes wrote: > > I dont know if mailscanner did this, It happens with different unrelated > > senders not just one, we switched our mailboxes from our ISP hosting to > > our own spam filter (using ubuntu+poatfix+mailscanner+mailwatch) and a > > pop server using hmail on windows the issues started since than. > > > Is it always the same disclaimer? Is something in your chain adding it? > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From 546435 at gmail.com Tue Jul 30 08:51:26 2019 From: 546435 at gmail.com (Michael Shes) Date: Tue, 30 Jul 2019 11:51:26 +0300 Subject: some fonts get enlarged when receiving emails In-Reply-To: References: <78b4a7c8-903b-f030-d196-f9183329fb19@msapiro.net> Message-ID: I am attaching the full html message with the issue, see the one of the "From" was 10pts and got 100pts, i think there is a line break the one of the systme is adding a 0 (zero) to that line break i removed all the personal information from the attached file i think maybe this issue occurs when some one sends an email from a Microsoft application On Sun, Jul 28, 2019 at 5:36 PM Shawn Iverson via MailScanner < mailscanner at lists.mailscanner.info> wrote: > Can you capture a full sample of the disclaimer? I will construct a > message and run it through some tests. I doubt MailScanner is able to do > this sort of modification, but we can at least double check. > > On Sun, Jul 28, 2019 at 2:48 AM Michael Shes <546435 at gmail.com> wrote: > >> I dont know if mailscanner did this, It happens with different unrelated >> senders not just one, we switched our mailboxes from our ISP hosting to our >> own spam filter (using ubuntu+poatfix+mailscanner+mailwatch) and a pop >> server using hmail on windows the issues started since than. >> >> On Thu, Jul 25, 2019 at 8:11 PM Mark Sapiro wrote: >> >>> On 7/25/19 5:07 AM, Michael Shes wrote: >>> > when i inspect the source of the message it looks like the font-size >>> got >>> > another zero >>> > >>> > look example below >>> > >>> > CONFIDENTIALITY NOTICE: >>> > The information transmitted is intended only for the person or entity >>> to >>> > which it is addressed and may contain confidential information and/or >>> > privileged material (which includes documents, files or previous e-mail >>> > messages, attached or otherwise). If you are not the intended >>> recipient, >>> > or have received this email in error, even if addressed incorrectly, >>> > please notify the sender immediately and destroy this email. Any >>> > unauthorized copying, disclosure or distribution of the material in >>> this >>> > email is STRICTLY PROHIBITED. >>> > >> >>> >>> Why do you think MailScanner did this? I don't see anything in >>> MailScanner that would modify this disclaimer. Further, while I agree >>> that 80 point is way too big, it appears that whatever composed this >>> intended to increase the size of the disclaimer and then reduce it at >>> the end. >>> >>> -- >>> Mark Sapiro The highway is for gamblers, >>> San Francisco Bay Area, California better use your sense - B. Dylan >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > -- > Shawn Iverson, CETL > Director of Technology > Rush County Schools > 765-932-3901 option 7 > iversons at rushville.k12.in.us > > [image: Cybersecurity] > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailinglists at feedmebits.nl Tue Jul 30 14:07:52 2019 From: mailinglists at feedmebits.nl (Maarten) Date: Tue, 30 Jul 2019 14:07:52 +0000 Subject: RHEL8 mailscanner Message-ID: <93a732293ea0b3ab64f863bef1907ccb@afterlogic.feedmebits.nl> Has anyone had the chance to test running mailscanner on RHEL8 yet? -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner at replies.cyways.com Wed Jul 31 16:43:10 2019 From: mailscanner at replies.cyways.com (Peter H. Lemieux) Date: Wed, 31 Jul 2019 12:43:10 -0400 Subject: Any sample init.d scripts for sendmail on CentOS 6? Message-ID: <5a276e37-903c-32da-8a6c-9fca32d7c4af@replies.cyways.com> I just installed 5.1.3-2 on a CentOS 6 box. Does anyone have a modified /etc/init.d/sendmail script or a diff? Doing surgery on these scripts has always been a bit daunting for me. I appear to have got starting worked out, but stopping isn't working so well. I guess I could just use "killall -9 sendmail", but I'd prefer something more elegant if possible. Thanks! Peter