From pparsons at techeez.com Tue Jun 4 20:41:50 2019 From: pparsons at techeez.com (Philip Parsons) Date: Tue, 4 Jun 2019 20:41:50 +0000 Subject: New install not scanning any emails Message-ID: <11D8E491D9562549A61FD3186F36342002FF26D2FA@exchange.techeez.com> Unbuntu 18 Sendmail Mailscanner and spamassassion -lint clean But if you send it message it does not scan it at all it just forwards it. Anyone got any ideas, I cannot seem to find the issue.. Debug mode gives me not hints... Thank you. Philip Parsons -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Tue Jun 4 21:07:03 2019 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 4 Jun 2019 14:07:03 -0700 Subject: New install not scanning any emails In-Reply-To: <11D8E491D9562549A61FD3186F36342002FF26D2FA@exchange.techeez.com> References: <11D8E491D9562549A61FD3186F36342002FF26D2FA@exchange.techeez.com> Message-ID: <01a75449-7a6c-5456-f570-821a44a5b73f@msapiro.net> On 6/4/19 1:41 PM, Philip Parsons wrote: > Unbuntu 18 > > Sendmail > > But if you send it message it does not scan it at all it just forwards it. > > Anyone got any ideas, I cannot seem to find the issue..? Debug mode > gives me not hints? Is MailScanner/Sendmail configured per ? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From pparsons at techeez.com Tue Jun 4 21:33:00 2019 From: pparsons at techeez.com (Philip Parsons) Date: Tue, 4 Jun 2019 21:33:00 +0000 Subject: New install not scanning any emails In-Reply-To: <01a75449-7a6c-5456-f570-821a44a5b73f@msapiro.net> References: <11D8E491D9562549A61FD3186F36342002FF26D2FA@exchange.techeez.com> <01a75449-7a6c-5456-f570-821a44a5b73f@msapiro.net> Message-ID: <11D8E491D9562549A61FD3186F36342002FF26D541@exchange.techeez.com> Aah well no as the new send mail already has two different processing queues.. drwxr-s--- 2 smmta smmsp 4.0K Jun 4 10:21 mqueue drwxrws--- 2 smmsp smmsp 4.0K Jun 4 10:19 mqueue-client So I told Mail scanner which one was witch.. -----Original Message----- From: MailScanner On Behalf Of Mark Sapiro Sent: June 4, 2019 2:07 PM To: mailscanner at lists.mailscanner.info Subject: Re: New install not scanning any emails On 6/4/19 1:41 PM, Philip Parsons wrote: > Unbuntu 18 > > Sendmail > > But if you send it message it does not scan it at all it just forwards it. > > Anyone got any ideas, I cannot seem to find the issue..? Debug mode > gives me not hints? Is MailScanner/Sendmail configured per ? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From pparsons at techeez.com Tue Jun 4 21:45:34 2019 From: pparsons at techeez.com (Philip Parsons) Date: Tue, 4 Jun 2019 21:45:34 +0000 Subject: New install not scanning any emails In-Reply-To: <11D8E491D9562549A61FD3186F36342002FF26D541@exchange.techeez.com> References: <11D8E491D9562549A61FD3186F36342002FF26D2FA@exchange.techeez.com> <01a75449-7a6c-5456-f570-821a44a5b73f@msapiro.net> <11D8E491D9562549A61FD3186F36342002FF26D541@exchange.techeez.com> Message-ID: <11D8E491D9562549A61FD3186F36342002FF26D5D7@exchange.techeez.com> Aah but it did point me to the right thing.. I needed to add root and bin to the group smmsp As I had added Incoming Queue Dir = /var/spool/mqueue-client Outgoing Queue Dir = /var/spool/mqueue To my_settings.conf -----Original Message----- From: MailScanner On Behalf Of Philip Parsons Sent: June 4, 2019 2:33 PM To: MailScanner Discussion Subject: RE: New install not scanning any emails Aah well no as the new send mail already has two different processing queues.. drwxr-s--- 2 smmta smmsp 4.0K Jun 4 10:21 mqueue drwxrws--- 2 smmsp smmsp 4.0K Jun 4 10:19 mqueue-client So I told Mail scanner which one was witch.. -----Original Message----- From: MailScanner On Behalf Of Mark Sapiro Sent: June 4, 2019 2:07 PM To: mailscanner at lists.mailscanner.info Subject: Re: New install not scanning any emails On 6/4/19 1:41 PM, Philip Parsons wrote: > Unbuntu 18 > > Sendmail > > But if you send it message it does not scan it at all it just forwards it. > > Anyone got any ideas, I cannot seem to find the issue..? Debug mode > gives me not hints? Is MailScanner/Sendmail configured per ? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From pparsons at techeez.com Tue Jun 4 23:30:40 2019 From: pparsons at techeez.com (Philip Parsons) Date: Tue, 4 Jun 2019 23:30:40 +0000 Subject: New install not scanning any emails In-Reply-To: <11D8E491D9562549A61FD3186F36342002FF26D5D7@exchange.techeez.com> References: <11D8E491D9562549A61FD3186F36342002FF26D2FA@exchange.techeez.com> <01a75449-7a6c-5456-f570-821a44a5b73f@msapiro.net> <11D8E491D9562549A61FD3186F36342002FF26D541@exchange.techeez.com> <11D8E491D9562549A61FD3186F36342002FF26D5D7@exchange.techeez.com> Message-ID: <11D8E491D9562549A61FD3186F36342002FF26DC3A@exchange.techeez.com> OK so that?s wrong.. It only works if sendmail is not running. As I was testing from the command line.. I will follow the instructions below and see if I can get it to work. -----Original Message----- From: MailScanner On Behalf Of Philip Parsons Sent: June 4, 2019 2:46 PM To: MailScanner Discussion Subject: RE: New install not scanning any emails Aah but it did point me to the right thing.. I needed to add root and bin to the group smmsp As I had added Incoming Queue Dir = /var/spool/mqueue-client Outgoing Queue Dir = /var/spool/mqueue To my_settings.conf -----Original Message----- From: MailScanner On Behalf Of Philip Parsons Sent: June 4, 2019 2:33 PM To: MailScanner Discussion Subject: RE: New install not scanning any emails Aah well no as the new send mail already has two different processing queues.. drwxr-s--- 2 smmta smmsp 4.0K Jun 4 10:21 mqueue drwxrws--- 2 smmsp smmsp 4.0K Jun 4 10:19 mqueue-client So I told Mail scanner which one was witch.. -----Original Message----- From: MailScanner On Behalf Of Mark Sapiro Sent: June 4, 2019 2:07 PM To: mailscanner at lists.mailscanner.info Subject: Re: New install not scanning any emails On 6/4/19 1:41 PM, Philip Parsons wrote: > Unbuntu 18 > > Sendmail > > But if you send it message it does not scan it at all it just forwards it. > > Anyone got any ideas, I cannot seem to find the issue..? Debug mode > gives me not hints? Is MailScanner/Sendmail configured per ? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From pparsons at techeez.com Wed Jun 5 02:13:28 2019 From: pparsons at techeez.com (Philip Parsons) Date: Wed, 5 Jun 2019 02:13:28 +0000 Subject: New install not scanning any emails In-Reply-To: <11D8E491D9562549A61FD3186F36342002FF26DC3A@exchange.techeez.com> References: <11D8E491D9562549A61FD3186F36342002FF26D2FA@exchange.techeez.com> <01a75449-7a6c-5456-f570-821a44a5b73f@msapiro.net> <11D8E491D9562549A61FD3186F36342002FF26D541@exchange.techeez.com> <11D8E491D9562549A61FD3186F36342002FF26D5D7@exchange.techeez.com> <11D8E491D9562549A61FD3186F36342002FF26DC3A@exchange.techeez.com> Message-ID: <11D8E491D9562549A61FD3186F36342002FF26E4DC@exchange.techeez.com> Ok so version 8.15 of sendmail uses chroot which is causing all sorts of problems I cannot seem to figure out the permissions to get it to work all I keep getting is different errors. Has anyone gotten this to work ? -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+pparsons=techeez.com at lists.mailscanner.info] On Behalf Of Philip Parsons Sent: Tuesday, June 4, 2019 4:31 PM To: MailScanner Discussion Subject: RE: New install not scanning any emails OK so that?s wrong.. It only works if sendmail is not running. As I was testing from the command line.. I will follow the instructions below and see if I can get it to work. -----Original Message----- From: MailScanner On Behalf Of Philip Parsons Sent: June 4, 2019 2:46 PM To: MailScanner Discussion Subject: RE: New install not scanning any emails Aah but it did point me to the right thing.. I needed to add root and bin to the group smmsp As I had added Incoming Queue Dir = /var/spool/mqueue-client Outgoing Queue Dir = /var/spool/mqueue To my_settings.conf -----Original Message----- From: MailScanner On Behalf Of Philip Parsons Sent: June 4, 2019 2:33 PM To: MailScanner Discussion Subject: RE: New install not scanning any emails Aah well no as the new send mail already has two different processing queues.. drwxr-s--- 2 smmta smmsp 4.0K Jun 4 10:21 mqueue drwxrws--- 2 smmsp smmsp 4.0K Jun 4 10:19 mqueue-client So I told Mail scanner which one was witch.. -----Original Message----- From: MailScanner On Behalf Of Mark Sapiro Sent: June 4, 2019 2:07 PM To: mailscanner at lists.mailscanner.info Subject: Re: New install not scanning any emails On 6/4/19 1:41 PM, Philip Parsons wrote: > Unbuntu 18 > > Sendmail > > But if you send it message it does not scan it at all it just forwards it. > > Anyone got any ideas, I cannot seem to find the issue..? Debug mode > gives me not hints? Is MailScanner/Sendmail configured per ? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From chenjeff622 at hotmail.com Thu Jun 6 09:03:16 2019 From: chenjeff622 at hotmail.com (jeff chen) Date: Thu, 6 Jun 2019 09:03:16 +0000 Subject: how to fix spam action notify encode problem Message-ID: the subject charset display correct if we use thunderbird to get notify(utf8) mail. it will get wrong charset of subject (outlook) at same notify mail. Is it Possible to fix the problem? Or where is send mail module file that we can fix it by our self. Thunderbird notify subject: {Spam not delivered} NOVA??????????? ??i?? Outlook notify subject: {Spam not delivered} NOVA????????????????? ??????? Jeff Chen -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Thu Jun 6 21:44:53 2019 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 6 Jun 2019 14:44:53 -0700 Subject: how to fix spam action notify encode problem In-Reply-To: References: Message-ID: <7fd2c1ea-c835-f6f4-3d3f-56be6c86ecc7@msapiro.net> On 6/6/19 2:03 AM, jeff chen wrote: > the subject charset display correct if we use thunderbird to get > notify(utf8) mail. > > it will get wrong charset of subject (outlook) at same notify mail. Is > it Possible to fix the problem? Or where is send mail module file that > we can fix it by our self. > > ? > > Thunderbird ??notify? subject: {Spam not delivered} NOVA???????? > ??? ??i?? > > Outlook ??????????notify ?subject: {Spam not delivered} NOVA??????? > ?????????? ??????? Are you sure this isn't an Outlook issue? What is the raw Subject: header? You can see this in Tbird by 'view source'. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From chenjeff622 at hotmail.com Thu Jun 6 23:19:05 2019 From: chenjeff622 at hotmail.com (jeff chen) Date: Thu, 6 Jun 2019 23:19:05 +0000 Subject: =?utf-8?B?5Zue6KaGOiBob3cgdG8gZml4IHNwYW0gYWN0aW9uIG5vdGlmeSBlbmNvZGUg?= =?utf-8?Q?problem?= In-Reply-To: <7fd2c1ea-c835-f6f4-3d3f-56be6c86ecc7@msapiro.net> References: , <7fd2c1ea-c835-f6f4-3d3f-56be6c86ecc7@msapiro.net> Message-ID: I don?t think it outlook problem . because it display correct charset if we send utf8 mail from thunderbird to outlook. I think it may subject encode problem. Pls see blow have 2 different result. 1.Mailscanner notify mail content . thunderbird got right subject charset. Outlook is not Subject: {Spam not delivered} ?????????QCDN??????CDN???? X-XXXX-MailScanner: generated, Found to be clean Message-Id: <20190606033027.D15F1510DB at xxx.xxx> Date: Thu, 6 Jun 2019 11:30:27 +0800 (CST) X-XXXX-MailScanner-Information: Please contact the ISP for more information X-XXXX-MailScanner-ID: D15F1510DB.A8F50 X-XXXX-MailScanner-From: xxx at xxx.xxx X-XXXX-MailScanner-Watermark: 1560396627.99019 at N8yg4RZGydtoO4OvGtKxBA X-Spam-Status: No Our UCE (spam) detectors have been triggered by a message you received:- From: xxx at xxx.xxx Subject: ?????????QCDN??????CDN???? Date: Thu Jun 6 11:30:15 2019 This message has not been delivered. The detectors that were triggered are spam, SpamAssassin. 2.Thunderbird send mail contect. Thunder and outlook got right subject charset both. Subject: =?UTF-8?B?e1NwYW0gbm90IGRlbGl2ZXJlZH0g5byV6YCy6Zyn56uv6YGL566X5p62?= =?UTF-8?B?5qeL77yMUUNETuaPkOS+m+abtOS+v+WunOeahENETuS9v+eUqOiyu+eOhw==?= Organization: SiSfb Tech CO,. Message-ID: <0b917540-13f7-9f65-3b4c-8e624595720a at xxx.xxx> Date: Fri, 7 Jun 2019 07:01:50 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-XXXX-MailScanner-Information: Please contact the ISP for more information X-XXXX-MailScanner-ID: 790EF51195.ACC6B X-XXXX-MailScanner: Found to be clean X-XXXX-MailScanner-From: xxx at xxx.xxx X-XXXX-MailScanner-Watermark: 1560466913.326 at N3/yIpZRDPSNfQOudL8sOQ X-Spam-Status: No Our UCE (spam) detectors have been triggered by a message you received:- From: xxx at xxx.xxx Subject: ??????????????QCDN?????????CDN?????? Date: Thu Jun 6 11:30:15 2019 This message has not been delivered. The detectors that were triggered are spam, SpamAssassin. The message to you has been detected as spam based on either its contents or the mail server which sent the message to us, or both. We do not accept unsolicited commercial (spam) e-mail and actively work to stop it. If you have any questions about this, or you believe you have received this message in error, please contact the site system administrators. Your system administrators will need the following information: Server name: xxx.xxx Message id: 3EA324DA32.A1402 Date code: 20190606 ? Windows 10 ????? ________________________________ ???: MailScanner ?? Mark Sapiro ????: Friday, June 7, 2019 5:44:53 AM ???: mailscanner at lists.mailscanner.info ??: Re: how to fix spam action notify encode problem On 6/6/19 2:03 AM, jeff chen wrote: > the subject charset display correct if we use thunderbird to get > notify(utf8) mail. > > it will get wrong charset of subject (outlook) at same notify mail. Is > it Possible to fix the problem? Or where is send mail module file that > we can fix it by our self. > > > > Thunderbird notify subject: {Spam not delivered} NOVA???????? > ??? ??i?? > > Outlook notify subject: {Spam not delivered} NOVA??????? > ?????????? ??????? Are you sure this isn't an Outlook issue? What is the raw Subject: header? You can see this in Tbird by 'view source'. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Fri Jun 7 00:56:34 2019 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 6 Jun 2019 17:56:34 -0700 Subject: =?UTF-8?B?UmU6IOWbnuimhjogaG93IHRvIGZpeCBzcGFtIGFjdGlvbiBub3RpZnkg?= =?UTF-8?Q?encode_problem?= In-Reply-To: References: <7fd2c1ea-c835-f6f4-3d3f-56be6c86ecc7@msapiro.net> Message-ID: On 6/6/19 4:19 PM, jeff chen wrote: > I don?t think it outlook problem . because it display correct charset if > we send utf8 mail from thunderbird to outlook. I think it may subject > encode problem. Pls see blow have 2 different result. ... > 2.Thunderbird send mail contect. Thunder and outlook got right subject > charset both. > > Subject: > =?UTF-8?B?e1NwYW0gbm90IGRlbGl2ZXJlZH0g5byV6YCy6Zyn56uv6YGL566X5p62?= > =?UTF-8?B?5qeL77yMUUNETuaPkOS+m+abtOS+v+WunOeahENETuS9v+eUqOiyu+eOhw==?= That is a valid rfc2047 encoded header which decodes to {Spam not delivered} ?????????QCDN??????CDN???? If Outlook does not display it correctly, that's an Outlook issue. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From james at mindman.com.tw Mon Jun 10 01:54:36 2019 From: james at mindman.com.tw (James Chien) Date: Mon, 10 Jun 2019 09:54:36 +0800 Subject: =?utf-8?Q?RE:_=E5=9B=9E=E8=A6=86:_how_to_fix_spam_action_n?= =?utf-8?Q?otify_encode_problem?= In-Reply-To: References: <7fd2c1ea-c835-f6f4-3d3f-56be6c86ecc7@msapiro.net> Message-ID: <023701d51f2f$75904210$60b0c630$@mindman.com.tw> Just like Mark said, the original subject didn't encode properly following the rfc. This kind of email is mostly AD. Thunderbird can "guess" the local language you're using, but outlook can't. Outlook treats the unidentifiable subject as en and it's normal. -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+james=mindman.com.tw at lists.mailscanner.info] On Behalf Of Mark Sapiro Sent: Friday, June 07, 2019 8:57 AM To: mailscanner at lists.mailscanner.info Subject: Re: ??: how to fix spam action notify encode problem On 6/6/19 4:19 PM, jeff chen wrote: > I don?t think it outlook problem . because it display correct charset if > we send utf8 mail from thunderbird to outlook. I think it may subject > encode problem. Pls see blow have 2 different result. ... > 2.Thunderbird send mail contect. Thunder and outlook got right subject > charset both. > > Subject: > =?UTF-8?B?e1NwYW0gbm90IGRlbGl2ZXJlZH0g5byV6YCy6Zyn56uv6YGL566X5p62?= > =?UTF-8?B?5qeL77yMUUNETuaPkOS+m+abtOS+v+WunOeahENETuS9v+eUqOiyu+eOhw==?= That is a valid rfc2047 encoded header which decodes to {Spam not delivered} ?????????QCDN??????CDN???? If Outlook does not display it correctly, that's an Outlook issue. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From th3penguinwhisperer at gmail.com Tue Jun 11 18:51:23 2019 From: th3penguinwhisperer at gmail.com (PenguinWhispererThe .) Date: Tue, 11 Jun 2019 20:51:23 +0200 Subject: Redelivering mail from archive (mbox format? to Maildir) Message-ID: Hi, A user had an issue with his mail software and got some emails deleted. I can't seem to restore them from backup however I found the email in the mailscanner archive directory /var/spool/MailScanner/archive/. However I don't seem to find how to "replay" this message. So let it be delivered in the Maildir again. I found some articles about quarantined emails and I have these settings: Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = no So if I understand this right I have emails in Mbox format in "archive"? Filename is something like this: E124D123456.A123F How can I let this archived message be delivered again to the Maildir of the user? The user Maildir is on the same server. So perhaps there's a way to put it in a correct directory in the Maildir or put it in a queue. Or is it in like an EML format? Or is this not possible? I'm using postfix BTW. Thanks in advance for your help. -------------- next part -------------- An HTML attachment was scrubbed... URL: From lmilligan at co.walton.ga.us Tue Jun 11 19:36:22 2019 From: lmilligan at co.walton.ga.us (Lamar Milligan) Date: Tue, 11 Jun 2019 15:36:22 -0400 (EDT) Subject: Mail from Outside our Domain not Stored Message-ID: <033101d5208c$f3052a90$d90f7fb0$@co.walton.ga.us> Email from outside our domain are not stored in the quarantine folders.? If email originates from our domain it is processed as expected, both stored and delivered to recipients.? MailScanner runs on a mail gateway running sendmail.? All users have entries in the /etc/aliases file that actually delivers email to accounts on our Zimbra server.? I suspect that is the reason for this behavior, but would really appreciate input from others.? The following are set in the MailScanner.conf file: Spam Actions = store header "X-Spam-Status: Yes" High Scoring Spam Actions = store header "X-Spam-Status: Oh Yes" Non Spam Actions = store deliver header "X-Spam-Status: No" Thanks for your help, Lamar Milligan From Antony.Stone at mailscanner.open.source.it Tue Jun 11 19:46:13 2019 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Tue, 11 Jun 2019 21:46:13 +0200 Subject: Mail from Outside our Domain not Stored In-Reply-To: <033101d5208c$f3052a90$d90f7fb0$@co.walton.ga.us> References: <033101d5208c$f3052a90$d90f7fb0$@co.walton.ga.us> Message-ID: <201906112146.13299.Antony.Stone@mailscanner.open.source.it> On Tuesday 11 June 2019 at 21:36:22, Lamar Milligan via MailScanner wrote: > Email from outside our domain are not stored in the quarantine folders. > If email originates from our domain it is processed as expected, both > stored and delivered to recipients. MailScanner runs on a mail gateway > running sendmail. All users have entries in the /etc/aliases file that > actually delivers email to accounts on our Zimbra server. I suspect that > is the reason for this behavior, but would really appreciate input from > others. Please describe the network layout between: - clients sending & receiving mail - the "mail gateway" running sendmail and MailScanner - the Zimbra server - the Internet connection What's most important is to explain the route email takes: 1 - from a client, via MailScanner, to the outside world 2 - from the outside world, via MailScanner, to the client Regards, Antony. -- Tinned food was developed for the British Navy in 1813. The tin opener was not invented until 1858. Please reply to the list; please *don't* CC me. From mark at msapiro.net Tue Jun 11 19:46:57 2019 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 11 Jun 2019 12:46:57 -0700 Subject: Mail from Outside our Domain not Stored In-Reply-To: <033101d5208c$f3052a90$d90f7fb0$@co.walton.ga.us> References: <033101d5208c$f3052a90$d90f7fb0$@co.walton.ga.us> Message-ID: <25d214b7-798d-caac-0f7e-60b17b2c90c3@msapiro.net> On 6/11/19 12:36 PM, Lamar Milligan via MailScanner wrote: > Email from outside our domain are not stored in the quarantine folders. Is MailScanner invoked at all on these mails? If it is, it would seem from your settings that the mail should be stored. Is there some ruleset that exempts non-local mail? Does the delivery path for non-local mail invoke MailScanner? > If email originates from our domain it is processed as expected, both > stored and delivered to recipients.? MailScanner runs on a mail gateway > running sendmail.? All users have entries in the /etc/aliases file that > actually delivers email to accounts on our Zimbra server.? I suspect that > is the reason for this behavior, but would really appreciate input from > others.? > > The following are set in the MailScanner.conf file: > Spam Actions = store header "X-Spam-Status: Yes" > High Scoring Spam Actions = store header "X-Spam-Status: Oh Yes" > Non Spam Actions = store deliver header "X-Spam-Status: No" -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From th3penguinwhisperer at gmail.com Tue Jun 11 20:12:59 2019 From: th3penguinwhisperer at gmail.com (PenguinWhispererThe .) Date: Tue, 11 Jun 2019 22:12:59 +0200 Subject: Redelivering mail from archive (mbox format? to Maildir) In-Reply-To: References: Message-ID: BTW: I have the following configuration for Archive: Archive Mail = /var/spool/MailScanner/archive # If a location specified in "Archive Mail" is not found, should it assume Missing Mail Archive Is = directory The E124D.... mentioned earlier is not a directory though, it's a file. The file utility says it's "data". And it's located in a directory YYYYMMDD. I thought I had a lead that the format is mbx so installed mbx2mbox but I got an error that this is not an mbx or dbx file. Content starts with: C_ 933942 725 1 0 933942 If anyone would recognize this format or what format Mailscanner is using for it's format that would be great. On Tue, 11 Jun 2019 at 20:51, PenguinWhispererThe . < th3penguinwhisperer at gmail.com> wrote: > Hi, > > A user had an issue with his mail software and got some emails deleted. > I can't seem to restore them from backup however I found the email in the > mailscanner archive directory /var/spool/MailScanner/archive/. > > However I don't seem to find how to "replay" this message. So let it be > delivered in the Maildir again. > > I found some articles about quarantined emails and I have these settings: > Quarantine Whole Message = yes > Quarantine Whole Messages As Queue Files = no > > So if I understand this right I have emails in Mbox format in "archive"? > Filename is something like this: > E124D123456.A123F > > How can I let this archived message be delivered again to the Maildir of > the user? The user Maildir is on the same server. So perhaps there's a way > to put it in a correct directory in the Maildir or put it in a queue. Or is > it in like an EML format? > Or is this not possible? > > I'm using postfix BTW. > > Thanks in advance for your help. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Tue Jun 11 21:03:20 2019 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 11 Jun 2019 14:03:20 -0700 Subject: Redelivering mail from archive (mbox format? to Maildir) In-Reply-To: References: Message-ID: <64a0205b-a41d-7315-ff94-28cbbe191897@msapiro.net> On 6/11/19 1:12 PM, PenguinWhispererThe . wrote: > > The E124D.... mentioned earlier is not a directory though, it's a file. > The file utility says it's "data". And it's located in a directory YYYYMMDD. > I thought I had a lead that the format is mbx so installed mbx2mbox but > I got an error that this is not an mbx or dbx file. > Content starts with: > C_ ? ? ? ? 933942 ? ? ? ? ? ? 725 ? ? ? ? ? ? ? 1 ? ? ? ? ? ? ? 0 ? ? ? > ? ?933942 > > If anyone would recognize this format or what format Mailscanner is > using for it's format that would be great. I'm not certain from that one line, but it could be a Postfix queue file in which case you should be able to just move or copy it to /var/spool/postfix/incoming/ after ensuring its ownership and mode are such that Postfix can read it. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From th3penguinwhisperer at gmail.com Tue Jun 11 21:14:06 2019 From: th3penguinwhisperer at gmail.com (PenguinWhispererThe .) Date: Tue, 11 Jun 2019 23:14:06 +0200 Subject: Redelivering mail from archive (mbox format? to Maildir) In-Reply-To: <64a0205b-a41d-7315-ff94-28cbbe191897@msapiro.net> References: <64a0205b-a41d-7315-ff94-28cbbe191897@msapiro.net> Message-ID: Thanks for the suggestion. I already tried that. Also changed the permissions to it now and retried. postqueue -p says the queue is empty :( If I copy paste a bit further of the file: C_ 933942 725 1 0 933942 0T1552039675 847537Acreate_time=1552039675Alog_ident=E124D123456Arewrite_context=remoteSuser at example.comA Note that I redacted some of the fields. On Tue, 11 Jun 2019 at 23:03, Mark Sapiro wrote: > On 6/11/19 1:12 PM, PenguinWhispererThe . wrote: > > > > The E124D.... mentioned earlier is not a directory though, it's a file. > > The file utility says it's "data". And it's located in a directory > YYYYMMDD. > > I thought I had a lead that the format is mbx so installed mbx2mbox but > > I got an error that this is not an mbx or dbx file. > > Content starts with: > > C_ 933942 725 1 0 > > 933942 > > > > If anyone would recognize this format or what format Mailscanner is > > using for it's format that would be great. > > > I'm not certain from that one line, but it could be a Postfix queue file > in which case you should be able to just move or copy it to > /var/spool/postfix/incoming/ after ensuring its ownership and mode are > such that Postfix can read it. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From th3penguinwhisperer at gmail.com Tue Jun 11 21:25:10 2019 From: th3penguinwhisperer at gmail.com (PenguinWhispererThe .) Date: Tue, 11 Jun 2019 23:25:10 +0200 Subject: Redelivering mail from archive (mbox format? to Maildir) In-Reply-To: References: <64a0205b-a41d-7315-ff94-28cbbe191897@msapiro.net> Message-ID: Sorry to spam the list. This indeed seems like a postfix queue file. I used postcat and it reads the format properly. However it's still unclear on how I can get this message reprocessed. Is there anything special that I would need to be aware of when using postfix with mailscanner to get the message queued again? Thanks a lot already! On Tue, 11 Jun 2019 at 23:14, PenguinWhispererThe . < th3penguinwhisperer at gmail.com> wrote: > Thanks for the suggestion. I already tried that. Also changed the > permissions to it now and retried. postqueue -p says the queue is empty :( > > If I copy paste a bit further of the file: > C_ 933942 725 1 0 > 933942 0T1552039675 > 847537Acreate_time=1552039675Alog_ident=E124D123456Arewrite_context=remoteSuser at example.comA > > Note that I redacted some of the fields. > > On Tue, 11 Jun 2019 at 23:03, Mark Sapiro wrote: > >> On 6/11/19 1:12 PM, PenguinWhispererThe . wrote: >> > >> > The E124D.... mentioned earlier is not a directory though, it's a file. >> > The file utility says it's "data". And it's located in a directory >> YYYYMMDD. >> > I thought I had a lead that the format is mbx so installed mbx2mbox but >> > I got an error that this is not an mbx or dbx file. >> > Content starts with: >> > C_ 933942 725 1 0 >> > 933942 >> > >> > If anyone would recognize this format or what format Mailscanner is >> > using for it's format that would be great. >> >> >> I'm not certain from that one line, but it could be a Postfix queue file >> in which case you should be able to just move or copy it to >> /var/spool/postfix/incoming/ after ensuring its ownership and mode are >> such that Postfix can read it. >> >> -- >> Mark Sapiro The highway is for gamblers, >> San Francisco Bay Area, California better use your sense - B. Dylan >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Tue Jun 11 21:36:30 2019 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Tue, 11 Jun 2019 17:36:30 -0400 Subject: Redelivering mail from archive (mbox format? to Maildir) In-Reply-To: References: <64a0205b-a41d-7315-ff94-28cbbe191897@msapiro.net> Message-ID: Drop this file as-is into /var/spool/postfix/hold and give ownership to postfix:mtagroup See if it gets processed. On Tue, Jun 11, 2019 at 5:25 PM PenguinWhispererThe . < th3penguinwhisperer at gmail.com> wrote: > Sorry to spam the list. This indeed seems like a postfix queue file. > I used postcat and it reads the format properly. > > However it's still unclear on how I can get this message reprocessed. > Is there anything special that I would need to be aware of when using > postfix with mailscanner to get the message queued again? > > Thanks a lot already! > > On Tue, 11 Jun 2019 at 23:14, PenguinWhispererThe . < > th3penguinwhisperer at gmail.com> wrote: > >> Thanks for the suggestion. I already tried that. Also changed the >> permissions to it now and retried. postqueue -p says the queue is empty :( >> >> If I copy paste a bit further of the file: >> C_ 933942 725 1 0 >> 933942 0T1552039675 >> 847537Acreate_time=1552039675Alog_ident=E124D123456Arewrite_context=remoteSuser at example.comA >> >> Note that I redacted some of the fields. >> >> On Tue, 11 Jun 2019 at 23:03, Mark Sapiro wrote: >> >>> On 6/11/19 1:12 PM, PenguinWhispererThe . wrote: >>> > >>> > The E124D.... mentioned earlier is not a directory though, it's a file. >>> > The file utility says it's "data". And it's located in a directory >>> YYYYMMDD. >>> > I thought I had a lead that the format is mbx so installed mbx2mbox but >>> > I got an error that this is not an mbx or dbx file. >>> > Content starts with: >>> > C_ 933942 725 1 0 >>> > 933942 >>> > >>> > If anyone would recognize this format or what format Mailscanner is >>> > using for it's format that would be great. >>> >>> >>> I'm not certain from that one line, but it could be a Postfix queue file >>> in which case you should be able to just move or copy it to >>> /var/spool/postfix/incoming/ after ensuring its ownership and mode are >>> such that Postfix can read it. >>> >>> -- >>> Mark Sapiro The highway is for gamblers, >>> San Francisco Bay Area, California better use your sense - B. Dylan >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us [image: Cybersecurity] -------------- next part -------------- An HTML attachment was scrubbed... URL: From th3penguinwhisperer at gmail.com Tue Jun 11 21:55:06 2019 From: th3penguinwhisperer at gmail.com (PenguinWhispererThe .) Date: Tue, 11 Jun 2019 23:55:06 +0200 Subject: Redelivering mail from archive (mbox format? to Maildir) In-Reply-To: References: <64a0205b-a41d-7315-ff94-28cbbe191897@msapiro.net> Message-ID: If I do that the file stays there and nothing is done. I don't see log entries for this. When restarting postfix I see this: postsuper: warning: bogus file name: hold/E124D123456.A123F So I did it again, changed ownership of the file, moved it to "hold" but removed the part after the dot. Restarted postfix. The mail seems to be delivered now. I'll have to do the same action tomorrow for another mail. Thank you very much for helping me out on this! On Tue, 11 Jun 2019 at 23:37, Shawn Iverson via MailScanner < mailscanner at lists.mailscanner.info> wrote: > Drop this file as-is into /var/spool/postfix/hold and give ownership to > postfix:mtagroup > > See if it gets processed. > > On Tue, Jun 11, 2019 at 5:25 PM PenguinWhispererThe . < > th3penguinwhisperer at gmail.com> wrote: > >> Sorry to spam the list. This indeed seems like a postfix queue file. >> I used postcat and it reads the format properly. >> >> However it's still unclear on how I can get this message reprocessed. >> Is there anything special that I would need to be aware of when using >> postfix with mailscanner to get the message queued again? >> >> Thanks a lot already! >> >> On Tue, 11 Jun 2019 at 23:14, PenguinWhispererThe . < >> th3penguinwhisperer at gmail.com> wrote: >> >>> Thanks for the suggestion. I already tried that. Also changed the >>> permissions to it now and retried. postqueue -p says the queue is empty :( >>> >>> If I copy paste a bit further of the file: >>> C_ 933942 725 1 0 >>> 933942 0T1552039675 >>> 847537Acreate_time=1552039675Alog_ident=E124D123456Arewrite_context=remoteSuser at example.comA >>> >>> Note that I redacted some of the fields. >>> >>> On Tue, 11 Jun 2019 at 23:03, Mark Sapiro wrote: >>> >>>> On 6/11/19 1:12 PM, PenguinWhispererThe . wrote: >>>> > >>>> > The E124D.... mentioned earlier is not a directory though, it's a >>>> file. >>>> > The file utility says it's "data". And it's located in a directory >>>> YYYYMMDD. >>>> > I thought I had a lead that the format is mbx so installed mbx2mbox >>>> but >>>> > I got an error that this is not an mbx or dbx file. >>>> > Content starts with: >>>> > C_ 933942 725 1 0 >>>> >>>> > 933942 >>>> > >>>> > If anyone would recognize this format or what format Mailscanner is >>>> > using for it's format that would be great. >>>> >>>> >>>> I'm not certain from that one line, but it could be a Postfix queue file >>>> in which case you should be able to just move or copy it to >>>> /var/spool/postfix/incoming/ after ensuring its ownership and mode are >>>> such that Postfix can read it. >>>> >>>> -- >>>> Mark Sapiro The highway is for gamblers, >>>> San Francisco Bay Area, California better use your sense - B. Dylan >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner at lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > -- > Shawn Iverson, CETL > Director of Technology > Rush County Schools > 765-932-3901 option 7 > iversons at rushville.k12.in.us > > [image: Cybersecurity] > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Tue Jun 11 22:14:06 2019 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Tue, 11 Jun 2019 18:14:06 -0400 Subject: Redelivering mail from archive (mbox format? to Maildir) In-Reply-To: References: <64a0205b-a41d-7315-ff94-28cbbe191897@msapiro.net> Message-ID: Drop ".A123F" from the filename. On Tue, Jun 11, 2019 at 5:55 PM PenguinWhispererThe . < th3penguinwhisperer at gmail.com> wrote: > If I do that the file stays there and nothing is done. I don't see log > entries for this. > > When restarting postfix I see this: > postsuper: warning: bogus file name: hold/E124D123456.A123F > > So I did it again, changed ownership of the file, moved it to "hold" but > removed the part after the dot. > Restarted postfix. > > The mail seems to be delivered now. > I'll have to do the same action tomorrow for another mail. > > Thank you very much for helping me out on this! > > > > On Tue, 11 Jun 2019 at 23:37, Shawn Iverson via MailScanner < > mailscanner at lists.mailscanner.info> wrote: > >> Drop this file as-is into /var/spool/postfix/hold and give ownership to >> postfix:mtagroup >> >> See if it gets processed. >> >> On Tue, Jun 11, 2019 at 5:25 PM PenguinWhispererThe . < >> th3penguinwhisperer at gmail.com> wrote: >> >>> Sorry to spam the list. This indeed seems like a postfix queue file. >>> I used postcat and it reads the format properly. >>> >>> However it's still unclear on how I can get this message reprocessed. >>> Is there anything special that I would need to be aware of when using >>> postfix with mailscanner to get the message queued again? >>> >>> Thanks a lot already! >>> >>> On Tue, 11 Jun 2019 at 23:14, PenguinWhispererThe . < >>> th3penguinwhisperer at gmail.com> wrote: >>> >>>> Thanks for the suggestion. I already tried that. Also changed the >>>> permissions to it now and retried. postqueue -p says the queue is empty :( >>>> >>>> If I copy paste a bit further of the file: >>>> C_ 933942 725 1 0 >>>> 933942 0T1552039675 >>>> 847537Acreate_time=1552039675Alog_ident=E124D123456Arewrite_context=remoteSuser at example.comA >>>> >>>> Note that I redacted some of the fields. >>>> >>>> On Tue, 11 Jun 2019 at 23:03, Mark Sapiro wrote: >>>> >>>>> On 6/11/19 1:12 PM, PenguinWhispererThe . wrote: >>>>> > >>>>> > The E124D.... mentioned earlier is not a directory though, it's a >>>>> file. >>>>> > The file utility says it's "data". And it's located in a directory >>>>> YYYYMMDD. >>>>> > I thought I had a lead that the format is mbx so installed mbx2mbox >>>>> but >>>>> > I got an error that this is not an mbx or dbx file. >>>>> > Content starts with: >>>>> > C_ 933942 725 1 0 >>>>> >>>>> > 933942 >>>>> > >>>>> > If anyone would recognize this format or what format Mailscanner is >>>>> > using for it's format that would be great. >>>>> >>>>> >>>>> I'm not certain from that one line, but it could be a Postfix queue >>>>> file >>>>> in which case you should be able to just move or copy it to >>>>> /var/spool/postfix/incoming/ after ensuring its ownership and mode are >>>>> such that Postfix can read it. >>>>> >>>>> -- >>>>> Mark Sapiro The highway is for gamblers, >>>>> San Francisco Bay Area, California better use your sense - B. Dylan >>>>> >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner at lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> >> >> -- >> Shawn Iverson, CETL >> Director of Technology >> Rush County Schools >> 765-932-3901 option 7 >> iversons at rushville.k12.in.us >> >> [image: Cybersecurity] >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us [image: Cybersecurity] -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Tue Jun 11 22:14:39 2019 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Tue, 11 Jun 2019 18:14:39 -0400 Subject: Redelivering mail from archive (mbox format? to Maildir) In-Reply-To: References: <64a0205b-a41d-7315-ff94-28cbbe191897@msapiro.net> Message-ID: Oh, you did :D On Tue, Jun 11, 2019 at 6:14 PM Shawn Iverson wrote: > Drop ".A123F" from the filename. > > On Tue, Jun 11, 2019 at 5:55 PM PenguinWhispererThe . < > th3penguinwhisperer at gmail.com> wrote: > >> If I do that the file stays there and nothing is done. I don't see log >> entries for this. >> >> When restarting postfix I see this: >> postsuper: warning: bogus file name: hold/E124D123456.A123F >> >> So I did it again, changed ownership of the file, moved it to "hold" but >> removed the part after the dot. >> Restarted postfix. >> >> The mail seems to be delivered now. >> I'll have to do the same action tomorrow for another mail. >> >> Thank you very much for helping me out on this! >> >> >> >> On Tue, 11 Jun 2019 at 23:37, Shawn Iverson via MailScanner < >> mailscanner at lists.mailscanner.info> wrote: >> >>> Drop this file as-is into /var/spool/postfix/hold and give ownership to >>> postfix:mtagroup >>> >>> See if it gets processed. >>> >>> On Tue, Jun 11, 2019 at 5:25 PM PenguinWhispererThe . < >>> th3penguinwhisperer at gmail.com> wrote: >>> >>>> Sorry to spam the list. This indeed seems like a postfix queue file. >>>> I used postcat and it reads the format properly. >>>> >>>> However it's still unclear on how I can get this message reprocessed. >>>> Is there anything special that I would need to be aware of when using >>>> postfix with mailscanner to get the message queued again? >>>> >>>> Thanks a lot already! >>>> >>>> On Tue, 11 Jun 2019 at 23:14, PenguinWhispererThe . < >>>> th3penguinwhisperer at gmail.com> wrote: >>>> >>>>> Thanks for the suggestion. I already tried that. Also changed the >>>>> permissions to it now and retried. postqueue -p says the queue is empty :( >>>>> >>>>> If I copy paste a bit further of the file: >>>>> C_ 933942 725 1 0 >>>>> 933942 0T1552039675 >>>>> 847537Acreate_time=1552039675Alog_ident=E124D123456Arewrite_context=remoteSuser at example.comA >>>>> >>>>> Note that I redacted some of the fields. >>>>> >>>>> On Tue, 11 Jun 2019 at 23:03, Mark Sapiro wrote: >>>>> >>>>>> On 6/11/19 1:12 PM, PenguinWhispererThe . wrote: >>>>>> > >>>>>> > The E124D.... mentioned earlier is not a directory though, it's a >>>>>> file. >>>>>> > The file utility says it's "data". And it's located in a directory >>>>>> YYYYMMDD. >>>>>> > I thought I had a lead that the format is mbx so installed mbx2mbox >>>>>> but >>>>>> > I got an error that this is not an mbx or dbx file. >>>>>> > Content starts with: >>>>>> > C_ 933942 725 1 0 >>>>>> >>>>>> > 933942 >>>>>> > >>>>>> > If anyone would recognize this format or what format Mailscanner is >>>>>> > using for it's format that would be great. >>>>>> >>>>>> >>>>>> I'm not certain from that one line, but it could be a Postfix queue >>>>>> file >>>>>> in which case you should be able to just move or copy it to >>>>>> /var/spool/postfix/incoming/ after ensuring its ownership and mode are >>>>>> such that Postfix can read it. >>>>>> >>>>>> -- >>>>>> Mark Sapiro The highway is for gamblers, >>>>>> San Francisco Bay Area, California better use your sense - B. Dylan >>>>>> >>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner at lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner at lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> >>> >>> -- >>> Shawn Iverson, CETL >>> Director of Technology >>> Rush County Schools >>> 765-932-3901 option 7 >>> iversons at rushville.k12.in.us >>> >>> [image: Cybersecurity] >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > -- > Shawn Iverson, CETL > Director of Technology > Rush County Schools > 765-932-3901 option 7 > iversons at rushville.k12.in.us > > [image: Cybersecurity] > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us [image: Cybersecurity] -------------- next part -------------- An HTML attachment was scrubbed... URL: From lmilligan at co.walton.ga.us Wed Jun 12 12:48:00 2019 From: lmilligan at co.walton.ga.us (Lamar Milligan) Date: Wed, 12 Jun 2019 08:48:00 -0400 (EDT) Subject: Mail from Outside our Domain not Stored In-Reply-To: <25d214b7-798d-caac-0f7e-60b17b2c90c3@msapiro.net> References: <033101d5208c$f3052a90$d90f7fb0$@co.walton.ga.us> <25d214b7-798d-caac-0f7e-60b17b2c90c3@msapiro.net> Message-ID: <039901d5211d$105c72c0$31155840$@co.walton.ga.us> -----Original Message----- From: MailScanner On Behalf Of Mark Sapiro Sent: Tuesday, June 11, 2019 3:47 PM To: mailscanner at lists.mailscanner.info Subject: Re: Mail from Outside our Domain not Stored On 6/11/19 12:36 PM, Lamar Milligan via MailScanner wrote: > Email from outside our domain are not stored in the quarantine folders. Is MailScanner invoked at all on these mails? If it is, it would seem from your settings that the mail should be stored. All emails are listed in the MailWatch 1.2.9 interface to MailScanner. Is there some ruleset that exempts non-local mail? No, all email should be scanned, and SpamAssassin scores both incoming and outgoing email. Does the delivery path for non-local mail invoke MailScanner? > If email originates from our domain it is processed as expected, both > stored and delivered to recipients. MailScanner runs on a mail > gateway running sendmail. All users have entries in the /etc/aliases > file that actually delivers email to accounts on our Zimbra server. I > suspect that is the reason for this behavior, but would really > appreciate input from others. > > The following are set in the MailScanner.conf file: > Spam Actions = store header "X-Spam-Status: Yes" > High Scoring Spam Actions = store header "X-Spam-Status: Oh Yes" > Non Spam Actions = store deliver header "X-Spam-Status: No" -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From lmilligan at co.walton.ga.us Wed Jun 12 12:48:05 2019 From: lmilligan at co.walton.ga.us (Lamar Milligan) Date: Wed, 12 Jun 2019 08:48:05 -0400 (EDT) Subject: Mail from Outside our Domain not Stored In-Reply-To: <201906112146.13299.Antony.Stone@mailscanner.open.source.it> References: <033101d5208c$f3052a90$d90f7fb0$@co.walton.ga.us> <201906112146.13299.Antony.Stone@mailscanner.open.source.it> Message-ID: <039a01d5211d$137d88e0$3a789aa0$@co.walton.ga.us> -----Original Message----- From: MailScanner On Behalf Of Antony Stone Sent: Tuesday, June 11, 2019 3:46 PM To: MailScanner Discussion Subject: Re: Mail from Outside our Domain not Stored On Tuesday 11 June 2019 at 21:36:22, Lamar Milligan via MailScanner wrote: > Email from outside our domain are not stored in the quarantine folders. > If email originates from our domain it is processed as expected, both > stored and delivered to recipients. MailScanner runs on a mail > gateway running sendmail. All users have entries in the /etc/aliases > file that actually delivers email to accounts on our Zimbra server. I > suspect that is the reason for this behavior, but would really > appreciate input from others. Please describe the network layout between: - clients sending & receiving mail - the "mail gateway" running sendmail and MailScanner - the Zimbra server - the Internet connection What's most important is to explain the route email takes: 1 - from a client, via MailScanner, to the outside world Our client email touches the following systems in this order: Zimbra -> sendmail -> MailScanner -> internet gateway or quarantine 2 - from the outside world, via MailScanner, to the client Internet gateway -> sendmail -> MailScanner -> Zimbra or quarantine If the email originated from our clients, the message is stored and can be viewed or released from within MailWatch (1.2.9) If the email originated from outside our domain, the message is logged in MailWatch, but cannot be viewed or released. I searched the quarantine folder for the message ID and found nothing stored. Regards, Antony. -- Tinned food was developed for the British Navy in 1813. The tin opener was not invented until 1858. Please reply to the list; please *don't* CC me. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From Antony.Stone at mailscanner.open.source.it Wed Jun 12 12:57:48 2019 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Wed, 12 Jun 2019 14:57:48 +0200 Subject: Mail from Outside our Domain not Stored In-Reply-To: <039a01d5211d$137d88e0$3a789aa0$@co.walton.ga.us> References: <033101d5208c$f3052a90$d90f7fb0$@co.walton.ga.us> <201906112146.13299.Antony.Stone@mailscanner.open.source.it> <039a01d5211d$137d88e0$3a789aa0$@co.walton.ga.us> Message-ID: <201906121457.48166.Antony.Stone@mailscanner.open.source.it> On Wednesday 12 June 2019 at 14:48:05, Lamar Milligan via MailScanner wrote: > -----Original Message----- > From: Antony Stone > Sent: Tuesday, June 11, 2019 3:46 PM > To: MailScanner Discussion > Subject: Re: Mail from Outside our Domain not Stored > > Please describe the network layout between: > > - clients sending & receiving mail > - the "mail gateway" running sendmail and MailScanner > - the Zimbra server > - the Internet connection > > What's most important is to explain the route email takes: > > 1 - from a client, via MailScanner, to the outside world > > Our client email touches the following systems in this order: > > Zimbra -> sendmail -> MailScanner -> internet gateway or quarantine Okay, that matches what I see in the headers of your email to this list. > 2 - from the outside world, via MailScanner, to the client > > Internet gateway -> sendmail -> MailScanner -> Zimbra or quarantine Could you perhaps paste the full headers of this reply to you, as you receive it from the list, so we can see the flow you describe? Thanks, Antony. -- "It is easy to be blinded to the essential uselessness of them by the sense of achievement you get from getting them to work at all. In other words - and this is the rock solid principle on which the whole of the Corporation's Galaxy-wide success is founded - their fundamental design flaws are completely hidden by their superficial design flaws." - Douglas Noel Adams Please reply to the list; please *don't* CC me. From lmilligan at co.walton.ga.us Wed Jun 12 13:07:19 2019 From: lmilligan at co.walton.ga.us (Lamar Milligan) Date: Wed, 12 Jun 2019 09:07:19 -0400 (EDT) Subject: Mail from Outside our Domain not Stored In-Reply-To: <201906121457.48166.Antony.Stone@mailscanner.open.source.it> References: <033101d5208c$f3052a90$d90f7fb0$@co.walton.ga.us> <201906112146.13299.Antony.Stone@mailscanner.open.source.it> <039a01d5211d$137d88e0$3a789aa0$@co.walton.ga.us> <201906121457.48166.Antony.Stone@mailscanner.open.source.it> Message-ID: <03a301d5211f$c349bcb0$49dd3610$@co.walton.ga.us> > -----Original Message----- > From: MailScanner bounces+lmilligan=co.walton.ga.us at lists.mailscanner.info> On Behalf Of > Antony Stone > Sent: Wednesday, June 12, 2019 8:58 AM > To: MailScanner Discussion > Subject: Re: Mail from Outside our Domain not Stored > > On Wednesday 12 June 2019 at 14:48:05, Lamar Milligan via MailScanner > wrote: > > > -----Original Message----- > > From: Antony Stone > > Sent: Tuesday, June 11, 2019 3:46 PM > > To: MailScanner Discussion > > Subject: Re: Mail from Outside our Domain not Stored > > > > Please describe the network layout between: > > > > - clients sending & receiving mail > > - the "mail gateway" running sendmail and MailScanner > > - the Zimbra server > > - the Internet connection > > > > What's most important is to explain the route email takes: > > > > 1 - from a client, via MailScanner, to the outside world > > > > Our client email touches the following systems in this order: > > > > Zimbra -> sendmail -> MailScanner -> internet gateway or quarantine > > Okay, that matches what I see in the headers of your email to this list. > > > 2 - from the outside world, via MailScanner, to the client > > > > Internet gateway -> sendmail -> MailScanner -> Zimbra or quarantine > > Could you perhaps paste the full headers of this reply to you, as you receive > it from the list, so we can see the flow you describe? > Thanks so much for your help! Headers follow: X-Zimbra-ItemId: 555075 X-Zimbra-FolderId: 34151 X-Zimbra-Tags: X-Zimbra-Tag-Names: X-Zimbra-Flags: u X-Zimbra-Received: 1560344301000 X-Zimbra-Modified: 1560344301000 X-Zimbra-Change: 1622010 X-Zimbra-Revision: 1622010 X-Zimbra-Conv: 554856 Return-Path: mailscanner-bounces+lmilligan=co.walton.ga.us at lists.mailscanner.info Received: from zimbra1.co.walton.ga.us (LHLO zimbra1.co.walton.ga.us) (192.168.32.47) by zimbra1.co.walton.ga.us with LMTP; Wed, 12 Jun 2019 08:58:21 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by zimbra1.co.walton.ga.us (Postfix) with ESMTP id 34B60E17E0 for ; Wed, 12 Jun 2019 08:58:21 -0400 (EDT) X-Spam-Flag: NO X-Spam-Score: 3.451 X-Spam-Level: *** X-Spam-Status: No, score=3.451 required=6 tests=[ALL_TRUSTED=-1, BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, LOCAL_COUNTRY=2.2, LOCAL_NOTFROM_TTLD=2.2, MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.001] autolearn=no autolearn_force=no Authentication-Results: zimbra1.co.walton.ga.us (amavisd-new); dkim=pass (1024-bit key) header.d=mailscanner.info Received: from zimbra1.co.walton.ga.us ([127.0.0.1]) by localhost (zimbra1.co.walton.ga.us [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id IAb5cgL0iY1V for ; Wed, 12 Jun 2019 08:58:19 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by zimbra1.co.walton.ga.us (Postfix) with ESMTP id A83A5E17E1 for ; Wed, 12 Jun 2019 08:58:19 -0400 (EDT) X-Virus-Scanned: amavisd-new at zimbra1.co.walton.ga.us Received: from zimbra1.co.walton.ga.us ([127.0.0.1]) by localhost (zimbra1.co.walton.ga.us [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id mqbKVMcOi3lP for ; Wed, 12 Jun 2019 08:58:19 -0400 (EDT) Received: from mail.co.walton.ga.us (mail.co.walton.ga.us [192.168.40.2]) by zimbra1.co.walton.ga.us (Postfix) with ESMTPS id 203C9E17E0 for ; Wed, 12 Jun 2019 08:58:19 -0400 (EDT) X-WaltonCountyITDept-sendmail-Watermark: 1560949091.80167 at FJ8m24fBRzhG94806ypJvw X-WaltonCountyITDept-MailScanner-From: mailscanner-bounces+lmilligan=co.walton.ga.us at lists.mailscanner.info X-WaltonCountyITDept-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-10.15, required 5, autolearn=not spam, BAYES_00 -1.90, DKIM_SIGNED 0.10, DKIM_VALID -0.10, HEADER_FROM_DIFFERENT_DOMAINS 0.25, MAILING_LIST_MULTI -1.00, SPF_HELO_NONE 0.00, SPF_PASS -0.00, USER_IN_DEF_SPF_WL -7.50) X-WaltonCountyITDept-MailScanner: Found to be clean X-WaltonCountyITDept-MailScanner-ID: x5CCwAt3017923 X-WaltonCountyITDept-MailScanner-Information: Please contact the ISP for more information Received: from ms1.mailscanner.info (ms1.mailscanner.info [52.73.170.51]) by mail.co.walton.ga.us (8.14.4/8.14.4) with ESMTP id x5CCwAt3017923 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 12 Jun 2019 08:58:10 -0400 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.co.walton.ga.us x5CCwAt3017923 Authentication-Results: mail.co.walton.ga.us; dkim=pass (1024-bit key) header.d=mailscanner.info header.i=@mailscanner.info header.b="UEph2nLe" Received: from ms1.mailscanner.info (localhost [127.0.0.1]) by ms1.mailscanner.info (Postfix) with ESMTP id A899C121934 for ; Wed, 12 Jun 2019 12:58:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailscanner.info; s=t215; t=1560344300; bh=DBZyLxezN8UxcQsLzez0iBaX8OGBfkd/vqY3r7TFb5g=; h=From:To:Subject:Date:References:In-Reply-To:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Reply-To:From; b=UEph2nLeNw34KPHfIDRRlc84e2XANMedkS9ldHZMWGs3fO3wk+R1v6KMe65clkNHq Ml23cRK6XvmcLx+/Ylz/jjquyt8kfW/gH6uqOjoXQ7OwW0HKl6+GBxNIhsq0kgG8o/ FFCZ+oGcGE82zwDRIT4Abl6qNBqRrFAKzACzB1WE= X-Original-To: mailscanner at lists.mailscanner.info Delivered-To: mailscanner at lists.mailscanner.info Received: from formal.dehy.de (formal.dehy.de [81.169.166.228]) by ms1.mailscanner.info (Postfix) with ESMTPS id 3AE111204AE for ; Wed, 12 Jun 2019 12:58:06 +0000 (UTC) Received: from pikantus.localnet (cable-78-34-78-128.nc.de [78.34.78.128]) by formal.dehy.de (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id x5CCvrWc019179 for ; Wed, 12 Jun 2019 14:57:53 +0200 From: Antony Stone Organization: Open Source IT To: MailScanner Discussion Subject: Re: Mail from Outside our Domain not Stored Date: Wed, 12 Jun 2019 14:57:48 +0200 User-Agent: KMail/1.13.7 (Linux/3.2.0-4-amd64; KDE/4.8.4; x86_64; ; ) References: <033101d5208c$f3052a90$d90f7fb0$@co.walton.ga.us> <201906112146.13299.Antony.Stone at mailscanner.open.source.it> <039a01d5211d$137d88e0$3a789aa0$@co.walton.ga.us> In-Reply-To: <039a01d5211d$137d88e0$3a789aa0$@co.walton.ga.us> X-From: pikantus MIME-Version: 1.0 Message-Id: <201906121457.48166.Antony.Stone at mailscanner.open.source.it> X-Greylist: Sender DNS name whitelisted, not delayed by milter-greylist-3.0 (formal.dehy.de [81.169.166.228]); Wed, 12 Jun 2019 14:57:53 +0200 (CEST) X-BeenThere: mailscanner at lists.mailscanner.info X-Mailman-Version: 2.1.29 Precedence: list List-Id: MailScanner Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: MailScanner Discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: mailscanner-bounces+lmilligan=co.walton.ga.us at lists.mailscanner.info Sender: "MailScanner" > Thanks, > > > Antony. > > -- > "It is easy to be blinded to the essential uselessness of them by the sense of > achievement you get from getting them to work at all. In other words - and > this is the rock solid principle on which the whole of the Corporation's Galaxy- > wide success is founded - their fundamental design flaws are completely > hidden by their superficial design flaws." > > - Douglas Noel Adams > > Please reply to the list; > please *don't* CC me. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner From Antony.Stone at mailscanner.open.source.it Wed Jun 12 14:59:45 2019 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Wed, 12 Jun 2019 16:59:45 +0200 Subject: Mail from Outside our Domain not Stored In-Reply-To: <03a301d5211f$c349bcb0$49dd3610$@co.walton.ga.us> References: <033101d5208c$f3052a90$d90f7fb0$@co.walton.ga.us> <201906121457.48166.Antony.Stone@mailscanner.open.source.it> <03a301d5211f$c349bcb0$49dd3610$@co.walton.ga.us> Message-ID: <201906121659.45786.Antony.Stone@mailscanner.open.source.it> On Wednesday 12 June 2019 at 15:07:19, Lamar Milligan via MailScanner wrote: > > -----Original Message----- > > From: Antony Stone > > Sent: Wednesday, June 12, 2019 8:58 AM > > To: MailScanner Discussion > > Subject: Re: Mail from Outside our Domain not Stored > > > > Could you perhaps paste the full headers of this reply to you, as you > > receive it from the list, so we can see the flow you describe? Well, these certainly prove that your inbound mail is going via MailScanner: > Received: from mail.co.walton.ga.us (mail.co.walton.ga.us [192.168.40.2]) > by zimbra1.co.walton.ga.us (Postfix) with ESMTPS id 203C9E17E0 > for ; Wed, 12 Jun 2019 08:58:19 > -0400 (EDT) > X-WaltonCountyITDept-sendmail-Watermark: > 1560949091.80167 at FJ8m24fBRzhG94806ypJvw > X-WaltonCountyITDept-MailScanner-From: > mailscanner-bounces+lmilligan=co.walton.ga.us at lists.mailscanner.info > X-WaltonCountyITDept-MailScanner-SpamCheck: not spam, > SpamAssassin (not cached, score=-10.15, required 5, > autolearn=not spam, BAYES_00 -1.90, DKIM_SIGNED 0.10, > DKIM_VALID -0.10, HEADER_FROM_DIFFERENT_DOMAINS 0.25, > MAILING_LIST_MULTI -1.00, SPF_HELO_NONE 0.00, SPF_PASS -0.00, > USER_IN_DEF_SPF_WL -7.50) > X-WaltonCountyITDept-MailScanner: Found to be clean > X-WaltonCountyITDept-MailScanner-ID: x5CCwAt3017923 > X-WaltonCountyITDept-MailScanner-Information: Please contact the ISP for > more information > Received: from ms1.mailscanner.info (ms1.mailscanner.info [52.73.170.51]) > by mail.co.walton.ga.us (8.14.4/8.14.4) with ESMTP id > x5CCwAt3017923 > (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 > verify=NO) > for ; Wed, 12 Jun 2019 08:58:10 -0400 So, we're back to wondering why your MS configuration is causing inbound emails to be scanned but not stored... You've already said that you have: Spam Actions = store header "X-Spam-Status: Yes" High Scoring Spam Actions = store header "X-Spam-Status: Oh Yes" Non Spam Actions = store deliver header "X-Spam-Status: No" The only bit that puzzles me about this (and hopefully someone else can comment if I'm completely wrong about this) is the positioning of the "X-Spam- Status" header in your received email - it comes *above* the Received header showing the mail passing from MailScanner to Zimbra, whereas I would have expected to see it amongst the "X-WaltonCountyITDept-MailScanner..." headers. But anyway, it's clear that MS is scanning the mail - maybe you could post the remainder of your mailscanner.conf (omit comments and blank lines) so we can see if there's something odd there? Antony. -- "Life is just a lot better if you feel you're having 10 [small] wins a day rather than a [big] win every 10 years or so." - Chris Hadfield, former skiing (and ski racing) instructor Please reply to the list; please *don't* CC me. From lmilligan at co.walton.ga.us Wed Jun 12 18:07:12 2019 From: lmilligan at co.walton.ga.us (Lamar Milligan) Date: Wed, 12 Jun 2019 14:07:12 -0400 (EDT) Subject: Mail from Outside our Domain not Stored In-Reply-To: <201906121659.45786.Antony.Stone@mailscanner.open.source.it> References: <033101d5208c$f3052a90$d90f7fb0$@co.walton.ga.us> <201906121457.48166.Antony.Stone@mailscanner.open.source.it> <03a301d5211f$c349bcb0$49dd3610$@co.walton.ga.us> <201906121659.45786.Antony.Stone@mailscanner.open.source.it> Message-ID: <040101d52149$a90bf500$fb23df00$@co.walton.ga.us> > -----Original Message----- > From: MailScanner bounces+lmilligan=co.walton.ga.us at lists.mailscanner.info> On Behalf Of > Antony Stone > Sent: Wednesday, June 12, 2019 11:00 AM > To: MailScanner Discussion > Subject: Re: Mail from Outside our Domain not Stored > > On Wednesday 12 June 2019 at 15:07:19, Lamar Milligan via MailScanner > wrote: > > > > -----Original Message----- > > > From: Antony Stone > > > Sent: Wednesday, June 12, 2019 8:58 AM > > > To: MailScanner Discussion > > > Subject: Re: Mail from Outside our Domain not Stored > > > > > > Could you perhaps paste the full headers of this reply to you, as > > > you receive it from the list, so we can see the flow you describe? > > Well, these certainly prove that your inbound mail is going via MailScanner: > > > Received: from mail.co.walton.ga.us (mail.co.walton.ga.us [192.168.40.2]) > > by zimbra1.co.walton.ga.us (Postfix) with ESMTPS id 203C9E17E0 > > for ; Wed, 12 Jun 2019 08:58:19 > > -0400 (EDT) > > X-WaltonCountyITDept-sendmail-Watermark: > > 1560949091.80167 at FJ8m24fBRzhG94806ypJvw > > X-WaltonCountyITDept-MailScanner-From: > > mailscanner-bounces+lmilligan=co.walton.ga.us at lists.mailscanner.info > > X-WaltonCountyITDept-MailScanner-SpamCheck: not spam, > > SpamAssassin (not cached, score=-10.15, required 5, > > autolearn=not spam, BAYES_00 -1.90, DKIM_SIGNED 0.10, > > DKIM_VALID -0.10, HEADER_FROM_DIFFERENT_DOMAINS 0.25, > > MAILING_LIST_MULTI -1.00, SPF_HELO_NONE 0.00, SPF_PASS -0.00, > > USER_IN_DEF_SPF_WL -7.50) > > X-WaltonCountyITDept-MailScanner: Found to be clean > > X-WaltonCountyITDept-MailScanner-ID: x5CCwAt3017923 > > X-WaltonCountyITDept-MailScanner-Information: Please contact the ISP > > for more information > > Received: from ms1.mailscanner.info (ms1.mailscanner.info [52.73.170.51]) > > by mail.co.walton.ga.us (8.14.4/8.14.4) with ESMTP id > > x5CCwAt3017923 > > (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 > bits=256 > > verify=NO) > > for ; Wed, 12 Jun 2019 08:58:10 -0400 > > So, we're back to wondering why your MS configuration is causing inbound > emails to be scanned but not stored... > > You've already said that you have: > > Spam Actions = store header "X-Spam-Status: Yes" > High Scoring Spam Actions = store header "X-Spam-Status: Oh Yes" > Non Spam Actions = store deliver header "X-Spam-Status: No" > > The only bit that puzzles me about this (and hopefully someone else can > comment if I'm completely wrong about this) is the positioning of the "X- > Spam- Status" header in your received email - it comes *above* the > Received header showing the mail passing from MailScanner to Zimbra, > whereas I would have expected to see it amongst the "X- > WaltonCountyITDept-MailScanner..." headers. > > But anyway, it's clear that MS is scanning the mail - maybe you could post the > remainder of your mailscanner.conf (omit comments and blank lines) so we > can see if there's something odd there? > > > Antony. > I have attached the config file you requested. Thanks again for your help with this, Lamar > -- > "Life is just a lot better if you feel you're having 10 [small] wins a day rather > than a [big] win every 10 years or so." > > - Chris Hadfield, former skiing (and ski racing) instructor > > Please reply to the list; > please *don't* CC me. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- A non-text attachment was scrubbed... Name: MyMailScanner.conf Type: application/octet-stream Size: 13636 bytes Desc: not available URL: From Antony.Stone at mailscanner.open.source.it Wed Jun 12 19:26:27 2019 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Wed, 12 Jun 2019 21:26:27 +0200 Subject: Mail from Outside our Domain not Stored In-Reply-To: <040101d52149$a90bf500$fb23df00$@co.walton.ga.us> References: <033101d5208c$f3052a90$d90f7fb0$@co.walton.ga.us> <201906121659.45786.Antony.Stone@mailscanner.open.source.it> <040101d52149$a90bf500$fb23df00$@co.walton.ga.us> Message-ID: <201906122126.27241.Antony.Stone@mailscanner.open.source.it> On Wednesday 12 June 2019 at 20:07:12, Lamar Milligan via MailScanner wrote: > > -----Original Message----- > > From: Antony Stone > > Sent: Wednesday, June 12, 2019 11:00 AM > > To: MailScanner Discussion > > Subject: Re: Mail from Outside our Domain not Stored > > But anyway, it's clear that MS is scanning the mail - maybe you could > > post the remainder of your mailscanner.conf (omit comments and blank > > lines) so we can see if there's something odd there? > I have attached the config file you requested. Thanks again for your help > with this, Well, I hope someone else can spot something in that config which is suspiciously likely to cause the behaviour you're noticing, because I can't :( I don't suppose you have anything in /etc/MailScanner/conf.d/ do you? Antony. -- I thought I had type A blood, but it turned out to be a typo. Please reply to the list; please *don't* CC me. From lmilligan at co.walton.ga.us Wed Jun 12 20:30:23 2019 From: lmilligan at co.walton.ga.us (Lamar Milligan) Date: Wed, 12 Jun 2019 16:30:23 -0400 (EDT) Subject: Mail from Outside our Domain not Stored In-Reply-To: <201906122126.27241.Antony.Stone@mailscanner.open.source.it> References: <033101d5208c$f3052a90$d90f7fb0$@co.walton.ga.us> <201906121659.45786.Antony.Stone@mailscanner.open.source.it> <040101d52149$a90bf500$fb23df00$@co.walton.ga.us> <201906122126.27241.Antony.Stone@mailscanner.open.source.it> Message-ID: <042701d5215d$a9e7e600$fdb7b200$@co.walton.ga.us> > -----Original Message----- > From: MailScanner bounces+lmilligan=co.walton.ga.us at lists.mailscanner.info> On Behalf Of > Antony Stone > Sent: Wednesday, June 12, 2019 3:26 PM > To: MailScanner Discussion > Subject: Re: Mail from Outside our Domain not Stored > > On Wednesday 12 June 2019 at 20:07:12, Lamar Milligan via MailScanner > wrote: > > > > -----Original Message----- > > > From: Antony Stone > > > Sent: Wednesday, June 12, 2019 11:00 AM > > > To: MailScanner Discussion > > > Subject: Re: Mail from Outside our Domain not Stored > > > > But anyway, it's clear that MS is scanning the mail - maybe you > > > could post the remainder of your mailscanner.conf (omit comments and > > > blank > > > lines) so we can see if there's something odd there? > > > I have attached the config file you requested. Thanks again for your > > help with this, > > Well, I hope someone else can spot something in that config which is > suspiciously likely to cause the behaviour you're noticing, because I can't :( > > I don't suppose you have anything in /etc/MailScanner/conf.d/ do you? > > > Antony. > Nothing in conf.d but a README file. :-[ > -- > I thought I had type A blood, but it turned out to be a typo. > > Please reply to the list; > please *don't* CC me. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner From iversons at rushville.k12.in.us Wed Jun 12 20:32:28 2019 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Wed, 12 Jun 2019 16:32:28 -0400 Subject: Mail from Outside our Domain not Stored In-Reply-To: <040101d52149$a90bf500$fb23df00$@co.walton.ga.us> References: <033101d5208c$f3052a90$d90f7fb0$@co.walton.ga.us> <201906121457.48166.Antony.Stone@mailscanner.open.source.it> <03a301d5211f$c349bcb0$49dd3610$@co.walton.ga.us> <201906121659.45786.Antony.Stone@mailscanner.open.source.it> <040101d52149$a90bf500$fb23df00$@co.walton.ga.us> Message-ID: I do see a subtle clue... 1) The "X-Spam-Status: No" is actually not present. "X-Spam-Flag: NO" is actually coming from amavisd-new on the next hop (the Zimbra mail server itself, I think) and hence why it is so far up in the Received chain. 2) Becuase X-Spam-Status is not there, the Non Spam Actions appears to have been ignored for some reason. At this point, we are going to need a maillog of an inbound message that fails to get quarantined, along with a maillog of an outbound message that is being quarantined for further clues. On Wed, Jun 12, 2019 at 2:08 PM Lamar Milligan via MailScanner < mailscanner at lists.mailscanner.info> wrote: > > -----Original Message----- > > From: MailScanner > bounces+lmilligan=co.walton.ga.us at lists.mailscanner.info> On Behalf Of > > Antony Stone > > Sent: Wednesday, June 12, 2019 11:00 AM > > To: MailScanner Discussion > > Subject: Re: Mail from Outside our Domain not Stored > > > > On Wednesday 12 June 2019 at 15:07:19, Lamar Milligan via MailScanner > > wrote: > > > > > > -----Original Message----- > > > > From: Antony Stone > > > > Sent: Wednesday, June 12, 2019 8:58 AM > > > > To: MailScanner Discussion > > > > Subject: Re: Mail from Outside our Domain not Stored > > > > > > > > Could you perhaps paste the full headers of this reply to you, as > > > > you receive it from the list, so we can see the flow you describe? > > > > Well, these certainly prove that your inbound mail is going via > MailScanner: > > > > > Received: from mail.co.walton.ga.us (mail.co.walton.ga.us > [192.168.40.2]) > > > by zimbra1.co.walton.ga.us (Postfix) with ESMTPS id 203C9E17E0 > > > for ; Wed, 12 Jun 2019 08:58:19 > > > -0400 (EDT) > > > X-WaltonCountyITDept-sendmail-Watermark: > > > 1560949091.80167 at FJ8m24fBRzhG94806ypJvw > > > X-WaltonCountyITDept-MailScanner-From: > > > mailscanner-bounces+lmilligan=co.walton.ga.us at lists.mailscanner.info > > > X-WaltonCountyITDept-MailScanner-SpamCheck: not spam, > > > SpamAssassin (not cached, score=-10.15, required 5, > > > autolearn=not spam, BAYES_00 -1.90, DKIM_SIGNED 0.10, > > > DKIM_VALID -0.10, HEADER_FROM_DIFFERENT_DOMAINS 0.25, > > > MAILING_LIST_MULTI -1.00, SPF_HELO_NONE 0.00, SPF_PASS -0.00, > > > USER_IN_DEF_SPF_WL -7.50) > > > X-WaltonCountyITDept-MailScanner: Found to be clean > > > X-WaltonCountyITDept-MailScanner-ID: x5CCwAt3017923 > > > X-WaltonCountyITDept-MailScanner-Information: Please contact the ISP > > > for more information > > > Received: from ms1.mailscanner.info (ms1.mailscanner.info > [52.73.170.51]) > > > by mail.co.walton.ga.us (8.14.4/8.14.4) with ESMTP id > > > x5CCwAt3017923 > > > (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 > > bits=256 > > > verify=NO) > > > for ; Wed, 12 Jun 2019 08:58:10 -0400 > > > > So, we're back to wondering why your MS configuration is causing inbound > > emails to be scanned but not stored... > > > > You've already said that you have: > > > > Spam Actions = store header "X-Spam-Status: Yes" > > High Scoring Spam Actions = store header "X-Spam-Status: Oh Yes" > > Non Spam Actions = store deliver header "X-Spam-Status: No" > > > > The only bit that puzzles me about this (and hopefully someone else can > > comment if I'm completely wrong about this) is the positioning of the > "X- > > Spam- Status" header in your received email - it comes *above* the > > Received header showing the mail passing from MailScanner to Zimbra, > > whereas I would have expected to see it amongst the "X- > > WaltonCountyITDept-MailScanner..." headers. > > > > But anyway, it's clear that MS is scanning the mail - maybe you could > post the > > remainder of your mailscanner.conf (omit comments and blank lines) so we > > can see if there's something odd there? > > > > > > Antony. > > > > I have attached the config file you requested. Thanks again for your help > with this, > > Lamar > > > -- > > "Life is just a lot better if you feel you're having 10 [small] wins a > day rather > > than a [big] win every 10 years or so." > > > > - Chris Hadfield, former skiing (and ski racing) instructor > > > > Please reply to the > list; > > please *don't* > CC me. > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us [image: Cybersecurity] -------------- next part -------------- An HTML attachment was scrubbed... URL: From Antony.Stone at mailscanner.open.source.it Wed Jun 12 21:09:29 2019 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Wed, 12 Jun 2019 23:09:29 +0200 Subject: Mail from Outside our Domain not Stored In-Reply-To: References: <033101d5208c$f3052a90$d90f7fb0$@co.walton.ga.us> <040101d52149$a90bf500$fb23df00$@co.walton.ga.us> Message-ID: <201906122309.29569.Antony.Stone@mailscanner.open.source.it> On Wednesday 12 June 2019 at 22:32:28, Shawn Iverson via MailScanner wrote: > I do see a subtle clue... > > 1) The "X-Spam-Status: No" is actually not present. Erm, yes it is? X-Spam-Status: No, score=3.451 required=6 tests=[ALL_TRUSTED=-1,BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,HEADER_FROM_DIFFERENT_DOMAINS=0.25, LOCAL_COUNTRY=2.2, LOCAL_NOTFROM_TTLD=2.2, MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.001] autolearn=no autolearn_force=no > "X-Spam-Flag: NO" is actually coming from amavisd-new on the next hop (the > Zimbra mail server itself, I think) and hence why it is so far up in the > Received chain. Indeed - that's different. > 2) Becuase X-Spam-Status is not there, the Non Spam Actions appears to have > been ignored for some reason. I'm not so sure (but then again I'm not at all sure about this one). > At this point, we are going to need a maillog of an inbound message that > fails to get quarantined, along with a maillog of an outbound message that > is being quarantined for further clues. Sounds good to me. Antony. -- "Remember: the S in IoT stands for Security." - Jan-Piet Mens Please reply to the list; please *don't* CC me. From iversons at rushville.k12.in.us Wed Jun 12 23:34:28 2019 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Wed, 12 Jun 2019 19:34:28 -0400 Subject: Mail from Outside our Domain not Stored In-Reply-To: <201906122309.29569.Antony.Stone@mailscanner.open.source.it> References: <033101d5208c$f3052a90$d90f7fb0$@co.walton.ga.us> <040101d52149$a90bf500$fb23df00$@co.walton.ga.us> <201906122309.29569.Antony.Stone@mailscanner.open.source.it> Message-ID: Hehe, missed that line, so the line is being read, this is very bizzare... In any case, maillogs are going to be the next logical step. On Wed, Jun 12, 2019 at 5:09 PM Antony Stone < Antony.Stone at mailscanner.open.source.it> wrote: > On Wednesday 12 June 2019 at 22:32:28, Shawn Iverson via MailScanner wrote: > > > I do see a subtle clue... > > > > 1) The "X-Spam-Status: No" is actually not present. > > Erm, yes it is? > > X-Spam-Status: No, score=3.451 required=6 > tests=[ALL_TRUSTED=-1,BAYES_50=0.8, > DKIM_SIGNED=0.1, > DKIM_VALID=-0.1,HEADER_FROM_DIFFERENT_DOMAINS=0.25, > LOCAL_COUNTRY=2.2, LOCAL_NOTFROM_TTLD=2.2, MAILING_LIST_MULTI=-1, > SPF_HELO_NONE=0.001] autolearn=no autolearn_force=no > > > "X-Spam-Flag: NO" is actually coming from amavisd-new on the next hop > (the > > Zimbra mail server itself, I think) and hence why it is so far up in the > > Received chain. > > Indeed - that's different. > > > 2) Becuase X-Spam-Status is not there, the Non Spam Actions appears to > have > > been ignored for some reason. > > I'm not so sure (but then again I'm not at all sure about this one). > > > At this point, we are going to need a maillog of an inbound message that > > fails to get quarantined, along with a maillog of an outbound message > that > > is being quarantined for further clues. > > Sounds good to me. > > > Antony. > > -- > "Remember: the S in IoT stands for Security." > > - Jan-Piet Mens > > Please reply to the > list; > please *don't* CC > me. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us [image: Cybersecurity] -------------- next part -------------- An HTML attachment was scrubbed... URL: From lmilligan at co.walton.ga.us Thu Jun 13 13:15:55 2019 From: lmilligan at co.walton.ga.us (Lamar Milligan) Date: Thu, 13 Jun 2019 09:15:55 -0400 (EDT) Subject: Mail from Outside our Domain not Stored In-Reply-To: References: <033101d5208c$f3052a90$d90f7fb0$@co.walton.ga.us> <040101d52149$a90bf500$fb23df00$@co.walton.ga.us> <201906122309.29569.Antony.Stone@mailscanner.open.source.it> Message-ID: <002401d521ea$22468b10$66d3a130$@co.walton.ga.us> Here are maillog extracts from our sendmail server for messages to and from my Gmail account. I did hide my Gmail address in the logs. [root at mail log]# grep address maillog|grep Jun\ 13 Jun 13 08:51:35 mail sendmail[29638]: x5DCpZVS029638: to=
, delay=00:00:00, mailer=esmtp, pri=35430, stat=queued Jun 13 08:51:37 mail MailScanner[20868]: Delivery of nonspam: message x5DCpZVS029638 from lmilligan at co.walton.ga.us to address at gmail.com with subject Test Message Jun 13 08:52:37 mail sendmail[29653]: x5DCpZVS029638: to=< address at gmail.com>, delay=00:01:02, xdelay=00:01:00, mailer=esmtp, pri=125430, relay=gmail-smtp-in.l.google.com. [64.233.185.27], dsn=2.0.0, stat=Sent (OK 1560430357 a64si1019447yba.91 - gsmtp) Jun 13 08:53:23 mail sendmail[29857]: x5DCrN44029857: from=< address at gmail.com>, size=4489, class=0, nrcpts=1, msgid=, proto=ESMTP, daemon=MTA, relay=mail-qk1-f180.google.com [209.85.222.180] Jun 13 08:53:26 mail MailScanner[27531]: Message x5DCrN44029857 from 209.85.222.180 (address at gmail.com) to co.walton.ga.us is not spam, SpamAssassin (not cached, score=-1.998, required 5, autolearn=not spam, BAYES_00 -1.90, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, FREEMAIL_FROM 0.00, HTML_MESSAGE 0.00, SPF_HELO_NONE 0.00, SPF_PASS -0.00) Jun 13 08:53:26 mail MailScanner[27531]: Delivery of nonspam: message x5DCrN44029857 from address at gmail.com to lmilligan at co.walton.ga.us with subject Re: Test Message [root at mail log]# grep x5DCpZVS029638 maillog Jun 13 08:51:35 mail sendmail[29638]: x5DCpZVS029638: from=, size=5430, class=0, nrcpts=1, msgid=<000001d521e6$bb9dbfd0$32d93f70$@co.walton.ga.us>, bodytype=7BIT, proto=ESMTP, daemon=MTA, relay=zimbra1 [192.168.32.47] Jun 13 08:51:35 mail opendkim[2320]: x5DCpZVS029638: DKIM-Signature field added (s=FEA62E10-BFE6-11E7-BA2D-46CD2CC478D5, d=co.walton.ga.us) Jun 13 08:51:35 mail sendmail[29638]: x5DCpZVS029638: Milter insert (1): header: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=co.walton.ga.us;\n\ts=FEA62E10-BFE6-11E7-BA2D-46CD2CC478D5; t=1560430295;\n\tbh=CSJ2rlhIjlClMMaj7t9SswqeupTOa7unO4OXOq2PwNc=;\n\th=Reply-To:From:To:Subject:Date:From;\n\tb=uvX8sa9j4g3GZc9r94bLrYNJj4FqJoin1EItnitkB+cPWrAKf147nfTTNGOofBTK8\n\t rEPD90/OGACQwNG5VaQh433tMaB7sPSlhrfAMQsmj9hLHPZ1iUk0NDQNXn1293KqMS\n\t naHcHSbwzQIqG7O6TrjtPaPKXWHgZ1KnJ2zpY5QQ= Jun 13 08:51:35 mail sendmail[29638]: x5DCpZVS029638: Milter insert (1): header: DKIM-Filter: OpenDKIM Filter v2.11.0 mail.co.walton.ga.us x5DCpZVS029638 Jun 13 08:51:35 mail sendmail[29638]: x5DCpZVS029638: to=< address at gmail.com>, delay=00:00:00, mailer=esmtp, pri=35430, stat=queued Jun 13 08:51:37 mail MailScanner[20868]: Message x5DCpZVS029638 from 192.168.32.47 (lmilligan at co.walton.ga.us) to gmail.com is not spam, SpamAssassin (not cached, score=-2.699, required 5, ALL_TRUSTED -1.00, BAYES_00 -1.90, DKIM_INVALID 0.10, DKIM_SIGNED 0.10, HTML_MESSAGE 0.00) Jun 13 08:51:37 mail MailScanner[20868]: Delivery of nonspam: message x5DCpZVS029638 from lmilligan at co.walton.ga.us to address at gmail.com with subject Test Message Jun 13 08:51:37 mail MailScanner[20868]: MailWatch: Logging message x5DCpZVS029638 to SQL Jun 13 08:51:37 mail MailScanner[29472]: MailWatch: x5DCpZVS029638: Logged to MailWatch SQL Jun 13 08:52:37 mail sendmail[29653]: x5DCpZVS029638: to=< address at gmail.com>, delay=00:01:02, xdelay=00:01:00, mailer=esmtp, pri=125430, relay=gmail-smtp-in.l.google.com. [64.233.185.27], dsn=2.0.0, stat=Sent (OK 1560430357 a64si1019447yba.91 - gsmtp) [root at mail log]# grep x5DCrN44029857 maillog Jun 13 08:53:23 mail sendmail[29857]: x5DCrN44029857: from=< address at gmail.com>, size=4489, class=0, nrcpts=1, msgid=, proto=ESMTP, daemon=MTA, relay=mail-qk1-f180.google.com [209.85.222.180] Jun 13 08:53:23 mail opendkim[2320]: x5DCrN44029857: mail-qk1-f180.google.com [209.85.222.180] not internal Jun 13 08:53:23 mail opendkim[2320]: x5DCrN44029857: not authenticated Jun 13 08:53:23 mail opendkim[2320]: x5DCrN44029857: DKIM verification successful Jun 13 08:53:23 mail sendmail[29857]: x5DCrN44029857: Milter insert (1): header: Authentication-Results: mail.co.walton.ga.us;\n\tdkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="QvRSmgcU" Jun 13 08:53:23 mail sendmail[29857]: x5DCrN44029857: Milter insert (1): header: DKIM-Filter: OpenDKIM Filter v2.11.0 mail.co.walton.ga.us x5DCrN44029857 Jun 13 08:53:26 mail MailScanner[27531]: Message x5DCrN44029857 from 209.85.222.180 (address at gmail.com) to co.walton.ga.us is not spam, SpamAssassin (not cached, score=-1.998, required 5, autolearn=not spam, BAYES_00 -1.90, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, FREEMAIL_FROM 0.00, HTML_MESSAGE 0.00, SPF_HELO_NONE 0.00, SPF_PASS -0.00) Jun 13 08:53:26 mail MailScanner[27531]: Delivery of nonspam: message x5DCrN44029857 from address at gmail.com to lmilligan at co.walton.ga.us with subject Re: Test Message Jun 13 08:53:26 mail MailScanner[27531]: MailWatch: Logging message x5DCrN44029857 to SQL Jun 13 08:53:26 mail MailScanner[29472]: MailWatch: x5DCrN44029857: Logged to MailWatch SQL Jun 13 08:53:26 mail sendmail[29883]: x5DCrN44029857: to=lmilligan at zimbra1.co.walton.ga.us, delay=00:00:03, xdelay=00:00:00, mailer=esmtp, pri=124489, relay=zimbra1.co.walton.ga.us. [192.168.32.47], dsn=2.0.0, stat=Sent (Ok: queued as 7A9B2E17EE) I hope there is something in here that explains this behavior, but I cannot see it. Thanks so much for looking at this, it has bugged me for months! Lamar From: MailScanner On Behalf Of Shawn Iverson via MailScanner Sent: Wednesday, June 12, 2019 7:34 PM To: MailScanner Discussion Cc: Shawn Iverson Subject: Re: Mail from Outside our Domain not Stored Hehe, missed that line, so the line is being read, this is very bizzare... In any case, maillogs are going to be the next logical step. On Wed, Jun 12, 2019 at 5:09 PM Antony Stone > wrote: On Wednesday 12 June 2019 at 22:32:28, Shawn Iverson via MailScanner wrote: > I do see a subtle clue... > > 1) The "X-Spam-Status: No" is actually not present. Erm, yes it is? X-Spam-Status: No, score=3.451 required=6 tests=[ALL_TRUSTED=-1,BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,HEADER_FROM_DIFFERENT_DOMAINS=0.25, LOCAL_COUNTRY=2.2, LOCAL_NOTFROM_TTLD=2.2, MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.001] autolearn=no autolearn_force=no > "X-Spam-Flag: NO" is actually coming from amavisd-new on the next hop (the > Zimbra mail server itself, I think) and hence why it is so far up in the > Received chain. Indeed - that's different. > 2) Becuase X-Spam-Status is not there, the Non Spam Actions appears to > have > been ignored for some reason. I'm not so sure (but then again I'm not at all sure about this one). > At this point, we are going to need a maillog of an inbound message that > fails to get quarantined, along with a maillog of an outbound message that > is being quarantined for further clues. Sounds good to me. Antony. -- "Remember: the S in IoT stands for Security." - Jan-Piet Mens Please reply to the list; please *don't* CC me. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ~WRD000.jpg Type: image/jpeg Size: 823 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 440 bytes Desc: not available URL: From lmilligan at co.walton.ga.us Thu Jun 13 13:40:32 2019 From: lmilligan at co.walton.ga.us (Lamar Milligan) Date: Thu, 13 Jun 2019 09:40:32 -0400 (EDT) Subject: Mail from Outside our Domain not Stored In-Reply-To: <002401d521ea$22468b10$66d3a130$@co.walton.ga.us> References: <033101d5208c$f3052a90$d90f7fb0$@co.walton.ga.us> <040101d52149$a90bf500$fb23df00$@co.walton.ga.us> <201906122309.29569.Antony.Stone@mailscanner.open.source.it> <002401d521ea$22468b10$66d3a130$@co.walton.ga.us> Message-ID: <004101d521ed$929a7720$b7cf6560$@co.walton.ga.us> I forgot to include headers from an external email that should be stored but was not. Here is a sample: [root at mail log]# grep x5DDUaQ2002792 maillog Jun 13 09:30:39 mail sendmail[2792]: x5DDUaQ2002792: from=, size=9664, class=0, nrcpts=1, msgid= , proto=ESMTP, daemon=MTA, relay=69-94-156-238.nca.lanset.com [69.94.156.238] (may be forged) Jun 13 09:30:39 mail opendkim[2320]: x5DDUaQ2002792: [69.94.156.238] [69.94.156.238] not internal Jun 13 09:30:39 mail opendkim[2320]: x5DDUaQ2002792: not authenticated Jun 13 09:30:40 mail opendkim[2320]: x5DDUaQ2002792: bad signature data Jun 13 09:30:40 mail sendmail[2792]: x5DDUaQ2002792: Milter insert (1): header: Authentication-Results: mail.co.walton.ga.us;\n\tdkim=fail reason="signature verification failed" (1024-bit key) header.d=myxpal.agency header.i=@myxpal.agency header.b="h7s2jlp+" Jun 13 09:30:40 mail sendmail[2792]: x5DDUaQ2002792: Milter insert (1): header: DKIM-Filter: OpenDKIM Filter v2.11.0 mail.co.walton.ga.us x5DDUaQ2002792 Jun 13 09:30:44 mail MailScanner[27531]: RBL checks: x5DDUaQ2002792 found in SPAMHAUS Jun 13 09:30:49 mail MailScanner[27531]: Message x5DDUaQ2002792 from 69.94.156.238 (bowman at myxpal.agency) to co.walton.ga.us is spam, SPAMHAUS, SpamAssassin (not cached, score=7.159, required 5, BAYES_00 -1.90, DKIM_INVALID 0.10, DKIM_SIGNED 0.10, HTML_IMAGE_RATIO_02 0.44, HTML_MESSAGE 0.00, PYZOR_CHECK 1.39, RCVD_IN_SBL_CSS 3.33, RDNS_DYNAMIC 0.98, SPF_HELO_NONE 0.00, SPF_NONE 0.00, T_HTML_TAG_BALANCE_CENTER 0.01, URIBL_CSS 0.10, URIBL_CSS_A 0.10, URIBL_DBL_SPAM 2.50) Jun 13 09:30:49 mail MailScanner[27531]: Non-delivery of spam: message x5DDUaQ2002792 from bowman at myxpal.agency to bryan.shelton at co.walton.ga.us with subject to- Help- Pay--Your- Final- Expenses- Jun 13 09:30:49 mail MailScanner[27531]: Spam Actions: message x5DDUaQ2002792 actions are store,header Jun 13 09:30:50 mail MailScanner[27531]: MailWatch: Logging message x5DDUaQ2002792 to SQL Jun 13 09:30:50 mail MailScanner[30470]: MailWatch: x5DDUaQ2002792: Logged to MailWatch SQL Thanks for your help, Lamar From: MailScanner On Behalf Of Lamar Milligan via MailScanner Sent: Thursday, June 13, 2019 9:16 AM To: MailScanner Discussion Cc: Lamar Milligan Subject: RE: Mail from Outside our Domain not Stored Here are maillog extracts from our sendmail server for messages to and from my Gmail account. I did hide my Gmail address in the logs. [root at mail log]# grep address maillog|grep Jun\ 13 Jun 13 08:51:35 mail sendmail[29638]: x5DCpZVS029638: to=
>, delay=00:00:00, mailer=esmtp, pri=35430, stat=queued Jun 13 08:51:37 mail MailScanner[20868]: Delivery of nonspam: message x5DCpZVS029638 from lmilligan at co.walton.ga.us to address at gmail.com with subject Test Message Jun 13 08:52:37 mail sendmail[29653]: x5DCpZVS029638: to=< address at gmail.com >, delay=00:01:02, xdelay=00:01:00, mailer=esmtp, pri=125430, relay=gmail-smtp-in.l.google.com. [64.233.185.27], dsn=2.0.0, stat=Sent (OK 1560430357 a64si1019447yba.91 - gsmtp) Jun 13 08:53:23 mail sendmail[29857]: x5DCrN44029857: from=< address at gmail.com >, size=4489, class=0, nrcpts=1, msgid= >, proto=ESMTP, daemon=MTA, relay=mail-qk1-f180.google.com [209.85.222.180] Jun 13 08:53:26 mail MailScanner[27531]: Message x5DCrN44029857 from 209.85.222.180 (address at gmail.com ) to co.walton.ga.us is not spam, SpamAssassin (not cached, score=-1.998, required 5, autolearn=not spam, BAYES_00 -1.90, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, FREEMAIL_FROM 0.00, HTML_MESSAGE 0.00, SPF_HELO_NONE 0.00, SPF_PASS -0.00) Jun 13 08:53:26 mail MailScanner[27531]: Delivery of nonspam: message x5DCrN44029857 from address at gmail.com to lmilligan at co.walton.ga.us with subject Re: Test Message [root at mail log]# grep x5DCpZVS029638 maillog Jun 13 08:51:35 mail sendmail[29638]: x5DCpZVS029638: from= >, size=5430, class=0, nrcpts=1, msgid=<000001d521e6$bb9dbfd0$32d93f70$@co.walton.ga.us >, bodytype=7BIT, proto=ESMTP, daemon=MTA, relay=zimbra1 [192.168.32.47] Jun 13 08:51:35 mail opendkim[2320]: x5DCpZVS029638: DKIM-Signature field added (s=FEA62E10-BFE6-11E7-BA2D-46CD2CC478D5, d=co.walton.ga.us) Jun 13 08:51:35 mail sendmail[29638]: x5DCpZVS029638: Milter insert (1): header: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=co.walton.ga.us;\n\ts=FEA62E10-BFE6-11E7-BA2D-46CD2CC478D5; t=1560430295;\n\tbh=CSJ2rlhIjlClMMaj7t9SswqeupTOa7unO4OXOq2PwNc=;\n\th=Reply-To:From:To:Subject:Date:From;\n\tb=uvX8sa9j4g3GZc9r94bLrYNJj4FqJoin1EItnitkB+cPWrAKf147nfTTNGOofBTK8\n\t rEPD90/OGACQwNG5VaQh433tMaB7sPSlhrfAMQsmj9hLHPZ1iUk0NDQNXn1293KqMS\n\t naHcHSbwzQIqG7O6TrjtPaPKXWHgZ1KnJ2zpY5QQ= Jun 13 08:51:35 mail sendmail[29638]: x5DCpZVS029638: Milter insert (1): header: DKIM-Filter: OpenDKIM Filter v2.11.0 mail.co.walton.ga.us x5DCpZVS029638 Jun 13 08:51:35 mail sendmail[29638]: x5DCpZVS029638: to=< address at gmail.com >, delay=00:00:00, mailer=esmtp, pri=35430, stat=queued Jun 13 08:51:37 mail MailScanner[20868]: Message x5DCpZVS029638 from 192.168.32.47 (lmilligan at co.walton.ga.us ) to gmail.com is not spam, SpamAssassin (not cached, score=-2.699, required 5, ALL_TRUSTED -1.00, BAYES_00 -1.90, DKIM_INVALID 0.10, DKIM_SIGNED 0.10, HTML_MESSAGE 0.00) Jun 13 08:51:37 mail MailScanner[20868]: Delivery of nonspam: message x5DCpZVS029638 from lmilligan at co.walton.ga.us to address at gmail.com with subject Test Message Jun 13 08:51:37 mail MailScanner[20868]: MailWatch: Logging message x5DCpZVS029638 to SQL Jun 13 08:51:37 mail MailScanner[29472]: MailWatch: x5DCpZVS029638: Logged to MailWatch SQL Jun 13 08:52:37 mail sendmail[29653]: x5DCpZVS029638: to=< address at gmail.com >, delay=00:01:02, xdelay=00:01:00, mailer=esmtp, pri=125430, relay=gmail-smtp-in.l.google.com. [64.233.185.27], dsn=2.0.0, stat=Sent (OK 1560430357 a64si1019447yba.91 - gsmtp) [root at mail log]# grep x5DCrN44029857 maillog Jun 13 08:53:23 mail sendmail[29857]: x5DCrN44029857: from=< address at gmail.com >, size=4489, class=0, nrcpts=1, msgid= >, proto=ESMTP, daemon=MTA, relay=mail-qk1-f180.google.com [209.85.222.180] Jun 13 08:53:23 mail opendkim[2320]: x5DCrN44029857: mail-qk1-f180.google.com [209.85.222.180] not internal Jun 13 08:53:23 mail opendkim[2320]: x5DCrN44029857: not authenticated Jun 13 08:53:23 mail opendkim[2320]: x5DCrN44029857: DKIM verification successful Jun 13 08:53:23 mail sendmail[29857]: x5DCrN44029857: Milter insert (1): header: Authentication-Results: mail.co.walton.ga.us;\n\tdkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="QvRSmgcU" Jun 13 08:53:23 mail sendmail[29857]: x5DCrN44029857: Milter insert (1): header: DKIM-Filter: OpenDKIM Filter v2.11.0 mail.co.walton.ga.us x5DCrN44029857 Jun 13 08:53:26 mail MailScanner[27531]: Message x5DCrN44029857 from 209.85.222.180 (address at gmail.com ) to co.walton.ga.us is not spam, SpamAssassin (not cached, score=-1.998, required 5, autolearn=not spam, BAYES_00 -1.90, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, FREEMAIL_FROM 0.00, HTML_MESSAGE 0.00, SPF_HELO_NONE 0.00, SPF_PASS -0.00) Jun 13 08:53:26 mail MailScanner[27531]: Delivery of nonspam: message x5DCrN44029857 from address at gmail.com to lmilligan at co.walton.ga.us with subject Re: Test Message Jun 13 08:53:26 mail MailScanner[27531]: MailWatch: Logging message x5DCrN44029857 to SQL Jun 13 08:53:26 mail MailScanner[29472]: MailWatch: x5DCrN44029857: Logged to MailWatch SQL Jun 13 08:53:26 mail sendmail[29883]: x5DCrN44029857: to=lmilligan at zimbra1.co.walton.ga.us , delay=00:00:03, xdelay=00:00:00, mailer=esmtp, pri=124489, relay=zimbra1.co.walton.ga.us. [192.168.32.47], dsn=2.0.0, stat=Sent (Ok: queued as 7A9B2E17EE) I hope there is something in here that explains this behavior, but I cannot see it. Thanks so much for looking at this, it has bugged me for months! Lamar From: MailScanner > On Behalf Of Shawn Iverson via MailScanner Sent: Wednesday, June 12, 2019 7:34 PM To: MailScanner Discussion > Cc: Shawn Iverson > Subject: Re: Mail from Outside our Domain not Stored Hehe, missed that line, so the line is being read, this is very bizzare... In any case, maillogs are going to be the next logical step. On Wed, Jun 12, 2019 at 5:09 PM Antony Stone > wrote: On Wednesday 12 June 2019 at 22:32:28, Shawn Iverson via MailScanner wrote: > I do see a subtle clue... > > 1) The "X-Spam-Status: No" is actually not present. Erm, yes it is? X-Spam-Status: No, score=3.451 required=6 tests=[ALL_TRUSTED=-1,BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,HEADER_FROM_DIFFERENT_DOMAINS=0.25, LOCAL_COUNTRY=2.2, LOCAL_NOTFROM_TTLD=2.2, MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.001] autolearn=no autolearn_force=no > "X-Spam-Flag: NO" is actually coming from amavisd-new on the next hop (the > Zimbra mail server itself, I think) and hence why it is so far up in the > Received chain. Indeed - that's different. > 2) Becuase X-Spam-Status is not there, the Non Spam Actions appears to > have > been ignored for some reason. I'm not so sure (but then again I'm not at all sure about this one). > At this point, we are going to need a maillog of an inbound message that > fails to get quarantined, along with a maillog of an outbound message that > is being quarantined for further clues. Sounds good to me. Antony. -- "Remember: the S in IoT stands for Security." - Jan-Piet Mens Please reply to the list; please *don't* CC me. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 440 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.jpg Type: image/jpeg Size: 823 bytes Desc: not available URL: From Antony.Stone at mailscanner.open.source.it Thu Jun 13 13:59:02 2019 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Thu, 13 Jun 2019 15:59:02 +0200 Subject: Mail from Outside our Domain not Stored In-Reply-To: <004101d521ed$929a7720$b7cf6560$@co.walton.ga.us> References: <033101d5208c$f3052a90$d90f7fb0$@co.walton.ga.us> <002401d521ea$22468b10$66d3a130$@co.walton.ga.us> <004101d521ed$929a7720$b7cf6560$@co.walton.ga.us> Message-ID: <201906131559.02127.Antony.Stone@mailscanner.open.source.it> On Thursday 13 June 2019 at 15:40:32, Lamar Milligan via MailScanner wrote: > I forgot to include headers from an external email that should be stored > but was not. Here is a sample: > Jun 13 09:30:49 mail MailScanner[27531]: Spam Actions: message > x5DDUaQ2002792 actions are store,header Well, that's pretty clear, I think. Your config file contains: Quarantine Dir = /var/spool/MailScanner/quarantine What are the ownership & permissions on that directory and its immediate parent? Antony. -- https://tools.ietf.org/html/rfc6890 - providing 16 million IPv4 addresses for talking to yourself. Please reply to the list; please *don't* CC me. From lmilligan at co.walton.ga.us Thu Jun 13 14:07:22 2019 From: lmilligan at co.walton.ga.us (Lamar Milligan) Date: Thu, 13 Jun 2019 10:07:22 -0400 (EDT) Subject: Mail from Outside our Domain not Stored In-Reply-To: <201906131559.02127.Antony.Stone@mailscanner.open.source.it> References: <033101d5208c$f3052a90$d90f7fb0$@co.walton.ga.us> <002401d521ea$22468b10$66d3a130$@co.walton.ga.us> <004101d521ed$929a7720$b7cf6560$@co.walton.ga.us> <201906131559.02127.Antony.Stone@mailscanner.open.source.it> Message-ID: <005c01d521f1$52399cc0$f6acd640$@co.walton.ga.us> > -----Original Message----- > From: MailScanner bounces+lmilligan=co.walton.ga.us at lists.mailscanner.info> On Behalf Of > Antony Stone > Sent: Thursday, June 13, 2019 9:59 AM > To: MailScanner Discussion > Subject: Re: Mail from Outside our Domain not Stored > > On Thursday 13 June 2019 at 15:40:32, Lamar Milligan via MailScanner wrote: > > > I forgot to include headers from an external email that should be > > stored but was not. Here is a sample: > > > Jun 13 09:30:49 mail MailScanner[27531]: Spam Actions: message > > x5DDUaQ2002792 actions are store,header > > Well, that's pretty clear, I think. > > > Your config file contains: > > Quarantine Dir = /var/spool/MailScanner/quarantine > > What are the ownership & permissions on that directory and its immediate > parent? > /var/spool/MailScanner drwxr-xr-x. root mail /var/spool/MailScanner/quarantine drwxrwxr-x. root apache Permissions for the daily directories created in quarantine are drwdrw--- root apache > > Antony. > > -- > https://tools.ietf.org/html/rfc6890 - providing 16 million IPv4 addresses for > talking to yourself. > > Please reply to the list; > please *don't* CC me. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner From pparsons at techeez.com Wed Jun 19 17:26:43 2019 From: pparsons at techeez.com (Philip Parsons) Date: Wed, 19 Jun 2019 17:26:43 +0000 Subject: Every day I am getting messages that seem to be able to kill or at least Message-ID: <11D8E491D9562549A61FD3186F36342002FF2D13E8@exchange.techeez.com> Almost kill mailscanner. Because they are stuck in the processing queue I cannot see the complete messages but for the most part they look like nothing special. Mailscanner version Latest Unbuntu 18.04 12gigs ram Any thing suggested to fix/tweek ? Currently being processed: Number of messages: 1 Tries Message Next Try At ===== ======= =========== 2 x5JH9vYb025008 Wed Jun 19 10:17:11 2019 Thank you. Philip Parsons -------------- next part -------------- An HTML attachment was scrubbed... URL: From karsberg at positive-internet.com Wed Jun 19 17:34:42 2019 From: karsberg at positive-internet.com (Luke Karsberg) Date: Wed, 19 Jun 2019 18:34:42 +0100 Subject: Every day I am getting messages that seem to be able to kill or at least In-Reply-To: <11D8E491D9562549A61FD3186F36342002FF2D13E8@exchange.techeez.com> References: <11D8E491D9562549A61FD3186F36342002FF2D13E8@exchange.techeez.com> Message-ID: Do you have a retry value set in the MailScanner configuration file? You can configure it to put emails into quarantine if it fails to process it after so many tries. I?ve had to do it for a client using MailScanner with what seems to be a similar issue. > On 19 Jun 2019, at 18:26, Philip Parsons wrote: > > Almost kill mailscanner. Because they are stuck in the processing queue I cannot see the complete messages but for the most part they look like nothing special. > > Mailscanner version Latest > Unbuntu 18.04 > 12gigs ram > > > Any thing suggested to fix/tweek ? > > > Currently being processed: > > Number of messages: 1 > Tries Message Next Try At > ===== ======= =========== > 2 x5JH9vYb025008 Wed Jun 19 10:17:11 2019 > > > > > > Thank you. > Philip Parsons > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -- All postal correspondence to: The Positive Internet Company, 24 Ganton Street, London. W1F 7QY *Follow us on Twitter* @posipeople The Positive Internet Company Limited is registered in England and Wales. Registered company number: 3673639. VAT no: 726 7072 28. Registered office: Northside House, Mount Pleasant, Barnet, Herts, EN4 9EE. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pparsons at techeez.com Wed Jun 19 21:02:23 2019 From: pparsons at techeez.com (Philip Parsons) Date: Wed, 19 Jun 2019 21:02:23 +0000 Subject: Every day I am getting messages that seem to be able to kill or at least In-Reply-To: References: <11D8E491D9562549A61FD3186F36342002FF2D13E8@exchange.techeez.com> Message-ID: <11D8E491D9562549A61FD3186F36342002FF2D234B@exchange.techeez.com> Yeah I do that?s why it shows the retry.. what setting do I need to change to get it to put it quarantine on failure ? From: MailScanner On Behalf Of Luke Karsberg Sent: June 19, 2019 10:35 AM To: MailScanner Discussion Subject: Re: Every day I am getting messages that seem to be able to kill or at least Do you have a retry value set in the MailScanner configuration file? You can configure it to put emails into quarantine if it fails to process it after so many tries. I?ve had to do it for a client using MailScanner with what seems to be a similar issue. On 19 Jun 2019, at 18:26, Philip Parsons > wrote: Almost kill mailscanner. Because they are stuck in the processing queue I cannot see the complete messages but for the most part they look like nothing special. Mailscanner version Latest Unbuntu 18.04 12gigs ram Any thing suggested to fix/tweek ? Currently being processed: Number of messages: 1 Tries Message Next Try At ===== ======= =========== 2 x5JH9vYb025008 Wed Jun 19 10:17:11 2019 Thank you. Philip Parsons -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From it at festa.bg Thu Jun 20 08:40:04 2019 From: it at festa.bg (Valentin Laskov) Date: Thu, 20 Jun 2019 11:40:04 +0300 Subject: Every day I am getting messages that seem to be able to kill or at least In-Reply-To: <11D8E491D9562549A61FD3186F36342002FF2D13E8@exchange.techeez.com> References: <11D8E491D9562549A61FD3186F36342002FF2D13E8@exchange.techeez.com> Message-ID: <6bb2bb32-494c-4389-107f-1d04c09f2e4f@festa.bg> What are Spam Actions = and High Scoring Spam Actions = in your MailScanner config? ?? 19.06.2019 ? 20:26, Philip Parsons ??????: > > Almost kill mailscanner.? Because they are stuck in the processing > queue I cannot see the complete messages but for the most part they > look like nothing special. > > Mailscanner version Latest > > Unbuntu 18.04 > > 12gigs ram > > Any thing suggested to fix/tweek ? > > Currently being processed: > > Number of messages: 1 > > Tries????? Message????????????? Next Try At > > =====?? =======????????????? =========== > > 2 x5JH9vYb025008?????????????? Wed Jun 19 10:17:11 2019 > > Thank you. > Philip Parsons > > > > -- ????????! ???????? ?????? ???????? ????????????? "????? ???????" ?? ???. "??. ?????????" 48 9000 ??. ????? ???.: +359 52 669137 GSM: +359 888 669137 Fax: +359 52 669110 -------------- next part -------------- An HTML attachment was scrubbed... URL: From vlad at vladville.com Wed Jun 26 13:51:07 2019 From: vlad at vladville.com (Vlad Mazek) Date: Wed, 26 Jun 2019 09:51:07 -0400 Subject: MailScanner txt/html inline signatures at the top Message-ID: Looking to sign messages with MailScanner inline - but at the top instead of at the bottom. Figured I'm not the first one to go down this road so if anyone has a CustomAction they feel like sharing or even the pointers of what might cause issues (breaking HTML rendering/etc) I'd really appreciate it. -Vlad -------------- next part -------------- An HTML attachment was scrubbed... URL: From thomasl at mtl.mit.edu Wed Jun 26 20:24:08 2019 From: thomasl at mtl.mit.edu (Thomas Lohman) Date: Wed, 26 Jun 2019 16:24:08 -0400 Subject: phishing safe and bad master files Message-ID: <8d9ae1fa-c1bf-d5ed-15bf-55fbfa21f9e3@mtl.mit.edu> Hi all, What is the current location of the phishing files? What I am seeing here looks like it has not been updated since 9/20/2018. http://phishing.mailscanner.info/phishing.bad.sites.conf.gz http://phishing.mailscanner.info/phishing.safe.sites.conf.gz I just want to check to see if I'm missing something on my end. thanks very much, --tom From jerry.benton at mailborder.com Thu Jun 27 12:10:06 2019 From: jerry.benton at mailborder.com (jerry.benton at mailborder.com) Date: Thu, 27 Jun 2019 08:10:06 -0400 Subject: phishing safe and bad master files In-Reply-To: <25671a43c0dbdc0a35397c410ce7376b@mtl.mit.edu> References: <25671a43c0dbdc0a35397c410ce7376b@mtl.mit.edu> Message-ID: <001301d52ce1$42cfdc40$c86f94c0$@mailborder.com> The update server was missing a required package. It is fixed now. Only took 10 months for someone to notice it wasn't being updated. Sweet. -- Jerry Benton www.mailborder.com +1 (843) 800-8605 +44 (020) 3883-8605 -----Original Message----- From: MailScanner On Behalf Of Thomas Lohman Sent: Wednesday, June 26, 2019 16:24 To: MailScanner Discussion Subject: phishing safe and bad master files Hi all, What is the current location of the phishing files? What I am seeing here looks like it has not been updated since 9/20/2018. http://phishing.mailscanner.info/phishing.bad.sites.conf.gz http://phishing.mailscanner.info/phishing.safe.sites.conf.gz I just want to check to see if I'm missing something on my end. thanks very much, --tom -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From iversons at rushville.k12.in.us Fri Jun 28 11:25:17 2019 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Fri, 28 Jun 2019 07:25:17 -0400 Subject: phishing safe and bad master files In-Reply-To: <001301d52ce1$42cfdc40$c86f94c0$@mailborder.com> References: <25671a43c0dbdc0a35397c410ce7376b@mtl.mit.edu> <001301d52ce1$42cfdc40$c86f94c0$@mailborder.com> Message-ID: That is funny. I have my own, so I didn't even notice that... On Thu, Jun 27, 2019 at 8:10 AM wrote: > The update server was missing a required package. It is fixed now. Only > took > 10 months for someone to notice it wasn't being updated. Sweet. > > > -- > Jerry Benton > www.mailborder.com > +1 (843) 800-8605 > +44 (020) 3883-8605 > > > -----Original Message----- > From: MailScanner > > On > Behalf Of Thomas Lohman > Sent: Wednesday, June 26, 2019 16:24 > To: MailScanner Discussion > Subject: phishing safe and bad master files > > Hi all, > > What is the current location of the phishing files? > > What I am seeing here looks like it has not been updated since 9/20/2018. > > http://phishing.mailscanner.info/phishing.bad.sites.conf.gz > > http://phishing.mailscanner.info/phishing.safe.sites.conf.gz > > I just want to check to see if I'm missing something on my end. > > thanks very much, > > > --tom > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us [image: Cybersecurity] -------------- next part -------------- An HTML attachment was scrubbed... URL: From giovanni at panozzo.it Fri Jun 28 14:40:00 2019 From: giovanni at panozzo.it (Giovanni Panozzo) Date: Fri, 28 Jun 2019 16:40:00 +0200 Subject: Maliscanner not checking SPF ? Message-ID: <3fa75cf0-7627-f3d0-db79-50659519da63@panozzo.it> I'm running Mailscanner v5.1.3-2 on Ubuntu 18.04. Every incoming e-mail is marked with spamassassin's T_SPF_HELO_TEMPERROR. i.e: x-myorg-myorg-mailscanner-spamcheck: non spam, SpamAssassin (punteggio=1.868, necessario 6, BODY_SINGLE_WORD 1.86, T_SPF_HELO_TEMPERROR 0.01) And it seems also that spamassassin is unable to perform the SPF check: all e-mail originatinig from not SPF allowed IP address are not detected as spam. How can I debug T_SPF_HELO_TEMPERROR? Any idea? Thank you. From mark at msapiro.net Fri Jun 28 16:39:00 2019 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 28 Jun 2019 09:39:00 -0700 Subject: Maliscanner not checking SPF ? In-Reply-To: <3fa75cf0-7627-f3d0-db79-50659519da63@panozzo.it> References: <3fa75cf0-7627-f3d0-db79-50659519da63@panozzo.it> Message-ID: <99dfba92-0548-908d-cd9f-48b92495ccef@msapiro.net> On 6/28/19 7:40 AM, Giovanni Panozzo wrote: > > How can I debug T_SPF_HELO_TEMPERROR? Any idea? This is a SpamAssassin question, however, the hit comes from the test check_for_spf_helo_temperror in /usr/share/perl5/Mail/SpamAssassin/Plugin/SPF.pm. Is this loaded? I.e. is there a loadplugin Mail::SpamAssassin::Plugin::SPF line somewhere in your /etc/spamassassin/*.pre files? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From giovanni at panozzo.it Fri Jun 28 17:29:56 2019 From: giovanni at panozzo.it (Giovanni Panozzo) Date: Fri, 28 Jun 2019 19:29:56 +0200 Subject: Maliscanner not checking SPF ? In-Reply-To: <99dfba92-0548-908d-cd9f-48b92495ccef@msapiro.net> References: <3fa75cf0-7627-f3d0-db79-50659519da63@panozzo.it> <99dfba92-0548-908d-cd9f-48b92495ccef@msapiro.net> Message-ID: <6aae30e4-7dc0-a3ac-8527-5aae11bdd36c@panozzo.it> Il 28/06/2019 18:39, Mark Sapiro ha scritto: > On 6/28/19 7:40 AM, Giovanni Panozzo wrote: >> >> How can I debug T_SPF_HELO_TEMPERROR? Any idea? > > > This is a SpamAssassin question, however, the hit comes from the test > check_for_spf_helo_temperror in > /usr/share/perl5/Mail/SpamAssassin/Plugin/SPF.pm. Is this loaded? I.e. > is there a > > loadplugin Mail::SpamAssassin::Plugin::SPF > > line somewhere in your /etc/spamassassin/*.pre files? Thank you for answering. I used installed MailScanner more than 8 months ago and then upgraded today using the installer for Ubuntu available here: https://www.mailscanner.info/downloads/ and thus spamassassin configuration should have been a bit "automagic", as the install script would like to be. There is no /usr/share/perl5/Mail/SpamAssassin/Plugin/SPF.pm but I can see the same file here: root at myserver:/etc/mail/spamassassin# ls -la /usr/local/share/perl/5.26.1/Mail/SpamAssassin/Plugin/SPF.pm -r--r--r-- 1 root root 30596 apr 28 2015 /usr/local/share/perl/5.26.1/Mail/SpamAssassin/Plugin/SPF.pm And then: root at myserver:/etc/mail/spamassassin# grep SPF /etc/mail/spamassassin/* /etc/mail/spamassassin/init.pre:# SPF - perform SPF verification. /etc/mail/spamassassin/init.pre:loadplugin Mail::SpamAssassin::Plugin::SPF /etc/mail/spamassassin/MailScanner.cf:# pseudo-header, and for various rules such as SPF checking. (there is no /etc/spamassassin/ dir) Thank you From mark at msapiro.net Fri Jun 28 19:22:40 2019 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 28 Jun 2019 12:22:40 -0700 Subject: Maliscanner not checking SPF ? In-Reply-To: <6aae30e4-7dc0-a3ac-8527-5aae11bdd36c@panozzo.it> References: <3fa75cf0-7627-f3d0-db79-50659519da63@panozzo.it> <99dfba92-0548-908d-cd9f-48b92495ccef@msapiro.net> <6aae30e4-7dc0-a3ac-8527-5aae11bdd36c@panozzo.it> Message-ID: On 6/28/19 10:29 AM, Giovanni Panozzo wrote: > > There is no /usr/share/perl5/Mail/SpamAssassin/Plugin/SPF.pm but I can see the same file here: > > root at myserver:/etc/mail/spamassassin# ls -la > /usr/local/share/perl/5.26.1/Mail/SpamAssassin/Plugin/SPF.pm > -r--r--r-- 1 root root 30596 apr 28? 2015 > /usr/local/share/perl/5.26.1/Mail/SpamAssassin/Plugin/SPF.pm This is just a packaging difference. > And then: > root at myserver:/etc/mail/spamassassin# grep SPF /etc/mail/spamassassin/* > /etc/mail/spamassassin/init.pre:# SPF - perform SPF verification. > /etc/mail/spamassassin/init.pre:loadplugin Mail::SpamAssassin::Plugin::SPF > /etc/mail/spamassassin/MailScanner.cf:# pseudo-header, and for various > rules such as SPF checking. > > (there is no /etc/spamassassin/ dir) As is this. So it looks like you have things installed and configured correctly. I suggest you follow up with SpamAssassin . -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From iversons at rushville.k12.in.us Sun Jun 30 17:13:10 2019 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Sun, 30 Jun 2019 13:13:10 -0400 Subject: Maliscanner not checking SPF ? In-Reply-To: <3fa75cf0-7627-f3d0-db79-50659519da63@panozzo.it> References: <3fa75cf0-7627-f3d0-db79-50659519da63@panozzo.it> Message-ID: Just a thought, if DNS is working correctly, you may try recompiling the Mail::SPF from cpan and see if that works. On Fri, Jun 28, 2019 at 12:26 PM Giovanni Panozzo wrote: > I'm running Mailscanner v5.1.3-2 on Ubuntu 18.04. > > Every incoming e-mail is marked with spamassassin's T_SPF_HELO_TEMPERROR. > > i.e: > x-myorg-myorg-mailscanner-spamcheck: non spam, SpamAssassin > (punteggio=1.868, necessario 6, BODY_SINGLE_WORD 1.86, > T_SPF_HELO_TEMPERROR 0.01) > > > And it seems also that spamassassin is unable to perform the SPF check: > all e-mail originatinig from not SPF allowed IP address are not detected > as spam. > > How can I debug T_SPF_HELO_TEMPERROR? Any idea? > > Thank you. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 option 7 iversons at rushville.k12.in.us [image: Cybersecurity] -------------- next part -------------- An HTML attachment was scrubbed... URL: