From arockiakirijan.j at sbainfo.in Fri Dec 4 10:11:50 2020 From: arockiakirijan.j at sbainfo.in (Kirijan J) Date: Fri, 4 Dec 2020 15:41:50 +0530 (IST) Subject: Spam Mail - MailScanner In-Reply-To: <000101d6c5ea$cf342ad0$6d9c8070$@sltidc.lk> References: <000001d6c302$99929640$ccb7c2c0$@sltidc.lk> <522d6256-db7f-3199-bb41-968ac9c41cf4@summitgrid.com> <000001d6c347$0c05cf50$24116df0$@sltidc.lk> <000c01d6c34e$10d6db30$32849190$@sltidc.lk> <001b01d6c350$c49298b0$4db7ca10$@sltidc.lk> <3b401456-bbc9-7aa1-17a3-0ee41ad6a53d@summitgrid.com> <000101d6c5ea$cf342ad0$6d9c8070$@sltidc.lk> Message-ID: <1649999704.45299.1607076710541.JavaMail.zimbra@sbainfo.in> Hi Team, We are using MailScanner with Zimbra mail server. We are receiving lot of spam on that. Can you help me on this. Some spam mails are blocking and it's stored to quarantine folder. Some spam mails are not blocked. I have attached mailscanner.conf for your reference. Thanks & Regards, Kirijan J +91 8508085049 -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: mailscanner_conf.txt URL: From kenneth at khansen-it.dk Fri Dec 4 11:43:52 2020 From: kenneth at khansen-it.dk (Kenneth Hansen) Date: Fri, 04 Dec 2020 12:43:52 +0100 Subject: =?utf-8?q?Re=3A?= Spam Mail - MailScanner In-Reply-To: <1649999704.45299.1607076710541.JavaMail.zimbra@sbainfo.in> Message-ID: <1512-5fca2100-3-417ac700@221634320> Hi This can be kind of hard with just the configuration file. MailScanner does however generate a detailed spam report in which you can see which rules affect the spam score of the emails. So I would suggest that you look at that. If I am not mistaken, it is added to the logfile, but I have mostly been working with tools like MailGuardian and MailWatch, where the information is logged to a SQL database. Otherwise, a quite small and easy thing to do is to change your "SpamAssassin Score" to a lower value, which would then filter out more mail Best regards Kenneth Hansen On Fredag, December 04, 2020 11:11 CET, Kirijan J via MailScanner wrote: ??Hi Team,?We are using MailScanner with Zimbra mail server. We are receiving lot of spam on that. Can you help me on this.?Some spam mails are blocking and it's stored to quarantine folder. Some spam mails are not blocked.?I have attached mailscanner.conf for your reference.??Thanks & Regards, Kirijan J+91 8508085049 ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From arockiakirijan.j at sbainfo.in Fri Dec 4 13:10:04 2020 From: arockiakirijan.j at sbainfo.in (Kirijan J) Date: Fri, 4 Dec 2020 18:40:04 +0530 (IST) Subject: Spam Mail - MailScanner In-Reply-To: <1512-5fca2100-3-417ac700@221634320> References: <1512-5fca2100-3-417ac700@221634320> Message-ID: <110133949.53203.1607087404716.JavaMail.zimbra@sbainfo.in> Hi Kenneth Hansen, Thanks for your response. I have attached the sample log file for your reference. Already i have give spam score as 8. Suggest me any changes required on this. Thanks & Regards, Kirijan J From: "MailScanner Discussion" To: "MailScanner Discussion" Cc: "Kenneth Hansen" Sent: Friday, December 4, 2020 5:13:52 PM Subject: Re: Spam Mail - MailScanner Hi This can be kind of hard with just the configuration file. MailScanner does however generate a detailed spam report in which you can see which rules affect the spam score of the emails. So I would suggest that you look at that. If I am not mistaken, it is added to the logfile, but I have mostly been working with tools like MailGuardian and MailWatch, where the information is logged to a SQL database. Otherwise, a quite small and easy thing to do is to change your " SpamAssassin Score" to a lower value, which would then filter out more mail Best regards Kenneth Hansen On Fredag, December 04, 2020 11:11 CET, Kirijan J via MailScanner wrote: Hi Team, We are using MailScanner with Zimbra mail server. We are receiving lot of spam on that. Can you help me on this. Some spam mails are blocking and it's stored to quarantine folder. Some spam mails are not blocked. I have attached mailscanner.conf for your reference. Thanks & Regards, Kirijan J +91 8508085049 -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Screenshot from 2020-12-04 18-36-07.png Type: image/png Size: 40769 bytes Desc: not available URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: Maillog.txt URL: From it at festa.bg Fri Dec 4 13:55:46 2020 From: it at festa.bg (Valentin Laskov) Date: Fri, 4 Dec 2020 15:55:46 +0200 Subject: Spam Mail - MailScanner In-Reply-To: <110133949.53203.1607087404716.JavaMail.zimbra@sbainfo.in> References: <1512-5fca2100-3-417ac700@221634320> <110133949.53203.1607087404716.JavaMail.zimbra@sbainfo.in> Message-ID: Hello In my setup scores are Required SpamAssassin Score = 3 High SpamAssassin Score = 6 Also look at # Do you want to always include the Spam Report in the SpamCheck # header, even if the message wasn't spam? # This can also be the filename of a ruleset. Always Include SpamAssassin Report = no If you set this to yes you can see spam check details in headers of every message and tune your scores. Regards! Valentin ?? 04.12.2020 ? 15:10, Kirijan J via MailScanner ??????: > Hi Kenneth Hansen, > > Thanks for your response. I have attached the sample log file for your > reference. > > Already i have give spam score as 8. Suggest me any changes required > on this. > > > Thanks & Regards, > Kirijan J > > ------------------------------------------------------------------------ > *From: *"MailScanner Discussion" > *To: *"MailScanner Discussion" > *Cc: *"Kenneth Hansen" > *Sent: *Friday, December 4, 2020 5:13:52 PM > *Subject: *Re: Spam Mail - MailScanner > > Hi > This can be kind of hard with just the configuration file. > MailScanner does however generate a detailed spam report in which you > can see which rules affect the spam score of the emails. > So I would suggest that you look at that. If I am not mistaken, it is > added to the logfile, but I have mostly been working with tools like > MailGuardian and MailWatch, where the information is logged to a SQL > database. > > Otherwise, a quite small and easy thing to do is to change your > "SpamAssassin Score" to a lower value, which would then filter out > more mail Best regards > Kenneth Hansen > > On Fredag, December 04, 2020 11:11 CET, Kirijan J via MailScanner > wrote: > > Hi Team, > We are using MailScanner with Zimbra mail server. We are receiving lot > of spam on that. Can you help me on this. > Some spam mails are blocking and it's stored to quarantine folder. > Some spam mails are not blocked. > I have attached mailscanner.conf for your reference. > Thanks & Regards, > Kirijan J > +91 8508085049 > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- ????????! ???????? ?????? ???????? ????????????? "????? ???????" ?? ???. "??. ?????????" 48 9000 ??. ????? ???.: +359 52 669137 GSM: +359 888 669137 Fax: +359 52 669110 -------------- next part -------------- An HTML attachment was scrubbed... URL: From arockiakirijan.j at sbainfo.in Fri Dec 4 16:47:42 2020 From: arockiakirijan.j at sbainfo.in (Kirijan J) Date: Fri, 4 Dec 2020 22:17:42 +0530 (IST) Subject: Spam Mail - MailScanner In-Reply-To: References: <1512-5fca2100-3-417ac700@221634320> <110133949.53203.1607087404716.JavaMail.zimbra@sbainfo.in> Message-ID: <593000610.58716.1607100462433.JavaMail.zimbra@sbainfo.in> Hi Valentin, Thanks for your input. Is there anything else to secure my MailScanner from spam mails. Thanks & Regards, Kirijan J From: "Valentin Laskov" To: "MailScanner Discussion" Sent: Friday, December 4, 2020 7:25:46 PM Subject: Re: Spam Mail - MailScanner Hello In my setup scores are Required SpamAssassin Score = 3 High SpamAssassin Score = 6 Also look at # Do you want to always include the Spam Report in the SpamCheck # header, even if the message wasn't spam? # This can also be the filename of a ruleset. Always Include SpamAssassin Report = no If you set this to yes you can see spam check details in headers of every message and tune your scores. Regards! Valentin ?? 04.12.2020 ? 15:10, Kirijan J via MailScanner ??????: Hi Kenneth Hansen, Thanks for your response. I have attached the sample log file for your reference. Already i have give spam score as 8. Suggest me any changes required on this. Thanks & Regards, Kirijan J From: "MailScanner Discussion" [ mailto:mailscanner at lists.mailscanner.info | ] To: "MailScanner Discussion" [ mailto:mailscanner at lists.mailscanner.info | ] Cc: "Kenneth Hansen" [ mailto:kenneth at khansen-it.dk | ] Sent: Friday, December 4, 2020 5:13:52 PM Subject: Re: Spam Mail - MailScanner Hi This can be kind of hard with just the configuration file. MailScanner does however generate a detailed spam report in which you can see which rules affect the spam score of the emails. So I would suggest that you look at that. If I am not mistaken, it is added to the logfile, but I have mostly been working with tools like MailGuardian and MailWatch, where the information is logged to a SQL database. Otherwise, a quite small and easy thing to do is to change your " SpamAssassin Score" to a lower value, which would then filter out more mail Best regards Kenneth Hansen On Fredag, December 04, 2020 11:11 CET, Kirijan J via MailScanner [ mailto:mailscanner at lists.mailscanner.info | ] wrote: BQ_BEGIN Hi Team, We are using MailScanner with Zimbra mail server. We are receiving lot of spam on that. Can you help me on this. Some spam mails are blocking and it's stored to quarantine folder. Some spam mails are not blocked. I have attached mailscanner.conf for your reference. Thanks & Regards, Kirijan J +91 8508085049 -- MailScanner mailing list [ mailto:mailscanner at lists.mailscanner.info | mailscanner at lists.mailscanner.info ] [ http://lists.mailscanner.info/mailman/listinfo/mailscanner | http://lists.mailscanner.info/mailman/listinfo/mailscanner ] BQ_END -- ????????! ???????? ?????? ???????? ????????????? "????? ???????" ?? ???. "??. ?????????" 48 9000 ??. ????? ???.: +359 52 669137 GSM: +359 888 669137 Fax: +359 52 669110 -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From info at avant.si Fri Dec 4 12:20:22 2020 From: info at avant.si (Emanuel Vidmar - Avant.Si) Date: Fri, 4 Dec 2020 13:20:22 +0100 Subject: envelope-from header missing Message-ID: Hello, we are experiencing some issues with delivering reports from Mailscanner. The outbound report from MailScanner does not have the envelope-from field and therefore the From header is not populated. Gmail rejects such Emails, due to missing From header: 2020-11-27 13:29:36 1kicsa-0008Hc-Gm check_mail_permissions could not determine the sender domain [routed_domain=gmail.com message_exim_id=1kicsa-0008Hc-Gm sender_host_address= recipients_count=1] 2020-11-27 13:29:37 1kicsa-0008Hc-Gm ** ***@gmail.com R=dkim_lookuphost T=dkim_remote_smtp H=gmail-smtp-in.l.google.com [64.233.184.27] X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=yes: SMTP error from remote mail server after end of data: 550-5.7.1 [91.223.182.181 11] Our system has detected that this message is\n550-5.7.1 not RFC 5322 compliant:\n550-5.7.*1 'From' header is missing.*\n550-5.7.1 To reduce the amount of spam sent to Gmail, this message has been\n550-5.7.1 blocked. Please visit\n550-5.7.1 https://support.google.com/mail/?p=RfcMessageNonCompliant\n550 5.7.1 and review RFC 5322 specifications for more information. m13si8373647wrb.328 - gsmtp 2020-11-27 13:29:37 1kicsa-0008Hc-Gm Frozen (delivery error message) We have been testing with the "sender.virus.report.txt" template. Is there anything we could do to fix that? Thank you. Best regards, Emanuel ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Sat Dec 5 01:33:30 2020 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 4 Dec 2020 17:33:30 -0800 Subject: envelope-from header missing In-Reply-To: References: Message-ID: On 12/4/20 4:20 AM, Emanuel Vidmar - Avant.Si wrote: > Hello, > > we are experiencing some issues with delivering reports from > Mailscanner.? The outbound report from MailScanner does not have the > envelope-from field and therefore the From header is not populated.? > Gmail rejects such Emails, due to missing From header: I don't see this. envelope-from is not a message header. It is the argument of the SMTP MAIL FROM: command. Some MDAs will expose it as Return-Path:. It is allowed to be empty if you don't want DSNs returned to the sender. In any case, what I see in MailScanner is notices to email senders have a null envelope sender, but notices to the Mailscanner admin have an envelope sender with the admin address. However, both kinds of notices have a To: header with the recipient's address and a From: header like From: MailScanner where admin at example.com is the value of the `Local Postmaster` setting. Have you set that? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From maxsec at gmail.com Sat Dec 5 10:45:24 2020 From: maxsec at gmail.com (Martin Hepworth) Date: Sat, 5 Dec 2020 10:45:24 +0000 Subject: Spam Mail - MailScanner In-Reply-To: <593000610.58716.1607100462433.JavaMail.zimbra@sbainfo.in> References: <1512-5fca2100-3-417ac700@221634320> <110133949.53203.1607087404716.JavaMail.zimbra@sbainfo.in> <593000610.58716.1607100462433.JavaMail.zimbra@sbainfo.in> Message-ID: Turn off the autowhitelist, I found it not useful in a multi-user config such as a central spam trap. -- Martin Hepworth, CISSP Oxford, UK On Fri, 4 Dec 2020 at 16:45, Kirijan J via MailScanner < mailscanner at lists.mailscanner.info> wrote: > Hi Valentin, > > Thanks for your input. Is there anything else to secure my MailScanner > from spam mails. > > Thanks & Regards, > Kirijan J > ------------------------------ > *From: *"Valentin Laskov" > *To: *"MailScanner Discussion" > *Sent: *Friday, December 4, 2020 7:25:46 PM > *Subject: *Re: Spam Mail - MailScanner > > Hello > > In my setup scores are > > Required SpamAssassin Score = 3 > High SpamAssassin Score = 6 > > Also look at > > # Do you want to always include the Spam Report in the SpamCheck > # header, even if the message wasn't spam? > # This can also be the filename of a ruleset. > Always Include SpamAssassin Report = no > > If you set this to yes you can see spam check details in headers of every > message and tune your scores. > > Regards! > Valentin > > ?? 04.12.2020 ? 15:10, Kirijan J via MailScanner ??????: > > Hi Kenneth Hansen, > > Thanks for your response. I have attached the sample log file for your > reference. > > Already i have give spam score as 8. Suggest me any changes required on > this. > > > Thanks & Regards, > Kirijan J > > ------------------------------ > *From: *"MailScanner Discussion" > > *To: *"MailScanner Discussion" > > *Cc: *"Kenneth Hansen" > *Sent: *Friday, December 4, 2020 5:13:52 PM > *Subject: *Re: Spam Mail - MailScanner > > Hi > This can be kind of hard with just the configuration file. > MailScanner does however generate a detailed spam report in which you can > see which rules affect the spam score of the emails. > So I would suggest that you look at that. If I am not mistaken, it is > added to the logfile, but I have mostly been working with tools like > MailGuardian and MailWatch, where the information is logged to a SQL > database. > > Otherwise, a quite small and easy thing to do is to change your "SpamAssassin > Score" to a lower value, which would then filter out more mail Best regards > Kenneth Hansen > > On Fredag, December 04, 2020 11:11 CET, Kirijan J via MailScanner > > wrote: > > > > > Hi Team, > > We are using MailScanner with Zimbra mail server. We are receiving lot of > spam on that. Can you help me on this. > > Some spam mails are blocking and it's stored to quarantine folder. Some > spam mails are not blocked. > > I have attached mailscanner.conf for your reference. > > > Thanks & Regards, > Kirijan J > +91 8508085049 > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > -- > ????????! > > ???????? ?????? > ???????? ????????????? > "????? ???????" ?? > ???. "??. ?????????" 48 > 9000 ??. ????? > ???.: +359 52 669137 > GSM: +359 888 669137 > Fax: +359 52 669110 > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From info at avant.si Sun Dec 6 08:51:11 2020 From: info at avant.si (Emanuel Vidmar - Avant.Si) Date: Sun, 6 Dec 2020 09:51:11 +0100 Subject: envelope-from header missing In-Reply-To: References: Message-ID: Hello Mark, thank you for your reply. I have a "Local Postmaster" setting set. I also have set "Notices From" and "Notices To". The messages without "From: " header are *notices to senders* who's mail has been rejected for some reason (forbidden attachment file type). Is there something else I could check? Thank you. Regards, Emanuel -------------------- Avant.si d.o.o. www.avant.si ? V V sob., 5. dec. 2020 ob 02:33 je oseba Mark Sapiro napisala: > On 12/4/20 4:20 AM, Emanuel Vidmar - Avant.Si wrote: > > Hello, > > > > we are experiencing some issues with delivering reports from > > Mailscanner. The outbound report from MailScanner does not have the > > envelope-from field and therefore the From header is not populated. > > Gmail rejects such Emails, due to missing From header: > > I don't see this. envelope-from is not a message header. It is the > argument of the SMTP MAIL FROM: command. Some MDAs will expose it as > Return-Path:. It is allowed to be empty if you don't want DSNs returned > to the sender. > > In any case, what I see in MailScanner is notices to email senders have > a null envelope sender, but notices to the Mailscanner admin have an > envelope sender with the admin address. However, both kinds of notices > have a To: header with the recipient's address and a From: header like > > From: MailScanner > > where admin at example.com is the value of the `Local Postmaster` setting. > > Have you set that? > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Sun Dec 6 15:34:34 2020 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 6 Dec 2020 07:34:34 -0800 Subject: envelope-from header missing In-Reply-To: References: Message-ID: On 12/6/20 12:51 AM, Emanuel Vidmar - Avant.Si wrote: > > The messages without "From: " header are *notices to senders* who's mail > has been rejected for some reason (forbidden attachment file type). > > Is there something else I could?check? As I noted in my prior reply, notices to senders have a null envelope sender, but do contain an appropriate From: header. If there something in your MTA (Exim ?) configuration that rewrites the From: with the envelope sender address? If so, I suggest you either not do that at all or at least not if the envelope sender is not a valid email address. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From info at avant.si Sun Dec 6 20:43:59 2020 From: info at avant.si (Emanuel Vidmar - Avant.Si) Date: Sun, 6 Dec 2020 21:43:59 +0100 Subject: envelope-from header missing In-Reply-To: References: Message-ID: Mark, thank you for your reply. I am not sure what could have caused that, this is a fairly simple cPanel (Exim) + ConfigServer Mailscanner setup. No special configuration. I have contacted ConfigServer's support first, this was their answer: "Outbound notification from MailScanner does not have the envelope-from field and therefore the From in MailControl is not populated. I'm afraid there's nothing we can do from our end to resolve this issue, you'd need to check the MailScanner newsgroup to find out if there is anything that can be done." I can provide Mailscanner and Exim config if that helps. Thank you. Best regards, Emanuel -------------------- Avant.si d.o.o. www.avant.si ? V V ned., 6. dec. 2020 ob 16:34 je oseba Mark Sapiro napisala: > On 12/6/20 12:51 AM, Emanuel Vidmar - Avant.Si wrote: > > > > The messages without "From: " header are *notices to senders* who's mail > > has been rejected for some reason (forbidden attachment file type). > > > > Is there something else I could check? > > > As I noted in my prior reply, notices to senders have a null envelope > sender, but do contain an appropriate From: header. If there something > in your MTA (Exim ?) configuration that rewrites the From: with the > envelope sender address? If so, I suggest you either not do that at all > or at least not if the envelope sender is not a valid email address. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Mon Dec 7 02:56:54 2020 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 6 Dec 2020 18:56:54 -0800 Subject: envelope-from header missing In-Reply-To: References: Message-ID: <5b03f14b-f07e-a39a-8836-a078318949b7@msapiro.net> On 12/6/20 12:43 PM, Emanuel Vidmar - Avant.Si wrote: > Mark, thank you for your reply. > I am not sure what could have caused that, this is a fairly simple > cPanel (Exim) + ConfigServer Mailscanner setup. No special > configuration. I have contacted ConfigServer's support first, this was > their answer: > > "Outbound notification from MailScanner does not have the envelope-from > field and therefore the From in MailControl is not populated. I'm afraid > there's nothing we can do from our end to resolve this issue, you'd need > to check the MailScanner newsgroup to find out if there is anything that > can be done." I guess this is an issue with MailControl. If MailControl is rewriting the From: with the envelope sender, they just can't handle this mail. Judging from their web site, I think it's likely they are doing just that. Note that a null MAIL FROM: address is perfectly legitimate any time you don't want an undeliverable DSN returned. For one example, almost all MTAs send DSNs with null MAIL FROM: to avoid bounce loops. MailScanner does this with user notifications for similar reasons. Do you have to send mail via MailControl? Note that the places where MailScanner sends with a null envelope are at https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L518 https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L566 Although MCP probably isn't involved in your case, and https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1558 https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1606 https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1755 https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L6618 You could patch those lines changing '<>' to $localpostmaster. I.e. change something like ... SendMessageString($this, $emailmsg, '<>') to ... SendMessageString($this, $emailmsg, $localpostmaster) -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From info at avant.si Mon Dec 7 08:50:29 2020 From: info at avant.si (Emanuel Vidmar - Avant.Si) Date: Mon, 7 Dec 2020 09:50:29 +0100 Subject: envelope-from header missing In-Reply-To: <5b03f14b-f07e-a39a-8836-a078318949b7@msapiro.net> References: <5b03f14b-f07e-a39a-8836-a078318949b7@msapiro.net> Message-ID: I don't actually send it via Mail Control. It is sent automatically in reply to emails containing virus or bad attachments. You say that null FROM is perfectly legitimate, but Gmail obviously disagrees :) This is an example of such message: [root@~]# exigrep "1klynS-000AX0-TA" /var/log/exim_mainlog 2020-12-06 19:30:11 cwd=/var/spool/exim/input 5 args: /usr/sbin/exim -C /etc/exim_outgoing.conf -Mc 1klynS-000AX0-TA 2020-12-07 07:00:05 cwd=/usr/local/cpanel/whostmgr/docroot 6 args: /usr/sbin/exim -C /etc/exim_outgoing.conf -v -Mrm 1klynS-000AX0-TA 2020-12-06 19:30:10 1klynS-000AX0-TA <= <> U=mailnull P=MailScanner S=1131 T="{Opozorilo} Zlonamerno e-postno sporocilo (virus)" for *****@gmail.com 2020-12-06 19:30:11 1klynS-000AX0-TA check_mail_permissions could not determine the sender domain [routed_domain=gmail.com message_exim_id=1klynS-000AX0-TA sender_host_address= recipients_count=1] 2020-12-06 19:30:11 1klynS-000AX0-TA ** izafasun at gmail.com R=dkim_lookuphost T=dkim_remote_smtp H=gmail-smtp-in.l.google.com [74.125.206.26] X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=yes: SMTP error from remote mail server after end of data: 550-5.7.1 [152.89.234.38 11] Our system has detected that this message is\n550-5.7.1 not RFC 5322 compliant:\n550-5.7.1 'From' header is missing.\n550-5.7.1 To reduce the amount of spam sent to Gmail, this message has been\n550-5.7.1 blocked. Please visit\n550-5.7.1 https://support.google.com/mail/?p=RfcMessageNonCompliant\n550 5.7.1 and review RFC 5322 specifications for more information. g4si8507930wma.67 - gsmtp 2020-12-06 19:30:11 1klynS-000AX0-TA Frozen (delivery error message) 2020-12-06 19:50:46 1klynS-000AX0-TA Message is frozen 2020-12-06 20:48:19 1klynS-000AX0-TA Message is frozen 2020-12-06 21:48:34 1klynS-000AX0-TA Message is frozen 2020-12-06 22:48:31 1klynS-000AX0-TA Message is frozen 2020-12-06 23:48:40 1klynS-000AX0-TA Message is frozen -------------------------------- I was hoping there is some config that I could change to fix that, since this is a pretty common setup (cpanel + Configserver Mailscanner). Thanks. Regards, Emanuel -------------------- Avant.si d.o.o. www.avant.si ? V V pon., 7. dec. 2020 ob 03:56 je oseba Mark Sapiro napisala: > On 12/6/20 12:43 PM, Emanuel Vidmar - Avant.Si wrote: > > Mark, thank you for your reply. > > I am not sure what could have caused that, this is a fairly simple > > cPanel (Exim) + ConfigServer Mailscanner setup. No special > > configuration. I have contacted ConfigServer's support first, this was > > their answer: > > > > "Outbound notification from MailScanner does not have the envelope-from > > field and therefore the From in MailControl is not populated. I'm afraid > > there's nothing we can do from our end to resolve this issue, you'd need > > to check the MailScanner newsgroup to find out if there is anything that > > can be done." > > > I guess this is an issue with MailControl. If MailControl is rewriting > the From: with the envelope sender, they just can't handle this mail. > Judging from their web site, I think it's likely they are doing just that. > > Note that a null MAIL FROM: address is perfectly legitimate any time you > don't want an undeliverable DSN returned. For one example, almost all > MTAs send DSNs with null MAIL FROM: to avoid bounce loops. MailScanner > does this with user notifications for similar reasons. > > Do you have to send mail via MailControl? > > Note that the places where MailScanner sends with a null envelope are at > > > https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L518 > > > https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L566 > > Although MCP probably isn't involved in your case, and > > > https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1558 > > > https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1606 > > > https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1755 > > > https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L6618 > > You could patch those lines changing '<>' to $localpostmaster. I.e. > change something like > > ... SendMessageString($this, $emailmsg, '<>') > > to > > ... SendMessageString($this, $emailmsg, $localpostmaster) > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From shawniverson at summitgrid.com Mon Dec 7 09:57:38 2020 From: shawniverson at summitgrid.com (Shawn Iverson) Date: Mon, 7 Dec 2020 04:57:38 -0500 Subject: envelope-from header missing In-Reply-To: References: <5b03f14b-f07e-a39a-8836-a078318949b7@msapiro.net> Message-ID: <6f87abaa-013b-cad8-5a7e-9da77b8c00da@summitgrid.com> Gmail is complaining because the From: field is empty, not because of the null envelope from.? What is removing the From: address from the notification?? The envelope from and the from header are supposed to be independent. "U=mailnull" On 12/7/20 3:50 AM, Emanuel Vidmar - Avant.Si wrote: > I don't actually send it via Mail Control. It is sent automatically in > reply to emails containing virus or bad attachments. > You say that null FROM is perfectly legitimate, but Gmail obviously > disagrees :) > > This is an example of such message: > > [root@~]# exigrep "1klynS-000AX0-TA" /var/log/exim_mainlog > 2020-12-06 19:30:11 cwd=/var/spool/exim/input 5 args: /usr/sbin/exim > -C /etc/exim_outgoing.conf -Mc 1klynS-000AX0-TA > > 2020-12-07 07:00:05 cwd=/usr/local/cpanel/whostmgr/docroot 6 args: > /usr/sbin/exim -C /etc/exim_outgoing.conf -v -Mrm 1klynS-000AX0-TA > > 2020-12-06 19:30:10 1klynS-000AX0-TA <= <> U=mailnull P=MailScanner > S=1131 T="{Opozorilo} Zlonamerno e-postno sporocilo (virus)" for > *****@gmail.com > 2020-12-06 19:30:11 1klynS-000AX0-TA check_mail_permissions could not > determine the sender domain [routed_domain=gmail.com > message_exim_id=1klynS-000AX0-TA > sender_host_address= recipients_count=1] > 2020-12-06 19:30:11 1klynS-000AX0-TA ** izafasun at gmail.com > R=dkim_lookuphost T=dkim_remote_smtp > H=gmail-smtp-in.l.google.com > [74.125.206.26] X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=yes: > SMTP error from remote mail server after end of data: 550-5.7.1 > [152.89.234.38? ? ? 11] Our system has detected that this message > is\n550-5.7.1 not RFC 5322 compliant:\n550-5.7.1 'From' header is > missing.\n550-5.7.1 To reduce the amount of spam sent to Gmail, this > message has been\n550-5.7.1 blocked. Please visit\n550-5.7.1 > https://support.google.com/mail/?p=RfcMessageNonCompliant\n550 5.7.1 > and review RFC 5322 specifications for more information. > g4si8507930wma.67 - gsmtp > 2020-12-06 19:30:11 1klynS-000AX0-TA Frozen (delivery error message) > 2020-12-06 19:50:46 1klynS-000AX0-TA Message is frozen > 2020-12-06 20:48:19 1klynS-000AX0-TA Message is frozen > 2020-12-06 21:48:34 1klynS-000AX0-TA Message is frozen > 2020-12-06 22:48:31 1klynS-000AX0-TA Message is frozen > 2020-12-06 23:48:40 1klynS-000AX0-TA Message is frozen > > > -------------------------------- > > I was hoping there is some config that I could change to fix that, > since this is a pretty common setup (cpanel?+ Configserver Mailscanner). > > Thanks. > > > Regards, > > Emanuel > -------------------- > Avant.si d.o.o. > www.avant.si > > ? > > V V pon., 7. dec. 2020 ob 03:56 je oseba Mark Sapiro > napisala: > > On 12/6/20 12:43 PM, Emanuel Vidmar - Avant.Si wrote: > > Mark, thank you for your reply. > > I am not sure what could have caused that, this is a fairly simple > > cPanel (Exim) + ConfigServer Mailscanner setup. No special > > configuration. I have contacted ConfigServer's support first, > this was > > their answer: > > > > "Outbound notification from MailScanner does not have the > envelope-from > > field and therefore the From in MailControl is not populated. > I'm afraid > > there's nothing we can do from our end to resolve this issue, > you'd need > > to check the MailScanner newsgroup to find out if there is > anything that > > can be done." > > > I guess this is an issue with MailControl. If MailControl is rewriting > the From: with the envelope sender, they just can't handle this mail. > Judging from their web site, I think it's likely they are doing > just that. > > Note that a null MAIL FROM: address is perfectly legitimate any > time you > don't want an undeliverable DSN returned. For one example, almost all > MTAs send DSNs with null MAIL FROM: to avoid bounce loops. MailScanner > does this with user notifications for similar reasons. > > Do you have to send mail via MailControl? > > Note that the places where MailScanner sends with a null envelope > are at > > https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L518 > > https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L566 > > Although MCP probably isn't involved in your case, and > > https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1558 > > https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1606 > > https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1755 > > https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L6618 > > You could patch those lines changing '<>' to $localpostmaster. I.e. > change something like > > ... SendMessageString($this, $emailmsg, '<>') > > to > > ... SendMessageString($this, $emailmsg, $localpostmaster) > > -- > Mark Sapiro > ? ? ? The > highway is for gamblers, > San Francisco Bay Area, California? ? better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson shawniverson at summitgrid.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From shawniverson at summitgrid.com Mon Dec 7 09:59:57 2020 From: shawniverson at summitgrid.com (Shawn Iverson) Date: Mon, 7 Dec 2020 04:59:57 -0500 Subject: envelope-from header missing In-Reply-To: <6f87abaa-013b-cad8-5a7e-9da77b8c00da@summitgrid.com> References: <5b03f14b-f07e-a39a-8836-a078318949b7@msapiro.net> <6f87abaa-013b-cad8-5a7e-9da77b8c00da@summitgrid.com> Message-ID: s/empty/missing/ On 12/7/20 4:57 AM, Shawn Iverson via MailScanner wrote: > > Gmail is complaining because the From: field is empty, not because of > the null envelope from.? What is removing the From: address from the > notification?? The envelope from and the from header are supposed to > be independent. > > "U=mailnull" > > > On 12/7/20 3:50 AM, Emanuel Vidmar - Avant.Si wrote: >> I don't actually send it via Mail Control. It is sent automatically >> in reply to emails containing virus or bad attachments. >> You say that null FROM is perfectly legitimate, but Gmail obviously >> disagrees :) >> >> This is an example of such message: >> >> [root@~]# exigrep "1klynS-000AX0-TA" /var/log/exim_mainlog >> 2020-12-06 19:30:11 cwd=/var/spool/exim/input 5 args: /usr/sbin/exim >> -C /etc/exim_outgoing.conf -Mc 1klynS-000AX0-TA >> >> 2020-12-07 07:00:05 cwd=/usr/local/cpanel/whostmgr/docroot 6 args: >> /usr/sbin/exim -C /etc/exim_outgoing.conf -v -Mrm 1klynS-000AX0-TA >> >> 2020-12-06 19:30:10 1klynS-000AX0-TA <= <> U=mailnull P=MailScanner >> S=1131 T="{Opozorilo} Zlonamerno e-postno sporocilo (virus)" for >> *****@gmail.com >> 2020-12-06 19:30:11 1klynS-000AX0-TA check_mail_permissions could not >> determine the sender domain [routed_domain=gmail.com >> message_exim_id=1klynS-000AX0-TA >> sender_host_address= recipients_count=1] >> 2020-12-06 19:30:11 1klynS-000AX0-TA ** izafasun at gmail.com >> R=dkim_lookuphost T=dkim_remote_smtp >> H=gmail-smtp-in.l.google.com >> [74.125.206.26] X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=yes: >> SMTP error from remote mail server after end of data: 550-5.7.1 >> [152.89.234.38? ? ? 11] Our system has detected that this message >> is\n550-5.7.1 not RFC 5322 compliant:\n550-5.7.1 'From' header is >> missing.\n550-5.7.1 To reduce the amount of spam sent to Gmail, this >> message has been\n550-5.7.1 blocked. Please visit\n550-5.7.1 >> https://support.google.com/mail/?p=RfcMessageNonCompliant\n550 5.7.1 >> and review RFC 5322 specifications for more information. >> g4si8507930wma.67 - gsmtp >> 2020-12-06 19:30:11 1klynS-000AX0-TA Frozen (delivery error message) >> 2020-12-06 19:50:46 1klynS-000AX0-TA Message is frozen >> 2020-12-06 20:48:19 1klynS-000AX0-TA Message is frozen >> 2020-12-06 21:48:34 1klynS-000AX0-TA Message is frozen >> 2020-12-06 22:48:31 1klynS-000AX0-TA Message is frozen >> 2020-12-06 23:48:40 1klynS-000AX0-TA Message is frozen >> >> >> -------------------------------- >> >> I was hoping there is some config that I could change to fix that, >> since this is a pretty common setup (cpanel?+ Configserver Mailscanner). >> >> Thanks. >> >> >> Regards, >> >> Emanuel >> -------------------- >> Avant.si d.o.o. >> www.avant.si >> >> ? >> >> V V pon., 7. dec. 2020 ob 03:56 je oseba Mark Sapiro >> > napisala: >> >> On 12/6/20 12:43 PM, Emanuel Vidmar - Avant.Si wrote: >> > Mark, thank you for your reply. >> > I am not sure what could have caused that, this is a fairly simple >> > cPanel (Exim) + ConfigServer Mailscanner setup. No special >> > configuration. I have contacted ConfigServer's support first, >> this was >> > their answer: >> > >> > "Outbound notification from MailScanner does not have the >> envelope-from >> > field and therefore the From in MailControl is not populated. >> I'm afraid >> > there's nothing we can do from our end to resolve this issue, >> you'd need >> > to check the MailScanner newsgroup to find out if there is >> anything that >> > can be done." >> >> >> I guess this is an issue with MailControl. If MailControl is >> rewriting >> the From: with the envelope sender, they just can't handle this mail. >> Judging from their web site, I think it's likely they are doing >> just that. >> >> Note that a null MAIL FROM: address is perfectly legitimate any >> time you >> don't want an undeliverable DSN returned. For one example, almost all >> MTAs send DSNs with null MAIL FROM: to avoid bounce loops. >> MailScanner >> does this with user notifications for similar reasons. >> >> Do you have to send mail via MailControl? >> >> Note that the places where MailScanner sends with a null envelope >> are at >> >> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L518 >> >> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L566 >> >> Although MCP probably isn't involved in your case, and >> >> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1558 >> >> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1606 >> >> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1755 >> >> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L6618 >> >> You could patch those lines changing '<>' to $localpostmaster. I.e. >> change something like >> >> ... SendMessageString($this, $emailmsg, '<>') >> >> to >> >> ... SendMessageString($this, $emailmsg, $localpostmaster) >> >> -- >> Mark Sapiro > ? ? ? >> The highway is for gamblers, >> San Francisco Bay Area, California? ? better use your sense - B. >> Dylan >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > -- > > Shawn Iverson > shawniverson at summitgrid.com > > -- Shawn Iverson shawniverson at summitgrid.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From shawniverson at summitgrid.com Mon Dec 7 10:17:41 2020 From: shawniverson at summitgrid.com (Shawn Iverson) Date: Mon, 7 Dec 2020 05:17:41 -0500 Subject: envelope-from header missing In-Reply-To: References: <5b03f14b-f07e-a39a-8836-a078318949b7@msapiro.net> Message-ID: <4b02e7df-0eca-cd2f-3027-2560f69d07d4@summitgrid.com> Do your sender templates in question contain this?? If not, add it to the top From: "$postmastername" <$localpostmaster> In fact, they should contain the following in some form: From: "$postmastername" <$localpostmaster> To: $from Subject: example subject X-%org-name%-MailScanner: generated On 12/7/20 3:50 AM, Emanuel Vidmar - Avant.Si wrote: > I don't actually send it via Mail Control. It is sent automatically in > reply to emails containing virus or bad attachments. > You say that null FROM is perfectly legitimate, but Gmail obviously > disagrees :) > > This is an example of such message: > > [root@~]# exigrep "1klynS-000AX0-TA" /var/log/exim_mainlog > 2020-12-06 19:30:11 cwd=/var/spool/exim/input 5 args: /usr/sbin/exim > -C /etc/exim_outgoing.conf -Mc 1klynS-000AX0-TA > > 2020-12-07 07:00:05 cwd=/usr/local/cpanel/whostmgr/docroot 6 args: > /usr/sbin/exim -C /etc/exim_outgoing.conf -v -Mrm 1klynS-000AX0-TA > > 2020-12-06 19:30:10 1klynS-000AX0-TA <= <> U=mailnull P=MailScanner > S=1131 T="{Opozorilo} Zlonamerno e-postno sporocilo (virus)" for > *****@gmail.com > 2020-12-06 19:30:11 1klynS-000AX0-TA check_mail_permissions could not > determine the sender domain [routed_domain=gmail.com > message_exim_id=1klynS-000AX0-TA > sender_host_address= recipients_count=1] > 2020-12-06 19:30:11 1klynS-000AX0-TA ** izafasun at gmail.com > R=dkim_lookuphost T=dkim_remote_smtp > H=gmail-smtp-in.l.google.com > [74.125.206.26] X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=yes: > SMTP error from remote mail server after end of data: 550-5.7.1 > [152.89.234.38? ? ? 11] Our system has detected that this message > is\n550-5.7.1 not RFC 5322 compliant:\n550-5.7.1 'From' header is > missing.\n550-5.7.1 To reduce the amount of spam sent to Gmail, this > message has been\n550-5.7.1 blocked. Please visit\n550-5.7.1 > https://support.google.com/mail/?p=RfcMessageNonCompliant\n550 5.7.1 > and review RFC 5322 specifications for more information. > g4si8507930wma.67 - gsmtp > 2020-12-06 19:30:11 1klynS-000AX0-TA Frozen (delivery error message) > 2020-12-06 19:50:46 1klynS-000AX0-TA Message is frozen > 2020-12-06 20:48:19 1klynS-000AX0-TA Message is frozen > 2020-12-06 21:48:34 1klynS-000AX0-TA Message is frozen > 2020-12-06 22:48:31 1klynS-000AX0-TA Message is frozen > 2020-12-06 23:48:40 1klynS-000AX0-TA Message is frozen > > > -------------------------------- > > I was hoping there is some config that I could change to fix that, > since this is a pretty common setup (cpanel?+ Configserver Mailscanner). > > Thanks. > > > Regards, > > Emanuel > -------------------- > Avant.si d.o.o. > www.avant.si > > ? > > V V pon., 7. dec. 2020 ob 03:56 je oseba Mark Sapiro > napisala: > > On 12/6/20 12:43 PM, Emanuel Vidmar - Avant.Si wrote: > > Mark, thank you for your reply. > > I am not sure what could have caused that, this is a fairly simple > > cPanel (Exim) + ConfigServer Mailscanner setup. No special > > configuration. I have contacted ConfigServer's support first, > this was > > their answer: > > > > "Outbound notification from MailScanner does not have the > envelope-from > > field and therefore the From in MailControl is not populated. > I'm afraid > > there's nothing we can do from our end to resolve this issue, > you'd need > > to check the MailScanner newsgroup to find out if there is > anything that > > can be done." > > > I guess this is an issue with MailControl. If MailControl is rewriting > the From: with the envelope sender, they just can't handle this mail. > Judging from their web site, I think it's likely they are doing > just that. > > Note that a null MAIL FROM: address is perfectly legitimate any > time you > don't want an undeliverable DSN returned. For one example, almost all > MTAs send DSNs with null MAIL FROM: to avoid bounce loops. MailScanner > does this with user notifications for similar reasons. > > Do you have to send mail via MailControl? > > Note that the places where MailScanner sends with a null envelope > are at > > https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L518 > > https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L566 > > Although MCP probably isn't involved in your case, and > > https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1558 > > https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1606 > > https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1755 > > https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L6618 > > You could patch those lines changing '<>' to $localpostmaster. I.e. > change something like > > ... SendMessageString($this, $emailmsg, '<>') > > to > > ... SendMessageString($this, $emailmsg, $localpostmaster) > > -- > Mark Sapiro > ? ? ? The > highway is for gamblers, > San Francisco Bay Area, California? ? better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson shawniverson at summitgrid.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From info at avant.si Mon Dec 7 10:23:22 2020 From: info at avant.si (Emanuel Vidmar - Avant.Si) Date: Mon, 7 Dec 2020 11:23:22 +0100 Subject: envelope-from header missing In-Reply-To: References: <5b03f14b-f07e-a39a-8836-a078318949b7@msapiro.net> <6f87abaa-013b-cad8-5a7e-9da77b8c00da@summitgrid.com> Message-ID: "What is removing the From: address from the notification?" I wish I knew :) That's what I'm trying to figure out. It could only be either Mailscanner or Configserver's implementation of it. Regards, Emanuel -------------------- Avant.si d.o.o. www.avant.si ? V V pon., 7. dec. 2020 ob 10:59 je oseba Shawn Iverson via MailScanner < mailscanner at lists.mailscanner.info> napisala: > s/empty/missing/ > On 12/7/20 4:57 AM, Shawn Iverson via MailScanner wrote: > > Gmail is complaining because the From: field is empty, not because of the > null envelope from. What is removing the From: address from the > notification? The envelope from and the from header are supposed to be > independent. > > "U=mailnull" > > > On 12/7/20 3:50 AM, Emanuel Vidmar - Avant.Si wrote: > > I don't actually send it via Mail Control. It is sent automatically in > reply to emails containing virus or bad attachments. > You say that null FROM is perfectly legitimate, but Gmail obviously > disagrees :) > > This is an example of such message: > > [root@~]# exigrep "1klynS-000AX0-TA" /var/log/exim_mainlog > 2020-12-06 19:30:11 cwd=/var/spool/exim/input 5 args: /usr/sbin/exim -C > /etc/exim_outgoing.conf -Mc 1klynS-000AX0-TA > > 2020-12-07 07:00:05 cwd=/usr/local/cpanel/whostmgr/docroot 6 args: > /usr/sbin/exim -C /etc/exim_outgoing.conf -v -Mrm 1klynS-000AX0-TA > > 2020-12-06 19:30:10 1klynS-000AX0-TA <= <> U=mailnull P=MailScanner S=1131 > T="{Opozorilo} Zlonamerno e-postno sporocilo (virus)" for *****@gmail.com > 2020-12-06 19:30:11 1klynS-000AX0-TA check_mail_permissions could not > determine the sender domain [routed_domain=gmail.com > message_exim_id=1klynS-000AX0-TA sender_host_address= recipients_count=1] > 2020-12-06 19:30:11 1klynS-000AX0-TA ** izafasun at gmail.com > R=dkim_lookuphost T=dkim_remote_smtp H=gmail-smtp-in.l.google.com > [74.125.206.26] X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=yes: SMTP > error from remote mail server after end of data: 550-5.7.1 [152.89.234.38 > 11] Our system has detected that this message is\n550-5.7.1 not RFC > 5322 compliant:\n550-5.7.1 'From' header is missing.\n550-5.7.1 To reduce > the amount of spam sent to Gmail, this message has been\n550-5.7.1 blocked. > Please visit\n550-5.7.1 > https://support.google.com/mail/?p=RfcMessageNonCompliant\n550 5.7.1 and > review RFC 5322 specifications for more information. g4si8507930wma.67 - > gsmtp > 2020-12-06 19:30:11 1klynS-000AX0-TA Frozen (delivery error message) > 2020-12-06 19:50:46 1klynS-000AX0-TA Message is frozen > 2020-12-06 20:48:19 1klynS-000AX0-TA Message is frozen > 2020-12-06 21:48:34 1klynS-000AX0-TA Message is frozen > 2020-12-06 22:48:31 1klynS-000AX0-TA Message is frozen > 2020-12-06 23:48:40 1klynS-000AX0-TA Message is frozen > > > -------------------------------- > > I was hoping there is some config that I could change to fix that, since > this is a pretty common setup (cpanel + Configserver Mailscanner). > > Thanks. > > > Regards, > > Emanuel > -------------------- > Avant.si d.o.o. > www.avant.si > > ? > > V V pon., 7. dec. 2020 ob 03:56 je oseba Mark Sapiro > napisala: > >> On 12/6/20 12:43 PM, Emanuel Vidmar - Avant.Si wrote: >> > Mark, thank you for your reply. >> > I am not sure what could have caused that, this is a fairly simple >> > cPanel (Exim) + ConfigServer Mailscanner setup. No special >> > configuration. I have contacted ConfigServer's support first, this was >> > their answer: >> > >> > "Outbound notification from MailScanner does not have the envelope-from >> > field and therefore the From in MailControl is not populated. I'm afraid >> > there's nothing we can do from our end to resolve this issue, you'd need >> > to check the MailScanner newsgroup to find out if there is anything that >> > can be done." >> >> >> I guess this is an issue with MailControl. If MailControl is rewriting >> the From: with the envelope sender, they just can't handle this mail. >> Judging from their web site, I think it's likely they are doing just that. >> >> Note that a null MAIL FROM: address is perfectly legitimate any time you >> don't want an undeliverable DSN returned. For one example, almost all >> MTAs send DSNs with null MAIL FROM: to avoid bounce loops. MailScanner >> does this with user notifications for similar reasons. >> >> Do you have to send mail via MailControl? >> >> Note that the places where MailScanner sends with a null envelope are at >> >> >> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L518 >> >> >> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L566 >> >> Although MCP probably isn't involved in your case, and >> >> >> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1558 >> >> >> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1606 >> >> >> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1755 >> >> >> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L6618 >> >> You could patch those lines changing '<>' to $localpostmaster. I.e. >> change something like >> >> ... SendMessageString($this, $emailmsg, '<>') >> >> to >> >> ... SendMessageString($this, $emailmsg, $localpostmaster) >> >> -- >> Mark Sapiro The highway is for gamblers, >> San Francisco Bay Area, California better use your sense - B. Dylan >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > -- > > Shawn Iverson > shawniverson at summitgrid.com > > -- > > Shawn Iverson > shawniverson at summitgrid.com > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From info at avant.si Mon Dec 7 10:38:10 2020 From: info at avant.si (Emanuel Vidmar - Avant.Si) Date: Mon, 7 Dec 2020 11:38:10 +0100 Subject: envelope-from header missing In-Reply-To: <4b02e7df-0eca-cd2f-3027-2560f69d07d4@summitgrid.com> References: <5b03f14b-f07e-a39a-8836-a078318949b7@msapiro.net> <4b02e7df-0eca-cd2f-3027-2560f69d07d4@summitgrid.com> Message-ID: Yes, all templates include this at the top: [root@*si]# cat sender.virus.report.txt From: "$postmastername" <$localpostmaster> To: $from Subject: {Opozorilo} Zlonamerno e-postno sporocilo (virus) X-%org-name%-MailScanner: generated Regards, Emanuel -------------------- Avant.si d.o.o. www.avant.si ? V V pon., 7. dec. 2020 ob 11:17 je oseba Shawn Iverson via MailScanner < mailscanner at lists.mailscanner.info> napisala: > Do your sender templates in question contain this? If not, add it to the > top > > From: "$postmastername" <$localpostmaster> > > > In fact, they should contain the following in some form: > > From: "$postmastername" <$localpostmaster> > > To: $from > > Subject: example subject > > X-%org-name%-MailScanner: generated > > On 12/7/20 3:50 AM, Emanuel Vidmar - Avant.Si wrote: > > I don't actually send it via Mail Control. It is sent automatically in > reply to emails containing virus or bad attachments. > You say that null FROM is perfectly legitimate, but Gmail obviously > disagrees :) > > This is an example of such message: > > [root@~]# exigrep "1klynS-000AX0-TA" /var/log/exim_mainlog > 2020-12-06 19:30:11 cwd=/var/spool/exim/input 5 args: /usr/sbin/exim -C > /etc/exim_outgoing.conf -Mc 1klynS-000AX0-TA > > 2020-12-07 07:00:05 cwd=/usr/local/cpanel/whostmgr/docroot 6 args: > /usr/sbin/exim -C /etc/exim_outgoing.conf -v -Mrm 1klynS-000AX0-TA > > 2020-12-06 19:30:10 1klynS-000AX0-TA <= <> U=mailnull P=MailScanner S=1131 > T="{Opozorilo} Zlonamerno e-postno sporocilo (virus)" for *****@gmail.com > 2020-12-06 19:30:11 1klynS-000AX0-TA check_mail_permissions could not > determine the sender domain [routed_domain=gmail.com > message_exim_id=1klynS-000AX0-TA sender_host_address= recipients_count=1] > 2020-12-06 19:30:11 1klynS-000AX0-TA ** izafasun at gmail.com > R=dkim_lookuphost T=dkim_remote_smtp H=gmail-smtp-in.l.google.com > [74.125.206.26] X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=yes: SMTP > error from remote mail server after end of data: 550-5.7.1 [152.89.234.38 > 11] Our system has detected that this message is\n550-5.7.1 not RFC > 5322 compliant:\n550-5.7.1 'From' header is missing.\n550-5.7.1 To reduce > the amount of spam sent to Gmail, this message has been\n550-5.7.1 blocked. > Please visit\n550-5.7.1 > https://support.google.com/mail/?p=RfcMessageNonCompliant\n550 5.7.1 and > review RFC 5322 specifications for more information. g4si8507930wma.67 - > gsmtp > 2020-12-06 19:30:11 1klynS-000AX0-TA Frozen (delivery error message) > 2020-12-06 19:50:46 1klynS-000AX0-TA Message is frozen > 2020-12-06 20:48:19 1klynS-000AX0-TA Message is frozen > 2020-12-06 21:48:34 1klynS-000AX0-TA Message is frozen > 2020-12-06 22:48:31 1klynS-000AX0-TA Message is frozen > 2020-12-06 23:48:40 1klynS-000AX0-TA Message is frozen > > > -------------------------------- > > I was hoping there is some config that I could change to fix that, since > this is a pretty common setup (cpanel + Configserver Mailscanner). > > Thanks. > > > Regards, > > Emanuel > -------------------- > Avant.si d.o.o. > www.avant.si > > ? > > V V pon., 7. dec. 2020 ob 03:56 je oseba Mark Sapiro > napisala: > >> On 12/6/20 12:43 PM, Emanuel Vidmar - Avant.Si wrote: >> > Mark, thank you for your reply. >> > I am not sure what could have caused that, this is a fairly simple >> > cPanel (Exim) + ConfigServer Mailscanner setup. No special >> > configuration. I have contacted ConfigServer's support first, this was >> > their answer: >> > >> > "Outbound notification from MailScanner does not have the envelope-from >> > field and therefore the From in MailControl is not populated. I'm afraid >> > there's nothing we can do from our end to resolve this issue, you'd need >> > to check the MailScanner newsgroup to find out if there is anything that >> > can be done." >> >> >> I guess this is an issue with MailControl. If MailControl is rewriting >> the From: with the envelope sender, they just can't handle this mail. >> Judging from their web site, I think it's likely they are doing just that. >> >> Note that a null MAIL FROM: address is perfectly legitimate any time you >> don't want an undeliverable DSN returned. For one example, almost all >> MTAs send DSNs with null MAIL FROM: to avoid bounce loops. MailScanner >> does this with user notifications for similar reasons. >> >> Do you have to send mail via MailControl? >> >> Note that the places where MailScanner sends with a null envelope are at >> >> >> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L518 >> >> >> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L566 >> >> Although MCP probably isn't involved in your case, and >> >> >> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1558 >> >> >> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1606 >> >> >> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1755 >> >> >> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L6618 >> >> You could patch those lines changing '<>' to $localpostmaster. I.e. >> change something like >> >> ... SendMessageString($this, $emailmsg, '<>') >> >> to >> >> ... SendMessageString($this, $emailmsg, $localpostmaster) >> >> -- >> Mark Sapiro The highway is for gamblers, >> San Francisco Bay Area, California better use your sense - B. Dylan >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > -- > > Shawn Iverson > shawniverson at summitgrid.com > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From waytotheweb at gmail.com Mon Dec 7 12:14:43 2020 From: waytotheweb at gmail.com (Sarah Michaelson) Date: Mon, 7 Dec 2020 12:14:43 +0000 Subject: envelope-from header missing In-Reply-To: References: <5b03f14b-f07e-a39a-8836-a078318949b7@msapiro.net> <4b02e7df-0eca-cd2f-3027-2560f69d07d4@summitgrid.com> Message-ID: We don't make any alterations to the way MailScanner handles email headers. However, in cPanel's Exim Configuration Manager there are several options that can change the sender header: EXPERIMENTAL: Rewrite From: header to match actual sender Set SMTP Sender: headers Enable Sender Rewriting Scheme (SRS) Support If you have any of those set to On or enabled, that could be causing your problem. Regards, Sarah Michaelson Way to the Web Ltd On Mon, 7 Dec 2020 at 10:39, Emanuel Vidmar - Avant.Si wrote: > Yes, all templates include this at the top: > > [root@*si]# cat sender.virus.report.txt > From: "$postmastername" <$localpostmaster> > To: $from > Subject: {Opozorilo} Zlonamerno e-postno sporocilo (virus) > X-%org-name%-MailScanner: generated > > > Regards, > > Emanuel > -------------------- > Avant.si d.o.o. > www.avant.si > > ? > > V V pon., 7. dec. 2020 ob 11:17 je oseba Shawn Iverson via MailScanner < > mailscanner at lists.mailscanner.info> napisala: > >> Do your sender templates in question contain this? If not, add it to the >> top >> >> From: "$postmastername" <$localpostmaster> >> >> >> In fact, they should contain the following in some form: >> >> From: "$postmastername" <$localpostmaster> >> >> To: $from >> >> Subject: example subject >> >> X-%org-name%-MailScanner: generated >> >> On 12/7/20 3:50 AM, Emanuel Vidmar - Avant.Si wrote: >> >> I don't actually send it via Mail Control. It is sent automatically in >> reply to emails containing virus or bad attachments. >> You say that null FROM is perfectly legitimate, but Gmail obviously >> disagrees :) >> >> This is an example of such message: >> >> [root@~]# exigrep "1klynS-000AX0-TA" /var/log/exim_mainlog >> 2020-12-06 19:30:11 cwd=/var/spool/exim/input 5 args: /usr/sbin/exim -C >> /etc/exim_outgoing.conf -Mc 1klynS-000AX0-TA >> >> 2020-12-07 07:00:05 cwd=/usr/local/cpanel/whostmgr/docroot 6 args: >> /usr/sbin/exim -C /etc/exim_outgoing.conf -v -Mrm 1klynS-000AX0-TA >> >> 2020-12-06 19:30:10 1klynS-000AX0-TA <= <> U=mailnull P=MailScanner >> S=1131 T="{Opozorilo} Zlonamerno e-postno sporocilo (virus)" for *****@ >> gmail.com >> 2020-12-06 19:30:11 1klynS-000AX0-TA check_mail_permissions could not >> determine the sender domain [routed_domain=gmail.com >> message_exim_id=1klynS-000AX0-TA sender_host_address= recipients_count=1] >> 2020-12-06 19:30:11 1klynS-000AX0-TA ** izafasun at gmail.com >> R=dkim_lookuphost T=dkim_remote_smtp H=gmail-smtp-in.l.google.com >> [74.125.206.26] X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=yes: SMTP >> error from remote mail server after end of data: 550-5.7.1 [152.89.234.38 >> 11] Our system has detected that this message is\n550-5.7.1 not RFC >> 5322 compliant:\n550-5.7.1 'From' header is missing.\n550-5.7.1 To reduce >> the amount of spam sent to Gmail, this message has been\n550-5.7.1 blocked. >> Please visit\n550-5.7.1 >> https://support.google.com/mail/?p=RfcMessageNonCompliant\n550 5.7.1 and >> review RFC 5322 specifications for more information. g4si8507930wma.67 - >> gsmtp >> 2020-12-06 19:30:11 1klynS-000AX0-TA Frozen (delivery error message) >> 2020-12-06 19:50:46 1klynS-000AX0-TA Message is frozen >> 2020-12-06 20:48:19 1klynS-000AX0-TA Message is frozen >> 2020-12-06 21:48:34 1klynS-000AX0-TA Message is frozen >> 2020-12-06 22:48:31 1klynS-000AX0-TA Message is frozen >> 2020-12-06 23:48:40 1klynS-000AX0-TA Message is frozen >> >> >> -------------------------------- >> >> I was hoping there is some config that I could change to fix that, since >> this is a pretty common setup (cpanel + Configserver Mailscanner). >> >> Thanks. >> >> >> Regards, >> >> Emanuel >> -------------------- >> Avant.si d.o.o. >> www.avant.si >> >> ? >> >> V V pon., 7. dec. 2020 ob 03:56 je oseba Mark Sapiro >> napisala: >> >>> On 12/6/20 12:43 PM, Emanuel Vidmar - Avant.Si wrote: >>> > Mark, thank you for your reply. >>> > I am not sure what could have caused that, this is a fairly simple >>> > cPanel (Exim) + ConfigServer Mailscanner setup. No special >>> > configuration. I have contacted ConfigServer's support first, this was >>> > their answer: >>> > >>> > "Outbound notification from MailScanner does not have the envelope-from >>> > field and therefore the From in MailControl is not populated. I'm >>> afraid >>> > there's nothing we can do from our end to resolve this issue, you'd >>> need >>> > to check the MailScanner newsgroup to find out if there is anything >>> that >>> > can be done." >>> >>> >>> I guess this is an issue with MailControl. If MailControl is rewriting >>> the From: with the envelope sender, they just can't handle this mail. >>> Judging from their web site, I think it's likely they are doing just >>> that. >>> >>> Note that a null MAIL FROM: address is perfectly legitimate any time you >>> don't want an undeliverable DSN returned. For one example, almost all >>> MTAs send DSNs with null MAIL FROM: to avoid bounce loops. MailScanner >>> does this with user notifications for similar reasons. >>> >>> Do you have to send mail via MailControl? >>> >>> Note that the places where MailScanner sends with a null envelope are at >>> >>> >>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L518 >>> >>> >>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L566 >>> >>> Although MCP probably isn't involved in your case, and >>> >>> >>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1558 >>> >>> >>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1606 >>> >>> >>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1755 >>> >>> >>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L6618 >>> >>> You could patch those lines changing '<>' to $localpostmaster. I.e. >>> change something like >>> >>> ... SendMessageString($this, $emailmsg, '<>') >>> >>> to >>> >>> ... SendMessageString($this, $emailmsg, $localpostmaster) >>> >>> -- >>> Mark Sapiro The highway is for gamblers, >>> San Francisco Bay Area, California better use your sense - B. Dylan >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> >> -- >> >> Shawn Iverson >> shawniverson at summitgrid.com >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From info at avant.si Mon Dec 7 12:46:39 2020 From: info at avant.si (Emanuel Vidmar - Avant.Si) Date: Mon, 7 Dec 2020 13:46:39 +0100 Subject: envelope-from header missing In-Reply-To: References: <5b03f14b-f07e-a39a-8836-a078318949b7@msapiro.net> <4b02e7df-0eca-cd2f-3027-2560f69d07d4@summitgrid.com> Message-ID: Thank you Sarah for your input. "Set SMTP Sender: headers " has actually been enabled. Have disabled it and retried. Unfortunately "From:" is still empty. Did find something though, some unidentified character is displayed before the "From" header. Please check the attached screenshot. Report templates are UTF-8 encoded though... [root@* si]# file -i sender.virus.report.txt sender.virus.report.txt: message/rfc822; charset=utf-8 Regards, Emanuel ? V V pon., 7. dec. 2020 ob 13:14 je oseba Sarah Michaelson < waytotheweb at gmail.com> napisala: > We don't make any alterations to the way MailScanner handles email > headers. However, in cPanel's Exim Configuration Manager there are several > options that can change the sender header: > > EXPERIMENTAL: Rewrite From: header to match actual sender > > Set SMTP Sender: headers > > Enable Sender Rewriting Scheme (SRS) Support > > If you have any of those set to On or enabled, that could be causing your > problem. > > Regards, > > Sarah Michaelson > Way to the Web Ltd > > > On Mon, 7 Dec 2020 at 10:39, Emanuel Vidmar - Avant.Si > wrote: > >> Yes, all templates include this at the top: >> >> [root@*si]# cat sender.virus.report.txt >> From: "$postmastername" <$localpostmaster> >> To: $from >> Subject: {Opozorilo} Zlonamerno e-postno sporocilo (virus) >> X-%org-name%-MailScanner: generated >> >> >> Regards, >> >> Emanuel >> -------------------- >> Avant.si d.o.o. >> www.avant.si >> >> ? >> >> V V pon., 7. dec. 2020 ob 11:17 je oseba Shawn Iverson via MailScanner < >> mailscanner at lists.mailscanner.info> napisala: >> >>> Do your sender templates in question contain this? If not, add it to >>> the top >>> >>> From: "$postmastername" <$localpostmaster> >>> >>> >>> In fact, they should contain the following in some form: >>> >>> From: "$postmastername" <$localpostmaster> >>> >>> To: $from >>> >>> Subject: example subject >>> >>> X-%org-name%-MailScanner: generated >>> >>> On 12/7/20 3:50 AM, Emanuel Vidmar - Avant.Si wrote: >>> >>> I don't actually send it via Mail Control. It is sent automatically in >>> reply to emails containing virus or bad attachments. >>> You say that null FROM is perfectly legitimate, but Gmail obviously >>> disagrees :) >>> >>> This is an example of such message: >>> >>> [root@~]# exigrep "1klynS-000AX0-TA" /var/log/exim_mainlog >>> 2020-12-06 19:30:11 cwd=/var/spool/exim/input 5 args: /usr/sbin/exim -C >>> /etc/exim_outgoing.conf -Mc 1klynS-000AX0-TA >>> >>> 2020-12-07 07:00:05 cwd=/usr/local/cpanel/whostmgr/docroot 6 args: >>> /usr/sbin/exim -C /etc/exim_outgoing.conf -v -Mrm 1klynS-000AX0-TA >>> >>> 2020-12-06 19:30:10 1klynS-000AX0-TA <= <> U=mailnull P=MailScanner >>> S=1131 T="{Opozorilo} Zlonamerno e-postno sporocilo (virus)" for *****@ >>> gmail.com >>> 2020-12-06 19:30:11 1klynS-000AX0-TA check_mail_permissions could not >>> determine the sender domain [routed_domain=gmail.com >>> message_exim_id=1klynS-000AX0-TA sender_host_address= recipients_count=1] >>> 2020-12-06 19:30:11 1klynS-000AX0-TA ** izafasun at gmail.com >>> R=dkim_lookuphost T=dkim_remote_smtp H=gmail-smtp-in.l.google.com >>> [74.125.206.26] X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=yes: SMTP >>> error from remote mail server after end of data: 550-5.7.1 [152.89.234.38 >>> 11] Our system has detected that this message is\n550-5.7.1 not RFC >>> 5322 compliant:\n550-5.7.1 'From' header is missing.\n550-5.7.1 To reduce >>> the amount of spam sent to Gmail, this message has been\n550-5.7.1 blocked. >>> Please visit\n550-5.7.1 >>> https://support.google.com/mail/?p=RfcMessageNonCompliant\n550 5.7.1 >>> and review RFC 5322 specifications for more information. g4si8507930wma.67 >>> - gsmtp >>> 2020-12-06 19:30:11 1klynS-000AX0-TA Frozen (delivery error message) >>> 2020-12-06 19:50:46 1klynS-000AX0-TA Message is frozen >>> 2020-12-06 20:48:19 1klynS-000AX0-TA Message is frozen >>> 2020-12-06 21:48:34 1klynS-000AX0-TA Message is frozen >>> 2020-12-06 22:48:31 1klynS-000AX0-TA Message is frozen >>> 2020-12-06 23:48:40 1klynS-000AX0-TA Message is frozen >>> >>> >>> -------------------------------- >>> >>> I was hoping there is some config that I could change to fix that, since >>> this is a pretty common setup (cpanel + Configserver Mailscanner). >>> >>> Thanks. >>> >>> >>> Regards, >>> >>> Emanuel >>> -------------------- >>> Avant.si d.o.o. >>> www.avant.si >>> >>> ? >>> >>> V V pon., 7. dec. 2020 ob 03:56 je oseba Mark Sapiro >>> napisala: >>> >>>> On 12/6/20 12:43 PM, Emanuel Vidmar - Avant.Si wrote: >>>> > Mark, thank you for your reply. >>>> > I am not sure what could have caused that, this is a fairly simple >>>> > cPanel (Exim) + ConfigServer Mailscanner setup. No special >>>> > configuration. I have contacted ConfigServer's support first, this was >>>> > their answer: >>>> > >>>> > "Outbound notification from MailScanner does not have the >>>> envelope-from >>>> > field and therefore the From in MailControl is not populated. I'm >>>> afraid >>>> > there's nothing we can do from our end to resolve this issue, you'd >>>> need >>>> > to check the MailScanner newsgroup to find out if there is anything >>>> that >>>> > can be done." >>>> >>>> >>>> I guess this is an issue with MailControl. If MailControl is rewriting >>>> the From: with the envelope sender, they just can't handle this mail. >>>> Judging from their web site, I think it's likely they are doing just >>>> that. >>>> >>>> Note that a null MAIL FROM: address is perfectly legitimate any time you >>>> don't want an undeliverable DSN returned. For one example, almost all >>>> MTAs send DSNs with null MAIL FROM: to avoid bounce loops. MailScanner >>>> does this with user notifications for similar reasons. >>>> >>>> Do you have to send mail via MailControl? >>>> >>>> Note that the places where MailScanner sends with a null envelope are at >>>> >>>> >>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L518 >>>> >>>> >>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L566 >>>> >>>> Although MCP probably isn't involved in your case, and >>>> >>>> >>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1558 >>>> >>>> >>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1606 >>>> >>>> >>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1755 >>>> >>>> >>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L6618 >>>> >>>> You could patch those lines changing '<>' to $localpostmaster. I.e. >>>> change something like >>>> >>>> ... SendMessageString($this, $emailmsg, '<>') >>>> >>>> to >>>> >>>> ... SendMessageString($this, $emailmsg, $localpostmaster) >>>> >>>> -- >>>> Mark Sapiro The highway is for gamblers, >>>> San Francisco Bay Area, California better use your sense - B. Dylan >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner at lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> >>> -- >>> >>> Shawn Iverson >>> shawniverson at summitgrid.com >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: mailcontrol.png Type: image/png Size: 75537 bytes Desc: not available URL: From info at avant.si Mon Dec 7 14:21:43 2020 From: info at avant.si (Emanuel Vidmar - Avant.Si) Date: Mon, 7 Dec 2020 15:21:43 +0100 Subject: envelope-from header missing In-Reply-To: References: <5b03f14b-f07e-a39a-8836-a078318949b7@msapiro.net> <4b02e7df-0eca-cd2f-3027-2560f69d07d4@summitgrid.com> Message-ID: !SOLVED! The problem was that templates were UTF8. Converted all report templates to ASCII, now "From:" header gets populated. Thank you all. Regards, Emanuel ? V V pon., 7. dec. 2020 ob 13:46 je oseba Emanuel Vidmar - Avant.Si < info at avant.si> napisala: > Thank you Sarah for your input. > "Set SMTP Sender: headers " has actually been enabled. Have disabled it > and retried. Unfortunately "From:" is still empty. Did find something > though, some unidentified character is displayed before the "From" header. > Please check the attached screenshot. > Report templates are UTF-8 encoded though... > [root@* si]# file -i sender.virus.report.txt > sender.virus.report.txt: message/rfc822; charset=utf-8 > > > Regards, > Emanuel > ? > > V V pon., 7. dec. 2020 ob 13:14 je oseba Sarah Michaelson < > waytotheweb at gmail.com> napisala: > >> We don't make any alterations to the way MailScanner handles email >> headers. However, in cPanel's Exim Configuration Manager there are several >> options that can change the sender header: >> >> EXPERIMENTAL: Rewrite From: header to match actual sender >> >> Set SMTP Sender: headers >> >> Enable Sender Rewriting Scheme (SRS) Support >> >> If you have any of those set to On or enabled, that could be causing your >> problem. >> >> Regards, >> >> Sarah Michaelson >> Way to the Web Ltd >> >> >> On Mon, 7 Dec 2020 at 10:39, Emanuel Vidmar - Avant.Si >> wrote: >> >>> Yes, all templates include this at the top: >>> >>> [root@*si]# cat sender.virus.report.txt >>> From: "$postmastername" <$localpostmaster> >>> To: $from >>> Subject: {Opozorilo} Zlonamerno e-postno sporocilo (virus) >>> X-%org-name%-MailScanner: generated >>> >>> >>> Regards, >>> >>> Emanuel >>> -------------------- >>> Avant.si d.o.o. >>> www.avant.si >>> >>> ? >>> >>> V V pon., 7. dec. 2020 ob 11:17 je oseba Shawn Iverson via MailScanner < >>> mailscanner at lists.mailscanner.info> napisala: >>> >>>> Do your sender templates in question contain this? If not, add it to >>>> the top >>>> >>>> From: "$postmastername" <$localpostmaster> >>>> >>>> >>>> In fact, they should contain the following in some form: >>>> >>>> From: "$postmastername" <$localpostmaster> >>>> >>>> To: $from >>>> >>>> Subject: example subject >>>> >>>> X-%org-name%-MailScanner: generated >>>> >>>> On 12/7/20 3:50 AM, Emanuel Vidmar - Avant.Si wrote: >>>> >>>> I don't actually send it via Mail Control. It is sent automatically in >>>> reply to emails containing virus or bad attachments. >>>> You say that null FROM is perfectly legitimate, but Gmail obviously >>>> disagrees :) >>>> >>>> This is an example of such message: >>>> >>>> [root@~]# exigrep "1klynS-000AX0-TA" /var/log/exim_mainlog >>>> 2020-12-06 19:30:11 cwd=/var/spool/exim/input 5 args: /usr/sbin/exim -C >>>> /etc/exim_outgoing.conf -Mc 1klynS-000AX0-TA >>>> >>>> 2020-12-07 07:00:05 cwd=/usr/local/cpanel/whostmgr/docroot 6 args: >>>> /usr/sbin/exim -C /etc/exim_outgoing.conf -v -Mrm 1klynS-000AX0-TA >>>> >>>> 2020-12-06 19:30:10 1klynS-000AX0-TA <= <> U=mailnull P=MailScanner >>>> S=1131 T="{Opozorilo} Zlonamerno e-postno sporocilo (virus)" for *****@ >>>> gmail.com >>>> 2020-12-06 19:30:11 1klynS-000AX0-TA check_mail_permissions could not >>>> determine the sender domain [routed_domain=gmail.com >>>> message_exim_id=1klynS-000AX0-TA sender_host_address= recipients_count=1] >>>> 2020-12-06 19:30:11 1klynS-000AX0-TA ** izafasun at gmail.com >>>> R=dkim_lookuphost T=dkim_remote_smtp H=gmail-smtp-in.l.google.com >>>> [74.125.206.26] X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=yes: SMTP >>>> error from remote mail server after end of data: 550-5.7.1 [152.89.234.38 >>>> 11] Our system has detected that this message is\n550-5.7.1 not RFC >>>> 5322 compliant:\n550-5.7.1 'From' header is missing.\n550-5.7.1 To reduce >>>> the amount of spam sent to Gmail, this message has been\n550-5.7.1 blocked. >>>> Please visit\n550-5.7.1 >>>> https://support.google.com/mail/?p=RfcMessageNonCompliant\n550 5.7.1 >>>> and review RFC 5322 specifications for more information. g4si8507930wma.67 >>>> - gsmtp >>>> 2020-12-06 19:30:11 1klynS-000AX0-TA Frozen (delivery error message) >>>> 2020-12-06 19:50:46 1klynS-000AX0-TA Message is frozen >>>> 2020-12-06 20:48:19 1klynS-000AX0-TA Message is frozen >>>> 2020-12-06 21:48:34 1klynS-000AX0-TA Message is frozen >>>> 2020-12-06 22:48:31 1klynS-000AX0-TA Message is frozen >>>> 2020-12-06 23:48:40 1klynS-000AX0-TA Message is frozen >>>> >>>> >>>> -------------------------------- >>>> >>>> I was hoping there is some config that I could change to fix that, >>>> since this is a pretty common setup (cpanel + Configserver Mailscanner). >>>> >>>> Thanks. >>>> >>>> >>>> Regards, >>>> >>>> Emanuel >>>> -------------------- >>>> Avant.si d.o.o. >>>> www.avant.si >>>> >>>> ? >>>> >>>> V V pon., 7. dec. 2020 ob 03:56 je oseba Mark Sapiro >>>> napisala: >>>> >>>>> On 12/6/20 12:43 PM, Emanuel Vidmar - Avant.Si wrote: >>>>> > Mark, thank you for your reply. >>>>> > I am not sure what could have caused that, this is a fairly simple >>>>> > cPanel (Exim) + ConfigServer Mailscanner setup. No special >>>>> > configuration. I have contacted ConfigServer's support first, this >>>>> was >>>>> > their answer: >>>>> > >>>>> > "Outbound notification from MailScanner does not have the >>>>> envelope-from >>>>> > field and therefore the From in MailControl is not populated. I'm >>>>> afraid >>>>> > there's nothing we can do from our end to resolve this issue, you'd >>>>> need >>>>> > to check the MailScanner newsgroup to find out if there is anything >>>>> that >>>>> > can be done." >>>>> >>>>> >>>>> I guess this is an issue with MailControl. If MailControl is rewriting >>>>> the From: with the envelope sender, they just can't handle this mail. >>>>> Judging from their web site, I think it's likely they are doing just >>>>> that. >>>>> >>>>> Note that a null MAIL FROM: address is perfectly legitimate any time >>>>> you >>>>> don't want an undeliverable DSN returned. For one example, almost all >>>>> MTAs send DSNs with null MAIL FROM: to avoid bounce loops. MailScanner >>>>> does this with user notifications for similar reasons. >>>>> >>>>> Do you have to send mail via MailControl? >>>>> >>>>> Note that the places where MailScanner sends with a null envelope are >>>>> at >>>>> >>>>> >>>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L518 >>>>> >>>>> >>>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L566 >>>>> >>>>> Although MCP probably isn't involved in your case, and >>>>> >>>>> >>>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1558 >>>>> >>>>> >>>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1606 >>>>> >>>>> >>>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1755 >>>>> >>>>> >>>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L6618 >>>>> >>>>> You could patch those lines changing '<>' to $localpostmaster. I.e. >>>>> change something like >>>>> >>>>> ... SendMessageString($this, $emailmsg, '<>') >>>>> >>>>> to >>>>> >>>>> ... SendMessageString($this, $emailmsg, $localpostmaster) >>>>> >>>>> -- >>>>> Mark Sapiro The highway is for gamblers, >>>>> San Francisco Bay Area, California better use your sense - B. Dylan >>>>> >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner at lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> >>>> -- >>>> >>>> Shawn Iverson >>>> shawniverson at summitgrid.com >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner at lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From dannyjohn93 at gmail.com Tue Dec 15 05:42:19 2020 From: dannyjohn93 at gmail.com (dannyjohn93 at gmail.com) Date: Tue, 15 Dec 2020 16:42:19 +1100 Subject: mailscanner not using all anti virus software Message-ID: <01a301d6d2a5$0fc76190$2f5624b0$@gmail.com> Hello, I am configuring a new mailscanner cluster. The old mail scanner cluster is correctly using multiple antivirus software. When the linter is run on the old cluster multiple virus scanners are being used; see configuration and lint output below. The new scanner cluster is NOT using Sophos anti-virus. I have confirmed by debugging that /usr/lib/MailScanner/wrapper/sophos-wrapper is being successfully called to detect Sophos. Sophos-wrapper is NOT being called during the virus scanning stage. See configuration and lint output below. I have successfully ran Sophos antivirus and update from the command line on the new cluster. Not sure where to go from here. All suggestions welcome, Danny /etc/MailScanner/MailScanner.conf [snip] Virus Scanners = avg esets clamd Sophos [snip] Old Cluster Lint. [root ~]# MailScanner --lint 2>&1 Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README [snip] MailScanner.conf says "Virus Scanners = avg esets clamd sophos" Found these virus scanners installed: sophos, avg, esets =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Filetype Checks: Allowing 1 eicar.com (no match found) Other Checks: Found 1 problems Virus and Content Scanning: Starting Avg: Virus identified EICAR_Test in neicar.com Virus Scanning: Avg found 1 infections No license found. Clamd::ERROR:: COULD NOT CONNECT TO CLAMD, RECOMMEND RESTARTING DAEMON :: . Virus Scanning: Clamd found 1 infections >>> Virus 'EICAR-AV-Test' found in file /var/pool/MailScanner/incoming/9142/1/neicar.com Virus Scanning: Sophos found 1 infections Infected message var came from Virus Scanning: Found 3 viruses =========================================================================== If any of your virus scanners (sophos,avg,esets) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. [snip] New cluster's /etc/MailScanner/MailScanner.conf [snip] Virus Scanners = clamd Sophos [snip] New Cluster Lint. [root ~]# MailScanner --lint 2>&1 | tee out Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/00_mailwatch.conf Reading configuration file /etc/MailScanner/conf.d/00_mw-install-script.conf Reading configuration file /etc/MailScanner/conf.d/README [snip] MailScanner.conf says "Virus Scanners = clamd" Found these virus scanners installed: sophos, clamd =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting Clamd::INFECTED:: {HEX}EICAR.TEST.3.UNOFFICIAL :: ./1/eicar.com Virus Scanning: Clamd found 2 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 2 viruses =========================================================================== Virus Scanner test reports: Clamd said "eicar.com was infected: {HEX}EICAR.TEST.3.UNOFFICIAL" If any of your virus scanners (sophos,clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. -------------- next part -------------- An HTML attachment was scrubbed... URL: From m at donato.cl Tue Dec 15 21:36:57 2020 From: m at donato.cl (Donato Pisani) Date: Tue, 15 Dec 2020 18:36:57 -0300 Subject: Mailscanner on cPanel, send spam to spam/junk folder globally Message-ID: <287FF05C-4F47-4407-9ABC-5E4A0B75EE33@donato.cl> Hello everyone, I hope you are fine. I am having some problems with mailscanner inside a server with cPanel. Mailscanner adds the message "{Spam?}" to the subject of the message and leaves it in inbox, I know that with a filter in each account generated by cPanel I can make it send to another folder if the subject contains that phrase, but it becomes unsustainable when there are too many accounts on the server. Is there a way to filter globally for existing and new domains? Thank you a lot for your time and help! From shawniverson at summitgrid.com Wed Dec 16 13:38:20 2020 From: shawniverson at summitgrid.com (Shawn Iverson) Date: Wed, 16 Dec 2020 08:38:20 -0500 Subject: Mailscanner on cPanel, send spam to spam/junk folder globally In-Reply-To: <287FF05C-4F47-4407-9ABC-5E4A0B75EE33@donato.cl> References: <287FF05C-4F47-4407-9ABC-5E4A0B75EE33@donato.cl> Message-ID: You can add a header to "Spam Actions" in your MailScanner such as X-Spam-Status.? If you match against that header you can route all email to a designated spam folder, which is a common technique for mail servers and usually an available setting. On 12/15/20 4:36 PM, Donato Pisani wrote: > Hello everyone, > > I hope you are fine. > > I am having some problems with mailscanner inside a server with cPanel. > > Mailscanner adds the message "{Spam?}" to the subject of the message and leaves it in inbox, I know that with a filter in each account generated by cPanel I can make it send to another folder if the subject contains that phrase, but it becomes unsustainable when there are too many accounts on the server. > > Is there a way to filter globally for existing and new domains? > > Thank you a lot for your time and help! > > -- Shawn Iverson shawniverson at summitgrid.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner at replies.cyways.com Wed Dec 16 16:53:46 2020 From: mailscanner at replies.cyways.com (Peter Lemieux) Date: Wed, 16 Dec 2020 11:53:46 -0500 Subject: Mailscanner on cPanel, send spam to spam/junk folder globally In-Reply-To: <287FF05C-4F47-4407-9ABC-5E4A0B75EE33@donato.cl> References: <287FF05C-4F47-4407-9ABC-5E4A0B75EE33@donato.cl> Message-ID: <03215093-ec00-3f0c-66a0-dd71fd20c9c8@replies.cyways.com> Don't know anything about CPanel, but if your SMTP servers use the popular Mail Delivery Agent procmail, then you can write a "recipe" and put it in /etc/procmailrc that will look for "{Spam?}" in the Subject line and route the offending message to /home/$USER/mail/likely-spam or wherever you prefer. Something like this (untested): # File: /etc/procmailrc # route all mail with "{Spam?}" header to user's spam box :0: * ^Subject:.*\{Spam $HOME/mail/likely-spam The message is scanned by root but delivered, I believe, to the recipient's spam folder (here in mbox format). See "man procmailrc" and especially "man procmailex" for examples. Peter On 12/15/20 4:36 PM, Donato Pisani wrote: > Hello everyone, > > I hope you are fine. > > I am having some problems with mailscanner inside a server with cPanel. > > Mailscanner adds the message "{Spam?}" to the subject of the message and leaves it in inbox, I know that with a filter in each account generated by cPanel I can make it send to another folder if the subject contains that phrase, but it becomes unsustainable when there are too many accounts on the server. > > Is there a way to filter globally for existing and new domains? > > Thank you a lot for your time and help! > > From mark at msapiro.net Wed Dec 16 23:41:26 2020 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 16 Dec 2020 15:41:26 -0800 Subject: mailscanner not using all anti virus software In-Reply-To: <01a301d6d2a5$0fc76190$2f5624b0$@gmail.com> References: <01a301d6d2a5$0fc76190$2f5624b0$@gmail.com> Message-ID: <9f8cb3b0-7da1-21ef-df2b-d7188cad0503@msapiro.net> On 12/14/20 9:42 PM, dannyjohn93 at gmail.com wrote: > > */etc/MailScanner/MailScanner.conf* > > [snip] > > Virus Scanners = avg esets clamd Sophos ... > *New cluster?s /etc/MailScanner/MailScanner.conf* > > [snip] > > Virus Scanners = clamd Sophos ... > *New Cluster Lint.* > > [root ?~]# MailScanner --lint 2>&1 | tee out > > Trying to setlogsock(unix) > > ? > > Reading configuration file /etc/MailScanner/MailScanner.conf > > Reading configuration file /etc/MailScanner/conf.d/00_mailwatch.conf > > Reading configuration file /etc/MailScanner/conf.d/00_mw-install-script.conf > > Reading configuration file /etc/MailScanner/conf.d/README ... > MailScanner.conf says "Virus Scanners = clamd" So you have Virus Scanners = clamd Sophos in MailScanner.conf, yet lint says MailScanner.conf says "Virus Scanners = clamd" Is Virus Scanners overridden in any of the /etc/MailScanner.conf.d/ files? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Thu Dec 17 00:29:53 2020 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 16 Dec 2020 16:29:53 -0800 Subject: Mailscanner on cPanel, send spam to spam/junk folder globally In-Reply-To: <287FF05C-4F47-4407-9ABC-5E4A0B75EE33@donato.cl> References: <287FF05C-4F47-4407-9ABC-5E4A0B75EE33@donato.cl> Message-ID: <5b820819-271f-9f3f-1189-d1e5dd86199b@msapiro.net> On 12/15/20 1:36 PM, Donato Pisani wrote: > Hello everyone, > > I hope you are fine. > > I am having some problems with mailscanner inside a server with cPanel. > > Mailscanner adds the message "{Spam?}" to the subject of the message and leaves it in inbox, I know that with a filter in each account generated by cPanel I can make it send to another folder if the subject contains that phrase, but it becomes unsustainable when there are too many accounts on the server. > > Is there a way to filter globally for existing and new domains? See and You want these to include `store` and not include `deliver`. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Thu Dec 17 00:47:48 2020 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 16 Dec 2020 16:47:48 -0800 Subject: Mailscanner on cPanel, send spam to spam/junk folder globally In-Reply-To: <5b820819-271f-9f3f-1189-d1e5dd86199b@msapiro.net> References: <287FF05C-4F47-4407-9ABC-5E4A0B75EE33@donato.cl> <5b820819-271f-9f3f-1189-d1e5dd86199b@msapiro.net> Message-ID: <489b12f1-a916-069a-1017-34d483bec76f@msapiro.net> On 12/16/20 4:29 PM, Mark Sapiro wrote: > On 12/15/20 1:36 PM, Donato Pisani wrote: >> Hello everyone, >> >> I hope you are fine. >> >> I am having some problems with mailscanner inside a server with cPanel. >> >> Mailscanner adds the message "{Spam?}" to the subject of the message and leaves it in inbox, I know that with a filter in each account generated by cPanel I can make it send to another folder if the subject contains that phrase, but it becomes unsustainable when there are too many accounts on the server. >> >> Is there a way to filter globally for existing and new domains? > > > See > and > > > You want these to include `store` and not include `deliver`. Maybe you also want `forward` if you want them sent to a different address -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From dannyjohn93 at gmail.com Thu Dec 17 03:37:20 2020 From: dannyjohn93 at gmail.com (dannyjohn93 at gmail.com) Date: Thu, 17 Dec 2020 14:37:20 +1100 Subject: mailscanner not using all anti virus software In-Reply-To: <9f8cb3b0-7da1-21ef-df2b-d7188cad0503@msapiro.net> References: <01a301d6d2a5$0fc76190$2f5624b0$@gmail.com> <9f8cb3b0-7da1-21ef-df2b-d7188cad0503@msapiro.net> Message-ID: <001a01d6d425$eed08610$cc719230$@gmail.com> Hello Mark, Yes it was been overwritten. MailWatch created the file /etc/MailScanner/conf.d/00_mw-install-script.conf: #Default config provided by mailwatch-install-script #Do NOT edit this file. It is auto generated. #Instead create your own config that arranged after this file in alphabetical order. Virus Scanners = clamd I have now overwritten by creating the file /etc/MailScanner/conf.d/ 01_local.conf: Virus Scanners = auto MailScanner is now working as expected; thank you. Regards, Danny