From email at ace.net.au Tue Dec 7 06:55:37 2021 From: email at ace.net.au (Peter) Date: Tue, 07 Dec 2021 17:25:37 +1030 Subject: MailScanner reload with systemd Message-ID: <202112071725370251.265A2213@nx33.ace.net.au> Hi, Is there an equivalent to the "MailScanner reload" command for RHEL 8 systemd ? All I have found is "systemctl restart ms-sendmail.service" Regards From lists at fonant.com Tue Dec 7 15:25:17 2021 From: lists at fonant.com (Anthony Cartmell) Date: Tue, 07 Dec 2021 15:25:17 +0000 Subject: MailScanner reload with systemd In-Reply-To: <202112071725370251.265A2213@nx33.ace.net.au> References: <202112071725370251.265A2213@nx33.ace.net.au> Message-ID: <1638890697173.3365944039.2623903855@fonant.com> > Is there an equivalent to the "MailScanner reload" command for RHEL 8 > systemd ? > > All I have found is "systemctl restart ms-sendmail.service" Try "systemctl restart mailscanner" Anthony -- www.fonant.com - Quality web sites Tel. 01903 867 810 Fonant Ltd is registered in England and Wales, company No. 7006596 Registered office: Amelia House, Crescent Road, Worthing, West Sussex, BN11 1QR From pramod at mindspring.co.za Tue Dec 7 20:00:53 2021 From: pramod at mindspring.co.za (Pramod Daya) Date: Tue, 7 Dec 2021 20:00:53 +0000 Subject: Dangerous in-line attachments Message-ID: I'm getting links like this not getting picked up by Mailscanner (using a LibraEsva tester) [cid:image001.png at 01D7EBB5.E45D80E0] Pointing, as you can see, to a dodgy website (the one at bit.ly). I must be omitting some obvious setting that's allowing these through.. I would deeply appreciate some assistance on how to detect them, please. ___________________________________________________ Pramod Daya (CEO) M.Sc. Computer Science (U. of Oregon) Unit 5, Melomed Office Park Punters Way, Kenilworth Cape Town, South Africa 7708 www.mindspring.co.za [cid:image002.png at 01D7EBB5.E45D80E0] Work: +27 21 657 1780 Fax: +27 21 671 7599 Cell: +27 83 675 0367 pramod at mindspring.co.za -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 13125 bytes Desc: image001.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.png Type: image/png Size: 5989 bytes Desc: image002.png URL: From email at ace.net.au Wed Dec 8 06:59:09 2021 From: email at ace.net.au (Peter) Date: Wed, 08 Dec 2021 17:29:09 +1030 Subject: Not including %org-name% Message-ID: <202112081729090146.2B83ADD0@nx33.ace.net.au> Hi, MailScanner 5.4.3 on RHEl 8 with Sendmail. I have run a few tests, and the variable %org-name% is only included from my /conf.d/myconf file if I delete or comment out the variable in the original MailScanner.conf file. I have noticed a few posts on the forum feature "X-yoursite-MailScanner" in the header suggesting that it didn't work for them either, though they may not have tried to configure it. Not a major issue, except edits in the original file will get overwritten in updates. This is my first time installing MS for years, it's still a brilliant program - thanks to those that keep it going. Cheers, Peter From belle at bazuin.nl Wed Dec 8 08:29:37 2021 From: belle at bazuin.nl (=?windows-1252?Q?L.P.H._van_Belle?=) Date: Wed, 8 Dec 2021 09:29:37 +0100 Subject: Dangerous in-line attachments In-Reply-To: References: Message-ID: bit.ly is a "url shorter service" the phishing.bad.sites.conf.master.? file has a link with a typo i think. that shows bit.ly.? ( with the last dot )? ? you can add it in :? phishing.bad.sites.custom Then its in again. Greetz, Louis Van: MailScanner [mailto:mailscanner-bounces+belle=bazuin.nl at lists.mailscanner.info] Namens Pramod Daya via MailScanner Verzonden: dinsdag 7 december 2021 21:01 Aan: mailscanner at lists.mailscanner.info CC: Pramod Daya Onderwerp: Dangerous in-line attachments I?m getting links like this not getting picked up by Mailscanner ?(using a LibraEsva tester) ? ? ? Pointing, as you can see, to a dodgy website (the one at bit.ly). ? I must be omitting some obvious setting that?s ?allowing these through..? I would deeply appreciate some assistance on how to detect them, please. ? ___________________________________________________ Pramod Daya (CEO) M.Sc. Computer Science (U. of Oregon) Unit 5, Melomed Office Park Punters Way, Kenilworth Cape Town, South Africa 7708 www.mindspring.co.za ??????????? Work: ?+27 21?657 1780 Fax:? +27 21?671 7599 ? Cell:? +27 83 675 0367 pramod at mindspring.co.za ? ? -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 13125 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.png Type: image/png Size: 5989 bytes Desc: not available URL: From shawniverson at summitgrid.com Wed Dec 8 13:33:55 2021 From: shawniverson at summitgrid.com (Shawn Iverson) Date: Wed, 8 Dec 2021 08:33:55 -0500 Subject: Not including %org-name% In-Reply-To: <202112081729090146.2B83ADD0@nx33.ace.net.au> References: <202112081729090146.2B83ADD0@nx33.ace.net.au> Message-ID: <159b9312-f13a-c93d-fb55-da010c696c03@summitgrid.com> Opened an issue for this one. I think it should be fixed. https://github.com/MailScanner/v5/issues/578 On 12/8/21 1:59 AM, Peter wrote: > Hi, > > MailScanner 5.4.3 on RHEl 8 with Sendmail. > > I have run a few tests, and the variable %org-name% is only included from > my /conf.d/myconf file if I delete or comment out the variable in the > original MailScanner.conf file. > > I have noticed a few posts on the forum feature "X-yoursite-MailScanner" in > the header suggesting that it didn't work for them either, though they may > not have tried to configure it. > > Not a major issue, except edits in the original file will get overwritten > in updates. > > This is my first time installing MS for years, it's still a brilliant > program - thanks to those that keep it going. > > Cheers, > > Peter > > > > From belle at bazuin.nl Wed Dec 8 13:51:58 2021 From: belle at bazuin.nl (=?windows-1252?Q?L.P.H._van_Belle?=) Date: Wed, 8 Dec 2021 14:51:58 +0100 Subject: Not including %org-name% In-Reply-To: <159b9312-f13a-c93d-fb55-da010c696c03@summitgrid.com> References: <202112081729090146.2B83ADD0@nx33.ace.net.au> Message-ID: Really? I've not seen that problem at the moment. I'll check the header in this mail when it arives the list. But so far i have not seen any "yoursite" in my email headers. No, its not commented out. Im running: MailWatch Version: 1.2.15 Operating System Version: Debian GNU/Linux 10 (buster) Postfix Version: 3.4.14 MailScanner Version: 5.3.4 ClamAV Version: 0.103.3 SpamAssassin Version: 3.4.2 PHP Version: 7.3.31-1~deb10u1 MySQL Version: 10.3.31-MariaDB-0+deb10u1 > -----Oorspronkelijk bericht----- > Van: MailScanner > [mailto:mailscanner-bounces+belle=bazuin.nl at lists.mailscanner. > info] Namens Shawn Iverson via MailScanner > Verzonden: woensdag 8 december 2021 14:34 > Aan: mailscanner at lists.mailscanner.info > CC: Shawn Iverson > Onderwerp: Re: Not including %org-name% > > Opened an issue for this one. I think it should be fixed. > > https://github.com/MailScanner/v5/issues/578 > > On 12/8/21 1:59 AM, Peter wrote: > > Hi, > > > > MailScanner 5.4.3 on RHEl 8 with Sendmail. > > > > I have run a few tests, and the variable %org-name% is only > included from > > my /conf.d/myconf file if I delete or comment out the > variable in the > > original MailScanner.conf file. > > > > I have noticed a few posts on the forum feature > "X-yoursite-MailScanner" in > > the header suggesting that it didn't work for them either, > though they may > > not have tried to configure it. > > > > Not a major issue, except edits in the original file will > get overwritten > > in updates. > > > > This is my first time installing MS for years, it's still a > brilliant > > program - thanks to those that keep it going. > > > > Cheers, > > > > Peter > > > > > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From email at ace.net.au Wed Dec 8 14:08:33 2021 From: email at ace.net.au (Peter) Date: Thu, 09 Dec 2021 00:38:33 +1030 Subject: Not including %org-name% In-Reply-To: References: <202112081729090146.2B83ADD0@nx33.ace.net.au> Message-ID: <202112090038330714.2D0CCDD3@nx33.ace.net.au> I was surprised, tried quite a few times to make it work, but the entry in the main file took precedence. For confirmation I just uncommented it in the main file, and a test shows it going staright back to "yoursite". X-yoursite-MailScanner-Information: Please contact the ISP for more information X-yoursite-MailScanner-ID: 1B8E2tG8008638 X-yoursite-MailScanner: Found to be clean X-yoursite-MailScanner-SpamCheck: not spam (whitelisted), Regards. *********** REPLY SEPARATOR *********** On 8/12/2021 at 2:51 PM L.P.H. van Belle via MailScanner wrote: >Really? > >I've not seen that problem at the moment. >I'll check the header in this mail when it arives the list. >But so far i have not seen any "yoursite" in my email headers. >No, its not commented out. > >Im running: >MailWatch Version: 1.2.15 >Operating System Version: Debian GNU/Linux 10 (buster) >Postfix Version: 3.4.14 >MailScanner Version: 5.3.4 >ClamAV Version: 0.103.3 >SpamAssassin Version: 3.4.2 >PHP Version: 7.3.31-1~deb10u1 >MySQL Version: 10.3.31-MariaDB-0+deb10u1 > > > > >> -----Oorspronkelijk bericht----- >> Van: MailScanner >> [mailto:mailscanner-bounces+belle=bazuin.nl at lists.mailscanner. >> info] Namens Shawn Iverson via MailScanner >> Verzonden: woensdag 8 december 2021 14:34 >> Aan: mailscanner at lists.mailscanner.info >> CC: Shawn Iverson >> Onderwerp: Re: Not including %org-name% >> >> Opened an issue for this one. I think it should be fixed. >> >> https://github.com/MailScanner/v5/issues/578 >> >> On 12/8/21 1:59 AM, Peter wrote: >> > Hi, >> > >> > MailScanner 5.4.3 on RHEl 8 with Sendmail. >> > >> > I have run a few tests, and the variable %org-name% is only >> included from >> > my /conf.d/myconf file if I delete or comment out the >> variable in the >> > original MailScanner.conf file. >> > >> > I have noticed a few posts on the forum feature >> "X-yoursite-MailScanner" in >> > the header suggesting that it didn't work for them either, >> though they may >> > not have tried to configure it. >> > >> > Not a major issue, except edits in the original file will >> get overwritten >> > in updates. >> > >> > This is my first time installing MS for years, it's still a >> brilliant >> > program - thanks to those that keep it going. >> > >> > Cheers, >> > >> > Peter >> > >> > >> > >> > >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > > >-- >MailScanner mailing list >mailscanner at lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. From mark at msapiro.net Wed Dec 8 16:59:39 2021 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 8 Dec 2021 08:59:39 -0800 Subject: Not including %org-name% In-Reply-To: <202112081729090146.2B83ADD0@nx33.ace.net.au> References: <202112081729090146.2B83ADD0@nx33.ace.net.au> Message-ID: On 12/7/21 10:59 PM, Peter wrote: > > I have run a few tests, and the variable %org-name% is only included from > my /conf.d/myconf file if I delete or comment out the variable in the > original MailScanner.conf file. The %org-name% setting in your conf.d/myconf file is effective but it doesn't change all the other MailScanner.conf settings that depend on it. I.e., Spam-Virus Header = X-%org-name%-MailScanner-SpamVirus-Report: Mail Header = X-%org-name%-MailScanner: Spam Header = X-%org-name%-MailScanner-SpamCheck: Spam Score Header = X-%org-name%-MailScanner-SpamScore: Information Header = X-%org-name%-MailScanner-Information: Envelope From Header = X-%org-name%-MailScanner-From: Envelope To Header = X-%org-name%-MailScanner-To: ID Header = X-%org-name%-MailScanner-ID: IP Protocol Version Header = # X-%org-name%-MailScanner-IP-Protocol: Hostname = The %org-name% ($HOSTNAME) MailScanner Attachment Warning Filename = %org-name%-Attachment-Warning.txt Watermark Secret = %org-name%-Secret Watermark Header = X-%org-name%-MailScanner-Watermark: MCP Header = X-%org-name%-MailScanner-MCPCheck: As it says at the top of MailScanner.conf # However, if you are changing some variable definition which is used # in other definitions in this file such as %org-name% in the first # example below, you must also either change it in this file or copy # all the definitions that use that variable into your own file. > Not a major issue, except edits in the original file will get overwritten > in updates. No they don't. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Wed Dec 8 17:02:01 2021 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 8 Dec 2021 09:02:01 -0800 Subject: Not including %org-name% In-Reply-To: References: <202112081729090146.2B83ADD0@nx33.ace.net.au> Message-ID: On 12/8/21 8:59 AM, Mark Sapiro wrote: > On 12/7/21 10:59 PM, Peter wrote: > >> Not a major issue, except edits in the original file will get overwritten >> in updates. > > No they don't. At least they don't for me when updating Ubuntu via the .deb file. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From email at ace.net.au Thu Dec 9 06:05:12 2021 From: email at ace.net.au (Peter) Date: Thu, 09 Dec 2021 16:35:12 +1030 Subject: Not including %org-name% In-Reply-To: References: <202112081729090146.2B83ADD0@nx33.ace.net.au> Message-ID: <202112091635120386.3078A363@nx33.ace.net.au> Thanks for investigating. ># However, if you are changing some variable definition which is used I take this to mean if you redefine the defnition, not the actual variable. Example you might define it to be a file possibly. There is no point in having a variable if it doesn't do anything. When I edited it in the original conf file, that change was reflected in all items in the header that I would expect to change. It's definitely a problem that the new conf file isn't overwriting that variable in the original file. With Rhel/Centos RPM updates, from memory if the the update creates an RPM-new file, but it's then a task to find the new stuff. A lot easier to just overwrite the original and leave tthe personal file to make the changes. This email doesn't go out through the new system, so it's not showing here. Cheers *********** REPLY SEPARATOR *********** On 8/12/2021 at 8:59 AM Mark Sapiro wrote: >On 12/7/21 10:59 PM, Peter wrote: >> >> I have run a few tests, and the variable %org-name% is only included from >> my /conf.d/myconf file if I delete or comment out the variable in the >> original MailScanner.conf file. > > >The %org-name% setting in your conf.d/myconf file is effective but it >doesn't change all the other MailScanner.conf settings that depend on >it. I.e., > >Spam-Virus Header = X-%org-name%-MailScanner-SpamVirus-Report: >Mail Header = X-%org-name%-MailScanner: >Spam Header = X-%org-name%-MailScanner-SpamCheck: >Spam Score Header = X-%org-name%-MailScanner-SpamScore: >Information Header = X-%org-name%-MailScanner-Information: >Envelope From Header = X-%org-name%-MailScanner-From: >Envelope To Header = X-%org-name%-MailScanner-To: >ID Header = X-%org-name%-MailScanner-ID: >IP Protocol Version Header = # X-%org-name%-MailScanner-IP-Protocol: >Hostname = The %org-name% ($HOSTNAME) MailScanner >Attachment Warning Filename = %org-name%-Attachment-Warning.txt >Watermark Secret = %org-name%-Secret >Watermark Header = X-%org-name%-MailScanner-Watermark: >MCP Header = X-%org-name%-MailScanner-MCPCheck: > >As it says at the top of MailScanner.conf > ># However, if you are changing some variable definition which is used ># in other definitions in this file such as %org-name% in the first ># example below, you must also either change it in this file or copy ># all the definitions that use that variable into your own file. > > >> Not a major issue, except edits in the original file will get overwritten >> in updates. > >No they don't. > >-- >Mark Sapiro The highway is for gamblers, >San Francisco Bay Area, California better use your sense - B. Dylan > > >-- >MailScanner mailing list >mailscanner at lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner From mark at msapiro.net Thu Dec 9 06:39:04 2021 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 8 Dec 2021 22:39:04 -0800 Subject: Not including %org-name% In-Reply-To: <202112091635120386.3078A363@nx33.ace.net.au> References: <202112081729090146.2B83ADD0@nx33.ace.net.au> <202112091635120386.3078A363@nx33.ace.net.au> Message-ID: <9df9c5d9-247b-3743-ab5b-fe24e0269a8f@msapiro.net> On 12/8/21 10:05 PM, Peter wrote: > Thanks for investigating. > >> # However, if you are changing some variable definition which is used > > I take this to mean if you redefine the defnition, not the actual variable. > Example you might define it to be a file possibly. It's a string. You could define it to be the name of a file but it would be literally that name, not the contents of the file. > There is no point in having a variable if it doesn't do anything. When I > edited it in the original conf file, that change was reflected in all items > in the header that I would expect to change. Yes, it's a variable, but it is defined in MailScanner.conf by %org-name% = yoursite Later definitions such as Spam-Virus Header = X-%org-name%-MailScanner-SpamVirus-Report: get expanded into Spam-Virus Header = X-yoursite-MailScanner-SpamVirus-Report: at the point of definition, not at the point of use. I understand you want the expansion to be deferred until all the conf.d files have been processed, but that's not the way it works. It works as documented. Arguably what you would want is better, but I don't think it's worth any significant effort to implement it at this point. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From email at ace.net.au Thu Dec 9 09:01:44 2021 From: email at ace.net.au (Peter) Date: Thu, 09 Dec 2021 19:31:44 +1030 Subject: Conf file oddity References: <202112091920480159.31103EF9@nx33.ace.net.au> Message-ID: <202112091931440345.311A4234@nx33.ace.net.au> My mistake, I just noticed prefork vs postfork. Longt day! Just an observation on the conf file # The number of milter children to use when using the prefork dispatcher # This setting is ignored when using the postfork dispatcher From email at ace.net.au Sat Dec 11 08:22:07 2021 From: email at ace.net.au (Peter) Date: Sat, 11 Dec 2021 18:52:07 +1030 Subject: Install without prompts Message-ID: <202112111852070061.3B42A6E3@nx33.ace.net.au> Is it possible to install MailScanner and bypass the prompts or feed the answers somehow? I am scripting building a server and it's a pain that I always have to come back and answer the questions about TNEF, cpan etc. then wait for another while mainly for the cpan stuff to happen. Which raises another question, is there a repo that has more of the required perl modules for RHEL 8? Cheers. From kenneth at khansen-it.dk Sat Dec 11 11:35:20 2021 From: kenneth at khansen-it.dk (Kenneth Hansen) Date: Sat, 11 Dec 2021 12:35:20 +0100 Subject: Install without prompts In-Reply-To: <202112111852070061.3B42A6E3@nx33.ace.net.au> References: <202112111852070061.3B42A6E3@nx33.ace.net.au> Message-ID: This is possible. I do it in the MailGuardian installation script. For RHEL-based distro, you Can see here: https://github.com/KHIT93/mailguardian/blob/baa9449ab93c5812185f2df4ea2a6c770533c010/installer/deps.py#L142 > Den 11. dec. 2021 kl. 09.22 skrev Peter : > > ?Is it possible to install MailScanner and bypass the prompts or feed the > answers somehow? > > I am scripting building a server and it's a pain that I always have to come > back and answer the questions about TNEF, cpan etc. then wait for another > while mainly for the cpan stuff to happen. > > Which raises another question, is there a repo that has more of the > required perl modules for RHEL 8? > > Cheers. > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From shawniverson at summitgrid.com Sat Dec 11 15:51:49 2021 From: shawniverson at summitgrid.com (Shawn Iverson) Date: Sat, 11 Dec 2021 10:51:49 -0500 Subject: Install without prompts In-Reply-To: <202112111852070061.3B42A6E3@nx33.ace.net.au> References: <202112111852070061.3B42A6E3@nx33.ace.net.au> Message-ID: <073d4a25-ee75-b177-bdaa-909e7130ea64@summitgrid.org> These are packaged for eFa but you can use them in your own MailScanner. rpm --import https://mirrors.efa-project.org/rpm/eFa4/RPM-GPG-KEY-eFa-Project curl -L https://mirrors.efa-project.org/rpm/eFa4/CentOS8/eFa4-centos8.repo -o /etc/yum.repos.d/eFa4.repo Perl builds available: perl-Business-ISBN-3.005-1.eFa.el8.noarch.rpm perl-Business-ISBN-Data-20191107-1.eFa.el8.noarch.rpm perl-Data-Dumper-Concise-2.023-1.eFa.el8.noarch.rpm perl-Data-IEEE754-0.02-1.eFa.el8.noarch.rpm perl-Data-Printer-0.40-1.eFa.el8.noarch.rpm perl-Encoding-FixLatin-1.04-1.eFa.el8.noarch.rpm perl-GeoIP2-Country-Reader-2.006002-1.eFa.el8.noarch.rpm perl-Inline-0.86-1.eFa.el8.noarch.rpm perl-IP-Country-2.28-1.eFa.el8.noarch.rpm perl-IP-Country-DB_File-3.03-1.eFa.el8.noarch.rpm perl-List-AllUtils-0.15-1.eFa.el8.noarch.rpm perl-List-SomeUtils-0.58-1.eFa.el8.noarch.rpm perl-List-SomeUtils-XS-0.58-1.eFa.el8.x86_64.rpm perl-List-UtilsBy-0.11-1.eFa.el8.noarch.rpm perl-Mail-IMAPClient-3.42-1.eFa.el8.noarch.rpm perl-Mail-SPF-Query-1.999.1-1.eFa.el8.noarch.rpm perl-Math-Int128-0.22-1.eFa.el8.x86_64.rpm perl-Math-Int64-0.54-1.eFa.el8.x86_64.rpm perl-MaxMind-DB-Metadata-0.040001-1.eFa.el8.noarch.rpm perl-MaxMind-DB-Reader-1.000014-1.eFa.el8.noarch.rpm perl-MaxMind-DB-Reader-XS-1.000008-1.eFa.el8.x86_64.rpm perl-Moo-2.003006-1.eFa.el8.noarch.rpm perl-MooX-StrictConstructor-0.010-1.eFa.el8.noarch.rpm perl-Net-DNS-1.25-1.eFa.el8.noarch.rpm perl-Net-DNS-Resolver-Programmable-0.009-1.eFa.el8.noarch.rpm perl-Net-Works-Network-0.22-1.eFa.el8.noarch.rpm perl-Role-Tiny-2.001004-1.eFa.el8.noarch.rpm perl-Scalar-List-Utils-1.53-1.eFa.el8.x86_64.rpm perl-Sendmail-PMilter-1.00-1.eFa.el8.noarch.rpm perl-Sub-Quote-2.006006-1.eFa.el8.noarch.rpm perl-Sys-Hostname-Long-1.5-1.eFa.el8.noarch.rpm perl-Sys-SigAction-0.23-1.eFa.el8.noarch.rpm perl-Test-Bits-0.02-1.eFa.el8.noarch.rpm On 12/11/21 3:22 AM, Peter wrote: > Is it possible to install MailScanner and bypass the prompts or feed the > answers somehow? > > I am scripting building a server and it's a pain that I always have to come > back and answer the questions about TNEF, cpan etc. then wait for another > while mainly for the cpan stuff to happen. > > Which raises another question, is there a repo that has more of the > required perl modules for RHEL 8? > > Cheers. > > > > From email at ace.net.au Sun Dec 12 00:55:38 2021 From: email at ace.net.au (Peter) Date: Sun, 12 Dec 2021 11:25:38 +1030 Subject: Install without prompts In-Reply-To: <073d4a25-ee75-b177-bdaa-909e7130ea64@summitgrid.org> References: <202112111852070061.3B42A6E3@nx33.ace.net.au> <073d4a25-ee75-b177-bdaa-909e7130ea64@summitgrid.org> Message-ID: <202112121125380319.3ED03C19@nx33.ace.net.au> Thanks, That works very well. Cheers. *********** REPLY SEPARATOR *********** On 11/12/2021 at 10:51 AM Shawn Iverson via MailScanner wrote: >These are packaged for eFa but you can use them in your own MailScanner. > >rpm --import >https://mirrors.efa-project.org/rpm/eFa4/RPM-GPG-KEY-eFa-Project > >curl -L >https://mirrors.efa-project.org/rpm/eFa4/CentOS8/eFa4-centos8.repo -o >/etc/yum.repos.d/eFa4.repo From pramod at mindspring.co.za Sun Dec 12 11:10:21 2021 From: pramod at mindspring.co.za (Pramod Daya) Date: Sun, 12 Dec 2021 11:10:21 +0000 Subject: Dangerous in-line attachments In-Reply-To: References: Message-ID: Thank you. I put "bit.ly" into the phishing.bad.sites.custom as per the docs - but perhaps the phishing.bad.sites.config is putting a subse quent incorrect entry for "bit.ly." which is overwriting my entry. From: MailScanner On Behalf Of L.P.H. van Belle via MailScanner Sent: Wednesday, 08 December 2021 10:30 To: MailScanner Discussion Cc: L.P.H. van Belle Subject: RE: Dangerous in-line attachments bit.ly is a "url shorter service" the phishing.bad.sites.conf.master. file has a link with a typo i think. that shows bit.ly. ( with the last dot ) you can add it in : phishing.bad.sites.custom Then its in again. Greetz, Louis ________________________________ Van: MailScanner [mailto:mailscanner-bounces+belle=bazuin.nl at lists.mailscanner.info] Namens Pramod Daya via MailScanner Verzonden: dinsdag 7 december 2021 21:01 Aan: mailscanner at lists.mailscanner.info CC: Pramod Daya Onderwerp: Dangerous in-line attachments I'm getting links like this not getting picked up by Mailscanner (using a LibraEsva tester) [cid:image001.png at 01D7EF57.BEC0F970] Pointing, as you can see, to a dodgy website (the one at bit.ly). I must be omitting some obvious setting that's allowing these through.. I would deeply appreciate some assistance on how to detect them, please. ___________________________________________________ Pramod Daya (CEO) M.Sc. Computer Science (U. of Oregon) Unit 5, Melomed Office Park Punters Way, Kenilworth Cape Town, South Africa 7708 www.mindspring.co.za [cid:image002.png at 01D7EF57.BEC0F970] Work: +27 21 657 1780 Fax: +27 21 671 7599 Cell: +27 83 675 0367 pramod at mindspring.co.za -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 13125 bytes Desc: image001.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.png Type: image/png Size: 5989 bytes Desc: image002.png URL: From mark at msapiro.net Sun Dec 12 17:55:06 2021 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 12 Dec 2021 09:55:06 -0800 Subject: Dangerous in-line attachments In-Reply-To: References: Message-ID: On 12/12/21 3:10 AM, Pramod Daya via MailScanner wrote: > Thank you.? I put ?bit.ly? into the phishing.bad.sites.custom as per the > docs ? but perhaps the phishing.bad.sites.config is putting a > subsequent incorrect entry for ?bit.ly.? which is overwriting > my entry. An entry for `bit.ly.` in any of the phishing.bad.sites* files would not override one for `bit.ly`. It's just another site to test for. Do you perhaps have an entry for `bit.ly` in phishing.safe.sites.custom? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From email at ace.net.au Sun Dec 12 23:01:21 2021 From: email at ace.net.au (Peter) Date: Mon, 13 Dec 2021 09:31:21 +1030 Subject: Moving queue files Message-ID: <202112130931210447.438DEE27@nx33.ace.net.au> Hi, Old versions of MS I used to be able to move queue files from eg spam folder to /var/spool/mqueue and the mail would then get picked up by sendmail without going through Mailscanner. Doing it with the current version of MS I get5 this: "bogus file uid/gid in mqueue" and the qf file gets changed to Qf and not processed. My old system used to rely on bayes and AWL to help get email across the spam line, at the moment neither of those appear to be working (yet) - though I have turned on Txrep instead of AWL. Rather than writing new rules each time I get a false positive, I need to be able to manually bypass MS for now and put my time into learning all the new stuff etc. Any helpeciated From shawniverson at summitgrid.com Sun Dec 12 23:06:15 2021 From: shawniverson at summitgrid.com (Shawn Iverson) Date: Sun, 12 Dec 2021 18:06:15 -0500 Subject: Moving queue files In-Reply-To: <202112130931210447.438DEE27@nx33.ace.net.au> References: <202112130931210447.438DEE27@nx33.ace.net.au> Message-ID: <8b803bef-44e9-2462-49fa-55cd528dfb54@summitgrid.org> Are you chown-ing your queue file to the correct uid/gid before dropping into /var/spool/mqueue? On 12/12/21 6:01 PM, Peter wrote: > Hi, > > Old versions of MS I used to be able to move queue files from eg spam > folder to /var/spool/mqueue and the mail would then get picked up by > sendmail without going through Mailscanner. > > Doing it with the current version of MS I get5 this: > "bogus file uid/gid in mqueue" and the qf file gets changed to Qf and not > processed. > > My old system used to rely on bayes and AWL to help get email across the > spam line, at the moment neither of those appear to be working (yet) - > though I have turned on Txrep instead of AWL. > > Rather than writing new rules each time I get a false positive, I need to > be able to manually bypass MS for now and put my time into learning all the > new stuff etc. > > Any helpeciated > > > > From email at ace.net.au Sun Dec 12 23:58:39 2021 From: email at ace.net.au (Peter) Date: Mon, 13 Dec 2021 10:28:39 +1030 Subject: Moving queue files In-Reply-To: <8b803bef-44e9-2462-49fa-55cd528dfb54@summitgrid.org> References: <202112130931210447.438DEE27@nx33.ace.net.au> <8b803bef-44e9-2462-49fa-55cd528dfb54@summitgrid.org> Message-ID: <202112131028390304.43C26128@nx33.ace.net.au> Aha! It pays to read the error properly! I am over tired from working on this stuff. Following your post I looked further, turns out it's a sendmail issue, not MS. I experimented and it needs chmod "600 qf*". The file is already owned by root which it needs. I am so glad this forum is still here after all these years. :) *********** REPLY SEPARATOR *********** On 12/12/2021 at 6:06 PM Shawn Iverson via MailScanner wrote: >Are you chown-ing your queue file to the correct uid/gid before dropping >into /var/spool/mqueue? > >On 12/12/21 6:01 PM, Peter wrote: >> Hi, >> >> Old versions of MS I used to be able to move queue files from eg spam >> folder to /var/spool/mqueue and the mail would then get picked up by >> sendmail without going through Mailscanner. >> >> Doing it with the current version of MS I get5 this: >> "bogus file uid/gid in mqueue" and the qf file gets changed to Qf and >not >> processed. >> >> My old system used to rely on bayes and AWL to help get email across the >> spam line, at the moment neither of those appear to be working (yet) - >> though I have turned on Txrep instead of AWL. >> >> Rather than writing new rules each time I get a false positive, I need to >> be able to manually bypass MS for now and put my time into learning all >the >> new stuff etc. >> >> Any helpeciated >> >> >> >> > > >-- >MailScanner mailing list >mailscanner at lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner From pramod at mindspring.co.za Mon Dec 13 11:25:09 2021 From: pramod at mindspring.co.za (Pramod Daya) Date: Mon, 13 Dec 2021 11:25:09 +0000 Subject: Dangerous in-line attachments In-Reply-To: References: Message-ID: No - only in phishing.bad.sites.conf and in phishing.bad.sites.custom. For good measure I cat "bit.ly" at the end of the phishing.bad.sites.conf file but it's still getting through. Any tips on how to debug with a test file, please ? -----Original Message----- From: MailScanner On Behalf Of Mark Sapiro Sent: Sunday, 12 December 2021 19:55 To: mailscanner at lists.mailscanner.info Subject: Re: Dangerous in-line attachments On 12/12/21 3:10 AM, Pramod Daya via MailScanner wrote: > Thank you.? I put ?bit.ly? into the phishing.bad.sites.custom as per > the docs ? but perhaps the phishing.bad.sites.config is putting a > subsequent incorrect entry for ?bit.ly.? which is overwriting my > entry. An entry for `bit.ly.` in any of the phishing.bad.sites* files would not override one for `bit.ly`. It's just another site to test for. Do you perhaps have an entry for `bit.ly` in phishing.safe.sites.custom? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From mark at msapiro.net Mon Dec 13 22:27:06 2021 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 13 Dec 2021 14:27:06 -0800 Subject: Dangerous in-line attachments In-Reply-To: References: Message-ID: On 12/13/21 3:25 AM, Pramod Daya via MailScanner wrote: > No - only in phishing.bad.sites.conf and in phishing.bad.sites.custom. > > For good measure I cat "bit.ly" at the end of the phishing.bad.sites.conf file but it's still getting through. There are two possibilities, but you've possibly already ruled out one. The first is that MailScanner doesn't read phishing.bad.sites.custom directly. It relies on the /usr/sbin/ms-update-phishing command being run periodically by cron to prepend phishing.bad.sites.custom to phishing.bad.sites.conf. This in turn relies on ms_cron_ps being set to 1 in /etc/MailScanner/defaults and the various hourly, daily, etc ms-cron jobs being run by cron. However, you put bit.ly directly in phishing.bad.sites.conf so assuming MailScanner's children got restarted between your adding it and the message not being disarmed, that's not the issue. The other issue is that phishing tags are only flagged and disarmed in HTML message parts. A bit.ly url in a plain text message or message part will never be flagged or disarmed. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From email at ace.net.au Tue Dec 14 03:27:54 2021 From: email at ace.net.au (Peter) Date: Tue, 14 Dec 2021 13:57:54 +1030 Subject: Install without prompts In-Reply-To: References: <202112111852070061.3B42A6E3@nx33.ace.net.au> Message-ID: <202112141357540146.49A84B7C@nx33.ace.net.au> Thanks, this was very helpful too. Cheers, >*********** REPLY SEPARATOR *********** > >On 11/12/2021 at 12:35 PM Kenneth Hansen via MailScanner wrote: >This is possible. I do it in the MailGuardian installation script. >For RHEL-based distro, you Can see here: >https://github.com/KHIT93/mailguardian/blob/baa9449ab93c5812185f2df4ea2a6c7 70533c010/installer/deps.py#L142 > > > > >Den 11. dec. 2021 kl. 09.22 skrev Peter : > > >?Is it possible to install MailScanner and bypass the prompts or feed the >answers somehow? > >I am scripting building a server and it's a pain that I always have to come >back and answer the questions about TNEF, cpan etc. then wait for another >while mainly for the cpan stuff to happen. From pramod at mindspring.co.za Wed Dec 15 10:02:01 2021 From: pramod at mindspring.co.za (Pramod Daya) Date: Wed, 15 Dec 2021 10:02:01 +0000 Subject: Dangerous in-line attachments In-Reply-To: References: Message-ID: Thanks, Mark. Frustratingly, the bit.ly links are just not getting picked up when embeded in HTML messages. -----Original Message----- From: MailScanner On Behalf Of Mark Sapiro Sent: Tuesday, 14 December 2021 00:27 To: mailscanner at lists.mailscanner.info Subject: Re: Dangerous in-line attachments On 12/13/21 3:25 AM, Pramod Daya via MailScanner wrote: > No - only in phishing.bad.sites.conf and in phishing.bad.sites.custom. > > For good measure I cat "bit.ly" at the end of the phishing.bad.sites.conf file but it's still getting through. There are two possibilities, but you've possibly already ruled out one. The first is that MailScanner doesn't read phishing.bad.sites.custom directly. It relies on the /usr/sbin/ms-update-phishing command being run periodically by cron to prepend phishing.bad.sites.custom to phishing.bad.sites.conf. This in turn relies on ms_cron_ps being set to 1 in /etc/MailScanner/defaults and the various hourly, daily, etc ms-cron jobs being run by cron. However, you put bit.ly directly in phishing.bad.sites.conf so assuming MailScanner's children got restarted between your adding it and the message not being disarmed, that's not the issue. The other issue is that phishing tags are only flagged and disarmed in HTML message parts. A bit.ly url in a plain text message or message part will never be flagged or disarmed. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From shawniverson at summitgrid.com Wed Dec 15 13:02:05 2021 From: shawniverson at summitgrid.com (Shawn Iverson) Date: Wed, 15 Dec 2021 08:02:05 -0500 Subject: Dangerous in-line attachments In-Reply-To: References: Message-ID: <947f28b7-7237-5b14-cebc-3cf6a6b99e0b@summitgrid.org> I'll run some tests see what happens. On 12/15/21 5:02 AM, Pramod Daya via MailScanner wrote: > Thanks, Mark. > > Frustratingly, the bit.ly links are just not getting picked up when embeded in HTML messages. > > From mark at msapiro.net Wed Dec 15 17:16:43 2021 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 15 Dec 2021 09:16:43 -0800 Subject: Dangerous in-line attachments In-Reply-To: References: Message-ID: <41acd56c-ad27-3102-dffe-2b22b01e8710@msapiro.net> On 12/15/21 2:02 AM, Pramod Daya via MailScanner wrote: > Thanks, Mark. > > Frustratingly, the bit.ly links are just not getting picked up when embeded in HTML messages. It works for me with MailScanner 5.4.3-1 Add `bit.ly` to /etc/MailScanner/phishing.bad.sites.custom run `sudo ms-update-phishing` run `sudo systemctl restart mailscanner` Send this raw message: ------------------------------------------------ To: mark at msapiro.net From: mark at msapiro.net Subject: A test MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="123456789" --123456789 Content-Type: text/plain A test with a http://bit.ly/junk URL. --123456789 Content-Type: text/html A test with a junk URL. --123456789-- ------------------------------------------------ These are logged Dec 15 09:05:18 msapiro MailScanner[60735]: Found definite phishing fraud from http://bit.ly/junk in 97D6F3403C0.A4591 Dec 15 09:05:18 msapiro MailScanner[58081]: Content Checks: Detected and have disarmed phishing tags in HTML message in 97D6F3403C0.A4591 from mark at msapiro.net and this is the delivered message ------------------------------------------------ From mark at msapiro.net Wed Dec 15 09:05:18 2021 Return-Path: X-Original-To: mark at msapiro.net Delivered-To: mark at msapiro.net Received: from localhost (localhost [127.0.0.1]) by msapiro.net (Postfix) with QMQP id BFE763403C6 for ; Wed, 15 Dec 2021 09:05:18 -0800 (PST) Received: from msapiro.net (localhost [127.0.0.1]) (no client certificate requested) by msapiro.net (MailScanner Milter) with SMTP id 97D6F3403C0 for ; Wed, 15 Dec 2021 09:05:10 -0800 (PST) To: mark at msapiro.net From: mark at msapiro.net Subject: {Disarmed} A test MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="123456789" Message-Id: <20211215170510.97D6F3403C0 at msapiro.net> Date: Wed, 15 Dec 2021 09:05:10 -0800 (PST) X-msapiro-MailScanner-ID: 97D6F3403C0.A4591 X-msapiro-MailScanner: Found to be clean X-msapiro-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=1.379, required 6, ALL_TRUSTED -1.00, NO_DNS_FOR_FROM 0.38, PDS_TINYSUBJ_URISHRT 1.00, SHORT_SHORTNER 1.00) X-msapiro-MailScanner-SpamScore: s X-msapiro-MailScanner-From: mark at msapiro.net X-Spam-Status: No --123456789 Content-Type: text/plain A test with a http://bit.ly/junk URL. --123456789 Content-Type: text/html A test with a MailScanner has detected definite fraud in the website at "bit.ly". Do not trust this website: junk URL. --123456789-- ------------------------------------------------ -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From pramod at mindspring.co.za Thu Dec 16 16:30:12 2021 From: pramod at mindspring.co.za (Pramod Daya) Date: Thu, 16 Dec 2021 16:30:12 +0000 Subject: Dangerous in-line attachments In-Reply-To: <41acd56c-ad27-3102-dffe-2b22b01e8710@msapiro.net> References: <41acd56c-ad27-3102-dffe-2b22b01e8710@msapiro.net> Message-ID: Na?ve question - I tend to stick with the stable versions (5.3.4-3 now...) - anything I should be worried about by migrating to 5.4.3-1 ? -----Original Message----- From: MailScanner On Behalf Of Mark Sapiro Sent: Wednesday, 15 December 2021 19:17 To: mailscanner at lists.mailscanner.info Subject: Re: Dangerous in-line attachments On 12/15/21 2:02 AM, Pramod Daya via MailScanner wrote: > Thanks, Mark. > > Frustratingly, the bit.ly links are just not getting picked up when embeded in HTML messages. It works for me with MailScanner 5.4.3-1 Add `bit.ly` to /etc/MailScanner/phishing.bad.sites.custom run `sudo ms-update-phishing` run `sudo systemctl restart mailscanner` Send this raw message: ------------------------------------------------ To: mark at msapiro.net From: mark at msapiro.net Subject: A test MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="123456789" --123456789 Content-Type: text/plain A test with a http://bit.ly/junk URL. --123456789 Content-Type: text/html A test with a junk URL. --123456789-- ------------------------------------------------ These are logged Dec 15 09:05:18 msapiro MailScanner[60735]: Found definite phishing fraud from http://bit.ly/junk in 97D6F3403C0.A4591 Dec 15 09:05:18 msapiro MailScanner[58081]: Content Checks: Detected and have disarmed phishing tags in HTML message in 97D6F3403C0.A4591 from mark at msapiro.net and this is the delivered message ------------------------------------------------ From mark at msapiro.net Wed Dec 15 09:05:18 2021 Return-Path: X-Original-To: mark at msapiro.net Delivered-To: mark at msapiro.net Received: from localhost (localhost [127.0.0.1]) by msapiro.net (Postfix) with QMQP id BFE763403C6 for ; Wed, 15 Dec 2021 09:05:18 -0800 (PST) Received: from msapiro.net (localhost [127.0.0.1]) (no client certificate requested) by msapiro.net (MailScanner Milter) with SMTP id 97D6F3403C0 for ; Wed, 15 Dec 2021 09:05:10 -0800 (PST) To: mark at msapiro.net From: mark at msapiro.net Subject: {Disarmed} A test MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="123456789" Message-Id: <20211215170510.97D6F3403C0 at msapiro.net> Date: Wed, 15 Dec 2021 09:05:10 -0800 (PST) X-msapiro-MailScanner-ID: 97D6F3403C0.A4591 X-msapiro-MailScanner: Found to be clean X-msapiro-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=1.379, required 6, ALL_TRUSTED -1.00, NO_DNS_FOR_FROM 0.38, PDS_TINYSUBJ_URISHRT 1.00, SHORT_SHORTNER 1.00) X-msapiro-MailScanner-SpamScore: s X-msapiro-MailScanner-From: mark at msapiro.net X-Spam-Status: No --123456789 Content-Type: text/plain A test with a http://bit.ly/junk URL. --123456789 Content-Type: text/html A test with a MailScanner has detected definite fraud in the website at "bit.ly". Do not trust this website: junk URL. --123456789-- ------------------------------------------------ -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From mark at msapiro.net Thu Dec 16 17:49:48 2021 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 16 Dec 2021 09:49:48 -0800 Subject: Dangerous in-line attachments In-Reply-To: References: <41acd56c-ad27-3102-dffe-2b22b01e8710@msapiro.net> Message-ID: On 12/16/21 8:30 AM, Pramod Daya via MailScanner wrote: > Na?ve question - I tend to stick with the stable versions (5.3.4-3 now...) - anything I should be worried about by migrating to 5.4.3-1 ? I don't think so, but if you're thinking that will solve your bit.ly issue, it won't. I'm sure my results would have been the same with 5.3.4-3. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mailscanner at barendse.to Thu Dec 30 15:58:21 2021 From: mailscanner at barendse.to (mailscanner at barendse.to) Date: Thu, 30 Dec 2021 16:58:21 +0100 (CET) Subject: Dangerous in-line attachments In-Reply-To: <41acd56c-ad27-3102-dffe-2b22b01e8710@msapiro.net> References: <41acd56c-ad27-3102-dffe-2b22b01e8710@msapiro.net> Message-ID: Is "ms-update-phishing" run automagically on a new installation? Or should I add an entry to crontab to run it? My /etc/MailScanner/phishing.bad.sites.conf is updated I think as it states # Built by Mailborder Systems # Build Time: Thu, 30 Dec 21 00:15:02 -0500 But the erroneous bit.ly. is still there Thanks! On Wed, 15 Dec 2021, Mark Sapiro wrote: > On 12/15/21 2:02 AM, Pramod Daya via MailScanner wrote: >> Thanks, Mark. >> >> Frustratingly, the bit.ly links are just not getting picked up when embeded >> in HTML messages. > > It works for me with MailScanner 5.4.3-1 > > Add `bit.ly` to /etc/MailScanner/phishing.bad.sites.custom > run `sudo ms-update-phishing` > run `sudo systemctl restart mailscanner` > > Send this raw message: > ------------------------------------------------ > To: mark at msapiro.net > From: mark at msapiro.net > Subject: A test > MIME-Version: 1.0 > Content-Type: multipart/alternative; boundary="123456789" > > --123456789 > Content-Type: text/plain > > A test with a http://bit.ly/junk URL. > --123456789 > Content-Type: text/html > > A test with a junk URL. > --123456789-- > ------------------------------------------------ > > These are logged > Dec 15 09:05:18 msapiro MailScanner[60735]: Found definite phishing fraud > from http://bit.ly/junk in 97D6F3403C0.A4591 > Dec 15 09:05:18 msapiro MailScanner[58081]: Content Checks: Detected and have > disarmed phishing tags in HTML message in 97D6F3403C0.A4591 from > mark at msapiro.net > > > and this is the delivered message > ------------------------------------------------ > From mark at msapiro.net Wed Dec 15 09:05:18 2021 > Return-Path: > X-Original-To: mark at msapiro.net > Delivered-To: mark at msapiro.net > Received: from localhost (localhost [127.0.0.1]) > by msapiro.net (Postfix) with QMQP id BFE763403C6 > for ; Wed, 15 Dec 2021 09:05:18 -0800 (PST) > Received: from msapiro.net (localhost [127.0.0.1]) > (no client certificate requested) > by msapiro.net (MailScanner Milter) with SMTP id 97D6F3403C0 > for ; Wed, 15 Dec 2021 09:05:10 -0800 (PST) > To: mark at msapiro.net > From: mark at msapiro.net > Subject: {Disarmed} A test > MIME-Version: 1.0 > Content-Type: multipart/alternative; boundary="123456789" > Message-Id: <20211215170510.97D6F3403C0 at msapiro.net> > Date: Wed, 15 Dec 2021 09:05:10 -0800 (PST) > X-msapiro-MailScanner-ID: 97D6F3403C0.A4591 > X-msapiro-MailScanner: Found to be clean > X-msapiro-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, > score=1.379, required 6, ALL_TRUSTED -1.00, NO_DNS_FOR_FROM 0.38, > PDS_TINYSUBJ_URISHRT 1.00, SHORT_SHORTNER 1.00) > X-msapiro-MailScanner-SpamScore: s > X-msapiro-MailScanner-From: mark at msapiro.net > X-Spam-Status: No > > --123456789 > Content-Type: text/plain > > A test with a http://bit.ly/junk URL. > --123456789 > Content-Type: text/html > > A test with a MailScanner > has detected definite fraud in the website at "bit.ly". Do not trust > this website: junk URL. > --123456789-- > ------------------------------------------------ > > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From mark at msapiro.net Fri Dec 31 03:44:09 2021 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 30 Dec 2021 19:44:09 -0800 Subject: Dangerous in-line attachments In-Reply-To: References: <41acd56c-ad27-3102-dffe-2b22b01e8710@msapiro.net> Message-ID: <404cfaa7-6764-4d0a-f135-3b6e66467115@msapiro.net> On 12/30/21 7:58 AM, mailscanner at barendse.to wrote: > Is "ms-update-phishing" run automagically on a new installation? Or > should I add an entry to crontab to run it? Installing MailScanner should install /etc/cron.hourly/mailscanner to run /usr/sbin/ms-cron HOURLY and /etc/cron.daily/mailscanner to run /usr/sbin/ms-cron DAILY and /usr/sbin/ms-cron MAINT These in turn rely on /etc/MailScanner/defaults to configure which HOURLY, DAILY and MAINT jobs are run. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan