From jmgorro at menshen.es Tue Aug 2 08:17:16 2022 From: jmgorro at menshen.es (Josep Maria Gorro) Date: Tue, 2 Aug 2022 08:17:16 +0000 Subject: Allow mails with no sender Message-ID: <80dc1fffb8b24f48b3f31c5d5e8ad687@menshen.es> Hello. Could it be possible to allow mails with "from=<>" based on ruleset? I would allow internally created mails but still checking external ones. Thanks a lot. -- Este mensaje ha sido analizado por MailScanner en busca de virus y otros contenidos peligrosos, y se considera que est? limpio. -------------- next part -------------- An HTML attachment was scrubbed... URL: From shawniverson at summitgrid.com Tue Aug 2 22:01:40 2022 From: shawniverson at summitgrid.com (Shawn Iverson) Date: Tue, 2 Aug 2022 18:01:40 -0400 Subject: Allow mails with no sender In-Reply-To: <80dc1fffb8b24f48b3f31c5d5e8ad687@menshen.es> References: <80dc1fffb8b24f48b3f31c5d5e8ad687@menshen.es> Message-ID: <3751ee0a-53d6-e7e8-a66a-8acb60e5ece6@summitgrid.com> Yes, it can be a ruleset # Do you want to check watermarks? # This can also be the filename of a ruleset. Check Watermarks With No Sender = yes On 8/2/22 04:17, Josep Maria Gorro wrote: > > *External: This message originated from outside SummitGrid. Use > caution when following links or opening attachments.* > > Hello. > > Could it be possible to allow mails with ?from=<>? based on ruleset? I > would allow internally created mails but still checking external ones. > > Thanks a lot. > > > -- > Este mensaje ha sido analizado por *MailScanner* > > en busca de virus y otros contenidos peligrosos, > y se considera que est? limpio. > -- > This message has been scanned for viruses and > dangerous content and is believed to be clean. If this message is > spam, you can report in the next 3 days by clicking > http://smtp.summitgrid.org/mailscanner/eFa-learn.php?mid=4Ly0lQ3m0sz6hDw&r=0ff8190636927ef3f64d > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ricky.boone at gmail.com Tue Aug 23 18:34:51 2022 From: ricky.boone at gmail.com (Ricky Boone) Date: Tue, 23 Aug 2022 14:34:51 -0400 Subject: "Spam Actions" setting containing attachment and deliver not encapsulating message Message-ID: I'm troubleshooting an issue with a setting change we're trying to test in our environment to provide users with notifications that a message was flagged as spam, and why, as well as to attach the original message to that notification. Based on the configuration docs and previous conversations, this should be handled by including 'attachment' in the Spam Actions setting (though some references note 'attachment' along with 'deliver'). What I'm seeing, however, is that it is not behaving as described. When the rule only includes 'attachment', no message is fully delivered. When it includes 'attachment' and 'deliver' (regardless of order, understanding that it shouldn't matter), I get the message with the '{Spam?}' subject prefix, but otherwise not encapsulated and not including a notification message. When attempting with 'attachment' and 'notify', I only get the notification, and if 'attachment', 'deliver', and 'notify' are included, I get both the non-encapsulated spam message and the notification without an attachment. Prior to opening an issue in the GitHub project, I just want to be sure I'm not doing something incorrectly. For reference, I'm currently running MailScanner 5.3.3 (aware that there are newer versions, but none that appear to be relevant to address this issue based on the changelog) on CentOS 7 with postfix as the MTA, along with MailWatch 1.2.15. Spam Actions points to a custom rules file with a default (FromOrTo) action set to 'store notify header "X-Spam-Status: Yes"', but I have a To email address for testing with 'store attachment deliver header "X-Spam-Status: Yes"' (though I've tried this without deliver, removing store and header, with notify, etc.). The logs seem to reflect my settings, depending on what I've saved and reloaded. For example, if I have attachment and deliver set, I see this in the logs: Aug 23 14:03:37 MailScanner[24433]: Delivery of spam: message 0BD1220625B0.AB434 from [removed] to [removed] with subject Re: Test message Aug 23 14:03:37 MailScanner[24433]: Spam Actions: message 0BD1220625B0.AB434 actions are attachment,store,deliver,header Aug 23 14:03:39 MailScanner[24433]: Requeue: 0BD1220625B0.AB434 to E965720625AA And if I have only attachment set: Aug 23 11:57:15 MailScanner[22466]: Non-delivery of spam: message 8225F206258E.AB9CA from [removed] to [removed] with subject Test message Aug 23 11:57:15 MailScanner[22466]: Spam Actions: message 8225F206258E.AB9CA actions are attachment,store,header -------------- next part -------------- An HTML attachment was scrubbed... URL: From shawniverson at summitgrid.com Tue Aug 23 20:22:21 2022 From: shawniverson at summitgrid.com (Shawn Iverson) Date: Tue, 23 Aug 2022 16:22:21 -0400 Subject: "Spam Actions" setting containing attachment and deliver not encapsulating message In-Reply-To: References: Message-ID: <8372a21e-7d12-62fe-dde0-20ba1cbafbf2@summitgrid.com> That doesn't seem desirable. This should be reproduceable,? so give me some time to lab this up and see what I can find out. It wouldn't be the first time we've found interesting things lurking in the perl mines. On 8/23/22 14:34, Ricky Boone wrote: > > *Warning: This message originated from outside the organization. Use > caution when following links or opening attachments.* > > I'm troubleshooting an issue with a setting change we're trying to > test in our environment to provide users with notifications that a > message was flagged as spam, and why, as well as to attach the > original message to that notification. > > Based on the configuration docs and previous conversations, this > should be handled by including 'attachment' in the Spam Actions > setting (though some references note 'attachment' along with > 'deliver').? What I'm seeing, however, is that it is not behaving as > described.? When the rule only includes 'attachment', no message is > fully delivered.? When it includes 'attachment' and 'deliver' > (regardless of order, understanding that it shouldn't matter), I get > the message with the '{Spam?}' subject prefix, but otherwise not > encapsulated and not including a notification message.? When > attempting with 'attachment' and 'notify', I only get the > notification, and if 'attachment', 'deliver', and 'notify' are > included, I get both the non-encapsulated spam message and the > notification without an attachment. > > Prior to opening an issue in the GitHub project, I just want to be > sure I'm not doing something incorrectly. > > For reference, I'm currently running MailScanner 5.3.3 (aware that > there are newer versions, but none that appear to be relevant to > address this issue based on the changelog) on CentOS 7 with postfix as > the MTA, along with MailWatch 1.2.15.? Spam Actions points to a custom > rules file with a default (FromOrTo) action set to 'store notify > header "X-Spam-Status: Yes"', but I have a To email address for > testing with 'store attachment deliver header "X-Spam-Status: Yes"' > (though I've tried this without deliver, removing store and header, > with notify, etc.). > > The logs seem to reflect my settings, depending on what I've saved and > reloaded.? For example, if I have attachment and deliver set, I see > this in the logs: > > Aug 23 14:03:37 MailScanner[24433]: Delivery of spam: message > 0BD1220625B0.AB434 from [removed] to [removed]?with subject Re: Test > message > Aug 23 14:03:37 MailScanner[24433]: Spam Actions: message > 0BD1220625B0.AB434 actions are attachment,store,deliver,header > Aug 23 14:03:39 MailScanner[24433]: Requeue: 0BD1220625B0.AB434 to > E965720625AA > > And if I have only attachment set: > > Aug 23 11:57:15 MailScanner[22466]: Non-delivery of spam: message > 8225F206258E.AB9CA from [removed]?to?[removed]?with subject Test message > Aug 23 11:57:15 MailScanner[22466]: Spam Actions: message > 8225F206258E.AB9CA actions are attachment,store,header > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From gabriel.guntin at unq.edu.ar Tue Aug 16 13:19:02 2022 From: gabriel.guntin at unq.edu.ar (gabriel.guntin at unq.edu.ar) Date: Tue, 16 Aug 2022 10:19:02 -0300 Subject: MCP not working Message-ID: Hi, I'm testing MailScanner v5.4.4-1 on Debian 11 and I'm having problems using MCP. I can enable it and create rules to test it, but content analysis doesn't seem to be done. In the syslog I don't see errors. There are only entries like these: Aug 12 21:36:07 ars-antispam3 MailScanner[2574]: MCP Checks: Starting Aug 12 21:38:28 ars-antispam3 MailScanner[4072]: MCP Checks: Starting Aug 12 21:39:41 ars-antispam3 MailScanner[4072]: MCP Checks: Starting I also tested on Debian 10 and with the old version of MailScanner 5.4.3-2, but that didn't work either. On the other hand, I have a MailScanner v5.1.3-2 installation working in production on Debian 9 and with MCP working fine. Any suggestion? Thanks. Gabriel Guntin. -------------- next part -------------- An HTML attachment was scrubbed... URL: From shawniverson at summitgrid.com Sat Aug 27 21:55:33 2022 From: shawniverson at summitgrid.com (Shawn Iverson) Date: Sat, 27 Aug 2022 17:55:33 -0400 Subject: MCP not working In-Reply-To: References: Message-ID: <95e65f69-4faa-e160-4a77-8a746c3df949@summitgrid.com> Did you symlink your spamassassin configs and pre files to /etc/MailScanner/mcp? On 8/16/22 09:19, gabriel.guntin at unq.edu.ar wrote: > Hi, I'm testing MailScanner v5.4.4-1 on Debian 11 and I'm having > problems using MCP. I can enable it and create rules to test it, but > content analysis doesn't seem to be done. In the syslog I don't see > errors. There are only entries like these: Aug 12 21:36:07 > ars-antispam3 MailScanner[2574]: MCP Checks: Starting Aug 12 21:38:28 > ars-antispam3 MailScanner[4072]: MCP Checks: Starting Aug 12 21:39:41 > ars-antispam3 MailScanner[4072]: MCP Checks: Starting I also tested on > Debian 10 and with the old version of MailScanner 5.4.3-2, but that > didn't work either. On the other hand, I have a MailScanner v5.1.3-2 > installation working in production on Debian 9 and with MCP working > fine. Any suggestion? Thanks. > > Gabriel Guntin. > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ricky.boone at gmail.com Tue Aug 30 12:50:12 2022 From: ricky.boone at gmail.com (Ricky Boone) Date: Tue, 30 Aug 2022 08:50:12 -0400 Subject: "Spam Actions" setting containing attachment and deliver not encapsulating message In-Reply-To: <8372a21e-7d12-62fe-dde0-20ba1cbafbf2@summitgrid.com> References: <8372a21e-7d12-62fe-dde0-20ba1cbafbf2@summitgrid.com> Message-ID: Thank you, Shawn, for the quick response. If there's anything I can do to help with either the research and/or troubleshooting around this, please let me know. I am by no means a competent Perl dev, but my management is very interested in getting this working properly (not meaning to add any pressure or assume expectations), and I'm a bit stuck at the moment. On Tue, Aug 23, 2022 at 4:22 PM Shawn Iverson via MailScanner < mailscanner at lists.mailscanner.info> wrote: > That doesn't seem desirable. This should be reproduceable, so give me > some time to lab this up and see what I can find out. It wouldn't be the > first time we've found interesting things lurking in the perl mines. > On 8/23/22 14:34, Ricky Boone wrote: > > *Warning: This message originated from outside the organization. Use > caution when following links or opening attachments.* > I'm troubleshooting an issue with a setting change we're trying to test in > our environment to provide users with notifications that a message was > flagged as spam, and why, as well as to attach the original message to that > notification. > > Based on the configuration docs and previous conversations, this should be > handled by including 'attachment' in the Spam Actions setting (though some > references note 'attachment' along with 'deliver'). What I'm seeing, > however, is that it is not behaving as described. When the rule only > includes 'attachment', no message is fully delivered. When it includes > 'attachment' and 'deliver' (regardless of order, understanding that it > shouldn't matter), I get the message with the '{Spam?}' subject prefix, but > otherwise not encapsulated and not including a notification message. When > attempting with 'attachment' and 'notify', I only get the notification, and > if 'attachment', 'deliver', and 'notify' are included, I get both the > non-encapsulated spam message and the notification without an attachment. > > Prior to opening an issue in the GitHub project, I just want to be sure > I'm not doing something incorrectly. > > For reference, I'm currently running MailScanner 5.3.3 (aware that there > are newer versions, but none that appear to be relevant to address this > issue based on the changelog) on CentOS 7 with postfix as the MTA, along > with MailWatch 1.2.15. Spam Actions points to a custom rules file with a > default (FromOrTo) action set to 'store notify header "X-Spam-Status: > Yes"', but I have a To email address for testing with 'store attachment > deliver header "X-Spam-Status: Yes"' (though I've tried this without > deliver, removing store and header, with notify, etc.). > > The logs seem to reflect my settings, depending on what I've saved and > reloaded. For example, if I have attachment and deliver set, I see this in > the logs: > > Aug 23 14:03:37 MailScanner[24433]: Delivery of spam: message > 0BD1220625B0.AB434 from [removed] to [removed] with subject Re: Test message > Aug 23 14:03:37 MailScanner[24433]: Spam Actions: message > 0BD1220625B0.AB434 actions are attachment,store,deliver,header > Aug 23 14:03:39 MailScanner[24433]: Requeue: 0BD1220625B0.AB434 to > E965720625AA > > And if I have only attachment set: > > Aug 23 11:57:15 MailScanner[22466]: Non-delivery of spam: message > 8225F206258E.AB9CA from [removed] to [removed] with subject Test message > Aug 23 11:57:15 MailScanner[22466]: Spam Actions: message > 8225F206258E.AB9CA actions are attachment,store,header > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From gabriel.guntin at unq.edu.ar Wed Aug 31 12:53:56 2022 From: gabriel.guntin at unq.edu.ar (gabriel.guntin at unq.edu.ar) Date: Wed, 31 Aug 2022 09:53:56 -0300 Subject: {Spam?} Re: MCP not working In-Reply-To: <95e65f69-4faa-e160-4a77-8a746c3df949@summitgrid.com> References: <95e65f69-4faa-e160-4a77-8a746c3df949@summitgrid.com> Message-ID: <7aaa187bacc101c9b46e0dc7e75795a4@unq.edu.ar> There is a symlink created by the installer (/usr/sbin/ms-configure) and it is correct: /etc/mail/spamassassin/MailScanner.cf -> /etc/MailScanner/spamassassin.conf I found the spamassassin debian package was not installed by the installer. I checked this on my production server (Debian 9) and found it is installed... ( NECESSARY ?? ) Then I installed it manually and modified the new directory /etc/spamassassin to be a symlink pointing to /etc/mail/spammassassin ( like on my production server ) Restarted the services, and send some mails testing if mcp gets working, but not yet... Thanks. Gabriel. El 2022-08-27 18:55, Shawn Iverson via MailScanner escribi?: > Did you symlink your spamassassin configs and pre files to > /etc/MailScanner/mcp? > > On 8/16/22 09:19, gabriel.guntin at unq.edu.ar wrote: > >> Hi, I'm testing MailScanner v5.4.4-1 on Debian 11 and I'm having >> problems using MCP. I can enable it and create rules to test it, but >> content analysis doesn't seem to be done. >> >> In the syslog I don't see errors. There are only entries like these: >> >> Aug 12 21:36:07 ars-antispam3 MailScanner[2574]: MCP Checks: Starting >> Aug 12 21:38:28 ars-antispam3 MailScanner[4072]: MCP Checks: Starting >> Aug 12 21:39:41 ars-antispam3 MailScanner[4072]: MCP Checks: Starting >> >> I also tested on Debian 10 and with the old version of MailScanner >> 5.4.3-2, but that didn't work either. >> >> On the other hand, I have a MailScanner v5.1.3-2 installation working >> in production on Debian 9 and with MCP working fine. >> >> Any suggestion? >> >> Thanks. >> >> Gabriel Guntin. > > -- > Este mensaje ha sido analizado por el servidor antispam1.unq.edu.ar de > la Universidad Nacional de Quilmes > en busca de virus y otros contenidos peligrosos, y se considera que > est? limpio. -- Gabriel Guntin Jefe de Divisi?n de Gesti?n e Innovaci?n Tecnol?gica. ------------------------------------------------------------------ Departamento de Servicio T?cnico. Direcci?n de Servicios de Comunicaci?n Direcci?n General Comunicaci?n Secretaria General Universidad Nacional de Quilmes Tel: 4365-7100 Int. 5439 Roque Saenz Pe?a 352 - Bernal ------------------------------------------------------------------ El mensaje precedente es privado y en consecuencia confidencial y solamente para la/las direcciones electr?nicas y personas a las que esta dirigido. Si ha recibido este mensaje por error, no debe revelar, copiar, distribuir o usar su contenido. La transmisi?n err?nea del mensaje no implica la renuncia a la confidencialidad ni a ning?n otro derecho. Asimismo, esta oficina no se hace responsable por los cambios, omisiones, alteraciones y/o errores que pudiera sufrir el mensaje luego de ser enviado (Ley 25.164). -------------- next part -------------- An HTML attachment was scrubbed... URL: