Jerry Benton | 27 Feb 17:34 2015

v4.85.1-0 beta for SuSE

Tested on openSuSE 13.2. Same deal as with the RHEL installer. It will use Zypper to install as much as
possible and CPAN to remediate if you want to. Again, this is beta.

https://s3.amazonaws.com/mailscanner/release/v4/suse/MailScanner-4.85.1-0.suse-rpm.tar.gz

-
Jerry Benton
www.mailborder.com

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Jeremy McSpadden | 27 Feb 03:12 2015
Picon

Different SA scan results

What would cause an cli scan (spamassassin -D < msg) to have different results than mailscanner scan ?

via cli

Content analysis details:   (26.1 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 3.3 RCVD_IN_SBL_CSS        RBL: Received via a relay in Spamhaus SBL-CSS
                            [46.105.49.218 listed in zen.spamhaus.org]
 5.0 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
                            [URIs: karefon.eu]
 5.0 URIBL_DBL_SPAM         Contains a spam URL listed in the DBL blocklist
                            [URIs: karefon.eu]
-2.0 SPF_HELO_PASS          SPF: HELO matches SPF record
-0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 HTML_MESSAGE           BODY: HTML included in message
 1.5 BAYES_50               BODY: Bayes spam probability is 40 to 60%
                            [score: 0.4995]
 0.5 KAM_EU                 RAW: Prevalent use of .eu in spam/malware
 5.0 KAM_GRABBAG2           Grabbag of Spams hitting EU domains and other indicators
 0.8 RDNS_NONE              Delivered to internal network by a host with no rDNS
 2.0 HTML_OFF_PAGE          HTML element rendered well off the displayed page
 0.0 UNPARSEABLE_RELAY      Informational: message has unparseable relay lines
 5.0 KAM_VERY_BLACK_DBL     Email that hits both URIBL Black and Spamhaus DBL
 0.0 T_REMOTE_IMAGE         Message contains an external image


via ms
1.50
BAYES_50
Bayes spam probability is 40 to 60%
0.00
HTML_MESSAGE
HTML included in message
2.00
HTML_OFF_PAGE
HTML element rendered well off the displayed page
0.50
KAM_EU
Prevalent use of .eu in spam/malware
0.79
RDNS_NONE
Delivered to internal network by a host with no rDNS
-2.00
SPF_HELO_PASS
SPF: HELO matches SPF record
-0.00
SPF_PASS
SPF: sender matches SPF record
0.01
T_REMOTE_IMAGE
0.00
UNPARSEABLE_RELAY
Informational: message has unparseable relay lines
--
Jeremy McSpadden
Flux Labs, Inc | 
http://www.fluxlabs.net | Endless Solutions
Office : 850-250-5590 x 501 | Cell : 850-890-2543 | Fax : 850-254-2955

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Jerry Benton | 25 Feb 13:00 2015

v4.85.1-0 tarball beta

I tested this on FreeBSD. Give me some feedback if you try this out. I will move it to release 1 in about a week if
all is well. Some minor things like the install guides will change, but none of the MailScanner code will
change. Make sure you have bash, tar, gcc, make, perl5 installed first. Just extract and run ./install.sh

https://s3.amazonaws.com/mailscanner/release/v4/tar/MailScanner-install-4.85.1-0.tar.gz

-
Jerry Benton
www.mailborder.com

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Chris Chapman | 21 Feb 18:40 2015

DKIM and MailScanner Watermarking

MailScanner - v4.84.5

I have been running into an issue regarding DKIM with MailScanner and wanted to see if anyone had some input.

Out of the blue, Yahoo started rejecting messages from our servers with the error "554 Message not allowed -
[299]”.  While the messages were certainly not spammy, I noticed in their documentation the line "For
example, it is against Yahoo Mail's policy to accept messages with malicious content or manipulated
header information…”

This led me to wonder about Watermarking, as the feature adds a few header lines to messages. I found if I
disable watermarking in MS, messages deliver as expected. Re-enable Watermarking, I get bounces.

In the process of tracking down the cause, I ran a DKIM test, found at http://appmaildev.com/en/dkim/

With Watermarking enabled, the DKIM tests fail with the error “Wrong body hash”.  Disable
watermarking, the DKIM tests pass.  It seems to me the watermarks are added *after* the DKIM body hash is
generated, invalidating DKIM. I believe this is the reason Yahoo is bouncing mail.  But even if I disable
DKIM, messages will continue to bounce if the watermark headers are present. So the DKIM may or may not have
anything to do with it. 

I have verified the Watermark Header, %org-name% and %org-long-name% do not contain special characters,
dots, underscores or spaces and the like.

Does anyone have any experience/input?

Thanks!

Chris Chapman

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Jerry Benton | 21 Feb 13:06 2015

MailScanner v4.85.1-1 Final - RPM Release

This is the final for the release of MailScanner v4.85.1-1 for RPM based distributions. I am working on the
tarball source installer now. This RPM version will get posted on the MailScanner website once I get
access from Jules. I will send a separate email when the tarball source installer is ready.

RPM Package: https://s3.amazonaws.com/mailscanner/release/v4/rpm/MailScanner-4.85.1-1.rpm.tar.gz

MD5 Sum: https://s3.amazonaws.com/mailscanner/release/v4/rpm/MailScanner-4.85.1-1.md5sum

-
Jerry Benton
www.mailborder.com

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Peter Nitschke | 18 Feb 16:07 2015
Picon

Clean.quarantine

The current clean quarantine is great, but I would like to be able to have
different days_to_keep for spam and for nonspam.

There is more chance that someone will want to recover a mail that has been
caught as spam, and as mails are having much more content, keeping non-spam
for long doesn't make sense.

Any help appreciated.

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Max Kipness | 16 Feb 18:51 2015

Any new techniques?

Hi,

I've been using MailScanner for some time, and I've noticed many
different trends in spam attempts. I've currently got my latest server
on Centos 7.0 with DCC, Pyzor, Razor2, many custom spamassassin rules,
SpamCOP, SpamHaus, and Barracuda and URIBL checks.

As an overall total, tons of spam is caught, but it seems like the
spammers still figure out ways to get around. Just this morning I've
gotten several news ones that get around everything. I used Bayes and do
not use auto learn (which I think is a big mistake) and EVERY spam
message that gets by is tagged with BAYES_99/BAYES_999 so no problem
there. However my guess is I'm getting early spam before it gets listed
on the blacklists and URBLs, etc. Probably if I tested them again with
spamassassin about 5 minutes after received they would get caught by a
bunch of tests.

I've noticed the spammers will break up words with spaces, dashes, etc.
I've also noticed they will register a domain name, send as that domain
name, and then have a URL with that domain name in it, which seems
legitimate.

I normally will study the email, look for obvious patterns to create a
rule for any other similar emails.

But I'm just wondering if anyone else does anything differently, or
there are any other tests I can try. I could raise my Bayes score, but I
don't want the decision of spam/not spam based just on Bayes. It's
pretty good with Ham, but not 100%.

Also, Is there a way to create your own on-server URIBL, that way as
soon as an email comes in with a URL that was not detected by the
official URIBL, I could create a small program to add it locally?

Thanks,
Max
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Ryan Braganza | 16 Feb 08:51 2015
Picon

McAfee VirusScan Enterprise for Linux

Can anyone let me know if McAfee VirusScan can be used with Mailscanner ?

I have installed mcafee on my test server , the default install dir path is /opt/NAI/LinuxShield

I have set the virus.scanners.conf as below for mcafee

mcafee          /usr/lib/MailScanner/mcafee-wrapper     /opt/NAI/LinuxShield

But when I do a test scan using he wrapper I get the below o/p

/usr/lib/MailScanner/mcafee-wrapper /opt/NAI/LinuxShield /root/install.log
/usr/lib/MailScanner/mcafee-wrapper: line 63: /opt/NAI/LinuxShield/uvscan: No such file or directory
/usr/lib/MailScanner/mcafee-wrapper: line 63: exec: /opt/NAI/LinuxShield/uvscan: cannot execute: No such file or directory


Its looking for uvscan ... any inputs?


--
--------------------------------------------------------------------------------------------------------------------------------------
“Race the rain, Ride the wind & Chase the sunset.
Only a biker understands.”
--------------------------------------------------------------------------------------------------------------------------------------



--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Jerry Benton | 15 Feb 11:05 2015

v4.85.1.0 Beta for Linux RPM Available

After an absurd amount of face-palming over two weeks:

https://s3.amazonaws.com/mailscanner/MailScanner-4.85.1-0.rpm.tar.gz

Note: This is beta! If you install on on a production box, that’s on you. 

Please give me feedback via this list if you test this build. It is built for RHEL 5,6,7 and tested on CentOS 32
and 64 bit (Except for EL7 of course.) I built the installer to use the Yum package manger as much as
possible. 

- Order of install priority is Base > EPEL > Custom RPM > CPAN (All based on the options you select.) 
- For RHEL 6 the dependencies are fulfilled 100% by yum if you elect to use EPEL. 
- For RHEL 5 only tnef is missing via yum when using EPEL. The installer gives the option to install an RPM
package I built from source if it can’t find tnef after trying to install it with yum.
- For RHEL 7 tnef, perl-Filesys-Df, and perl-Sys-Hostname-Long and not available in base or EPEL. You are
given the option to install these via RPMs after the installer tries to install them using yum. Tnef was
built by me from source and the others were built by other people. From what I tested they seem to work fine.
- You can elect to not install perl-Filesys-Df and perl-Sys-Hostname-Long from these RPMs and they will be
installed via CPAN if you want to do that. 
- If you elect to install missing modules via CPAN, —nodeps will be used when installing the MailScanner
RPM. This is because rpm’s auto require does not recognize things not installed via RPM. So, for
example, even if Filesys::Df is installed and available to perl because the installer used CPAN to
install it, the rpm installer doesn’t see it.
- The last released version of MailScanner had 2 dependencies attached to the RPM: perl and
perl-MIME-Tools. This version has 85 dependencies attached to the RPM. Why? Glad you asked … I poured
over all of the MailScanner source code. If a perl module is used in the code I made it a dependency. (Many are
included with the base perl package.) If an optional module like Mail::ClamAV is available, its
dependency was added, which would be openssl-devel and Inline::C in the case of Mail::ClamAV.
- Using ClamAV as an example again … The installer will ask if you want to install ClamAV, but only if you
elect to use EPEL. (Not available in base.) If you elect to install ClamAV the installer will check for the
perl module Mail::ClamAV, which is used by MailScanner if you are using ClamAV. The installer will check
to see if it is installed. If not, it goes through the Base > EPEL > Custom > CPAN routine of installing it. The
same is true for Mail::SpamAssassin if you elect to install spamassassin. 

I have already completed the tarball source for the next version, but I want to go over it again. SuSE after
that. After that I will work on the Debian package. FreeBSD guys, you are on your own :)

-
Jerry Benton
www.mailborder.com

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
James Nelson | 13 Feb 21:34 2015
Picon

Filename Restrictions Not working

Hello,

 

I am having an issue where none of my filetype rules seem to be working.  I can send a test message with something as clearly dangerous as a .bat or .scr file, and MailScanner allows it through regardless.  My filetype.rules.conf and filename.rules.conf (and their archive counterparts) are in their default state, and my Mail.conf points to the rules files in %rules-dir% appropriate for each section.  The rules files are tabbed properly, with a simple:

FromOrTo:          default /etc/MailScanner/filename.rules.conf

 

No matter what I’ve tried, MailScanner still allows everything through, even if I explicitly deny a file type in Mail.conf (without using a ruleset).

 

Any suggestions?

 

 

 

 

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Shawn Iverson | 8 Feb 00:14 2015
Picon

MailScanner v4.85.1-1 Patch

Wondering if the following has been resolved in v4.85...

(see attached)

--
Shawn Iverson
Director of Technology
Rush County Schools
765-932-3901 x271
Attachment (mailscanner-4.84.6-1.patch): text/x-patch, 2111 bytes
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Gmane