Simon | 2 Jul 23:40 2015
Picon

Blacklisted from addresses triggering SPAM notification

Hi There,

We have incoming email from a domain that we have blacklisted for the client. In mailscanner.conf we have set:

Spam Actions = store notify header "X-Spam-Status: Yes"
High Scoring Spam Actions = store

What is happening is that the blacklisted domain is triggering the "notify" to the client. I would have thought that if you blacklist something thats it.. its gone burgers!

Is there any way we can stop notify to the client in this case?

Thanks

Simon

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

Simon | 29 Jun 02:38 2015
Picon

SA not getting Envelope-From - cannot use SPF

Hi There (again!), Sorry for barrage of questions :)

For some reason SA is not doing any SPF checks:

Jun 29 12:32:55.131 [29496] dbg: diag: [...] module installed: Mail::SPF, version v2.008
Jun 29 12:32:55.147 [29496] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from <at> INC
Jun 29 12:32:57.122 [29496] dbg: spf: cannot get Envelope-From, cannot use SPF
Jun 29 12:32:57.122 [29496] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender
Jun 29 12:32:57.123 [29496] dbg: spf: spf_whitelist_from: could not find useable envelope sender

Ive done quite a bit of checking conf but cant seem to figure out whats going on. Is this something todo with postfix not setting Envelope-From correctly?

"envelope_sender_header X-MailScanner-From" is in the spam.assassin.prefs.conf and "Envelope From Header = X-MailScanner-From:" is set in MailScanner.conf 

MailScanner Version:4.85.2
SpamAssassin Version:3.3.1 

Many thanks

Simon

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

Simon | 28 Jun 23:43 2015
Picon

Stored Bad Filename Message Report sending when HIGH SPAM

Hi There,

We have just started trialling MailScanner 4.85.2 on Centos 6.6 and its working really well. 

We have "Notify Senders Of Blocked Filenames Or Filetypes" = 'yes' so our clients get notified when an attachment has been blocked.. and this works well for legitimate senders. However in one case the message is clearly SPAM (e.g. its SA score is 12.37) - is there any way to stop MailScanner sending these reports in these instances?

Thanks

Simon


--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

Simon | 27 Jun 05:47 2015
Picon

Marking email as virus using header?

Hi there, 


We front our mailscanner servers with fortigate firewalls, and use the AV at the firewall rather than mailscanner (av is turned off on mailscanner). Mailscanner is the latest version, running on Centos 6.6.

What I have been wondering about is if we could pass the email to mailscanner with a custom header (set at the firewall) and have mailscanner mark it as spam.

This would only be for logging purposes, and so that clients can 'see' the av in action and also potentionally let their contacts know if they have been compromised.

Is this possible somehow?

Many thanks,

Simon


--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

Keith Edmunds | 25 Jun 15:32 2015

Debian repo gone AWOL

Hi all

Around the beginning of June or late May, the Debian Mailscanner repo
appears to have, er, disappeared. For a long time, the following lines in
the appropriate sources.list file worked fine:

	deb http://apt.baruwa.org/debian wheezy main
	deb-src http://apt.baruwa.org/debian wheezy main

Since then, https://www.baruwa.com/debian 404s.

Does anyone know what's happened? Are there still Debian packages around?

Thanks,
Keith

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

gojensen | 23 Jun 11:30 2015
Picon

Can't disable scanning of attachements

Hi! We have tons of "false" positives from the attachement scanning part 
of mailscanner. Apparently our users get's lots of archive files with 
double extensions and stuff.

At FIRST I tried to comment out this Part of filename.rules.conf:
# Deny all other double file extensions. This catches any hidden filenames.
deny   \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$   Found possible filename 
hiding                          Attempt to hide real filename extension

That didn't help, even after forcefully restarting mailscanner.
I then opted for these settings:

Filename Rules =
Filetype Rules =
Archives: Filename Rules =
Archives: Filetype Rules =
Maximum Archive Depth = 0

But it's STILL denying my attachements and replacing them with that 
default text message.

Help?!

Running MailScanner Version = 4.85.2 on Ubuntu with Postfix.

-- 
// gojensen

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

michael pap | 22 Jun 21:58 2015
Picon

MailScanner with SpamAssassin 3.4.1 use Mail::SpamAssassin::Plugin::TxRep or keep AWL

 

Hi,

 

what is currently the better choice keep AWL  switch to  TxRep

 

 

The TxRep (Reputation) plugin is designed as a substantially improved

replacement of the AWL plugin. It adjusts the final message spam score

by looking up and taking in consideration the reputation of the sender.

It cannot coexist with the old AWL plugin, which must be disabled when

the TxRep is loaded.

 

https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Plugin_TxRep.html

 

To try TxRep out, you have to disable the AWL plugin (if present), back up its database and add a line loading this module in init.pre (AWL may be enabled in v310.pre):

# loadplugin   Mail::SpamAssassin::Plugin::AWL

   loadplugin   Mail::SpamAssassin::Plugin::TxRep

When AWL is not disabled, TxRep will refuse to run.

Use the supplied 60_txreputation.cf file or add these lines to a .cf file:

header         TXREP   eval:check_senders_reputation()

describe       TXREP   Score normalizing based on sender's reputation

tflags         TXREP   userconf noautolearn

priority       TXREP   1000

 

 

Thank you.

 

Michael

 

 

 

This email has been scanned by the EMFABox eMail service. --------------------------------------------------------- ID: D818CE0E03.A9DD4

This email has been scanned by the EMFABox eMail service. --------------------------------------------------------- ID: 2B51D422D3.AC34C


--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

Peter Nitschke | 19 Jun 08:20 2015
Picon

Check which rules hit

I have built up a large number of rules for SA to use with MS and many are
probably now obsolete.

How can I monitor which rules are getting hits?

Thanks.

Peter

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

Jerry Benton | 15 Jun 20:47 2015

Webhooks

Has anyone tested or dealt with webhooks and MailScanner? There are some obvious privacy concerns with
having them in email. 

-
Jerry Benton
www.mailborder.com

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

michael pap | 11 Jun 21:29 2015
Picon

graymail ruleset question

Hi,

 

Is there a way to create a ruleset in MailScanner/SA  to separate graymail spam from other  spam like X-%orgname%-Bulk-Signature?

 

 

Thank you.

Mike

 

This email has been scanned by the EMFABox eMail service. --------------------------------------------------------- ID: 3C838E11A0.A2A85

This email has been scanned by the EMFABox eMail service. --------------------------------------------------------- ID: BE53C428B5.AABE7


--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

ADMX - Antal Delahaije | 10 Jun 23:20 2015
Picon

MailScanner prevents bayes mysql autolearn

Hi,

 

I’ve configurerd the latest MailScanner 4.85.2 in combination with MailWatch 1.2.0 beta 8. Everything works fine except for bayes autolearning.

 

If I set ‘SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin’ the bayes files are written into this directory but it also creates a journal which always is created with 0600 permissions thus MailWatch cannot access this journal until I manually set permission to 0660. This journal merges with the bayes database and a new file with the same 0600 permissions is created. Whatever I do to this folder permissions or set in MailScanner.conf, it always is permission 0600.

 

Then I figured out bayes can also write to MySQL database so I’ve configured something like below in my spam.assassin.prefs.conf.

 

bayes_store_module Mail::SpamAssassin::BayesStore::MySQL

bayes_sql_dsn      DBI:mysql:sa_bayes:127.0.0.1:3306

bayes_sql_username sauser

bayes_sql_password password

bayes_sql_override_username postfix

 

This works great for all e-mails I manually learn with ‘sa-learn –p /etc/MailScanner/spam.assassin.prefs.conf –-ham/--spam file’ command or I learn from the MailWatch frontend, no more errors here!

 

After a while I noticed MailScanner said it was autolearning but still creating the local bayes files in ‘/var/spool/MailScanner/spamassassin’. I tried disabling the ‘SpamAssassin User State Dir’ but this completely stopped autolearning.

 

I think MailScanner is somehow preventing spamassassin to autolearn via MySQL. Is this possible what I am doing via MailScanner? Maybe some misconfiguration?

 

Or does anybody know the solution to get autolearn working the conventional way?

 

Best regards,

 

Antal.


--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner


Gmane