Mark Adams | 28 Jul 16:14 2015
Picon

Duplicated messages

Hi All,

If anyone could provide advice that would be great. Running Debian Wheezy Mailscanner 4.79.11-2.2

Our incoming dir filled up just before the weekend so we didn't see the issue for a couple of days. Normally we would just shut down mailcleaner and delete the dir then start it up again and all would be ok. However on this occasion, the root partition also become full because of the mysql DB (it got to 14G in 2 days..).

For some reason everything started duplicating. I can see lots of incoming messages in the exim logs with duplication (2 or 4 of what looks like the same email) but in the mailscanner database there is hundreds of each email listed (apparently there was over 9 million messages delivered on 1 day compared with the server average of about 1500!)

It seems like some sort of loop, but afaik nothing specific was changed in the config apart from the fact incoming became full. Space has been cleared on the root partition and incoming, and everything appears to be running as normal right now.

Any advice on debugging this would be much appreciated, also, how best should I clear out the DB of all the dupes?

Thanks!

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

Picon

pdf corruption

Hi,

I'm currently using 4.84.5 to store all my messages. I have a problem with
some PDF files been corrupted after mailscanner process the files. 

Some ide ato fix this issue or tell mailscanner to don't process pdf files?

Thanks,
Wilson

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

Volker Dose | 22 Jul 14:21 2015
Picon

MailScanner: allowing attachments identified as text/plain by file -i

Hi list,
 
I am struggling with the ”magic”  fifth field in filetype.rules.conf – as so many others in the past, as far as I understand old posting.
 
Let me explain my settings:
 
I have a list of attachments, I do allow in filetype.rules.conf (like text, pics, html, pdf and other stuff) and  the last line is a deny for every other attachment. I did this, because I do not want to get anything to my mailserver, where I am not 100% sure of the filetype – so executables are banned and also every unknown  filetype.
 
This file looks like this:
 
 
-------
allow   ASCII text      ASCII text      ASCII text
allow   PC bitmap       PC bitmap       PC bitmap
allow   Emacs v18       Emacs v18       Emacs v18
allow   C++ source      C++ source      C++ source
allow   source          diverse source  diverse source
[…]
deny            .*      Deny unidentified attachments                   Deny unidentified attachments
----------
 
 
But  from time to time I get a false positive, often non-english text-parts are not very good identified, like Finnish or east-European languages.  Often the pdf attachment is identified fine and mailscanner processes it,  but txt and html-parts are too often blocked.
 

 
But using the file –I command I have a much higher rate of messages identified as text or html mail-part.
 
So I wanted to use this  feature Julian implemented 2008:
 
 
------------
This 5th field is optional, and specifies a regular expression which is
matched against the MIME type as determined by the "file -i" command.
 
If it is never specified, then the "file -i" command will never be run
on your message attachments so there is no appreciable overhead on the
speed of MailScanner caused by this new feature.
 
If the "mime type" *and* the filetype fields are both specified (and are
not "-") then either matching will cause the rule to fire. In a "deny"
rule like the example above, then *either* test firing will cause the
attachment to be blocked. In an "allow" rule then *both* of the tests
must pass to cause the attachment to be allowed and hence no more rules
to be checked. This sounds a bit odd but actually ends up doing pretty
much what you expect it to. I'm sure you'll let me know if I'm wrong
there :-)
---------
 
I added a line like this in my filetype.rules.conf:
 
allow         -                            text/plain                      -                       -
 
But the message mentioned above still triggered my last line
 
deny            .*      Deny unidentified attachments                   Deny unidentified attachments
 

For example: Yesterday I realized, the text-message of an email (starting with the string “THX!”) war identified as “AHX version” from my file (version 5.14) command but as text/plain with „file -i"

I understand the text from Julian, that both the “file” and the “file -i”-field has to match  and added a line like this:
 
allow   AHX version     text/plain      -       -
 
Which works – but only because I  have added the “file”-regex to that line, too.
 
I am looking for a “match all” at that point – the dash “-“ did not work for me.
 
I wonder if there is a  way to allow  any attachments, that give you a “text/plain” when using “file –i”.
 
 
Any help appreciated!
 
I am using MS-4.84.6-1 on a CentOS 6.6 32 bit.
 
And by the way: I love MailScanner – thanks to all of you helping make the software work.
 
Best regards
Volker

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

Simon | 15 Jul 00:01 2015
Picon

Recipient.spam.report from variable

Hi There,

Using postfix on Centos 6.6 and latest mailscanner...

We are sending our users the recipient.spam.report.txt alert on spam (not high-spam). A question that has come up quite often is that the $from does not contain the actual "From" address. e.g:


Rather than:


The issue our users find is that they dont actually know who bounce.491fc2.c7b9ec1.sally=blabla.co.nz-i6g14h8vXHPQUbe8pDCSsNrtf4AiWN/8QQ4Iyu8u01E@public.gmane.org is so they cant make a decision on if to get it released or not. 

Is there any way to show the From address rather than the return path? or is this the way postfix works with MailScanner?

Thanks

Simon

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

Walt Thiessen | 14 Jul 15:17 2015

individual white lists

Hello,

I'm a new mailscanner user, and I have a question about white lists.

I’ve been thinking a lot lately about the problem of email spam, and I 
want to try something.

I want to create a white list system where the white list is 
individualized per email account and where it can be updated via a 
php/mysql script.

Can anyone advise me whether there’s a way to accomplish this with 
mailscanner?

Walt

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

Simon | 2 Jul 23:40 2015
Picon

Blacklisted from addresses triggering SPAM notification

Hi There,

We have incoming email from a domain that we have blacklisted for the client. In mailscanner.conf we have set:

Spam Actions = store notify header "X-Spam-Status: Yes"
High Scoring Spam Actions = store

What is happening is that the blacklisted domain is triggering the "notify" to the client. I would have thought that if you blacklist something thats it.. its gone burgers!

Is there any way we can stop notify to the client in this case?

Thanks

Simon

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

Simon | 29 Jun 02:38 2015
Picon

SA not getting Envelope-From - cannot use SPF

Hi There (again!), Sorry for barrage of questions :)

For some reason SA is not doing any SPF checks:

Jun 29 12:32:55.131 [29496] dbg: diag: [...] module installed: Mail::SPF, version v2.008
Jun 29 12:32:55.147 [29496] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from <at> INC
Jun 29 12:32:57.122 [29496] dbg: spf: cannot get Envelope-From, cannot use SPF
Jun 29 12:32:57.122 [29496] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender
Jun 29 12:32:57.123 [29496] dbg: spf: spf_whitelist_from: could not find useable envelope sender

Ive done quite a bit of checking conf but cant seem to figure out whats going on. Is this something todo with postfix not setting Envelope-From correctly?

"envelope_sender_header X-MailScanner-From" is in the spam.assassin.prefs.conf and "Envelope From Header = X-MailScanner-From:" is set in MailScanner.conf 

MailScanner Version:4.85.2
SpamAssassin Version:3.3.1 

Many thanks

Simon

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

Simon | 28 Jun 23:43 2015
Picon

Stored Bad Filename Message Report sending when HIGH SPAM

Hi There,

We have just started trialling MailScanner 4.85.2 on Centos 6.6 and its working really well. 

We have "Notify Senders Of Blocked Filenames Or Filetypes" = 'yes' so our clients get notified when an attachment has been blocked.. and this works well for legitimate senders. However in one case the message is clearly SPAM (e.g. its SA score is 12.37) - is there any way to stop MailScanner sending these reports in these instances?

Thanks

Simon


--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

Simon | 27 Jun 05:47 2015
Picon

Marking email as virus using header?

Hi there, 


We front our mailscanner servers with fortigate firewalls, and use the AV at the firewall rather than mailscanner (av is turned off on mailscanner). Mailscanner is the latest version, running on Centos 6.6.

What I have been wondering about is if we could pass the email to mailscanner with a custom header (set at the firewall) and have mailscanner mark it as spam.

This would only be for logging purposes, and so that clients can 'see' the av in action and also potentionally let their contacts know if they have been compromised.

Is this possible somehow?

Many thanks,

Simon


--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

Keith Edmunds | 25 Jun 15:32 2015

Debian repo gone AWOL

Hi all

Around the beginning of June or late May, the Debian Mailscanner repo
appears to have, er, disappeared. For a long time, the following lines in
the appropriate sources.list file worked fine:

	deb http://apt.baruwa.org/debian wheezy main
	deb-src http://apt.baruwa.org/debian wheezy main

Since then, https://www.baruwa.com/debian 404s.

Does anyone know what's happened? Are there still Debian packages around?

Thanks,
Keith

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

gojensen | 23 Jun 11:30 2015
Picon

Can't disable scanning of attachements

Hi! We have tons of "false" positives from the attachement scanning part 
of mailscanner. Apparently our users get's lots of archive files with 
double extensions and stuff.

At FIRST I tried to comment out this Part of filename.rules.conf:
# Deny all other double file extensions. This catches any hidden filenames.
deny   \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$   Found possible filename 
hiding                          Attempt to hide real filename extension

That didn't help, even after forcefully restarting mailscanner.
I then opted for these settings:

Filename Rules =
Filetype Rules =
Archives: Filename Rules =
Archives: Filetype Rules =
Maximum Archive Depth = 0

But it's STILL denying my attachements and replacing them with that 
default text message.

Help?!

Running MailScanner Version = 4.85.2 on Ubuntu with Postfix.

-- 
// gojensen

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner


Gmane