Mohammed Ejaz | 16 Nov 14:29 2014
Picon

PDF-gets-corrupted

hello,

 

We  have some problem  through one of the sender "" whenever he is sending an email with an attachment of more than 1 MB of PDF, gets corrupted and recipient cannot open the file, it says problem with file format.  

 

whereas the same sender ending same attachment  to yahoo, Hotmail and gmail etcc. without any problem.

 

our setup is

 

Front End (we use to filter the email)

 

mailscanner,clamav,spamassin with postfix mail servers

 

BackEnd.

 

Communicate  where the actual mailboxes are existed.

 

when eliminate our front end filters just to test Email (problematic Email and attachment)  gets through. it clears that problem is Mailscanner somewhere. but I unable to trace out.

 

so. please any help would be highly appreciated.

 

Thanks in advance.

 

Best Regards

Ejaz

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Sim | 10 Nov 12:44 2014
Picon

Bounce from "destination server" as SPAM - header/received too short!

Hello to all!

I've a little issue...

SENDER (from test <at> extenal.com  to  nomail <at> mydomain) ------> MailScanner -----> Mailbox Server ( <at> mydomain)

At this time my internal "Mailbox Server" generate a bounce for not exiting "nomail" account.
This bounce is detected as SPAM from MailScanner.

Note:
- The IP of Mailbox Server is in "Whitelist"
- The LAN (/24) of Mailbox Server is in "Trusted Network"
- The LAN (/24) of Mailbox Server is in "Outbound mail relay"
- All other email sent from "Mailbox Server" are detected as "white list"


Checking the log of postfix i've found this:

postfix/cleanup[20872]: C1C2960069: hold: header Received: from srv.mydomain.local (unknown [192.168.0.10])??(using TLSv1 with cipher AES128-SHA (128/128 bits))??(No client certificate requested)??by mail.mydomain.com (Postfix) w from unknown[192.168.0.10]; from=<> to=<test <at> external.com> proto=ESMTP helo=<srv.mydomain.local>
[..]
MailScanner[19852]: Spam Checks: Starting
MailScanner[19852]: Message C1C2960069.AEB15 from 192.168.0.10 has no (or invalid) watermark or sender address, marked as high-scoring spam
MailScanner[19852]: Spam Checks: Found 1 spam messages


The header of postifx/cleanup is incomplete!!!!

Looking for full header i've seen:  "(Postfix) with ESMTPS id C1C2960069?"    and not only    "(Postfix) w"


How to increase this "check of the header limit" in postfix, cleanup or MailScanner ?

Thanks
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Sim | 10 Nov 11:38 2014
Picon

REJECT (not bounce) spam with HI score?

Hello!

Is it possible to "drop SMTP connection with a reject code", and not close with "250 Ok...", if the score is Hi or with virus?

In this case the message is "bounced" directly from the mail server of the sender, and not generated a new message/bounce from destionation (MailScanner) server.

Thanks for your support

---
Sim
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
TSSB Sdn Bhd | 10 Nov 06:03 2014
Picon

SYSERR(root): rewrite: excessive recursion (max 50), ruleset canonify

Hi,

I am having a problem with my sendmail right now. I'm using CentOS5 running on BlueQuartz 5100R Series

I am not able to send to my domain and keep receiving the error

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain domain.name.com from domain.name.com [IP address]

The error that the other server returned was:
554 5.0.0 rewrite: excessive recursion (max 50), ruleset canonify


Thanks & Regards,

TSSB Sdn Bhd
35-1, Jalan Tanjung SD 13/2, 
Bandar Sri Damansara, 
52200 Kuala Lumpur.

MAIN LINE: 603 6276 7910 
FAX: 603 6276 0912




--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Viorel Robu | 31 Oct 14:00 2014
Picon

MailScanner 4.84.6-1 + postfix 2.6.6-6 on CentOS 6.6 not checking filename/filetype rules

Hi all,

MailScanner is configured to run as postfix:postfix. 

Run As User = postfix
Run As Group = postfix

Checked after start:

[root <at> srv-smtp conf.d]# ps axu | grep MailScanner
postfix  10381  0.0  1.8 205784 35060 ?        Ss   13:14   0:00 MailScanner: master waiting for children, sleeping
postfix  10382  0.1  4.8 305000 92380 ?        S    13:14   0:04 MailScanner: waiting for messages
root     11635  0.0  0.0 103252   840 pts/6    S+   14:10   0:00 grep MailScanner

I double-checked permission and ownership of every directory and file in /var/spool/postfix and /var/spool/MailScanner.
But I can't figure out why MailScanner is not executing file name & file type checking of attachments.
I found a strange behavior: if I stop it and then run it in this manner:
/etc/init.d/MailScanner startin
/etc/init.d/MailScanner startout
sudo -u postfix -g postfix /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf
it starts acting as i s supposed to. 

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Max Kipness | 10 Oct 22:25 2014

Eliminate date in archive path

Hi,

I was just wondering if anyone knows how or if it is possible to remove
the date when using the following configuration in MailSCanner.conf:

Archive Mail = /archiving_dir/_TODOMAIN_/

This leaves the qf and df files in:

/archiving_dir/domain_name/date

I'd rather eliminate the date sub-directory if possible.

If anyone knows how, please let me know.

Thanks,
Max

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Ryan Braganza | 6 Oct 08:30 2014
Picon

Denial Of Service + Antivirus time out


Hi, Is there any fix for this issue? When server load increases I can see a lot mails that get quarantined with Denial of Service notification after the antivirus times out

I agree the server load should not be too high, but mailscanner should not quarantine messages like this ..

Oct 3 13:35:22 mail MailScanner[23722]: Virus Scanning: Denial Of Service attack is in message 9F26BE513.AB917
Oct 3 13:35:22 mail MailScanner[23722]: Infected message 9F26BE513.AB917 came from 127.0.0.1
Oct 3 13:35:22 mail MailScanner[23722]: Saved entire message to /var/spool/MailScanner/quarantine/20141003/9F26BE513.AB917
Oct 3 13:35:21 mail MailScanner[23722]: Commercial scanner bitdefender timed out!
Oct 3 13:35:21 mail MailScanner[23722]: bitdefender: Failed to complete, timed out
Oct 3 13:35:22 mail MailScanner[23722]: Virus Scanning: Denial Of Service attack is in message 9F26BE513.AB917
Oct 3 13:35:22 mail MailScanner[23722]: Infected message 9F26BE513.AB917 came from 127.0.0.1
Oct 3 13:35:22 mail MailScanner[23722]: Viruses marked as silent: Denial of Service attack in message!
Oct 3 13:35:22 mail MailScanner[23722]: Saved entire message to /var/spool/MailScanner/quarantine/20141003/9F26BE513.AB917
Oct 3 13:35:26 mail MailScanner[23722]: Notices: Warned about 1 messages


--
--------------------------------------------------------------------------------------------------------------------------------------
“Race the rain, Ride the wind & Chase the sunset.
Only a biker understands.”
--------------------------------------------------------------------------------------------------------------------------------------



--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Anders Andersson, IT | 1 Oct 11:04 2014
Picon

Mailscanner ovf appliance

Hi

Just wondered if anyone know or tested any free mailscanner based virtual appliance. Tried to search but that didn’t work to good. I guess I could always make my own virtual machine but a  preinstalled ovf-file  with a basic web interface would be much easier J

 

Kind regards

 

Anders

 

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Boyd | 30 Sep 10:26 2014
Picon

Use mailscanner for content protection

Hi All,

Is there any sample configuration about using mailscanner for content protection?

Thanks a lot!

Boyd
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Chris Labatt-Simon | 29 Sep 20:40 2014

MailScanner starting new parent processes

Hi All –

 

I just went through a painful upgrade of an Ubuntu server from 10.04 to 14.04. In the process, MailScanner was removed and I had to re-install it. I copied over my old etc settings. My old version was 4.79.11. My new version is 4.84.6.

 

It seems as if MailScanner can’t tell whether it’s already running. I have “Restart Every” set to 7200. Every time the time passes, a new primary process of MailScanner starts. Over the period of a day, I’ll have a large number of parent processes running.

 

Help?

 

If this helps at all… the mailscanner script in /etc/init.d uses start-stop-daemon to start and stop the MailScanner process. It would start fine, but it wouldn’t stop as it didn’t recognize the MailScanner name in the process list. I had to modify the script to use the PID file to stop the processes.

 

Here’s the ps –edf output after the first 7200 seconds:

 

root     11829     1  0 12:31 ?        00:00:00 MailScanner: master waiting for children, sleeping

root     11830 11829  0 12:31 ?        00:00:11 MailScanner: waiting for messages

root     11839 11829  0 12:31 ?        00:00:13 MailScanner: waiting for messages

root     11857 11829  0 12:32 ?        00:00:14 MailScanner: waiting for messages

root     11863 11829  0 12:32 ?        00:00:14 MailScanner: waiting for messages

root     11871 11829  0 12:32 ?        00:00:14 MailScanner: waiting for messages

root     14269     1  0 13:17 ?        00:00:00 MailScanner: master waiting for children, sleeping

root     14270 14269  0 13:17 ?        00:00:07 MailScanner: waiting for messages

root     14278 14269  0 13:17 ?        00:00:07 MailScanner: waiting for messages

root     14284 14269  0 13:17 ?        00:00:10 MailScanner: waiting for messages

root     14290 14269  0 13:17 ?        00:00:07 MailScanner: waiting for messages

root     14298 14269  0 13:17 ?        00:00:08 MailScanner: waiting for messages

 

Thanks!

 

Chris

 

 

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Ryan Braganza | 29 Sep 12:23 2014
Picon

Mails get quarantined multiple times

I received a mail with queue id 9DECD35316. This mail was supposed to get quarantined due to a size restriction but instead of getting quarantined once it keeps getting quarantine  until we removed this email manually from queue

Mailscanner version is mailscanner-4.70.7-1


The logs show...  .. any idea what could be wrong ?

Sep 29 12:47:29 smtp MailScanner[31421]: Saved entire message to /usr/local/spool/MailScanner/quarantine/20140929/9DECD35316.4515E
Sep 29 12:47:39 smtp MailScanner[31490]: Content Checks: Message 9DECD35316.4DCC2 is bigger than 13312000 bytes
Sep 29 12:47:39 smtp MailScanner[31490]: Saved entire message to /usr/local/spool/MailScanner/quarantine/20140929/9DECD35316.4DCC2
Sep 29 12:47:46 smtp MailScanner[31411]: Content Checks: Message 9DECD35316.E2456 is bigger than 13312000 bytes
Sep 29 12:47:46 smtp MailScanner[31411]: Saved entire message to /usr/local/spool/MailScanner/quarantine/20140929/9DECD35316.E2456
Sep 29 12:47:52 smtp MailScanner[31336]: Content Checks: Message 9DECD35316.21440 is bigger than 13312000 bytes
Sep 29 12:47:52 smtp MailScanner[31336]: Saved entire message to /usr/local/spool/MailScanner/quarantine/20140929/9DECD35316.21440
Sep 29 12:47:59 smtp MailScanner[31513]: Content Checks: Message 9DECD35316.383FF is bigger than 13312000 bytes
Sep 29 12:47:59 smtp MailScanner[31513]: Saved entire message to /usr/local/spool/MailScanner/quarantine/20140929/9DECD35316.383FF
Sep 29 12:48:05 smtp MailScanner[31553]: Content Checks: Message 9DECD35316.CDB95 is bigger than 13312000 bytes
Sep 29 12:48:05 smtp MailScanner[31553]: Saved entire message to /usr/local/spool/MailScanner/quarantine/20140929/9DECD35316.CDB95
Sep 29 12:48:11 smtp MailScanner[31523]: Content Checks: Message 9DECD35316.F07D0 is bigger than 13312000 bytes
Sep 29 12:48:11 smtp MailScanner[31523]: Saved entire message to /usr/local/spool/MailScanner/quarantine/20140929/9DECD35316.F07D0
Sep 29 12:48:18 smtp MailScanner[31582]: Content Checks: Message 9DECD35316.C9CE2 is bigger than 13312000 bytes
Sep 29 12:48:18 smtp MailScanner[31582]: Saved entire message to /usr/local/spool/MailScanner/quarantine/20140929/9DECD35316.C9CE2
Sep 29 12:48:24 smtp MailScanner[31499]: Content Checks: Message 9DECD35316.01EFE is bigger than 13312000 bytes



--
--------------------------------------------------------------------------------------------------------------------------------------
“Race the rain, Ride the wind & Chase the sunset.
Only a biker understands.”
--------------------------------------------------------------------------------------------------------------------------------------



--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Gmane