Jerry Benton | 3 May 16:14 2015

v4.85.2-3 Released

No change to the code, just an update to the installer.

https://www.mailscanner.info/downloads/

05/03/2015 Changes in    v4.85.2-3
==================================
*Updates*
- Added Postfix detection and update for master.cf to use
  FIFO instead of UNIX socket

-
Jerry Benton
www.mailborder.com

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

michael pap | 3 May 05:56 2015
Picon

Testing V 4.85.2 postfix/showq[31416]: warning: hold/3519: uid 89: not a regular file

Did I something wrong ?

 

I am running 2 childs

 

[root <at> demo3 hold]# ls

3484  3519

 

By running the mailq command I get those errors?

 

[root <at> demo3 ~]# date

Sat May  2 23:44:19 EDT 2015

[root <at> demo3 ~]# mailq

Mail queue is empty

[root <at> demo3 ~]#

 

May  2 23:44:27 demo3 postfix/showq[32579]: warning: hold/3519: uid 89: not a regular file

May  2 23:44:27 demo3 postfix/showq[32579]: warning: hold/3484: uid 89: not a regular file

 

An postfix reload removes both files and then I get the next error …

 

[root <at> demo3 ~]# service postfix reload

Reloading postfix:                                         [  OK  ]

[root <at> demo3 ~]# ls /var/spool/postfix/hold/

[root <at> demo3 ~]#

 

May  2 23:48:53 demo3 MailScanner[3484]: Could not open file >/var/spool/postfix

/hold/3484/BF276E1B67.A91BF.header: No such file or directory

May  2 23:48:53 demo3 MailScanner[3484]: Cannot create + lock headers file /var/                              spool/postfix/hold/3484/BF276E1B67.A91BF.header,

May  2 23:48:56 demo3 MailScanner[3519]: Could not open file >/var/spool/postfix

/hold/3519/BF276E1B67.A91BF.header: No such file or directory

May  2 23:48:56 demo3 MailScanner[3519]: Cannot create + lock headers file /var/                                  spool/postfix/hold/3519/BF276E1B67.A91BF.header,

 

Sat May  2 23:51:33 EDT 2015

[root <at> demo3 ~]# ls /var/spool/postfix/hold/

1036  1093

 

Did somebody get the same result – or my configuration is wrong may there is a way to suppress the showq warnings?

 

Thank you,

mike

 

 

 

 

 

 

 

 

--This email has been scanned by the EMFABox eMail service.

This email has been scanned by the EMFABox eMail service. --------------------------------------------------------- ID: 732CF42689.AB3C2


--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

Philip Parsons | 29 Apr 20:52 2015

I think I must have missed something

Read 0 hostnames from the phishing blacklists

 

 

Is this list no longer working ? or do I need to change something

 

 

Thank you.
Philip Parsons

 


--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

Datasoft-India | 29 Apr 05:35 2015
Picon

Yahoo Bouncing mails with trailing spaces in subject

Hi All,
I have gone through the threads in the archive list. However I have finally nailed down the problem to the following condition. No matter what, whenever we compose a mail with an extra space at the end of the subject, a Duplicate Subject line gets added at the top of the header and the mail is bounced by Yahoo. with the following message.
<xxxxxyy-/E1597aS9LQAvxtiuMwx3w@public.gmane.org>: host mta5.am0.yahoodns.net[98.138.112.35] said: 554 Message not allowed – Headers are not RFC compliant[291] (in reply to end of DATA command).

Sample header shown below.

Return-Path: <xx-wV4RUdHHV6pBDgjK7y7TUQ@public.gmane.org>
X-Spam-Status: No
Subject: test 10
X-securemailhub-MailScanner-From: xx-wV4RUdHHV6pBDgjK7y7TUQ@public.gmane.org
X-securemailhub-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
<snip>

Output of MailScanner -V

This is CentOS release 5.11 (Final)
This is Perl version 5.008008 (5.8.8)
This is MailScanner version 4.84.6

Question2) Is the Latest version of MailScanner 4.85.2-2 supported on the CentOS release 5.11 (Final) and Perl version 5.008008 without issues.

Can you help through some light on this.?

Thanks/DP


--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

Art Stephens | 16 Apr 23:03 2015

Problem messages

I keep getting these emails from MailScanner

Archive:

Number of messages: 1
Tries Message Last Tried
===== ======= ==========
6 DBCA82040EB.A9AA7 Thu Apr 16 09:45:57 2015

I have followed instructions on how to remove these but they keep occurring every time we receive an email addressed to a non existent user.

Log entries
Apr 16 09:24:19 retail MailScanner[17702]: Making attempt 2 at processing message DBCA82040EB.A9AA7
Apr 16 09:24:23 retail MailScanner[17702]: SpamAssassin cache hit for message DBCA82040EB.A9AA7
Apr 16 09:28:10 retail MailScanner[18268]: Making attempt 3 at processing message DBCA82040EB.A9AA7
Apr 16 09:28:14 retail MailScanner[18268]: SpamAssassin cache hit for message DBCA82040EB.A9AA7
Apr 16 09:32:25 retail MailScanner[18318]: Making attempt 4 at processing message DBCA82040EB.A9AA7
Apr 16 09:32:29 retail MailScanner[18318]: SpamAssassin cache hit for message DBCA82040EB.A9AA7
Apr 16 09:37:12 retail MailScanner[17699]: Making attempt 5 at processing message DBCA82040EB.A9AA7
Apr 16 09:37:16 retail MailScanner[17699]: SpamAssassin cache hit for message DBCA82040EB.A9AA7
Apr 16 09:40:33 retail MailScanner[18427]: Making attempt 6 at processing message DBCA82040EB.A9AA7
Apr 16 09:40:36 retail MailScanner[18427]: SpamAssassin cache hit for message DBCA82040EB.A9AA7
Apr 16 09:40:36 retail MailScanner[18217]: Warning: skipping message DBCA82040EB.A9AA7 as it has been attempted too many times
Apr 16 09:40:36 retail MailScanner[18217]: Quarantined message DBCA82040EB.A9AA7 as it caused MailScanner to crash several times
Apr 16 09:40:36 retail MailScanner[18217]: Saved entire message to /var/spool/MailScanner/quarantine/20150416/DBCA82040EB.A9AA7

Running on
Linux retail.ptera.net 2.6.33.6-147.fc13.x86_64 #1 SMP Tue Jul 6 22:32:17 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux
This is Fedora release 13 (Goddard)
This is Perl version 5.010001 (5.10.1)

This is MailScanner version 4.84.6

Any fix?

Response from Forum...

Make sure you have tnef installed. Then check your tnef settings. Also make sure your directory permissions and the user to run as are set correctly. If you need more help, please use the mailing list.

OK Thanks

Expand TNEF = yes
Use TNEF Contents = replace
Deliver Unparsable TNEF = no
#TNEF Expander  = internal
TNEF Expander = /usr/bin/tnef --maxsize=100000000
TNEF Timeout = 120

perl-Convert-TNEF 0.17-11.fc13
tnef 1.4.5-1

And I get this emal sent to me:

The original message was received at Thu, 16 Apr 2015 12:48:49 -0700
from postfix <at> localhost
with id t3GJmn2a020753

   ----- The following addresses had permanent fatal errors -----
    (reason: 554 5.7.1 <160-92248047-23-f.trowridge=guitarfranks.com-0pQPA1qlGEwpWEwJ+7R8na35v1XWdZp1@public.gmane.org>: Relay access denied)
    (expanded from: 160-92248047-23-f.trowridge=guitarfranks.com <at> mail.mybusinesshomes.com)

   ----- Transcript of session follows -----
... while talking to [127.0.0.1]:
>>> DATA
<<< 554 5.7.1 <160-92248047-23-f.trowridge=guitarfranks.com-0pQPA1qlGEwpWEwJ+7R8na35v1XWdZp1@public.gmane.org>: Relay access denied
554 5.0.0 Service unavailable
<<< 554 5.5.1 Error: no valid recipients

Final-Recipient: RFC822; 160-92248047-23-f.trowridge=guitarfranks.com-0pQPA1qlGEwpWEwJ+7R8na35v1XWdZp1@public.gmane.org
Action: failed
Status: 5.7.1
Remote-MTA: DNS; [127.0.0.1]
Diagnostic-Code: SMTP; 554 5.7.1 <160-92248047-23-f.trowridge=guitarfranks.com-0pQPA1qlGEwpWEwJ+7R8na35v1XWdZp1@public.gmane.org>: Relay access denied
Last-Attempt-Date: Thu, 16 Apr 2015 12:48:49 -0700


---------- Forwarded message ----------
From: MailScanner <postmaster>
To: 160-92248047-23-f.trowridge=guitarfranks.com <at> mail.mybusinesshomes.com
Cc: 
Date: Thu, 16 Apr 2015 12:48:49 -0700
Subject: Warning: E-mail error detected
Our virus detector failed to completely analyse a message you sent:-
  Subject: New Mortgage Lows
  Date: Thu Apr 16 12:48:49 2015
Any parts of the message that could not be analysed will not have been
delivered.

If you are using Microsoft Outlook, we strongly recommend you change your
outgoing message format from "Rich Text" to "HTML" or "Plain Text".

1) Click on the "Tools" menu and choose "Options..."
2) Go to the "Mail Format" tab
3) For message format, select "HTML" or "Plain text"
4) Click OK

The virus detector said this about the message:
Report: Report: MailScanner: Message attempted to kill MailScanner


--
MailScanner
Email Virus Scanner
Ptera Wireless Internet Inc.

For all your IT requirements visit: http://www.transtec.co.uk

Totally stumped on how to proceed to fix this....

--
Arthur Stephens
Senior Networking Technician
Ptera Inc.
PO Box 135
24001 E Mission Suite 50
Liberty Lake, WA 99019 
509-927-7837 
 ----------------------------------------------------------------------------- 
"This message may contain confidential and/or propriety information, and is intended for the person/entity to whom it was originally addressed. 
Any use by others is strictly prohibited. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company." 

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

Jerry Benton | 16 Apr 21:45 2015

Executable vs Binary

Has anyone dealt with this? I can’t decide if I should mod the source or just change the configs:

- Microsoft document comes through with some sort of dat file embedded. While MS see that dat file as
text/plain, the character set is binary, so it nails it as an executable. 
- Allowing executables will allow the file. 

So, there’s the rub. Under the current code we have to allow executables for these “newer” types of
Microsoft documents to get through. This isn’t restricted to just Microsoft. There are several other
file formats that make MailScanner fire on this.

Ideas?

-
Jerry Benton
www.mailborder.com

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

Richard Mealing | 15 Apr 15:43 2015
Picon

deprecated code

Hi,

 

I’m getting the following when using perl5-5.18.4_13 -

 

/usr/local/etc/rc.d/mailscanner restart

Stopping mailscanner.

Waiting for PIDS: 758.

Starting mailscanner.

Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/CustomConfig.pm line 749.

Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/GenericSpam.pm line 39.

Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/RBLs.pm line 39.

Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/MCP.pm line 40.

Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/SA.pm line 39.

Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/CustomConfig.pm line 749.

Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/GenericSpam.pm line 39.

Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/RBLs.pm line 39.

Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/MCP.pm line 40.

Parameterless "use IO" deprecated at /usr/local/lib/MailScanner/MailScanner/SA.pm line 39.

 

This is on FreeBSD 10.1-RELEASE-p9.

 

I wondered if this had been fixed in the next release? I have the latest from the ports.

 

Thanks,

Rich


--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

Volker Dose | 14 Apr 17:19 2015
Picon

No filetype checks on RAR-archives

Hi Mailing-List,

 

I have set up a new MS installation and do not manage to get  filetype/filename checks working inseid of rar-archives.

 

 

I am using MS with postfix and ClamAV as virus scanner. I have added the SaneSecurity files for ClamAV also.

 

The filetype checks are working fine on 7z-archives and zip-archives are also searched for unwanted filetypes. even Excel files are unpacked and checked. I understand, that clamav is not able to check RAR-archives anymore, right?

 

 

 

This are the relevant setting ( I hope ;-)

 Maximum Archive Depth = 8

Find Archives By Content = yes

Unpack Microsoft Documents = no

Archives Are = zip rar

Archives: Deny Filenames =  \.com$ \.exe$ \.cpl$ \.pif$

Archives: Deny Filetypes = executable

 

 

This are my settings:

 

[root <at> mailscanner MailScanner]# cat /etc/redhat-release

CentOS release 6.6 (Final)

[root <at> mailscanner MailScanner]# rpm -q postfix

postfix-2.6.6-6.el6_5.i686

 

[root <at> mailscanner MailScanner]# MailScanner --lint

Trying to setlogsock(unix)

 

Reading configuration file /etc/MailScanner/MailScanner.conf

Reading configuration file /etc/MailScanner/conf.d/README

Read 1084 hostnames from the phishing whitelist

Read 11741 hostnames from the phishing blacklists

Config: calling custom init function SQLBlacklist

Starting up SQL Blacklist

Read 250 blacklist entries

Config: calling custom init function MailWatchLogging

Started SQL Logging child

Config: calling custom init function SQLWhitelist

Starting up SQL Whitelist

Read 499 whitelist entries

 

Checking version numbers...

Version number in MailScanner.conf (4.84.6) is correct.

 

Your envelope_sender_header in spam.assassin.prefs.conf is correct.

MailScanner setting GID to  (89)

MailScanner setting UID to  (89)

 

Checking for SpamAssassin errors (if you use it)...

Using SpamAssassin results cache

Connected to SpamAssassin cache database

bayes: cannot open bayes databases /var/spool/MailScanner/bayes/bayes_* R/O: tie failed: Permission denied

bayes: cannot open bayes databases /var/spool/MailScanner/bayes/bayes_* R/O: tie failed: Permission denied

pyzor: check failed: internal error, python traceback seen in response

SpamAssassin reported no errors.

Connected to Processing Attempts Database

Created Processing Attempts Database successfully

There are 6 messages in the Processing Attempts Database

Using locktype = posix

MailScanner.conf says "Virus Scanners = f-prot-6 clamd"

Found these virus scanners installed: clamavmodule, f-prot-6, sophossavi, mcafee6, clamd

===========================================================================

Filename Checks: Windows/DOSExecutable (1 eicar.com)

Completed checking by /usr/local/bin/file_wrapper at /usr/lib/MailScanner/MailScanner/SweepOther.pm line 488

Completed checking by /usr/local/bin/file_wrapper -i at /usr/lib/MailScanner/MailScanner/SweepOther.pm line 570

Filetype Checks: Allowing 1 eicar.com : identified as ASCII text

Filetype Mime Checks: Allowing 1 eicar.com (no match found)

Other Checks: Found 1 problems

Virus and Content Scanning: Starting

Scanning: /

[Found virus] <EICAR_Test_File (exact)> ./1/eicar.com at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2530

Virus Scanning: F-Prot6 found 1 infections

Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com

Virus Scanning: Clamd found 2 infections

Infected message 1 came from 10.1.1.1

Virus Scanning: Found 3 viruses

===========================================================================

Virus Scanner test reports:

F-Prot6 said "[Found virus] <EICAR_Test_File (exact)> ./1/eicar.com"

Clamd said "eicar.com was infected: Eicar-Test-Signature"

 

If any of your virus scanners (clamavmodule,f-prot-6,sophossavi,mcafee6,clamd)

are not listed there, you should check that they are installed correctly

and that MailScanner is finding them correctly via its virus.scanners.conf.

Config: calling custom end function SQLBlacklist

Closing down by-domain spam blacklist

Config: calling custom end function MailWatchLogging

Config: calling custom end function SQLWhitelist

Closing down by-domain spam whitelist

[root <at> mailscanner MailScanner]

 

 

 

Best regards

Volker


--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

Jerry Benton | 13 Apr 16:36 2015

v4.85.2-2 Released

This corrects a minor error in the RPM packages spec file during an upgrade. (RHEL and SuSE) Version release
updated for all packages although Debian and the tarball has not changed. 

https://www.mailscanner.info/downloads/

-
Jerry Benton
www.mailborder.com

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

Denis Beauchemin | 13 Apr 15:36 2015
Picon

Error in upgrade

Hello,

I just upgraded from 4.85.2-0 to 4.85.2-1 on RHEL 6.6 and got the following errors at the end of the process :
Installing the MailScanner RPM ... 
Preparing...                ##################################################
mailscanner                 ##################################################

Leaving mailscanner.cf link or file alone.
SpamAssassin site rules found in /etc/mail/spamassassin

To activate MailScanner run the following commands:

service sendmail stop
chkconfig sendmail off
chkconfig MailScanner on
service MailScanner start

Note that you will need to replace the sendmail option
above with your respective MTA. Sendmail, Postfix, Exim, etc.

If you are using Clam AV, ensure that you check that the user
and group specified in /usr/share/MailScanner/clamav-wrapper
matches the user specified in /etc/passwd.

/var/tmp/rpm-tmp.0GUhjw: line 7: syntax error near unexpected token `fi'
/var/tmp/rpm-tmp.0GUhjw: line 7: `fi'
warning: %postun(mailscanner-4.85.2-0.noarch) scriptlet failed, exit status 2
ClamAV update process started at Mon Apr 13 08:59:20 2015
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cld is up to date (version: 20317, sigs: 1369028, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 250, sigs: 42, f-level: 63, builder: neo)
Upgrading /etc/MailScanner/MailScanner.conf

Your old configuration file will be saved as:
/etc/MailScanner/MailScanner.conf.old.40032

Substitution pattern not terminated at -e line 1.
Usage:

RPM
===
If you are using the RPM distributions then try this:

cd /etc/MailScanner
upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > MailScanner.new
mv -f MailScanner.conf MailScanner.old
mv -f MailScanner.new  MailScanner.conf

TAR
===
If you are using the tar distribution so that the old version is in
/opt/MailScanner and the new one is in /opt/MailScanner.new then:

cd /opt/MailScanner.new/etc
../bin/upgrade_MailScanner_conf /opt/MailScanner/etc/MailScanner.conf
/opt/MailScanner.new/etc/MailScanner.conf > MailScanner.new
mv -f MailScanner.conf MailScanner.old
mv -f MailScanner.new  MailScanner.conf

NOTE
====
To keep your old comments in your original file, add "--keep-comments"
to the command line.  Note that this will mean you don't get to find
out any extra new values you might be able to use in existing "improved"
configuration options.

No .rpmnew file, so just copying your existing .conf file.

----------------------------------------------------------
Installation Complete

See http://www.mailscanner.info for more information and  
support via the MailScanner mailing list.


--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner

t dara | 12 Apr 03:13 2015
Picon

Mailscanner use a lots of RAM

Dear All,

After I install mailscanner new version(v4.85.2-1), I notice RAM usage so high.
when I stop mailscanner service, RAM come back to normal. Please see attachment file as your reference.

Thanks,
Sovandara

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner


Gmane