Vlad Mazek | 16 Dec 19:21 2014

MailScanner seems to be skipping messages

Im running  4.81.4 with sendmail.

I'm starting to see messages not going through MailScanner, is there any scenario you guys would think would cause a message to not be scanned. This is something that is sporadic.

Maillogs dont show any entries for these message IDs, which in the past may have been attributed to cached scoring. But I'm not seeing the MailScanner header inserts at all.
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Ugo Vasi | 15 Dec 18:05 2014
Picon

TNEF in postfix hold path

Hi all,
in a recent installation (debian 7 + mailscanner 4.84.5-4~wheezy + 
postfix   2.9.6-2) I see this warnings in mail.log:

Dec 15 17:57:23 mail postfix/showq[18891]: warning: hold/tnefwaSOJu: uid 
102: not a regular file
Dec 15 17:57:23 mail postfix/showq[18891]: warning: hold/tnef0R36P5: uid 
102: not a regular file
Dec 15 17:57:23 mail postfix/showq[18891]: warning: hold/tnefTBC2pw: uid 
102: not a regular file
Dec 15 17:57:23 mail postfix/showq[18891]: warning: hold/tnefvBgPij: uid 
102: not a regular file
Dec 15 17:57:23 mail postfix/showq[18891]: warning: hold/tnef9a5yNc: uid 
102: not a regular file
Dec 15 17:57:23 mail postfix/showq[18891]: warning: hold/tnef2XEO6H: uid 
102: not a regular file
Dec 15 17:57:23 mail postfix/showq[18891]: warning: hold/tnefceRLQ7: uid 
102: not a regular file
Dec 15 17:57:23 mail postfix/showq[18891]: warning: hold/tnefFF_uw1: uid 
102: not a regular file
Dec 15 17:57:23 mail postfix/showq[18891]: warning: hold/tnefq6wleV: uid 
102: not a regular file

Infact, in the /var/spool/postfix/hold folder, I see these "tnef*" 
folders that are deleted after a while.

I suspect that MailScanner use the TNEF Eìexpander (/usr/bin/tnef) in 
the postfix's hold directory.

It seems that this does not create problems to the email flow but it is 
strange...

Who can help me to find a solution?

Thanks

-- 

   U g o   V a s i    <ugo.vasi <at> procne.it>
   P r o c n e  s.r.l    >)
   via Cotonificio 45  33010 Tavagnacco IT
   phone: +390432486523 fax: +390432486523

Le informazioni contenute in questo messaggio sono riservate e
confidenziali ed è vietata la diffusione in qualunque modo eseguita.
Qualora Lei non fosse la persona a cui il presente messaggio è
destinato, La invitiamo ad eliminarlo e a non leggerlo, dandocene
gentilmente comunicazione.
Per qualsiasi informazione si prega di contattare support <at> procne.it .
Rif. D.L. 196/2003

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
t dara | 15 Dec 03:24 2014
Picon

Have problem with MailScanner 4.84.6 Cannot Add inline signature

Hello,

I have problem with MailScanner 4.84.6 Cannot Add inline signature.
I see in config file, By default it should be add inline signature. I already to try restart MailScanner and didn't see any error message.

Here is my configration
Inline HTML Signature = %report-dir%/inline.sig.html
Inline Text Signature = %report-dir%/inline.sig.txt
Sign Clean Messages = yes

Thanks for your help,
Sovandara
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Mohammed Ejaz | 11 Dec 14:30 2014
Picon

Email-bounce.

 

 

 

hello,

 

some of my user receiving the below error  when sending their emails, would you please shed some light what could be the reason for it. thanks in advance

 

Ejaz

 

 

 

 

Our virus detector failed to completely analyse a message you sent:-

  To: irene.gorget <at> lactalis.com.ua

  Subject: RE: current result versus B2015 - UFIC

  Date: Thu Dec 11 14:59:29 2014

Any parts of the message that could not be analysed will not have been delivered.

 

If you are using Microsoft Outlook, we strongly recommend you change your outgoing message format from "Rich Text" to "HTML" or "Plain Text".

 

1) Click on the "Tools" menu and choose "Options..."

2) Go to the "Mail Format" tab

3) For message format, select "HTML" or "Plain text"

4) Click OK

 

The virus detector said this about the message:

Report: Report: MailScanner: Message attempted to kill MailScanner

 

 

--

MailScanner

Email Virus Scanner

Your Organisation Name Here

www.your-organisation.com

 

For all your IT requirements visit: http://www.transtec.co.uk

 

Please don't print this e-mail unless you really need to. Save

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Steve Freegard | 4 Dec 23:35 2014

Re: Bounces from Yahoo

On 04/12/14 16:23, Jeremy McSpadden wrote:
> Baruwa Enterprise has a patched/modified version of MS only available to
> paid.

Um - isn't that a violation of the GPL?  Any modifications to code that 
is part of MailScanner should have the sources available to anyone that 
requests it (typically it's easiest to put patches up on a website 
though, to avoid CD requests).

At FSL we made a point of contributing anything we did to MailScanner 
back to the community; like ConfigSQL which I expect Baruwa uses.

Kind regards,
Steve.
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Kevin Miller | 2 Dec 20:11 2014

Bounces from Yahoo

Every now and then, my users will send to Yahoo and the mail bounces.  The cause is duplicate subject headers.

SOMEONE <at> yahoo.com on 12/1/2014 3:52 PM
            Diagnostic code = NoDiagnostic; Reason code = TransferFailed; Status code = 500
            <mta7.am0.yahoodns.net #5.0.0 SMTP; 554 Message not allowed - Headers are not RFC compliant[291]>

There's a similar thread over in the Baruwa neighborhood, but apparently it's a MailScanner bug.  They
mention a fix over there but I don't know that it's made it to github for MailScanner yet.

http://baruwa-users-list.963389.n3.nabble.com/Yahoo-Headers-are-not-RFC-compliant-td4027435.html

Anyone else having this issue?  Any patch files out for it?

Running on:
Linux smtp.ci.juneau.ak.us 2.6.18-398.el5 #1 SMP Tue Sep 16 20:50:52 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux
This is CentOS release 5.11 (Final)
This is Perl version 5.008008 (5.8.8)

This is MailScanner version 4.84.5

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357 

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Andreas Pflug | 1 Dec 12:30 2014
Picon

data loss from failed link

Lately, I've been moving MailScanner's in and out exim queues to a xfs
file system, and configuring quota projects on both queues (no limits
applied).

After a while I noticed that the out queue would contain only xxx-H
files, no message body xxx-D files any more. The logfile would state
"Failed to link message body between queues". Apparently the creation of
a hard link failes if the target directory is in a different xfs quota
project.

Unfortunately, the check in EximDiskStore.pm LinkData() (line 256) just
logs a message and continues, deleting the non-linked message and thus
losing data. Instead of Log::WarnLog a Log::DieLog should be generated,
because losing data on misconfigured storage isn't acceptable.

Regards
Andreas
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Michael Masse | 25 Nov 22:14 2014
Picon

moving DNSBL to MTA

I currently have both sendmail and MailScanner set up to use the Spamhaus and BRBL blocklists.   I am trying to get away from MailScanner doing DNSBL lookups to get better performance.    The problem I'm having is that sendmail seems to skip quite a few incoming emails for some reason.   It does catch a lot so I'm fairly certain it's configured in sendmail properly.    I'm noticing that a lot of email gets past the MTA DNSBL stage and then gets caught at the MailScanner stage.   Has anyone ever seen this?  What could cause it?   They are both pointed to the exact same blocklists.   I've triple checked that.   I can't get rid of it within MailScanner till I know why the MTA seems to be skipping some emails.
 
 
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Mohammed Ejaz | 16 Nov 14:29 2014
Picon

PDF-gets-corrupted

hello,

 

We  have some problem  through one of the sender "" whenever he is sending an email with an attachment of more than 1 MB of PDF, gets corrupted and recipient cannot open the file, it says problem with file format.  

 

whereas the same sender ending same attachment  to yahoo, Hotmail and gmail etcc. without any problem.

 

our setup is

 

Front End (we use to filter the email)

 

mailscanner,clamav,spamassin with postfix mail servers

 

BackEnd.

 

Communicate  where the actual mailboxes are existed.

 

when eliminate our front end filters just to test Email (problematic Email and attachment)  gets through. it clears that problem is Mailscanner somewhere. but I unable to trace out.

 

so. please any help would be highly appreciated.

 

Thanks in advance.

 

Best Regards

Ejaz

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Sim | 10 Nov 12:44 2014
Picon

Bounce from "destination server" as SPAM - header/received too short!

Hello to all!

I've a little issue...

SENDER (from test <at> extenal.com  to  nomail <at> mydomain) ------> MailScanner -----> Mailbox Server ( <at> mydomain)

At this time my internal "Mailbox Server" generate a bounce for not exiting "nomail" account.
This bounce is detected as SPAM from MailScanner.

Note:
- The IP of Mailbox Server is in "Whitelist"
- The LAN (/24) of Mailbox Server is in "Trusted Network"
- The LAN (/24) of Mailbox Server is in "Outbound mail relay"
- All other email sent from "Mailbox Server" are detected as "white list"


Checking the log of postfix i've found this:

postfix/cleanup[20872]: C1C2960069: hold: header Received: from srv.mydomain.local (unknown [192.168.0.10])??(using TLSv1 with cipher AES128-SHA (128/128 bits))??(No client certificate requested)??by mail.mydomain.com (Postfix) w from unknown[192.168.0.10]; from=<> to=<test <at> external.com> proto=ESMTP helo=<srv.mydomain.local>
[..]
MailScanner[19852]: Spam Checks: Starting
MailScanner[19852]: Message C1C2960069.AEB15 from 192.168.0.10 has no (or invalid) watermark or sender address, marked as high-scoring spam
MailScanner[19852]: Spam Checks: Found 1 spam messages


The header of postifx/cleanup is incomplete!!!!

Looking for full header i've seen:  "(Postfix) with ESMTPS id C1C2960069?"    and not only    "(Postfix) w"


How to increase this "check of the header limit" in postfix, cleanup or MailScanner ?

Thanks
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Sim | 10 Nov 11:38 2014
Picon

REJECT (not bounce) spam with HI score?

Hello!

Is it possible to "drop SMTP connection with a reject code", and not close with "250 Ok...", if the score is Hi or with virus?

In this case the message is "bounced" directly from the mail server of the sender, and not generated a new message/bounce from destionation (MailScanner) server.

Thanks for your support

---
Sim
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Gmane