RE: [Maybe OT] - RFC compliance checking at session

 > -----Original Message-----
 > From: mailscanner-bounces <at> lists.mailscanner.info 
 > [mailto:mailscanner-bounces <at> lists.mailscanner.info] On 
 > Behalf Of Glenn Steen
 > Sent: Friday, February 29, 2008 5:21 PM
 > To: MailScanner discussion
 > Subject: Re: [Maybe OT] - RFC compliance checking at session
 > 
[...]
 > >  will violate. But if I can validate any part of the helo, 
 > I will accept the
 > >  message. But sans RDNS, heloing as BILLS_ROOM.local is 
 > getting the door
 > >  slammed for sure. You give a proper helo, have something 
 > like proper DNS and
 > >  even if you are a host on comcast's dynamic pool you will 
 > get past the helo,
 > >  probably won't get very far past it but you will get past it.
 > >
 > Mostly truee for 1123 too...
 > Since I get a good effect from the strict part, I don't do the rdns
 > valitation... When the srtictness checks stop being effective I might
 > start looking at it, but by then... there might be a new RFC 
 > outdating
 > both 2821 and 1123 (and 821, which is already superseded) that
 > actually tell us that we MUST validate the domain.... No, wait, that
 > ust be another beverage-induced fever-dream;-D.
 > 

RE: [Maybe OT] - RFC compliance checking at session

> -----Original Message-----
> From: mailscanner-bounces <at> lists.mailscanner.info [mailto:mailscanner-
> bounces <at> lists.mailscanner.info] On Behalf Of Rick Cooper
> Sent: 01 March 2008 00:55
> To: 'MailScanner discussion'
> Subject: RE: [Maybe OT] - RFC compliance checking at session
>
>
>
>  > -----Original Message-----
>  > From: mailscanner-bounces <at> lists.mailscanner.info
>  > [mailto:mailscanner-bounces <at> lists.mailscanner.info] On
>  > Behalf Of Glenn Steen
>  > Sent: Friday, February 29, 2008 5:21 PM
>  > To: MailScanner discussion
>  > Subject: Re: [Maybe OT] - RFC compliance checking at session
>  >
> [...]
>  > >  will violate. But if I can validate any part of the helo,
>  > I will accept the
>  > >  message. But sans RDNS, heloing as BILLS_ROOM.local is
>  > getting the door
>  > >  slammed for sure. You give a proper helo, have something
>  > like proper DNS and
>  > >  even if you are a host on comcast's dynamic pool you will
>  > get past the helo,
>  > >  probably won't get very far past it but you will get past it.
>  > >
>  > Mostly truee for 1123 too...
>  > Since I get a good effect from the strict part, I don't do the rdns

Re: [Maybe OT] - RFC compliance checking at session

On Fri, 29 Feb 2008 23:19:36 +0100
Hugo van der Kooij <hvdkooij <at> vanderkooij.org> wrote:

> | So what do you guys think? Am I just being particularly awkward on a
> | Friday afternoon and should I spend my time re-working our config to
> | work around an organisation who is blatantly ignorant of common mail
> | server practise, or just tell my user that the sending organisation
> | needs to get their act together?
> 
> If they are aware the setup is not working well I would not spend
> another milisecond on it. It's not your problem.

Maybe I have just totally misread this entire post; however it seems to
me that the acceptance or rejection of a message must be done at the
MTA level. Using Postfix, I can set various flags to either accept or
reject messages based on what ever criteria I want. I don't see how I
could use mailscanner in that environment since I would have to accept
the message and then send it onto mailscanner. There is no way I could
legitimately reject the message after that point in time.

Then again, maybe I have just misunderstood this entire thread. Sorry!

-- 
Gerard
gerard <at> seibercom.net

The generation of random numbers is too important to be left to chance.

--

-- 

RE: Queue problem

Hi Glenn

In MailScanner.conf:
Was that:
Spam List = SBL+XBL spamcop.net NJABL CBL

In spam.lists.conf:
spamhaus.org                    sbl.spamhaus.org.
spamhaus-XBL                    xbl.spamhaus.org.
spamhaus-PBL                    pbl.spamhaus.org.
spamhaus-ZEN                    zen.spamhaus.org.
SBL+XBL                         sbl-xbl.spamhaus.org.
spamcop.net                     bl.spamcop.net.
NJABL                           dnsbl.njabl.org.
ORDB-RBL                        relays.ordb.org.
MAPS-RBL                        blackholes.mail-abuse.org.
MAPS-DUL                        dialups.mail-abuse.org.
MAPS-RSS                        relays.mail-abuse.org.
MAPS-RBL+                       rbl-plus.mail-abuse.ja.net.
RFC-IGNORANT-DSN                dsn.rfc-ignorant.org.
RFC-IGNORANT-POSTMASTER         postmaster.rfc-ignorant.org.
RFC-IGNORANT-ABUSE              abuse.rfc-ignorant.org.
RFC-IGNORANT-WHOIS              whois.rfc-ignorant.org.
RFC-IGNORANT-IPWHOIS            ipwhois.rfc-ignorant.org.
RFC-IGNORANT-BOGUSMX            bogusmx.rfc-ignorant.org.
Easynet-DNSBL                   blackholes.easynet.nl.
Easynet-Proxies                 proxies.blackholes.easynet.nl.
Easynet-Dynablock               dynablock.easynet.nl.
SORBS-DNSBL                     dnsbl.sorbs.net.
SORBS-HTTP                      http.dnsbl.sorbs.net.

RE: Queue problem

Hi Jule

Dig results comes within 41-108 msec

Maxime Gaudreault
Technicien
                                                  
Référence Systèmes inc.
Tél. : 418.650.0997
Téléc. : 418.650.9668
Courriel : mgaudreault <at> reference.qc.ca
Site Internet : http://www.reference.qc.ca/

-----Original Message-----
From: mailscanner-bounces <at> lists.mailscanner.info
[mailto:mailscanner-bounces <at> lists.mailscanner.info] On Behalf Of Julian Field
Sent: February 29, 2008 5:50 PM
To: MailScanner discussion
Subject: Re: Queue problem

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Maxime Gaudreault wrote:
>
> Hi
>
> The hold queue is actually at 415 emails
>
> Load Average: 0.11 0.25 0.53

Re: [Maybe OT] - RFC compliance checking at session

On Sat, Mar 01, 2008 at 08:14:55AM +0000, Jason Ede wrote:

> What do ppl tend to do about MTA's that don't seem to understand
> temporary reject codes (such as 450) for stuff like greylisting?
> We've one client that uses our spam filtering and it seems to be
> only 1 that complains that people seem unable to email them. The one
> rejection email that I've had sent through (only 1 ever been sent
> despite repeated requests for NDRs to work out why the email isn't
> getting through) indicated that their ISP tried once to deliver
> email and then bounced it right back to sender if it got any form of
> response from our server. As far as I understand that's in direct
> contradiction of the RFCs. I thought if it was a 5XX or the like
> then it should return to sender but a 4XX code should always be
> retried at least a few times for a period of upto 5 days.
>
> I really like greylisting as it cuts down our server load by a
> factor of 2 or more and makes it possible not to need more servers,
> but it's getting the boss to understand that we can't keep just
> adding exception after exception for people and their bad ISP's as
> we don't know where they will be mailing from beforehand...

I (reluctantly) exempt the sending IPs from greylisting. Similarly, 
I've had to exclude some senders from greet-pause screening, because
they're needed, even though they connect-and-blast. I hate it, but the
mail is mission-related and the addressees tell me they need it. 

I've had to mark some senders and some receivers as "don't use TLS", 
too, because they don't do TLS correctly. Some of them are companies 
that do commercial mail screening, and it's very interesting that our
TLS won't interoperate with theirs but will work with 99.995% of the 

Problem after update

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

RE: FW: Another attack to fight off

> -----Original Message-----
> From: Julian Field [mailto:MailScanner <at> ecs.soton.ac.uk]
> Sent: Friday, February 29, 2008 05:05 PM
> To: MailScanner discussion
> Subject: Re: FW: Another attack to fight off
>
> Jim Hermann wrote:
> > I use this setting:
> >
> > Incoming Queue Dir =
> /home/virtual/FILESYSTEMTEMPLATE/services/sendmail/mqueue
> /home/virtual/site*/fst/var/spool/mqueue
> >
> > It collects email from 200 different directories.
> >
> > Jim
> >
> Just for the list's reference, this is an init.d script problem, as it
> doesn't directly support multiple incoming queues. So it has trouble
> starting up the incoming sendmail process. INQDIR is calculated in
> /etc/sysconfig/MailScanner and used to set the -OQueueDirectory=
> command-line option in /etc/init.d/MailScanner. It is read
> straight out
> of MailScanner.conf. So if MailScanner.conf's setting refers to a text
> file listing directory names, the init.d script tries to start up
> sendmail with the QueueDirectory option set to a text file,
> so it shouts
> and screams about it 
>
> MailScanner itself is working just fine. Ideally a fancier
> init.d script
> would find the text file and make nasty noises that it won't
> be able to
> start up the incoming sendmail without modification.
>
> Jules

That explains the difference.  I don't use the standard MailScanner /etc/init.d/MailScanner script.  I
have custom scripts for starting MailScanner and sendmail.

Jim

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Re: Queue problem

In which case your DNS lookups should be okay. That's a perfectly 
reasonable figure in my experience.

Run "MailScanner --debug --debug-sa". It will produce loads of output. 
However, at some point in the SpamAssassin output, it will pause for a 
second or two. You want to catch it there, then resume it and then 
immediately stop it again, as the bits you are interested in are the 
lines of output printed out immediately *after* the pause.

This can take a few goes to catch, though someone did post a nice 
command the other day to prepend each line of output with the current 
time, so you could see easily when (and how long) the pauses were. Can 
someone repost that please? If I can find it, I'll work out how to build 
it into the MailScanner debug output directly. It will help diagnose 
this sort of problem a lot.

This output should tell you where the pauses are, and therefore what 
operations are taking too long.

Maxime Gaudreault wrote:
> Hi Jule
>
> Dig results comes within 41-108 msec
>
> Maxime Gaudreault
> Technicien
>                                                   
> Référence Systèmes inc.
> Tél. : 418.650.0997
> Téléc. : 418.650.9668
> Courriel : mgaudreault <at> reference.qc.ca
> Site Internet : http://www.reference.qc.ca/
>
>
>
> -----Original Message-----
> From: mailscanner-bounces <at> lists.mailscanner.info
[mailto:mailscanner-bounces <at> lists.mailscanner.info] On Behalf Of Julian Field
> Sent: February 29, 2008 5:50 PM
> To: MailScanner discussion
> Subject: Re: Queue problem
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Maxime Gaudreault wrote:
>   
>> Hi
>>
>> The hold queue is actually at 415 emails
>>
>> Load Average: 0.11 0.25 0.53
>>
>> htop show many of these process:
>>
>> MailScanner: checking with SpamAssassin
>>
>> MailScanner: checking with Spam Lists
>>
>> CPU is 3%
>>
>> Mem is 25%
>>
>>     
> I would start checking your DNS setup. How long does it take for various 
> random "dig" commands to produce results? MailScanner should spend a 
> very small %-age of its time saying "checking with Spam Lists". If you 
> can see several of them in that state, then that's likely a DNS lookup 
> problem.
>
>   
>> I don't understand
>>
>> *Maxime Gaudreault*
>>
>> Technicien
>>
>> _ _
>>
>> Référence Systèmes inc.
>>
>> Tél. : 418.650.0997
>>
>> Téléc. : 418.650.9668
>>
>> Courriel : _mgaudreault_ <at> reference.qc.ca 
>> <mailto:mgaudreault <at> reference.qc.ca>
>>
>> Site Internet : http://www.reference.qc.ca/
>>
>> *From:* mailscanner-bounces <at> lists.mailscanner.info 
>> [mailto:mailscanner-bounces <at> lists.mailscanner.info] *On Behalf Of 
>> *Maxime Gaudreault
>> *Sent:* February 29, 2008 10:54 AM
>> *To:* MailScanner discussion
>> *Subject:* Queue problem
>>
>> Hi
>>
>> I have a problem with my anti-spam gateway. The queue is fulling up 
>> very quickly (1600+ mails in queue).
>>
>> The server's load average is <1 (0.60 - 0.80) so I suppose this is not 
>> a ressource problem.
>>
>> Then I have to change the port forwarding directly to my Imail server 
>> to let the anti-spam's queue going down.
>>
>> I used many tweak to maximize the efficacity of the anti-spam 
>> (mailscanner work directory in ram, dns cache server, increasing 
>> memory). I only got 1 CPU but I suppose this is not the problem 
>> because when the queue is full, the load average is under 1.
>>
>> Any idea ?
>>
>> PS: Sorry for my bad english
>>
>> PPS: Sorry if you received my message twice
>>
>> *Maxime Gaudreault*
>>
>> Technicien
>>
>> _ _
>>
>> Référence Systèmes inc.
>>
>> Tél. : 418.650.0997
>>
>> Téléc. : 418.650.9668
>>
>> Courriel : _mgaudreault_ <at> reference.qc.ca 
>> <mailto:mgaudreault <at> reference.qc.ca>
>>
>> Site Internet : http://www.reference.qc.ca/
>>
>>     
>
> Jules
>
> - -- 
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules <at> Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> PGP public key: http://www.jules.fm/julesfm.asc
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.8.0 (Build 2158)
> Comment: Use Thunderbird Enigmail to verify this message
> Charset: windows-1252
>
> wj8DBQFHyIwcEfZZRxQVtlQRAuPxAKD9kZyTPfF/rfAZwnYgYtTJ7wBQtACgn2PT
> eFc95lOZub+5/sADM2GStSY=
> =9oag
> -----END PGP SIGNATURE-----
>
>   

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules <at> Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

RE: Queue problem

I don't understand when to stop, start again etc.. (i don't speak english very well)

However, I can redirect the output to a log file. Can I send it to you ?

Maxime Gaudreault
Technicien
                                                  
Référence Systèmes inc.
Tél. : 418.650.0997
Téléc. : 418.650.9668
Courriel : mgaudreault <at> reference.qc.ca
Site Internet : http://www.reference.qc.ca/

-----Original Message-----
From: mailscanner-bounces <at> lists.mailscanner.info
[mailto:mailscanner-bounces <at> lists.mailscanner.info] On Behalf Of Julian Field
Sent: March 1, 2008 12:03 PM
To: MailScanner discussion
Subject: Re: Queue problem

In which case your DNS lookups should be okay. That's a perfectly 
reasonable figure in my experience.

Run "MailScanner --debug --debug-sa". It will produce loads of output. 
However, at some point in the SpamAssassin output, it will pause for a 
second or two. You want to catch it there, then resume it and then 
immediately stop it again, as the bits you are interested in are the 
lines of output printed out immediately *after* the pause.

This can take a few goes to catch, though someone did post a nice 
command the other day to prepend each line of output with the current 
time, so you could see easily when (and how long) the pauses were. Can 
someone repost that please? If I can find it, I'll work out how to build 
it into the MailScanner debug output directly. It will help diagnose 
this sort of problem a lot.

This output should tell you where the pauses are, and therefore what 
operations are taking too long.

Maxime Gaudreault wrote:
> Hi Jule
>
> Dig results comes within 41-108 msec
>
> Maxime Gaudreault
> Technicien
>                                                   
> Référence Systèmes inc.
> Tél. : 418.650.0997
> Téléc. : 418.650.9668
> Courriel : mgaudreault <at> reference.qc.ca
> Site Internet : http://www.reference.qc.ca/
>
>
>
> -----Original Message-----
> From: mailscanner-bounces <at> lists.mailscanner.info
[mailto:mailscanner-bounces <at> lists.mailscanner.info] On Behalf Of Julian Field
> Sent: February 29, 2008 5:50 PM
> To: MailScanner discussion
> Subject: Re: Queue problem
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Maxime Gaudreault wrote:
>   
>> Hi
>>
>> The hold queue is actually at 415 emails
>>
>> Load Average: 0.11 0.25 0.53
>>
>> htop show many of these process:
>>
>> MailScanner: checking with SpamAssassin
>>
>> MailScanner: checking with Spam Lists
>>
>> CPU is 3%
>>
>> Mem is 25%
>>
>>     
> I would start checking your DNS setup. How long does it take for various 
> random "dig" commands to produce results? MailScanner should spend a 
> very small %-age of its time saying "checking with Spam Lists". If you 
> can see several of them in that state, then that's likely a DNS lookup 
> problem.
>
>   
>> I don't understand
>>
>> *Maxime Gaudreault*
>>
>> Technicien
>>
>> _ _
>>
>> Référence Systèmes inc.
>>
>> Tél. : 418.650.0997
>>
>> Téléc. : 418.650.9668
>>
>> Courriel : _mgaudreault_ <at> reference.qc.ca 
>> <mailto:mgaudreault <at> reference.qc.ca>
>>
>> Site Internet : http://www.reference.qc.ca/
>>
>> *From:* mailscanner-bounces <at> lists.mailscanner.info 
>> [mailto:mailscanner-bounces <at> lists.mailscanner.info] *On Behalf Of 
>> *Maxime Gaudreault
>> *Sent:* February 29, 2008 10:54 AM
>> *To:* MailScanner discussion
>> *Subject:* Queue problem
>>
>> Hi
>>
>> I have a problem with my anti-spam gateway. The queue is fulling up 
>> very quickly (1600+ mails in queue).
>>
>> The server's load average is <1 (0.60 - 0.80) so I suppose this is not 
>> a ressource problem.
>>
>> Then I have to change the port forwarding directly to my Imail server 
>> to let the anti-spam's queue going down.
>>
>> I used many tweak to maximize the efficacity of the anti-spam 
>> (mailscanner work directory in ram, dns cache server, increasing 
>> memory). I only got 1 CPU but I suppose this is not the problem 
>> because when the queue is full, the load average is under 1.
>>
>> Any idea ?
>>
>> PS: Sorry for my bad english
>>
>> PPS: Sorry if you received my message twice
>>
>> *Maxime Gaudreault*
>>
>> Technicien
>>
>> _ _
>>
>> Référence Systèmes inc.
>>
>> Tél. : 418.650.0997
>>
>> Téléc. : 418.650.9668
>>
>> Courriel : _mgaudreault_ <at> reference.qc.ca 
>> <mailto:mgaudreault <at> reference.qc.ca>
>>
>> Site Internet : http://www.reference.qc.ca/
>>
>>     
>
> Jules
>
> - -- 
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules <at> Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> PGP public key: http://www.jules.fm/julesfm.asc
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.8.0 (Build 2158)
> Comment: Use Thunderbird Enigmail to verify this message
> Charset: windows-1252
>
> wj8DBQFHyIwcEfZZRxQVtlQRAuPxAKD9kZyTPfF/rfAZwnYgYtTJ7wBQtACgn2PT
> eFc95lOZub+5/sADM2GStSY=
> =9oag
> -----END PGP SIGNATURE-----
>
>   

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules <at> Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!