Re: [Mimedefang] whitelist_from not working
I'm sorry. I should have been more specific. I put them in the sa-mimedefang.cf file, and they work fine for me. - Jon > on 8/23/04 7:19 AM, Mike Carlson at [EMAIL PROTECTED] wrote: > >> I have MimeDefang installed on a FreeBSD 4.8 box and I am running into a >> problem where a whitelisted address is still getting tagged as spam. I have >> added the address to /usr/local/etc/mail/spamassassin/local.cf >> >> Is there another place I should be putting it? There is a >> /usr/local/etc/mimedefang/sa-mimedefang.cf file, should I be putting my white >> lists there? >> ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] whitelist_from not working
That's where I put them, and they work for me. - Jon on 8/23/04 7:19 AM, Mike Carlson at [EMAIL PROTECTED] wrote: > I have MimeDefang installed on a FreeBSD 4.8 box and I am running into a > problem where a whitelisted address is still getting tagged as spam. I have > added the address to /usr/local/etc/mail/spamassassin/local.cf > > Is there another place I should be putting it? There is a > /usr/local/etc/mimedefang/sa-mimedefang.cf file, should I be putting my white > lists there? > > --Mike Carlson > [EMAIL PROTECTED] > http://www.uselessthoughts.com > > > ___ > Visit http://www.mimedefang.org and http://www.canit.ca > MIMEDefang mailing list > [EMAIL PROTECTED] > http://lists.roaringpenguin.com/mailman/listinfo/mimedefang > ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Upgrading MD from 2.33
David F. Skoll wrote: On Mon, 23 Aug 2004, NFN Smith wrote: Where I'm at right now is that I remember that there were changes, but I can't find in my personal archives or the mailing list archives any description of what changes I need to get added. Download 2.44, and search for the string: NOTE INCOMPATIBILITY in the Changelog. Got it. I forgot to check there. Thanks for the fast turnaround. Smith ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Upgrading MD from 2.33
On Mon, 23 Aug 2004, NFN Smith wrote: > Where I'm at right now is that I remember that there were changes, but I > can't find in my personal archives or the mailing list archives any > description of what changes I need to get added. Download 2.44, and search for the string: NOTE INCOMPATIBILITY in the Changelog. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Upgrading MD from 2.33
I've got a server that's running MD 2.33, and I'm finally getting around to upgrading MD to version 2.44 (Actually, I'm doing a full server rebuild, moving from RH 7.2 to Fedora-Core 2, and while I'm at it, making sure that I have reasonably current copies of everything). In any case, the reason my machine got stuck at 2.33 was that if I remember correctly, 2.35 and above required some content changes in the mimeconfig-filter file, and since our site has a bunch of localized rules (which I didn't write), I remember deciding to pass (at least for a while), because it meant doing some hacking on my current config, rather than simply copying in the default one, and manually re-adding a handful of small changes. Where I'm at right now is that I remember that there were changes, but I can't find in my personal archives or the mailing list archives any description of what changes I need to get added. I have seen that the name of the logging call is changed from md_log to me_graphdefang_log. However are there any other changes I need to apply to a config file that works in 2.33 before running it under 2.44? Thanks in advance. Smith ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Greco's Cash Job
Mark, Look through the cash_botbak email and see what time the saturday emails come in. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] mimedefang not scanning
Am Mo, den 23.08.2004 schrieb Andrew Jayes um 18:24: > Ok, check one done I do have the milter compiled. > > "Also ensure that your filter logs all messages, and then check thatin > your mail log you do indeed get a message from the filter." > > How do I ensure that the filter logs the messages? And where is the maillog for > sendmail located, and just in case, is the message from the filter an obvious "yea > this went through the filter" /var/log/maillog Yes, processing is obvious from the log. > Andrew Jayes Alexander -- Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp Serendipity 19:01:54 up 3 days, 14:44, load average: 1.45, 1.69, 1.60 ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] mimedefang not scanning
Ok, check one done I do have the milter compiled. "Also ensure that your filter logs all messages, and then check thatin your mail log you do indeed get a message from the filter." How do I ensure that the filter logs the messages? And where is the maillog for sendmail located, and just in case, is the message from the filter an obvious "yea this went through the filter" As for the code, I have seen it work on a different machine I setup some months back and I am positive it's the same. Cheers, --- Andrew Jayes e-Business Officer Heart of England Tourism Tel: 01905 76 11 20 Fax:01905 76 34 50 e-Mail: [EMAIL PROTECTED] -Original Message- From: Paul Murphy [mailto:[EMAIL PROTECTED] Sent: 23 August 2004 16:37 To: [EMAIL PROTECTED] Subject: RE: [Mimedefang] mimedefang not scanning Andrew, Ensure that Sendmail is compiled with Milter support using: sendmail -d0.1 -bt < /dev/null At the top of the output, you should see something like the following: Version 8.12.11 Compiled with: DNSMAP LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS NISPLUS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT XDEBUG If the MILTER entry is missing, sort out Sendmail so that it includes milter support - search the Mimedefang mailing list archives for details. Also ensure that your filter logs all messages, and then check that in your mail log you do indeed get a message from the filter. If the messages are being logged by the filter, check that your header addition code is actually being called. Best Wishes, Paul. __ Paul Murphy Head of Informatics Ionix Pharmaceuticals Ltd 418 Science Park, Cambridge, CB4 0PA Tel. 01223 433741 Fax. 01223 433788 > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Andrew Jayes > Sent: 23 August 2004 16:16 > To: [EMAIL PROTECTED] > Subject: [Mimedefang] mimedefang not scanning > > > Hi, > For some reason mimedefang is not scanning any mail > that is passing through sendmail. > > Fedora core > Sendmail > mimedefang > Spam assassin > Clamd > NAI > > In the mimedefang config I have code setup so that anything > that is scanned has a header added to say x-spam scanned and > x-virus scanned. At the moment all mail that comes through > does not have this header. > > In 'ps axf' I can see entries for sendmail, mimedefang and > clamd so it all seams to be running. > > I have added my domain to the access file under /etc/mail to > allow sendmail to relay any mail on to my exchange server. > > Can anyone think why this is not working or give me some > suggestions of what I can check on. > > Cheers, > > --- > Andrew Jayes > e-Business Officer > Heart of England Tourism > > Tel: 01905 76 11 20 > Fax: 01905 76 34 50 > e-Mail: [EMAIL PROTECTED] > > > > > > > > > ___ > Visit http://www.mimedefang.org and http://www.canit.ca > MIMEDefang mailing list > [EMAIL PROTECTED] > http://lists.roaringpenguin.com/mailman/listinfo/mimedefang > ___ DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please contact the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741 ___ ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] mimedefang not scanning
Am Mo, den 23.08.2004 schrieb Andrew Jayes um 17:16: > For some reason mimedefang is not scanning any mail that is passing through > sendmail. > > Fedora core > Sendmail > mimedefang > Spam assassin > Clamd > NAI > > In the mimedefang config I have code setup so that anything that is scanned has a > header added to say x-spam > scanned and x-virus scanned. At the moment all mail that comes through does not have > this header. > Andrew Jayes You did include the milter applications in the sendmail.mc? Set define(`confMILTER_LOG_LEVEL', `14')dnl in the sendmail.mc and in /etc/sysconfig/mimedefang set # Set to the syslog facility. Also set $SyslogFacility in your filter SYSLOG_FACILITY=mail and observe the maillog when mails are processed. I assume "mimedefang.pl -features" does list SA and ClamAV and uvscan. Alexander -- Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp Serendipity 17:58:01 up 3 days, 13:40, load average: 1.68, 1.41, 1.38 ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] mimedefang not scanning
Am Mo, den 23.08.2004 schrieb Paul Murphy um 17:37: > Ensure that Sendmail is compiled with Milter support using: > Paul. The Fedora Core 1/2 Sendmail has Milter support compiled in. Alexander -- Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp Serendipity 18:04:03 up 3 days, 13:46, load average: 1.32, 1.25, 1.30 ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] mimedefang not scanning
Andrew, Ensure that Sendmail is compiled with Milter support using: sendmail -d0.1 -bt < /dev/null At the top of the output, you should see something like the following: Version 8.12.11 Compiled with: DNSMAP LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS NISPLUS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT XDEBUG If the MILTER entry is missing, sort out Sendmail so that it includes milter support - search the Mimedefang mailing list archives for details. Also ensure that your filter logs all messages, and then check that in your mail log you do indeed get a message from the filter. If the messages are being logged by the filter, check that your header addition code is actually being called. Best Wishes, Paul. __ Paul Murphy Head of Informatics Ionix Pharmaceuticals Ltd 418 Science Park, Cambridge, CB4 0PA Tel. 01223 433741 Fax. 01223 433788 > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Andrew Jayes > Sent: 23 August 2004 16:16 > To: [EMAIL PROTECTED] > Subject: [Mimedefang] mimedefang not scanning > > > Hi, > For some reason mimedefang is not scanning any mail > that is passing through sendmail. > > Fedora core > Sendmail > mimedefang > Spam assassin > Clamd > NAI > > In the mimedefang config I have code setup so that anything > that is scanned has a header added to say x-spam scanned and > x-virus scanned. At the moment all mail that comes through > does not have this header. > > In 'ps axf' I can see entries for sendmail, mimedefang and > clamd so it all seams to be running. > > I have added my domain to the access file under /etc/mail to > allow sendmail to relay any mail on to my exchange server. > > Can anyone think why this is not working or give me some > suggestions of what I can check on. > > Cheers, > > --- > Andrew Jayes > e-Business Officer > Heart of England Tourism > > Tel: 01905 76 11 20 > Fax: 01905 76 34 50 > e-Mail: [EMAIL PROTECTED] > > > > > > > > > ___ > Visit http://www.mimedefang.org and http://www.canit.ca > MIMEDefang mailing list > [EMAIL PROTECTED] > http://lists.roaringpenguin.com/mailman/listinfo/mimedefang > ___ DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please contact the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741 ___ ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] patch - handle hung clamav gracefully
On Fri, 20 Aug 2004, Chris Myers wrote: > Attached is a patch which adds a 5-second timeout to the PING/PONG process > when talking to clamd. If clamd doesn't respond in that timeframe, the > routine now properly returns a "cannot-execute" status. Thanks. I've applied a patch that does the same thing as yours, but looks a little different. It will be in 2.45. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] mimedefang not scanning
Hi, For some reason mimedefang is not scanning any mail that is passing through sendmail. Fedora core Sendmail mimedefang Spam assassin Clamd NAI In the mimedefang config I have code setup so that anything that is scanned has a header added to say x-spam scanned and x-virus scanned. At the moment all mail that comes through does not have this header. In 'ps axf' I can see entries for sendmail, mimedefang and clamd so it all seams to be running. I have added my domain to the access file under /etc/mail to allow sendmail to relay any mail on to my exchange server. Can anyone think why this is not working or give me some suggestions of what I can check on. Cheers, --- Andrew Jayes e-Business Officer Heart of England Tourism Tel: 01905 76 11 20 Fax: 01905 76 34 50 e-Mail: [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Not an ARRAY reference error
Marco,
I believe it's failing because you are calling file-based code on a directory
entry in the Zip file.
Instead, I use code which skips directory entries:
if ($zip->read($path) == AZ_OK) # file is OK and can be read
{
md_syslog('debug', "Scanning zip file, Path=$path");
my $tfname = Archive::Zip::tempFileName('.');
my @members = $zip->members();
foreach my $member (@members)
{
if (! $member->isDirectory()) # no sense worrying about folders
{
my $file = $member->fileName();
$size = $member->uncompressedSize(); # check for DoS content
md_syslog('debug', "scanning ZIP member $file, size=$size");
if ($size > 50e6) # approx 50Mb
{
md_graphdefang_log('Archive member too big', $file, $RelayAddr);
action_discard();
return;
}
...
The full version of this code is attached.
Best Wishes,
Paul.
__
Paul Murphy
Head of Informatics
Ionix Pharmaceuticals Ltd
418 Science Park, Cambridge, CB4 0PA
Tel. 01223 433741
Fax. 01223 433788
___
DISCLAIMER:
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to which they
are addressed. If you have received this email in error please contact
the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741
___
zipcheck.pl
Description: zipcheck.pl
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] whitelist_from not working
I have MimeDefang installed on a FreeBSD 4.8 box and I am running into a problem where a whitelisted address is still getting tagged as spam. I have added the address to /usr/local/etc/mail/spamassassin/local.cf Is there another place I should be putting it? There is a /usr/local/etc/mimedefang/sa-mimedefang.cf file, should I be putting my white lists there? --Mike Carlson [EMAIL PROTECTED] http://www.uselessthoughts.com ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Not an ARRAY reference error
Hello.
I'm using this code (from Michal Jankowski) to check
virus inside zip file:
if (-s "./INPUTMSG" < 200*1024) {
if (lc($ext) =~ /\.zip$/) {
use Archive::Zip qw(:ERROR_CODES);
my $path = $entity->bodyhandle->path;
my $zip = Archive::Zip->new();
Archive::Zip::setErrorHandler(sub {});
if ($zip->read($path) == AZ_OK()) {
md_syslog('debug', "Scanning zip file, Path=$path");
#my $tfname = Archive::Zip::tempFileName('.');
my $tfname = Archive::Zip::tempFile('.');
my @members = $zip->members();
foreach my $member (@members) {
my $file = $member->fileName();
$size = $member->uncompressedSize();
md_syslog('debug', "Scanning zip entry $file,
size=$size");
# approx 50Mb siz limit!
if ($size > 50e6) {
md_graphdefang_log('Archive member too big ', $file,
$RelayAddr);
action_notify_administrator("Archive member too big $file - mail
bounced");
action_bounce("Archive member $file too big");
#action_discard();
return;
}
if ($member->isEncrypted()) {
md_syslog('debug', "scanning Encrypted ZIP member
$file");
my ($bad_exts, $re);
$bad_exts =
'(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|fxp|hlp|ht
a|hto|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|p
rg|reg|scr|sct|sh|shb|shs|sys|url|vb|vbe|vbs|vcs|vxd|wmd|wms|wmz|wsc|wsf
|wsh|zip|\{[^\}]+\})';
$re = '\.' . $bad_exts . '\.*([^-A-Za-z0-9_.,]|$)';
if (lc($file) =~ $re) {
md_graphdefang_log('Encrypted_badfile', $file,
$RelayAddr);
action_notify_administrator("A file called $file
was detected in an encrypted ZIP file attached to an incoming e-mail -
bounced.");
#action_quarantine_entire_message("An encrypted
ZIP attachment conatining $file was removed from this document as
it\nconstituted a security hazard. If you require this document, please
contact\nIT Support to arrange for it to be released.\n");
action_bounce("Encrypted files of this type not allowed here");
#action_discard();
return;
}
md_syslog('warning', "Encrypted file $file");
} else {
$zip->extractMember($member, $tfname);
md_syslog('debug', "Scanning ZIP entry $file");
use File::Scan;
my $scanner = File::Scan->new;
my $virus = $scanner->scan($tfname);
unlink($tfname);
if ($virus) {
md_graphdefang_log('virus', $virus, $RelayAddr);
action_notify_administrator("Virus $VirusName inside zip found
in mail - rejected");
action_bounce("Virus $VirusName found in mail - rejected");
#action_discard();
return;
}
}
}
} else {
# do something with broken .zip files (eg. discard)
# action_quarantine_entire_message("broken zip");
md_graphdefang_log('bad_file', 'broken zip', $RelayAddr);
action_notify_administrator("broken zip named $fname - reject");
action_bounce("broken zip - reject");
return;
}
}
}
MIMEDefang die with this error:
sm-mta[1223]: i79Hfv53001223: from=, size=8680, class=0, nrcpts=1,
msgid=, proto=SMTP, daemon=MTA,
relay=sj-ez-63-96-164-7.bea.com [63.96.164.7] (may be forged)
mimedefang.pl[152]: Scanning zip file, Path=Work/msg-152-28.zip
mimedefang.pl[152]: Scanning zip entry price.html, size=1086
mimedefang.pl[152]: Scanning ZIP entry price.html
mimedefang.pl[152]: Scanning zip entry price/, size=0
mimedefang-multiplexor[129]: Slave 2 stderr: Not an ARRAY reference at
/usr/lib/perl5/5.8.4/File/Path.pm line 143.
mimedefang-multiplexor[129]: Slave 2 died prematurely -- check your
filter rules
mimedefang-multiplexor[129]: Reap: Idle slave 2 (pid 152) exited
normally with status 255 (SLAVE DIED UNEXPECTEDLY)
mimedefang-multiplexor[129]: Slave 2 resource usage: req=33, scans=14,
user=4.480, sys=0.310, nswap=0, majflt=1843, minflt=18178, maxrss=0,
bi=0, bo=0
mimedefang[1224]: Error from multiplexor: ERR No response from slave
mimedefang[1224]: i79Hfv53001223: Filter failed. Message kept in
/var/spool/MIMEDefang/mdefang-i79Hfv53001223
sm-mta[1223]: i79Hfv53001223: Milter: data, reject=451 4.7.1 Please try
again later
sm-mta[1223]: i79Hfv53001223: to=<[EMAIL PROTECTED]>, delay=00:00:01,
pri=38680, stat=Please try again later
Archive-Zip version: 1.12
Hints?
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
