RE: [Mimedefang] MIMEDefang 2.48 is available
Chris, * embperl.c: Detect if user opens file descriptors inside his/her filter. If so, log a loud and nasty warning that such code should be moved to filter_initialize. Why is it a problem to do this outside of filter_initialize? The design of MIMEDefang is such that you cannot guarantee that the slave which started processing your message is the same as the slave which finishes the processing, as each part of the SMTP process could be passed to a different slave. If you have enabled checking at all stages, there could be different slaves for filter_relay, filter_sender, filter_recipient, one filter() per entity, and then also a filter_end call. As slaves are reaped when they have processed a configured number of requests to ensure memory usage is limited, your slave could terminate after the first part of the message, and a different slave could take over. If the file descriptor use is completely local to the procedure (i.e. you open a file, write to it, then close it), then your use is probably safe (subject to locking race conditions). If you open it in filter_sender, then attempt to read from it in filter_recipient, then you are digging a very large hole for yourself - in many cases, it will work, especially on lightly loaded systems, but you will then find it failing with obscure side effects or untraceable problems when the load rises. Best Wishes, Paul. __ Paul Murphy Head of Informatics Ionix Pharmaceuticals Ltd 418 Science Park, Cambridge, CB4 0PA Tel. 01223 433741 Fax. 01223 433788 ___ DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please contact the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741 ___ ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang 2.48 is available
* embperl.c: Detect if user opens file descriptors inside his/her filter. If so, log a loud and nasty warning that such code should be moved to filter_initialize. Why is it a problem to do this outside of filter_initialize? I guess this would affect database failover reconnection code [outside of filter_initialize] upon detection of connection errors? Chris __ Do you Yahoo!? Y! Messenger - Communicate in real time. Download now. http://messenger.yahoo.com ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang 2.48 is available
On Mon, 1 Nov 2004, Chris Masters wrote: * embperl.c: Detect if user opens file descriptors inside his/her filter. If so, log a loud and nasty warning that such code should be moved to filter_initialize. Why is it a problem to do this outside of filter_initialize? Because after we fork a child, we close() all unneeded file descriptors (see mimedefang-multiplexor.c, around line 2193. This will most likely close the file descriptor out from under Perl -- that is, Perl will think the descriptor is open, but the C code will have closed it. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Where can I find the mimedefang.sock
Y Compile and Build de MiMeDefang and dont get the mimedefang.sock in the place that the manual says. I should recompile or what, please somebody help me. I thank you so much ! _ MSN Premium. Protégete, Comunícate y Diviértete http://join.msn.com/?pgmarket=es-mxpage=byoa/premxAPID=989DI=233SU=http://www.t1msn.com.mx/ ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] filtering Subjects contains HTML code
Hello, We have been using Mimedefang for nearly a year now at the company I work at with great success. We have some spam coming through because of what I believe is HTML code or illegal characters in the subject line. Below is a sample from the sendmail log showing the subject line. Is there anyway to get rid of the messages that begin with '=?utf-8'? Any rule examples would be appreciated or a point in the right direction? Oct 27 08:08:10 skyextmta mimedefang.pl[27226]: MDLOG,i9RE7V75027868,mail_in,4.266,217.239.20.9,[EMAIL PROTECTED],[EMAIL PROTECTED],=?utf-8?q?youngish ang ruttish?= =?utf-8?q? misses are awaitin?= =?utf-8?q?g you!?= Thanks, Gord ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Passing username to SpamAssassin for user preferences
All: With the new SQL features in SA3, I was wandering if anyone has explored passing 'username' to SpamAssassin (SA) via the spam_assassin_init(;$) subroutine in mimedefang.pl (similar to using -u in spamd)? [A question regarding how to pass username was posed 6/23/03, with no answer]. I am working on enhancing our install and users' interaction w/ spam filtering (like prefs, false positive recovery, and maybe even per-user basian rules). Since MimeDefang (MD) is running under the 'defang' user, SA won't be able to determine the correct username for a message (at least that's the way I read Mail::SA). _ My Goals: Each users can specify their config info via a web interface to the database (similar to the Using SQL paper in the SA Wiki). Multiple domains are supported User's don't need accounts on the box (all virt users, etc). The reason for letting SA handle this is for whitelist/blacklist, rbl checks etc. Though I think the SA threshold cannot be controlled through this mechanism since SA really cannot manipulate the message (that's MD's job). _ My thoughts: 1. Change prototype spam_assassin_is_spam(;$) to take 2 optional arguments (or remove the prototype - eeek!) 2. Change each subsequent prototype for spam_assassin_check spam_assassin_status spam_assassin_init 3. In spam_assassin_init, define username = $optionallyPassedUsername in the new method of MAIL::SpamAssassin 4. Then, from mimedefang-filter, we can call spam_assassin_check (username, configfile) (or vise versa). This should allow the SQL definitions in the SA configfile to be used for looking up userprefs and let SA do the math for each config option. I've already defined the schema for my db, and parts of the web interface. Now I am working on the username part of the problem. _ Questions: 1. Is mimedefang.pl the best place to make these modifications? 2. If this were to become part of the standard MD, are any of the core developers opposed to the placement of these modifications? 3. Anyone got better ideas? Thanks in advance. -Tony This email message and any attachments are for the sole use of the intended recipient(s) and contain confidential and/or proprietary information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and any attachments. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Passing username to SpamAssassin for user preferences
On Sun, 31 Oct 2004, Caruso, Anthony J. wrote: My Goals: Each users can specify their config info via a web interface to the database (similar to the Using SQL paper in the SA Wiki). Multiple domains are supported User's don't need accounts on the box (all virt users, etc). Well, that's why we sell CanIt-PRO! :-) My thoughts: 1. Change prototype spam_assassin_is_spam(;$) to take 2 optional arguments (or remove the prototype - eeek!) I don't plan on making any changes to the spam_assassin functions. If you want this level of control, simply create your own Mail::SpamAssassin object and manipulate it directly. 1. Is mimedefang.pl the best place to make these modifications? Not as far as I'm concerned. 2. If this were to become part of the standard MD, are any of the core developers opposed to the placement of these modifications? Yup. This can be done in the filter without any changes to mimedefang.pl. And while I'm happy to release MIMEDefang under the GPL, these sorts of changes are uncomfortably close to eating into CanIt and CanIt-PRO territory. Unfortunately, we have to make a living too. :-) Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Passing username to SpamAssassin for user preferences
David F. Skoll wrote: And while I'm happy to release MIMEDefang under the GPL, these sorts of changes are uncomfortably close to eating into CanIt and CanIt-PRO territory. Unfortunately, we have to make a living too. :-) David, we really appreciate the GPL version. So much so, that the company I work with has purchased a CanIt license, yet continues to use the GPL MIMEDefang version. Keep up the good work. To those who are financially benefiting from MIMEDefang -- why not buy a CanIt licence to demonstrate your appreciation. Cheers. -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd Unless you are named Alfred E. Newman, you may read only the odd numbered words (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender AU$10 for each even numbered word you have read. Adapted from Stupid Email Disclaimers (see http://www.goldmark.org/jeff/stupid-disclaimers/) ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Resetting Bayes DB
I too would like to know what people do about this. When performing a major upgrade to SA I usually start fresh (especially when going to 3.0, just had some issues). Not sure if this is good or not, probably loose some good training but also get rid of some false positives. Sincerely, Robert T. Covell President / Owner Rolet Internet Services, INC Web: www.rolet.com Email: [EMAIL PROTECTED] Phone: 816.471.1095 Fax: 816.471.3447 24x7: 816.210.7145 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ben Kamen Sent: Monday, November 01, 2004 8:17 AM To: [EMAIL PROTECTED] Subject: [Mimedefang] Resetting Bayes DB I've been seeing a lot more easily characterized spam getting through lately... does it make any sense to reset the bayes DB every so often? Who here does and how often? Thanks, -Ben ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Blocking on HELO (was Re: [Mimedefang] filter_relay)
On Mon, 1 Nov 2004, Aleksandar Milivojevic wrote: BTW, back to the original question of using HELO argument for filtering. One thing to note is that using HELO for any kind of checks is highly discouraged. That's true. But a very narrow block can block a lot of spam. My mail server (mail.roaringpenguin.com) has IP address 206.191.13.82. Take a look at this: $ fgrep 'HELO 206.191.13.82' /var/log/maillog | wc -l 49 The maillog covers about 36 hours. That means that more than once an hour, some random host claims to be *my* IP address (206.191.13.82) in its HELO. I block all of those and haven't had a complaint yet. (If you were pedantic, you'd block a host that uses any kind of naked IP address in HELO, because it really should use [ip.addr.of.host] with the square brackets.) Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Allowing mails from specific users
Hi, One of my local users needs to be able to receive specific emails from one particular user, however, the sender is sending attached files which are zipped .exe files. At the moment, I' having to unquaratine these mails daily, but ideally I would like to set MD so that the extensions check is skipped for this sender. If I put in a filter_sender section, where it matches the sender, that returns a ACCEPT_AND_NO_MORE_FILTERING, will this be executed before the extension check, or will I need to do something different here ? Thanks, Richard -- Richard Whelan Senior Systems Administrator PIPEX Direct: +44 (0) 1865 381568 Mobile: +44 (0) 7786 276020 website: http://www.pipex.net/ This e-mail is subject to: http://www.pipex.net/disclaimer.html ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Allowing mails from specific users
Yes that would work. Of course any virus/spammer pretending to use that email address would also get through. Nelson Minica ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] 451 4.7.1 Please try again later
Hi, I am running MIMEDefang 2.48 with the latest Perl modules on my Redhat Linux 9 box, and I always see 451 4.7.1 Please try again later. What does it mean? At the same time, I have another two Solaris 9 machines with MIMEDefang 2.44, and I don't see the error message at all. I was trying to increase the timeout intervals for busyTime and cmdTime, the problem was still there. Any suggestion? Thanks, ming ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Passing username to SpamAssassin for user prefer ences
David: All good points, thanks. The idea of creating my own SA object is one of those obvious things overlooked as one digs through the weeds of the code. Duh! slapping head Thanks for the input. -Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David F. Skoll Sent: Monday, November 01, 2004 7:40 AM To: '[EMAIL PROTECTED]' Subject: Re: [Mimedefang] Passing username to SpamAssassin for user preferences On Sun, 31 Oct 2004, Caruso, Anthony J. wrote: My Goals: Each users can specify their config info via a web interface to the database (similar to the Using SQL paper in the SA Wiki). Multiple domains are supported User's don't need accounts on the box (all virt users, etc). Well, that's why we sell CanIt-PRO! :-) My thoughts: 1. Change prototype spam_assassin_is_spam(;$) to take 2 optional arguments (or remove the prototype - eeek!) I don't plan on making any changes to the spam_assassin functions. If you want this level of control, simply create your own Mail::SpamAssassin object and manipulate it directly. 1. Is mimedefang.pl the best place to make these modifications? Not as far as I'm concerned. 2. If this were to become part of the standard MD, are any of the core developers opposed to the placement of these modifications? Yup. This can be done in the filter without any changes to mimedefang.pl. And while I'm happy to release MIMEDefang under the GPL, these sorts of changes are uncomfortably close to eating into CanIt and CanIt-PRO territory. Unfortunately, we have to make a living too. :-) Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This email message and any attachments are for the sole use of the intended recipient(s) and contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and any attachments. This email message and any attachments are for the sole use of the intended recipient(s) and contain confidential and/or proprietary information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and any attachments. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Allowing mails from specific users
True, but it's an unusual email address, and I have AV checking on a separate system that all mails go through, so that wouldn't be skipped. Yes that would work. Of course any virus/spammer pretending to use that email address would also get through. Nelson Minica Thanks, Richard ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang -- Richard Whelan Senior Systems Administrator PIPEX Direct: +44 (0) 1865 381568 Mobile: +44 (0) 7786 276020 website: http://www.pipex.net/ This e-mail is subject to: http://www.pipex.net/disclaimer.html ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Blocking spam senders using IPTables?
Hi, We've recently seen a large increase in SPAM volume, and although SA is taking care of the classification, a simple analysis of the messages shows that most have a pattern, in that everything which has a particular user's e-mail address in the subject is SPAM. Looking at the relay IP addresses, almost all are immediately suspected to be SPAM sender domains, rather than botnets or abused relays/proxies: 52.189.55.66.in-addr.arpa name = mx20.ejackpotclubdeals.com. 53.189.55.66.in-addr.arpa name = mx20.ejackpotclubbenefit.com. 54.189.55.66.in-addr.arpa name = mx20.ebigprizesclubdeals.com. 57.189.55.66.in-addr.arpa name = mx21.myvendaresecurities.com. 58.189.55.66.in-addr.arpa name = mx21.myphillipsdirect.net. 59.189.55.66.in-addr.arpa name = mx21.mymembersexclusive.com. 61.189.55.66.in-addr.arpa name = mx21.myjackpotclubgiveaway.com. 63.189.55.66.in-addr.arpa name = mx21.myusawellnet.com. 16.142.108.67.in-addr.arpa name = mx101.bargaincities.info. 17.142.108.67.in-addr.arpa name = mx101.bargain-city.info. 18.142.108.67.in-addr.arpa name = mx101.bargainsite.info. 19.142.108.67.in-addr.arpa name = mx101.bargainsites.info. 20.142.108.67.in-addr.arpa name = mx101.cuttingedgeinfoage.info. 21.142.108.67.in-addr.arpa name = mx101.cuttingedgeinfotech.info. 22.142.108.67.in-addr.arpa name = mx101.cuttingedge-infotech.info. 23.142.108.67.in-addr.arpa name = mx101.cuttingedgeintech.info. 32.142.108.67.in-addr.arpa name = mx102.cuttingedge-tech.info. 34.142.108.67.in-addr.arpa name = mx102.cuttingedgetechs.info. 35.142.108.67.in-addr.arpa name = mx102.cuttingedgetimes.info. 37.142.108.67.in-addr.arpa name = mx102.evirtualgoldmine.info. 38.142.108.67.in-addr.arpa name = mx102.evirtualgoldminez.com. 39.142.108.67.in-addr.arpa name = mx102.evirtualgoldpalace.info. Given that real mail from these sites is unlikely, I'm tempted to implement a system of blocking all traffic from these IP addresses using the following scheme: A. Add a date/time stamped record to a database with that IP address as the key, and a spam count of 1 B. If the number of records matching that IP is now 3 or more, modify the IPTables system to drop all traffic from that IP with an ICMP Host-Prohibited message C. Run a daily expiry process which removes all records which are more than X days old (with X starting at 10 days) and which removes the IPTables entry if the new count is less than 3. They appear to be using a bank of outgoing mail servers which are all on different IP addresses, and although I see multiple messages from some addresses, my current volume is low enough that it is normal to see addresses only two or three times in a couple of days - 493 messages from 223 unique IP addresses. I'd also be interested in implementing a block based on address range check, so perhaps if more than 10 SPAM messages which scored over 10 were received from an address block, then the known or estimated range of SPAM senders in that block would be blacklisted using IPTables, with a daily review. To illustrate this, supposed I received 3 SPAM messages from 1.2.3.4, 2 messages from 1.2.3.8, 2 messages from 1.2.3.9, and four from 1.2.3.12, then working firstly with a nominal class C assumption I would calculate that the average value for the fourth octet is 8.25, the standard deviation is 3.3, and so the normal range would be 5 to 11 - as a result, I would block all of the known IP values, plus the values in the range between 5 and 11, nicely filling in the gaps in the known range. This would go into the database with a timestamped value of 3. Given that I am happy that the false positive rate is zero based on the last week of logs, can anyone see any issues with this approach? Any suggestions on how to improve it? Best Wishes, Paul. __ Paul Murphy Head of Informatics Ionix Pharmaceuticals Ltd 418 Science Park, Cambridge, CB4 0PA Tel. 01223 433741 Fax. 01223 433788 ___ DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please contact the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741 ___ ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] filter_relay
On 1 Nov 2004 at 9:18, Aleksandar Milivojevic wrote: For example, they'll use ISP's mail server to relay. Most ISP's don't have virus scanners (too expensive). I don't know about this statement anymore. First, there are great free scanners, like ClamAV. Second, I see a *lot* of bounces from virus scanners where the From address is forged to my domain, so I know that there are a great many virus scanners on mail servers...they just aren't very well configured. -- Jeff Rife| Sam: Hey, how's life treating you there, Norm? SPAM bait: | [EMAIL PROTECTED] | Norm: Beats me...then it kicks me and leaves me [EMAIL PROTECTED] | for dead. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Allowing mails from specific users
Richard, I use a Perl hash to hold details of all whitelisted addresses, and check this before calls to contentious parts of the filter, e.g.: At the top of the filter (i.e. globally): # Addresses to allow regardless of origin $IncomingWhitelist{'[EMAIL PROTECTED]'} = 1; $IncomingWhitelist{'[EMAIL PROTECTED]'} = 1; Then in the relevant parts of the filter (in this case : # skip greylisting for selected users my @senderparts = split(/@/, $Sender); my $senderdom = $senderparts[1]; $senderdom =~ s/[]//g; #md_syslog('debug',Whitelist check - $Sender,$senderdom,$ip); if ( (exists $IncomingWhitelist{lc($sender)}) || (exists $IncomingWhitelist{lc($senderdom)}) || ( exists $LocalRelayAddrs{$ip}) ) { md_syslog('info',WhiteList - skip greylisting check, Sender=$Sender,Dom=$senderdom, Addr=$ip); return ('CONTINUE', ok); } Or: if ( (!exists $IncomingWhitelist{lc($Sender)}) (filter_bad_filename($entity)) ) { md_graphdefang_log('bad_filename', $fname, $type); action_notify_administrator(A file called $fname from $Sender was removed from an e-mail with subject | $subject | - quarantined.\n\n); This has the advantage of keeping in virus scanning, SPAM filtering, or whatever while allowing some addresses to skip some parts. In addition, my ZIP file handling is fairly involved, as the only way to be sure that a zip file is safe is to examine the contents in an intelligent manner. See the attached code from filter() for details. Best Wishes, Paul. __ Paul Murphy Head of Informatics Ionix Pharmaceuticals Ltd 418 Science Park, Cambridge, CB4 0PA Tel. 01223 433741 Fax. 01223 433788 ___ DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please contact the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741 ___ zip_check.pl Description: zip_check.pl ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] auto white lists and lock files
I'm starting to see more and more lines in my log files about failures to create lock file for auto white list database that MIMEDefang uses. Basically, they look something like this: Nov 1 10:49:57 foobar mimedefang-multiplexor[27632]: Slave 0 stderr: unlock: 27632 failed to create lock tmpfile /var/spool/MIMEDefang/mimedefang-autowhitelist.lock.foobar.27632 at /path/to/SpamAssassin/Locker/UnixNFSSafe.pm line 144. Nov 1 10:52:24 foobar mimedefang-multiplexor[27632]: Slave 2 stderr: lock: 27632 unlink of temp lock /var/spool/MIMEDefang/mimedefang-autowhitelist.lock.foobar.27632 failed: No such file or directory As soon as I'm starting to see them, MIMEDefang more or less gets stuck, and Sendmail starts rejecting mails with 451 please try again later. The non-standard stuff I have in config files is: MX_EMBED_PERL yes MX_REQUESTS 10 MX_IDLE 15 In sa-mimedefang.ca: auto_whitelist_path/var/spool/MIMEDefang/mimedefang-autowhitelist And in mimedefang-filter enabled standard initialization stuff for auto white lists as distributed in stock mimedefang-filter. -- Aleksandar Milivojevic [EMAIL PROTECTED]Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7 ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: Blocking on HELO (was Re: [Mimedefang] filter_relay)
On Mon, 1 Nov 2004, David F. Skoll wrote: That's true. But a very narrow block can block a lot of spam. My mail server (mail.roaringpenguin.com) has IP address 206.191.13.82. .. The maillog covers about 36 hours. That means that more than once an hour, some random host claims to be *my* IP address (206.191.13.82) in its HELO. I block all of those and haven't had a complaint yet. As do I. Blocking HELO claiming to be my domain works well also. (If you were pedantic, you'd block a host that uses any kind of naked IP address in HELO, because it really should use [ip.addr.of.host] with the square brackets.) I tried that but rejected good email from a few broken mail servers. :-( Regards, Mike Lambert ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] VERY Newbie Question
On 10/30/2004 00:27, Alexander Dalloz wrote: Sorry, I did not vote for rejecting based on a missing reverse DNS entry. No RFC states that such an entry is required for an MTA. But I really see no reason why the forward DNS entry and the hostname of a constant, legitimate mail server should differ. A fairly common case is were the dns service is outsourced to a different Co. that the Co. who provides the IP block. e.g. we use EasyDNS to provide primary and secondary DNS hosting, yet our subnet comes from SBC. The best we can manage is to have a generic reverse entry for our IPs. There are many other situations with smaller businesses that use e.g. DSL connectivity in which it's virtually impossible for them to get a proper reverse allocation, particularly businesses outside of the US/CA ~Jason -- ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] slaves
On Mon, 1 Nov 2004, Button, Shawn wrote: Here's my mc line, I have experimented with bumping up the timeouts to 5 minutes with limited success, I also dropped the F=T line to make sure that mail still came through... Your timeouts are way too low. I recommend 15 minutes for S, R and E. T=S:15m;R:15m;E:15m Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] slaves
Thank you kindly... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David F. Skoll Sent: Monday, November 01, 2004 2:18 PM To: [EMAIL PROTECTED] Subject: Re: [Mimedefang] slaves On Mon, 1 Nov 2004, Button, Shawn wrote: Here's my mc line, I have experimented with bumping up the timeouts to 5 minutes with limited success, I also dropped the F=T line to make sure that mail still came through... Your timeouts are way too low. I recommend 15 minutes for S, R and E. T=S:15m;R:15m;E:15m Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] SURBL lookups no longer happening after upgrade to 2.48
On Mon, 1 Nov 2004, Sven Willenberger wrote: FreeBSD 5.2.1-Release had been using MD 2.44 with SA 2.64 and later with 3.0 and successfully was querying the SURBL nameserver (running a cached copy locally) -- this was visible using tcpdump on the loopback device listening on the rbldns port. Upgraded to MD 2.48 and no longer see traffic on this port, nor do I see the results of the SURBL tests in the spammy mail. Do you see messages like this in your log? WARNING: Something in your Perl filter appears to have opened a file descriptor outside of any function. With embedded Perl, you should move any code that opens a file descriptor into filter_initialize. DON'T BLAME MIMEDEFANG IF YOUR FILTER FAILS IN MYSTERIOUS AND UNPREDICTABLE WAYS. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang