[Mimedefang] Mimedefang dropping mail discard with no reason in log file - mail relay from hostname.roaringpenguin.com
I have a curious problem that email from a domain to a domain hosted by us is being discarded with no reason given. Their email when relayed via a separate relay server, which it looks like protected by CanIt, comes through ok, its only the one relay server that seems to be met with discard. The gist of the messages in my log are: Mar 5 16:36:15 ant sm-mta[3694]: t25GaFwa003694: Milter (mimedefang): init success to negotiate Mar 5 16:36:15 ant sm-mta[3694]: t25GaFwa003694: Milter: connect to filters Mar 5 16:36:15 ant sm-mta[3694]: t25GaFwa003694: milter=mimedefang, action=connect, continue Mar 5 16:36:16 ant sm-mta[3694]: t25GaFwa003694: milter=mimedefang, action=helo, continue Mar 5 16:36:16 ant sm-mta[3694]: t25GaFwa003694: milter=mimedefang, action=mail, continue Mar 5 16:36:16 ant sm-mta[3694]: t25GaFwa003694: ruleset=check_rcpt, relay=hostname.roaringpenguin.com [x.x.x.x], discard Mar 5 16:36:17 ant sm-mta[3694]: t25GaFwa003694: Milter (mimedefang): abort filter Mar 5 16:36:17 ant sm-mta[3694]: t25GaFwa003694: Milter accept: message Mar 5 16:36:17 ant sm-mta[3694]: t25GaFwa003694: discarded I think I should get a little more detail than this should I not? Does anyone have any thoughts? Does MD not like receiving from other MD servers have they had a falling out or just not talking to each other :-) jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] md_check_against_smtp_server
I'd like to thank everyone who replied to my recent query regarding md_check_against_smtp_server. The end result is now working beautfifully and inspired by the replies I am looking into caching the lookup results. I'd like to wish everyone here seasons felicitations. All the best for 2015 ! Regards jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang Notification
Hi Matt .. Did you restart mimedefang after you added the defang user to your special group? The user was already in the group Does your special group have rx access to all the dirs above your mailertable files? Just r, not rx Do you have selinux enabled? That can interfere with file access, even if the permissions look right. No, I had heard about that before .. but not in this case If I execute chmod ugo+r mailerlookuptable.db then it all works jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang Notification
Log what is in all the variables without if conditions, e.g. md_syslog('warning', mailerlookuptable result was $mailerlookuptable{$domain}); md_syslog('warning', JWR00115 I am host $host checking recipient $rcpt_addr against server $1 for domain $domain with arg=$1); That should be diagnostic. Good call Joseph, It was a permissions issue on the mailerlookuptable that I created. I created it the same way as I do with mailertable and the permissions are the same. I am opening the file read only. As far as I can see the 5th position permission is set to r so the members of the group owning the file is correct and mimedefang is run as a user in that group but it wasn't until I chmod'd to 777 that my code all sprung to life (only temporary 777 you understand!). I had assumed that the reason I wasn't previously getting anything back (I had tried the suggested output previously) is because the expression didn't return a value ... So now I am confused as to why the permissions are not sufficient ... indeed I can't open mailertable either from MD. jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang Notification
I'm not fully sure of your overall goal, but if your question is about a regex to parse your sample line above, then how about something generally like this: my $line = Domain.com esmtp:[9.9.9.9]:[8.8.8.8]; my ( $domain, $proto, $relays ) = ( $line =~ m/^(\S+)\s+(e?smtp)(:.+)$/i ); my @relays = ( $relays =~ m/:\[([^]]+)\]/g ); Hi Matt, This has been driving me nuts all day I first tried to replace Larry's Regex with yours directly thus: if( $mailerlookuptable{$domain} =~ m/^(\S+)\s+(e?smtp)(:.+)$/i ) { And it simply failed to work although using your code directly in an external PL script worked fine. I then reverted to Larry's exact regex which I am positive worked last week but now fails completely. At first I thought that maybe there was a problem with not using Untie but a reboot of the sever makes no difference. In my filter initialize I have: require DB_File; use Fcntl; tie %mailerlookuptable, DB_File, /etc/mail/mailerlookuptable.db, O_RDONLY; md_syslog('warning', JWR00115 open return); return; In filter_recipient I have my own personal domain for testing purposes like this: if (index(lc $rcpt_addr,'rowlan.co.uk') != -1) { ($user,$domain) = split /\@/, $rcpt_addr; md_syslog('warning', JWR00115 checking user $user against domain $domain); # m = match operator # to be matched between // # trailing i = case insensitive # ^ beginning of line symbol # () grouping together # \S = match non whitespace character # + = one or more times # \s = match whitespace character # ? = match 1 or 0 times # $ = end of line ... i.e. the text has to end at the end of line, we are looking for EOL # temporarily remmed # if( $mailerlookuptable{$domain} =~ m/^(\S+)\s+(e?smtp)(:.+)$/i ) { $host = hostname; if( $mailerlookuptable{$domain} =~ /^smtp:\[(.+)\]/ ){ md_syslog('warning', JWR00115 I am host $host checking recipient $rcpt_addr against server $1 for domain $domain with arg=$1); # don't do anything for real yet # return md_check_against_smtp_server($sender, $rcpt_addr, $host, $1); return (CONTINUE, OK); } else { md_syslog('warning', JWR00115 not matched); return (CONTINUE, OK); } } And I always get the not matched message. Am I either going mad or doing something silly? I am sure that I am suffering from code blindness ! Regards jON p.s. Regex ... ouch ! Hard work indeed !!! :-) ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang Notification
Thanks Anne, it looks I have some reading to do this weekend! Much obliged. Regards jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang Notification
Thanks Matt, I will try this out at the weekend when things are quiet(ish) Regards jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang Notification
Hi all, In a post back in 2011 Larry Starr referred to using md_check_against_smtp_server to verify email addresses ahead. http://lists.roaringpenguin.com/pipermail/mimedefang/2005-March/026240.h tml in this he has this line: if( $relaydomains{$domain} =~ /^smtp:\[(.+)\]/){ This reads a the value of a hash, it essentially takes the square bracketed mailertable entry to interpret the server to contact to check for a valid user. This works fine for 1 destination server but in some environments there may be a number of servers available to authenticate against, an MS Exchange network for example may have multiple Hub Transport servers. I wanted to extend this to include multiple MX which are defined thus: Domain.com esmtp:[9.9.9.9]:[8.8.8.8] And I thought that I had correctly figured the regex required would be: /^smtp:\[(.+)/) By taking out the escaped close square bracket then the match should be for a string that begins Smtp:[ With an undetermined number of any characters on the end. Then the plan was to split based upon the colon character. I have been unable to get this to work and trying to use DB_File in the way I would normally treat hash tables and disk files keeps telling me that my code is not blessed which I wold have thought is something that I would hear about in church! Has anyone managed to extend this excellent logic, which works perfectly for single MX, to allow for multiple MX ? Many thanks all, jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Process SPF checking for certain recipient domains
Thanks Ged. That is helpful although for some odd reason I feel very much told off :-) I should have added that I checked the sender domains and they all had SPF in place which is why I was tempted to try using the SPF mechanism. I have tried using hosts.deny but that doesn't seem to work for me, iptables may well be something to look at as you say. jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Process SPF checking for certain recipient domains
Hi Steffen, thanks for replying .. In filter_begin() you know sender and all recipients, there you can deploy the different checks. However, what will do if one recipient checks and another one does not and the message is to reject? You either need to silentliy discard the message for some recipients or generate bounce messages. There will not be any cross contamination between domains. So a message will be for someone at one customer domain and a number of their users but not for other domains that I host. In reality I only need to check the first recipient. jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Process SPF checking for certain recipient domains
Hi Ged, I am not sure that I was that imprecise. If you say so. But if you actually explain the problem rather than your own suggested solution (which just creates more problems), then there's a good chance we might be able to help you better. The problem is that some domains that I host on my mail server I want a harsher protection than others. In this particular case, a certain set of recipients have received bombardments of email from a set of IP's and they complain about two or three hundred emails in a day coming into their mail box. They would suffer the consequences of an SPF protected mail server (innocent senders are blocked because they don't use SPF and mail bounces) because they would see less spam, whereas other clients want to see all email and will not tolerate too many bounces from their clients. I want to selectively use SPF for some domains and not others for the purposes of the functionality that SPF offers. I want to tune this depending on the client domain. Does anyone have any thoughts or ideas on this please? Stop digging. Digging for what? Answers, I thought that was the point of asking? jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Process SPF checking for certain recipient domains
I have been looking though k/b articles but can find no real help on whether its possible to SPF check certain recipient domains? I would like certain domains that we accept mail for to use SPF but not on others. Is the only option to install an SPF sendmail/MD server and a separate non SPF one? Does anyone have any thoughts or ideas on this please? Thanks all jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Get the name of the AV scanning engine used
I have been trawling through mimedefang.pl and I can see where it enumerates the AV engines list. But I would like to be able to identify the actual engine used that detected the virus. I can't see that its in the $Scanner object that is used to actually run the scan. Can anyone guide me please is this even possible or does MD discard the name of the engine? I have just discovered that I do not actually have clamscan on my server, I have only got clamdscan and that would appear to mean that clamd is being used. Features also tells me it is: Archive::Zip : yes HTML::Parser : yes Net::DNS : yes Path:CONFDIR : yes (/etc) Path:QUARANTINEDIR: yes (/var/spool/MIMEDefang) Path:SENDMAIL : yes (/usr/sbin/sendmail) Path:SPOOLDIR : yes (/var/spool/MIMEDefang) Virus:CLAMD : yes (/usr/sbin/clamd) But I would really like to know the name of the scan engine from MD so that I can stamp my email with the engine used todetect a virus. I'd really appreciate it if someone could help me with this posting to please? Thanks all, jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_syslog not working Mimedefang 2.71
On Mon, 28 Apr 2014, Jon Rowlan wrote: Clamdscan works fine at the command line, its just that I am struggling to get the clam scan of any kind working via the socket. Did you configure MIMEdefang somehow to use that socket? This is my /etc/mail/mimedefang.pl.conf on a debian server: - 8 --- # Mimedefang configuration file # This file is a perl file which gets 'require'd from mimedefang # You can set the virus-scanner paths etc. # See mimedefang.pl $Features{'Path:QUARANTINEDIR'} = '/var/spool/MD-Quarantine'; $Features{'Virus:CLAMAV'} = '/usr/bin/clamscan'; $Features{'Virus:CLAMD'} = 1; $ClamdSock = '/var/run/clamav/clamd.ctl'; # DO NOT delete the next line, or Perl will complain. 1; - 8 --- Debian modified /usr/bin/mimedefang.pl to 'require' this file. I have just discovered that I do not have clamscan on my server but clamdscan appears to work from the command line. So I think that means that I have a correctly configured daemonised clam install and clamdscan will using the socket I presume? Thanks Kees, jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_syslog not working Mimedefang 2.71
Did you configure MIMEdefang somehow to use that socket? This is my /etc/mail/mimedefang.pl.conf on a debian server: Thanks Kees, I have that file, I will try this out. jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_syslog not working Mimedefang 2.71
Well, if you'll be scanning any significant amount of email, you'll definitely want to get clamd up running. Although MIMEdefang is able to find and use the stand-alone command-line scanner (clamscan), that would be much less desirable than having clamd up, allowing MD to talk directly to the clamd socket. This would save a lot of overhead for each scan. Clamdscan works fine at the command line, its just that I am struggling to get the clam scan of any kind working via the socket. Nels wrote in another reply that your version of MD does not have the -G option, so the advice I gave Friday might not work. You might have to make clamd run as the defang user. To do this, you'd have to edit your clamd.conf and your freshclam.conf, as well as checking the permissions of your clamav database directory. What does the -G do, I wonder whether I should upgrade to get the latest and greatest. But initially I want to get a distro version working ... Thanks Matt, jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_syslog not working Mimedefang 2.71
Yes. All you have to do is add the clamav user to the defang group, and make sure your MIMEdefang spool dir has permissions equivalent to this: drwxr-x--- 9 defang defang 260 2014-04-25 15:36 /var/spool/MIMEDefang/ I did that and cannot get the daemonised clam working as there still seems to be a permissions issue but I see that the command line clamav is running fine and picking up EiCar. That's good, I presume that is sufficient? I also use the -G option for MIMEdefang, but I can't remember if it's necessary. I can't find any reference to -G in man of mimedefang, mimedefang-multiplexor or mimedefang-filter. If you have selinux enabled, you may have other issues. But I always disable it. apparently (as far as I can see from articles I have found) selinux is installed in Debian Wheezy but disabled. Thanks Matt! jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_syslog not working Mimedefang 2.71
You are a star Steffen, thank you. I was getting very close to this with my hacking, its interesting to see how to use Perl outside of MD. This script creates entries in mail.log fine. Apr 25 11:03:47 mimedefang.pl[23318]: Unix::Syslog TEST warning Apr 25 11:03:47 mimedefang.pl[23318]: Sys::Syslog TEST info Apr 25 11:03:47 mimedefang.pl[23318]: Sys::Syslog TEST warning But MD does not, is there a logging level setting somewhere that I am missing? Thanks again for the code ... much appreciated. jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_syslog not working Mimedefang 2.71
It seems that my interpretation of the symptoms is incorrect. It wasn't that md_syslog was not working ... more that my filter was in the wrong place and never called! Can someone please confirm, is it possible to remove the block of text added by MD which has the link to the MD web site http://www.roaringpenguin.com/mimedefang/enduser.php3 ? I prefer the previous version generic message. Thanks for the help all, jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_syslog not working Mimedefang 2.71
Please ignore me. Silly question, I was not looking in the right place. jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_syslog not working Mimedefang 2.71
Previous? You're running MD 2.71 which is quite previous, itself. :) Yes, sadly I am using a Debian Distro, it's a little disappointing to think that I bite the bullet and go for the very latest Wheezy which in the last few months went from unstable to stable (i.e. very latest) and MD that is part of it is 4 years old! Its difficult to assess just how much has happened in 4 years ... Should I go for a compile my own do you think Matt? jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_syslog not working Mimedefang 2.71
I am very tempted to try a source compile once I have a stable platform on my live server. One thing that seems to still hamper me is the permissions issues I get. I like to use MD / SA / Clam. I still suffer on my old servers with Freshclam and the fact that some of the clam Daemons are run as user Defang. What I would like to do is standardise the combination. Is it possible to add defang and clamav users to a group and apply group permissions so these can all talk happily together rather than me have to change .conf file username settings .. So that I can update each package independantly and quickly integrate? I could write a single script to set folder perms for the group permission then. Does anyone have any up and running faster tips for this scenario? jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_syslog not working Mimedefang 2.71
Maybe you mimmick / test syslog with the code of mimedefang.pl and see where the logs are going. Maybe you need to enabled the tag or everything is in same generic log file. I am struggling to get this working, whilst I am happy with my basic knowledge of Perl fiddling with the filter, I am not knowledgable enough about Perl to test the use of SysLogD. Everything I have tried just doesn't work. Can anyone give me a snippet or two that will test the two types of syslog that I may have in place, it would really help me out as I am very keen to get MD working so I can get my relat in place. Thanks all. jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] md_syslog not working Mimedefang 2.71
I am rather embarrassed to say that after years of using MD, I have recently decided to bite the bullet and install a new Debian version and update all the associated tools that I use and for the life of me I cannot get md_syslog to work. I am not sure whether there are any tools to debug perl that I can usefully use in a text based SSH putty window so I use md_syslog for trace output in my other servers. I have this set in sendmail.mc define(`confMILTER_LOG_LEVEL', 14)dnl define(`confLOG_LEVEL', 14) I have the library libunix-syslog-perl installed. Somewhere there is a setting eluding me I am sure but I am damned if I can find it ! Can anyone please advise? Many thanks jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_syslog not working Mimedefang 2.71
Might be a stupid question, but anyway: are you sure that you have a syslog daemon installed. Not really a stupid question Kees, I hadn't checked that :-) I am using Wheezy and this is a clean new install and not an upgrade. Syslogd is a virtual package as far as I can tell from Aptitude. It's the only thing listed when I search for sysklogd. ps reports that I have rsyslogd running .. 2004 1 0 Apr23 ?00:00:00 /usr/sbin/rsyslogd -c5 I get basic mail.log logging ok, just not the md_syslog extra detail which is why I raised logging level for Milters and sendmail. jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Best place to collect Sender, Recipient and Server IP on a single log line
Hi Paul, I thought that filter_recipient would be the best place but my filter_recipient doesn't seem to get called. I think I wrote the function some years ago but never set the trigger up. Back to the man I think :-) Many thanks for the feedback, that's a very useful explanation I will keep for reference. jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Best place to collect Sender, Recipient and Server IP on a single log line
Hi all, I want to collect the sender, recipient and IP of the sending server in a single line in my log file. I don't seem to have the recipient in the arguments to filter_sender and I don't really want to turn on filter_recipient And for servers listed to allow relay in access MD does not seem to run filter_begin I want to be able to quickly grep a list of sender, recipient and IP so that I can filter by IP and quickly see a flood without having to hunt through mail.log for the separate from and to events. Can someone please suggest the best position for this code? Thanks jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Can I get MimeDefang to email alert me when a customer server is on an RBL
If the spam is being relayed out through your filter, your IP address is likely to be the one that will get blacklisted. It will be seen as the source of the spam. You might want to look into rate limiting your customers as well as scanning the messages. To a certain extent that is already being done but these are small emails and they typically go out on a Saturday and even rate limiting still sees a hell of a lot of mail going out. It just makes sense for me to RBL check the sending servers because that is where the problem is and indeed we are finding these sending servers listed on RBL servers - ours does not seem to get blacklisted. One of our ISP's is able to notify us when there is an issue from one of our client ISP's and we jump on and clean up the infection. I'd just like to do the same at my server. jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Can I get MimeDefang to email alert me when a customer server is on an RBL
Leading question: Do you test outbound email for spam? I use sendmail/md/sa/clam to test for inbound, I actually don't know whether any checks are performed on the outgoing by this combination of systems, I would have thought that some check are made on mail going out as well as in. The systems relaying are a disparate bunch of customer servers. Windows mainly. Occasionally we find a compromise and have to clean up but I am looking for ways to clean up far sooner and if possible to fix and block an impending flood before or as it happens. What I realised is that an entry in my Access table that allows relay though my servers does not check RBL. jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Can I get MimeDefang to email alert me when a customer server is on an RBL
I'd like to get MD to email an alert to postmaster when one of my customer relay servers is featured on an RBL list. I use MD/Clam/SA/Sendmail. Currently if I allow a relay from a customer server, no RBL check is done and it can be some time later that I discover I have been spammed through. Is this possible, I can't see any k/b articles to suggest how I might go about this. There are scripts that I can run to test a bunch of IP's but I would rather this be alerted at the point when a client server wants to relay through mine. Thanks all, jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Requeue failed messages
By dumping them directly into Outlook express (drag/drop) I get a pretty good rendering but there are some anomalies with the text. Just don't go there. Outlook will completely mangle your mail beyond recognition. You need the original RFC-822 format message and the original envelope senders. Those are only available if you use action_quarantine_entire_message(). Yes, Outlook express and Outlook do. However, I was curious as I have used the method to place the mails into the IMAP server for Squirrelmail to collect and no users have complained of corruption. Yesterday I placed the mails into the IMAP folders and they were all displaying perfectly with all attachments intact. I simply forwarded them to my email account and onto the users concerned. Just in case anyone needs to do this in future that seems to work a treat. how would I then re-queue the email? You would use UNIX tools like sed, awk and grep to extract the sender and recipient list and then use something like: sendmail -odi -f$SENDER $RECIPIENTS ENTIRE_MESSAGE Got it, thanks Dave, much obliged one and all. Regards jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Requeue failed messages
them to my email account and onto the users concerned. Just in case anyone needs to do this in future that seems to work a treat. It's not a question of corruption. It's a question of identifying recipients. Sorry to beat a dead horse but I want to make sure others know that they really have to use the action to quarantine the entire message. And I hope you've changed your filters to using it! Understood Kevin, I certainly will do just that, it will be cleaner. But I am wondering whether using the quarantine function will effectively block the delivery for normal mail or whether that will only happen if I follow that with a REJECT or whatever. If its simply an alternative to INPUTMSG it will be easy to replace. Regards jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Requeue failed messages
Hi all, I have had a bit of a disaster befall me. Recently a customers primary and secondary MX went offline and mail disappeared. For some time I have provided a fallback for when MX's are offline by using MD to copy the INPUTMSG to a mailstore for hosted mail and then I can use Squirrelmail to make this mail available for my customers to view. What I need to do here is to inject a number of emails back into the sendmail queue to allow them to be delivered. In the past I have tried to find ways to process these files but cannot remember whether I: a) saved them as MSG files b) saved them as EML file (my customers use M$ outlook/express) c) put them into the pickup on a Windows SMTP server d) drag them into a PST from the disk as either EML or MSG or I seem to have a scripts that runs: cat $1 | sendmail -v -t but nothing seems to work, not even this script which I am sure must have worked once ... Can anyone guide me on a definitive way to get the files created by MD delivered? I know its slightly off topic but the guys on this list have always seemed friendly and helpful and it is sort of on topic as the files are created with MD. Can anyone help? Many thanks all, jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Requeue failed messages
By dumping them directly into Outlook express (drag/drop) I get a pretty good rendering but there are some anomalies with the text. For example: ...? I visited =ite twice isn't quite right but is just about understandable. But for the most part the email is readable. Squirrel Mail translates these perfectly, they just work. I detect the domain when storing mail. I can use grep to identify the recipients. If I were to use something along the lines action_quarantine_entire_message() how would I then re-queue the email? I understand that with Sendmail I am missing the queue control file .. jON -Original Message- From: mimedefang-boun...@lists.roaringpenguin.com [mailto:mimedefang-boun...@lists.roaringpenguin.com] On Behalf Of Kevin A. McGrail Sent: 16 October 2012 21:40 To: mimedefang@lists.roaringpenguin.com Cc: Joseph Brennan Subject: Re: [Mimedefang] Requeue failed messages On 10/16/2012 4:13 PM, Joseph Brennan wrote: The first thing that I wonder about is how you will determine the recipient to deliver to. Sendmail -t will parse the To and Cc headers but they need not correspond to the recipient. I think the recipient can be parsed from the COMMANDS file if you save that. But the same question arises for the Squirrelmail access too, so maybe you have sorted the mail by recipient as it comes in. In that case if you know the recipient, something like sendmail u...@host.tld messagefile might be what you want. That won't set the sender address unless you do some more work to extract it from Return-Path and feed that on command line too. I've never attempted this type of mail manipulation so I can only offer first thoughts. I wonder whether ANYONE else has tried your method! I think you needed to have used the function action_quarantine_entire_message() to correctly perform this. I believe INPUTMSG is incomplete as Joseph points out. It won't necessarily give you the recipients. regards, KAM ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mail Admin Question
On Fri, 17 Aug 2012 13:05:36 -0400 wbr...@e1b.org wrote: Lately, my attitude runs towards Just because you can install Exchange doesn't mean you know what you're doing. snark Proficiency at installing Exchange is *inversely* correlated with competence. /snark Wow ... where did all this come from? As I run exchange and sendmail/MD systems I thought I would see why the exchange bods were being bashed again ... Someone has obviously had a pretty bad time with an Exchange dodo ... This seems to have come from nowhere (at least as far as I can see in this thread) Did I miss something? jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mail Admin Question
Well some of us are not quite so stupid as we choose Linux/Sendmail/MimeDefang/SpamAssassin as well as Exchange. It's a case of horses for courses .. For usability, I have never seen anything that competes with Outlook integrated with Exchange for workgroup collaboration. For relaying email I prefer SM/MD/SA for speed, protection and configurability. But you have to consider that not everyone wants to spend their whole life tweaking various settings in various config files. Most small businesses simply want to use what they can that will allow their users to integrate with their chosen word processor or spreadsheet on their chosen desktop system best. I manage a whole load of mail accounts so I have the time and inclination to tweak but most of my customers don't. We give them Exchange because it integrates with their desktop apps and I relay mail for them because its fast and can be tweaked easily. I can see the benefits of both sides, my question was simply, why is there an assumption that the problem is caused by a badly managed Exchange system? I didn't mean to stir up a hornets nest. jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mail Admin Question
Curiosity question for Todd and Jon, At this point in the game with people moving to very web based mail operation, are there any compelling reasons are there to stick with Exchange in the future? (other than legacy setup and a new learning curve?) And have your companies considered moving to cloud services like Gmail? -Ben Ok, well closed thread now but I would say ... When my clients drop the use of Office applications, Windows 7 OS then yes, I would consider suggesting a move to Gmail (I have my own google apps account) Fact of the matter is Micro$oft is master of this arena which is why Google is not (yet) winning that battle. jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MD and ClamAV
What would be the preferred and recommended way to use ClamAV with MD? None, I guess, because it all depends on your situation. They both need to use or have access to a .sock Not only that, they need to have access to the same files to scan, namely the spool directory of Mimedefang, where the Work dirs are located. So should I run Clam as defang or change perms so that both Clam and MD If you use ClamAV for Mimedefang only, I would recommend the defang method. It also does not hurt to relocate the ClamAV socket into the Mimedefang dir. I would really like to know others ideas of how to make these two hang together. I guess chmod 777 is not a good idea :-) It won't help scanning files. IMHO, you can also think about running ClamAV as root, esp. if it is a dedicated server. Great thanks Stephen, I am not a million miles away with my standard setup. Good to know someone else agrees with me though :-) Regards, jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] MimeDefang 2.69
Hi all, I am trying to get MD up and running on the testing version of Debian, this includes 2,69 of MD. I am seeing two problems .. First off a line in the startup script includes .. echo -y $MX_RECIPOK_PERDOMAIN_LIMIT This is resolving as echo -y 0 and I get an error: /etc/init.d/mimedefang: 425: echo -y 0: not found I think this is a new item as I can't find any articles that refer to this variable. Also, if I have a script that runs this: /etc/init.d/mimedefang force-reload /etc/init.d/sendmail reload I get an error that suggests that the MD multiplexor is not yet ready Reloading Mail Transport Agent (MTA): sendmailWARNING: Xmimedefang: local socket name /var/spool/MIMEDefang/mimedefang.sock missing Whereas if I wait a few seconds this last error does not occur. Is it ok to sleep just after md reload and sendmail reload and is the echo -y 0 error anything to worry about. Everything seems to be running fine. Thanks all, jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] MD and ClamAV
What would be the preferred and recommended way to use ClamAV with MD? They both need to use or have access to a .sock So should I run Clam as defang or change perms so that both Clam and MD can talk to the same directory or indeed move the location of the Clam AV .sock? I would really like to know others ideas of how to make these two hang together. I guess chmod 777 is not a good idea :-) Thanks all, jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Problem with Microsoft Calendar Items
Or you can apply this patch to mimedefang.pl. (I pulled it out of git; it may or may not apply cleanly to your version.) The patch is actually against mimdefang.pl.in, but just change all occurences of that to mimedefang.pl to get it to apply. I'll give it a try, much obliged David. Regards, jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Problem with Microsoft Calendar Items
Or you can apply this patch to mimedefang.pl. (I pulled it out of git; it may or may not apply cleanly to your version.) The patch is actually against mimdefang.pl.in, but just change all occurences of that to mimedefang.pl to get it to apply. I think I have it applied David, although I am a bit concerned that the patch file seems to be describing more that the changes that seem to have been applied. If I now diff the files (old and new) I get diff mimedefang.pl mimedefang.pl.orig 676a677 my($disposition) = $in-head-mime_attr(Content-Disposition); 738a740 $in-head-mime_attr(Content-Disposition = $disposition); However, the problem still occurs. I believe that this is in the rebuild_entity function, is it possible that you could forward me just that piece of code so I can do a manual change? If at all possible ... unless the fix is more widespread than that. Many thanks, Regards, jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Problem with Microsoft Calendar Items
Jon Rowlan wrote: We are finding that the calendar meeting invitations are coming through as attachments and text rather that the functional item with accept/decline buttons. Did you not see my response on comp.mail.sendmail? Sorry David, I don't seem to have received my email from the sendmail group, I will check it out. This is very likely a pre-2.68 MIMEDefang bug. Using the latest version of MIMEDefang should fix the problem. I don't know what version I am currently using but I will take a look. Many thanks, jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Problem with Microsoft Calendar Items
This is very likely a pre-2.68 MIMEDefang bug. Using the latest version of MIMEDefang should fix the problem. It looks like I have an older version David, My distro doesn't yet support that version of MD. Is there a workaround that I can use? Can I add a condition to my filter whilst I wait for the stable version in Debian? Many thanks again for your help, jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Problem with Microsoft Calendar Items
Hi all, I posted on the sendmail site but I have read a number of articles that state quite simply that sendmail is simply an MTA so I am not sure that the problem could be related to sendmail. We use sendmail and MD to relay mail for a number of customers that have M$ exchange servers. We are finding that the calendar meeting invitations are coming through as attachments and text rather that the functional item with accept/decline buttons. Does anyone know whether this is caused by MD changing headers or at least how I stop this from happening? Many thanks all, jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MD Quarantine Management
Some interesting scripts there Jonas, however, cpan no longer lists html::sanitizer, are you using an old copy or have you switched to something like html::scrubber ? If you haven't switched, do you know where I might find the sanitizer? Regards, jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MD Quarantine Management
Hi Paul, I changed the perms on the quarantine directory a while back using the command published in the original post and sendmail died as it reported (I think this was the error) that the directory was world writeable. It was a while back now. So I decided that as I didn't need immediate access to quarantined items on a minute to minute basis, I would copy the quarantine dirs to somewhere else. Running quarantine.pl as root and with the directories all owned by root I still get directory permissions errors. One thing I did notice was that my quarantine dirs are at \var\spool\MIMEDefang and not the script default. Changing the two scripts at the top of the config area to this still reported problems and I discovered that the MD quarantine folder is hard coded further down so I changed those too although the script says not to :-) I was wondering whether I had the very latest versions of the scripts. Can you point me in the direction of the latest versions please Paul? jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] MD Quarantine Management
Is anyone using Paul Murphy's MIMEDefang Quarantine Management scripts? I see there is a BETA, did it ever get further than that, perhaps to release? I am struggling to get past the point where the scripts tell me that they are unable to access the quarantine directory. I have moved a copy of the quarantine folders to a working dir, changed perms, changed the script to point to this dir and it still refuses to access the directory. I wondered whether there might be some version a little more towards a full release that may address these problems. Many thanks all, jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] mimedefang-filter did not return a true value at/usr/local/bin/mimedefang.pl line 5256
I added this to the bottom of /etc/mail/mimedefang-filter: 1; if ($hits = $req) { action_add_header(X-Spam-Warning, Message may be spam); action_add_header(X-Spam-Status, Yes, hits=$hits required=$req); action_add_header(X-Spam-Report, $report); } else { action_add_header(X-Spam-Status, No); } I am not sure where exactly you have added this Cliff .. But according to man mimedefang-filter this can only be added to procedure filter_begin or filter_end jON Jon Rowlan Sytems Analysis Design Support Limited ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Xmimedefang: local socket name problem
I am just building up a new Debian server with the usual (MD/SA/Milter-ahead/Clam) and I have found a strange problem. I have a reload script that ends with the following : /etc/init.d/mimedefang force-reload /etc/init.d/sendmail reload If I run this then I get .. Reloading Mail Transport Agent (MTA): sendmailWARNING: Xmimedefang: local socket name /var/spool/MIMEDefang/mimedefang.sock missing But if I REM out the last and run the script then run the sendmail reload line from the prompt it is fine. A number of articles mention this problem and usually the answer is to check to see if sendmail and MD are running in which case its nothing to worry about. But I like my scripts to tell me the truth :-) And I have also noticed that mimedefang has suddenly become Xmimedefang ... did I miss something there? Any ideas anyone? Cheers, jON Jon Rowlan Sytems Analysis Design Support Limited ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Xmimedefang: local socket name problem
If I run this then I get .. Reloading Mail Transport Agent (MTA): sendmailWARNING: Xmimedefang: local socket name /var/spool/MIMEDefang/mimedefang.sock missing But if I REM out the last and run the script then run the sendmail reload line from the prompt it is fine. You could try changing the reload script to; /etc/init.d/mimedefang force-reload /etc/init.d/sendmail reload That way sendmail won't start until the load of mimedefang is finished, otherwise your script is trying to start sendmail before mimedefang has completed its init. I thought that might work Scott, but no joy I am afraid ... Same problem .. :-( Perhaps there is a Unix sleep that I can use? As I say, if I wait a bit and run the last line its fine?? jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] which mimedefang.pl us used
EXCH1.central.ad.ucc.ie #5.7.1 smtp;554 5.7.1 domain of jon.row...@sads.com does not designate 143.239.1.130 as permitted sender This error looks like you sent from an address that isn't in your SPF record. Checking to see if there is a valid SPF record. Found v=spf1 record for sads.com v=spf1 mx ip4:89.151.114.114 ip4:213.210.25.210 ip4:213.210.24.131 ip4:94.30.73.178 -all This must be an internal routing error at the roaringpenguin end surely? My email was sent from 213.210.24.131 and as you have seen my spf is set up ok. jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] which mimedefang.pl us used
A quick look at the man pages shows that you want the -f option of mimedefang-multiplexor. I have checked that Rob, The -f option seems to apply to which filter to use, not which mimedefang.pl is used. One server calls mimedefang.pl from /etc/mail and the other from /usr/bin The mimedefang init.d script checks for $FILTER but nowhere do I set this in the mimedefang.conf or init.d script This is what has me stumped .. jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] which mimedefang.pl us used
Hi all, I have a bespoke mimedefang.pl script and because I want to keep all my bespoke stuff in the one place I have this in /etc/mail (Debian) In that way I can get a cpio dump of the /etc/mail directory emailed to me each day as a backup using mutt. I recently installed a new server and used standard practices to match packages and copied my /etc/mail directory contents into place where required. I couldn't work out why my mimedefang.pl did not seem to be working until I realised that the one that was running was in /usr/bin. I have checked the /etc/init.d/mimedefang startup script and the mimedefang.conf script but cannot work out why one server uses /etc/mail/mimedefang.pl and the other uses /usr/bin/mimedefang.pl Is there a setting somewhere that I am missing? Jon Rowlan ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Unique identifier
Many thanks all, I will get coding.. jON -Original Message- From: mimedefang-boun...@lists.roaringpenguin.com [mailto:mimedefang-boun...@lists.roaringpenguin.com] On Behalf Of xwbr...@e1b.org Sent: 20 February 2009 19:55 To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] Unique identifier Kevin wrote on 02/20/2009 01:13:21 PM: I've always used $QueueID as unique BUT I'm sure it has some possibility of not being random especially if you use more than one server. QueueID plus hostname will take care of uniqueness as suggested by RFC 822. Which suggests an interesting idea to validate messages: A DNS style verification of messages sent. For example, the Message-ID of the message I am replying to shows: Message-ID: c71c5f34d3fd4a82861fd18eef700...@peregrinehw.com So, if I substitute a period for the @ do a DNS query for C71C5F34D3FD4A82861FD18EEF700959.peregrinehw.com, their nameserver could return a coded response that message did indeed originate from that server. The Message-ID values would need to be kept for some minimum time period before being flushed, perhaps seven to ten days. Potential problems I can see: 1. Load on DNS servers, which would need to delegate the query to the actual mail server named in the message-id. 2. Message-id would need to be immediately available from MTA to DNS type server for verification. This could be mitigated if the mail server based the all or some of LHS of message-id on time, and queried message-ID fell in the past few seconds, before actual used IDs are updated to DNS server. 3. Obviously not effective until widely deployed. On the positive side: 1. Unlike Domain Keys and other crypto-signature systems, requires no central authority. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Unique identifier
In the filter, can anyone advise which var is most likely to give me a unique ID that I can then use to track quarantine and bounced mails? I use action_quarantine in the filter but would like the warning to include a unique ID that the end user can quote to allow me to identify the message and deliver. Is it $messageID, $msgID, $QueueID Thanks all, jON Jon Rowlan - Managing Director Helena House 11 Romney Place Maidstone Kent. ME15 6LE SUPPORT - supp...@sads.com Tel: 01622 67 Fax: 01622 761046 Email: jon.row...@sads.com Sytems Analysis Design Support Limited ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Access recipient lists during filter
Yes, I see Jeff ... thanks for the tip. That seems just what I need. jON -Original Message- From: mimedefang-boun...@lists.roaringpenguin.com [mailto:mimedefang-boun...@lists.roaringpenguin.com] On Behalf Of Jeff Rife Sent: 08 February 2009 15:42 To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] Access recipient lists during filter On 8 Feb 2009 at 10:58, Jon Rowlan wrote: Hi All, can anyone tell me whether it's possible to access the recipient lists from sub filter. Use the built-in global array @Recipients. Search the manpage for mimedefang-filter for more details. -- Jeff Rife | He's an investment banker from Amsterdam. | Apparently he handles a lot of Bill Gates' | money, so, don't say anything derogatory | about the Netherlands or Microsoft. | Oh, damn...there goes my opening joke about | the Dutchman trying to install Windows 95. | -- Niles and Frasier ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Access recipient lists during filter
Hi All, can anyone tell me whether it's possible to access the recipient lists from sub filter. Currently I capture this detail in filter_begin and if the mail is for certain domains I copy to the users Maildir on the local server. However, I would like to deliver only mail that has been cleansed, not any spam or clutter. The parameter list for sub filter does not include recipient lists. Do I need to set a global var in filter_begin and pick that up in filter? Thanks all, jON Jon Rowlan - Managing Director Helena House 11 Romney Place Maidstone Kent. ME15 6LE SUPPORT - supp...@sads.com Tel: 01622 67 Fax: 01622 761046 Email: jon.row...@sads.com Sytems Analysis Design Support Limited ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang