Re: [Mimedefang] sending relay has no MX record?

2005-01-31 Thread Lee Dilkie 
Kevin A. McGrail wrote:
I believe an MX was designed as a Mail Gateway record for machines not 
directly connected to the network.  Therefore, since an A record is 
for machines that are connected to the network, an A record should be 
enough to allow for mail to be delivered.

I know in practice that using only an A record works and is frowned 
upon.  I also know that an MX record has been expanded more and more.  
But from an RFC perspective though, I'm not sure it's "incorrect" to 
just use an A record without an MX record.  Hopefully someone else can 
comment but in the meantime, I'm not sure it's a legitimate test for 
spaminess.

Sincerely,
KAM
Am seeing some spam where the sender's From_ address's domain
doesn't have an MX record.  Was considering noting that fact
in the header as an extra X- field, and then letting SA score
it negatively. Has anyone tried that sort of thing?  Can
you offer some prototype code that does something like that? 

I think Gary asking something different. He wants to check if the "from" 
domain has an MX record.

I think this is a valid test, as how could you send an NDR to such a 
domain, and a simple "reply" obviously wouldn't work so well.

I wouldn't think you'd get many hits on this sort of test, anyone who's 
gone through the trouble of setting up a domain has probably also 
defined an MX record. But let us know if you do get any hits, I'm curious.

-lee
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Is it yet possible to run clamd (with mimedefang) as a different user?

2005-01-26 Thread Lee Dilkie 

If you are using the freebsd ports system, you can upgrade your clamav
installation using portupgrade (which can be installed
from /usr/ports/sysutils/portupgrade). Simply edit
your /usr/local/etc/pkgtools.conf file and add:
MAKE_ARGS = {
   'security/clamav' => 'CLAMAVUSER=mailnull
CLAMAV_CLAMD_SOCKET=/var/spool/MIMEDefang/clamd.sock',
 }
 

Thanks Sven,
I added the make arg to /etc/make.conf (along with  CLAMAVGROUP) and 
that fixes things up nicely.

I tried some other solutions but the DontBlameSendmail option just 
sounded too scary to turn on so I opted to run clamd as the same user 
that sendmail and MD run as.

-lee
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] Is it yet possible to run clamd (with mimedefang) as a different user?

2005-01-25 Thread Lee Dilkie 
Hi all,
I just upgraded my clamav (freebsd, ports) and again, it changed the 
permissions on some of it's directories and caused it to not start as 
user 'mailnull' (the same user that sendmail and mimedefang run as). I 
would rather let clamd run as the user it wants to (clamav user) and 
configure mimedefang/sendmail to allow this but my efforts did not work.

If clamd runs as clamav, it cannot access the mimedefang spool files to 
scan the mail.
If I change permission on the spool directories, sendmail complains that 
"local socket" is unsafe.

I did add clamav to the 'mailnull' group (I assume editing the 
/etc/group file is sufficient).

So, I *think* the problem is how to convince sendmail that a group 
readable/writable mimedefang spool directory is kosher. Anyone know the 
answer to this?

TIA,
-lee
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] What is USER_IN_DEF_WHITELIST?

2004-10-07 Thread Lee Dilkie 
>
>Lee Dilkie wrote:
>> Sorry for an SA question on a MD list but google didn't turn 
>up anything.
>
>http://www.spamassassin.org/
>http://wiki.apache.org/spamassassin/MailingLists
>
>(I'm pretty sure this has come up in the SA archives at least once.)
>
>> Question. What is the "default" whitelist? Where and how is 
>it set up?
>
>All default rules are in /usr/share/spamassassin (or equivalent 
>directory).  Look in 60_whitelist.cf.

Sorry for the late-ish reply.

Indeed, in 60_whitelist.cf there is an entry @*.mypoints.com . And although the 
recipient didn't recall having signed up for anything on that web site, they did have 
a user account.

So, sorry for the red herring but I learned stuff so it wasn't all in vain.

-lee


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] What is USER_IN_DEF_WHITELIST?

2004-10-05 Thread Lee Dilkie 
Sorry for an SA question on a MD list but google didn't turn up anything.

I just got a piece of spam with a low SA score. It would have been high except for a 
USER_IN_DEF_WHITELIST entry in the list which I didn't recognise.

grepping through my disk yielded that test in /usr/local/share/spamassassin (this is 
freebsd) in 20_head_tests.cf which is:

header USER_IN_DEF_WHITELISTeval:check_from_in_default_whitelist()
describe USER_IN_DEF_WHITELIST  From: address is in the default white-list
tflags USER_IN_DEF_WHITELISTuserconf nice

Now, I found the check_from_in_default_whitelist function in EvalTests.pm (under 
perl/mail/spamassassin) but it's cryptic perl for my skill level and so that's a dead 
end.

Question. What is the "default" whitelist? Where and how is it set up? What mail 
header fields are matched to get it (looks like "from" if the description is correct 
but I couldn't tell from the function)? This email had a "from" that certainly wasn't 
anything I had explicity allowed and I don't use auto whitelisting.

Can anyone offer answers?

thanks!

-lee


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] Greylisting code, now with mysql Backend

2004-06-29 Thread Lee Dilkie 
>-Original Message-
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] Behalf Of Lucas
>Albers
>Sent: Tuesday, June 29, 2004 5:11 PM
>To: [EMAIL PROTECTED]
>Subject: Re: [Mimedefang] Greylisting code, now with mysql Backend
>
>
>
>Jeff Grossman said:
>> [better] alternative to db_file with some of the corruption 
>that has been
>> mentioned.
>> If many people are doing fine with db_file, then I might 
>just stay with
>Well it's used as the native bayesian db format for SA, and 
>their has not
>been complaints of corruption on the SA mailing list...

I've had tons of problems with db_file corruption. In fact, I'm in the middle of 
trying to fix my own greylisting db_file corruption problem. I also have a db_file 
problem somewhere in graphdefang, although it's using MLDBM with db_file.

My problems arose when freebsd updated from perl 5.8.2(.3?) to 5.8.4 last month. My SA 
db got blown away. db_file that I had previously seems to have gotten replaced by 
bsdpan-DB_File, a version from cspan.

AFAICT, SA is working but I'm definately having problem with db_file in my greylisting 
and in graphdefang.

-lee


>I would think theoretically a database format would have less possible
>corruption.
>
>-- 
>Luke Computer Science System Administrator
>Security Administrator,College of Engineering
>Montana State University-Bozeman,Montana
>
>___
>Visit http://www.mimedefang.org and http://www.canit.ca
>MIMEDefang mailing list
>[EMAIL PROTECTED]
>http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] Whitelisting Outbound E-Mail Addresses

2004-06-09 Thread Lee Dilkie 
>
>> I implemented this using the access.db feature of Sendmail, 
>> with scripts
>> every five minutes scanning the logs and adding new entries.  
>
>Any particular reason for doing it this way vs. implementing something
>within the mimedefang-filter to do it real-time much as greylisting
>does?  I'm asking because the next item on my development list is
>implementing something similar to what you are doing, but I 
>had intended
>on doing it real-time in the mimedefang-filter with a separate 
>.db file.
>
>Any thoughts?
>
>Charles

I modded up my (well, the code that was posted here some time ago)
greylisting code to track authenticated outbound mail as well. Coupled
with a db expiry scheme which deletes singleton inbound entries (one's
that have a count of 1) after two days, decrements the count of
non-singleton entries every 10 days and leaves any singleton entries that
have a reverse entry (whitelist) alone. It was my first perl program from
scratch after having cut my teeth on mimedefang-filter (with the o'reilly
book in my lap). I run it as a cron every night.

I like the results.

-lee
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] bayes* R/O: tie failed: Inappropriate file type or format

2004-06-05 Thread Lee Dilkie 
Hi,

I'm running FreeBSD 4.9, I upgraded to perl 5.8.4 (from 5.8.2), using the suggestions 
in the ports UPDATING, hopefully recompliing everything that depended on perl. SA had 
a minor upgrade at the same time (2.63_1 -> 2.63_2).

Anyway, I restarted MD and my logs contain..

Jun  5 15:40:18 spock mimedefang-multiplexor[29236]: Slave 0 stderr: Cannot open bayes 
databases /var/spool/MD-Quarantine/bayes_* R/O: tie failed: Inappropriate file type or 
format
Jun  5 15:40:22 spock mimedefang-multiplexor[29236]: Slave 0 stderr: Cannot open bayes 
databases /var/spool/MD-Quarantine/bayes_* R/W: tie failed: Inappropriate file type or 
format

the MD-Quarantine dir looks like

-rw---   1 mailnull  wheel  -   73746 Jun  5 11:00 bayes_journal
-rw---   1 mailnull  wheel  - 2670592 Jun  5 10:52 bayes_seen
-rw---   1 mailnull  wheel  - 5373952 Jun  5 10:52 bayes_toks
-rw---   1 mailnull  wheel  - 5160960 Feb 27 07:10 bayes_toks.expire14326
-rw---   1 mailnull  wheel  - 2392064 Feb 27 07:10 bayes_toks.expire14482
-rw---   1 mailnull  wheel  -   49152 Feb 27 07:10 bayes_toks.expire22289
-rw---   1 mailnull  wheel  - 2195456 Mar  1 14:24 bayes_toks.expire418
-rw---   1 mailnull  wheel  - 1196032 Feb 27 08:02 bayes_toks.expire59670
-rw---   1 mailnull  wheel  - 5144576 Mar  1 13:38 bayes_toks.expire6433
-rw---   1 mailnull  wheel  - 2441216 Feb 27 08:31 bayes_toks.expire73038

which looks OK to me.

Anyone have a clue what I've done wrong? Or how to correct it?

TIA,

-lee


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] Re: R/W: lock failed: File exists

2004-05-26 Thread Lee Dilkie 
>> It is trying to lock the bayes journal, and other mimedefang 
>threads can't
>> read to it while it learns from the journal.
>> This will solve your problem.
>> 
>> My settings:
>> bayes settings:
>> bayes_learn_to_journal 1
>> bayes_journal_max_size 512
>> 
>> 
>> cronjob:
>> */55 * * * *su -c 'sa-learn --rebuild' defang; echo defang >
>> /dev/null
>
>Very well, but...
>
>What you suggest is a kinda workaround to be applied at the 
>sites where the
>problem occurs. Now, since the nature of the problem seems to be quite
>generic I'm just very curious why don't *others* complain??! Because it
>looks as if only a *minority* of MD/SA installations (like 
>yours and mine)
>get those nasty messages and so you offer a workaround for them.
>
>So now, just for my curiosity sake, I have a very basic 
>question: which of
>these two points below is true and which is false.
>
>1. There is something weird with my installation but, OK, luckily 
>   enough there's a workaround.
>2. Everyone has the same problem so for each and every MD/SA 
>installation
>   a workaround like that is needed.
>   
>And finally, is 2. is true then maybe something more than a workaround 
>should be invented?

Well, I've had this problem since forever. It started a month or so after I turned 
Bayes on. Like you I did an investigation and my conclusion what that it wasn't 
particularly harmful... Although I don't think I arrived at the same conclusion as you 
folks. I seem to recall that the problem was that one bayes process (MD) had the file 
locked when the other bayes process (MD) was trying to trim out stale entries from the 
db and wasn't able to since the file was locked. My reading on the matter suggested it 
wasn't a big deal as the trim would occur again later. I didn't read anything that 
would suggest it actually interfered with the operation of bayes in the first place.. 
Perhaps I was wrong in that?

-lee


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] A Bit of Confusion - Solved but different problemwith CLAMD

2004-02-22 Thread Lee Dilkie 
>
> I have tried running clamd as user "defang", but clamd won't
> then start.

check clamav.conf.

the location of the pid file must be writable by the defang user as clamd is
running as dfang.

>
> I have added the user "defang" to the group "clamav", but I
> get errors when
> sending/receiving mail saying "Could not connect to clamd daemon at
> /var/spool/MIMEDefang/clamd.sock".
>
> This file does not exist either.

also inclamav.conf.

LocalSocket probably needs to be changed to point to where MD is expecting.

Or you can leave it where it is and modify your mimedefnag-filter and stick

$ClamdSock  = "/var/run/clamav/clamd"; (this is the default place for clamd
on freebsd).

in the top of mimedefang-filter. This will override the default in
mimedefang.pl

hope this helps.

-lee


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] minor upgrade of clamav, email not being scanned...

2004-02-20 Thread Lee Dilkie 
>
> Worth saying that the version of clamav in the ports is old
> (0.65), though
> the clamav-devel port is somewhat more current.  It looks like the
> maintainers of the clamav ports aren't quite so active as
> could be hoped
> for.

The clamav-devel port says it tracks the snapshots. I didn't think I was
quite that brave.

Should I be?

>
> If you up the log settings for clamd you'll find that the
> problem is that
> it's passed a directory to scan.  As that directory is only
> accessible to
> the user mailnull you have to run clamd as mailnull.
>

I figured as much and things are working now. How do I "up the log settings"
for clamav. I turned on "debug" in the clamav.conf and all it did was report
lots of info when it started up, but nothing when it was running.

But I'm still curious why group permissions wouldn't be good enough to get
this going. There's something I'm not understanding here.

Sorry for the off-topic.

-lee


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] minor upgrade of clamav, email not being scanned...

2004-02-19 Thread Lee Dilkie 
>
> Lee Dilkie wrote:
> >
>
> > Is it a requirement that mimedefang/sendmail and clamd all
> run as the same
> > user?
>
> AFAIK, yes. Never been able to get it to run any other way.
> Think its a socket's permission thing.
>
> Jon
> --

well if that's the case then that explains it I'm somewhat new to this
user/group permission stuff so I assumed that they could run as different
users (since the install packages create the different users and install
scripts that run them as those users). I thought group permissions would
take care of all this but I guess not...

any idea why mimedefang would complain (unsafe socket) if the
/var/spool/MIMEdefang directory becomes group writable?

-lee


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] minor upgrade of clamav, email not being scanned...

2004-02-19 Thread Lee Dilkie 
> What FreeBSD port did you upgrade from?  You may want to identify that
> section and look at the FreeBSD port revision history, checking each
> of the changes that have happened since.  It should make for a nice
> checklist of things that have changed.
>
> http://www.freshports.org/security/clamav/

it was just from 0.65-6 to -7.

I've narrowed this down but I don't understand why...

- if I run clamd as user "mailnull" (the same user that mimedefang runs as),
it works.
- if I run clamd as user "clamav", with clamav in the mailnull group, it
doesn't work.

/var/spool/MIMEDefang and MD-Quarentine are owned by "mailnull" (group
"mailnull") but if I make the MIMEdefang directory group rw, then I get the
"unsafe socket" error reported by mimedefang. Don't know if that is related
but changing the clamd to run as "mailnull" works and I figured it needs
access to the /var/spool/MIMEdefang dir to scan files.

Is it a requirement that mimedefang/sendmail and clamd all run as the same
user?


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] minor upgrade of clamav, email not being scanned...

2004-02-19 Thread Lee Dilkie 
Well I'm stumped.

Using freebsd, upgraded clamav this morning to grab the latest version and
just noticed a while ago that viruses are getting through.

clamd is running, mimedefang will complain if I stop it.

I suspect a permission problem but I don't see where (and I'm a bit of a
dummy).

Previously, I had run clamd as "mailnull", the same user that mimedefang
runs as. But the new startup script that got installed used the user
"clamav". So i left it at that and changed the mimedefang.pl to also look in
a different location for the clamd socket. That all seems fine because like
I said, if i disable clamd, mimedefang detects this and complains,
tempfailing messages.

i can run clamdscan from the command line and catch the eicar test but
sending eicar as an attachment (or in the body) doesn't get caught (and
neither do all the real virus's).

No errors reported by mimedefang or clamd, it just looks like md isn't
giving clamd anything to do..

Help please?

-lee


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] Mimedefang/Spamassassin/bayesian

2004-02-17 Thread Lee Dilkie 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Paul
> Murphy

> The problem is that the documentation suggests that you 
> enable the two options,
> and sit back and watch the database being built as e-mail comes in.
> 
> The reality is that the two options enable the use of the 
> bayesian filter, but
> the database remains empty until you have trained it on a 
> suitably large dataset
> of spam and "ham".
> 
> Does anyone have a way of using Mimedefang to automatically 
> build the database,
> even if that means forwarding a copy of every message to 
> either a spam or ham
> mailbox, and then processing and deleting the mailbox daily?

you can use the auto_learn and avoid the training. You just have to be
patient.

very patient... eventually you start seeing "BAYES_" showing up in your test
result.

For me, that amounted to almost 2 weeks of patience. But it was worth it.
The bayes score is helping a lot now.

-lee


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] making spamassassin less sensitive

2004-02-04 Thread Lee Dilkie 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of
> Muhammad Talha
> Sent: Wednesday, February 04, 2004 2:54 AM
...
>
> i recently shifted my mail server to Mimedefang i have
> following hardware
> and software installed .using default mimedefang and spammassain rules
>
> Processor Pentitum III
> RAM 256MB
> Swap 512
>
> Sendmail-8.11.12
> Mimedefang-2.39
> Clamav-0.65
> Spamaassain-2.63

I'm running the same config on a PII, 200Mhz, with 192MB of RAM.

This config does use a lot of memory (and cpu) so I had to do the following.

increase my swap!!! it's over 3G now. (unfortunately I had to uise a
swapfile for the increase where I would have liked to use a swap partation).

decrease max number of mimedefang slaves!!! I only allow 4 max. It tempfails
mail sometimes but that's better than running out of memory+swap.

Now this is no speed demon, i can handle maybe 1 mail per second with the
pedel to the medal... ;)

-lee


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] $helo versus $ip

2004-02-03 Thread Lee Dilkie 
> No.  It's safe to reject an outsider who claims to be your domain (if
> you know for *sure* that it isn't), or who claims to have your IP
> address, but anything else can yield false positives.
>
> Regards,
>
> David.

And I think that's about as far as you can safely go without rejecting valid
mail.

I haven't, yet as far as I know, come across a valid mta that uses my ip
address or my hostname in helo. But I don't do any lookups on the address
supplied (if it was an address) because there are all sorts of valid cases
where you cannot tell if some mta is trying to scam you.

-lee


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] error: use of uninitialized variable in Bayes.pm

2004-02-02 Thread Lee Dilkie 
Gents,

I got this error showing up in my logs. It's for the bayes.pm scipt
(program?library?)

b  2 10:54:27 spock mimedefang-multiplexor: Slave 1 stderr: Use of
uninitialized value at
/usr/local/lib/perl5/site_perl/5.005/Mail/SpamAssassin/Bayes.pm line 519.
Feb  2 10:54:27 spock mimedefang-multiplexor: Slave 1 stderr: Use of
uninitialized value at
/usr/local/lib/perl5/site_perl/5.005/Mail/SpamAssassin/Bayes.pm line 521.
Feb  2 10:54:27 spock mimedefang-multiplexor: Slave 1 stderr: Use of
uninitialized value at
/usr/local/lib/perl5/site_perl/5.005/Mail/SpamAssassin/Bayes.pm line 522.
Feb  2 10:54:29 spock mimedefang-multiplexor: Slave 1 stderr: Use of
uninitialized value at
/usr/local/lib/perl5/site_perl/5.005/Mail/SpamAssassin/Bayes.pm line 519.
Feb  2 10:54:29 spock mimedefang-multiplexor: Slave 1 stderr: Use of
uninitialized value at
/usr/local/lib/perl5/site_perl/5.005/Mail/SpamAssassin/Bayes.pm line 521.
Feb  2 10:54:29 spock mimedefang-multiplexor: Slave 1 stderr: Use of
uninitialized value at
/usr/local/lib/perl5/site_perl/5.005/Mail/SpamAssassin/Bayes.pm line 522.

My perl isn't very good yet. The lines referenced "look" like they are
initialized to me (although the expression isn't one i can parse).

sub pre_chew_content_type {
  my ($self, $val) = @_;

  # hopefully this will retain good bits without too many hapaxen
  if ($val =~ s/boundary=[\"\'](.*?)[\"\']/ /ig) {
my $boundary = $1;
519-->$boundary =~ s/[a-fA-F0-9]/H/gs;
# break up blocks of separator chars so they become their own tokens
521-->$boundary =~ s/([-_\.=]+)/ $1 /gs;
522-->$val .= $boundary;
  }

  # stop-list words for Content-Type header: these wind up totally gray
  $val =~ s/\b(?:text|charset)\b//;

  $val;
}

I'm thinking the $1 variable is not set to anything. I'm not sure what a $1
is, it looks kinda special

This problem only started showing up today when my bayes auto-learn finally
got enough "stuff" to be able to generate scores.

can anyone help?

thanks,

-lee


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] action_bounce - forget it!

2004-01-31 Thread Lee Dilkie 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of David
> F. Skoll
> Sent: Saturday, January 31, 2004 11:21 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Mimedefang] action_bounce - forget it!
...
> I can't believe that law would apply to private companies or, in fact,
> to anyone other than ISPs or service providers.  Surely a private
> organization can do whatever it likes with its e-mail.
>

Don't confuse the notion of "private" as it applies in different countries.

Our concept of a private company and the rights it has are very different
from those in other countries. Heck, even between the US and Canada, the
laws can be quite different. But many european countries have very strong
labour laws and those can limit what lengths a company can go to when
interfering with a worker rights.

I remember a case in the 80's when we had a problem with one of our networks
in germany (x.25 packet switching product). The network would occasionally
go into a cascade failure and the customer (DBP as I recall) was very upset.
We suspected that the cause was do to operator sabotage and so we asked for
console logging to be turned on. It turned out that companies are not
allowed to monitor their employees to that extent, it was against the law.
Even enabling logs to simply track network configuration commands was not
allowed. Eventually DBP did catch the offender but through other means.

Contrast this with the US, where a company can pretty much do whatever it
wants with it's equipment and it's employees. A "private" company can
legally do all sorts of things that the goverment is not permitted to do.

-lee


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] greylisting and HABEAS_SWE

2004-01-16 Thread Lee Dilkie 
not related
> > to those headers in any manner) The greylisting is working for
> > numerous other spams.
>
> I am familiar with this Habeas test and have seen the exact spam and
> problems you are referring to on our network.
>
> [...]
> I am considering removing the negative score for their tag
> because we have
> seen an upswell of spam using this.  The spammer either doesn't know,
> doesn't care, or will get shutdown pretty quickly.
>

Following up on some advice given early this week, I installed the bigevil
and other .cf's from the meglo-cf-mart
(http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm).

Interestingly enough, those pharma Habeas emails were being tagged with a
negative score for the Habeas test but they were also being tagged with
numerous positive scores from some of the new sa .cf's and that had the
effect of overriding the Habeas score. net result was the spam still ended
up in my spam folder.

I'm very impressed. Only had to figure out that on freeBSD the folder to
drop the .cf's into is /usr/local/etc/mail/spamassassin... My first guess at
/usr/local/etc/mimedefang/spamasassin didn't work out so well ;)

-lee


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang