RE: [Mimedefang] Mysql connections
>So write a new connect_cached() which also re-prepares the statements on a reconnect... Too lazy ! Lol >Alternatively, have filter_tick defined, and make it run a query on the database, then configure the >multiplexor to use the tick function, which will stop the connection timeout. Nice idea tbh. Suppose the easiest would get a test case for the DBI guys so they could reproduce and hence fix the issue which would prolly be best alround, but you know what it's like things have to work etc,etc,deadlines and all that. Cheers Mack ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Mysql connections
>If you put a dbh->prepare statement immediately before each execute(), it should work...bearing in mind that I >haven't been able to test this. Only advantage gained here is the persistant connection, as the prep statements (or prep_cached) seem to have their own large overheads.. My guess is it's a problem in the 3rd party interfaces (as PhP has the same issue with pconnect and MSSQL !) I gave up in the end and ensured that at the start of each sub a connect_DB call is made and a release_DB at the end, and tbh the overhead is livable with - can still process 100k+ msgs a day ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Mysql connections
Be very careful with connect_cached though, as I have noticed that you get a SQL server has gone away when you try to use the connection, even though the connect cached still thinks it is open and pings (after maybe 6-12hrs inactivity - so shouldn't be a prob on a busy site though!) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David F. Skoll Sent: 14 December 2006 14:46 To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] Mysql connections Jan-Pieter Cornet wrote: > so... something like DBI->connect_cached Exactly! :-) I never even knew that existed. Thanks! Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] SPF ?
I thought you'd removed the SPF David? , and a check seems to prove this (from dnstuff.com), but Spamass still seems to see the SPF as valid ? anyone else seeing this? or perhaps just a caching issue ? Cheers Mack Nov 24 01:26:01 test sendmail[2057]: kAO1Px7p002057: from=<[EMAIL PROTECTED]>, size=3915, class=-30, nrcpts=1, msgid=<[EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA, relay=www.roaringpenguin.com [206.191.13.82] Nov 24 01:26:02 test mimedefang.pl[7154]: Spam Score : (-0.001) SPF_PASS ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Failed to process the MS access database zip file
if you have this line
$bad_exts =
'(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|fxp|hlp|hta|hto|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|prg|reg|scr|sct|sh|shb|shs|sys|url|vb|vbe|vbs|vcs|vxd|wmd|wms|wmz|wsc|wsf|wsh|\{[^\}]+\})';
in your mimedefang-filter, then you will note, that .mdb is in the bad
extensions list, so it would be dropped if it was sent as .mdb or as a zip
containting an .mdb
If you want to permit mdb's in zip files, then you would need to change the
$bad_exts variable to remove mdb (it would also then allow them unzippped as
well)
Cheers
Mack
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Ming
Hou
Sent: Wednesday 12 April 2006 15:28
To: mimedefang@lists.roaringpenguin.com
Subject: [Mimedefang] Failed to process the MS access database zip file
Hi,
I had sent the email with the MS access database zip file over my
mimedefang process, and
mimedefang dropped the attachment and replaced the warning message with
"drop_with_warning=1" in my log file.
I commented out the following statement, and tried again. It worked.
if (re_match($entity, '\.zip$') and
$Features{"Archive::Zip"}) {
my $bh = $entity->bodyhandle();
if (defined($bh)) {
my $path = $bh->path();
if (defined($path)) {
return re_match_in_zip_directory($path, $re);
}
}
}
I have the perl module "Archive-Zip-1.16.tar.gz" in my perl 5.8.8. Does
anyone have the same experience?
Thanks.
ming
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This Email Has Been Anti-Virus Scanned
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Memory Usage
PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 13484 defang16 0 173m 168m 2740 S 0.0 8.3 0:59.00 mimedefang.pl 14828 defang20 0 167m 162m 2740 S 0.0 8.0 0:22.77 mimedefang.pl 16186 defang24 0 163m 159m 2736 S 0.0 7.9 0:11.87 mimedefang.pl 17549 defang19 0 159m 153m 2636 S 0.0 7.6 0:08.21 mimedefang.pl 18997 defang25 0 157m 153m 2496 S 0.0 7.6 0:06.45 mimedefang.pl 20377 defang25 0 157m 153m 2496 S 0.0 7.6 0:05.79 mimedefang.pl 21923 defang25 0 158m 153m 2496 S 0.0 7.6 0:05.92 mimedefang.pl 23505 defang25 0 157m 153m 2492 S 0.0 7.6 0:07.70 mimedefang.pl 24819 defang25 0 159m 153m 2496 S 0.0 7.6 0:07.90 mimedefang.pl 26245 defang25 0 158m 153m 2496 S 0.0 7.6 0:07.18 mimedefang.pl But then i Have a load of spamass stuff in, that's what uses the memory up, Don't be too worried about having 70Mb used, as u can see, i'm sitting on 158Mb + per process Mack -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Trevor Sent: Wednesday 05 April 2006 12:11 To: mimedefang@lists.roaringpenguin.com Subject: RE: [Mimedefang] Memory Usage Hi, I'm running the following rules: 10_misc.cf 20_net_tests.cf 25_domainkeys.cf 30_text_nl.cf70_sare_html.cf bogus-virus-warnings.cf 20_advance_fee.cf20_phrases.cf25_hashcash.cf 30_text_pl.cf70_sare_obfu.cf evilnumbers.cf 20_anti_ratware.cf 20_porn.cf 25_pyzor.cf 30_text_pt_br.cf 70_sare_oem.cf german.cf 20_body_tests.cf 20_ratware.cf25_razor2.cf 50_scores.cf 70_sare_specific.cf languages 20_compensate.cf 20_uri_tests.cf 25_replace.cf 60_awl.cf70_sare_unsub.cf random.current.cf 20_dnsbl_tests.cf23_bayes.cf 25_spf.cf 60_whitelist.cf 70_sare_uri.cf sa-update-pubkey.txt 20_drugs.cf 25_accessdb.cf 25_textcat.cf 60_whitelist_spf.cf 88_FVGT_body.cf triplets.txt 20_fake_helo_tests.cf25_antivirus.cf 25_uribl.cf 60_whitelist_subject.cf 88_FVGT_headers.cf user_prefs.template 20_head_tests.cf 25_body_tests_es.cf 30_text_de.cf 70_sare_adult.cf 88_FVGT_rawbody.cf 20_html_tests.cf 25_body_tests_pl.cf 30_text_fr.cf 70_sare_genlsubj0.cf 88_FVGT_subject.cf 20_meta_tests.cf 25_dcc.cf30_text_it.cf 70_sare_header.cf88_FVGT_uri.cf Output of perl: [EMAIL PROTECTED]:/root # perl -V Summary of my perl5 (revision 5 version 8 subversion 4) configuration: Platform: osname=solaris, osvers=2.6, archname=sun4-solaris-thread-multi uname='sunos sparky 5.6 generic_105181-35 sun4u sparc sunw,ultra-5_10 ' config_args='-ders -Dcc=gcc -Accflags=-DNO_HASH_SEED -Dusethreads -Duseithreads -Ud_sigsetjmp -Uinstallusrbinperl -Ulocincpth= -Uloclibpth= -Duselargefiles -Uusemallocwrap -Dinc_version_list=5.8.3/$archname 5.8.3 5.8.2/$archname 5.8.2 5.8.1/$archname 5.8.1 5.8.0/$archname 5.8.0 -Duseshrplib -Dprefix=/usr/local/ActivePerl-5.8 -Dcf_by=ActiveState [EMAIL PROTECTED]' hint=recommended, useposix=true, d_sigaction=define usethreads=define use5005threads=undef useithreads=define usemultiplicity=define useperlio=define d_sfio=undef uselargefiles=define usesocks=undef use64bitint=undef use64bitall=undef uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='gcc', ccflags ='-D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -DNO_HASH_SEED -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', optimize='-O', cppflags='-D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -DNO_HASH_SEED -fno-strict-aliasing' ccversion='', gccversion='2.95.2 19991024 (release)', gccosandvers='solaris2.6' intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=4321 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16 ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=8, prototype=define Linker and Libraries: ld='gcc', ldflags =' '
RE: [Mimedefang] OT: Disclaimer Madness
You missed the joke part out Ah well, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David F. Skoll Sent: Tuesday 14 February 2006 03:11 To: mimedefang@lists.roaringpenguin.com Subject: [Mimedefang] OT: Disclaimer Madness My mother forwarded me a joke e-mail that had been forwarded many, many times. It picked up disclaimers here and there along the way. Here, for your reading pleasure, are the disclaimers that were appended to *one* e-mail message. :-) Please note that I've reformatted the diclaimers to wrap nicely; most of them were obnoxious single lines of 500+ characters... By the way, if you feel you received this e-mail in error, feel free to contact any or all of the e-mail addresses in the disclaimers. I won't stand in your way. Regards, David. Information in this message is confidential and may be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) please notify the sender, delete the message immediately and do not act upon it contents. Unauthorised disclosure, distribution andc opying of this email is strictly prohibited. The opinions expressed within this message are those of the individual author. Whilst Brakes takes reasonable steps to scan this email it does not accept liability for any virus that may bec ontained in it. "PLEASE NOTE: The preceding information may be confidential or privileged. It only should be used or disseminated for the purpose of conducting business with Parker. If you are not an intended recipient, please notify the sender by replying to this message and thend elete the information from your system. Thank you for your cooperation." This message has been checked for all known viruses by the MessageLabs Virus Scanning Service. For further information visit http://www.messagelabs.com/stats.asp City & Guilds is committed to achieving the Investors in Excellence award by continuous improvement in our service to customers, and caring for our people, society and the environment. * IMPORTANT NOTICE This communication contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you have received this communication in error please return it to the sender. We should be grateful if you would also notify the IT Operations Manager at City & Guilds of the e-mail, then delete it and destroy any copies of it. To contact the IT Operations Manager, please email [EMAIL PROTECTED] * The information in this e-mail and any attachments is confidential and may be legally privileged. It is intended solely for the addressee and others authorised to receive it. If you are not the intended recipient, any disclosure, copying, distribution or action taken in reliance on its contents is prohibited and may be unlawful. If you have received this email in error, please delete it from your system and contact the sender immediately. History & Heraldry Ltd. 2 Denby Way, Hellaby Industrial Estate, Rotherham, South Yorkshire, S66 8HR Tel: 01709 730700 Fax: 01709 730900 * The information in this e-mail is confidential and intended solely for the use of the individual to whom it was addressed. If you are not the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please contact Rotherham College at [EMAIL PROTECTED] or by using the reply facility in your e-mail software, and then delete it from your system Thank you for your cooperation * For more information about Barclays Capital, please visit our web site at http://www.barcap.com. Internet communications are not secure and therefore the Barclays Group does not accept legal responsibility for the contents of this message. Although the Barclays Group operates anti-virus programmes, it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Barclays Group. Replies to this email may be monitored by the Barclays Group for operational or business reasons. ___ NOTE: If there is a disclai
RE: [Mimedefang] BIG problems with mimedefang
Max Size of Emails * Number of MD threads = Ram Disk so for a 10mb Email size and 15 threads it would be 150mb (+a few mb for the heck of it - but you get the idea) Cheers Mack -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Lisa Casey Sent: 19 January 2006 19:42 To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] BIG problems with mimedefang Hi David, > First question: do you have /var/spool/MIMEDefang on a RAMdisk? If not, > fix it now! > Next: It looks like you have 512MB of memory. You don't want to increase > MX_MAXIMUM much beyond around 20, or the server will start swapping. I think moving /var/spool/MIMEDefang onto a RAMdisk is a good idea. I've not set up a RAMdisk before, but I've done some googling and think I can get it done. Question: I have 512 MG RAM on the system. Say I decrease MX_MAXIMUM to 15, how big should I make the RAMdisk? Thanks, Lisa ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MIMEDefang 2.55-BETA-3 is available
Your on the ball tonight David lol - replied before my almost instant reply to ignore me being stoopid! Cheers Mack -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David F. Skoll Sent: 18 January 2006 18:11 To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] MIMEDefang 2.55-BETA-3 is available Mack wrote: > Does this mean that filter_recipient still get's called if you issue the > reject in in filter_helo ? No. Rejecting in filter_helo means no more callbacks into MIMEDefang. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MIMEDefang 2.55-BETA-3 is available
Does this mean that filter_recipient still get's called if you issue the reject in in filter_helo ? If so, I'm not sure what advantage this gives as the code in filter_recipent can check the helo value and reject/tempfail quite happily ? or can you use return if message_rejected(); # Avoid unnecessary work within filter_recipient ? to save any extra processing ? Cheers Mack -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David F. Skoll Sent: 18 January 2006 13:39 To: mimedefang@lists.roaringpenguin.com Subject: [Mimedefang] MIMEDefang 2.55-BETA-3 is available -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, MIMEDefang 2.55-BETA-3 is available at http://www.mimedefang.org/node.php?id=1 The biggest change since BETA-2 is support for the filter_helo function, courtesy of Philip Prindeville. Please note that in my tests with Sendmail 8.13.4, Sendmail still returns a 250 reply code after HELO, no matter what. If your filter_helo returns a failure or tempfail code, it seems that Sendmail remembers this and returns it in response to MAIL. Complete changes since 2.54 follow. If no-one reports problems, this will become 2.55-FINAL. Regards, David. 2006-01-18 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.55-BETA-3 RELEASED 2006-01-17 David F. Skoll <[EMAIL PROTECTED]> * Added support for "filter_helo" function, based on a patch from Philip Prindeville. * examples/init-script.in: Fixed typo. * mimedefang.c: Use symbolic constants (MD_TEMPFAIL, MD_CONTINUE, etc.) instead of hard-coded integers, based on suggestion from Philip Prindeville. 2006-01-11 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.55-BETA-2 RELEASED * mimedefang.pl.in: The filter_begin function is now passed a single argument ($entity) representing the parsed message. *** NOTE INCOMPATIBILITY *** filter_begin NOW TAKES ONE ARGUMENT, NOT ZERO. IF YOUR FILTER HAS A PROTOTYPE FOR filter_begin, YOU SHOULD FIX OR REMOVE THE PROTOTYPE * mimedefang.c, mimedefang.pl.in: Added new action_insert_header to prepend headers (rather than appending them). Only works properly with Sendmail 8.13; on older versions of Sendmail, falls back to action_add_header. Based on patch from Matthew van Eerde. * mimedefang.pl.in: Added new function md_get_bogus_mx_hosts. Allows to test for sender domains with bogus MX hosts (such as hosts that resolve to the loopback or private IP addresses.) * mimedefang.pl.in: Invoke the "fsav" virus scanner with the --mime option. * mimedefang.pl.in: Correctly interpret kavscanner return code 9 (password-protected ZIP.) 2005-11-17 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.55-BETA-1 RELEASED * examples/init-script.in: Fix typo that resulted in the shell complaining of a syntax error (pointed out by Jason Englander). * Clean up man pages by removing some obsolete material. * mimedefang.c: Do NOT strip "bare CR" characters from e-mails by default. The new "-c" command-line option enables the older behavior. *** NOTE INCOMPATIBILITY *** WE NO LONGER STRIP BARE CR's FROM MESSAGES BY DEFAULT. TEST YOUR FILTERS CAREFULLY TO MAKE SURE THEY CAN COPE WITH THIS, OR USE THE -c FLAG. * mimedefang.c(rcptto): If you returned ACCEPT_AND_NO_MORE_FILTERING from filter_recipient, the spool files wouldn't get cleaned up, eventually clogging the spool directory. This has been fixed. * mimedefang.pl.in(interpret_hbedv_code): Fix interpretation of H+BEDV return codes (pointed out by Henning Schmiedehausen). 2005-11-04 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.54 RELEASED -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD4DBQFDzkTswYQuKhJvQuARAqrfAJ9eqoHDOXmw1sRzN/GLFB4XJprBvACY43Zb BrgKsp/h7Adjvqzn1l/G3Q== =DKpl -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http
RE: [Mimedefang] MIMEDefang 2.55-BETA-3 is available
Ignore My previous - I misread the sequence -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mack Sent: 18 January 2006 18:06 To: mimedefang@lists.roaringpenguin.com Subject: RE: [Mimedefang] MIMEDefang 2.55-BETA-3 is available Does this mean that filter_recipient still get's called if you issue the reject in in filter_helo ? If so, I'm not sure what advantage this gives as the code in filter_recipent can check the helo value and reject/tempfail quite happily ? or can you use return if message_rejected(); # Avoid unnecessary work within filter_recipient ? to save any extra processing ? Cheers Mack -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David F. Skoll Sent: 18 January 2006 13:39 To: mimedefang@lists.roaringpenguin.com Subject: [Mimedefang] MIMEDefang 2.55-BETA-3 is available -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, MIMEDefang 2.55-BETA-3 is available at http://www.mimedefang.org/node.php?id=1 The biggest change since BETA-2 is support for the filter_helo function, courtesy of Philip Prindeville. Please note that in my tests with Sendmail 8.13.4, Sendmail still returns a 250 reply code after HELO, no matter what. If your filter_helo returns a failure or tempfail code, it seems that Sendmail remembers this and returns it in response to MAIL. Complete changes since 2.54 follow. If no-one reports problems, this will become 2.55-FINAL. Regards, David. 2006-01-18 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.55-BETA-3 RELEASED 2006-01-17 David F. Skoll <[EMAIL PROTECTED]> * Added support for "filter_helo" function, based on a patch from Philip Prindeville. * examples/init-script.in: Fixed typo. * mimedefang.c: Use symbolic constants (MD_TEMPFAIL, MD_CONTINUE, etc.) instead of hard-coded integers, based on suggestion from Philip Prindeville. 2006-01-11 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.55-BETA-2 RELEASED * mimedefang.pl.in: The filter_begin function is now passed a single argument ($entity) representing the parsed message. *** NOTE INCOMPATIBILITY *** filter_begin NOW TAKES ONE ARGUMENT, NOT ZERO. IF YOUR FILTER HAS A PROTOTYPE FOR filter_begin, YOU SHOULD FIX OR REMOVE THE PROTOTYPE * mimedefang.c, mimedefang.pl.in: Added new action_insert_header to prepend headers (rather than appending them). Only works properly with Sendmail 8.13; on older versions of Sendmail, falls back to action_add_header. Based on patch from Matthew van Eerde. * mimedefang.pl.in: Added new function md_get_bogus_mx_hosts. Allows to test for sender domains with bogus MX hosts (such as hosts that resolve to the loopback or private IP addresses.) * mimedefang.pl.in: Invoke the "fsav" virus scanner with the --mime option. * mimedefang.pl.in: Correctly interpret kavscanner return code 9 (password-protected ZIP.) 2005-11-17 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.55-BETA-1 RELEASED * examples/init-script.in: Fix typo that resulted in the shell complaining of a syntax error (pointed out by Jason Englander). * Clean up man pages by removing some obsolete material. * mimedefang.c: Do NOT strip "bare CR" characters from e-mails by default. The new "-c" command-line option enables the older behavior. *** NOTE INCOMPATIBILITY *** WE NO LONGER STRIP BARE CR's FROM MESSAGES BY DEFAULT. TEST YOUR FILTERS CAREFULLY TO MAKE SURE THEY CAN COPE WITH THIS, OR USE THE -c FLAG. * mimedefang.c(rcptto): If you returned ACCEPT_AND_NO_MORE_FILTERING from filter_recipient, the spool files wouldn't get cleaned up, eventually clogging the spool directory. This has been fixed. * mimedefang.pl.in(interpret_hbedv_code): Fix interpretation of H+BEDV return codes (pointed out by Henning Schmiedehausen). 2005-11-04 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.54 RELEASED -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD4DBQFDzkTswYQuKhJvQuARAqrfAJ9eqoHDOXmw1sRzN/GLFB4XJprBvACY43Zb BrgKsp/h7Adjvqzn1l/G3Q== =DKpl -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang Th
RE: [Mimedefang] validating 'possibly forged' helo IP's?
-Original Message- From: Mack [mailto:[EMAIL PROTECTED] Sent: 13 January 2006 23:20 To: mimedefang@lists.roaringpenguin.com Subject: RE: [Mimedefang] validating 'possibly forged' helo IP's? It's a cath 22 really, how many fw/admins will configure to only d/load from MS IP's ? (none i bet) so it gives the if the patch can be d/loaded, so can anything else should the server be compromised ! But then, why run windoze servers on the inet, !! only valid reason i can think of these days is sun bought chillisoft (asp emulator for apache) which cost a damn fortune! (oh and asp.net sucks big time! - hell paul allen (or the MS guy who just did the PDP emu site on .net) can't even make his site SQL safe!) But anyway, not the list for such discuission, so i guess closing it from this ! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: 13 January 2006 13:53 To: mimedefang@lists.roaringpenguin.com Subject: RE: [Mimedefang] validating 'possibly forged' helo IP's? > On a tempory rule basis, as nobody but nobody should allow the servers to > patch themselves ,. look at the dmg this has done in the past ! Agreed. But getting a firewall manager to open the rule every time you want to get patches for the server will get you on their sh*t list. Windoze servers I have to deal with download, but do not install the patches automatically. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] validating 'possibly forged' helo IP's?
On a tempory rule basis, as nobody but nobody should allow the servers to patch themselves ,. look at the dmg this has done in the past ! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: 12 January 2006 21:02 To: mimedefang@lists.roaringpenguin.com Subject: RE: [Mimedefang] validating 'possibly forged' helo IP's? > But then how many configure port 80 outbound for a web server !!! It's a good idea to allow port 80 from IIS servers so you can get patches. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] validating 'possibly forged' helo IP's?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David F. Skoll Sent: 12 January 2006 18:15 To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] validating 'possibly forged' helo IP's? >(The large reply will make the DNS server want to fall back to TCP, >which is blocked by a lot of firewalls whose admins forget (if they >ever knew) that DNS can run over TCP as well as UDP.) But then how many configure port 80 outbound for a web server !!! ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] dictionary attacks looking for a valid user
without giving too much away about how i've implemented this. Basically -- Greylisting (triplet based) Throttleing -- User Based agaist triplet scoring Remote IP --Against tries/retries Eg the last virus to do the rounds, that .Y or .Z depending on your AV, basically tried to send x million virus to said addressess.. Spool em if over X and worry about em seperate (if doing user based scanning!!!) else set a throttle for domain based only allowing maybe 25 users trys soon as u get a fail - grey list and out she goes (not an MD feature) run sender verify & helo arg checks against sending host (as well as RBL etc) (add to spam score accordingly) Run Ldap against your recip server (you do run MD as a gateway not a terminating MTA??) Remember all valid mail servers will resend the mail within a reasonable time period spammers won't You can reduce your recieved spam by about 60ish% using this (since you never receive it) the rest is caught by spam assasin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alex Moore Sent: 15 December 2005 21:06 To: mimedefang@lists.roaringpenguin.com Subject: [Mimedefang] dictionary attacks looking for a valid user I have not seen this topic discussed. BTW, I appreciate the recent thread on greylisting. Spammer scenario: A spammer tries many times to find a user with something like a dictionary attack or a list of commonly used user names. How can I setup a rule in MIMEDefang to define those transactions? Say when a smtp server tries 10 times within a short time period and is sent a 550 code each time. I think that it would appropriate to have MD just blacklist that address. Is that possible? I want to ignore them completely after this event has occurred. Ideas? Thanks, Alex -- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: Even sillier disclaimers (was Re:[Mimedefang] defang startuperrors)
What's even funnier here, is .. append_html_boilerplate_at_start($entity,"", 0); or append_html_boilerplate($entity,"", 0); you wrote the software to make it nice and easy :) Only J/k What about changing the SMTP Greeting to say that by communicating with this server you accept it's terms and conditions and by communicating with it you accept that any other disclaimersr are null and voidified (is that a word?) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David F. Skoll Sent: Monday 12 December 2005 15:07 To: mimedefang@lists.roaringpenguin.com Subject: Re: Even sillier disclaimers (was Re:[Mimedefang] defang startuperrors) Todd Aiken wrote: > Ignore the text that follows this disclaimer which says that all > disclaimers in the above text are NULL AND VOID and that they can be > ignored. That disclaimer is false-the above is true. Well! :-) We have an arms race, then. I'll change my disclaimer to read "This disclaimer supersedes all other disclaimers, even if the other disclaimers claim otherwise. This is a NUCLEAR POWERED disclaimer that will ATOMIZE all other disclaimers. This disclaimer is TOP DOG." /me goes to write AI code to search out and remove disclaimers... (But actually, there is a serious point, because I'm sure it's quite frequent that in an e-mail exchange, duelling and incompatible disclaimers get added as the message travels around...) Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: Even sillier disclaimers (was Re: [Mimedefang] defang startup errors)
Wow David, Bad hangover after a Saturday Night ? lol However I do completely agree with you since i am obviously in violation of article 2, since i collect my email in multiple locations, whilst leaving a copy on the server. Now of course, new legistlation that is coming in for financial instutions (within my jurestiction) means that they have to archive email at the gateway for legal reasons - so in this case the email would have been copied upon recipt (MD can does this perfectly as well :P). So i guess companies would have to blacklist your entire sending domain, due to policy violations... I dread to think. Now perhaps if said re-sending or forwarding then maybe (but classic out of office replies or vaction forwarding to somebody else would be in violation of that) It just starts to get silly. Ah well Mack -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David F. Skoll Sent: 11 December 2005 15:36 To: mimedefang@lists.roaringpenguin.com Subject: Even sillier disclaimers (was Re: [Mimedefang] defang startup errors) So I actually read http://www.metropolitan.co.za/email_disclaimer.html Among other things: Article 2 prohibits copying of the e-mail. That means it can't be archived. It can't even be downloaded from a POP3 server and left on the server -- that's copying. Article 3 warns of civil liability if the e-mail is copied. Article 14 says Metropolitan's disclaimer trumps anyone else's. Article 15 says that the laws of South Africa govern the interpretation of the disclaimer. Wow! I know that disclaimers are silly, but that one's downright fascist. I'm going to have to take a hard line and ban people from posting on this list if they append such ridiculous disclaimers. The list is archived, so the disclaimer is inherently violated, and I certainly don't want to accept any responsibility for breaking someone's disclaimer. So I'm putting people on notice: Find a way to turn off fascist disclaimers, or I'm unsubscribing you. I don't have the resources to react if some crazy lawyer decides to try enforcing terms of an e-mail disclaimer. I'm also going to change the wording on the subscription page to state that posting to the MIMEDefang list means that any disclaimers or restrictions on your posting are null and void. Regards, David. ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] I can't send a message. Where is an error?
Always handy to have a looking in the maillog syslog -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Vladimir Pazuhin Sent: Tuesday 06 December 2005 12:39 To: mimedefang@lists.roaringpenguin.com Subject: [Mimedefang] I can't send a message. Where is an error? ALT Linux Sendmail 8.13 MIMEDefang 2.54 SpamAssassin is not installed I try to do following /usr/sbin/useradd -r -s /sbin/nologin defang ./configure make make install Copy ./examples/init-script to /etc/init.d/mimedefang Run /etc/init.d/mimedefang restart Edit file sendmail.mc INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, T=S:5m;R:5m') Edit file mimedefang-filter $AdminAddress = '[EMAIL PROTECTED]'; $DaemonAddress = '[EMAIL PROTECTED]'; Compile sendmail.cf and restart sendmail When I try to send a message, it return unknown error 451.4.7.1 Where is error? There is the end of sendmail.mc, which was before nl --- Clam AV virus scaner -- define(`_FFR_MILTER',1) define(`confMILTER_LOG_LEVEL',`9') INPUT_MAIL_FILTER(`clmilter', `S=local:/var/run/clamav/clmilter.sock, T=C:15s') ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] odd behavior under load from boucnes
That'll be the 7.2k drives then !!! :P However, The I-ram (4gb) or hyperdrive III (16gb) make nice temp storage areas as long as you can live with loss But i still recommend put debug code in (commented) with timeing stats using the time:HiRes module, then you can nail the bits of code taking forever -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: 05 December 2005 20:58 To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] odd behavior under load from boucnes > - 3 Disk RAID5 of 72k RPM disks, on which everything sits including the Dang!! I thought the 15K RPM drives I had in my server were fast! :) ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Creating live graph for monitoring the mail systems
If you have access to a mysql (or equiv) database, and use MD accordingly, you can use JPGRAPH to produce some nice on the fly graphs -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mathew Thomas Sent: 02 December 2005 03:33 To: mimedefang@lists.roaringpenguin.com Subject: [Mimedefang] Creating live graph for monitoring the mail systems Hi I use some Perl script to analyse the syslog which produces a lot of information like total mail, no. inbound/outbound mail, no. of spam, no. of mail with viruses, dropped mail, etc daily via a cron job. I would like to use the data to produce some graph for live monitoring the mail gateways via web. I can run the script every half an hour or 15 min and produce the necessary data. I don't know how to go ahead with it. Please reply. Thanks in advance for the help Mathew ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Charset GB2312 Errors
I'm getting some chinese/japanese mail through, and am seeing these lines below in the log mimedefang-multiplexor[29260]: Slave 2 stderr: ignoring text in character set `GB2312' at /usr/lib/perl5/site_perl/5.8.5/MIME/Parser/Filer.pm line 646 mimedefang-multiplexor[29260]: Slave 2 stderr: ignoring text in character set `GB2312' at /usr/lib/perl5/site_perl/5.8.5/MIME/Parser/Filer.pm line 520 Are they critical ? (seems not as the mail processess okay without any problems and all rules in the filter are applied) If not, what's the easiest way to work round them (not used to running a multilingual server !) Cheers Mack ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MIMEDefang 2.55-BETA-1 is available
I note you've not dealt with the code ==9 for the kavscanner bit yet (pswd protected zips) That should be moved to suspiscous at least, and not temp fail ? Mack -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David F. Skoll Sent: 17 November 2005 19:50 To: mimedefang@lists.roaringpenguin.com Subject: [Mimedefang] MIMEDefang 2.55-BETA-1 is available -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, MIMEDefang 2.55-BETA-1 is available from the download page: http://www.mimedefang.org/node.php?id=1 Please test this one out; we now pass bare characters through by default. This is a fairly major change in policy. Full changelog since 2.54 follows. Regards, David. 2005-11-17 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.55-BETA-1 RELEASED * examples/init-script.in: Fix typo that resulted in the shell complaining of a syntax error (pointed out by Jason Englander). * Clean up man pages by removing some obsolete material. * mimedefang.c: Do NOT strip "bare CR" characters from e-mails by default. The new "-c" command-line option enables the older behavior. *** NOTE INCOMPATIBILITY *** WE NO LONGER STRIP BARE CR's FROM MESSAGES BY DEFAULT. TEST YOUR FILTERS CAREFULLY TO MAKE SURE THEY CAN COPE WITH THIS, OR USE THE -c FLAG. * mimedefang.c(rcptto): If you returned ACCEPT_AND_NO_MORE_FILTERING from filter_recipient, the spool files wouldn't get cleaned up, eventually clogging the spool directory. This has been fixed. * mimedefang.pl.in(interpret_hbedv_code): Fix interpretation of H+BEDV return codes (pointed out by Henning Schmiedehausen). 2005-11-04 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.54 RELEASED -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDfN76wYQuKhJvQuARAmeHAJ92apRtysdSgMpTyBJdOWgVd6TchQCfcnG0 BiAaBKDYwxaFNy9T/d7yI5g= =q9G5 -END PGP SIGNATURE- ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] ACCEPT_AND_NO_MORE_FILTERING leaves behind workingfiles in /var/spool/MIMEdefang
Nicely Spotted, I did wonder where those orphan files were coming from, but
they seemed so infrequent (i never investigated it any further!)
Guess i'll have to patch the only server i have that uses the AANMF return
val
Cheers
Mack
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of David
F. Skoll
Sent: 17 November 2005 18:10
To: mimedefang@lists.roaringpenguin.com
Subject: Re: [Mimedefang] ACCEPT_AND_NO_MORE_FILTERING leaves behind
workingfiles in /var/spool/MIMEdefang
Ken Menzel wrote:
> I am trying to implement a recipient filter. It seems to mostly work as
> intended except when I use ACCEPT_AND_NO_MORE_FILTERING as the return
> option mimedefang slowly fills /var/spool/MIMEdefang directory with left
> over COMMAND and HEADER files in the working directories.
Congratulations! You've found a bug in mimedefang.c!
The patch below should fix it. Sorry about that!
Regards,
David.
--- mimedefang-2.54/mimedefang.c2005-10-14 12:33:27.0 -0400
+++ mimedefang-2.55/mimedefang.c2005-11-17 13:07:13.0 -0500
@@ -16,7 +16,7 @@
***/
static char const RCSID[] =
-"$Id: mimedefang.c,v 1.229 2005/10/14 16:33:27 dfs Exp $";
+"$Id: mimedefang.c,v 1.230 2005/11/17 18:07:13 dfs Exp $";
/* Define this to work around an M$ Outlook bug! */
/* #define CONVERT_EMBEDDED_CRS_IN_HEADERS 1 */
@@ -882,8 +882,8 @@
}
if (n == 2) {
set_dsn(ctx, ans, 2);
-
- retcode = SMFIS_ACCEPT;
+ cleanup(ctx);
+ return SMFIS_ACCEPT;
}
if (n == 3) {
set_dsn(ctx, ans, 2);
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This Email Has Been Anti-Virus Scanned
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] perl problem
my $newrecip =$recip;
$newrecip =~ s/'/''/gi;
$sth1 = $dbh->prepare("SELECT value FROM userpref WHERE username =
'$recip' && preference='whitelist_from'");
that will fix it, (replacing the ' with '') be carefull of \' as well if you
are using mysql
Mack
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of B.
Tolka
Sent: Thursday 10 November 2005 12:44
To: mimedefang@lists.roaringpenguin.com
Subject: [Mimedefang] perl problem
I my milter I have a mysql call below.
$sth1 = $dbh->prepare("SELECT value FROM userpref WHERE username =
'$recip' && preference='whitelist_from'");
My slave is always getting killed because of an aprostophe in an email
address. It fails at '$recip'.
Is there another way to code the above line??
Thanks
Bryan Tolka
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This Email Has Been Anti-Virus Scanned
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MIMEDefang 2.54 is Released
that would be nice, but i tend to run the generic scan routine (to test initially for virus) and then run the individual scanner routines based on the the result (ie if virus found, run each installed scanner directly to find out which found it and what name it was) - cumbersome, but effective as the load is only increased when viruses are found. Also, by tagging in this way, you only have to scan the individual parts when the top level found a virus (if you are doing disinfect) Mack -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: 05 November 2005 00:17 To: mimedefang@lists.roaringpenguin.com Subject: RE: [Mimedefang] MIMEDefang 2.54 is Released David F. Skoll wrote: > MIMEDefang 2.54 is available at > http://www.mimedefang.org/node.php?id=1 ... > * Added experimental support for Kaspersky "kavscanner". Feature Request: could you have have the various virus detection routines record which scanner caught the virus? This would be useful for purposes of evaluating scanner performance, and it can be very helpful in diagnosing false positives. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MIMEDefang 2.54 is Released
>>* Added experimental support for Kaspersky "kavscanner".
I've been using kavscanner quite successfully since the 2.42 branch,
Although i've not looked at the implementation code yet, i'm guessing it's
similar to the patch that i've been using (see
http://lists.roaringpenguin.com/pipermail/mimedefang/2004-July/023311.html )
However, i did have to modify this patch with
sub interpret_kavscanner5_code ($) {
.
# infected=25
if ($code == 25) {
$CurrentVirusScannerMessage =~ s/\t/ /gi; # Added line to actually
return virusname
$VirusName = $1
if ($CurrentVirusScannerMessage =~ m/INFECTED (\S+)/);
Not sure if you've implemented , but it does return a code 9 for password
protected zips (that don't match know virus zips)
Cheers
Mack
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of David
F. Skoll
Sent: 04 November 2005 14:56
To: mimedefang@lists.roaringpenguin.com
Subject: [Mimedefang] MIMEDefang 2.54 is Released
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
MIMEDefang 2.54 is available at http://www.mimedefang.org/node.php?id=1
There are only a few minor changes relative to 2.53; changelog follows.
Regards,
David.
2005-11-04 David F. Skoll <[EMAIL PROTECTED]>
* VERSION 2.54 RELEASED
* Makefile and configure script now allow MIMEDefang to be built
against a shared library version of libmilter (libmilter.so).
* Added experimental support for Kaspersky "kavscanner".
* Both mimedefang and mimedefang-multiplexor now accept a
"-z spooldir" argument so you can move the spool directory
away from the compiled-in default at run-time.
2005-09-07 David F. Skoll <[EMAIL PROTECTED]>
* VERSION 2.53 RELEASED
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDa3ZjwYQuKhJvQuARAqAaAKCh+JMKYGaFKxAVkVOEpXjydvouCgCgp6sz
FojmvbjLwj2AMacKCpr+55M=
=6D52
-END PGP SIGNATURE-
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This Email Has Been Anti-Virus Scanned
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Removing the X-Scanned-By: MIMEDefang
if you are using the rehdat jobbie, then either in (depending on which you are using) /etc/sysconfig/mimedefang or /etc/rc.d/init.d/mimedefang MD_EXTRA="-X" and that should do it Cheers Mack -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Paul Houselander Sent: Wednesday 19 October 2005 11:23 To: mimedefang@lists.roaringpenguin.com Subject: [Mimedefang] Removing the X-Scanned-By: MIMEDefang Hi Sorry if this is a common question but ive googled and search the list and couldnt find a definive answer. I would like to not add the "X-Scanned-By: MIMEDefang 2.53 on x.x.x.x header", I saw a message dated 2002 that it was fairly easy to edit the source and recompile but a command line switch may be added. Was a switch ever added or is it still a case of editing the source? Thanks Paul p.s. great product, I was thinking I may need to get some new servers to cope with the volume of mail we get but implementing just a couple of filters and my box is good for a few more years yet I reckon!! ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] SPF help needed
This is the spf I use, seems to work fine
sub spf_query () {
my ($ip, $sender, $helo, $guess) = @_;
# The guess parameter needs to be set to either 0 or 1.
if ($guess != 1) {
$guess = 0;
}
# Check this sender against any SPF or Caller-ID records
# that might be available.
my $ospfresult;
my $ospfsmtp_comment;
my $ospfheader_comment;
my $ospfspf_record;
eval {
my $query = new Mail::SPF::Query ( ip => $ip,
sender => $sender,
helo => $helo,
guess=> $guess,
callerid => {
"*."=> {
check => 1 } }
);
my ($result, $smtp_comment, $header_comment, $spf_record) =
$query->result();
$ospfresult=$result;
$ospfsmtp_comment=$smtp_comment;
$ospfheader_comment=$header_comment;
$ospfspf_record=$spf_record;
};
if ( $@ ) {
$ospfresult="invalid";
}
return ($ospfresult, $ospfsmtp_comment, $ospfheader_comment,
$ospfspf_record);
}
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
Super-Dome
Sent: 01 October 2005 15:58
To: mimedefang@lists.roaringpenguin.com
Subject: [Mimedefang] SPF help needed
Dear ALL
I have checked that SPF record is working fine . i am putting the
following
code above filter_begin .which is also mentioned in Wiki
died prematurely -- check your filter rules
Thanks and Regards
SD
# %PROCEDURE: spf_query
sub spf_query () {
my ($ip, $sender, $helo, $guess) = @_;
# The guess parameter needs to be set to either 0 or 1.
if ($guess != 1) {
$guess = 0;
}
# Check this sender against any SPF or Caller-ID records
# that might be available.
my $query = new Mail::SPF::Query ( ip => $ip,
sender => $sender,
helo => $helo,
guess=> $guess,
callerid => {
"*."=> {
check => 1 } }
);
my ($result, $smtp_comment, $header_comment, $spf_record) =
$query->result();
return ($result, $smtp_comment, $header_comment, $spf_record);
}
sub filter_sender {
# Query for SPF information with guess mode off
my ($result, $smtp_comment, $header_comment, $spf_record) =
spf_query ($ip, $sender, $helo, 0);
# If SPF says this sender is not coming from an authorized MTA,
# then reject it.
if ($result eq "fail") {
md_syslog ('info', "Received-SPF: $result ($header_comment) " .
"$spf_record, Helo=$helo");
return('REJECT', "Access Denied (SPF) [$smtp_comment], " .
"Relay=$hostname [$ip], Helo=$helo");
} else {
return ('CONTINUE', "ok");
}
}
-- WorldCALL Webmail
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This Email Has Been Anti-Virus Scanned
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] (no subject)
If you take mimedefang out of the sendmail config temporarily, does it still
happen (let's try a process of elimination)
just comment these lines in sendmail.cf and restart sendmail
#O InputMailFilters=mimedefang
# Milter options
#O Milter.macros.connect=j, _, {daemon_name}, {if_name}, {if_addr}
#O Milter.macros.helo={tls_version}, {cipher}, {cipher_bits}, {cert_subject},
{cert_issuer}
#O Milter.macros.envfrom=i, {auth_type}, {auth_authen}, {auth_ssf},
{auth_author}, {mail_mailer}, {mail_host}, {
mail_addr}
#O Milter.macros.envrcpt={rcpt_mailer}, {rcpt_host}, {rcpt_addr}
#O Milter.macros.eom={msg_id}
like that for now and then try some spam (remember your av will be offline
during this test
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
[EMAIL PROTECTED]
Sent: Thursday 22 September 2005 09:21
To: mimedefang@lists.roaringpenguin.com
Subject: RE: [Mimedefang] (no subject)
Quoting Mack <[EMAIL PROTECTED]>:
> Lol, wasn't really the answer i was hoping for,
> Do all your messages have the X-SPAM headers in them, or only the
Yepall mail
> ones that get into your 'spamdrop'
> maybe check your submit.cf for the same thing.
here is the result:
#O InputMailFilters
>
This message was sent using IMP, the Internet Messaging Program.
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This Email Has Been Anti-Virus Scanned
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] (no subject)
Lol, wasn't really the answer i was hoping for, Do all your messages have the X-SPAM headers in them, or only the ones that get into your 'spamdrop' maybe check your submit.cf for the same thing. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Wednesday 21 September 2005 08:09 To: mimedefang@lists.roaringpenguin.com Subject: RE: [Mimedefang] (no subject) Quoting Mack <[EMAIL PROTECTED]>: > try doing a quick > grep InputMailFilters sendmail.cf > > and post back the output O InputMailFilters=mimedefang #O InputMailFilters Meni This message was sent using IMP, the Internet Messaging Program. ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Mimedefang & clamd
Ah, so what's ClamAV then ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Tuesday 20 September 2005 16:56 To: mimedefang@lists.roaringpenguin.com Subject: RE: [Mimedefang] Mimedefang & clamd Mack wrote: > it would seem that it thinks Virus:ClamAV is there (at the topish of > the list) but also not there > Virus:ClamAV : yes (/usr/local/bin/clamdscan) > Virus:CLAMAV : no 'ClamAV' ne 'CLAMAV' -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] (no subject)
try doing a quick grep InputMailFilters sendmail.cf and post back the output -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Tuesday 20 September 2005 15:23 To: mimedefang@lists.roaringpenguin.com Subject: RE: [Mimedefang] (no subject) Quoting Mack <[EMAIL PROTECTED]>: > Just a thought on this, > Mimedefang example filter only adds the headers > X-Scanned-By: > X-Spam-Score: > > the other 3 headers you have > (X-Spam-Checker-Version:,X-Spam-Level:,X-Spam-Status:) make me think > that spamassissin is running directly within sendmail ? ps -e | grep spam -> shows nothing... > and not just being called from within mimedefang - > > issue a > spamassissin stop statement and see if that breaks the sendmail $/etc/init.d/spamassassin stop Stopping SpamAssassin Mail Filter Daemon: No spamd found running; none killed. spamd. > > you can check for spamassassin by > ps -ef |grep spam > to see if it's running > > I think it's the spamass-milter you've got somewhere what's that?? Meni This message was sent using IMP, the Internet Messaging Program. ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] (no subject)
Just a thought on this, Mimedefang example filter only adds the headers X-Scanned-By: X-Spam-Score: the other 3 headers you have (X-Spam-Checker-Version:,X-Spam-Level:,X-Spam-Status:) make me think that spamassissin is running directly within sendmail ? and not just being called from within mimedefang - issue a spamassissin stop statement and see if that breaks the sendmail you can check for spamassassin by ps -ef |grep spam to see if it's running I think it's the spamass-milter you've got somewhere -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Tuesday 20 September 2005 14:28 To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] (no subject) Quoting [EMAIL PROTECTED]: >> X-Scanned-By: MIMEDefang 2.51 on x.x.x.x >> X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on my.domain >> X-Spam-Level: >> X-Spam-Status: No, score=0.8 required=5.0 tests=HELO_DYNAMIC_IPADDR2 >> autolearn=no version=3.0.3 >> >> ?!? >> how come emails with spam status=no endup in spam mailbox?!? > > Are you using any RBLs or other test that would indicate spam without > scoring 5 points in SA? none to my knowladge...(how do i check that??) This message was sent using IMP, the Internet Messaging Program. ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Mimedefang & clamd
try adding this line to the top of the mimedefang-filter
$Features{"Virus:CLAMAV"} = '/usr/local/bin/clamdscan';
and then doing a
md-mx-ctrl reread
and then try the eicar again
what i meant by i've not seen the top one (Virus:ClamAV), is a quick grep of
mimedefang.pl gives nothing
fgrep ClamAV mimedefang.pl
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday 20 September 2005 14:26
To: mimedefang@lists.roaringpenguin.com
Subject: RE: [Mimedefang] Mimedefang & clamd
Quoting Mack <[EMAIL PROTECTED]>:
> it would seem that it thinks Virus:ClamAV is there (at the topish of
> the list) but also not there
> Virus:ClamAV : yes (/usr/local/bin/clamdscan)
> Virus:CLAMAV : no
>
Yep, i noticed that BUT couldn't figure it out...
>
> I've not seen the top one, are you assigning this in your code
> (perhaps a case issue?)
What do you mean??
'I've not seen the top one' ?? what top one ??
I did not change anything manualy...just followed the intallation
proccess as it
apears in mimedefang.org...
should i reconfigure mimedefang??
How do i make an upgrade??
Meni
This message was sent using IMP, the Internet Messaging Program.
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This Email Has Been Anti-Virus Scanned
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Mimedefang & clamd
it would seem that it thinks Virus:ClamAV is there (at the topish of the list) but also not there Virus:ClamAV : yes (/usr/local/bin/clamdscan) Virus:CLAMAV : no I've not seen the top one, are you assigning this in your code (perhaps a case issue?) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Tuesday 20 September 2005 13:20 To: mimedefang@lists.roaringpenguin.com Subject: RE: [Mimedefang] Mimedefang & clamd Quoting Mack <[EMAIL PROTECTED]>: > run > mimedefang.pl -features > and email the results to the list Thanks for your help, Mack. here it is: MIMEDefang version 2.51 File::Scan: yes HTML::Parser : yes HTML::TokeParser : yes Path:CONFDIR : yes (/etc) Path:QUARANTINEDIR: yes (/var/spool/MIMEDefang) Path:SENDMAIL : yes (/usr/sbin/sendmail) Path:SPOOLDIR : yes (/var/spool/MIMEDefang) SpamAssassin : yes Unix::Syslog : yes Virus:ClamAV : yes (/usr/local/bin/clamdscan) Virus:FileScan: yes Archive::Zip : no HTMLCleaner : no Net::DNS : no Virus:AVP : no Virus:AVP5: no Virus:BDC : no Virus:CLAMAV : no Virus:CLAMD : no Virus:CSAV: no Virus:FPROT : no Virus:FPROTD : no Virus:FSAV: no Virus:HBEDV : no Virus:NAI : no Virus:NVCC: no Virus:OpenAV : no Virus:SOPHIE : no Virus:SOPHOS : no Virus:SymantecCSS : no Virus:TREND : no Virus:TROPHIE : no Virus:VEXIRA : no Anomy::HTMLCleaner: missing Archive::Zip : missing Digest::SHA1 : Version 2.10 File::Scan: Version 1.43 HTML::Parser : Version 3.45 HTML::TokeParser : Version 2.30 IO::Socket: Version 1.28 IO::Stringy : Version 2.110 MIME::Base64 : Version 3.04 MIME::Tools : Version 5.417 MIME::Words : Version 5.417 Mail::Mailer : Version 1.62 Mail::SpamAssassin: Version 3.03 Net::DNS : missing Unix::Syslog : Version 0.100 Meni This message was sent using IMP, the Internet Messaging Program. ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: Going OT For David - RE: [Mimedefang] mail server performencedeclain
Nice Find, Shame it only goes up to 4Gb though http://translate.google.com/translate?u=http%3A%2F%2Fwww.gigabyte.co.jp%2Fnippon%2Fi-ram%2Firam-i2.html&langpair=ja%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Scully Sent: Tuesday 20 September 2005 13:59 To: mimedefang@lists.roaringpenguin.com Subject: Re: Going OT For David - RE: [Mimedefang] mail server performencedeclain Gigabyte recently (Aug 25th ) announced a $50 battery protected PCI/SATA ramdisk card. text below copied from the announcement. I am going to try one of these. "The card is a regular 32-bit PCI card that features four standard DIMM slots on board. The card also features a custom Gigabyte FPGA that is programmed to act as a SATA to DDR translator, which convinces the SATA controller you connect the card to that the memory you have on that card is no different than a regular SATA HDD. As long as you have memory on the card, the card will be available at POST as an actual SATA drive, with no additional drivers necessary. The card is powered via the PCI slot, but RAM is volatile and thus if no power is provided to the card then all of the data is lost. In order to make this solution more realistic for real-world usage, Gigabyte outfitted the card with a rechargeable battery pack that can keep the memory powered and data intact for up to 16 hours with no power. After that 16 hours is up, your data is lost, but as soon as you apply power to the card again the battery pack will begin to recharge. " This is an interesting way to implement a ramdisk. The PCI slot is just controlling the card and providing power (including recharging the battery), but the card plugs into a SATA controller and appears as a standard HDD. John Scully - Original Message - From: "Mack" <[EMAIL PROTECTED]> To: Sent: Monday, September 19, 2005 1:02 PM Subject: Going OT For David - RE: [Mimedefang] mail server performence declain > > Probably, mind you, I don't use a ram based spool, but my reasoning is the > limiting factor on email sizes (yes i still have to be able to process msgs > up to 1GB (don't ask) and i run 25 threads, so that would be an expensive > ram disk !! > > However, I still see sub 1/2 second process times on emails even with 3 av > engines and spamassissin (with a huge ruleset) running, even when almost all > threads are loaded :) > > But then I rely on the load average creeping up, and sendmail rejecting > connections (due to having set the reject LA quite low) which the Load > balancer then distributes to other boxes. So even a biggie email doesn't > clog the system > > Also a nice 15k Raid 5 (for the local processing) does help > > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of David > F. Skoll > Sent: 19 September 2005 17:50 > To: mimedefang@lists.roaringpenguin.com > Subject: Re: [Mimedefang] mail server performence declain > > > Mack wrote: > > I'll repost this, as it may help > > Based on the OP's article, I bet he's not using a RAM disk, which > will of course kill performance. > > See http://www.mimedefang.org/kwiki/index.cgi?RamBasedSpoolDirectory > > -- > David. > ___ > Visit http://www.mimedefang.org and http://www.roaringpenguin.com > MIMEDefang mailing list > MIMEDefang@lists.roaringpenguin.com > http://lists.roaringpenguin.com/mailman/listinfo/mimedefang > > This Email Has Been Anti-Virus Scanned > > ___ > Visit http://www.mimedefang.org and http://www.roaringpenguin.com > MIMEDefang mailing list > MIMEDefang@lists.roaringpenguin.com > http://lists.roaringpenguin.com/mailman/listinfo/mimedefang > > ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] (no subject)
I guess without knowing how your filter is setup it's gonna be difficult to trace the problem. My thoughts are that somehow you are quarentineing stuff by mistake (maybe a filter coding error?) Is the mailserver actually delivering to mailboxes, since mimedefang it's self doesn't 'deliver' it just sits in the process of the smtp transaction, it's sendmail that will deliver in the end without something like this in your milter action_quarantine_entire_message(); return action_discard(); then mimedefang won't quarantine at all -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Tuesday 20 September 2005 13:18 To: mimedefang@lists.roaringpenguin.com Subject: RE: [Mimedefang] (no subject) Quoting Mack <[EMAIL PROTECTED]>: > Are you using a spam rule within outlook ? No, I mean mimedefang puts this mail in a special mailbox i create to "quarentine" spam, since i noticed 'legal' mail is missing... i extracted the header using mutt. > Do you mean that your mail client is detecting spam that is not being > tagged ? no Meni This message was sent using IMP, the Internet Messaging Program. ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Mimedefang & clamd
run mimedefang.pl -features and email the results to the list -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Tuesday 20 September 2005 12:48 To: mimedefang Subject: [Mimedefang] Mimedefang & clamd hello plp, I desided to post on deferent post since one problem is not related to the other thous separating the answers...(hope you understand...) I got sendmail 8.13 on debian 3.1 with mimedefang + clamd + sa. The mimedefang works ok with sa , and i can see the resolts of preventing spam and the changes to the headers. (though mimedefang deliver non spam mail to spamdrop mailbox?!?) But this post is about clamd! so...although clamd was install before mimedefang using the 'defang' user to run. and mimedefang is aware of clamd (i checked it in config.log) and clamd.sock is available in /var/spool/MIMEDefang/clamd.sock, still viruses come through (i used eicar checks) and i NO X-headers about virus scan nor log entry in /var/log/mail.log or /var/log/clamd.log my guess is that mimedefang is not using the clamd and not scanning for viruses!! why is that? how can i fix that?? 10x for your thoughts... Meni This message was sent using IMP, the Internet Messaging Program. ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] (no subject)
Are you using a spam rule within outlook ? Do you mean that your mail client is detecting spam that is not being tagged ? if so, then you will need to increase your spamassasin ruleset have a look at http://www.exit0.us/index.php?pagename=RulesDuJour and http://wiki.apache.org/spamassassin/CustomRulesets -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Tuesday 20 September 2005 12:38 To: mimedefang Subject: [Mimedefang] (no subject) Hello plp, Thanks for help in prior post. I got some problems yet, here's one: mail tagged as NOT spam, end up in spam mailbox?!? eg: X-Orig-Rcpts: [EMAIL PROTECTED] X-Scanned-By: MIMEDefang 2.51 on x.x.x.x X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on my.domain X-Spam-Level: * X-Spam-Status: No, score=1.6 required=5.0 tests=RCVD_BY_IP,RCVD_NUMERIC_HELO autolearn=no version=3.0.3 or: X-Scanned-By: MIMEDefang 2.51 on x.x.x.x X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on my.domain X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=HELO_DYNAMIC_IPADDR2 autolearn=no version=3.0.3 ?!? how come emails with spam status=no endup in spam mailbox?!? Thanks, Meni This message was sent using IMP, the Internet Messaging Program. ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Going OT For David - RE: [Mimedefang] mail server performence declain
Probably, mind you, I don't use a ram based spool, but my reasoning is the limiting factor on email sizes (yes i still have to be able to process msgs up to 1GB (don't ask) and i run 25 threads, so that would be an expensive ram disk !! However, I still see sub 1/2 second process times on emails even with 3 av engines and spamassissin (with a huge ruleset) running, even when almost all threads are loaded :) But then I rely on the load average creeping up, and sendmail rejecting connections (due to having set the reject LA quite low) which the Load balancer then distributes to other boxes. So even a biggie email doesn't clog the system Also a nice 15k Raid 5 (for the local processing) does help -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David F. Skoll Sent: 19 September 2005 17:50 To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] mail server performence declain Mack wrote: > I'll repost this, as it may help Based on the OP's article, I bet he's not using a RAM disk, which will of course kill performance. See http://www.mimedefang.org/kwiki/index.cgi?RamBasedSpoolDirectory -- David. ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] mail server performence declain
I'll repost this, as it may help
It may be worth you checking your milter code for timing issues, as
optimising the milter can make big differences
if you import Time Hi-Res
use Time::HiRes qw( usleep ualarm gettimeofday tv_interval );
and then at the start of each sub within the filter do
sub filter_xxx ($) {
my $t0 = [gettimeofday];
Your Code
and then at the end of the sub
...
my $elapsed = tv_interval ( $t0, [gettimeofday]);
md_syslog('warning',"TC : filter_xxx : $elapsed");
}
you will be able to get an idea if things are taking a little long, and thus
slowing performance down dramtically and enabling you to make changes to
your mimedefang-filter accordingly
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
[EMAIL PROTECTED]
Sent: 19 September 2005 15:06
To: mimedefang
Subject: [Mimedefang] mail server performence declain
Hi,
I got a new debian serge 3.1 installed on a server with intel xeon 2.40GHz &
1Gb
mem.
I got sendmail 8.13.4 + mimedefang 2.51 + sa 3.0.3 + perl 5.8.4.
ever since i install mimedefang the delivery of mail got very slow!
if i use an asp form to send mail it take too long.
i also notice it filter both incoming and outgoing mail, when my intension
were
to scan only incoming mail.
How do i test latancy?? how can i minimize scan time? and avoid scanning
outbound mail??
Thanks alot,
Meni
This message was sent using IMP, the Internet Messaging Program.
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This Email Has Been Anti-Virus Scanned
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Correct permissions for stats file?
for me, in /var/log drwxr-xr-x 2 defang defang 4096 Sep 13 15:57 mimedefang and then the stats file is created by mimedefang with -rw-r- 1 defang defang0 Sep 13 15:57 stats delete any stats file you may have in there just to be sure Cheers Mack -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Regan Sent: Tuesday 13 September 2005 15:42 To: mimedefang@lists.roaringpenguin.com Subject: [Mimedefang] Correct permissions for stats file? Hello! I keep getting permission denied errors when trying to get the stats logging going... mimedefang-multiplexor[11395]: Could not open stats file /var/log/ mimedefang/stats: Permission denied Can anyone tell me exactly what permissions the mimedefang folder should have? I've got it running as defang and have tried defang.defang with +rw on both but it still gives the error. r e g a n ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] How do you use the -X flag?
Revision # $Revision: 1.9 $ # $Author: dfs $ # $Date: 2004/06/21 18:46:03 as does # $Revision: 1.11 $ # $Author: dfs $ # $Date: 2004/10/28 20:31:21 $ of the init script seems to work just fine from using MD_EXTRA="-X" in the sysconfig dir as i'm running a few servers using it ! I know on the older init scripts (pre 1.28) i had to modify the start line directly Cheers Mack -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David F. Skoll Sent: Tuesday 13 September 2005 14:45 To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] How do you use the -X flag? Regan wrote: > I put that code into the /etc/sysconfig/mimedefang file - reading the > instructions in there it looks like the right place to be. MD_EXTRA won't work. You need to edit the init script itself, look for the line that invokes mimedefang-multiplexor, and manually add the -X flag. Regards, David. ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
FW: [Mimedefang] How do you use the -X flag?
just doing /etc/rc.d/init.d/mimedefang restart is enough, as that fully stops/starts it What version of Mimedefang are you running, as there were changes between 2.44 and current (can't remember which version) as i used to -x my_message which got changed, so i now have to use the -X and an add_header in the milter code Ensure that your stop/start script doesn't have MD_EXTRA="" in it just to ensure - as i've got varying flavours of the init script if it has, then obviously add the "-X" in there -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Regan Sent: Tuesday 13 September 2005 14:42 To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] How do you use the -X flag? I put that code into the /etc/sysconfig/mimedefang file - reading the instructions in there it looks like the right place to be. I saved it and restarted mimedefang - no go. Forced it to re-read the rules - no go. Is there some other way to get mimedefang to re-read that lot of settings? Thanks > if you are using the rehdat jobbie, then either in (depending on > which you are using) > > /etc/sysconfig/mimedefang > or > /etc/rc.d/init.d/mimedefang > > MD_EXTRA="-X" > > and that should do it ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] help with Chinese emails..
you could enable the locals in the sa-mimedefang.cf ok_locales en ja zh(allow English, Japanese, and Chinese) and then use a chinese ruleset http://www.ccert.edu.cn/spam/sa/Chinese_rules_en.htm and seehow that helps -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Tuesday 13 September 2005 14:17 To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] help with Chinese emails.. [EMAIL PROTECTED] wrote on 09/13/2005 02:07:53 AM: > We have a couple of chinese staffs who work with us. The emails they send > and receive in chinese (genuine emails) are tagged as spam and is > redirected to the mail box. I have to forward those emails to them every > time. How do I resolve this issue?? I don't want to remove chinese emails > being scanned for spams. Please help.. Can you whitelist some senders/domains to take care of it, or are they too varied to whitelist? What rules are the messages hitting on? If there are only a few, consider reducing the points or removing them. ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] How do you use the -X flag?
if you are using the rehdat jobbie, then either in (depending on which you are using) /etc/sysconfig/mimedefang or /etc/rc.d/init.d/mimedefang MD_EXTRA="-X" and that should do it Cheers Mack -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Regan Sent: Tuesday 13 September 2005 13:56 To: mimedefang@lists.roaringpenguin.com Subject: [Mimedefang] How do you use the -X flag? Hello! I have hunted through the list archives to find out how to apply the - X flag but can't find it anywhere. (to remove the X-Scanned-By tag) I'm launching mimedefang using an init script - do I put the -X flag in there? If yes - where exactly does it go? I'm running the latest version of mimedefang on mandriva linux. Any help or direction would be much appreciated! Thanks r e g a n ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MX -> 127.0.0.1
The Sef firewall (formally know as raptor) 's mail proxy will reject any connection (ie drop it once resovled before proxying to the mail server) that has that set and an MX record, as it considers anything publishing private address space as suspect. Cheers Mack >I would reject mail from a domain that does that. If I publish >192.168.1.1 as an MX record, all kinds of bad things could happen >if outside senders sent me mail, from mail being bounced to sensitive >information falling into the wrong hands. It's a really dumb idea >to publish MX records that resolve to private addresses. > >Regards, > >David. ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] "Please try again later"
It may be worth you checking your milter code for timeing issues, as
optimising the milter can make big differences
if you import Time Hi-Res
use Time::HiRes qw( usleep ualarm gettimeofday tv_interval );
and then at the start of each sub within the filter do
sub filter_xxx ($) {
my $t0 = [gettimeofday];
Your Code
and then at the end of the sub
...
my $elapsed = tv_interval ( $t0, [gettimeofday]);
md_syslog('warning',"TC : filter_xxx : $elapsed");
}
you will be able to get an idea if things are taking a little long, and thus
slowing performance down dramtically and enabling you to make changes to
your mimedefang-filter accordingly
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of John
Rudd
Sent: 10 September 2005 17:33
To: mimedefang@lists.roaringpenguin.com
Subject: [Mimedefang] "Please try again later"
This morning, I'm putting mimedefang into production, just for virus
and attachment checks. I'm seeing a lot of "Please try again later"
responses from mimedefang. The problem is, this same sever is used by
my local users (not just remote MTAs), and we don't want them getting
that type of response.
What do I need to adjust to make this happen less? (sendmail's load
threshold is much higher than the load I'm seeing on teh system, so I
don't think it's that)
Specifically, I wouldn't mind having it do this more for remote senders
and less for local senders. I just don't want local senders to see
this much (if at all).
thanks
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This Email Has Been Anti-Virus Scanned
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] filter question
However there is the stream_by_recipient option to allow user centric choices -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: 08 September 2005 19:34 To: mimedefang@lists.roaringpenguin.com Subject: RE: [Mimedefang] filter question David Koski wrote: > I'm looking for a filter to allow an opt-out per user using any type > of filtering (Or more in the case, I would prefer to allow the user > to opt-out of using SpamAssassin but not Clamav (But an example that > just allows the user to opt-out of any filter would be fine, gets me > started in the right direction)). I have a couple of system users > that I know we don't want to do any sort of Spam filtering on. Meh. There are certain deep and fundamental problems with this eminently natural feature request. That is to say, you have to accept the RCPT commands BEFORE you get to see the email message. And once you've seen the message, you have to accept it or reject it for ALL accepted recipients unilaterally. That's just how SMTP works. But what I do is... I reject (action_bounce) all viral email. Users don't have a choice to opt-out of virus protection. I tag all spam (add a header, tweak the subject.) Users are stuck with spam... I don't action_bounce it. But they can set up custom spam handling preferences on their Inbox. Users who don't get much spam just have it go into their Inbox, reducing the consequences of false positives. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Re: exiting the filter before any processing
Oops, Slightly Misread your requriment's there,
Yes you will need to enter each part of the filter and perform the IP check,
using something like
sub filter_end ($) {
return if message_rejected();
my($entity) = @_;
if ($ip=~ /x.x.x.x$/i){
append_text_boilerplate($entity,"Your Boilerplate", 0);
append_html_boilerplate($entity,"Your Boilerplate",
0);
return('CONTINUE',"ok");
}
# Carry on with spam checks av checks etc here
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Mack
Sent: Tuesday 06 September 2005 14:36
To: mimedefang@lists.roaringpenguin.com
Subject: [Mimedefang] Re: exiting the filter before any processing
return('ACCEPT_AND_NO_MORE_FILTERING',"ok");
That should throw you straight out and not do anymore processing
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rolf
Sent: Tuesday 06 September 2005 14:22
To: mimedefang@lists.roaringpenguin.com
Subject: [Mimedefang] Re: exiting the filter before any processing
hello
Yesterday I received several helpful responses to the question below. All
suggested using filter_relay to avoid further processing.
I have now discovered that what I was initially trying doesn't match what the
business wants. What is required is that some parts of the filter are to be
avoided based on the sending mail server:
If $RelayAddr is the address of the ISP mail server then processing continues
as usual. If, however, it is the address of the LAN mail server then spam,
attachments, size, and so on that the filter checks are all to be ignored, but
append_text_boilerplate() is to be applied.
I can easily apply the boilerplate routine to the right msgs, but I can't find
a simple way to ignore the rest of the processing for the same msg.
Is the only method to insert a collection of conditionals that avoid each of
the checks through each of the subroutines? Of the kind "if the relay address
is not from then LAN then do this virus/spam/mimetype check..."? Seems the only
way, and rather clumsy. Is there a better construct?
The man page says that the boilerplate routine is only available in filter_end
so it seems that any message wanting that kind of processing will at least need
to "enter" the filter in the first place.
Many thanks.
r.
From: Rolf <[EMAIL PROTECTED]>
Date: 5 September 2005 9:23:55 PM
To: mimedefang@lists.roaringpenguin.com
Subject: exiting the filter before any processing
hello
I've tried so many combinations and none work. Feeling a bit silly.
Where can I put in mimedefang-filter a statement so that the filter exits
before any processing happens based on $RelayAddr ??
I've tried a simple: return if ($RelayAddr eq "ip address"); in various parts
of the filter but none make any difference. Do I need such a statement in each
of the subroutines?
What am I missing and/or misunderstanding?
thanks
r.
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This Email Has Been Anti-Virus Scanned
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: exiting the filter before any processing
return('ACCEPT_AND_NO_MORE_FILTERING',"ok");
That should throw you straight out and not do anymore processing
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rolf
Sent: Tuesday 06 September 2005 14:22
To: mimedefang@lists.roaringpenguin.com
Subject: [Mimedefang] Re: exiting the filter before any processing
hello
Yesterday I received several helpful responses to the question below. All
suggested using filter_relay to avoid further processing.
I have now discovered that what I was initially trying doesn't match what the
business wants. What is required is that some parts of the filter are to be
avoided based on the sending mail server:
If $RelayAddr is the address of the ISP mail server then processing continues
as usual. If, however, it is the address of the LAN mail server then spam,
attachments, size, and so on that the filter checks are all to be ignored, but
append_text_boilerplate() is to be applied.
I can easily apply the boilerplate routine to the right msgs, but I can't find
a simple way to ignore the rest of the processing for the same msg.
Is the only method to insert a collection of conditionals that avoid each of
the checks through each of the subroutines? Of the kind "if the relay address
is not from then LAN then do this virus/spam/mimetype check..."? Seems the only
way, and rather clumsy. Is there a better construct?
The man page says that the boilerplate routine is only available in filter_end
so it seems that any message wanting that kind of processing will at least need
to "enter" the filter in the first place.
Many thanks.
r.
From: Rolf <[EMAIL PROTECTED]>
Date: 5 September 2005 9:23:55 PM
To: mimedefang@lists.roaringpenguin.com
Subject: exiting the filter before any processing
hello
I've tried so many combinations and none work. Feeling a bit silly.
Where can I put in mimedefang-filter a statement so that the filter exits
before any processing happens based on $RelayAddr ??
I've tried a simple: return if ($RelayAddr eq "ip address"); in various parts
of the filter but none make any difference. Do I need such a statement in each
of the subroutines?
What am I missing and/or misunderstanding?
thanks
r.
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] exiting the filter before any processing
in the mimedefang start script /etc/rc.d/init.d/mimedefang
uncomment the line
# MX_RELAY_CHECK=no
and change it to
MX_RELAY_CHECK=yes
to enable the filter relay, and here's the bit for the filter
sub filter_relay {
my ($ip, $name) = @_;
if ($name =~ /spammer\.com$/) {
return ('REJECT', "Sorry; spammer.com is blacklisted");
}
return ('CONTINUE', "ok");
}
as taken from
man mimedefang-filter
(a good place to read lol)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of alan
premselaar
Sent: Monday 05 September 2005 12:53
To: mimedefang@lists.roaringpenguin.com
Subject: Re: [Mimedefang] exiting the filter before any processing
Rolf wrote:
> hello
>
> I've tried so many combinations and none work. Feeling a bit silly.
>
> Where can I put in mimedefang-filter a statement so that the filter
> exits before any processing happens based on $RelayAddr ??
>
> I've tried a simple: return if ($RelayAddr eq "ip address"); in various
> parts of the filter but none make any difference. Do I need such a
> statement in each of the subroutines?
>
> What am I missing and/or misunderstanding?
>
Rolf,
I think you want to put something like this in filter_relay:
if ($RelayAddr eq 'ip address') {
return('ACCEPT_AND_NO_MORE_FILTERING', 'ok');
}
and you'll also need to make sure you're calling mimedefang with relay
checking turned on.
You should check the man pages for how to do this specifically as I
don't remember off the top of my head.
HTH
alan
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This Email Has Been Anti-Virus Scanned
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] exiting the filter before any processing
if ($ip=~ /x.x.x.x$/i){
return('CONTINUE',"ok");
}
should do it for you
or use
return('ACCEPT_AND_NO_MORE_FILTERING',"ok");
if you don't want to process any further
Cheers
Mack
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Rolf
Sent: Monday 05 September 2005 12:24
To: mimedefang@lists.roaringpenguin.com
Subject: [Mimedefang] exiting the filter before any processing
hello
I've tried so many combinations and none work. Feeling a bit silly.
Where can I put in mimedefang-filter a statement so that the filter
exits before any processing happens based on $RelayAddr ??
I've tried a simple: return if ($RelayAddr eq "ip address"); in
various parts of the filter but none make any difference. Do I need
such a statement in each of the subroutines?
What am I missing and/or misunderstanding?
thanks
r.
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This Email Has Been Anti-Virus Scanned
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Timeout reading a message
It's in the sendmail.cf on the milter lines -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jim Hatfield Sent: Friday 19 August 2005 10:43 To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] Timeout reading a message On Thu, 18 Aug 2005 17:54:09 +0100, in local.mimedefang you wrote: >On 18/08/05, Jim Hatfield <[EMAIL PROTECTED]> wrote: >> Is there anything I can do to let it through short of temporarily >> reconfiguring sendmail to not use the mimedefang milter? > >Try increasing the timeout from 1 minute to, say, 3 minutes. Where is this set? I presume in mimedefang.conf but strangely I can't find any reference to this file in the installed man pages. ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Anybody any ideas what's causing these errors ?
MD is actually doing quite a bit, Grey/White/Black per user not all emails are this size, some are larger, majority smaller File checking based on mimetype not extension there's ~2500 lines in mimedefang-filter It's processing about 25k mails a day on this particular cluster member Got 3 AV engines running oh and it's a Dual Xeon 3.6 with 2Gb ram running RHEL 4 on a Mirrored Scsi Raid -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rob MacGregor Sent: 04 August 2005 17:25 To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] Anybody any ideas what's causing these errors ? On 04/06/05, Mack <[EMAIL PROTECTED]> wrote: > the sendmail.cf line is > Xmimedefang, S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:5m;R:5m > > So i guess the timeouts there are 300s then which does match the 11:27:58 -> 11:32:58 exactly (coincidence that lol) > > I'll tweak those a little, but it does seem strange since the box wasn't what one would call excessively loaded at the time (only about 15 slaves busy) What have you got MD doing (and what virus scanners have you got), are all the emails of the same (or larger) size - in this case ~610 KB. Finally, what's the spec of the box? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Anybody any ideas what's causing these errors ?
the sendmail.cf line is Xmimedefang, S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:5m;R:5m So i guess the timeouts there are 300s then which does match the 11:27:58 -> 11:32:58 exactly (coincidence that lol) I'll tweak those a little, but it does seem strange since the box wasn't what one would call excessively loaded at the time (only about 15 slaves busy) Cheers Mack -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of James Ebright Sent: Thursday 04 August 2005 16:40 To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] Anybody any ideas what's causing these errors ? On Sat, 4 Jun 2005 16:27:20 +0100, Mack wrote > I keep seeing these every now and then, > > Aug 4 11:27:58 sendmail[21826]: j74APxYT021826: from=<[EMAIL > PROTECTED]>, > size=625444, class=0, nrcpts=1, > msgid=<[EMAIL PROTECTED]>, proto=ESMTP, > daemon=MTA, relay=[x.x.x.x] > Aug 4 11:28:11 mimedefang.pl[13083]: TC: Logging : 1.881722 > Aug 4 11:32:58 sendmail[21826]: j74APxYT021826: Milter > (mimedefang): timeout before data read > Aug 4 11:32:58 sendmail[21826]: j74APxYT021826: Milter > (mimedefang): to error state > Aug 4 11:32:58 sendmail[21826]: j74APxYT021826: Milter: data, > reject=451 4.3.2 Please try again later That is sendmail deciding it had not heard from the milter before one of the set timeouts in your milter definition (in your sendmial.mc file) expired. So at this point sendmail temp failed the message. Looks like MD was almost done with it at this point too if it was appending boiler-plate text... does it actually end up being delivered? (I suspect not once MD gets notice from sendmail it was temp failed or it was passed back to sendmial then dropped since it was tempfailed already, not sure which scenario but something like that). Tweaking your sendmail.mc file for your timeouts might help. See: http://www.mimedefang.org/kwiki/index.cgi?OptimizingMIMEDefang Jim -- EsisNet.com Webmail Client ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Slaves died prematurely
Just a thought, have you got more than one version of perl on there, as i've seen it sometimes where the running version is not the version that gets updated (ie 5.6 and 5.8 where 5.8 get's updated but 5.6 is used to run) try locate "MIME/Parser.pm" -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Eduardo Otubo Sent: Thursday 04 August 2005 16:50 To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] Slaves died prematurely ok, I added the flag [-l] at the multiplexor startup and configured my syslog.conf to log my multiplexor exits. and the error i found is strange. take a look: Aug 4 15:59:03 fefnet119 mimedefang-multiplexor[18851]: Slave 0 stderr: Can't locate object method "new" via package "MIME::Parser::ParanoidFiler" at /usr/bin/mimedefang.pl line 5254. after this line the errors are that the slaves died and so on bla bla bla. i went to the mimedefang.pl file, line 5254 and what I found is: my $filer = new MIME::Parser::ParanoidFiler($msgdir); what the fuck?!?!!?!??!?!?!!?!?!?! perhaps my perl must be updated this is the second thing that came to my mind (the first thing is above... :) ) David F. Skoll wrote: >Eduardo Otubo wrote: > > > >>i'm installing from an synaptic system no prerequisite is >>missing... >> >> > >You need to see WHY the slave is dying. > >You CANNOT see that unless you enable logging of slave's standard error >output from the multiplexor. If you're on Debian, that should >be enabled, I believe. But check the startup script to make sure it's >passing the -l option to mimedefang-multiplexor. > >Next, check your logs. You should see lines like: > >mimedefang-multiplexor[pid]: Slave x stderr: Some error message here... > >Without the above info, there is NO WAY to figure out your problem. > >Regards, > >David. >___ >Visit http://www.mimedefang.org and http://www.roaringpenguin.com >MIMEDefang mailing list >MIMEDefang@lists.roaringpenguin.com >http://lists.roaringpenguin.com/mailman/listinfo/mimedefang > > > ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Anybody any ideas what's causing these errors ?
I keep seeing these every now and then, Aug 4 11:27:58 sendmail[21826]: j74APxYT021826: from=<[EMAIL PROTECTED]>, size=625444, class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA, relay=[x.x.x.x] Aug 4 11:28:11 mimedefang.pl[13083]: TC: Logging : 1.881722 Aug 4 11:32:58 sendmail[21826]: j74APxYT021826: Milter (mimedefang): timeout before data read Aug 4 11:32:58 sendmail[21826]: j74APxYT021826: Milter (mimedefang): to error state Aug 4 11:32:58 sendmail[21826]: j74APxYT021826: Milter: data, reject=451 4.3.2 Please try again later Aug 4 11:33:30 mimedefang.pl[13083]: filter: j74APxYT021826: append_html_boilerplate=1 Aug 4 11:33:30 mimedefang[28593]: j74APxYT021826: smfi_chgheader returned MI_FAILURE Aug 4 11:33:30 mimedefang[28593]: j74APxYT021826: smfi_replacebody returned MI_FAILURE Aug 4 11:33:30 mimedefang[28593]: j74APxYT021826: smfi_addheader returned MI_FAILURE The mail appears to be rejected at line 3 of the logs, but processing seems to continue for said mail It seems to be on largish msgs, that it happens. Any ideas? - should i increase the timeouts , they are at 600secs atm (ie MX_BUSY=600), however, it would appear the time is around 270secs when it times out. TIA Mack ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Spamassassin Rules
I know it's prolly not the best place to ask, but since most ppl on this list use SA with MD, i guessed it would be a good place to ask for opinions !! :) Due to an increase or porno based spam, that scores 0 or close to with the most SARE rulesets and the SA default one, i'm guessing that the spammers are crafting their emails to bypass SA checking (ie sending them through default configs to see the scoring). I've written a set of rules that are single (or multi) word rules that pick on the sexually explicit content and score low, but enough of them score enough to tip it over the balance (since they tend to hit maybe 1 SARE rule) and start being detected. What do you guys/gals think? is that a bad move ? I've tried to make them the sort of words (or word combination) that isn't really used in generic email (eg who send's and email with the word 'pantyhose' in it these days!) I'd like your opinions pls :) Cheers Mack ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] log which virusscanner found a virus
try calling the message_contains_virus_ for each virus scanner you
have
eg
with filescan and sophos use
my $msgHasVirus=0;
my $msgVirusName="";
my($lclscanneronecode, $lclscanneronecategory, $lclscanneroneaction) =
message_contains_virus_filescan()
if ($lclscanneronecategory eq "virus")) {
$msgHasVirus=1;
$msgVirusName=$VirusName;
}
if ($msgHasVirus==0)
my($lclscannertwocode, $lclscannertwocategory, $lclscannertwoaction) =
message_contains_virus_sophos()
if ($lclscannertwocategoryeq "virus")) {
$msgHasVirus=1;
$msgVirusName=$VirusName;
}
}
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
Cormack, Ken
Sent: 23 June 2005 19:18
To: 'mimedefang@lists.roaringpenguin.com'
Subject: RE: [Mimedefang] log which virusscanner found a virus
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Possible solutions to more fairly treat each scanner:
> * randomize the order that message_contains_virus calls scanners
> * call all scanners for all messages - even if the first scanner found a
virus, call the others - and log all "find"s for each message_contains_virus
call
I have no interest in randomizing the order in which my different scanners
run. My concern was to use the fastest scanners first (those that are
already memory resident) before calling any externally-loaded binaries. As
shown, I am better able to justify to management the effectiveness of the
free scanners by showing a lower ROI for their investment in a commercial
scanner (all the while, imposing a lighter load on my systems, and yet still
giving management the "warm-fuzzy" that they get from running a
commercially-supported product - something they seem to find necessary in
this day of SCO lawsuits and legal shyness with regard to Open Source in
general.)
Ken
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This Email Has Been Anti-Virus Scanned
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Why multithreaded programming is tricky...
I've often wondered this, after applying a new spamassasin config, does it get reloaded on the slave restart ? Cheers Mack -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David F. Skoll Sent: 23 June 2005 19:02 To: mimedefang@lists.roaringpenguin.com Subject: [Mimedefang] Why multithreaded programming is tricky... This post on Bugtraq was interesting: http://www.securityfocus.com/archive/1/403195/30/0/ MIMEDefang's multiplexor design means we are completely immune to these kinds of attacks, because reloads happen in the perl slaves and not in the milter threads. Regards, David. ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Feature request: pass/warn/reject
However lol (there's always one of those!)
Just be aware of the following
Running graphdefang on a busy server will start causing probs, i used to run
it on an hourly cron, but when it was taking 15mins+ to run (and sending the
LA >30), i had to dump it for a MySQL based logging system and not really
use much of the md_syslog and md_graphdefang_log features.
Also haveing SQL based logs makes a nice easy reporting facility (can use
JPGraph with PHP for nice on the fly graphs) and can easily produce simple
reports very quickly
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Mack
Sent: 23 June 2005 18:36
To: mimedefang@lists.roaringpenguin.com
Subject: RE: [Mimedefang] Feature request: pass/warn/reject
What are you using to report with ?
since graphdefang has the following
['spam', 'probable_spam', 'virus', 'mail_in'] in it's config,
however MD only logs
md_graphdefang_log('spam', $hits, $RelayAddr);
if it is => than $req, (in the example filter of course!!!)
so logging
md_graphdefang_log('probable_spam', $hits, $RelayAddr);
if it is =>$maybe and <$req would be a quick easy answer
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Dale J.
Chatham
Sent: 23 June 2005 16:01
To: mimedefang@lists.roaringpenguin.com
Subject: [Mimedefang] Feature request: pass/warn/reject
I have been using MIMEDefang with SpamAssassin for several years and am
quite pleased with the product.
In every installation, I've been asked to divide incoming mail into
three categories:
1. Pass (probably not spam)
2. Warn (might be spam)
3. Fail (almost certainly spam)
Currently, MIMEDefang directly supports only two levels, pass/fail. It
would be nice if the above scenario were directly supported so that the
spamassassin reports and sa-mimedefang configuration contained the warn
and fail levels.
While I can code up (and have) in mimedefang-filter what is necessary to
make this happen, reports don't reflect the three states.
This would seem to be a no-brainer.
--
Carpe Noctem
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This Email Has Been Anti-Virus Scanned
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This Email Has Been Anti-Virus Scanned
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Feature request: pass/warn/reject
What are you using to report with ?
since graphdefang has the following
['spam', 'probable_spam', 'virus', 'mail_in'] in it's config,
however MD only logs
md_graphdefang_log('spam', $hits, $RelayAddr);
if it is => than $req, (in the example filter of course!!!)
so logging
md_graphdefang_log('probable_spam', $hits, $RelayAddr);
if it is =>$maybe and <$req would be a quick easy answer
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Dale J.
Chatham
Sent: 23 June 2005 16:01
To: mimedefang@lists.roaringpenguin.com
Subject: [Mimedefang] Feature request: pass/warn/reject
I have been using MIMEDefang with SpamAssassin for several years and am
quite pleased with the product.
In every installation, I've been asked to divide incoming mail into
three categories:
1. Pass (probably not spam)
2. Warn (might be spam)
3. Fail (almost certainly spam)
Currently, MIMEDefang directly supports only two levels, pass/fail. It
would be nice if the above scenario were directly supported so that the
spamassassin reports and sa-mimedefang configuration contained the warn
and fail levels.
While I can code up (and have) in mimedefang-filter what is necessary to
make this happen, reports don't reflect the three states.
This would seem to be a no-brainer.
--
Carpe Noctem
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This Email Has Been Anti-Virus Scanned
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang]localsocketname/var/spool/MIMEDefang/mimedefang.sock'unsafe
no, just saying i find it inconveniant to have stuff running under diff
accounts
when it's on a server with no user access..!!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
[EMAIL PROTECTED]
Sent: 11 June 2005 01:08
To: mimedefang@lists.roaringpenguin.com
Subject: RE:
[Mimedefang]localsocketname/var/spool/MIMEDefang/mimedefang.sock'unsafe
Mack wrote:
> Does everybody still run unix as a multi user system with lots of
> users ?
Hmmm... are you saying you disabled the "defang" and "smmsp" users? And
"nobody"?
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This Email Has Been Anti-Virus Scanned
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang]localsocketname/var/spool/MIMEDefang/mimedefang.sock'unsafe
} WTF is that doing with those permissions? That's the source of your This "WTF" is kinda rude. lol well it's more kinda funny, since personally i run the os with no access to any other user bar root. and if any other user is on the box then i've got a lot more to worry about than what they can do with the box lol since they are all in a DMZ anyway. Personally I prefer to run everything with all permissions as it saves a lot of hassle and time, and well if the box was to get compromised then regardless of what permissions i have on files, root access will not be far away for them i'm sure. Does everybody still run unix as a multi user system with lots of users ? Mack ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Offtopic Sendmail question - Accepting [EMAIL PROTECTED]
What is it actually doing with said emails ? is it delivering them to 1 user ? or is it dumping them to root or postmaster ? ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Offtopic Sendmail question - Accepting mail [EMAIL PROTECTED]
Sendmail will do this if you have the following in virtusertable @domain.com auser it will deliver all mail that can't be matched to any other rule to 'auser' -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Randy Johnson Sent: 06 June 2005 20:28 To: mimedefang@lists.roaringpenguin.com Subject: [Mimedefang] Offtopic Sendmail question - Accepting mail [EMAIL PROTECTED] Group - Recently, my Sendmail has began accepting email addressed to '[EMAIL PROTECTED]', where anyuser is truly ANY name, at my localdomain. I am uncertain why this is, nor where to look. Any ideas are appreciated ! Thanks ! ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] [Resolved] -x is adding Milter add: header: X-Scanned-By: MIMEDefang 2.52 on x.x.x.x ?
Ta, Will do and add it manually with action_add_header($hdr, $val) Thanks for the speedy response (do you ever sleep?? lol) Mack -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David F. Skoll Sent: 05 June 2005 23:12 To: mimedefang@lists.roaringpenguin.com Subject: ***SUSPECTED SPAM*** Re: [Mimedefang] -x is adding Milter add: header: X-Scanned-By: MIMEDefang 2.52 on x.x.x.x ? Mack wrote: > DOH it's in the changelog notes > 2004-10-26 David F. Skoll <[EMAIL PROTECTED]> > * Version 2.46-BETA-1 released. > * mimedefang.c: Add IP address of scanning host to X-Scanned-By: > header. > Can we have a switch for it? You can use -X, which completely disables the X-Scanned-By: header. Regards, David. ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] -x is adding Milter add: header: X-Scanned-By: MIMEDefang 2.52 on x.x.x.x ?
DOH it's in the changelog notes
2004-10-26 David F. Skoll <[EMAIL PROTECTED]>
* Version 2.46-BETA-1 released.
* mimedefang.c: Add IP address of scanning host to X-Scanned-By:
header.
Can we have a switch for it? maybe at compile time to disable it, as it's a
great way of giving out ip addressess that you may not want to (eg my natted
IP's)??
I guess for now, it's a patch and re-compile (gonna have to remember all
these changes lol!)
Cheers
Mack
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Mack
Sent: 05 June 2005 22:38
To: mimedefang@lists.roaringpenguin.com
Subject: ***SUSPECTED SPAM*** [Mimedefang] -x is adding Milter add:
header: X-Scanned-By: MIMEDefang 2.52 on x.x.x.x ?
having upgraded to mimedefang 2.52 on a new build box with my old milter
(after changing it)
no matter what i change the -x to in the start script, it always puts 'on
x.x.x.x' after it,
I've never seen this before, and a quick look through the mimedefang.c gives
me this (in FUNCTION: eom)
if (scan_body && *scan_body) {
if (data->myip) {
snprintf(buffer, SMALLBUF, "%s on %s", scan_body, data->myip);
buffer[SMALLBUF-1] = 0;
MD_SMFI_TRY(smfi_addheader, (ctx, "X-Scanned-By", buffer));
} else {
MD_SMFI_TRY(smfi_addheader, (ctx, "X-Scanned-By", scan_body));
}
}
Now I'm guessing the reason is because i'm using ipvsadm (IP Virtual Server)
as part of my load balancing, and the ip address of the machine is not
really the ip address that sendmail is seeing (and of course i don't want
these IP addressess passed out globaly)
Is my only option to patch the mimedefang.c and remove the check ? ie
if (scan_body && *scan_body) {
MD_SMFI_TRY(smfi_addheader, (ctx, "X-Scanned-By", scan_body));
}
or is there another way of doing it ?
Cheers
Mack
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This Email Has Been Anti-Virus Scanned
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] -x is adding Milter add: header: X-Scanned-By: MIMEDefang 2.52 on x.x.x.x ?
having upgraded to mimedefang 2.52 on a new build box with my old milter
(after changing it)
no matter what i change the -x to in the start script, it always puts 'on
x.x.x.x' after it,
I've never seen this before, and a quick look through the mimedefang.c gives
me this (in FUNCTION: eom)
if (scan_body && *scan_body) {
if (data->myip) {
snprintf(buffer, SMALLBUF, "%s on %s", scan_body, data->myip);
buffer[SMALLBUF-1] = 0;
MD_SMFI_TRY(smfi_addheader, (ctx, "X-Scanned-By", buffer));
} else {
MD_SMFI_TRY(smfi_addheader, (ctx, "X-Scanned-By", scan_body));
}
}
Now I'm guessing the reason is because i'm using ipvsadm (IP Virtual Server)
as part of my load balancing, and the ip address of the machine is not
really the ip address that sendmail is seeing (and of course i don't want
these IP addressess passed out globaly)
Is my only option to patch the mimedefang.c and remove the check ? ie
if (scan_body && *scan_body) {
MD_SMFI_TRY(smfi_addheader, (ctx, "X-Scanned-By", scan_body));
}
or is there another way of doing it ?
Cheers
Mack
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Boilerplate Not Being Added when Mime Part Dropped ?
When a part is dropped in filter, although in filter end the append_boilerplate is executed, the boilerplate does not get added to the mail. I haven't tested if this is true in filter_multipart yet. I did send an email to the list ages ago asking this, but nobody replied lol TIA Mack ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Using Stream_by_recipient
hmm, i think i may have resolved it, Using RHEL4 and the supplied submit.cf doesn't seem to behave the same way that redhat 9 did. ( it now submits via localhost and thus gets checked by by filter and not just delivered as it was) Sendmail Version 8.13.1 btw. I've installed a RH9 version and it seems to be working now. Not exactly sure what happened. Maybe it's because RHEL is moving more towards postfix. Cheers anyway Mack -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David F. Skoll Sent: 06 May 2005 17:31 To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] Using Stream_by_recipient alan premselaar wrote: > I don't personally use stream_by_recipient, but if I'm not mistaken, > when the mail gets requeued, it's queued from localhost. That's true with sendmail 8.12 and newer. If you're running sendmail 8.11, don't use stream_by_recipient - it won't work properly. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] subscribe
___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Using Stream_by_recipient
When i stream by recipient, the email get's discarded and resent to each recipient as expected, however the new email doesn't pass through mimedefang (specifically filter begin/part/end). This results in not being virus chk/spam chk/boilerplated. It just seems to get sent directly from the queue and not pass back through mimedefang. I've tried alsorts, but have not been able to resolve this one. Somebody must know what i'm doing wrong lol TIA Mack ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MySQL Greylisting - server has gone away
I've seen this, and it would appear that the perl DBD drops the connection, but
still thinks it's alive and throws an error.
I ended up re-creating the connection (which is a pain) at the start of every
function. it does stop prepped sql statements etc. but does resolve the issue.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Paul
Murphy
Sent: Friday 08 April 2005 11:12
To: mimedefang@lists.roaringpenguin.com
Subject: [Mimedefang] MySQL Greylisting - server has gone away
Hi,
I've been getting problems with my filter dropping its MySQL connection
occasionally, which means that incoming mail fails during the greylist check -
effectively, it is forced to try again, since the Sendmail session sends
"reject=451 4.7.1 Please try again later" as a result of the slave dying.
I vaguely remember someone else commenting on this previously, but with no
resolution.
Having looked into it again in more detail, I've discovered what appears to be
an interesting correlation. We reap our slaves after 200 requests are
processed, which for us means that each slave runs for 8-14 hours of real time
as our volumes are low. What appears to be happening is that the normal reap of
one slave causes a different slave to lose its database connection. The
attached log extract showing slave events provides some support for this,
although the time between reap of slave A and death of slave B is highly
dependent on mail volume. The greylisting code is also attached for info.
My theory is that the cleanup code for reaping a slave is somehow taking out the
wrong database connection handle. Does this make sense? We initialise the
connection in filter_initialize:
sub filter_initialize()
{
require ("/etc/mail/greylist-msql/mimedefang-filter-greylist");
}
However, we don't drop the connection in a filter_cleanup() call, assuming that
Perl will take care of that for us. Is this part of the problem?
We are using MD 2.43 (yes, I know I should upgrade), with embedded Perl 5.8.4,
on Debian.
Best Wishes,
Paul.
__
Paul Murphy
Head of Informatics
Ionix Pharmaceuticals Ltd
418 Science Park, Cambridge, CB4 0PA
Tel. 01223 433741
Fax. 01223 433788
___
DISCLAIMER:
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to which they
are addressed. If you have received this email in error please contact
the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741
___
This Email Has Been Anti-Virus Scanned
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Mime Part Removal and then entire quarantine.
I wish i had that as an option, but since it could be a word document etc(that
may be needed), it's not a choice.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday 30 March 2005 17:12
To: mimedefang@lists.roaringpenguin.com
Subject: RE: [Mimedefang] Mime Part Removal and then entire quarantine.
Mack wrote:
> If you remove a mime part (say a virus) and then a later check (spam
> scoring) scores the remaining parts of the email high enough to
> require quarantining, then the original email (complete with said
> virus) is quarantined.
>
> I'm using action_quarantine_entire_message(); I guess I need to save
> the modified version of said email and not the original? anybody got
> any ideas?
I avoid this issue - if I find a virus, I reject the email altogether.
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This Email Has Been Anti-Virus Scanned
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Mime Part Removal and then entire quarantine.
If you remove a mime part (say a virus) and then a later check (spam scoring) scores the remaining parts of the email high enough to require quarantining, then the original email (complete with said virus) is quarantined. I'm using action_quarantine_entire_message(); I guess I need to save the modified version of said email and not the original? anybody got any ideas? cheers Mack ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] How can I get just the domain from $sender
oh and while i think about it, beware of < > around the email address
my $newsender=$Sender;
$newsender =~ s///gi;
my ($sendusername, $senddomain) = split('@', $Sender);
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Mack
Sent: Tuesday 22 February 2005 15:57
To: mimedefang@lists.roaringpenguin.com
Subject: RE: [Mimedefang] How can I get just the domain from $sender
my ($sendusername, $senddomain) = split('@', $Sender);
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
Jonathan Maliepaard
Sent: Tuesday 22 February 2005 15:53
To: mimedefang@lists.roaringpenguin.com
Subject: [Mimedefang] How can I get just the domain from $sender
Hi
Apologies up front for my sad lack of perl, I am sure this is a trivial
request.
I have to add a disclaimer as an attachment to all outgoing emails on my
server. I managed to do this but the disclaimer is added to all mail (in
and out)
I want to be able to add the disclaimer only if the domain = abc.com I
can get the whole mail address from $sender but I do not know how to use
perl to strip just the domain from this. Or is there another way?
If someone can give me an example on how to test for the domain then use
that variable in some kind of if-then-else statement to add the
disclaimer it would be most appreciated.
I have the example from the manual:
sub filter_end {
my($entity) = @_;
# If we have both plain-text and HTML, nuke the HTML
remove_redundant_html_parts($entity);
# Sigh... lawyers insist on this
if (message_is_outgoing()) {
append_text_boilerplate($entity,'Silly legal boilerplate', 0);
append_html_boilerplate($entity,'Silly legal
boilerplate', 0);
}
}
I need help with the "message_is_outgoing" definition please
Thanks
Jon.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This Email Has Been Anti-Virus Scanned
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This Email Has Been Anti-Virus Scanned
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] How can I get just the domain from $sender
my ($sendusername, $senddomain) = split('@', $Sender);
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
Jonathan Maliepaard
Sent: Tuesday 22 February 2005 15:53
To: mimedefang@lists.roaringpenguin.com
Subject: [Mimedefang] How can I get just the domain from $sender
Hi
Apologies up front for my sad lack of perl, I am sure this is a trivial
request.
I have to add a disclaimer as an attachment to all outgoing emails on my
server. I managed to do this but the disclaimer is added to all mail (in
and out)
I want to be able to add the disclaimer only if the domain = abc.com I
can get the whole mail address from $sender but I do not know how to use
perl to strip just the domain from this. Or is there another way?
If someone can give me an example on how to test for the domain then use
that variable in some kind of if-then-else statement to add the
disclaimer it would be most appreciated.
I have the example from the manual:
sub filter_end {
my($entity) = @_;
# If we have both plain-text and HTML, nuke the HTML
remove_redundant_html_parts($entity);
# Sigh... lawyers insist on this
if (message_is_outgoing()) {
append_text_boilerplate($entity,'Silly legal boilerplate', 0);
append_html_boilerplate($entity,'Silly legal
boilerplate', 0);
}
}
I need help with the "message_is_outgoing" definition please
Thanks
Jon.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This Email Has Been Anti-Virus Scanned
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Quarantining msg, modifications not being saved
Hi all,
I'm trying to get the quarantining working properly, I have no problems getting
the msg saved, but any modifications
are lost, eg X-scanned-by, X-Spam-Score headers and the boilerplate
The code i'm using in filter end is
if ($domboilerplateenabled==1){
if ($domboilerplatelocation==0){
append_text_boilerplate_at_start($entity,"$domboilerplatetext", 0);
append_html_boilerplate_at_start($entity,"$domboilerplatehtml", 0);
}else{
append_text_boilerplate($entity,"$domboilerplatetext", 0);
append_html_boilerplate($entity,"$domboilerplatehtml", 0);
}
}
action_quarantine_entire_message();
Which happily saves the message, but the boilerplate is not added.
(checking the ENTIRE_MESSAGE file in the dir does not have modifications either)
when i release it with
sendmail -oi -Am -f `cat SENDER` `cat RECIPIENTS` < ENTIRE_MESSAGE
the message is not reprocessed through MD but released straight out
I guess i'm missing summit that will rebuild the message before quarantine?
TIA
Mack
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] case of multiple virus scanners running
Interesting question... Has made me think I currently have the system set for different modes of operation depending on certain factors "drop entire" or "drop part" in the drop entire, I scan the msg in filter_begin, and drop it if it contains a virus in drop part, I scan the msg in filter_begin to see if it contains a virus, (make a note if it's clean or not) If it's not clean i then scan each individual part so i can drop the offending part (reason for doing this is that scanning every part of every msg uses a lot of resources and takes more time with 3 virus engines running) if it's marked as clean by the filter_begin scan I don't bother scanning the individual parts. Am i likely to let anything slip through by doing this ? or is there a better way of doing it ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David F. Skoll Sent: Wednesday 16 February 2005 12:23 To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] case of multiple virus scanners running On Tue, 15 Feb 2005, Keith Patton wrote: > Am I right to assume that if a mail message contains multiple > attachments that mimedefang could spawn off a virus scan for each > attachment? Not unless you do that deliberately in your filter. And even so, they'd be sequential scans, not parallel ones. -- David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] WishList Item
can the append append_text_boilerplate($entity,"$domboilerplatetext", 0); append_html_boilerplate($entity,"$domboilerplatehtml", 0); Have an extra paramater added to specify Top/Bottom , as more companies are now requesting the boilerplate at the top I've modified my mimedefang.pl to do this, but would be nice to get it in the main version (saves me having to patch patches) Cheers Mack ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] append_text_boilerplate
it's html so
"mydisclaimer
will put the line in
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Mark
Penkower
Sent: Tuesday 09 November 2004 15:12
To: [EMAIL PROTECTED]
Subject: [Mimedefang] append_text_boilerplate
I am using Mimedefang 2.39. I need some help with append_text_boilerplate
and append_html_boilerplate.
I have a few issues.
I only want this to append the text to outgoing messages - not incoming
messages. How do i accomplish this.
The code is part of sub filter_end {
Also, for append_text_boilerplate, I have a "\nmydisclaimer - This adds a
line before mydisclaimer
Where do I put the \n for the
ppend_html_boilerplate. Having "\nmydisclaimer does not insert
the new line before mydisclaimer. Where do I put it?
Thanks
Mark Penkower
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
This Email Has Been Anti-Virus Scanned
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Can the following be done ?? (append boilerplate at start)
Has anybody modified the append_text/html_boilerplate routines to append the
boilerplate at the start of the section, not at the end,
ie after the tag or at the start of the text/plain part?
Also, the boilerplate doesn't seem to get applied if you drop a mime part in the
filter routine using
return action_drop_with_warning("$warningstring");
Cheers
Mack
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
