Re: [Mimedefang] Overcoming RPM stupidity
On Tue, Dec 19, 2006 at 09:21:44PM -0500, Jeff Rife wrote:
On 19 Dec 2006 at 22:09, Michael Lang wrote:
On Tue, Dec 19, 2006 at 12:57:03PM -0600, Richard Laager wrote:
On Sun, 2006-12-17 at 20:46 -0500, Jeff Rife wrote:
In the Fedora 6 RPM for MIMEDefang, mimedefang.pl was created using no
Well, the bug has been reported and the solution they came up with to
add perl-Unix-Syslog to the requirements for mimedefang...which will
mean that anybody who for some reason wants to use Sys::Syslog can't.
It's the exact opposite of my problem, but I don't suppose anybody else
will notice.
I probably wouldn't have cared if my edits to mimedefang.pl hadn't been
silently overwritten.
that will happen again aslong as you dont follow the guides of RPM :)
the config files in the Spec of Davids RPM are the correct ones to add
your own modification without getting them overwritten next update, BUT
you also need to take care for your own if function layout changes, or new
functions get introduced ...
%config(noreplace) /etc/mail/mimedefang-filter
%config(noreplace) /etc/mail/sa-mimedefang.cf
%config(noreplace) /etc/mail/sa-mimedefang.cf.example
%config(noreplace) /etc/sysconfig/%{name}
for my side i only modifyed less as possible in the original files and added a
require('myfilter.pl') the mimedefang-filter file. I overwrite there the
functions
i need or add additional ones ...
Doing mystic things in %post and so isnt a good
idea cause, you may shoot some dependencies used by other packages
(conflicts
with Unix::Syslog) or there's maybe no Network connectivity to CPAN
mirrors, ...
Well, you could just build the package with and without Unix::Syslog
available and diff all the files. Then, when you find the one file
that is changed is mimedefang.pl, you can have %post do a patch *if* a
perl script finds that Unix::Syslog is installed on the system.
Of course, if RPM had a more flexible requirements syntax, you could
have things like optional requirements or pick one of (as this is).
hmm thats not what i meant ... currently you have two packages for mimedefang
from
the default spec. If David or someone seperates the logfunctions into an
additional
Script and uses a require to add this function it would be possible to handle
it the
same way as i do with the filter itself. The Spec whould then build
mimedefang (Core)
mimedefang-contrib (contrib)
mimedefang-modules (Sys::Syslog)
you could then build a
mimedefang-modules-unix-syslog
adding your Syslog functionality and simple replace the provided with your own.
Greetz mIke
--
Jeff Rife | This? This is ice. This is what happens to
| water when it gets too cold. This? This is
| Kent. This is what happens to people when
| they get too sexually frustrated.
| -- Chris Knight, Real Genius
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
pgpMEcQGWgzbU.pgp
Description: PGP signature
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Overcoming RPM stupidity
On Wed, Dec 20, 2006 at 07:39:51AM -0600, Les Mikesell wrote:
Michael Lang wrote:
%config(noreplace) /etc/mail/mimedefang-filter
%config(noreplace) /etc/mail/sa-mimedefang.cf
%config(noreplace) /etc/mail/sa-mimedefang.cf.example
%config(noreplace) /etc/sysconfig/%{name}
for my side i only modifyed less as possible in the original files and
added a
require('myfilter.pl') the mimedefang-filter file. I overwrite there the
functions
i need or add additional ones ...
The RedHat way of thinking would probably put the user-configurable
piece in something like /etc/sysconfig/mimedefang-filter.pl and have
the base system version include that. Then at some unspecified time
in the future, a GUI tool might appear to help edit that file.
they do ... your /etc/sysconfig/mimedefang file tells which filter file
to use ... but the main problem was that even the filter itself should
not be overwritten as declared in the specfile, so the changes where
made to /usr/bin/mimedefang.pl i suppose which was replace by the
update.
Greetz mIke
--
Les Mikesell
[EMAIL PROTECTED]
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
pgpac60An8pXZ.pgp
Description: PGP signature
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Overcoming RPM stupidity
On Tue, Dec 19, 2006 at 12:57:03PM -0600, Richard Laager wrote:
On Sun, 2006-12-17 at 20:46 -0500, Jeff Rife wrote:
In the Fedora 6 RPM for MIMEDefang, mimedefang.pl was created using no
Features at all. For most of them, this isn't a big deal, as I can
put $Features{'whatever'} = 1 in mimedefang-filter and it works.
But, this isn't true for Unix::Syslog (or at least I haven't found a
way to overcome it).
I've been following the rest of this thread, but seriously, the subject
captures the problem. The Fedora 6 MIMEDefang RPM has a bug. Report it
to the Fedora people to get a fixed RPM. If you need a faster solution,
fix the RPM yourself and install that, then send them the patch.
that depends on what you define as a bug ... if there's a modular setup for
the script an using Sys::Syslog is legal and okay it's not a bug.
AFAIK the Fedora guys build there RPMs using Plague, which i think is the
best way to build and provide RPMS to a big community. So if the SPEC file
doesnt say something different than *you need Unix::Syslog* the build will
complete without a problem. Doing mystic things in %post and so isnt a good
idea cause, you may shoot some dependencies used by other packages (conflicts
with Unix::Syslog) or there's maybe no Network connectivity to CPAN mirrors, ...
one thing you could do is to seperate the Syslog part from the filter, putting
just a wrapper into the code and deploying a default mimdefang-syslog module
which handles the real implemtation (for default installs Sys::syslog) and then
a second RPM can be build deploying Unix::Syslog as backend deployment which
would
have the perl-Unix-Syslog dependency and everyone should live happy until ...
just my 5 cents
Any workarounds in the filter are going to be hacky. I think David's on
the right track trying to have MIMEDefang detect them at run-time, but
unless and until that happens, fixing the RPM is the right course of
action here.
Richard
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
pgpLHx03CAAXN.pgp
Description: PGP signature
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Greylisting - Too many open connections
On Fri, 2006-11-03 at 13:38 +, Carlton Thomas wrote: Hi, I have implemented greylisting in Mimedefang and all works well until the mail server gets very busy. When it gets busy there is a rapid increase in the number of Mimedefang, Sendmail and MySql processes. When the sendmail connections are examined, most of them are in the RCPT TO state, and they just hang around in that state for a long time. I am assuming that this is happening because sendmail has rejected the message but the client is still holding the connection open, either to attempt immediate retries or because it does not understand the TEMPFAIL. The call to the greylisting code is made in Filter_Recipient as per recommendations from various messages to this list. I have also searched the list archive to see whether others have had this problem but found only a couple of related posts but no solutions. Has anybody else managed to get sendmail to terminate the connection when a message is tempfailed from within the filter_recipient routine? If that is not possible, what have others been doing to get rid of the connection in order to minimise the number of active sendmail processes? I did see a message in which someone stated that tempfailing a message with the 421 code would cause sendmail to terminate the active connection. I have tried that but it does not seem to work for me and I have also seen others saying that it is not possible for a milter to force sendmail to terminate a connection. Any help or guidance on this subject woul be most appreciated. Hi Carlton, it's not possible to terminate the connection in filter_recipient, it has been on the list before (if you want to get in details), but try using sendmails connection handling/throttle in sendmail.mc define(`confBAD_RCPT_THROTTLE', `2')dnl define(`confCONNECTION_RATE_THROTTLE', `5')dnl FEATURE(`ratecontrol', `nodelay')dnl in access file # conns/timeunit ClientRate:127.0.0.10 # internalClients ClientRate:192.168.0.0 5 # default handling ClientRate: 2 # conns/total ClientConn:127.0.0.10 # internalClients ClientConn:192.168.0.0 5 # default handling ClientConn: 2 this settings can help you manage a large number of same/different Client connections to your MTA but will not help you getting the processes down, so maybe moving the SQL processes to another machine might be helpful too. Kind regards Michael Lang Regards ! -- Carlton = GIFFORD INTERNET SERVICES Bristol, United Kingdom Tel: 0845 868 2245 Fax: 0845 004 6843 Email: [EMAIL PROTECTED] = ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang -- Michael Lang [EMAIL PROTECTED] ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] IPrange based Filter checks, need help to get the point ...
Hi, i need your help to get my light on again ... i started switching my Mail Infrastructure to XEN, previously i noticed that when my one MTA send the other MTA (both XEN same LAN) no filter gets applied. (except Filtertime Logentry :) Okay in a different view this makes sence but isnt wanted ... i didnt find an entry in the manpages which states that same LanSegments dont get filters applied (its RFC1918 192.168 and 127.0.0.1 too). Remote Machines (different LanSegments) get filter applied like since ever. where do i miss the point ? or can it be a sendmail specific problem ? i'm using Srv_Feature,Conn/Rate Limits (Feature delay_checks) thanks for any hint Kind regards Michael Lang -- Michael Lang [EMAIL PROTECTED] ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Retrieving SMTP AUTH info
On Fri, 2006-08-11 at 12:36 +0100, Dan Massey wrote:
Hi All
I am trying to retrieve the SMTP AUTH info from within the mimedefang-filter
program, this is for custom logging and detecting violations of our SMTP
AUTH policy with customers. I can get the sendmail message id with the
$MsgID, but cannot find the SMTP AUTH. Can anybody help?
i think the one you might be missing
read_commands_file();
after the command you can use
$SendmailMacros{'auth_authen'}
Thanks in advance
Dan
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
--
Michael Lang [EMAIL PROTECTED]
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Non-routable addresses in HELO
On Mon, 2006-07-10 at 09:17 -0500, Jim McCullars wrote:
On Sun, 9 Jul 2006, Dirk the Daring wrote:
Obviously, if I have sending hosts on my network that really did have
non-routable addresses, this would be a possible problem (altho the simple
I just reject when someone sends an IP address as a HELO, and it is not
their actual IP address. In filter_sender():
i remember an exploit with negative Integers as helo name ... and as RFC
821 states
This command is used to identify the sender-SMTP to the
receiver-SMTP. The argument field contains the host name of
the sender-SMTP.
it should be the hostname of the remote MTA, so everthing in
/^[a-z0-9\-\.]+/i would be valid, so if you want to be restrictive implement
a FULL FQDN check for the helo, extending to prevent Spam/Virus Senders from
abusing you MTA, you could add SPF checking and DUL strings in reverse FQDN as
helo Strings are modifyable from within the Virus/Trojan. (I've already seen
Zombie PC's
sending Messages periodicaly after 10 minutes to get passed greylisting.
but maybe it's easier to setup secured communication Channels with your MTA
Peers ?
like 'DENY ALL, ALLOW FROM ...' ;)
Greetz mIke
try adding these filter to your config but do logging only ;)
sub filter_recipient{
...
if (check_dul($RealRelayHostname)) {
md_syslog('warning', check_dul($RealRelayHostname));
}
...
}
...
sub check_dul($){
my $reverseFQDN = $_[0];
md_syslog('warning', Checking for MTAname $reverseFQDN);
if ($reverseFQDN =~
/\d{1,3}[\.\-]\d{1,3}(|(\d{1,3}[\.\-]\d{1,3})|[\.\-]\d{1,3})/) {
return ('TEMP', $reverseFQDN DUL like syntax);
} elsif ($reverseFQDN =~
/\d{1,3}[\.\-]\d{1,3}[\.\-]\d{1,3}(|[\.\-]\d{1,3})/) {
return ('TEMP', $reverseFQDN DUL like syntax);
} elsif ($reverseFQDN =~
/(xsdl|adsl|pool|dial(in|up|-in|-up)|dynamic)/i) {
return ('TEMP', $reverseFQDN DUL like syntax);
} else {return;}
}
if ($helo =~ /^\d+\.\d+\.\d+\.\d+$/) { # looks like an IP
if ($helo ne $ip) {
return('REJECT', IP address $ip doesn't match helo string $helo);
}
}
This is fairly effective, I grepped my syslog file on one of two email
relays and since last Friday it stopped over 5000 email attempts. It has
the added effect of stopping those who use *my* IP address as the HELO
string.
HTH...
Jim McCullars
University of Alabama in Huntsville
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
--
Michael Lang [EMAIL PROTECTED]
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Non-routable addresses in HELO
On Mon, 2006-07-10 at 10:26 -0700, John Rudd wrote: On Jul 10, 2006, at 7:57 AM, Michael Lang wrote: If you're going to be a stickler about what the RFC says, in what you require about the sender, then it's probably a good idea to be a stickler about the RFC in how your server operates as well. Specifically, you may not refuse the message based upon the HELO argument. uupps .. maybe i pointed out this one, the wrong way ... what i meant was that, putting in your filter (oct.oct.oct.oct) today and tomorror the next, doesn't make sense. It's the wrong way of 'ALLOW ALL, DENY ...' My point being: Seems rather hypocritical to complain about the lack of merits of the client based upon lack of RFC compliance ... while advocating lack of RFC compliance in your server. in my filter RFC ignorant client Mails get additional SpamScore added, but as written above, i pointed it out wrong ... Kind regards Michael Lang ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang -- Michael Lang [EMAIL PROTECTED] ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] $Sender without '' and ''
On Wed, 2006-07-05 at 08:14 +0200, Steffen Kaiser wrote: On Wed, 5 Jul 2006, Oliver Schulze L. wrote: when you check man mimedefang-filter, you'll find such sentence in the context of mail addresses: The address may or may not be surrounded by angle brackets. (This one is from the paragraphe filter_sender is passed four arguments:). additional to 'is this ok' you should never trust the Data you get supplyed by anyone :) Kind regards Michael Lang Bye, -- Michael Lang [EMAIL PROTECTED] ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] no filtering happening, no errors to be seen - how to troubleshoot?
On Thu, 2006-06-29 at 16:54 +0200, Michael Lang wrote: On Wed, 2006-06-28 at 12:35 +0200, Steffen Kaiser wrote: ... the Filters are working correctly after the restart (spam gets classifed, headers get inserted, ... ) but thanks for taking a look, i know that's not a good problem description, but if i would have more informations it wouldnt be a problem :) maybe i can get a trace of the slaves next time it apears. as i can say, the mail gets stuffed into the Workdir, get's scanned by the Virus Scanner, and nothing more ... there's no Error from the Scanner (not in the Logs and not in the Trace) and the Scanner is accessable from commandline (clamdscan) and last but not least,restarting Mimedefang works ... *grml* as i'm not allowed to send plain/text attachments to the list :) 554 5.7.1 Message rejected because of unacceptable content. For help, please quote incident ID 78405. i post the link to the trace file http://www.jackal-net.at/mimedefang-notworking.txt Kind regards Michael Lang Kind regards Michael Lang Bye, -- Michael Lang [EMAIL PROTECTED] ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] no filtering happening, no errors to be seen - how to troubleshoot?
On Wed, 2006-06-28 at 12:35 +0200, Steffen Kaiser wrote: On Wed, 28 Jun 2006, Michael Lang wrote: On Wed, 2006-06-28 at 09:46 +0200, Steffen Kaiser wrote: 1) E.g.: use md_syslog() in all your filter_* functions to log the information you care about in your filter. 2) Put a new header in your mail. BTW: Did you checked for the X-Scanned-By header in the mail? Are your multiplexor running with the correct settings? X-Scanned-By gets inserted but nothing else, no additional Headers (and the should be inserted on every mail) No Error in the Logs, looks like just exiting immediatly When you see the X-Scanned-By header (and the contents points toward MIMEDefang), MIMEDefang seems to work ;-) So, did you put md_syslog()'s into the particular functions? Did you added a new header _unconditionally_, e.g. in sub filter_begin()? yes, i change the SA User from MailAddress to an Uid what gets logged by 'md_syslog' Just to guess, did you modified /etc/mail/mimedefang-filter at all? yes, and everything works find for an uncounted period of time. restarting mimedefang as solution works, but isnt nice ... What do you mean with this sentence? What is working after restart? imean, that's not the it should be :) the Filters are working correctly after the restart (spam gets classifed, headers get inserted, ... ) but thanks for taking a look, i know that's not a good problem description, but if i would have more informations it wouldnt be a problem :) maybe i can get a trace of the slaves next time it apears. Kind regards Michael Lang Bye, -- Michael Lang [EMAIL PROTECTED] ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Two Subject lines in header
On Thu, 2006-06-29 at 09:04 -0600, Chris Carey wrote: I received a spam message today that the subject line was not tagged. Investigating the header I found why. Subject was specified twice. MIMEDefang only modifed the first Subject line. MIMEDefang modified the *first* subject with [spam 15 hits], but the second remained unchanged. Mozilla Thunderbird chose to use the second unchanged subject line as the one to show. Having Subject twice in the email headers seems to be a way to get spam to arrive in someones inbox without client-side rules catching it.. So the obvious question - How to have MIMEDefang catch when Subject is specified twice (or more) in the header? so thats why you should never trust your input data. how to prevent ? remove existing X-Spam headers input your X-Spam header (Yes/No/Score...) filter on these lines ;) Kind regards Michael Lang -- Chris Carey ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang -- Michael Lang [EMAIL PROTECTED] ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] no filtering happening, no errors to be seen - how to troubleshoot?
On Wed, 2006-06-28 at 09:46 +0200, Steffen Kaiser wrote: On Tue, 27 Jun 2006, Kitione Lalakomacoi wrote: thanks for the reply. relaying and reception is not an issue, i recieve all e-mail (actually wish i wasn't, at least something would be happening). i saw the same behavior here, Did you checked if MIMEDefang is called at all? 1) E.g.: use md_syslog() in all your filter_* functions to log the information you care about in your filter. 2) Put a new header in your mail. BTW: Did you checked for the X-Scanned-By header in the mail? Are your multiplexor running with the correct settings? X-Scanned-By gets inserted but nothing else, no additional Headers (and the should be inserted on every mail) No Error in the Logs, looks like just exiting immediatly restarting mimedefang as solution works, but isnt nice ... Kind regards Michael Lang Bye, -- Michael Lang [EMAIL PROTECTED] ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] BitDefender load average woes
[EMAIL PROTECTED] schrieb:
I'm running BitDefender and ClamAV virus scanners through MIMEDefang.
All of a sudden BitDefender started consuming a huge amount of CPU. My load
average shot up from under 1 to between 6 and 15.
Hi Matthew,
can you 'reproduce' this behavior ?
I've seen an even more strange CPU/Memory consuming *feature* from
Kaspersky with all currently Scanners
available which triggers your Machine into death. (5-10 Mails of 1.6MB
size required)
This DOS wasnt taken seriously from Kaspersky neither other 'Security
related' sites. Its a tiking boomb waiting there.
look for mails which cause such behavior, i will try the Kaspersky DOS
on BitDefender as soon as i get time...
Kind regards
Michael Lang
This happened on two servers simultaneously.
I disabled BitDefender (delete $Features{Virus:BDC}) and the problems went
away.
Is anyone else having this problem?
$ bdc --info
BDC/Linux-Console v7.1 (build 2559) (i386) (Jul 6 2005 16:28:53)
Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved.
Engine signatures: 370654
Scan engines: 13
Archive engines: 39
Unpack engines: 4
Mail engines: 6
System engines: 0
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang and mailman
On Mon, 2006-02-20 at 17:22 +1030, Daniel O'Connor wrote:
Hi,
Hi Daniel,
I am having some difficulty with spammers on my lists - I have switched to
subscriber only posting but I still have to deal with a lot of crud each
day.
I would like to be able to do Bayes for the lists (as a global entity) - I
wrote a script which runs sa-learn as the mailman user (and running
spamassassin manually shows good results) but it doesn't appear to have any
effect on messages going through the mail system..
I imagine this is because MIMEDefang can't infer what username to use - is
there a way I can tell it?
$ ~mailman/bin/list_members
List all the members of a mailing list.
Usage: bin/list_members [options] listname
...
and
sub filter_sender() {
...
my 5 cents
Kind regards
Michael Lang
Thanks.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
--
Michael Lang [EMAIL PROTECTED]
pgpk7zb8N5LTY.pgp
Description: PGP signature
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] 40K+ emails a day and choking
On Tue, 2006-01-17 at 14:48 +, Nik Clayton wrote: David, David F. Skoll wrote: Stephen Ford wrote: I'm running Solaris 9 on a dual processor 220R with 2 gigs of ram and the box is having trouble keeping up with spam!?!? I hate to say this, but switch from SPARC to a commodity Intel box. Intel and AMD chips far outperform SPARC for the kind of processing MIMEDefang/SpamAssassin do. Even a mid-range dual Xeon at 2.4GHz with a couple of gigs of RAM can handle 40K emails/day with ease. at my last company we did with 4 machines, 3Mil/Day Messages without any problem. The machines where HP DL360 2G Ram 1 CPU ;) Are you aware of any relevant benchmarks in this area? N ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang -- Michael Lang [EMAIL PROTECTED] pgpSyljeNxerz.pgp Description: PGP signature ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] 40K+ emails a day and choking
On Tue, 2006-01-17 at 08:20 -0800, Gary Funck wrote: From: Michael Lang Sent: Tuesday, January 17, 2006 7:50 AM [...] at my last company we did with 4 machines, 3Mil/Day Messages without any problem. The machines where HP DL360 2G Ram 1 CPU ;) With Mimedefang and SA? yes, complex filter (ldap lookups ...) and clamav and kaspersky ... ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang -- Michael Lang [EMAIL PROTECTED] pgpuoLfa9DNRl.pgp Description: PGP signature ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Discard by $Subject
Quoting [EMAIL PROTECTED]:
Hello List,
Hello Meni,
I have this iritating email keep getting through no matter how many
times i put
it through the sa-learn!!!
My config is:
Debian Sarge 3.1a with Sendmail 8.13 + mimedefang 2.51 (i know i should
upgrade..but still) + sa 3.0.3 + clamd 0.87
So know i want to build a mimedefang rule to block this SPAM by its Subject,
which never changes.
Can any one offer a code?? (my perlish is a bit lame...;-) )
B.T.W. : you may have seen/recieved that spam...subject is:
The Ultimate Online Pharmaceutical
should be as simple as editing your 'mimedefang-filter' function called
'filter_begin'
...
sub filter_begin() {
# this will bounce it on SMTP Protocol if it matches exactly the line
# you submitted aboveaction_bounce('put in your SMTP Message
here', 554, '5.7.1') if ($Subject =~
/^The\sUltimate\sOnline\sPharmaceutical$/i);
...
...
Thanks a 1
no prob,
Greetz mIke
Meni
This message was sent using IMP, the Internet Messaging Program.
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
--
Michael Lang
Suessenbrunnerstrasse 64/9/13, 1220 Wien, Austria
http://www.chester.at
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Mimedefang clamd
On Tue, 2005-09-20 at 14:11 +0100, Mack wrote:
it would seem that it thinks Virus:ClamAV is there (at the topish of the
list) but also not there
Virus:ClamAV : yes (/usr/local/bin/clamdscan)
Virus:CLAMAV : no
I've not seen the top one, are you assigning this in your code (perhaps a
case issue?)
i think your config confuses mimedefang :)
# mimedefang.pl -features
MIMEDefang version 2.53
HTML::Parser : yes
HTML::TokeParser : yes
Net::DNS : yes
Path:CONFDIR : yes (/etc/mail)
Path:QUARANTINEDIR: yes (/var/spool/MD-Quarantine)
Path:SENDMAIL : yes (/usr/sbin/sendmail)
Path:SPOOLDIR : yes (/var/spool/MIMEDefang)
SpamAssassin : yes
Virus:CLAMD : yes
should be Original not modifyed
# grep CLAMD /usr/bin/mimedefang.pl
$Features{'Virus:CLAMD'}= ('/bin/false' ne '/bin/false' ?
'/bin/false' : 0);
if ($Features{'Virus:CLAMD'}) {
if ($Features{'Virus:CLAMAV'} ! $Features{'Virus:CLAMD'}) {
# grep CLAMD /etc/mail/mimedefang-filter
$Features{'Virus:CLAMD'}= 1;
this should get your ClamAV to work with your MIMEDefang
Kind regards
Michael Lang
--
Michael Lang [EMAIL PROTECTED]
___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] filter_recipient
On Thu, 2004-11-11 at 17:08, scohen wrote:
I wrote a subroutine using filter_recipient to whitelist. It reads
/etc/mail/access, looks for OK or RELAY, and whitelists those entries. It
works for $sender and $recipient but not for $rcpt_host. Using md_syslog I
found
that while I am getting values for $recipient, $sender, $ip, $hostname,
$first, and $helo, I am not getting vaulues for $rcpt_mailer $rcpt_host or
$rcpt_address.
Nov 11 08:45:55 open1 mimedefang.pl[29791]: $rcpt_host is ?
Nov 11 08:45:55 open1 mimedefang.pl[29791]: $rcpt_addr is ?
Nov 11 08:45:55 open1 mimedefang.pl[29791]: $rcpt_mailer is ?
I was wondering why this could be? I am assigning the variables just like
the mimedefang-filter suggests:
sub filter_recipient {
my ($recipient, $sender, $ip, $hostname, $first, $helo,
$rcpt_mailer, $rcpt_host, $rcpt_addr) = @_;
what excatly are you trying to do ? if you already have
127.0.0.1 REJECT
in your /etc/mail/access file your mail should never reach the filter :)
maybe you should read mimedefang.pl to get the correct Names,
$RelayAddr = ;
$RealRelayAddr = ;
$RelayHostname = ;
$RealRelayHostname = ;
Kind regards
Michael Lang
Thanks for the help,
Steve Cohen
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
--
Michael Lang [EMAIL PROTECTED]
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] upgrade from 2.43 to 2.44
Hi everyone, ive upgraded mimedefang from 2.43 to the latest 2.44. Everything looks good aslong as i use the MimedefangNode (this machine) alone without a loadbalancer. Mail gets scanned filtered and so on. if i enable the node in the Cluster for the Loadbalancer, the log gets filled with these lines until i send a message, and reapear afterwards. any clue ? Aug 5 14:10:20 mimedefang02 mimedefang[9224]: MIMEDefang-2.44: st_optionneg[-1356477520]: 0x1f does not fulfill action requirements 0x3f Aug 5 14:10:20 mimedefang02 mimedefang[9224]: MIMEDefang-2.44: st_optionneg[-1503335504]: 0x1f does not fulfill action requirements 0x3f Aug 5 14:10:21 mimedefang02 mimedefang[9224]: MIMEDefang-2.44: st_optionneg[-1513825360]: 0x1f does not fulfill action requirements 0x3f Aug 5 14:10:21 mimedefang02 mimedefang[9224]: MIMEDefang-2.44: st_optionneg[-1377457232]: 0x1f does not fulfill action requirements 0x3f Aug 5 14:10:21 mimedefang02 mimedefang[9224]: MIMEDefang-2.44: st_optionneg[-1283048528]: 0x1f does not fulfill action requirements 0x3f Aug 5 14:10:23 mimedefang02 mimedefang[9224]: MIMEDefang-2.44: st_optionneg[-1461376080]: 0x1f does not fulfill action requirements 0x3f Aug 5 14:10:23 mimedefang02 mimedefang-multiplexor[9210]: Starting slave 5 (pid 9566) (6 running): About to perform scan Aug 5 14:10:24 mimedefang02 mimedefang[9224]: MIMEDefang-2.44: st_optionneg[-1545294928]: 0x1f does not fulfill action requirements 0x3f Aug 5 14:10:24 mimedefang02 mimedefang-multiplexor[9210]: Starting slave 6 (pid 9570) (7 running): About to perform scan Aug 5 14:10:25 mimedefang02 mimedefang[9224]: MIMEDefang-2.44: st_optionneg[-1587254352]: 0x1f does not fulfill action requirements 0x3f Aug 5 14:10:26 mimedefang02 clamd[20902]: /var/spool/MIMEDefang/mdefang-i75FAIIs004422/Work/msg-9232-12.txt: OK Aug 5 14:10:26 mimedefang02 mimedefang.pl[9232]: MDLOG,i75FAIIs004422,virus,Dialer.Global.AR,127.0.0.1,[EMAIL PROTECTED],[EMAIL PROTECTED],TESTING Aug 5 14:10:26 mimedefang02 clamd[20902]: /var/spool/MIMEDefang/mdefang-i75FAIIs004422/Work/msg-9232-13.AR: Dialer.Global.AR FOUND Aug 5 14:10:27 mimedefang02 mimedefang.pl[9232]: MDLOG,i75FAIIs004422,mail_in,,,[EMAIL PROTECTED],[EMAIL PROTECTED],TESTING Aug 5 14:10:27 mimedefang02 mimedefang.pl[9232]: filter: i75FAIIs004422: replace_with_warning=1 Aug 5 14:10:43 mimedefang02 mimedefang[9224]: MIMEDefang-2.44: st_optionneg[-1335497808]: 0x1f does not fulfill action requirements 0x3f Aug 5 14:10:43 mimedefang02 last message repeated 2 times Aug 5 14:10:44 mimedefang02 mimedefang[9224]: MIMEDefang-2.44: st_optionneg[-1471865936]: 0x1f does not fulfill action requirements 0x3f Aug 5 14:10:45 mimedefang02 mimedefang[9224]: MIMEDefang-2.44: st_optionneg[-1272558672]: 0x1f does not fulfill action requirements 0x3f Aug 5 14:10:46 mimedefang02 mimedefang[9224]: MIMEDefang-2.44: st_optionneg[-1283048528]: 0x1f does not fulfill action requirements 0x3f Aug 5 14:10:47 mimedefang02 mimedefang[9224]: MIMEDefang-2.44: st_optionneg[-1293538384]: 0x1f does not fulfill action requirements 0x3f Aug 5 14:10:47 mimedefang02 mimedefang[9224]: MIMEDefang-2.44: st_optionneg[-1304028240]: 0x1f does not fulfill action requirements 0x3f Aug 5 14:10:48 mimedefang02 mimedefang[9224]: MIMEDefang-2.44: st_optionneg[-1387947088]: 0x1f does not fulfill action requirements 0x3f Aug 5 14:10:48 mimedefang02 mimedefang[9224]: MIMEDefang-2.44: st_optionneg[-1408926800]: 0x1f does not fulfill action requirements 0x3f Aug 5 14:10:49 mimedefang02 mimedefang[9224]: MIMEDefang-2.44: st_optionneg[-1440396368]: 0x1f does not fulfill action requirements 0x3f Aug 5 14:10:49 mimedefang02 mimedefang[9224]: MIMEDefang-2.44: st_optionneg[-1461376080]: 0x1f does not fulfill action requirements 0x3f -- Michael Lang [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
