[Mimedefang] Some Pointers Required
Hi all, Just wondering if someone can give me a list of things to check to see where I'm going wrong. I'm running MIMEDefang 2.38 with Sendmail 8.12.9, ClamAV 0.60, and SpamAssassin 2.61 under Debian Sarge. These are all the Debian packages, I haven't built from source. Basically, I've been through the MIMEDefang HOWTO, the MIMEDefang FAQ's, and had a search through the archives and on Google and Google Groups. I'm totally confused as to where I'm going wrong. When new messages arrive via Fetchmail, they are delivered to my mailboxes with apparently no action performed on them whatsoever, even though I have added the Features in for CLAMD and SpamAssassin. I have run mimedefang.pl -features and both are listed there, and running mimedefang.pl -f /etc/mail/mimedefang-filter -test says there is nothing wrong with my filter. Can anyone give me a list of things to check in order so I can see if I can narrow down where the problem lies? I'm at the point now where I'm just confusing myself and just need a clearer point of view I think. Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Some Pointers Required
Thanks Luke, I'll add those tips to John's and see what I can come up
with...
Pete
- Original Message -
From: "Lucas Albers" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 05, 2004 3:28 AM
Subject: RE: [Mimedefang] Some Pointers Required
> Turn your logging up in sendmail to 16.
> define(`confLOG_LEVEL',`16')dnl
> Enable action change header in mimedefang-filter.
> action_change_header("X-Spam-Score", "$hits $names");
>
> I use debian packages for my installation, none compiled from source.
> My configuration works good...
> Go back to the default filter.
> Use clamscan instead of clamdscan.
> Check your permissions on /var/spool/Mimedefang and *.sock
> Make sure you have a user and group defang.
> when restarting mimedefang add in a 3 second delay from the stop to start,
> like such:
> /etc/init.d/sendmail stop;
> /etc/init.d/mimedefang stop;
> sleep 3;
> /etc/init.d/mimedefang stop;
> sleep 1;
> /etc/init.d/sendmail start;
>
> Luke Computer Science System Administrator
>
> ___
> Visit http://www.mimedefang.org and http://www.canit.ca
> MIMEDefang mailing list
> [EMAIL PROTECTED]
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Some Pointers Required
Thanks John, I'll have a look through those and see what I can see. Basically, all I've done is add in a section to redirect spam and/or virii to a maildrop. I got the lines from the FAQ section on the MIMEDefang page. That's the only modification as such that I've done to the example filter. Oh, and yes I realise SA can't change anything, it's up to MIMEDefang to do that... and ClamAV by itself picks up the EICAR test string in a text file, but it doesn't seem to detect it in an email... or maybe it would if my filter was configured correctly or something along those lines? Pete - Original Message - From: "John Mason Jr." <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, February 04, 2004 11:19 PM Subject: RE: [Mimedefang] Some Pointers Required > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On > > Behalf Of Peter A. Cole > > Sent: Wednesday, February 04, 2004 6:46 AM > > To: MIME Defang > > Subject: [Mimedefang] Some Pointers Required > > > > > > Why do you say no action, are you looking for headers or some action? > Remember unless you tell it SA can't change the message under mimedefang > > http://www.mimedefang.org/node.php?id=21 > > Did you change anything in the filter? > > > > > You could try http://spamassassin.planetmirror.com/gtube/ > And > http://www.eicar.org/anti_virus_test_file.htm > > > > John ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] A Bit of Confusion
Hi all, Probably a very simple and stupid question here, but will having /etc/procmailrc still telling spamc to check for spam prevent mimedefang from scanning my mail? I've got mimedefang installed and am using a slightly modified example of the example mimedefang-filter, but mail is coming in with the X-Spam-Checker-Version header listing spamassassin, not mimedefang. Oh, and I'm using Debian Sarge packages and running mimedefang.pl -f /etc/mail/mimedefang -test reports that it is syntatically correct. Thanks in advance for correcting my stupidity :-) Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] A Bit of Confusion - Solved but different problem with CLAMD
- Original Message - From: "Peter A. Cole" <[EMAIL PROTECTED]> To: "MIME Defang" <[EMAIL PROTECTED]> Sent: Sunday, February 22, 2004 10:15 PM Subject: [Mimedefang] A Bit of Confusion > Hi all, > > Probably a very simple and stupid question here, but will having > /etc/procmailrc still telling spamc to check for spam prevent mimedefang > from scanning my mail? > Hi again, I sorted this out, and yes it was stupidity! I just hadn't told sendmail to use the mimedefang filter... Anyway, I have now had to disable the clamd feature temporarilty as I cannot get it to work. I have tried running clamd as user "defang", but clamd won't then start. I have added the user "defang" to the group "clamav", but I get errors when sending/receiving mail saying "Could not connect to clamd daemon at /var/spool/MIMEDefang/clamd.sock". This file does not exist either. I've looked at a few things on Google, but I'm a little lost as to what I'm even doing wrong at this point in time. Any ideas? Thanks, Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] A Bit of Confusion - Solved but different problemwith CLAMD
- Original Message - From: "Lee Dilkie" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, February 23, 2004 3:49 AM Subject: RE: [Mimedefang] A Bit of Confusion - Solved but different problemwith CLAMD First off, let me apologise to Rob. That email was never supposed to go to you directly, but Outlook Express stupidity sent it to mimedefang-request instead of mimedefang and I guess it got bounced to you. > > check clamav.conf. > > the location of the pid file must be writable by the defang user as clamd is > running as dfang. > > also inclamav.conf. > > LocalSocket probably needs to be changed to point to where MD is expecting. > > Or you can leave it where it is and modify your mimedefnag-filter and stick > > $ClamdSock = "/var/run/clamav/clamd"; (this is the default place for clamd > on freebsd). > > in the top of mimedefang-filter. This will override the default in > mimedefang.pl > > hope this helps. > > -lee > Thanks for your tips Rob and Lee. As it turns out, I had everything right as far as the clamav.sock and clamav.pid files go, but even though I had set this correctly in mimedefang.pl.conf, mimedefang.pl actually has a hard coded entry that overrides this and tries to access clamd.sock in /var/spool/MIMEDefang/clamd.sock. This is what was causing the grief and after changing this to /var/run/clamd.sock it now works like a bought one! The only hassle I have now is that spam gets sent to my maildrop mailbox, but it also still goes to the original recipient as well. I know this is a problem in my filter, but any tips as to where? All I have done is add the example given on the FAQ edited to reflect the correct maildrop to the existing filter_end part of mime-defang filter. Thanks again, Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] A Bit of Confusion - Solved but differentproblemwithCLAMD
- Original Message -
From: "Rob" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 24, 2004 3:26 AM
Subject: RE: [Mimedefang] A Bit of Confusion - Solved but
differentproblemwithCLAMD
> Odd, I made my change to mimedefang-filter and it worked:
>
> $ClamdSock = "/var/run/clamav/clamd";
>
I had a closer look today, and the require entry for mimedefang-filter is
BEFORE the line $ClamdSock = "/var/spool/MIMEDefang/clamd.sock" in
mimedefang.pl, so obviously it is overwritten by this setting.
Maybe it's just a Debian package thing?
>
> This has been discussed in the past and examples are in the archive,
> however... I use the following to strip out all existing recipients, add
> them in a header (in the event that it becomes relevant in future) and set
> the recipient to postmaster:
>
> # Record who it was for
> action_add_header("X-Orig-Rcpts", join(", ", @Recipients));
>
> # Remove oroginal recipients
> foreach $recip (@Recipients) {
> delete_recipient($recip);
> }
>
> # Send to the postmaster
> add_recipient('[EMAIL PROTECTED]');
>
Below is what I added to my sub filter_end section:
if ($hits >= $req) {
md_graphdefang_log('spam', $hits, $RelayAddr);
# If you find the SA report useful, add it, I guess...
action_add_part($entity, "text/plain", "-suggest",
"$report\n",
"SpamAssassinReport.txt", "inline");
# Add a header with original recipients, just for info
action_add_header("X-Orig-Rcpts", join(", ", @Recipients));
# Remove original recipients
foreach $recip (@recipients) {
delete_recipient($recip);
}
# Send to spam address
add_recipient('[EMAIL PROTECTED]');
} else {
# Delete any existing X-Spam-Score header?
action_delete_header("X-Spam-Score");
Don't worry about the lack of brackets as I've only copied the pertinent
bits.
By the way, I did look through the archives, and they looked close enough to
this to be identical, so maybe my problem lies elsewhere?
>
> PLEASE - keep list traffic on the list. Email sent directly to me may be
> ignored utterly.
>
> --
> Rob | What part of "no" was it you didn't understand?
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Tracing/Debugging MIMEDefang
Hi all, What's the best way to see what actions are happening when mimedefang-filter processes spam and/or virii? I have a problem whereby when I receive spam, not only does it get sent to my spamdrop mailbox, but it still gets delivered to the original recipient. And, to add to the confusion, if I send a test spam message from one of my local accounts to another local account, it gets delivered twice to my spamdrop (once on the way out to my ISP's smarthost and once when fetchmail retrieves it) and once to the original recipient. In all cases, the spamassassin report is delivered, the X-Spam headers are in place with the score listed, the spamdrop recipient has been added, but the original recipients have not been deleted. I'm basically using a modified version of the example mimedefang-filter supplied with the Debian package with the maildrop entries in "sub filter_end" as specified in the mimedefang FAQ. I've searched Google with no success, I've had a previous thread on this list which basically ended up with me totally confused as the entries I was given were pretty much identical to what I already had, so now I'm a tad lost... I'm using Debian Sarge with the Debian packages of sendmail 8.12.11.Beta0 and mimedefang 2.38-2. If you wish to view my mimedefang configuration, the following links contain the current files: http://users.bigpond.com/mork73/mimedefang-filter http://users.bigpond.com/mork73/mimedefang.conf http://users.bigpond.com/mork73/mimedefang.pl.conf Can anybody point me in the right direction? Thanks, Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Tracing/Debugging MIMEDefang
- Original Message -
From: "Michael Sims" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 26, 2004 1:15 AM
Subject: RE: [Mimedefang] Tracing/Debugging MIMEDefang
> Peter A. Cole wrote:
> > Hi all,
> >
> > What's the best way to see what actions are happening when
> > mimedefang-filter processes spam and/or virii?
>
> If I'm trying to troubleshoot a problem with my filter, I'll do the
> following:
>
> (1) After altering the filter, I will tail /var/log/maillog just to make
> sure that my filter isn't printing anything to STDERR (happens most
> frequently with me with typos).
> (2) I'll then add calls to md_syslog to print debug information in my
> Mimedefang log file.
> (3) Sometimes I'll temporarily use action_add_header() to add debug
> information directly into the headers of a message I'm using as a test.
>
I'll have a go at doing this tonight. I assume by simply putting in
action_add_header("Deleting recipient ", $recip) or similar within the loop
will tell me soon enough if this is being processed or not.
> > I have a problem whereby when I receive spam, not only does it get
> > sent to my spamdrop mailbox, but it still gets delivered to the
> > original recipient.
>
> I looked at your filter. You need to change this:
>
> foreach $recip (@recipients) {
>
> to this:
>
> foreach $recip (@Recipients) {
>
> Perl variables are case sensitive. In your filter, @recipients is not
> defined so the foreach loop will never be entered.
I did this before downloading my email this afternoon, but didn't make a
difference unfortunately. I copied and pasted these entries straight from
the FAQ, then later simply moved the adding of the recipients inside the
loop.
>
> > And, to add to the confusion, if I send a test spam message from one
> > of my local accounts to another local account, it gets delivered
> > twice to my spamdrop (once on the way out to my ISP's smarthost and
> > once when fetchmail retrieves it) and once to the original recipient.
>
> You may want to consider skipping the spam assassin check (and adding to
the
> spamdrop) on messages relayed from trusted hosts. There are lots of
> examples in the list archives on how to do this.
>
I wasn't doing this to cover the small chance of one of my Windows boxes
getting infected or something to ensure nothing goes out of my network as
well as coming in. I think if I fix the original problem, then spam or virii
going out will simply get canned before they get to the ISP, which is what I
want to do.
> HTH...
>
> ___
> Michael Sims
> Project Analyst - Information Technology
> Crye-Leike Realtors
> Office: (901)758-5648 Pager: (901)769-3722
> ___
Thanks for you tips Michael, I'll try the 3 tips at the beginning of your
post and let you know how I go.
Pete
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Tracing/Debugging MIMEDefang
- Original Message -
From: "Michael Sims" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 26, 2004 1:15 AM
Subject: RE: [Mimedefang] Tracing/Debugging MIMEDefang
>
> If I'm trying to troubleshoot a problem with my filter, I'll do the
> following:
>
> (1) After altering the filter, I will tail /var/log/maillog just to make
> sure that my filter isn't printing anything to STDERR (happens most
> frequently with me with typos).
> (2) I'll then add calls to md_syslog to print debug information in my
> Mimedefang log file.
> (3) Sometimes I'll temporarily use action_add_header() to add debug
> information directly into the headers of a message I'm using as a test.
>
> I looked at your filter. You need to change this:
>
> foreach $recip (@recipients) {
>
> to this:
>
> foreach $recip (@Recipients) {
>
> Perl variables are case sensitive. In your filter, @recipients is not
> defined so the foreach loop will never be entered.
>
> You may want to consider skipping the spam assassin check (and adding to
the
> spamdrop) on messages relayed from trusted hosts. There are lots of
> examples in the list archives on how to do this.
>
> HTH...
>
> ___
> Michael Sims
> Project Analyst - Information Technology
> Crye-Leike Realtors
> Office: (901)758-5648 Pager: (901)769-3722
> ___
Hi again Michael,
Well I've now been through your tips and I believe it is working. Just
waiting on some external spam to test :-)
I've run my own tests through it from internally, and the spam gets sent to
my maildrop only, no other mailbox which is excellent.
It appears that when I first did this this afternoon, I must'nt have run
mimedefang reread as after putting in some logging and running that, it
worked.
Thanks again for all your help, (and same thanks to you Rob)
Pete
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Tracing/Debugging MIMEDefang
- Original Message -
From: "Michael Sims" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, February 27, 2004 1:24 AM
Subject: RE: [Mimedefang] Tracing/Debugging MIMEDefang
> Yes, although I would suggest something like this:
>
> action_add_header('X-Debug-Msg', "Deleting recipient $recip");
>
> Remember when using this trick that messages other than the ones you are
> sending as tests might get these headers inserted. I like to use X
headers
> like 'X-Debug-Msg' in order to play nice with other MTA's that my message
> might pass through. They should ignore any X header that they don't
> recognize, but a header like "Deleting recipient:" might cause issues.
>
You're dead right there, as soon as I put it in I took it out, as the
mimedefang.pl -test I did on the filter spat the dummy on that line.
Instead, I just used the md_syslog entries instead which I found just as
helpful.
> You can still do all of the normal MD checks (including virus checks)
while
> skipping just the SpamAssassin scan. That's what I do...
>
I'll have a look into this, although at the moment I'm pretty happy. If
anything I'm sending legitimately is getting canned I'll have to put
something like this in place.
I always configure my email as plain text, or at least as much as I can with
Outlook Express anyway, so this shouldn't be an issue hopefully. I'm just in
the process of setting up my Linux workstation (also Debian Sarge of
course!), so Sylpheed will ensure only plain text ever gets sent out.
> > Well I've now been through your tips and I believe it is working. Just
> > waiting on some external spam to test :-)
> [...]
> > Thanks again for all your help, (and same thanks to you Rob)
>
> No problem...
>
> ___
> Michael Sims
> Project Analyst - Information Technology
> Crye-Leike Realtors
> Office: (901)758-5648 Pager: (901)769-3722
> ___
>
Thanks again,
Pete
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Slaves Dying Prematurely
Hi all, I know there's been previous threads/answers on this, but I can't seem to find the reason for this at the moment... I'm a bit lost. Yesterday, my mail server was running perfectly, spam and virii getting removed, sending and receiving mail fine. This morning, I turned it on and my slave now die prematurely with an smtp error: SMTP error: 451 4.7.1 Please try again later. This is a sample of the log: Mar 1 09:02:15 jake mimedefang-multiplexor: Slave 1 died prematurely -- check your filter rules Mar 1 09:02:15 jake mimedefang-multiplexor: Reap: Idle slave 1 (pid 990) exited due to signal 11 (SLAVE DIED UNEXPECTEDLY) Mar 1 09:02:15 jake mimedefang-multiplexor: Slave 1 resource usage: req=1, scans=1, user=36.840, sys=1.880, nswap=0, majflt=666, minflt=6722, maxrss=0, bi=0, bo=0 Mar 1 09:02:15 jake mimedefang[883]: Error from multiplexor: ERR No response from slave Mar 1 09:02:15 jake fetchmail[330]: SMTP error: 451 4.7.1 Please try again later Mar 1 09:02:15 jake fetchmail[330]: not flushed Mar 1 09:02:18 jake mimedefang-multiplexor: Starting slave 1 (pid 1190) (2 running): Bringing slaves up to minSlaves (2) Mar 1 09:02:53 jake mimedefang-multiplexor: Slave 0 died prematurely -- check your filter rules Mar 1 09:02:53 jake mimedefang-multiplexor: Reap: Idle slave 0 (pid 1106) exited due to signal 11 (SLAVE DIED UNEXPECTEDLY) I recall seeing problems with a perl version, but can't seem to find the posts in relation to this. Or was it just embedded perl? I'm running Debian Sarge with mimedefang 2.38 and perl 5.8.3. The only thing I can recall changing is possibly the perl version. I know it got upgraded from 5.8.2 at some stage, I just can't remember if this was yesterday or not. I also changed some settings in relation to Razor and DNSRBL checks, but I ran /etc/init.d/mimedefang reread after changing these and it was still working then. If someone could just direct me towards old posts on this subject or logs to check etc. that would be greatly appreciated. Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Slaves Dying Prematurely
On Sun, 29 Feb 2004 20:17:13 -0500 "David F. Skoll" <[EMAIL PROTECTED]> wrote: > On Mon, 1 Mar 2004, Peter A. Cole wrote: > > > Mar 1 09:02:15 jake mimedefang-multiplexor: Reap: Idle slave 1 > > (pid 990) exited due to signal 11 (SLAVE DIED UNEXPECTEDLY) > > Signal 11 is a segmentation fault. There's something seriously wrong > with your Perl installation; maybe a bad library or some other bad > dependency? > > -- > David. Thanks David, I was trying to find out what that Signal 11 meant, but couldn't seem to find any reference to it. In that case, I would expect that maybe the current Perl package has some issues. I'll check on the bugs etc. for Debian. Thanks for the tip! Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Slaves Dying Prematurely
On Sun, 29 Feb 2004 20:17:13 -0500 "David F. Skoll" <[EMAIL PROTECTED]> wrote: > On Mon, 1 Mar 2004, Peter A. Cole wrote: > > > Mar 1 09:02:15 jake mimedefang-multiplexor: Reap: Idle slave 1 > > (pid 990) exited due to signal 11 (SLAVE DIED UNEXPECTEDLY) > > Signal 11 is a segmentation fault. There's something seriously wrong > with your Perl installation; maybe a bad library or some other bad > dependency? > > -- > David. One thing I forgot to ask. Is there a way someone who knows absolutely nothing about Perl can determine what is actually causing the segfault? I want to try to pinpoint it to Perl itself or a module or library etc. so I can check the buglist out for this. There's quite a few bugs listed for Perl, some of which relate to segfaults, but none that I can see easily that relate to mimedefang. Thanks again, Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Increase Log Verbosity (was [Mimedefang] Slaves Dying Prematurely)
On Sun, 29 Feb 2004 20:17:13 -0500 "David F. Skoll" <[EMAIL PROTECTED]> wrote: > On Mon, 1 Mar 2004, Peter A. Cole wrote: > > > Mar 1 09:02:15 jake mimedefang-multiplexor: Reap: Idle slave 1 > > (pid 990) exited due to signal 11 (SLAVE DIED UNEXPECTEDLY) > > Signal 11 is a segmentation fault. There's something seriously wrong > with your Perl installation; maybe a bad library or some other bad > dependency? > > -- > David. Hi again, still trying to track the source of this problem down. I can't really file a bug report on it until I know what part of mimedefang and associated modules and libraries is actually causing the problem. Can anyone suggest a way of increasing the verbosity of the log files at all? I need to find out at which stage of the filter it seg faults. Any tips will be greatly appreciated, and will hopefully lead to a successfully resolved bug! Thanks, Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Slaves Dying Prematurely
On Mon, 01 Mar 2004 12:56:05 -0700 Stephen Smoogen <[EMAIL PROTECTED]> wrote: > > Here is a web page that has a lot of info on Sig11. While it says its > about compiling the Linux kernel.. I have found that it is pretty > meaningful for most sig 11 issues > http://www.bitwizard.nl/sig11/ > > Thanks for the link Stephen. I'm supposed to be packing up to head down the coast for a few days this morning, so I'll have a read of this when I get back, could be very useful for future reference. Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: Increase Log Verbosity (was [Mimedefang] Slaves Dying Prematurely)
On Mon, 01 Mar 2004 08:07:11 -0500 "David F. Skoll" <[EMAIL PROTECTED]> wrote: > > That is unlikely to help. A segfault is deep in the C guts of Perl; > unless you're an experienced Perl hacker (by which I mean, experienced > at hacking the C innards of Perl), knowing where it segfaults won't > help much. > > If you can somehow force the generation of a core file, that might help > someone who knows Perl well find the problem. > > Regards, > > David. Thanks David, at least I know next time not to chase my tail as I wouldn't have a clue about C or Perl to sort that out. However, hopefully you've seen my response in another message in this thread that by enabling all logging I could find for the multiplexor, then recompiling sendmail.cf, it miraculously came back to life. So, although it's now working, I have no idea why it wasn't. Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Slaves Dying Prematurely
On Mon, 01 Mar 2004 10:19:18 -0800 Don <[EMAIL PROTECTED]> wrote: > > When I ran into this problem..I used the -l option > when starting the mimedefang-multiplexor and it gave > me a more detailed perl error message that allowed me > to find the offending problem. > > You can also test the mimedefang-filter rules by hand > like this: > > /dir_path_to_mimedefang_bin/mimedefang.pl -f > /dir_path_to_mimedefang_filter/mimedefang-filter -test > > but know that will not get the errors you may be > seeing sometimes, it just checks the syntax of teh > filter so as to eliminate that problem. > > Note my problem when the slave died prematurely was > not becuase of an upgrade of perl or modules but > rather a call to a function that I had removed and > this passed the syntax checker! > > > Hope this helps. > --Don Thanks Don, I think it did, sort of... I just went through my mimedefang.conf file and enabled everything to do with logging for the multiplexor, including stats etc. I then created the /var/log/mimedefang directory for the stats, changed owner to defang, and put mimedefang back into sendmail so I could test it. It has since delivered 3 messages with no problems. So, it's fixed, but I have no idea why as I did change any filter settings or anything, just log settings. Bizarre. I wonder if maybe the last time I ran sendmailconfig it stuffed part of the .cf file up or something? Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] RE: Anti-virus
On Mon, 01 Mar 2004 17:05:53 -0600 Alex S Moore <[EMAIL PROTECTED]> wrote: > I am building mimedefang on a host that does not have or need any > anti-virus software. When I built the package, I had a message about > 'virus checking will not be built in' or some such. > > However, I use clamav and plan to run that same mimedefang package on my > host. Is there really no way for me to use clamav from mimedefang? > > Thanks, Alex Moore Hi Alex, I'm a little confused here. Do you mean you have two hosts to run mimedefang on? One with clamav and one without? If so, then the one you want to run mimedefang on with clamav will be fine. I use mimedefang with clamav here, although I run clamd, the daemon version of clamav. I found it easier to get going than clamav due to permissions issues. Do a search through the archives of this list to find all the info you need about clamav versus clamd. The howto (last time I read it) unfortunately doesn't cover clamd or clamav, but there's plenty of other info around the place in manpages, /usr/share/doc/ etc. to get you going. Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Need Tip on Filter
Hi all, I'm running MIMEDefang 2.39 on Debian Sarge with SA and CLAMAV, and while it works well with getting rid of virii and most of my spam, there's still a few coming through, mainly relating to prescription drugs. I had been looking for a way to do this on and off for a few weeks, but hadn't come up with a definite solution until I checked the headers of these emails and discovered that my ISP has already classed them as spam. They offer an antispam service for a small charge, but in doing this they also leave there antispam headers in mail to users that do not subscribe to this service, so any spam that they mark is still marked in my mailbox. What I need to do is put this into my mimedefang-filter to get it moved to my spamdrop. I'm not terribly good at creating working rules in my filter, so I'm wondering if someone can give me a tip on how to go about this. Here's three examples of the header my ISP inserts: X-Telstra-AV-Scanner: 1.0.1-LBW X-Telstra-AS-Scanner: 1.0.1-LBW, 96% OBFU_CLASS_HEALTH 4, RCVD_IN_CBL 3, OBFU_CLASS_OTHER 2, DIET 1.144, MISSING_MIMEOLE 1.103, __HAS_MSGID 0, __SANE_MSGID 0, __MIME_VERSION 0, NOSPAM_INC 0, __TO_MALFORMED_2 0, __OUTLOOK_MUA 0, __HAS_X_MAILER 0, __HAS X-Spam-Status: Yes X-Telstra-AV-Scanner: 1.0.1-LBW X-Telstra-AS-Scanner: 1.0.1-LBW, 99% URI_CLASS_HEALTH_DOMAIN 5, OBFU_CLASS_HEALTH 4, RCVD_IN_CBL 3, BIZ_TLD 1.251, HTML_70_90 0.572, URI_HEAVY 0.206, UNSUB_PAGE 0.163, BIG_FONT 0.146, HTML_FONT_COLOR_CYAN 0.005, SUPERLONG_LINE 0.003, __SANE_MSGID 0, _ X-Spam-Status: Yes X-Telstra-AV-Scanner: 1.0.1-LBW X-Telstra-AS-Scanner: 1.0.1-LBW, 100% URI_CLASS_UNCLASSIFIED_DOMAIN 5, MIME_HTML_ONLY_MULTI 4.500, THE_BEST_RATE 4.139, RCVD_IN_CBL 3, CONFIRMED_FORGED 2.168, OFFERS_ETC 1.177, SEE_FOR_YOURSELF 0.706, FORGED_YAHOO_RCVD 0.659, EXCUSE_14 0.022, NO_OBLIG X-Spam-Status: Yes I'm assuming that if I put something in to move these to my spamdrop if the line "X-Telstra-AS-Scanner: 1.0.1-LBW, xx%" is greater than, say, 90% (to be safe from false positives), then this will be successful. I'm not sure if I can rely on the "X-Spam-Status: Yes" line not giving false positives, I would rather rely on the scoring system like SA provides. Any ideas? Thanks, Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Need Tip on Filter
On Sun, 21 Mar 2004 00:00:17 -0600
Michael Sims <[EMAIL PROTECTED]> wrote:
> open(HEADERS, '< ./HEADERS');
> while () {
> if (/^X-Telstra-AS-Scanner: .*?, (.*?)% /i
> && $1 >= 90) {
>
> delete_recipient($_) foreach (@Recipients);
> add_recipient('[EMAIL PROTECTED]');
> last;
> }
> }
> close(HEADERS);
Thanks Michael,
I've added that in, substituting my local spamdrop account, and it appears correct
according to mimedefang.pl -test.
My problem is with regular expressions - I really need to sit down one day and go
through them to try to understand them better.
I knew how to do the recipient actions, but the if... section is what gets me every
time.
Thanks again!
Pete
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Need Tip on Filter
On Sun, 21 Mar 2004 00:00:17 -0600
Michael Sims <[EMAIL PROTECTED]> wrote:
> Try this in filter_end (untested):
>
> open(HEADERS, '< ./HEADERS');
> while () {
> if (/^X-Telstra-AS-Scanner: .*?, (.*?)% /i
> && $1 >= 90) {
>
> delete_recipient($_) foreach (@Recipients);
> add_recipient('[EMAIL PROTECTED]');
> last;
> }
> }
> close(HEADERS);
>
> ___
> Michael Sims
Hi again Michael (and anybody else who has interest in this thread),
So far, this seems to be successful in that it doesn't cause any dramas for legitimate
mail coming in. I haven't received any with the applicable headers yet to be sure if
it gets rid of the spam though.
However, I also want to add in a section to get rid of mail with the "X-Habeas-SWE"
type headers as they also only appear to be spam, but my ISP for some reason seems to
let them through as valid messages.
I have added the following lines to my mimedefang-filter, between the two } curly
brackets at the end, which I assume would include it in the "while () {"
routine:
if (/^X-Habeas-SWE) {
delete_recipient($_) foreach (@Recipients);
add_recipient('[EMAIL PROTECTED]');
last;
}
I have, of course, substituted '[EMAIL PROTECTED]' with my local spamdrop mailbox.
I thought that this would work, but when I run mimedefang.pl -test, it comes up with
errors about bare text and missing curly brackets etc., so obviously it is not correct.
Can anyone enlighten me as to what I have done wrong or tell me how I can add an "or"
type statement into the first part Michael has provided?
Thanks,
Pete
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Need Tip on Filter
On Sun, 21 Mar 2004 09:41:18 -0600
Michael Sims <[EMAIL PROTECTED]> wrote:
> Your regex pattern isn't terminated. You need a "/" at the end of it.
>
Thanks Michael, see I knew it was a simple regex type thing! It's really time I read
through the Debian Reference Manual which explains regular expressions, at least a
basic intro anyway.
Once I've done that, hopefully I shouldn't need to bug all you nice people on this
list anymore...
> open(HEADERS, '< ./HEADERS');
> while () {
> if (/^X-Habeas-SWE/i
> || (/^X-Telstra-AS-Scanner: .*?, (.*?)% /i
> && $1 >= 90)) {
And thanks again, at least I now know what the "or" expression is. I'll put this in
tonight and see how it goes.
Oh, and with the original filter component you gave me, well, the first email I got
containing the headers was only 83%... so I guess I'll reduce it from 90 to 80...
Thanks heaps!
Pete
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Need Tip on Filter
On Mon, 22 Mar 2004 11:50:54 -0700 Nels Lindquist <[EMAIL PROTECTED]> wrote: > On 21 Mar 2004 at 21:21, Peter A. Cole wrote: > > Not all mail with Habeas headers is spam, though YMMV depending on > the mix of mail you receive. > > Rather than dropping all Habeas mail, I prefer to maintain a local > ruleset which triggers on URIs used by known Habeas SWE infringers. > > I've attached it to this email; you should be able to drop the .cf > into /etc/mail/spamassassin and restart mimedefang. > > > Nels Lindquist <*> > Information Systems Manager > Morningstar Air Express Inc. Thanks Nels, I think I'll leave it as is though as it is successfully working with Michael's tips on how to put it into place. All my spam simply gets redirected to a "spamdrop" so I can monitor it for false positives. In fact, I've already had to whitelist a few addresses due to legitimate mail coming through to the spamdrop, and this was put there by SA, not the additional filters I've added. Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Quarantine management - anyone else working on this?
On Fri, 02 Apr 2004 12:52:46 +0100 Paul Murphy <[EMAIL PROTECTED]> wrote: > OK, here's my code (attached) as it stands at the moment, with some instructions > and comments below. > Hi Paul, thanks for the code!! After getting around my lack of knowledge with cgi scripts in apache, I've got it going. I'd always wondered how I should go about cleaning up the quarantine directory... The only thing I had to do (other than the mail server names and associated email addresses as you specified) was to change the quarantine directory to /var/spool/MIMEDefang as the Debian Sarge packages change these from the defaults. I've also had to do some very specific permission changes as the UNIX socket files are also placed into this directory, and changing the perm's on them gives the old unsafe socket error with sendmail. I do have one problem, and I've tried my darndest not to bother you with the query, but I'm stuck. When clicking the quarantine folder link, I get this error: Unable to open directory /var/spool/MIMEDefang/qdir-2004-02-24-17.20.39-001 at /usr/lib/cgi-bin/quar_display.pl line 110. The permissions on all the qdir folders are: dr--rwx---2 defang www-data 4096 Apr 3 11:46 qdir-2004-04-03-11.46.08-001 Please tell me if I'm doing something stupid, and if you don't have time to look at this, I'll certainly understand as this has been done off your own bat and you're doing your best just to do us all a favour :-) Thanks again Paul, Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Quarantine management - anyone else working on this?
On Mon, 05 Apr 2004 10:53:32 +0100 Paul Murphy <[EMAIL PROTECTED]> wrote: > Peter, > > Yes, that's why I have a completely separate quarantine folder, plus on a busy > server where you are quarantining a lot of large messages, in theory the > quarantine could fill the disk and kill the mail system. > > Odd - this should work if the web user is in the www-data group. The best way > to resolve this sort of thing is to use "su" from root to become the web user, > and try to browse the qdir folders. When you have the permissions set > correctly, the script will work. > > Given that the main quarantine list is OK, the folders must already be > accessible, as the main list opens the sender, recipient and headers files from > each folder, as well as the entity header files and the message files which say > why it was quarantined. > > Best Wishes, > > Paul. Thanks for your reply Paul, much appreciated. You hit the nail right on the head with su'ing as www-data. Believe it or not, I never realised you could su as a system user like that! Every day I learn how much I don't know about Linux... I su'd as www-data and get permission denied just trying to get into any of the qdir directories within /var/spool/MIMEDefang, so this explains the problem. Rather than try to fix this in its current location and risk screwing up anything, I'll now look into moving my quarantine directory to another location. I did consider this when I initially looked at your scripts, but thought it should be possible right where they are, but I was wrong (again). I believe the reason I initially got any results at all from quarantine.pl was that I think I looked at that while I was unknowingly receiving unsafe socket errors by making the /var/spool/MIMEDefang directory world writeable. I think it was only after I fixed this that I actually tried entering into the qdir's themselves, and therefore got the error. Thanks again for that, and hopefully the only response you'll hear next is it's all working in a new directory :-) Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Quarantine management - anyone else working on this?
On Mon, 05 Apr 2004 10:53:32 +0100 Paul Murphy <[EMAIL PROTECTED]> wrote: > Peter, > > Yes, that's why I have a completely separate quarantine folder, plus on a busy > server where you are quarantining a lot of large messages, in theory the > quarantine could fill the disk and kill the mail system. > > Best Wishes, > > Paul. > __ Hi again Paul, Just letting you know that you're a legend, it's now all sorted and I can manage my quarantine (now in /var/spool/MD-Quarantine) successfully. Thanks again for the scripts and your help. Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Quarantine management - anyone else working on this?
On Mon, 05 Apr 2004 14:20:58 +0100 Paul Murphy <[EMAIL PROTECTED]> wrote: > Pete, > > Excellent, thanks for the update. If you find any problems with the system, or > have any requests for additional features, let me know - I've started a list, > and will implement some/all of them eventually. All I would count out at the > moment is displaying the decoded attachments, as this is likely to cause > security issues, as you'd expect. Updating the display program to limit the > size of the ENTIRE_MESSAGE section is high on my list... > > Best Wishes, > > Paul. > __ No worries Paul. The only thing I can imagine doing at the moment would be to reduce the font size so more fits on the screen, and maybe adding a return link so that after you empty the quarantine, it's a bit easier to return to the main quarantine page. Other than that, it seems to do what I need it to. Security issues aren't a problem here as it's a home mail server, so there's only 5 email accounts, all of which I'm sort of in control of. Thanks again Paul, Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Quarantine management - anyone else working on this?
On Tue, 06 Apr 2004 10:25:51 +0100 Paul Murphy <[EMAIL PROTECTED]> wrote: > Pete, > > Version 1.2 attached: > > > Best Wishes, > > Paul. > __ Hey thanks Paul! I actually intended to go through it myself to see if I could fix up the fonts and add the link etc. I should've made that a bit more clear :-) Thanks for doing this though, as this way it'll work properly, whereas mine would be a bodgy fix no doubt. I'll let you know how it goes. Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Quarantine management - anyone else working on this?
On Tue, 06 Apr 2004 10:25:51 +0100 Paul Murphy <[EMAIL PROTECTED]> wrote: > Pete, > > Version 1.2 attached: > > > Best Wishes, > > Paul. > __ Hi again Paul, Just letting you know it seems to work like a charm so far. Much neater with the new font sizes and links you've added. Thanks again, Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Black Listed
On Tue, 06 Apr 2004 11:17:14 -0500 (EST) Andrea Venturoli <[EMAIL PROTECTED]> wrote: > ** Reply to note from Mark Defang <[EMAIL PROTECTED]> Mon, 05 Apr 2004 22:02:14 -0400 > > This is unfortunately quite a common problem, that me and my customers are having > too. > Just to make an example, spamcop is blocking Libero, which (although perhaps not so > good at fighting spam), > is a major Italian ISP, connecting maybe something like 20% of this country. Given > that the even bigger > Telecom is a lot worse and a lot more blacklisted, you can guess here the picture is > not that good!!! > I cannot write to many mailing lists any more (FreeBSD, for example; and I work on > this OS!); some of my customers > cannot contact their overseas partners and so on! > I really believe the blacklist practice has gone a lot further than it should have! > I personally have nothing against > public blacklists, but I think their adoption should be a personal choice, not > anything that is done ISP wide. > > Just my 2 eurocents. > > bye > av. > It's getting harder and harder to stop spam without inconveniencing innocent bystanders. I work in an outsourcing company as a network admin in a primarily Windows environment, and I too have had issues with customers either being blacklisted or having issues caused by required recipients being blacklisted. My ISP here (Bigpond) is about to implement blocking port 25 for all their dynamic IP customers. If you pay the extra $10 a month or if you are a business customer, then they'll leave the port open for you. I'm pretty sure it's only outbound they're blocking, so while this will reduce spam for some users, it seems to be more of a butt covering excercise in that anyone with dynamic IP's cannot send spam via port 25, so the only one's who can, can easily be traced and prosecuted. This is my guess anyway. As for a real solution to spam? I think in principal it's quite easy. No mail server should accept mail from any mail server that is not correctly configured. ie should have correct reverse MX records, reject mails with forged headers, etc. If this was done, spamming would become irrelevant. Of course, this requires many changes to many mail servers, but at the end of the day it would ensure a completely RFC compliant mail infrastructure, thereby making spam easy to get rid of without the need to blacklist anybody. There's my 2 aussie cents :-) Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Black Listed
On Tue, 06 Apr 2004 13:15:09 + Rob MacGregor <[EMAIL PROTECTED]> wrote: > > However, just because a host is listed to RECEIVE email doesn't mean it'll > be used to SEND email. Heck, take a look at any of the ISPs I've used, or > even my domain host. They have different hosts for incoming and outgoing > email. > This is very true. I just meant that the receiving mail servers should be able to identify correctly formatted mail they receive, as well as being able to verify the identity of the mail server it is sent from (see below). In fact, if I ever go down the path of receiving mail directly to my home mail server, it will have to be sent via my ISP's mail server due to them now closing port 25. > > I don't remember ever seeing an RFC that says that only hosts defined with > MX records may send email. Maybe you could point it out :) > E, my bad... Was late at night, had a few beers... really should have said maybe we should update the RFC's to include this as a prerequisite. I believe Exchange 2003 now checks reverse MX lookups. Not really relevant for MIMEDefang of course, but if you go to www.dnsreport.com and check a mail server out, you'll soon see why I say this should probably be important. Of course, this is all my own opinion which may be totally useless in the great scheme of things :-) Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Quarantine management - anyone else working on this?
On Mon, 12 Apr 2004 09:12:01 -0500 Mike Campbell <[EMAIL PROTECTED]> wrote: > When trying to use the new v1.2 quarantine management files there seems > to be some syntax errors. I was getting errors in my apache error_log > file and when I run 'perl -c quarantine.pl' I get the following errors: > > Now none of these prevent the script from running but everytime I access > the file from the web browser I get similar errors in the error_log file. > -- > > ___ > Mike Campbell Whilst I probably can't really help much, I will just say that I copied and pasted both the files directly from the mail message to the files via ssh onto my mail server. The only thing I did was change the mailing addresses to appropriate ones to my network, adjusted the mail server names as required, and that was that (other than make the files executable of course). Worked right from the word go for me after I adjusted mimedefang to quarantine to a separate directory... maybe you missed copying a bracket or edited too much perhaps? Just a thought... HTH Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mail Bypassing Mimedefang
On Thu, 27 May 2004 15:50:36 +1000 Bill Maidment <[EMAIL PROTECTED]> wrote: > > My approach is to put a protective shell around whatever the b*st**ds > try to do. Remember the enemy is within as well as outside!!! > I just thought it would be real cool to somehow intercept and sanitise > whatever comes through SOCKS. > > Cheers > Bill > Hey, another Aussie on the list, cool! Anyway, is there a way you could possibly utilise fetchmail to deliver mail to your mail server on behalf of the users, and then allow those users to retrieve their mail from the mail server via POP3/IMAP. This is basically how I do it at home here, but obviously on a much smaller scale. I also don't have mail delivered directly via SMTP. The obvious drawback is administration; maintaining all those POP3/IMAP connections and keeping up with password changes etc. Anyway, that's just my 2 cents on the matter... Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Local.cf, SA_MIMEDefang.cf, and Spamhaus query
Hi all,
MIMEDefang's running like a charm here at home with a site wide configuration for the
massive amount of 5 email accounts on my server.
Anyway, I just wanted to confirm a couple of things..
Firstly, I'm using /etc/spamassassin/local.cf for all my bayes, autowhitelist, razor,
pyzor etc. settings. Is this the right place? Or should I be using
/etc/mail/sa-mimedefang.cf? Or does it make no difference at all?
It is picking up a heap of spam using local.cf, so it is working.
Secondly, I'm trying to use spl-xbl.spamhaus.org in local.cf, and I have the following
lines to do this:
header SPAMHAUS_TEST eval:check_rbl('spamhaus', 'spl-xbl.spamhaus.org')
describe SPAMHAUS_TEST Listed in Spamhaus.org blacklist
tflags SPAMHAUS_TEST net
score SPAMHAUS_TEST 1.5
Is this the right way to do this? I haven't seen any spam with a report saying it's
been found in spamhaus, but I realise that I just may not have received any at this
stage.
Any advice on this greatly appreciated,
Pete
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Local.cf, SA_MIMEDefang.cf, and Spamhaus query
On Sat, 29 May 2004 10:00:06 +1000 "Peter A. Cole" <[EMAIL PROTECTED]> wrote: > Hi all, > > MIMEDefang's running like a charm here at home with a site wide configuration for > the massive amount of 5 email accounts on my server. > > Anyway, I just wanted to confirm a couple of things.. > Hi again, I fixed two problems with the Spamhaus part of this, but I'd still like to here some feedback on whether I should use local.cf or sa-mimedefang.cf. The problem with my Spamhaus entry was a spelling mistake (spl-xbl instead of sbl-xbl) and I also needed to use "check_rbl_txt" instead of just "check_rbl". Any feedback on the first query would still be good. Thanks, Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Network Tests Disabled Even Though mimedefang-filter is right
Hi all, Just wondering if anyone is encountering the same problem I am? I'm using the Debian Testing version of MIMEDefang (2.41) and Spamassassin (2.63) and even though I have set "$SALocalTestsOnly = 0" in "/etc/mail/mimedefang-filter", network tests are disabled. If I then edit "/usr/bin/mimedefang.pl" and set the same setting there, then network tests are fine. As far as I'm aware, I shouldn't have to edit mimedefang.pl at all. This is also affecting Clam antivirus in that even though I set the correct location for the clamd sock file "/var/run/clamav/clamd.ctl" in "/etc/mail/mimedefang.pl.conf", the sock file specified in mimedefang.pl overrides this as well. I'm basically trying to find out if I should be filing a bug report with the Debian package maintainers, or if this is more of a MIMEDefang source thing? Any ideas? Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Network Tests Disabled Even Though mimedefang-filter is right
On Thu, 17 Jun 2004 15:54:15 -0600 Nels Lindquist <[EMAIL PROTECTED]> wrote: > > In your mimedefang-filter, is there a line like: > > spam_assassin_init()->compile_now(1) if > defined(spam_assassin_init()); > > and if so, does "$SALocalTestsOnly=0" come before or after that line? > > > Nels Lindquist <*> > Information Systems Manager > Morningstar Air Express Inc. > Hi Nels, Yes, that line is there, and the "SALocalTestsOnly=0" appears another 20 or so lines afterwards. Does this mean it should be before the spamassassin compile line? Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Network Tests Disabled Even Though mimedefang-filter is right
On Thu, 17 Jun 2004 15:48:18 -0400 "David F. Skoll" <[EMAIL PROTECTED]> wrote: > On Thu, 17 Jun 2004, Peter A. Cole wrote: > > > I'm using the Debian Testing version of MIMEDefang (2.41) and > > Spamassassin (2.63) and even though I have set "$SALocalTestsOnly = 0" > > in "/etc/mail/mimedefang-filter", network tests are disabled. > > I vaguely remember a bug like this; as far as I know, the latest > MIMEDefang (2.43) works correctly. > > Regards, > > David. Thanks for the response David, As I'm trying to stay within the Debian package system to ease updates etc., I guess I'll just have to wait and see if they update to a newer version. Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Code Help
On Fri, 18 Jun 2004 15:55:34 -0500 Michael Sims <[EMAIL PROTECTED]> wrote: > > Those are really annoying, aren't they? Thankfully they have that > predictable subject line. I'm zapping them with SpamAssassin: > > header SA_CUSTOM_POWERFUL_WEIGHTLOSS Subject =~ /^Powerful weightloss now > available where you are\./i > describe SA_CUSTOM_POWERFUL_WEIGHTLOSS Diet spam > scoreSA_CUSTOM_POWERFUL_WEIGHTLOSS 5 > > FWIW... Good idea Michael! They only score 1.213 for me here so if you don't mind I might borrow your idea and whack it into my spamassassin as well. Thanks! Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Network Tests Disabled Even Though mimedefang-filter is right
On Fri, 18 Jun 2004 14:24:20 -0600 Nels Lindquist <[EMAIL PROTECTED]> wrote: > > > > Does this mean it should be before the spamassassin compile line? > > Yes. :-) > > > Nels Lindquist <*> > Information Systems Manager > Morningstar Air Express Inc. Thanks Nels, I've now moved this up before the spamassassin line and it now works after I disabled network tests in mimedefang.pl, so all is as it should be. Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Network Tests Disabled Even Though mimedefang-filter is right
On Fri, 18 Jun 2004 08:15:31 -0500 Kayne Kruse <[EMAIL PROTECTED]> wrote: > It is in mine, I would just move it before the init line and try it. Some > others would know for sure, but I would take the approach that you would with > normal scripts that it has to be defined before a function if it is to be > used with the function. > > KK Done and fixed, thanks Kayne. I'm not real flash on scripts, languages, etc. so was a rookie mistake :-) Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Code Help
On Fri, 18 Jun 2004 21:37:07 -0400 "David F. Skoll" <[EMAIL PROTECTED]> wrote: > I can't recommend this enough: http://www.surbl.org/ > > Get the SpamCopURI plugin for SpamAssassin. I received a "powerful > weightloss" spam that would have scored 0.7 with vanilla SpamAssassin, > but ended up scoring 16.7: > > 0.7 from vanilla SA > 3.0 from being blacklisted at ws.surbl.org > 3.0 from being blacklisted at sc.surbl.org > 10.0 from our own custom Bayes engine saying 99% probability of spam. > > Even without the Bayes, SURBL would have made the difference. > > Regards, > > David. I have yet to look into this at home here David, my Bayes says "00" on this one at the moment as I didn't have any before I trained it initally, and it scores well below the auto threshold. At least, if my interpretation of all the Bayes stuff is correct, then it is well below. I've seen many previous posts about surbl, but haven't got that far yet. So now might be a good time! I've recently got Bayes and a few network tests working and that's all going well, so now I'm happy to move onto the next one. Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Code Help
On Fri, 18 Jun 2004 21:37:07 -0400 "David F. Skoll" <[EMAIL PROTECTED]> wrote: > I can't recommend this enough: http://www.surbl.org/ > > Get the SpamCopURI plugin for SpamAssassin. I received a "powerful > weightloss" spam that would have scored 0.7 with vanilla SpamAssassin, > but ended up scoring 16.7: > > 0.7 from vanilla SA > 3.0 from being blacklisted at ws.surbl.org > 3.0 from being blacklisted at sc.surbl.org > 10.0 from our own custom Bayes engine saying 99% probability of spam. > > Even without the Bayes, SURBL would have made the difference. > > Regards, > > David. Well I've now made the change and implemented SURBL, and I'm in total agreement David, it's great! Very easy to implement as well. I try not to do anything that's outside of the Debian packaging system as I'm still not up to speed with a lot of Linux things yet, but I found it extremely easy and painless to get the SpamCopURI plugin working. Thanks again for the tip. Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records *long w/morbid horoscop e*
On Tue, 10 Aug 2004 06:44:43 -0500 "Damrose, Mark" <[EMAIL PROTECTED]> wrote: > Exchange 5.5 is a tough nut. That's what I have. > > Under the default lookup, you can only search on a primary e-mail > address. All of my users have @elgin.edu addresses, but many of > them also have @elgin.cc.il.us addresses from before 2 year colleges > were allowed back in .edu. You can use ldap to search on an > @elgin.edu address, but you can't use it to search for @elgin.cc.il.us. > > I understand that it is possible to determine a schema that could > be used to search secondary e-mail addresses, but even so there are > a lot of e-mail addresses which can't be searched via ldap. Essentially > if it isn't visible to the internal directory, it isn't visible via > ldap either. > > I have also not been able to find any decent way to export all the > deliverable addresses - such that they could be massaged into access > format in an automated way. > > I've asked this question is several fora whenever the group consensus > that there is never any reason why an external MX can't know all > valid e-mail becomes noisy. I'll ask again here. If anyone has a > solution - which doesn't involve changing my internal e-mail system - > I'd absolutely love to hear it. > Hi Mark, We have a 3000 odd user customer running Exchange 5.5 which we are in the process of planning a migration to 2003 for, but it's unlikely this will happen before the 1st October "deadline" for SPF. Fortunately, there is only one domain that they utilise. In our office at work, we have Exchange 2000 and some users have a second, non-visible email address, which will cause this same issue. Of course, I'm planning on implementing a mail relay in the not too distant future incorporating MIMEDefang/Spamassassin/ClamAV, which means I'll probably have to provide it a list of valid users. In Exchange 5.5, probably the easiest way would be to export your Directory Store as a csv file. In Exchange Administrator, go to Tools then Directory Export. You can select all items including mailboxes, custom recipients, and distribution groups. You can also select hidden items. Getting the CSV file into a useable list for MD/sendmail will be a different story, but at least you can get the info out of Exchange. In Exchange 2000, you can use ldifde to export AD attributes, which should be able to include additional email addresses. At least I hope this is the case! Anyway, hope that's of some help to you, and sorry to the list for going into Exchange a little bit. Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records *long w/morbid horoscop e*
On Tue, 10 Aug 2004 07:59:56 -0500 "Damrose, Mark" <[EMAIL PROTECTED]> wrote: > Yes, but you can't get all the deliverable addresses - e.g. > system addresses such as postmaster and abuse. I also don't know > of any way to do this automatically. I really don't want this to > be a manual process, and I don't want to rely on the people adding > e-mail addresses to tell me when they've done so. > Yep, sorry, I missed your original request for automating the process. Maybe see if you can find something from the Exchange 5.5 resource kit? I've never seen or used it before, or even know if it exists actually, but I'd imagine that MS released one and there may be something there. > Getting the CSV file into something usable is the easy part. It's just getting it that's the hard part... Maybe eseutil will let you do something? I've only used it for store maintenance, never tried anything else... Anyway, good luck! Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Conceptual Stage of setting up email gateway
On Fri, 10 Sep 2004 10:39:24 +0100 (GMT/BST) Carlton Thomas <[EMAIL PROTECTED]> wrote: > > Hi James, > > I am a newbie to this list so you may wanna take anything I > say with a pinch of salt :) > > I recommend that you install fetchmail on your new Fedora server. > Fetchmail does exactly what it says on the tin. It grabs mail from > a POP/IMAP/SMTP server and passes it on to your local MTA (eg. sendmail). > Here is an extract from the manpage: > > "As each message is retrieved fetchmail normally delivers it via > SMTP to port 25 on the machine it is running on (localhost), just as > though it were being passed in over a normal TCP/IP link" > > Hope that helps. > > Regards ! > > -- > Carlton You hit the nail on the head there Carlton. On my home mail server here (Debian Sarge), I have 5 email accounts all from my ISP, so I have to POP them. I use fetchmail, which delivers them to sendmail, and therefore mimedefang/spamassassin/clamav and then to my maildirs. Works like a charm, and I currently have about a 99% success rate on spam and, since I've had it configured properly, not a single false positive. Oh, and on that note, many thanks to the mimedefang team and list for getting my mail server this successful! Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Conceptual Stage of setting up email gateway
On Thu, 16 Sep 2004 16:15:18 -0600 Lucas Albers <[EMAIL PROTECTED]> wrote: > > Peter A. Cole said: > > On my home mail server here (Debian Sarge), I have 5 email accounts all > > from my ISP, so I have to POP them. > > > > I use fetchmail, which delivers them to sendmail, and therefore > > mimedefang/spamassassin/clamav and then to my maildirs. > > > imho it's easier to setup a new server running debian sarge then fedora > core 2. Debian resolves all the mimedefang dependencies straight from the > main debian archive. Fedora Core 2 has mimedefang but it get's it from 3rd > party repositories. > You also have a longer release cycle with debian than with fedora. > Just my 2 cents. > > > -- > Luke Computer Science System Administrator > Security Administrator,College of Engineering > Montana State University-Bozeman,Montana > I must totally agree Luke. I tried Fedora once, went back to Sarge. Maybe I didn't give it enough time, but it's so easy to type apt-get install, or dselect if you're not sure of the name. Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
